* qatar/master:
cook: expand dither_tab[], and make sure indexes into it don't overflow.
xxan: reindent xan_unpack_luma().
xxan: protect against chroma LUT overreads.
xxan: convert to bytestream2 API.
xxan: don't read before start of buffer in av_memcpy_backptr().
vp8: convert mbedge loopfilter x86 assembly to use named arguments.
vp8: convert inner loopfilter x86 assembly to use named arguments.
Conflicts:
libavcodec/xxan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
MPC8 allows indices of mpc_CC up to -1, and mpc_SCF up to -6, thus pad
the tables by that much on the left end.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The two samples both have stype 0.
Without this extra check, the code breaks 4:2:2 dvsd
(stype 4), since that has the same resolution.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* qatar/master:
Fix a bunch of common typos.
build: Skip compiling xvmc.h under the correct condition.
configure: darwin: Change dylib install names to include major version.
mpegts: Always honor a registration descriptor if present and there is no other codec information.
aacdec: Fix SCE parity check.
aacdec: Fix out of array writes (stack).
rtsp: Only set the ttl parameter if the server actually gave a value
udp: Set ttl for read-write streams, too, not only for write-only ones
udp: Only bind to the multicast address if in read-only mode
udp: Clarify the comment about binding the multicast address
udp: Reorder comments
Conflicts:
libavcodec/aacdec.c
tools/patcheck
Merged-by: Michael Niedermayer <michaelni@gmx.at>
An unpaired SCE preceding a CPE only makes sense for front SCEs
preceding the first CPE.
Split from FFmpeg commit a8d67efa53
Signed-off-by: Alex Converse <alex.converse@gmail.com>
Set the element to channel vector (e2c_vec) size to be the maximum
number of aac channel elements. This makes it slightly larger than it
needs to be because CCEs are never mapped to output channel locations.
Also add a check that all input tags (legal or not) will fit.
Split from FFmpeg commit a8d67efa53
Signed-off-by: Alex Converse <alex.converse@gmail.com>
Fixes trac #1045.
Thanks to Peter Ross for his help with this patch.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Matroska demuxer needs to recreate tta header, so just display
crc error without aborting.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This fixes some invalid memory access caused later in the function
by res_chan[] not being set for all channels. This happens when a
channel doesn't appear a submap. This change simply returns a
decoder error when this situation is detected.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
We slightly overread the input buffer, so we require
padding at the end of the buffer, as is documented in the
get_bits API. Without padding, we'll read uninitialized
data or beyond the end of the .rodata, which may crash.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master: (29 commits)
sbrdsp.asm: convert all instructions to float/SSE ones.
dv: cosmetics.
dv: check buffer size before reading profile.
Revert "AAC SBR: group some writes."
udp: Print an error message if bind fails
cook: extend channel uncoupling tables so the full bit range is covered.
roqvideo: cosmetics.
roqvideo: convert to bytestream2 API.
dca: don't use av_clip_uintp2().
wmall: fix build with -DDEBUG enabled.
smc: port to bytestream2 API.
AAC SBR: group some writes.
dsputil: remove shift parameter from scalarproduct_int16
SBR DSP: unroll sum_square
rv34: remove dead code in intra availability check
rv34: clean a bit availability checks.
v4l2: update documentation
tgq: convert to bytestream2 API.
parser: remove forward declaration of MpegEncContext
dca: prevent accessing static arrays with invalid indexes.
...
Conflicts:
doc/indevs.texi
libavcodec/Makefile
libavcodec/dca.c
libavcodec/dvdata.c
libavcodec/eatgq.c
libavcodec/mmvideo.c
libavcodec/roqvideodec.c
libavcodec/smc.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The codec would keep returning the last decoded frame if the stream
contains B-frames, since it wouldn't clear that frame from the list of
frames to be returned to the user.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Since the values are floats, using the float operations
makes sense, improves performance on some CPUs and
makes the code SSE compatible instead of needing SSE2.
Based on suggestion by Jason.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
There is only one caller, which does not need the shifting. Other use cases
are situations where different roundings would be needed.
The x86 and neon versions are modified accordingly.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
The length is even, so some unrolling can be performed. Timings are for x86:
- 32bits: 102c -> 82c
- 64bits: 82c -> 69c
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This was an incorrect copy-and-paste to a code not needing the original code.
Spotted by Jason in a previous review but forgotten in the commit.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
movq from SSE register _to_ memory is an SSE2 instruction.
Use the SSE movlps function instead that does the same thing.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This fixes an issue in the code to check the size that will
be written to match the actual code writing. In the long
term it would make sense to change this so the counting and
writing code are the same so they dont need to be kept in sync.
