They are used when decoding the frame header.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The function requires increasing the fuzz factor for the ac3/eac3 encode
tests and even so makes fate fail. It only provides a slight encoding
speedup for legacy CPUs that do not support SSE2. Thus its benefit is not
worth the trouble it creates and fixing it would be a waste of time.
This ensures that frames do not get mixed on context reinits
Fixes Ticket2836
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3c9dd93faa9f3c250428dd0548c075583aa07cc3)
Do not consider it an error if we have no frames and should discard one.
This condition can easily happen when decoding is started from an I frame
Fixes Ticket2811
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08a89761964bdd0a023eff6d37a1131fb7e1d7a0)
Conflicts:
libavcodec/h264_refs.c
This simplifies the code and fixes a deadlock
Fixes Ticket2927
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 29ffeef5e73b8f41ff3a3f2242d356759c66f91f)
Conflicts:
libavcodec/h264.c
pthread_wait_cond can wake up unexpectedly (Wikipedia: Spurious_wakeup).
The FF_THREAD_SLICE thread mechanism could spontaneously execute
jobs or allow the caller of avctx->execute to return before all
jobs were complete.
Test both cases to ensure the wakeup is real.
Signed-off-by: Ben Jackson <ben@ben.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Sometimes, if pthread_create() failed, then pthread_cond_wait() could
accidentally be called in the worker threads after the uninit function
had already called pthread_cond_broadcast(), leading to a deadlock.
Don't call pthread_cond_wait() if c->done is set.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Fixes Ticket2982
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/9:
Prepare for 9.10 RELEASE
h263dec: Remove a hack that can cause infinite loops
mpegvideo: Initialize chroma_*_shift and codec_tag even if the size is 0
vc1dec: Don't decode slices when the latest slice header failed to decode
Conflicts:
RELEASE
libavcodec/h263dec.c
libavcodec/mpegvideo.c
libavcodec/vc1dec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '494f2d4f9e834db1eaf1a7d0160d497f9802013d':
vc1dec: Make sure last_picture is initialized in vc1_decode_skip_blocks
r3d: Add more input value validation
fraps: Make the input buffer size checks more strict
svq3: Avoid a division by zero
rmdec: Validate the fps value
twinvqdec: Check the ibps parameter separately
asfdec: Check the return value of asf_read_stream_properties
mxfdec: set audio timebase to 1/samplerate
Conflicts:
libavcodec/fraps.c
libavcodec/svq3.c
libavformat/mxfdec.c
tests/ref/fate/mxf-demux
tests/ref/seek/lavf-mxf
tests/ref/seek/lavf-mxf_d10
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7e350b7ddd19af856b55634233d609e29baab646':
pcx: Check the packet size before assuming it fits a palette
rpza: Fix a buffer size check
xxan: Disallow odd width
xan: Only read within the data that actually was initialized
xan: Use bytestream2 to limit reading to within the buffer
pcx: Consume the whole packet if giving up due to missing palette
pngdec: Stop trying to decode once inflate returns Z_STREAM_END
mov: Make sure the read sample count is nonnegative
bfi: Add some very basic sanity checks for input packet sizes
bfi: Avoid divisions by zero
electronicarts: Add more sanity checking for the number of channels
riffdec: Add sanity checks for the sample rate
Conflicts:
libavcodec/pcx.c
libavcodec/xan.c
libavformat/mov.c
libavformat/riff.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '04d2f9ace3fb6e880f3488770fc5a39de5b63cbb':
mvi: Add sanity checking for the audio frame size
alac: Do bounds checking of lpc_order read from the bitstream
xwma: Avoid division by zero
avidec: Make sure a packet is large enough before reading its data
vqf: Make sure the bitrate is in the valid range
vqf: Make sure sample_rate is set to a valid value
electronicarts: Check packet sizes before reading
lavf: Avoid setting avg_frame_rate if delta_dts is negative
vc1dec: Undo mpegvideo initialization if unable to allocate tables
vc1dec: Fix leaks in ff_vc1_decode_init_alloc_tables on errors
wnv1: Make sure the input packet is large enough
dcadec: Validate the lfe parameter
Conflicts:
libavcodec/dcadec.c
libavcodec/wnv1.c
libavformat/avidec.c
libavformat/electronicarts.c
libavformat/utils.c
libavformat/xwma.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ce1dacb435460dda1f9d453eaaeac44bd502aca4':
rl2: Avoid a division by zero
wtv: Add more sanity checks for a length read from the file
segafilm: Validate the number of audio channels
qpeg: Add checks for running out of rows in qpeg_decode_inter
mpegaudiodec: Validate that the number of channels fits at the given offset
asvdec: Verify the amount of extradata
idroqdec: Make sure a video stream has been allocated before returning packets
rv10: Validate the dimensions set from the container
xmv: Add more sanity checks for parameters read from the bitstream
ffv1: Make sure at least one slice context is initialized
truemotion2: Use av_freep properly in an error path
eacmv: Make sure a reference frame exists before referencing it
mpeg4videodec: Check the width/height in mpeg4_decode_sprite_trajectory
ivi_common: Make sure color planes have been initialized
mov: Don't use a negative duration for setting other fields
Conflicts:
libavcodec/eacmv.c
libavcodec/ffv1.c
libavcodec/mpeg4videodec.c
libavcodec/mpegaudiodec.c
libavcodec/qpeg.c
libavformat/mov.c
libavformat/wtv.c
libavformat/xmv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '163196562fe744149ef599d754c30c08a9898381':
oggparseogm: Convert to use bytestream2
