1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

78001 Commits

Author SHA1 Message Date
Michael Niedermayer
057549a9cc avcodec/aacenc: Check both channels for finiteness
Fixes null pointer dereference
Fixes: 10412fc52ecc6eab40ed67f82ca7b372/signal_sigsegv_2618c99_2129_f808373959e46afb165593332799ffbc.aif

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-16 18:33:12 +01:00
Mats Peterson
535d09a510 lavf/matroskadec: Get sample size from private data
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-16 11:44:46 +01:00
Mats Peterson
a51c8a68ad lavf/mov: Don't limit fourcc 0 -> raw/twos to version 0 sample descriptions
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-16 11:42:46 +01:00
Michael Niedermayer
d7c75a5db0 avcodec/motion_est: Attempt to fix "short data segment overflowed" on IA64
This decreases the MV related encoding table sizes
This should have little effect on real world video encoding performance

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-16 00:56:05 +01:00
Andreas Cadhalpun
564dd3f0f4 mpeg4videodec: silence ubsan warning
s->ac_val[0][0] is of type 'int16_t [16]', but points into a larger buffer.
Here it is used as base pointer to find the correct position in the
larger buffer by adding 's->block_index[n] * 16' and thus as 'int16_t *'.

This fixes clang's ubsan runtime error: index out of bounds for type
'int16_t [16]'

Fixes: test_case.mp4

Found-by: Tyson Smith <twsmith@mozilla.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 23:48:33 +01:00
Ganesh Ajjanagadde
5989add4ab lavu/x86/lls: add fma3 optimizations for update_lls
This improves accuracy (very slightly) and speed for processors having
fma3.

Sample benchmark (fate flac-16-lpc-cholesky, Haswell):
old:
5993610 decicycles in ff_lpc_calc_coefs,      64 runs,      0 skips
5951528 decicycles in ff_lpc_calc_coefs,     128 runs,      0 skips

new:
5252410 decicycles in ff_lpc_calc_coefs,      64 runs,      0 skips
5232869 decicycles in ff_lpc_calc_coefs,     128 runs,      0 skips

Tested with FATE and --disable-fma3, also examined contents of
lavu/lls-test.

Reviewed-by: James Almer <jamrial@gmail.com>
Reviewed-by: Henrik Gramner <henrik@gramner.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2016-01-15 16:46:13 -05:00
Paul B Mahol
d4ce63a1bf avfilter/af_sidechaincompress & af_agate: use audio fifo from lavu
Fixes regression causing segfault.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-15 21:49:42 +01:00
Piotr Bandurski
eded2e4fac avformat/riff: add C210 FourCC (Canopus C210) 2016-01-15 19:22:51 +01:00
Piotr Bandurski
23ac355487 avformat/riff: add YUYV FourCC (Drastic YUYV) 2016-01-15 19:14:51 +01:00
Paul B Mahol
7d76294ce0 avfilter: add ahistogram multimedia filter
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-15 19:10:46 +01:00
James Almer
36778627e2 x86/intmath: add missing early clobber to output operands
Signed-off-by: James Almer <jamrial@gmail.com>
2016-01-15 13:32:58 -03:00
Michael Niedermayer
da6f34516b avcodec/x86/fmtconvert: Add emms to int32_to_float_fmul_array8_sse()
this should fix checkasm on x86_64-archlinux-gcc-valgrind

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 17:08:37 +01:00
Michael Niedermayer
48f5244df7 avfilter/vaf_spectrumsynth: Fix mixed declaration and statment
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 16:51:54 +01:00
Michael Niedermayer
cfda1bea4c avformat/hls: Even stricter URL checks
This fixes a null pointer dereference at least

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 15:29:22 +01:00
Michael Niedermayer
6ba42b6482 avformat/hls: More strict url checks
No case is known where these are needed

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 14:11:21 +01:00
James Almer
e3c188e72c avcodec/rmdec: add missing av_log argument
Also change the format specifier to expect an unsigned int

Signed-off-by: James Almer <jamrial@gmail.com>
2016-01-15 02:26:36 -03:00
Mats Peterson
b58cfa616c lavf/mov: Confine 0x00000000 to raw/twos fourcc mapping to version 0 sample descriptions
Confine the 0x00000000 to 'raw '/'twos' fourcc mapping to old version 0
sound sample descriptions, since they are the only valid sample
descriptions for this type of mapping.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 03:38:43 +01:00
Michael Niedermayer
8f4c3e4b92 avcodec/pngenc: Fix mixed up linesizes
Fixes out of array accesses
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 03:38:43 +01:00
Michael Niedermayer
7ec9c5ce8a avcodec/pngenc: Replace memcpy by av_image_copy()
Fixes out of array access
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 03:38:43 +01:00
Andreas Cadhalpun
c29e87ad55 asfdec_o: check for too small size in asf_read_unknown
This fixes infinite loops due to seeking back.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:40:21 +01:00
Andreas Cadhalpun
0e32153e9c asfdec_o: break if EOF is reached after asf_read_packet_header
asf_read_payload can unset eof_reached, so check it also before calling
that function.

This fixes infinite loops.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:39:46 +01:00
Andreas Cadhalpun
3776a72962 asfdec_o: make sure packet_size is non-zero before seeking
This fixes infinite loops due to seeking back.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:39:30 +01:00
Andreas Cadhalpun
74474750f1 asfdec_o: prevent overflow causing seekback
This fixes infinite loops.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:38:50 +01:00
Andreas Cadhalpun
0002d845e8 asfdec_o: check avio_skip in asf_read_simple_index
The loop can be very long, even though the file is very short.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:37:30 +01:00
Andreas Cadhalpun
aa18016996 asfdec_o: reject size > INT64_MAX in asf_read_unknown
Both avio_skip and detect_unknown_subobject use int64_t for the size
parameter.