It also increases the array size, which was too small either way
and adds a redudnant saftey check.
This issue does not affect any FFmpeg release as it has been
introduced Jan 31 which is narrowly after our last release.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Results of IDCT can by far outreach the range of ff_cropTbl[], leading
to overreads and potentially crashes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This fixes some arith decoder overreads and a potential infinite loop.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (31 commits)
cdxl demux: do not create packets with uninitialized data at EOF.
Replace computations of remaining bits with calls to get_bits_left().
amrnb/amrwb: Remove get_bits usage.
cosmetics: reindent
avformat: do not require a pixel/sample format if there is no decoder
avformat: do not fill-in audio packet duration in compute_pkt_fields()
lavf: Use av_get_audio_frame_duration() in get_audio_frame_size()
dca_parser: parse the sample rate and frame durations
libspeexdec: do not set AVCodecContext.frame_size
libopencore-amr: do not set AVCodecContext.frame_size
alsdec: do not set AVCodecContext.frame_size
siff: do not set AVCodecContext.frame_size
amr demuxer: do not set AVCodecContext.frame_size.
aiffdec: do not set AVCodecContext.frame_size
mov: do not set AVCodecContext.frame_size
ape: do not set AVCodecContext.frame_size.
rdt: remove workaround for infinite loop with aac
avformat: do not require frame_size in avformat_find_stream_info() for CELT
avformat: do not require frame_size in avformat_find_stream_info() for MP1/2/3
avformat: do not require frame_size in avformat_find_stream_info() for AAC
...
Conflicts:
doc/APIchanges
libavcodec/Makefile
libavcodec/avcodec.h
libavcodec/h264.c
libavcodec/h264_ps.c
libavcodec/utils.c
libavcodec/version.h
libavcodec/x86/dsputil_mmx.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
All colorspaces are supported.
Renamed libutvideo.cpp to libutvideodec.cpp.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is so the forthcoming encoder wrapper can share
them.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This only returns bits per sample when it is exactly correct. That is, the
codec contains only raw samples with no frame headers or padding. This applies
to basically all PCM codecs and a small subset of ADPCM codecs.
This condition cannot happen, if it can it is a bug that MUST be fixed.
And i very happily volunteer to fix it if someone reports a case to
me that fails.
This reverts commit 5d652e063b.
This splits ff_dsputil_init_mmx() into multiple functions, one for
each MMX/SSE level, somewhat simplifying the nested conditions.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
This fixes some global out of array reads and wrong cliping.
No speed difference meassurable under clang on i5
also all important code paths on all important platforms should
use SIMD.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes a out of global array read in the cplscale* tables.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (27 commits)
cmdutils: use new avcodec_is_decoder/encoder() functions.
lavc: make codec_is_decoder/encoder() public.
lavc: deprecate AVCodecContext.sub_id.
libcdio: add a forgotten AVClass to the private context.
swscale: remove "cpu flags" from -sws_flags description.
proresenc: give user a possibility to alter some encoding parameters
vorbisenc: add output buffer overwrite protection
libopencore-amrnbenc: fix end-of-stream handling
ra144enc: fix end-of-stream handling
nellymoserenc: zero any leftover packet bytes
nellymoserenc: use proper MDCT overlap delay
qpeg: Use bytestream2 functions to prevent buffer overreads.
swscale: make %rep unconditional.
vp8: convert simple loopfilter x86 assembly to use named arguments.
vp8: convert idct x86 assembly to use named arguments.
vp8: convert mc x86 assembly to use named arguments.
vp8: convert loopfilter x86 assembly to use cpuflags().
vp8: convert idct/mc x86 assembly to use cpuflags().
swscale: remove now unnecessary hack.
x86inc: don't "bake" stack_offset in named arguments.
...
Conflicts:
cmdutils.c
doc/APIchanges
libavcodec/mpeg12.c
libavcodec/options.c
libavcodec/qpeg.c
libavcodec/utils.c
libavcodec/version.h
libavdevice/libcdio.c
tests/lavf-regression.sh
Merged-by: Michael Niedermayer <michaelni@gmx.at>
In most places where it's used, it's as a pointless write-only field.
Only rv10 decoder actually reads from it, but it stores some internal
version info in it. There is no reason for it to be in a public field.
Use CODEC_CAP_DELAY and CODEC_CAP_SMALL_LAST_FRAME to properly pad and flush
the encoder at the end of encoding. This is needed in order to have all input
samples decoded.
Use CODEC_CAP_DELAY and CODEC_CAP_SMALL_LAST_FRAME to properly pad and flush
the encoder at the end of encoding. This is needed in order to have all input
samples decoded.