rv34: Check the return value from ff_rv34_decode_init
matroskadec: Verify realaudio codec parameters
mace: Make sure that the channel count is set to a valid value
svq3: Check for any negative return value from ff_h264_check_intra_pred_mode
vp3: Check the framerate for validity
cavsdec: Make sure a sequence header has been decoded before decoding pictures
vocdec: Don't update codec parameters mid-stream
sierravmd: Do sanity checking of frame sizes
omadec: Properly check lengths before incrementing the position
mpc8: Make sure the first stream exists before parsing the seek table
Conflicts:
libavcodec/mace.c
libavformat/oggparseogm.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f8a72f041c049e812dfa1f32156327e9778f5710':
mpc8: Check the seek table size parsed from the bitstream
zmbvdec: Check the buffer size for uncompressed data
ape: Don't allow the seektable to be omitted
shorten: Break out of loop looking for fmt chunk if none is found
shorten: Use a checked bytestream reader for the wave header
smacker: Make sure we don't fill in huffman codes out of range
smacker: Avoid integer overflow when allocating packets
smacker: Don't return packets in unallocated streams
dsicin: Add some basic sanity checks for fields read from the file
Conflicts:
libavcodec/shorten.c
libavcodec/smacker.c
libavcodec/zmbv.c
libavformat/mpc8.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The actual usefulness of the hack is not known, and it does cause
infinite loops with some broken input files.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8812a8057f539845f6801cafdf6c481a59e96b48)
Signed-off-by: Martin Storsjö <martin@martin.st>
This fixes breakage in a few fate tests on certain setups
(that for some reason didn't break on OS X) after the previous
commit (8812a8057). Currently, some video streams are initialized
in ff_MPV_common_init with width/height set at 0 and only changed
to a proper video size with ff_MPV_common_frame_size_change later.
The breakage was diagnosed by Anton Khirnov.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5f24fe82e5fcf227abb5ebf62aa9bc246fda8c0d)
Signed-off-by: Martin Storsjö <martin@martin.st>
If the height is zero, the decompression will probably end up
failing due to not fitting into the allocated buffer later
anyway, so this doesn't need any more elaborate check.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 601c2015bc16f0b281160292a6a760cbbbb0eacb)
This is required, since invalid parameters actually could
pass the switch check below.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c77d409bf95954aceb762dd800d1ee2868c4b0d4)
This fixes reads out of bounds.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d1d99e3befea5d411ac3aae72dbdecce94f8b547)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/pcx.c
We read 2 bytes for 15 out of 16 pixels, therefore we need to
have at least 30 bytes, not 16.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 7ba0cedbfeff5671b264d1d7e90777057b5714c6)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Decoded data is always written in pairs within this decoder.
This fixes writes out of bounds.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit aa0dd52434768da64f1f3d8ae92bcf980c1adffc)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Previously, we returned 0, meaning successful decoding but 0
bytes consumed, leading to an infinite loop.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 9fb0de86b49e9fb0709a8ad1e1875e35da841887)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
If the input buffer contains more data after the deflate stream,
the loop previously left running infinitely, with inflate returning
Z_STREAM_END.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a81cad8f86d1feb7e4bfae29e43f3e994935a5c7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
In lpc_prediction(), we write up to array element 'lpc_order' in
an array allocated to hold 'max_samples_per_frame' elements.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 59480abce7e4238e22b3a4a904a9fe6abf4e4188)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Previously, s->context_initialized was left set to 1
if ff_vc1_decode_init_alloc_tables failed, skipping the
initialization completely on the next decode call.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit b772b0e28eba6abf76d86ee8c6e459a86642db5a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This is similar to the fix in 35cbc98b.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e9d61de96c113ee0ef8082833c7e682df0e23eec)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The init function reads one byte of extradata.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit f50803354c6acb4575379d7c54ca48ec5d36dd61)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This avoids crashes when initializing the range coder for
the first slice context.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit b1db33159fdc2da4bdd8c75e4ff9a7dd0ef2f0c2)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This is similar to an existing check for the second-last frame
from 062421e3.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit ea78a348d86a3a733f6c1e0a65cfdd8283d924b9)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/eacmv.c
This avoids a potential division by zero.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit f875a732e36786d49f3650e3235272891a820600)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Also pass on any returned error code.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 1115689d54ea95a084421f5a182b8dc56cbff978)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/svq3.c
