Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/master: (28 commits)
dfa: use more meaningful return codes
eatgv: check vector_bits
eatgv: check motion vectors
Mark a number of variables only used in av_dlog() calls as av_unused.
dvdec: drop const qualifier from variable to eliminate a warning
avcodec: Improve comment for thread_safe_callbacks to avoid misinterpretation.
tests/utils: don't ignore the return value of fwrite()
lavfi/formats: use sizeof(var) instead of sizeof(type).
lavfi: remove avfilter_default_config_input_link() declaration
lavfi: always enable the scale filter and depend on sws.
vf_split: support user-specifiable number of outputs.
avconv: remove stray useless comment.
mpegmux: add stuffing to avoid incomplete PCM frames
rtsp: avoid const warnings from strtol() call
avserver: check return value of ftruncate()
lagarith: make offset array type unsigned
dfa: add some checks to ensure that decoder won't write past frame end
aacps: NEON optimisations
aacps: align some arrays
aacps: move some loops to function pointers
...
Conflicts:
configure
doc/filters.texi
libavcodec/dfa.c
libavcodec/eatgv.c
libavfilter/Makefile
libavfilter/allfilters.c
libavfilter/avfilter.h
libavfilter/formats.c
libavfilter/vf_split.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
tests: Refactor rotozoom/videogen common code into a separate file.
tests: Mark some file-internal symbols as static.
build: Drop leftover .exp pattern from LIBSUFFIXES list.
vsrc_buffer: return EAGAIN if no frame is available.
WMAL: Shift output samples by the specified number of padding zeroes.
WMAL: Restore removed code in mclms_predict()
rtpdec_h264: Remove a useless ifdef
rtpdec_h264: Remove outdated/useless/incorrect comments
rtpdec_h264: Remove useless memory corruption checks
rtpdec_h264: Return proper error codes
rtpdec_h264: Check the available data length before reading
rtpdec_h264: Add input size checks
png: check bit depth for PAL8/Y400A pixel formats.
ea: check chunk_size for validity.
celp filters: Do not read earlier than the start of the 'out' vector.
Conflicts:
libavcodec/pngdec.c
libavfilter/src_buffer.c
tests/rotozoom.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mpeg12: fixed parsing in some mpeg2 streams
Add SMPTE240M transfer characteristics flag.
mpegts: Some additional HDMV types and reg descriptors for mpegts
motionpixels: Clip YUV values after applying a gradient.
jpeg: handle progressive in second field of interlaced.
ituh263dec: Implement enough of Annex O (scalability) to fix a FPE.
h263: more strictly forbid frame size changes with frame-mt.
h264: additional protection against unsupported size/bitdepth changes.
tta: prevents overflows for 32bit integers in header.
configure: remove malloc_aligned.
vp8: update frame size changes on thread context switches.
snowdsp: explicitily state instruction size.
wmall: fix reconstructing audio with uncoded channels
WMAL cosmetics: fix indentation
gitignore: add Win32 library suffixes
Conflicts:
configure
libavcodec/h263dec.c
libavcodec/h264.c
libavcodec/ituh263dec.c
libavcodec/mjpegdec.c
libavcodec/wmalosslessdec.c
libavcodec/x86/snowdsp_mmx.c
libavformat/mpegts.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
avplay: use libavresample for sample format conversion and channel mixing
Fix compilation with YASM/NASM without AVX support.
WMAL: do not output last frame again if nothing was decoded in current packet
WMAL: do not start decoding if frame does not end in current packet
adpcm-thp: fix invalid array indexing
ppc: add const where needed in scalarproduct_int16_altivec()
ppc: remove shift parameter from scalarproduct_int16_altivec()
ppc: dsputil: do unaligned block accesses correctly
dvenc: do not call dsputil functions with stride not a multiple of 16
APIchanges: fill in some dates and commit hashes
Conflicts:
doc/APIchanges
ffplay.c
libavcodec/adpcm.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
vsrc_buffer: fix check from 7ae7c41.
libxvid: Reorder functions to avoid forward declarations; make functions static.
libxvid: drop some pointless dead code
wmal: vertical alignment cosmetics
wmal: Warn about missing bitstream splicing feature and ask for sample.
wmal: Skip seekable_frame_in_packet.
wmal: Drop unused variable num_possible_block_size.
avfiltergraph: make the AVFilterInOut alloc/free API public
graphparser: allow specifying sws flags in the graph description.
graphparser: fix the order of connecting unlabeled links.
graphparser: add avfilter_graph_parse2().
vsrc_buffer: allow using a NULL buffer to signal EOF.
swscale: handle last pixel if lines have an odd width.
qdm2: fix a dubious pointer cast
WMAL: Do not try to read rawpcm coefficients if bits is invalid
mov: Fix detecting there is no sync sample.
tiffdec: K&R cosmetics
avf: has_duration does not check the global one
dsputil: fix optimized emu_edge function on Win64.