* qatar/master:
tiertexseq: set correct block_align for audio
tiertexseq: set audio stream start time to 0
voc/avs: Do not change the sample rate mid-stream.
segafilm: use the sample rate as the time base for audio streams
ea: fix audio pts
psx-str: fix audio pts
vqf: set packet duration
tta demuxer: set packet duration
mpegaudio_parser: do not ignore information from the first parsed frame
mpegaudio_parser: be less picky about the start position
thp: set audio packet durations
avcodec: add a Vorbis parser to get packet duration
vorbisdec: read the previous window flag for long windows
lavc: free the output packet when encoding failed or produced no output.
lavc: preserve avpkt->destruct in ff_alloc_packet().
lavc: clarify the meaning of AVCodecContext.frame_number.
mpegts: Pad the packet buffer in handle_packet().
mpegts: Do not call read_sl_header() when no bytes remain in the buffer.
Conflicts:
libavcodec/mpegaudio_parser.c
libavcodec/version.h
libavformat/mpegts.c
tests/ref/fate/pva-demux
Merged-by: Michael Niedermayer <michaelni@gmx.at>
We need to set ms_stereo in encode_init() in order to avoid incorrectly
encoding the first frame as non-m/s while flagging it as m/s. Fixes an
uncomfortable pop in the left channel at the start of playback.
CC:libav-stable@libav.org
Currently we have an assert() that prevents the frame from being too large,
but it is more user-friendly to give an error message instead of aborting on
assert(). This condition is quite unlikely due to the minimum bit rate check
in encode_init(), but it is still worth having.
The maximum theoretical frame size is around 17000 bytes. Although in
practice it will generally be much smaller, we require a larger buffer
just to be safe.
CC: libav-stable@libav.org
ff_wma_init() allows up to 50kHz, but this generates an exponent band
size table that requires 65 bands. The code assumes 25 bands in many
places, and using sample rates higher than 48kHz will lead to buffer
overwrites.
CC:libav-stable@libav.org
This is near the theoretical limit for wma frame size and is the most that
our decoder can handle. Allowing higher bit rates will just end up padding
each frame with empty bytes.
Fixes invalid writes for avconv when using very high bit rates.
CC:libav-stable@libav.org
The code only supports 16 and 24 bps currently, 20bps causes
out of array reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
When reading sequentially, we are using the actual flag from the previous
frame, but when seeking we do not know what the previous window flag was, so
we need to read it from the bitstream.
This fixes some out of global array accesses of dither_tab.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Benjamin Larsson <benjamin@southpole.se>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
qpeg should probably be changed to use the checked bytestream reader.
But for now this fixes it and is significantly less work.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
amrwb: remove duplicate arguments from extrapolate_isf().
amrwb: error out early if mode is invalid.
h264: change underread for 10bit QPEL to overread.
matroska: check buffer size for RM-style byte reordering.
vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
vp8: change int stride to ptrdiff_t stride.
wma: fix invalid buffer size assumptions causing random overreads.
Windows Media Audio Lossless decoder
rv10/20: Fix slice overflow with checked bitstream reader.
h263dec: Disallow width/height changing with frame threads.
rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
rmdec: Honor .RMF tag size rather than assuming 18.
g722: Fix the QMF scaling
r3d: don't set codec timebase.
electronicarts: set timebase for tgv video.
electronicarts: parse the framerate for cmv video.
ogg: don't set codec timebase
electronicarts: don't set codec timebase
avs: don't set codec timebase
wavpack: Fix an integer overflow
...
Conflicts:
libavcodec/arm/vp8dsp_init_arm.c
libavcodec/fraps.c
libavcodec/h264.c
libavcodec/mpeg4videodec.c
libavcodec/mpegvideo.c
libavcodec/msmpeg4.c
libavcodec/pnmdec.c
libavcodec/qpeg.c
libavcodec/rawenc.c
libavcodec/ulti.c
libavcodec/vcr1.c
libavcodec/version.h
libavcodec/wmalosslessdec.c
libavformat/electronicarts.c
libswscale/ppc/yuv2rgb_altivec.c
tests/ref/acodec/g722
tests/ref/fate/ea-cmv
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Prevents warnings because the dst and src overlap (are the same) in the
memcpy() inside the function.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Prevents using the invalid mode as an index in a static array, which
would generate invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Decodes 16-bit WMA Lossless encoded files. 24-bit is not supported yet.
Bitstream parser written by Andreas Öman with contributions from
Baptiste Coudurier and Ulion.
