Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.
In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.
There are multiple important problems with this approach:
- the fields in AVCodecContext are in general one of
* stream parameters
* codec options
* codec state
However, it's not clear which ones are which. It is consequently
unclear which fields are a demuxer allowed to set or a muxer allowed to
read. This leads to erratic behaviour depending on whether decoding or
encoding is being performed or not (and whether it uses the AVStream
embedded codec context).
- various synchronization issues arising from the fact that the same
context is used by several different APIs (muxers/demuxers,
parsers, bitstream filters and encoders/decoders) simultaneously, with
there being no clear rules for who can modify what and the different
processes being typically delayed with respect to each other.
- avformat_find_stream_info() making it necessary to support opening
and closing a single codec context multiple times, thus
complicating the semantics of freeing various allocated objects in the
codec context.
Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Fixes: use of uninitialized memeory
Fixes: msan_uninit-mem_7fbf26b5fefe_5981_intro.jv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '15739a9bd19a7d47ad8afb25348c684a3bdd6ef2':
jvdec: Do not feed the decoder with known wrong data
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ef1b23ad21e3f12fc4ff2a73a6d4d4cd9d630c4b': (21 commits)
jvdec: set channel layout
iss: set channel layout
ipmovie: set channel layout
iff: set channel layout
idroqdec: set channel layout
gxfdec: set channel layout when applicable
gsmdec: set channel layout
flvdec: set channel layout
dv: set channel layout
dsicin: set channel layout
daud: set channel layout
cdxl: set channel layout
bmv: set channel layout
bink: set channel layout
bfi: set channel layout
bethsoftvid: set channel layout
apc: set channel layout
amr: set channel_layout
ppc: replace pointer casting with AV_COPY32
ppc: fix some unused variable warnings
...
Conflicts:
libavformat/amr.c
libavformat/iff.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec: Templatize the code for different g726 bitrate variants
rv40: move loop filter to rv34dsp context
lavf: make av_set_pts_info private.
rtpdec: Add support for G726 audio
rtpdec: Add an init function that can do custom codec context initialization
avconv: make copy_tb on by default.
matroskadec: don't set codec timebase.
rmdec: don't set codec timebase.
avconv: compute next_pts from input packet duration when possible.
lavf: estimate frame duration from r_frame_rate.
avconv: update InputStream.pts in the streamcopy case.
Conflicts:
avconv.c
libavdevice/alsa-audio-dec.c
libavdevice/bktr.c
libavdevice/fbdev.c
libavdevice/libdc1394.c
libavdevice/oss_audio.c
libavdevice/v4l.c
libavdevice/v4l2.c
libavdevice/vfwcap.c
libavdevice/x11grab.c
libavformat/au.c
libavformat/eacdata.c
libavformat/flvdec.c
libavformat/mpegts.c
libavformat/mxfenc.c
libavformat/rtpdec_g726.c
libavformat/wtv.c
libavformat/xmv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
presets: rename presets directory
lavc: make avcodec_get_context_defaults3 "officially" public
lavf: replace av_new_stream->avformat_new_stream part II.
lavf,lavd: replace av_new_stream->avformat_new_stream part I.
lavf: add avformat_new_stream as a replacement for av_new_stream.
Use correct scaling table for bwd-pred MVs in second B-field
Ut Video decoder
Makefile: change presets extension to .avpreset
lavfi: add rgbtestsrc source, ported from MPlayer libmpcodecs
lavfi: add testsrc source
AVOptions: add documentation.
presets: update libx264 ffpresets
Conflicts:
Changelog
doc/APIchanges
doc/ffmpeg.texi
ffpresets/libx264-ipod320.ffpreset
ffpresets/libx264-ipod640.ffpreset
ffserver.c
libavcodec/avcodec.h
libavcodec/options.c
libavcodec/version.h
libavdevice/libdc1394.c
libavfilter/avfilter.h
libavfilter/vsrc_testsrc.c
libavformat/flvdec.c
libavformat/riff.c
libavformat/version.h
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Manual replacements are done in this commit.
In many cases, the id is some constant made up number (e.g. 0 for video
and 1 for audio), which is then not used in the demuxer for anything.
Those ids are removed.
* qatar/master:
Fix parser: mark av_parser_parse() for removal on next major bump
swscale: postpone sws_getContext removal until next major bump.
fate: add AAC LATM test
mmst: get rid of deprecated AVERRORs
lxfdec: use AVERROR(ENOMEM) instead of deprecated AVERROR_NOMEM.
Reemove remaining uses of deprecated AVERROR_NOTSUPP.
REIMPLEMENTED in 2 lines of code: lavf: if id3v2 tag is present and all else fails, guess by file extension
Conflicts:
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
Fixed-point MDCT with 32-bit unscaled output
lavc: deprecate rate_emu
lavc: mark hurry_up for removal on next major bump
parser: mark av_parser_parse() for removal on next major bump
lavc: add missing audioconvert includes
jvdec: don't use deprecated CODEC_TYPE_*/PKT_FLAG_KEY
Conflicts:
libavcodec/h264.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
In the event of overflow, the JV_PADDING state will avio_skip over
any overflow bytes (using JVFrame.total_size).
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
