From c0bc7bd1e785c3cfe1ce988b04108694b95b5c9d Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Tue, 31 Jan 2012 09:55:06 -0800 Subject: [PATCH 01/22] swfdec: Simplify sample rate calculation. --- libavformat/swfdec.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index 842cda3349..1bcb24919d 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -137,10 +137,7 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) ast->codec->codec_id = ff_codec_get_id(swf_audio_codec_tags, (v>>4) & 15); ast->need_parsing = AVSTREAM_PARSE_FULL; sample_rate_code= (v>>2) & 3; - if (!sample_rate_code) - ast->codec->sample_rate = 5512; - else - ast->codec->sample_rate = 11025 << (sample_rate_code-1); + ast->codec->sample_rate = 44100 >> (3 - sample_rate_code); avpriv_set_pts_info(ast, 64, 1, ast->codec->sample_rate); len -= 4; } else if (tag == TAG_VIDEOFRAME) { From e67e3a3f4a43ad08115b4fcebce39fb487728eb3 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Tue, 31 Jan 2012 21:39:48 +0100 Subject: [PATCH 02/22] fate-golomb: extend golomb-test to get_ue_golomb_long() get_ue_golomb_long() is only tested for values up to 2^15 - 2 since we can not write larger values. Silence the test on success and return a non-zero value on error. Use an heap scratch buffer instead of large stack buffer. Remove unneeded includes. --- libavcodec/golomb-test.c | 60 ++++++++++++++++++++++++++++----------- tests/fate/libavcodec.mak | 1 + tests/ref/fate/golomb | 2 -- 3 files changed, 45 insertions(+), 18 deletions(-) delete mode 100644 tests/ref/fate/golomb diff --git a/libavcodec/golomb-test.c b/libavcodec/golomb-test.c index 3dbf9d14cb..bc90f36baf 100644 --- a/libavcodec/golomb-test.c +++ b/libavcodec/golomb-test.c @@ -19,52 +19,80 @@ #include #include -#include "avcodec.h" -#include "dsputil.h" +#include "libavutil/mem.h" + #include "get_bits.h" #include "golomb.h" #include "put_bits.h" -#undef printf -#define COUNT 8000 -#define SIZE (COUNT * 40) +#undef fprintf +#define COUNT 8191 +#define SIZE (COUNT * 4) int main(void) { - int i; - uint8_t temp[SIZE]; + int i, ret = 0; + uint8_t *temp; PutBitContext pb; GetBitContext gb; + temp = av_malloc(SIZE); + if (!temp) + return 2; + init_put_bits(&pb, temp, SIZE); - printf("testing unsigned exp golomb\n"); for (i = 0; i < COUNT; i++) set_ue_golomb(&pb, i); flush_put_bits(&pb); init_get_bits(&gb, temp, 8 * SIZE); for (i = 0; i < COUNT; i++) { - int j, s = show_bits(&gb, 24); + int j, s = show_bits(&gb, 25); j = get_ue_golomb(&gb); - if (j != i) - printf("mismatch at %d (%d should be %d) bits: %6X\n", i, j, i, s); + if (j != i) { + fprintf(stderr, "get_ue_golomb: expected %d, got %d. bits: %7x\n", + i, j, s); + ret = 1; + } + } + +#define EXTEND(i) (i << 3 | i & 7) + init_put_bits(&pb, temp, SIZE); + for (i = 0; i < COUNT; i++) + set_ue_golomb(&pb, EXTEND(i)); + flush_put_bits(&pb); + + init_get_bits(&gb, temp, 8 * SIZE); + for (i = 0; i < COUNT; i++) { + int j, s = show_bits_long(&gb, 32); + + j = get_ue_golomb_long(&gb); + if (j != EXTEND(i)) { + fprintf(stderr, "get_ue_golomb_long: expected %d, got %d. " + "bits: %8x\n", EXTEND(i), j, s); + ret = 1; + } } init_put_bits(&pb, temp, SIZE); - printf("testing signed exp golomb\n"); for (i = 0; i < COUNT; i++) set_se_golomb(&pb, i - COUNT / 2); flush_put_bits(&pb); init_get_bits(&gb, temp, 8 * SIZE); for (i = 0; i < COUNT; i++) { - int j, s = show_bits(&gb, 24); + int j, s = show_bits(&gb, 25); j = get_se_golomb(&gb); - if (j != i - COUNT / 2) - printf("mismatch at %d (%d should be %d) bits: %6X\n", i, j, i, s); + if (j != i - COUNT / 2) { + fprintf(stderr, "get_se_golomb: expected %d, got %d. bits: %7x\n", + i - COUNT / 2, j, s); + ret = 1; + } } - return 0; + av_free(temp); + + return ret; } diff --git a/tests/fate/libavcodec.mak b/tests/fate/libavcodec.mak index 90c817812f..ec4012ebb6 100644 --- a/tests/fate/libavcodec.mak +++ b/tests/fate/libavcodec.mak @@ -1,6 +1,7 @@ FATE_TESTS += fate-golomb fate-golomb: libavcodec/golomb-test$(EXESUF) fate-golomb: CMD = run libavcodec/golomb-test +fate-golomb: REF = /dev/null FATE_TESTS += fate-iirfilter fate-iirfilter: libavcodec/iirfilter-test$(EXESUF) diff --git a/tests/ref/fate/golomb b/tests/ref/fate/golomb deleted file mode 100644 index 652e97b305..0000000000 --- a/tests/ref/fate/golomb +++ /dev/null @@ -1,2 +0,0 @@ -testing unsigned exp golomb -testing signed exp golomb From 635bcfccd439480003b74a665b5aa7c872c1ad6b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 24 Jan 2012 17:48:23 +0100 Subject: [PATCH 03/22] dv: check stype dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik Signed-off-by: Michael Niedermayer Signed-off-by: Alex Converse --- libavformat/dv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/dv.c b/libavformat/dv.c index 4106dfdce3..c90ddec0d3 100644 --- a/libavformat/dv.c +++ b/libavformat/dv.c @@ -204,6 +204,12 @@ static int dv_extract_audio_info(DVDemuxContext* c, uint8_t* frame) stype = (as_pack[3] & 0x1f); /* 0 - 2CH, 2 - 4CH, 3 - 8CH */ quant = as_pack[4] & 0x07; /* 0 - 16bit linear, 1 - 12bit nonlinear */ + if (stype > 3) { + av_log(c->fctx, AV_LOG_ERROR, "stype %d is invalid\n", stype); + c->ach = 0; + return 0; + } + /* note: ach counts PAIRS of channels (i.e. stereo channels) */ ach = ((int[4]){ 1, 0, 2, 4})[stype]; if (ach == 1 && quant && freq == 2) From 5a396bb3a66a61a68b80f2369d0249729bf85e04 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Tue, 24 Jan 2012 17:51:40 +0100 Subject: [PATCH 04/22] dv: Fix null pointer dereference due to ach=0 dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik Signed-off-by: Michael Niedermayer Signed-off-by: Alex Converse --- libavformat/dv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/dv.c b/libavformat/dv.c index c90ddec0d3..5e1c798586 100644 --- a/libavformat/dv.c +++ b/libavformat/dv.c @@ -343,7 +343,8 @@ int avpriv_dv_produce_packet(DVDemuxContext *c, AVPacket *pkt, c->audio_pkt[i].pts = c->abytes * 30000*8 / c->ast[i]->codec->bit_rate; ppcm[i] = c->audio_buf[i]; } - dv_extract_audio(buf, ppcm, c->sys); + if (c->ach) + dv_extract_audio(buf, ppcm, c->sys); /* We work with 720p frames split in half, thus even frames have * channels 0,1 and odd 2,3. */ From 2d1c0dea5f6b91bec7f5fa53ec050913d851e366 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Thu, 26 Jan 2012 15:08:26 -0800 Subject: [PATCH 05/22] dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse --- libavformat/dv.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/libavformat/dv.c b/libavformat/dv.c index 5e1c798586..5be6118a7a 100644 --- a/libavformat/dv.c +++ b/libavformat/dv.c @@ -127,10 +127,14 @@ static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4], /* We work with 720p frames split in half, thus even frames have * channels 0,1 and odd 2,3. */ ipcm = (sys->height == 720 && !(frame[1] & 0x0C)) ? 2 : 0; - pcm = ppcm[ipcm++]; /* for each DIF channel */ for (chan = 0; chan < sys->n_difchan; chan++) { + /* next stereo channel (50Mbps and 100Mbps only) */ + pcm = ppcm[ipcm++]; + if (!pcm) + break; + /* for each DIF segment */ for (i = 0; i < sys->difseg_size; i++) { frame += 6 * 80; /* skip DIF segment header */ @@ -178,11 +182,6 @@ static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4], frame += 16 * 80; /* 15 Video DIFs + 1 Audio DIF */ } } - - /* next stereo channel (50Mbps and 100Mbps only) */ - pcm = ppcm[ipcm++]; - if (!pcm) - break; } return size; From 034b03e7a0e8e4f8f66c82b736f2c0aa7c063ec0 Mon Sep 17 00:00:00 2001 From: Mans Rullgard Date: Tue, 31 Jan 2012 10:20:33 -0800 Subject: [PATCH 06/22] ac3: Do not read past the end of ff_ac3_band_start_tab. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse --- libavcodec/ac3dsp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/ac3dsp.c b/libavcodec/ac3dsp.c index 98c73573cb..b751aec902 100644 --- a/libavcodec/ac3dsp.c +++ b/libavcodec/ac3dsp.c @@ -108,7 +108,7 @@ static void ac3_bit_alloc_calc_bap_c(int16_t *mask, int16_t *psd, int snr_offset, int floor, const uint8_t *bap_tab, uint8_t *bap) { - int bin, band; + int bin, band, band_end; /* special case, if snr offset is -960, set all bap's to zero */ if (snr_offset == -960) { @@ -120,12 +120,14 @@ static void ac3_bit_alloc_calc_bap_c(int16_t *mask, int16_t *psd, band = ff_ac3_bin_to_band_tab[start]; do { int m = (FFMAX(mask[band] - snr_offset - floor, 0) & 0x1FE0) + floor; - int band_end = FFMIN(ff_ac3_band_start_tab[band+1], end); + band_end = ff_ac3_band_start_tab[++band]; + band_end = FFMIN(band_end, end); + for (; bin < band_end; bin++) { int address = av_clip((psd[bin] - m) >> 5, 0, 63); bap[bin] = bap_tab[address]; } - } while (end > ff_ac3_band_start_tab[band++]); + } while (end > band_end); } static void ac3_update_bap_counts_c(uint16_t mant_cnt[16], uint8_t *bap, From d4eeadcbbfff880b6d6fb78ed06fe0c58470ce27 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Wed, 1 Feb 2012 05:30:18 +0000 Subject: [PATCH 07/22] truespeech: align buffer DSPContext.bswap_buf() requires aligned output Signed-off-by: Ronald S. Bultje --- libavcodec/truespeech.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/truespeech.c b/libavcodec/truespeech.c index 5ef0a01427..66ca461741 100644 --- a/libavcodec/truespeech.c +++ b/libavcodec/truespeech.c @@ -37,7 +37,7 @@ typedef struct { AVFrame frame; DSPContext dsp; /* input data */ - uint8_t buffer[32]; + DECLARE_ALIGNED(16, uint8_t, buffer)[32]; int16_t vector[8]; ///< input vector: 5/5/4/4/4/3/3/3 int offset1[2]; ///< 8-bit value, used in one copying offset int offset2[4]; ///< 7-bit value, encodes offsets for copying and for two-point filter From cb0b284381ea506a54c59c4968cd2c2c937f4d75 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Wed, 1 Feb 2012 01:00:17 +0100 Subject: [PATCH 08/22] zmbv: check av_realloc() return values and avoid memleaks on ENOMEM --- libavcodec/zmbv.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c index 2345eb36b5..a4546356ec 100644 --- a/libavcodec/zmbv.c +++ b/libavcodec/zmbv.c @@ -404,6 +404,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac int zret = Z_OK; // Zlib return code int len = buf_size; int hi_ver, lo_ver; + uint8_t *tmp; if (c->pic.data[0]) avctx->release_buffer(avctx, &c->pic); @@ -485,8 +486,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac return -1; } - c->cur = av_realloc(c->cur, avctx->width * avctx->height * (c->bpp / 8)); - c->prev = av_realloc(c->prev, avctx->width * avctx->height * (c->bpp / 8)); + tmp = av_realloc(c->cur, avctx->width * avctx->height * (c->bpp / 8)); + if (!tmp) + return AVERROR(ENOMEM); + c->cur = tmp; + tmp = av_realloc(c->prev, avctx->width * avctx->height * (c->bpp / 8)); + if (!tmp) + return AVERROR(ENOMEM); + c->prev = tmp; c->bx = (c->width + c->bw - 1) / c->bw; c->by = (c->height+ c->bh - 1) / c->bh; } From 510ef04a461b3b54a762c6141ad880cbed85981f Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Wed, 25 Jan 2012 15:49:54 +0100 Subject: [PATCH 09/22] vc1: prevent null pointer dereference on broken files CC: libav-stable@libav.org --- libavcodec/vc1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 325cc64fef..417bd046b7 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -5709,7 +5709,7 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, if (!v->field_mode || v->second_field) s->end_mb_y = (i == n_slices ) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height); else - s->end_mb_y = (i == n_slices1 + 1) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height); + s->end_mb_y = (i <= n_slices1 + 1) ? mb_height : FFMIN(mb_height, slices[i].mby_start % mb_height); vc1_decode_blocks(v); if (i != n_slices) s->gb = slices[i].gb; From 013a677fb62058161ca5cd31a85cf77a89cc1a9d Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Tue, 