Includes a number of bug-fixes from Benjamin Larsson, Michael Niedermayer and
Konstantin Shishkov, shine and polish by Diego Biurrun.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Fixes out of bounds read.
Checked against SMPTE 421M-2006
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes clipping if the encoder input used the full 16 bit
input range (samples with a magnitude below 16383 worked fine).
The filtered subband samples should be 15 bit maximum, while
the code earlier produced them scaled to 16 bit.
This makes the decoder output have double the magnitude
compared to before.
The spec reference samples doesn't test the QMF at all, which
was why this part slipped past initially.
Signed-off-by: Martin Storsjö <martin@martin.st>
Integer Overflow Checker detected an integer
overflow while FATE was running.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h264: error out on invalid bitdepth.
aacsbr: use a swap index for the Y matrix rather than copy buffers.
huffyuv: do not abort on unknown pix_fmt; instead, return an error.
lcl: return negative error codes on decode_init() errors.
rtpenc: Use MB info side data for splitting H263 packets for RFC 2190
h263enc: Add an option for outputting info about MBs as side data
avpacket: Add a function for shrinking already allocated side data
nellymoserdec: Saner and faster IMDCT windowing
Conflicts:
doc/APIchanges
libavcodec/avpacket.c
libavcodec/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes invalid reads while initializing the dequant tables, which uses
the bit depth to determine the QP table size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This is based on the reference implementation and fixes
a global out of array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes a out of global array read.
This change is based on the reference mpc imlementation.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It appears there are corner cases with damaged input that can lead
to small overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Code ported from qatar/master, please see there for per line authorship.
Main authors AFAIK are Ronald and Justin. I have no authorship on this.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (58 commits)
amrnbdec: check frame size before decoding.
cscd: use negative error values to indicate decode_init() failures.
h264: prevent overreads in intra PCM decoding.
FATE: do not decode audio in the nuv test.
dxa: set audio stream time base using the sample rate
psx-str: do not allow seeking by bytes
asfdec: Do not set AVCodecContext.frame_size
vqf: set packet parameters after av_new_packet()
mpegaudiodec: use DSPUtil.butterflies_float().
FATE: add mp3 test for sample that exhibited false overreads
fate: add cdxl test for bit line plane arrangement
vmnc: return error on decode_init() failure.
libvorbis: add/update error messages
libvorbis: use AVFifoBuffer for output packet buffer
libvorbis: remove unneeded e_o_s check
libvorbis: check return values for functions that can return errors
libvorbis: use float input instead of s16
libvorbis: do not flush libvorbis analysis if dsp state was not initialized
libvorbis: use VBR by default, with default quality of 3
libvorbis: fix use of minrate/maxrate AVOptions
...
Conflicts:
Changelog
doc/APIchanges
libavcodec/avcodec.h
libavcodec/dpxenc.c
libavcodec/libvorbis.c
libavcodec/vmnc.c
libavformat/asfdec.c
libavformat/id3v2enc.c
libavformat/internal.h
libavformat/mp3enc.c
libavformat/utils.c
libavformat/version.h
libswscale/utils.c
tests/fate/video.mak
tests/ref/fate/nuv
tests/ref/fate/prores-alpha
tests/ref/lavf/ffm
tests/ref/vsynth1/prores
tests/ref/vsynth2/prores
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Its not clear from the spec what to do with values larger than 127
so iam opting for the safe side and ask for a sample.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
With the encode2 API, encoders allocate huge packets to be
sure they have enough room (a typical case is mpeg4, which
allocs ~10M for 1280x768 yuv420p) but only actually use a
very small part of the buffer.
ProRes codes chroma blocks in 444 mode in different order than luma blocks,
so make both decoder and encoder read/write chroma blocks in right order.
Reported by Phil Barrett
[alex.converse@mgail.com]
Move code to get_che()
Update for AAC new channel configuration interface
Only set chan_config if output_configure succeeds.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
This is somewhat redundant as no decoder should call get_buffer() with such argument.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
ALS spec:
11.6.3.1.1 Quantization and encoding of parcor coefficients
...
In all cases the resulting quantized values ak are restricted to the range [-64,63].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
adpcm: Clip step_index values read from the bitstream at the beginning of each frame.
oma: don't read beyond end of leaf_table.
doxygen: Remove documentation for non-existing parameters; misc small fixes.
Indeo3: fix crashes on corrupt bitstreams.
msmpeg4: Replace forward declaration by proper #include.
segment: implement wrap around
avf: reorder AVStream and AVFormatContext
aacdec: Remove erroneous reference to global gain from the out of bounds scalefactor error message.
Conflicts:
libavcodec/indeo3.c
libavformat/avformat.h
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>