1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Commit Graph

78749 Commits

Author SHA1 Message Date
Michael Niedermayer
7ec9c5ce8a avcodec/pngenc: Replace memcpy by av_image_copy()
Fixes out of array access
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-15 03:38:43 +01:00
Andreas Cadhalpun
c29e87ad55 asfdec_o: check for too small size in asf_read_unknown
This fixes infinite loops due to seeking back.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:40:21 +01:00
Andreas Cadhalpun
0e32153e9c asfdec_o: break if EOF is reached after asf_read_packet_header
asf_read_payload can unset eof_reached, so check it also before calling
that function.

This fixes infinite loops.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:39:46 +01:00
Andreas Cadhalpun
3776a72962 asfdec_o: make sure packet_size is non-zero before seeking
This fixes infinite loops due to seeking back.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:39:30 +01:00
Andreas Cadhalpun
74474750f1 asfdec_o: prevent overflow causing seekback
This fixes infinite loops.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:38:50 +01:00
Andreas Cadhalpun
0002d845e8 asfdec_o: check avio_skip in asf_read_simple_index
The loop can be very long, even though the file is very short.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:37:30 +01:00
Andreas Cadhalpun
aa18016996 asfdec_o: reject size > INT64_MAX in asf_read_unknown
Both avio_skip and detect_unknown_subobject use int64_t for the size
parameter.

This fixes a segmentation fault due to infinite recursion.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:37:13 +01:00
Andreas Cadhalpun
763c572801 asfdec_o: only set asf_pkt->data_size after sanity checks
Otherwise invalid values are used unchecked in the next run.
This can cause NULL pointer dereferencing.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:36:41 +01:00
Andreas Cadhalpun
f8bc0137bd lavu: prevent overflow in av_clip_intp2_c
This fixes ubsan runtime error: signed integer overflow: 8388608 +
2140274688 cannot be represented in type 'int'

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:32:54 +01:00
Ganesh Ajjanagadde
2e4fd16f5b lavc/aacenc: use isfinite to simplify isnan/isinf logic
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2016-01-14 18:28:38 -05:00
Michael Niedermayer
c3a24006d5 avformat/rmdec: Fix Packet memleak at close()
Fixes: asan_heap-oob_445b39_1741_d00eb645ab48eb2203b4a04a5b997103.ivr

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Michael Niedermayer
80fd348bb7 avformat/rmdec: Check size in ivr_read_packet() before use
Fixes out of array access
Fixes: asan_heap-oob_445b39_1741_d00eb645ab48eb2203b4a04a5b997103.ivr

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Michael Niedermayer
fc2588a1d6 swscale/vscale: Use matching sliceY/chrSliceY for luma/chroma
No case known where that makes a difference

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Aman Gupta
3a0e5cfcee lavc/ccaption_dec: clear all unused rows during rollup
Sometimes rollup captions can move around the screen. This fixes "ghost"
captions from below the current rollup area from continuing to be
captured when a rollup moves higher up on the screen.
2016-01-14 23:13:15 +01:00
Aman Gupta
9027806e3c lavc/ccaption_dec: clean up whitespace 2016-01-14 23:13:09 +01:00
Aman Gupta
fdbe5cd5c5 fate: add test for realtime ccaption decoder 2016-01-14 22:41:41 +01:00
Aman Gupta
5c041e2ccc lavc/ccaption_dec: implement real_time option
This new mode is useful for realtime decoding of closed captions so they
can be display along with mpeg2 frames.

Closed caption streams contain two major types of captions:

- POPON captions, which are buffered off-screen and displayed
  only after EOC (end of caption, aka display buffer)

- PAINTON/ROLLUP captions, which are written to the display as soon as
  they arrive.

In a typical real-time eia608 decoder, commands like EOC (end of
caption; display buffer), EDM (erase display memory) and EBM (erase
buffered memory) perform their expected functions as soon as the
commands are processed. This is implemented in the real_time branches
added in this commit.

Before this commit, and in the !real_time branches after this commit,
the decoder cleverly implements its own version of the decoder which is
specifically geared towards buffered decoding. It does so by actively
ignoring commands like EBM (erase buffered memory), and then re-using
the non-display buffer to hold the previous caption while the new one is
received. This is the opposite of the real-time decoder, which uses the
non-display buffer to hold the new caption while the display buffer is
still showing the current caption.

In addition to ignoring EBM, the buffered decoder also has custom
implementations for EDM and EOC. An EDM (erase display memory) command
flushes the existing contents before clearing the screen, and EOC
similarly always flushes the active buffer (the previous subtitle)
before flipping buffers.
2016-01-14 22:41:41 +01:00
Paul B Mahol
d6f1abe9ce avfilter/vf_fftfilt: this is video filter so use pixels instead of samples
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 22:20:25 +01:00
Paul B Mahol
2bbc7e9625 avfilter/vf_fftfilt: use the name 's' for the pointer to the private context
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 22:19:52 +01:00
Aman Gupta
260e368717 lavc/ccaption_dec: flush context on seek 2016-01-14 22:08:59 +01:00
Michael Niedermayer
eb7802afef swscale/vscale: Check that 2 tap filters are bilinear before using bilinear code
Fixes: out of array reads
Fixes: 07e8b9c5d348ccdf7add0f37de20cf6c/asan_heap-oob_27e8df7_6849_e56653f768070ec8cb52f587048444c2.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:59:12 +01:00
Michael Niedermayer
b99f498716 swscale/output: Assert that yalpha and uvalpha are within their expected range
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
fe6372bb61 swscale/vscale: Add fixme comment to "ugly" code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
705a2f70ee swscale/slice: Fix indention
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
8feeffc1d7 swscale/slice: Fix doc typo
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
e06403331c swscale: Move Contexts used only in hscale.c into it
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
7b6e6895f2 swscale: Move VScalerContext into vscale.c
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Paul B Mahol
653f9d84ae avfilter: add spectrumsynth filter
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 20:51:20 +01:00
Michael Niedermayer
cc538e9dbd swscale/utils: Detect and skip unneeded sws_setColorspaceDetails() calls
This avoids running various table inits unnecessarily