31 Jan 2012 23:59:10 +0000 Subject: [PATCH 10/22] zmbvenc: Employ more meaningful return values. Signed-off-by: Paul B Mahol Signed-off-by: Diego Biurrun --- libavcodec/zmbvenc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/zmbvenc.c b/libavcodec/zmbvenc.c index 75fcffec8c..ebb6624cb8 100644 --- a/libavcodec/zmbvenc.c +++ b/libavcodec/zmbvenc.c @@ -265,7 +265,7 @@ static av_cold int encode_init(AVCodecContext *avctx) lvl = avctx->compression_level; if(lvl < 0 || lvl > 9){ av_log(avctx, AV_LOG_ERROR, "Compression level should be 0-9, not %i\n", lvl); - return -1; + return AVERROR(EINVAL); } // Needed if zlib unused or init aborted before deflateInit @@ -274,7 +274,7 @@ static av_cold int encode_init(AVCodecContext *avctx) ((avctx->width + ZMBV_BLOCK - 1) / ZMBV_BLOCK) * ((avctx->height + ZMBV_BLOCK - 1) / ZMBV_BLOCK) * 2 + 4; if ((c->work_buf = av_malloc(c->comp_size)) == NULL) { av_log(avctx, AV_LOG_ERROR, "Can't allocate work buffer.\n"); - return -1; + return AVERROR(ENOMEM); } /* Conservative upper bound taken from zlib v1.2.1 source via lcl.c */ c->comp_size = c->comp_size + ((c->comp_size + 7) >> 3) + @@ -283,12 +283,12 @@ static av_cold int encode_init(AVCodecContext *avctx) /* Allocate compression buffer */ if ((c->comp_buf = av_malloc(c->comp_size)) == NULL) { av_log(avctx, AV_LOG_ERROR, "Can't allocate compression buffer.\n"); - return -1; + return AVERROR(ENOMEM); } c->pstride = FFALIGN(avctx->width, 16); if ((c->prev = av_malloc(c->pstride * avctx->height)) == NULL) { av_log(avctx, AV_LOG_ERROR, "Can't allocate picture.\n"); - return -1; + return AVERROR(ENOMEM); } c->zstream.zalloc = Z_NULL; From 8ca8e4a8461b6617d365954155e41f818287b181 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Wed, 1 Feb 2012 00:35:29 +0000 Subject: [PATCH 11/22] zmbv: Employ more meaningful return values. Also use av_log_ask_for_sample() where it makes sense. Signed-off-by: Paul B Mahol Signed-off-by: Diego Biurrun --- libavcodec/zmbv.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c index a4546356ec..a160553c09 100644 --- a/libavcodec/zmbv.c +++ b/libavcodec/zmbv.c @@ -403,7 +403,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac ZmbvContext * const c = avctx->priv_data; int zret = Z_OK; // Zlib return code int len = buf_size; - int hi_ver, lo_ver; + int hi_ver, lo_ver, ret; uint8_t *tmp; if (c->pic.data[0]) @@ -411,9 +411,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac c->pic.reference = 1; c->pic.buffer_hints = FF_BUFFER_HINTS_VALID; - if (avctx->get_buffer(avctx, &c->pic) < 0) { + if ((ret = avctx->get_buffer(avctx, &c->pic)) < 0) { av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); - return -1; + return ret; } /* parse header */ @@ -433,19 +433,19 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac "Flags=%X ver=%i.%i comp=%i fmt=%i blk=%ix%i\n", c->flags,hi_ver,lo_ver,c->comp,c->fmt,c->bw,c->bh); if (hi_ver != 0 || lo_ver != 1) { - av_log(avctx, AV_LOG_ERROR, "Unsupported version %i.%i\n", - hi_ver, lo_ver); - return -1; + av_log_ask_for_sample(avctx, "Unsupported version %i.%i\n", + hi_ver, lo_ver); + return AVERROR_PATCHWELCOME; } if (c->bw == 0 || c->bh == 0) { - av_log(avctx, AV_LOG_ERROR, "Unsupported block size %ix%i\n", - c->bw, c->bh); - return -1; + av_log_ask_for_sample(avctx, "Unsupported block size %ix%i\n", + c->bw, c->bh); + return AVERROR_PATCHWELCOME; } if (c->comp != 0 && c->comp != 1) { - av_log(avctx, AV_LOG_ERROR, "Unsupported compression type %i\n", - c->comp); - return -1; + av_log_ask_for_sample(avctx, "Unsupported compression type %i\n", + c->comp); + return AVERROR_PATCHWELCOME; } switch (c->fmt) { @@ -475,9 +475,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac default: c->decode_intra = NULL; c->decode_xor = NULL; - av_log(avctx, AV_LOG_ERROR, - "Unsupported (for now) format %i\n", c->fmt); - return -1; + av_log_ask_for_sample(avctx, "Unsupported (for now) format %i\n", + c->fmt); + return AVERROR_PATCHWELCOME; } zret = inflateReset(&c->zstream); @@ -500,7 +500,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac if (c->decode_intra == NULL) { av_log(avctx, AV_LOG_ERROR, "Error! Got no format or no keyframe!