generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
49,227 Commits 24 Branches 241 Tags
Commit Graph

49227 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Anton Khirnov
a0361a6c30 vf_gradfun: fix uninitialized variable use 
CC:libav-stable@libav.org
(cherry picked from commit 887d31d455915b6bde6814063384dafdee61164c)

Conflicts:

	libavfilter/vf_gradfun.c
 2013-03-16 07:58:07 +01:00
Xi Wang
22c27e1f4a lzo: fix overflow checking in copy_backptr() 
The check `src > dst' in the form `&c->out[-back] > c->out' invokes
pointer overflow, which is undefined behavior in C.

Remove the check.  Also replace `&c->out[-back] < c->out_start' with
a safe form `c->out - c->out_start < back' to avoid overflow.

CC: libav-stable@libav.org

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

(cherry picked from commit ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6)
 2013-03-15 13:21:15 +01:00
Xi Wang
9d4355d90a flacdec: simplify bounds checking in flac_probe() 
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.

CC: libav-stable@libav.org

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

(cherry picked from commit 8425d693eefbedbb41f91735614d41067695aa37)
 2013-03-15 13:21:07 +01:00
Xi Wang
0b0e87bb54 atrac3: avoid oversized shifting in decode_bytes() 
When `off' is 0, `0x537F6103 << 32' in the following expression invokes
undefined behavior, the result of which is not necessarily 0.

    (0x537F6103 >> (off * 8)) | (0x537F6103 << (32 - (off * 8)))

Avoid oversized shifting.

CC: libav-stable@libav.org

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

(cherry picked from commit eba1ff31304e407db3cefd7532108408f364367b)
 2013-03-15 13:20:55 +01:00
Michael Niedermayer
4fb6fa477e update for 1.1.4 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 17:39:57 +01:00
Michael Niedermayer
c8557235fd jpegdec: be less picky on padding 
Fixes Ticket2353

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3c24fbbf651d4ec28eccfd7ef05a2595a11dd55a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 17:37:19 +01:00
Michael Niedermayer
f719e6566c iff: fix integer overflow 
Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 04:59:03 +01:00
Michael Niedermayer
b9a1efa6f4 msrledec: fix output_end checks 
Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e398990eb87785e20e065cd3f14d1dbb69df4392)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 04:58:54 +01:00
Michael Niedermayer
3ee967c1d8 msrledec: merge switches 
More speedup and fixes 'may be used uninitialized in this function' warnings

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d2e0a276d593ded94401e687f60bee266f3e725e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 04:58:01 +01:00
Michael Niedermayer
e44f89371c msrledec: move loop into switch 
speeds up code and allows more simplifications

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dbaae33c2c71862b8eaea978ed6dccc5ec03db89)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 04:57:44 +01:00
Michael Niedermayer
e586e4d93b msrledec: move output pointer test up 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2992b705381e082e33633e62e151887da67b285)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 04:57:36 +01:00
Michael Niedermayer
f156dc54f8 mpegaudio_parser: fix off by 1 error 
See:
commit 29d8cd265a536063420afe78375b2176a9e1abc5
Author: Alexander Kojevnikov <alexander@kojevnikov.com>
Date:   Tue Feb 26 21:47:11 2013 -0800

    mp3dec: Fix VBR bit rate parsing

    When parsing the Xing/Info tag, don't set the bit rate if it's an Info tag.

    When parsing the stream, don't override the bit rate if it's already set,
    otherwise calculate the mean bit rate from parsed frames. This way, the bit
    rate will be set correctly both for CBR and VBR streams.