This fixes a segmentation fault due to infinite recursion.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:37:13 +01:00
Andreas Cadhalpun
763c572801 asfdec_o: only set asf_pkt->data_size after sanity checks
Otherwise invalid values are used unchecked in the next run.
This can cause NULL pointer dereferencing.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:36:41 +01:00
Andreas Cadhalpun
f8bc0137bd lavu: prevent overflow in av_clip_intp2_c
This fixes ubsan runtime error: signed integer overflow: 8388608 +
2140274688 cannot be represented in type 'int'

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:32:54 +01:00
Ganesh Ajjanagadde
2e4fd16f5b lavc/aacenc: use isfinite to simplify isnan/isinf logic
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2016-01-14 18:28:38 -05:00
Michael Niedermayer
c3a24006d5 avformat/rmdec: Fix Packet memleak at close()
Fixes: asan_heap-oob_445b39_1741_d00eb645ab48eb2203b4a04a5b997103.ivr

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Michael Niedermayer
80fd348bb7 avformat/rmdec: Check size in ivr_read_packet() before use
Fixes out of array access
Fixes: asan_heap-oob_445b39_1741_d00eb645ab48eb2203b4a04a5b997103.ivr

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Michael Niedermayer
fc2588a1d6 swscale/vscale: Use matching sliceY/chrSliceY for luma/chroma
No case known where that makes a difference

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Aman Gupta
3a0e5cfcee lavc/ccaption_dec: clear all unused rows during rollup
Sometimes rollup captions can move around the screen. This fixes "ghost"
captions from below the current rollup area from continuing to be
captured when a rollup moves higher up on the screen.
2016-01-14 23:13:15 +01:00
Aman Gupta
9027806e3c lavc/ccaption_dec: clean up whitespace 2016-01-14 23:13:09 +01:00
Aman Gupta
fdbe5cd5c5 fate: add test for realtime ccaption decoder 2016-01-14 22:41:41 +01:00
Aman Gupta
5c041e2ccc lavc/ccaption_dec: implement real_time option
This new mode is useful for realtime decoding of closed captions so they
can be display along with mpeg2 frames.

Closed caption streams contain two major types of captions:

- POPON captions, which are buffered off-screen and displayed
  only after EOC (end of caption, aka display buffer)

- PAINTON/ROLLUP captions, which are written to the display as soon as
  they arrive.

In a typical real-time eia608 decoder, commands like EOC (end of
caption; display buffer), EDM (erase display memory) and EBM (erase
buffered memory) perform their expected functions as soon as the
commands are processed. This is implemented in the real_time branches
added in this commit.

Before this commit, and in the !real_time branches after this commit,
the decoder cleverly implements its own version of the decoder which is
specifically geared towards buffered decoding. It does so by actively
ignoring commands like EBM (erase buffered memory), and then re-using
the non-display buffer to hold the previous caption while the new one is
received. This is the opposite of the real-time decoder, which uses the
non-display buffer to hold the new caption while the display buffer is
still showing the current caption.

In addition to ignoring EBM, the buffered decoder also has custom
implementations for EDM and EOC. An EDM (erase display memory) command
flushes the existing contents before clearing the screen, and EOC
similarly always flushes the active buffer (the previous subtitle)
before flipping buffers.
2016-01-14 22:41:41 +01:00
Paul B Mahol
d6f1abe9ce avfilter/vf_fftfilt: this is video filter so use pixels instead of samples
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 22:20:25 +01:00
Paul B Mahol
2bbc7e9625 avfilter/vf_fftfilt: use the name 's' for the pointer to the private context
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 22:19:52 +01:00
Aman Gupta
260e368717 lavc/ccaption_dec: flush context on seek 2016-01-14 22:08:59 +01:00
Michael Niedermayer
eb7802afef swscale/vscale: Check that 2 tap filters are bilinear before using bilinear code
Fixes: out of array reads
Fixes: 07e8b9c5d348ccdf7add0f37de20cf6c/asan_heap-oob_27e8df7_6849_e56653f768070ec8cb52f587048444c2.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:59:12 +01:00
Michael Niedermayer
b99f498716 swscale/output: Assert that yalpha and uvalpha are within their expected range
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
fe6372bb61 swscale/vscale: Add fixme comment to "ugly" code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
705a2f70ee swscale/slice: Fix indention
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
8feeffc1d7 swscale/slice: Fix doc typo
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
e06403331c swscale: Move Contexts used only in hscale.c into it
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
7b6e6895f2 swscale: Move VScalerContext into vscale.c
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Paul B Mahol
653f9d84ae avfilter: add spectrumsynth filter
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 20:51:20 +01:00
Michael Niedermayer
cc538e9dbd swscale/utils: Detect and skip unneeded sws_setColorspaceDetails() calls
This avoids running various table inits unnecessarily

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Michael Niedermayer
8f3a9a8c27 swscale/yuv2rgb: Increase YUV2RGB table headroom
This makes SWS more robust
Fixes: 07650a772d98aa63b0fed6370dc89037/asan_heap-oob_27ddeaf_2657_2c81ff264dee5d9712cb3251fb9c3bbb.264
Fixes: out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Michael Niedermayer
5e5f82a287 swscale/yuv2rgb: Factor YUVRGB_TABLE_LUMA_HEADROOM out
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Paul B Mahol
70df51112c avfilter/af_dynaudnorm: fix possible null pointer dereference
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 14:30:36 +01:00