\n"); - return -1; + return AVERROR_INVALIDDATA; } if (c->comp == 0) { //Uncompressed data @@ -630,7 +630,7 @@ static av_cold int decode_init(AVCodecContext *avctx) if ((c->decomp_buf = av_malloc(c->decomp_size)) == NULL) { av_log(avctx, AV_LOG_ERROR, "Can't allocate decompression buffer.\n"); - return 1; + return AVERROR(ENOMEM); } } @@ -640,7 +640,7 @@ static av_cold int decode_init(AVCodecContext *avctx) zret = inflateInit(&c->zstream); if (zret != Z_OK) { av_log(avctx, AV_LOG_ERROR, "Inflate init error: %d\n", zret); - return 1; + return -1; } return 0; From 2e3fb9e3728b087870eaaea5e1c08f42c809e1eb Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Fri, 13 Jan 2012 17:01:18 +0100 Subject: [PATCH 12/22] swscale-test: Drop unused argc and argv arguments from main(). --- libswscale/colorspace-test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/colorspace-test.c b/libswscale/colorspace-test.c index 10cee8a955..135924c1ab 100644 --- a/libswscale/colorspace-test.c +++ b/libswscale/colorspace-test.c @@ -33,7 +33,7 @@ #define FUNC(s, d, n) { s, d, #n, n } -int main(int argc, char **argv) +int main(void) { int i, funcNum; uint8_t *srcBuffer = av_malloc(SIZE); From f5490fbe3bdf4c97ee43e91dafee8203e847ef19 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 31 Jan 2012 20:35:58 -0800 Subject: [PATCH 13/22] swscale: remove obsolete comment. --- libswscale/swscale.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libswscale/swscale.c b/libswscale/swscale.c index eaec1dd82c..a7057bb48e 100644 --- a/libswscale/swscale.c +++ b/libswscale/swscale.c @@ -1610,8 +1610,6 @@ static void monoblack2Y_c(uint8_t *dst, const uint8_t *src, } } -//FIXME yuy2* can read up to 7 samples too much - static void yuy2ToY_c(uint8_t *dst, const uint8_t *src, int width, uint32_t *unused) { From 3b637dca72813ee87b90d6bb01dbb8c1b36d9120 Mon Sep 17 00:00:00 2001 From: Diego Biurrun Date: Wed, 1 Feb 2012 14:58:10 +0100 Subject: [PATCH 14/22] avcodec.h: Remove some disabled cruft. --- libavcodec/avcodec.h | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 85bb59909b..c70eb852a8 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -183,9 +183,6 @@ enum CodecID { CODEC_ID_TIERTEXSEQVIDEO, CODEC_ID_TIFF, CODEC_ID_GIF, -#if LIBAVCODEC_VERSION_MAJOR == 53 - CODEC_ID_FFH264, -#endif CODEC_ID_DXA, CODEC_ID_DNXHD, CODEC_ID_THP, @@ -203,10 +200,6 @@ enum CodecID { CODEC_ID_INDEO5, CODEC_ID_MIMIC, CODEC_ID_RL2, -#if LIBAVCODEC_VERSION_MAJOR == 53 - CODEC_ID_8SVX_EXP, - CODEC_ID_8SVX_FIB, -#endif CODEC_ID_ESCAPE124, CODEC_ID_DIRAC, CODEC_ID_BFI, @@ -245,10 +238,6 @@ enum CodecID { CODEC_ID_DFA, CODEC_ID_WMV3IMAGE, CODEC_ID_VC1IMAGE, -#if LIBAVCODEC_VERSION_MAJOR == 53 - CODEC_ID_G723_1, - CODEC_ID_G729, -#endif CODEC_ID_UTVIDEO, CODEC_ID_BMV_VIDEO, CODEC_ID_VBLE, @@ -346,10 +335,6 @@ enum CodecID { CODEC_ID_MACE3, CODEC_ID_MACE6, CODEC_ID_VMDAUDIO, -#if LIBAVCODEC_VERSION_MAJOR == 53 - CODEC_ID_SONIC, - CODEC_ID_SONIC_LS, -#endif CODEC_ID_FLAC, CODEC_ID_MP3ADU, CODEC_ID_MP3ON4, @@ -391,12 +376,10 @@ enum CodecID { CODEC_ID_AAC_LATM, CODEC_ID_QDMC, CODEC_ID_CELT, -#if LIBAVCODEC_VERSION_MAJOR > 53 CODEC_ID_G723_1, CODEC_ID_G729, CODEC_ID_8SVX_EXP, CODEC_ID_8SVX_FIB, -#endif CODEC_ID_BMV_AUDIO, /* subtitle codecs */ @@ -1471,7 +1454,6 @@ typedef struct AVCodecContext { #define FF_BUG_DC_CLIP 4096 #define FF_BUG_MS 8192 ///< Work around various bugs in Microsoft's broken decoders. #define FF_BUG_TRUNCATED 16384 -//#define FF_BUG_FAKE_SCALABILITY 16 //Autodetection should work 100%. /** * luma single coefficient elimination threshold @@ -2044,14 +2026,6 @@ typedef struct AVCodecContext { * - decoding: unused */ int context_model; -#if 0 - /** - * - * - encoding: unused - * - decoding: Set by user. - */ - uint8_t * (*realloc)(struct AVCodecContext *s, uint8_t *buf, int buf_size); -#endif /** * slice flags From 212f161caada76b083ebaca21449c58162e5419d Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Wed, 1 Feb 2012 07:38:54 -0800 Subject: [PATCH 15/22] swscale: make rgb24 function macros slightly smaller. --- libswscale/x86/input.asm | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/libswscale/x86/input.asm b/libswscale/x86/input.asm index 7404b19dc2..d52a35a106 100644 --- a/libswscale/x86/input.asm +++ b/libswscale/x86/input.asm @@ -273,31 +273,28 @@ cglobal %2 %+ 24ToUV, 3, 4, %1, dstU, dstV, src, w %endif ; ARCH_X86_64 && %0 == 3 %endmacro +; %1 = nr. of XMM registers for rgb-to-Y func +; %2 = nr. of XMM registers for rgb-to-UV func +%macro RGB24_FUNCS 2 +RGB24_TO_Y_FN %1, rgb +RGB24_TO_Y_FN %1, bgr, rgb +RGB24_TO_UV_FN %2, rgb +RGB24_TO_UV_FN %2, bgr, rgb +%endmacro + %if ARCH_X86_32 INIT_MMX mmx -RGB24_TO_Y_FN 0, rgb -RGB24_TO_Y_FN 0, bgr, rgb -RGB24_TO_UV_FN 0, rgb -RGB24_TO_UV_FN 0, bgr, rgb +RGB24_FUNCS 0, 0 %endif INIT_XMM sse2 -RGB24_TO_Y_FN 10, rgb -RGB24_TO_Y_FN 10, bgr, rgb -RGB24_TO_UV_FN 12, rgb -RGB24_TO_UV_FN 12, bgr, rgb +RGB24_FUNCS 10, 12 INIT_XMM ssse3 -RGB24_TO_Y_FN 11, rgb -RGB24_TO_Y_FN 11, bgr, rgb -RGB24_TO_UV_FN 13, rgb -RGB24_TO_UV_FN 13, bgr, rgb +RGB24_FUNCS 11, 13 INIT_XMM avx -RGB24_TO_Y_FN 11, rgb -RGB24_TO_Y_FN 11, bgr, rgb -RGB24_TO_UV_FN 13, rgb -RGB24_TO_UV_FN 13, bgr, rgb +RGB24_FUNCS 11, 13 ;----------------------------------------------------------------------------- ; YUYV/UYVY/NV12/NV21 packed pixel shuffling. From 378c5ef9ae1a504b5e363c5fa7193c3b4ca2267f Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Wed, 1 Feb 2012 07:38:57 -0800 Subject: [PATCH 16/22] swscale: enable dithering in MMX functions. This was accidently disabled. Signed-off-by: Ronald S. Bultje --- libswscale/x86/swscale_mmx.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libswscale/x86/swscale_mmx.c b/libswscale/x86/swscale_mmx.c index bd7664094e..29f31c329b 100644 --- a/libswscale/x86/swscale_mmx.c +++ b/libswscale/x86/swscale_mmx.c @@ -27,6 +27,8 @@ #include "libavutil/cpu.h" #include "libavutil/pixdesc.h" +#define DITHER1XBPP + DECLARE_ASM_CONST(8, uint64_t, bF8)= 0xF8F8F8F8F8F8F8F8LL; DECLARE_ASM_CONST(8, uint64_t, bFC)= 0xFCFCFCFCFCFCFCFCLL; DECLARE_ASM_CONST(8, uint64_t, w10)= 0x0010001000100010LL; From 316fc7443b05f8c8b494443f2dfe590434796902 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Tue, 31 Jan 2012 15:40:11 +0000 Subject: [PATCH 17/22] avcodec: Add av_fast_padded_malloc(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Wrapper around av_fast_malloc() that keeps FF_INPUT_BUFFER_PADDING_SIZE zero-padded bytes at the end of the used buffer. Based on a patch by Reimar Döffinger . --- doc/APIchanges | 5 +++++ libavcodec/avcodec.h | 9 +++++++++ libavcodec/utils.c | 13 +++++++++++++ 3 files changed, 27 insertions(+) diff --git a/doc/APIchanges b/doc/APIchanges index 0d4cb596a7..df55c0a732 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -13,6 +13,11 @@ libavutil: 2011-04-18 API changes, most recent first: +2012-02-01 - xxxxxxx - lavc 54.01.0 + Add av_fast_padded_malloc() as alternative for av_realloc() when aligned + memory is required. The buffer will always have FF_INPUT_BUFFER_PADDING_SIZE + zero-padded bytes at the end. + 2012-01-31 - xxxxxxx - lavf 54.01.0 Add avformat_get_riff_video_tags() and avformat_get_riff_audio_tags(). diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index c70eb852a8..fcbb68ad60 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -4070,6 +4070,15 @@ void *av_fast_realloc(void *ptr, unsigned int *size, size_t min_size); */ void av_fast_malloc(void *ptr, unsigned int *size, size_t min_size); +/** + * Allocate a buffer with padding, reusing