    Signed-off-by: Alexander Kojevnikov <alexander@kojevnikov.com>
    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 04:42:08 +01:00
Michael Niedermayer
685f50b374 Merge remote-tracking branch 'qatar/release/9' into release/1.1 
* qatar/release/9:
  eamad: allocate a dummy reference frame when the real one is missing
  libmp3lame: use the correct remaining buffer size when flushing
  png: use av_mallocz_array() for the zlib zalloc function
  wmaprodec: require block_align to be set.
  ffv1: fix calculating slice dimensions for version 2
  xxan: fix invalid memory access in xan_decode_frame_type0()
  wmadec: require block_align to be set.
  ivi_common: do not call MC for intra frames when dc_transform is unset

Conflicts:
	libavcodec/ffv1dec.c
	libavcodec/ivi_common.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 04:27:35 +01:00
Michael Niedermayer
6086a4d74d Merge commit '747fbe0c212b81952bb27ec7b99fa709081e2d63' into release/1.1 
* commit '747fbe0c212b81952bb27ec7b99fa709081e2d63':
  roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
  mp3dec: Fix VBR bit rate parsing
  wmaprodec: return an error, not 0, when the input is too small.
  vmdaudio: fix invalid reads when packet size is not a multiple of chunk size
  h264: check for luma and chroma bit dept being equal
  Prepare for 9.4 Release

Conflicts:
	RELEASE
	libavcodec/vmdav.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-14 02:49:31 +01:00
Luca Barbato
88089eecfd shorten: use the unsigned type where needed 
get_uint returns an unsigned value, use an unsigned to store
blocksize to make sure the comparison logic is correct and report
correctly the error for the channel count not supported.

CC: libav-stable@libav.org

(cherry picked from commit 5cf7c72757779a740e897a97710aac044fe5258c)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-03-12 13:37:10 +01:00
Luca Barbato
0daf1428e8 shorten: report meaningful errors 
(cherry picked from commit 4c364eb2b856fc33cf7b42f7c7b979e69fde5f3a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-03-12 13:37:10 +01:00
Luca Barbato
97cc2f286f shorten: K&R formatting cosmetics 
(cherry picked from commit a2ad554def214d2d03b7c16f68dc081a8622f9ca)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-03-12 13:37:10 +01:00
Michael Niedermayer
21d568be17 shorten: set invalid channels count to 0 
Prevent the loop shorten_decode_close from writing and freeing out of
the array boundary.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

CC: libav-stable@libav.org

(cherry picked from commit c10da30d8426a1f681d99a780b6e311f7fb4e5c5)
 2013-03-12 13:36:50 +01:00
Michael Niedermayer
d84c51904c mpegts: clear avprograms only for removed programs 
Fixes Ticket2186

Requested-by: carl
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 806a66fd08a395486e763fb10588c5fd02e8d54e)
 2013-03-10 10:06:09 +01:00
Anton Khirnov
0cb3cab343 eamad: allocate a dummy reference frame when the real one is missing 
Fixes invalid reads when the first frame is not an I-frame.

CC:libav-stable@libav.org
(cherry picked from commit 7b89cd20d844cbe763ca34e63e99d110043cf241)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
 2013-03-09 19:05:42 +01:00
Justin Ruggles
b77d9cbbd5 libmp3lame: use the correct remaining buffer size when flushing 
CC:libav-stable@libav.org
(cherry picked from commit e984f47873258b600fd88423f40e3cdaad179190)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:10:16 +01:00
Justin Ruggles
905f5c8a1e png: use av_mallocz_array() for the zlib zalloc function 
Fixes valgrind uninitialized memory errors when decoding png.

CC:libav-stable@libav.org
(cherry picked from commit 486f0b0cfc800cd38ec06635630539431d296774)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:10:16 +01:00
Anton Khirnov
20373a66ec wmaprodec: require block_align to be set. 
Avoids an infinite loop in the calling programs with decoder not
consuming any input and not returning output.

CC:libav-stable@libav.org
(cherry picked from commit cacad1c058f66558ec727faac3b277d2dee264d4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:10:16 +01:00
Anton Khirnov
d48da91373 ffv1: fix calculating slice dimensions for version 2 
It got broken in 0f13cd3187192ba0cc2b043430de6e279e7b97c3.

CC:libav-stable@libav.org
(cherry picked from commit d243896987b8b2062d1faba4d8d6f0c62d2dbee9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:10:16 +01:00
Anton Khirnov
62a657de16 xxan: fix invalid memory access in xan_decode_frame_type0() 
The loop a few lines below the xan_unpack() call accesses up to
dec_size * 2 bytes into y_buffer, so dec_size must be limited to
buffer_size / 2.