Conflicts:
doc/APIchanges
libavcodec/libxvid_rc.c
libavcodec/libxvidff.c
libavcodec/tiff.c
libavcodec/wmalosslessdec.c
libavfilter/avfiltergraph.h
libavfilter/graphparser.c
libavfilter/version.h
libavfilter/vsrc_buffer.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
There is no point in storing the value in a variable, since it is not
used anywhere else in the decoder.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
The samples_per_frame check is ported from wmaprodec.c
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If channel residues are have not been decoded from bitstream, they should be
initialized to 0 instead of using values from previous subframe.
This causes bursts of noise in silent parts of some files.
This patch fixes bug #1055
Reviewed-by: Benjamin Larsson <benjamin@southpole.se>
Reviewed-by: Mashiat Sarker Shakkhar <mashiat.sarker@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mp3dec: perform I/S and M/S only when frame mode is joint stereo.
id3v2: add another mimetype for JPEG image
lzw: prevent buffer overreads.
WMAL: Remove inaccurate and unnecessary doxy
h264: fix cabac-on-stack after safe cabac reader.
truemotion2: convert packet header reading to bytestream2.
Conflicts:
libavcodec/lzw.c
libavcodec/truemotion2.c
libavformat/id3v2.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
asf: only set index_read if the index contained entries.
cabac: add overread protection to BRANCHLESS_GET_CABAC().
cabac: increment jump locations by one in callers of BRANCHLESS_GET_CABAC().
cabac: remove unused argument from BRANCHLESS_GET_CABAC_UPDATE().
cabac: use struct+offset instead of memory operand in BRANCHLESS_GET_CABAC().
h264: add overread protection to get_cabac_bypass_sign_x86().
h264: reindent get_cabac_bypass_sign_x86().
h264: use struct offsets in get_cabac_bypass_sign_x86().
h264: fix overreads in cabac reader.
wmall: fix seeking.
lagarith: fix buffer overreads.
dvdec: drop unnecessary dv_tablegen.h #include
build: fix doc generation errors in parallel builds
Replace memset(0) by zero initializations.
faandct: Remove FAAN_POSTSCALE define and related code.
dvenc: print allowed profiles if the video doesn't conform to any of them.
avcodec_encode_{audio,video}: only reallocate output packet when it has non-zero size.
FATE: add a test for vp8 with changing frame size.
fate: add kgv1 fate test.
oggdec: calculate correct timestamps in Ogg/FLAC
Conflicts:
libavcodec/4xm.c
libavcodec/cook.c
libavcodec/dvdata.c
libavcodec/dvdsubdec.c
libavcodec/lagarith.c
libavcodec/lagarithrac.c
libavcodec/utils.c
tests/fate/video.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
A call to decode_packet() does not always decode a complete WMA packet.
Moreover, this is not the correct place to document calls that are part
of the public API.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
* qatar/master:
xwma: Validate channels and bits_per_coded_sample.
mov: Do not read past the end of the ctts_data table.
mov: Add missing terminator to mov_ch_layout_map_1ch.
asf: reset side data elements on packet copy.
wmavoice: fix stack overread.
wmalossless: error out if a subframe is not used by any channel.
vqa: check palette chunk size before reading data.
wmalossless: reset sample pointer for each subframe.
wmalossless: error out on invalid values for order.