the given one if large enough. + * + * Same behaviour av_fast_malloc but the buffer has additional + * FF_INPUT_PADDING_SIZE at the end which will always memset to 0. + * + */ +void av_fast_padded_malloc(void *ptr, unsigned int *size, size_t min_size); + /** * Copy image src to dst. Wraps av_picture_data_copy() above. */ diff --git a/libavcodec/utils.c b/libavcodec/utils.c index fa609534a5..34eff0031a 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -80,6 +80,19 @@ void av_fast_malloc(void *ptr, unsigned int *size, size_t min_size) *size= min_size; } +void av_fast_padded_malloc(void *ptr, unsigned int *size, size_t min_size) +{ + void **p = ptr; + if (min_size > SIZE_MAX - FF_INPUT_BUFFER_PADDING_SIZE) { + av_freep(p); + *size = 0; + return; + } + av_fast_malloc(p, size, min_size + FF_INPUT_BUFFER_PADDING_SIZE); + if (*size) + memset((uint8_t *)*p + min_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); +} + /* encoder management */ static AVCodec *first_avcodec = NULL; From 00db4d4ad5d2313b18bda6bb6eeabb99db8f9c72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Mon, 30 Jan 2012 18:33:32 -0500 Subject: [PATCH 18/22] asv1: use av_fast_padded_malloc() Signed-off-by: Justin Ruggles --- libavcodec/asv1.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/asv1.c b/libavcodec/asv1.c index 8db23c07ef..754c1aa89a 100644 --- a/libavcodec/asv1.c +++ b/libavcodec/asv1.c @@ -408,7 +408,8 @@ static int decode_frame(AVCodecContext *avctx, p->pict_type= AV_PICTURE_TYPE_I; p->key_frame= 1; - av_fast_malloc(&a->bitstream_buffer, &a->bitstream_buffer_size, buf_size + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&a->bitstream_buffer, &a->bitstream_buffer_size, + buf_size); if (!a->bitstream_buffer) return AVERROR(ENOMEM); From 2f4b9021a18312685f93768688e5e27a8ccd70a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Mon, 30 Jan 2012 18:34:10 -0500 Subject: [PATCH 19/22] eatqi: use av_fast_padded_malloc() Signed-off-by: Justin Ruggles --- libavcodec/eatqi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/eatqi.c b/libavcodec/eatqi.c index aaf704b41a..179b84d6a0 100644 --- a/libavcodec/eatqi.c +++ b/libavcodec/eatqi.c @@ -124,7 +124,8 @@ static int tqi_decode_frame(AVCodecContext *avctx, return -1; } - av_fast_malloc(&t->bitstream_buf, &t->bitstream_buf_size, (buf_end-buf) + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&t->bitstream_buf, &t->bitstream_buf_size, + buf_end - buf); if (!t->bitstream_buf) return AVERROR(ENOMEM); s->dsp.bswap_buf(t->bitstream_buf, (const uint32_t*)buf, (buf_end-buf)/4); From 0880503fbbd68bf6b1352488944020e3ec35c2e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Mon, 30 Jan 2012 18:35:35 -0500 Subject: [PATCH 20/22] mjpegdec: use av_fast_padded_malloc() also check for allocation failure Signed-off-by: Justin Ruggles --- libavcodec/mjpegdec.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index d6ed43bbaa..48a872bdb7 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1359,13 +1359,9 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s, int start_code; start_code = find_marker(buf_ptr, buf_end); - if ((buf_end - *buf_ptr) > s->buffer_size) { - av_free(s->buffer); - s->buffer_size = buf_end - *buf_ptr; - s->buffer = av_malloc(s->buffer_size + FF_INPUT_BUFFER_PADDING_SIZE); - av_log(s->avctx, AV_LOG_DEBUG, - "buffer too small, expanding to %d bytes\n", s->buffer_size); - } + av_fast_padded_malloc(&s->buffer, &s->buffer_size, buf_end - *buf_ptr); + if (!s->buffer) + return AVERROR(ENOMEM); /* unescape buffer of SOS, use special treatment for JPEG-LS */ if (start_code == SOS && !s->ls) { From f54ae2f8e7c905d863b2e96b1d5df3f1b9aa5f30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Tue, 31 Jan 2012 11:30:34 -0500 Subject: [PATCH 21/22] fraps: Use av_fast_padded_malloc() instead of av_realloc() Ensures alignment and avoids using uninitialized data. Signed-off-by: Justin Ruggles --- libavcodec/fraps.