CC:libav-stable@libav.org
(cherry picked from commit 8a49d2bcbe7573bb4b765728b2578fac0d19763f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:10:16 +01:00
Anton Khirnov
747fbe0c21 roqvideodec: fix a potential infinite loop in roqvideo_decode_frame(). 
When there is just 1 byte remanining in the buffer, nothing will be read
and the loop will continue forever. Check that there are at least 8
bytes, which are always read at the beginning.

CC:libav-stable@libav.org
(cherry picked from commit 3e2f200237af977b9253b0aff121eee27bcedb44)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:01:09 +01:00
Anton Khirnov
c1f479e8df wmadec: require block_align to be set. 
Avoids an infinite loop in the calling programs with decoder not
consuming any input and not returning output.

CC:libav-stable@libav.org
(cherry picked from commit ea1136baafb1fe271cb56c3f4d7bff0267e3c70f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:01:09 +01:00
Alexander Kojevnikov
d3b40af01f mp3dec: Fix VBR bit rate parsing 
When parsing the Xing/Info tag, don't set the bit rate if it's an Info tag.

When parsing the stream, don't override the bit rate if it's already set,
otherwise calculate the mean bit rate from parsed frames. This way, the bit
rate will be set correctly both for CBR and VBR streams.

CC:libav-stable@libav.org

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit eae0879d961b78717dd2a0899809ad22819ae9e3)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:01:09 +01:00
Anton Khirnov
74880e78d8 ivi_common: do not call MC for intra frames when dc_transform is unset 
CC:libav-stable@libav.org
(cherry picked from commit 3ba40ebb6cc58753dc3746c718203bb31760deba)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:01:09 +01:00
Anton Khirnov
60dd8b5733 wmaprodec: return an error, not 0, when the input is too small. 
Returning 0 may result in an infinite loop in valid calling programs. A
decoder should never return 0 without producing any output.

CC:libav-stable@libav.org
(cherry picked from commit 4c0080b7e7d501e2720d2a61f5186a18377f9d63)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:01:09 +01:00
Anton Khirnov
77cf052e39 vmdaudio: fix invalid reads when packet size is not a multiple of chunk size 
CC:libav-stable@libav.org
(cherry picked from commit f86d66bcfa48998b0727aa0d1089a30cbeae0933)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-09 18:01:09 +01:00
Luca Barbato
146eac0a0c h264: check for luma and chroma bit dept being equal 
The decoder assumes a single bit depth for all the planes
while the specification allows different bit depths for luma
and chroma.

Avoid the possible problems described in CVE-2013-2277

CC: libav-stable@libav.org
(cherry picked from commit 4987faee78b9869f8f4646b8dd971d459df218a5)

Conflicts:

	libavcodec/h264.c
 2013-03-09 18:01:09 +01:00
Reinhard Tartler
4852b3aabd Prepare for 9.4 Release 2013-03-09 18:01:05 +01:00
Michael Niedermayer
41313bdcc5 aacsbr: Check for envelope scalefactors overflowing 
This prevents various values from becoming stuck at NAN and
output to become silent
If someone knows a cleaner solution, thats welcome!

Fixes Ticket2335

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8978c743fb1d1f5a0d6dbdd83ff05817f8a41230)
 2013-03-08 20:03:42 +01:00
Michael Niedermayer
088ba9bc3e psymodel: dont apply lowpass filters with a cutoff close to the nyquist 
The IIR filter numerically diverges in such cases, this could easily be
fixed but would make the filter slower on some platforms

Fixes Ticket2246

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fee5da6b0a79bed9dc849f216b6da1e03132b668)
 2013-03-07 19:58:05 +01:00
Michael Niedermayer
b642e45d8c avformat: Fix apics with aac 
Fixes Ticket2318

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cada996528422907b8b818e99029a8e3b97cf08d)
 2013-03-07 14:57:09 +01:00
Michael Niedermayer
a8fc0bb608 hls: fix timebase 
Fixes Ticket1733