Conflicts:
libavcodec/vqavideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
FATE: Add ZeroCodec test
oggparseogm: fix order of arguments of avpriv_set_pts_info().
pngenc: better upper bound for encoded frame size.
aiffdec: set block_duration to 1 for PCM codecs that are supported in AIFF-C
aiffdec: factor out handling of integer PCM for AIFF-C and plain AIFF
aiffdec: use av_get_audio_frame_duration() to set block_duration for AIFF-C
aiffdec: do not set bit rate if block duration is unknown
wmall: output packet only if we have decoded some samples
Conflicts:
libavcodec/pngenc.c
tests/fate/lossless-video.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
sbrdsp.asm: convert all instructions to float/SSE ones.
dv: cosmetics.
dv: check buffer size before reading profile.
Revert "AAC SBR: group some writes."
udp: Print an error message if bind fails
cook: extend channel uncoupling tables so the full bit range is covered.
roqvideo: cosmetics.
roqvideo: convert to bytestream2 API.
dca: don't use av_clip_uintp2().
wmall: fix build with -DDEBUG enabled.
smc: port to bytestream2 API.
AAC SBR: group some writes.
dsputil: remove shift parameter from scalarproduct_int16
SBR DSP: unroll sum_square
rv34: remove dead code in intra availability check
rv34: clean a bit availability checks.
v4l2: update documentation
tgq: convert to bytestream2 API.
parser: remove forward declaration of MpegEncContext
dca: prevent accessing static arrays with invalid indexes.
...
Conflicts:
doc/indevs.texi
libavcodec/Makefile
libavcodec/dca.c
libavcodec/dvdata.c
libavcodec/eatgq.c
libavcodec/mmvideo.c
libavcodec/roqvideodec.c
libavcodec/smc.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
amrwb: remove duplicate arguments from extrapolate_isf().
amrwb: error out early if mode is invalid.
h264: change underread for 10bit QPEL to overread.
matroska: check buffer size for RM-style byte reordering.
vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
vp8: change int stride to ptrdiff_t stride.
wma: fix invalid buffer size assumptions causing random overreads.
Windows Media Audio Lossless decoder
rv10/20: Fix slice overflow with checked bitstream reader.
h263dec: Disallow width/height changing with frame threads.
rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
rmdec: Honor .RMF tag size rather than assuming 18.
g722: Fix the QMF scaling
r3d: don't set codec timebase.
electronicarts: set timebase for tgv video.
electronicarts: parse the framerate for cmv video.
ogg: don't set codec timebase
electronicarts: don't set codec timebase
avs: don't set codec timebase
wavpack: Fix an integer overflow
...
Conflicts:
libavcodec/arm/vp8dsp_init_arm.c
libavcodec/fraps.c
libavcodec/h264.c
libavcodec/mpeg4videodec.c
libavcodec/mpegvideo.c
libavcodec/msmpeg4.c
libavcodec/pnmdec.c
libavcodec/qpeg.c
libavcodec/rawenc.c
libavcodec/ulti.c
libavcodec/vcr1.c
libavcodec/version.h
libavcodec/wmalosslessdec.c
libavformat/electronicarts.c
libswscale/ppc/yuv2rgb_altivec.c
tests/ref/acodec/g722
tests/ref/fate/ea-cmv
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Decodes 16-bit WMA Lossless encoded files. 24-bit is not supported yet.
Bitstream parser written by Andreas Öman with contributions from
Baptiste Coudurier and Ulion.
Includes a number of bug-fixes from Benjamin Larsson, Michael Niedermayer and
Konstantin Shishkov, shine and polish by Diego Biurrun.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
* shariman/wmall:
Perform inter-channel decorr. only if both channels are coded
Use fixed-length array in revert_mclms()
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* shariman/wmall:
Do not try to read residue if ave_mean <= 1
Move some variable declarations to comply with C90
Cosmetics: fix some whitespace errors
Support 24-bit decoding
wmall: remove ;;
Conflicts:
libavcodec/wmalosslessdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Otherwise, we end up with with log(0) or log(1). av_ceil_log2 simply
assumes the argument is non-zero and returns wrong result when it is.
(Not that there is a proper way of returning an undefined value.)