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libavcodec/fraps.c b/libavcodec/fraps.c index 1444eda979..5f5e55e8ff 100644 --- a/libavcodec/fraps.c +++ b/libavcodec/fraps.c @@ -46,6 +46,7 @@ typedef struct FrapsContext{ AVCodecContext *avctx; AVFrame frame; uint8_t *tmpbuf; + int tmpbuf_size; DSPContext dsp; } FrapsContext; @@ -276,7 +277,10 @@ static int decode_frame(AVCodecContext *avctx, offs[planes] = buf_size; for(i = 0; i < planes; i++){ is_chroma = !!i; - s->tmpbuf = av_realloc(s->tmpbuf, offs[i + 1] - offs[i] - 1024 + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&s->tmpbuf, &s->tmpbuf_size, + offs[i + 1] - offs[i] - 1024); + if (!s->tmpbuf) + return AVERROR(ENOMEM); if(fraps2_decode_plane(s, f->data[i], f->linesize[i], avctx->width >> is_chroma, avctx->height >> is_chroma, buf + offs[i], offs[i + 1] - offs[i], is_chroma, 1) < 0) { av_log(avctx, AV_LOG_ERROR, "Error decoding plane %i\n", i); @@ -318,7 +322,10 @@ static int decode_frame(AVCodecContext *avctx, } offs[planes] = buf_size; for(i = 0; i < planes; i++){ - s->tmpbuf = av_realloc(s->tmpbuf, offs[i + 1] - offs[i] - 1024 + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_padded_malloc(&s->tmpbuf, &s->tmpbuf_size, + offs[i + 1] - offs[i] - 1024); + if (!s->tmpbuf) + return AVERROR(ENOMEM); if(fraps2_decode_plane(s, f->data[0] + i + (f->linesize[0] * (avctx->height - 1)), -f->linesize[0], avctx->width, avctx->height, buf + offs[i], offs[i + 1] - offs[i], 0, 3) < 0) { av_log(avctx, AV_LOG_ERROR, "Error decoding plane %i\n", i); From 5ff88020ac4cd285fa00d0c559aa196bbd8526d7 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Wed, 1 Feb 2012 21:05:16 +0000 Subject: [PATCH 22/22] frwu: Employ more meaningful return values. Signed-off-by: Paul B Mahol Signed-off-by: Justin Ruggles --- libavcodec/frwu.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/libavcodec/frwu.c b/libavcodec/frwu.c index eba0530e3c..1dbbc32514 100644 --- a/libavcodec/frwu.c +++ b/libavcodec/frwu.c @@ -28,7 +28,7 @@ static av_cold int decode_init(AVCodecContext *avctx) { if (avctx->width & 1) { av_log(avctx, AV_LOG_ERROR, "FRWU needs even width\n"); - return -1; + return AVERROR(EINVAL); } avctx->pix_fmt = PIX_FMT_UYVY422; @@ -42,7 +42,7 @@ static av_cold int decode_init(AVCodecContext *avctx) static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPacket *avpkt) { - int field; + int field, ret; AVFrame *pic = avctx->coded_frame; const uint8_t *buf = avpkt->data; const uint8_t *buf_end = buf + avpkt->size; @@ -52,16 +52,18 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, if (avpkt->size < avctx->width * 2 * avctx->height + 4 + 2*8) { av_log(avctx, AV_LOG_ERROR, "Packet is too small.\n"); - return -1; + return AVERROR_INVALIDDATA; } if (bytestream_get_le32(&buf) != AV_RL32("FRW1")) { av_log(avctx, AV_LOG_ERROR, "incorrect marker\n"); - return -1; + return AVERROR_INVALIDDATA; } pic->reference = 0; - if (avctx->get_buffer(avctx, pic) < 0) - return -1; + if ((ret = avctx->get_buffer(avctx, pic)) < 0) { + av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); + return ret; + } pic->pict_type = AV_PICTURE_TYPE_I; pic->key_frame = 1; @@ -74,16 +76,16 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, int field_size, min_field_size = avctx->width * 2 * field_h; uint8_t *dst = pic->data[0]; if (buf_end - buf < 8) - return -1; + return AVERROR_INVALIDDATA; buf += 4; // flags? 0x80 == bottom field maybe? field_size = bytestream_get_le32(&buf); if (field_size < min_field_size) { av_log(avctx, AV_LOG_ERROR, "Field size %i is too small (required %i)\n", field_size, min_field_size); - return -1; + return AVERROR_INVALIDDATA; } if (buf_end - buf < field_size) { av_log(avctx, AV_LOG_ERROR, "Packet is too small, need %i, have %i\n", field_size, (int)(buf_end - buf)); - return -1; + return AVERROR_INVALIDDATA; } if (field) dst += pic->linesize[0];