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Michael Niedermayer
8f3a9a8c27 swscale/yuv2rgb: Increase YUV2RGB table headroom
This makes SWS more robust
Fixes: 07650a772d98aa63b0fed6370dc89037/asan_heap-oob_27ddeaf_2657_2c81ff264dee5d9712cb3251fb9c3bbb.264
Fixes: out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Michael Niedermayer
5e5f82a287 swscale/yuv2rgb: Factor YUVRGB_TABLE_LUMA_HEADROOM out
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Paul B Mahol
70df51112c avfilter/af_dynaudnorm: fix possible null pointer dereference
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 14:30:36 +01:00
Claudio Freire
62dfe1d40d avcodec/aacenc_is: replace pow(x, 0.75) by x/sqrtf(sqrtf(x))
This is quite an accurate approximation; testing shows ~ 2ulp error in
the floating point result. Tested with FATE.

Alternatively, if one wants "full accuracy", one can use powf, or sqrt
instead of sqrtf. With powf, one gets 1 ulp error (theoretically should be 0, as
0.75 is exactly representable) on GNU libm, with sqrt, 0 ulp error.

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>

Abstracted into pos_pow34 utility function

Signed-off-by: Claudio Freire <klaussfreire@gmail.com>
2016-01-14 00:38:22 -03:00
Ganesh Ajjanagadde
a0a47a09b0 lavu/libm: add isfinite fallback
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2016-01-13 20:00:19 -05:00
Andreas Cadhalpun
44ac13eed4 dca: fix misaligned access in avpriv_dca_convert_bitstream
src and dst are only 8-bit-aligned, so accessing them as uint16_t causes
SIGBUS crashes on architectures like sparc.

This fixes ubsan runtime error: load of misaligned address for type
'const uint16_t', which requires 2 byte alignment

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-14 01:23:54 +01:00
Maxim Andreev
7145e80b4f avformat/hls: forbid all protocols except http(s) & file
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 00:18:00 +01:00
Michael Niedermayer
92465a2347 avcodec/aacenc: Check for +-Inf too
Fixes out of array read
Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_8790_ae85ffc889070663319b3417ede777b0.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 23:49:27 +01:00
James Almer
17e7fdf61a avcodec/wavpackenc: print channel count in av_log call
Fixes a warning with -Wformat-extra-args
2016-01-13 19:26:40 -03:00
Michael Niedermayer
39fb3f18c5 avcodec/diracdec: Handle the 0 vlc case at the top of coeff_unpack_golomb()
decoding changes from 17 to 20 fps

Reviewed-by; Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 18:56:49 +01:00
Michael Niedermayer
bbd9771625 avcodec/diracdec: Factor +2 out of the inner loop
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 18:55:46 +01:00
Michael Niedermayer
da144c2ddd avcodec/diracdec: Inline svq3_get_ue_golomb() and merge the sign bit decoding into it
This avoids closing and opening the bit reader

Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 18:54:50 +01:00
Michael Niedermayer
9006567bae avcodec/aacenc: mark output as const as its not written to
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 17:09:15 +01:00
Michael Niedermayer
0634c54253 avcodec/aacenc: Fix NAN check
All MDCT outputs must be checked in case of 128point MDCTs
Fixes: out of array read
Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_351_52ca6226eb83547a2d26e322ce84ed84.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 17:09:15 +01:00
Kieran Kunhya
bfc8a4dabe diracdec: Add slice threading to HQ profile 2016-01-13 16:08:56 +00:00
Andreas Cadhalpun
9cdddb93bb nutdec: only copy the header if it exists
Fixes runtime error: null pointer passed as argument 2, which is
declared to never be null

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2016-01-13 09:44:44 +01:00
Andreas Cadhalpun
8431629dd1 xwddec: prevent overflow of lsize * avctx->height
This is used to check if the input buffer is larger enough, so if this
overflows it can cause a false negative leading to a segmentation fault
in bytestream2_get_bufferu.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2016-01-13 09:39:13 +01:00
Andreas Cadhalpun
5b83b24ccb nuv: sanitize negative fps rate
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2016-01-13 09:37:11 +01:00
Andreas Cadhalpun
2884cf205a on2avc: limit number of bits to 30 in get_egolomb
More don't fit into the integer output.

Also use get_bits_long, since get_bits only supports reading up to 25
bits, while get_bits_long supports the full integer range.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2016-01-13 09:33:09 +01:00
Claudio Freire
699c2ee560 AAC encoder: encode out-of-phase I/S efficiently
Use the ability to invert phase with ms_mask instead of changing
the codebook when possible, to avoid having to switch codebooks
if some bands are INTENSTY_BT and others are INTENSITY_BT2, since
usually a set ms_mask uses less bits that a codebook change. While
it may not always be a win (ie: if it causes an ms_mask bitmap
to be sent when it wouldn't have been otherwise), it's unlikely
since the ms_mask bitmap will almost always be there already for
M/S itself.
2016-01-13 05:28:34 -03:00
Claudio Freire
aa64a48357 AAC encoder: fix I/S relative error evaluation
The relative error between two encoding strategies is the simple
difference of rate-distortion values, and not the absolute
difference. An absolute measure would allow worsening of the
quantization error as well as improving.
2016-01-13 05:28:34 -03:00