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a12a618aa9c6d84ec3c01695fb5aec9796453a6d)
 2013-03-07 14:56:57 +01:00
Michael Niedermayer
7c8beec48c buildsys: only include log2_tab per library for shared builds 
Fix linking failures with -all_load due to multiple log2_tabs

Signed-off-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
(cherry picked from commit 03148fd1743fca98c2f4b5920b796f381e820045)
 2013-03-05 01:17:55 +01:00
Michael Niedermayer
992957ac30 Merge remote-tracking branch 'qatar/release/9' into release/1.1 
* qatar/release/9:
  update Changelog
  h264: set ref_count to 0 for intra slices.
  h264: on reference overflow, reset the reference count to 0, not 1.
  flvdec: Check the return value of a malloc

Conflicts:
	Changelog
	libavcodec/h264.c
	libavformat/flvdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-03 12:15:14 +01:00
Michael Niedermayer
b3c8fd1f0e Merge commit '1b0082eabcc98e079d33c61da4d30ded89de68a9' into release/1.1 
* commit '1b0082eabcc98e079d33c61da4d30ded89de68a9':
  flvdec: Don't read the VP6 header byte when setting codec type based on metadata
  vorbisdec: Accept 0 amplitude_bits
  vorbisdec: Error on bark_map_size equal to 0.
  vorbisdec: Add missing checks
  ac3dec: validate channel output mode against channel count

Conflicts:
	libavcodec/ac3dec.c
	libavformat/flvdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-03 11:56:42 +01:00
Michael Niedermayer
7327505883 rtmpproto: Check APP_MAX_LENGTH 
Fixes Ticket2292

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 02ac3398eb52679301028c2fd3ebad1b6261b4da)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-03-03 11:53:29 +01:00
Reinhard Tartler
a3b3096772 update Changelog 2013-03-02 11:27:05 +01:00
Anton Khirnov
704952fee5 h264: set ref_count to 0 for intra slices. 
CC:libav-stable@libav.org
(cherry picked from commit 437211ae73ef1ed8285b4fed7620502ea4999e11)

Fixes deadlocks waiting for non-existing references with some fuzzed files.

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-02 11:20:59 +01:00
Anton Khirnov
b6f5a1ca58 h264: on reference overflow, reset the reference count to 0, not 1. 
Since decode_slice_header() returns before the reference lists are
constructed, there are zero valid references.

CC:libav-stable@libav.org
(cherry picked from commit 668e16a0dd1ff56d4beeff5c658d8a2a08dbfac8)

Conflicts:

	libavcodec/h264.c
 2013-03-02 11:20:59 +01:00
Martin Storsjö
efa8603518 flvdec: Check the return value of a malloc 
The callers of this function can't report errors sanely. If this
one malloc fails, don't write the extradata byte, make sure we
try to malloc it the next time we're called instead, and make sure
we still consume the input data byte.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c5a738ca4e9789b4678b10240777d931e7dc24c9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-02 09:55:33 +01:00
Martin Storsjö
1b0082eabc flvdec: Don't read the VP6 header byte when setting codec type based on metadata 
This header byte is only present when actually reading a VP6 frame,
not when reading the codec type field in the metadata. This
potential bug has been present since 5b54a90c.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c91c63b5380bf79655c09320774a022f84d76fd5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-02 09:55:21 +01:00
Carl Eugen Hoyos
78dbb1a7e1 Require at least three frames to autodetect loas. 
(cherry picked from commit a60530e3ee1d9532c026a52b03661f88e163d647)
 2013-03-02 02:04:55 +01:00
Nicolas George
4f3f2fe14b lavf/avio: check for : in filenames for protocols. 
If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.

Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b447db1e436dcf3fc4a57e604616e6c)
 2013-03-01 08:52:59 +01:00
Michael Niedermayer
cdbaaa4f00 doc/ffmpeg: remove non ascii char 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-02-27 16:16:04 +01:00
David Favor
d4d1f32e48 Slight bug building ffmpeg-1.1.3 on OSX + patch to fix 
Two instances of non-ascii characters have crept into file
doc/filters.texi which causes pod2man to error out and
break the build.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2013-02-27 16:16:03 +01:00