* qatar/master: (29 commits)
fate: add golomb-test
golomb-test: K&R formatting cosmetics
h264: Split h264-test off into a separate file - golomb-test.c.
h264-test: cleanup: drop timer invocations, commented out code and other cruft
h264-test: Remove unused DSP and AVCodec contexts and related init calls.
adpcm: Add missing stdint.h #include to fix standalone header compilation.
lavf: add functions for accessing the fourcc<->CodecID mapping tables.
lavc: set AVCodecContext.codec in avcodec_get_context_defaults3().
lavc: make avcodec_close() work properly on unopened codecs.
lavc: add avcodec_is_open().
lavf: rename AVInputFormat.value to raw_codec_id.
lavf: remove the pointless value field from flv and iv8
lavc/lavf: remove unnecessary symbols from the symbol version script.
lavc: reorder AVCodec fields.
lavf: reorder AVInput/OutputFormat fields.
mp3dec: Fix a heap-buffer-overflow
adpcmenc: remove some unneeded casts
adpcmenc: use int16_t and uint8_t instead of short and unsigned char.
adpcmenc: fix adpcm_ms extradata allocation
adpcmenc: return proper AVERROR codes instead of -1
...
Conflicts:
doc/APIchanges
libavcodec/Makefile
libavcodec/adpcmenc.c
libavcodec/avcodec.h
libavcodec/h264.c
libavcodec/libavcodec.v
libavcodec/mpc7.c
libavcodec/mpegaudiodec.c
libavcodec/options.c
libavformat/Makefile
libavformat/avformat.h
libavformat/flvdec.c
libavformat/libavformat.v
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* shariman/wmall:
Cosmetics: Fix some whitespace errors and indentation
Use correct variable type for 32-bit samples buffer
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* shariman/wmall:
Fix audio output
Suppress dumping of residues buffer
Use quantizer value read from bitstream
Cosmetics: Remove two empty lines and realign some code
Reset acfilter_prevvalues buffer in clear_codec_buffers()
Fix AC filter buffers and AC filter reversion
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Up until now, the decoder didn't output anything
in the data buffer. This fixes all the issues
related to sample format, removes leftover code
and actually outputs some audio to data buffer.
With this, the only sample we have can be played.
Seeking is still broken though.
* shariman/wmall:
Perform dequantization of channel coefficients
Perform inverse inter-channel decorrelation and ac-filter
Implement revert_inter_ch_decorr() and revert_acfilter()
Enable inverse-MCLMS filter
Fix inverse-MCLMS filtering routines
Do not update buffers in case no speed change is necessary
Use int for channel_coeffs instead of int16_t
Conflicts:
libavcodec/wmalosslessdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (27 commits)
asfdec: add side data to ASFStream packet instead of output packet.
idroqdec: set AVFMTCTX_NOHEADER and create streams as they occur.
nellymoserdec: Indicate that the decoder can handle changed parameters
libavcodec: Apply parameter change side data when decoding audio
flvdec: Add param change side data if the sample rate or channels have changed
libavformat: Add a utility function for adding parameter change side data
libavcodec: Define a side data type for parameter changes
aacdec: Handle new extradata passed as side data
flvdec: Export new AAC/H.264 extradata as side data on the next packet
libavcodec: Define a side data type for new extradata
flacdec: skip all track indices at once instead of looping.
mxf: Add PictureEssenceCoding UL for V210.
mxfdec: consider QuantizationBits between 17 and 24 to be pcm_s24*
mxfenc: Add support for MPEG-2 MP@HL-14 in mxf container.
mxf: H.264/MPEG-4 AVC Intra support
configure: Show whether the safe bitstream reader is enabled
x86: Tighten register constraints for decode_significance*_x86.
Replace Subversion revisions in comments by Git hashes.
h264_cabac: synchronize decode_significance_*_x86 conditionals
w32threads: wait for the waked thread in pthread_cond_signal.
...
Conflicts:
libavcodec/avcodec.h
libavcodec/version.h
libavformat/flvdec.c
libavformat/utils.c
tests/ref/lavfi/pixdesc
tests/ref/lavfi/pixfmts_copy
tests/ref/lavfi/pixfmts_null
tests/ref/lavfi/pixfmts_scale
tests/ref/lavfi/pixfmts_vflip
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* shariman/wmall:
Fix lms_update()
Move num_lms reading out of a loop
Use correct value for range
Fix some int / int16_t / int32_t confusion
Implement revert_mclms() and associated functions
Fix two more int16_t vs. int confusion
Init s->cdlms[][].recent to order - 1
Add a size argument to dump_int_buffer()
Get rid of logging that are not required anymore
Fix some int vs. int16_t confusion
Conflicts:
libavcodec/wmalosslessdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>