1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Commit Graph

14984 Commits

Author SHA1 Message Date
Chris Evans
57cd6d7095 vorbis: Avoid some out-of-bounds reads
Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-01-06 19:58:22 +01:00
Diego Biurrun
3aa3fc45fe cabac: remove unused function renorm_cabac_decoder 2012-01-06 13:37:55 +01:00
Diego Biurrun
301fb92131 h264: Only use symbols from the SVQ3 decoder under proper conditionals.
Fixes --disable-everything --enable-decoder=h264 --disable-optimizations.
2012-01-06 13:37:53 +01:00
Justin Ruggles
6e8bf6db48 add bytestream2_tell() and bytestream2_seek() functions 2012-01-05 23:36:36 -05:00
Janne Grunau
f907615f08 parsers: initialize MpegEncContext.slice_context_count to 1
The mpeg4 video, H264 and VC-1 parser hold (directly or indirectly)
a MpegEncContext in their private context. Since they do not call the
common mpegvideo init function slice_context_count has explicitly set
to 1.
Prevents a null pointer dereference in the h264 parser and fixes
bug 193.
2012-01-06 01:47:45 +01:00
Janne Grunau
696ace50ea truemotion2: check size before GetBitContext initialisation
Prevents null ptr derefence for negative sizes.
2012-01-05 23:19:13 +01:00
Janne Grunau
bb5b3940b0 adpcm: ADPCM Electronic Arts has always two channels 2012-01-05 22:29:18 +01:00
Aneesh Dogra
9b55b4bb3a 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-05 09:37:16 -08:00
Janne Grunau
e268a352af mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
Check explicitly if enough bits are left to prevent an infinite loop
when the bitstream buffer is not followed by zero-padding.

Based on patches by Michael Niedermayer <michaelni@gmx.at>.
2012-01-05 18:20:35 +01:00
Janne Grunau
9b4767e478 vp3: fix streams with non-zero last coefficient
Fixes a regression introduced in 8b94df0f20.
2012-01-05 18:18:08 +01:00
Oana Stratulat
7f09791d28 Report an error if pitch_lag is zero in AMR-NB decoder.
This fixes an infinite loop in the decoder on specially
crafted files, and fixes bug 151.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:33:14 -08:00
Ronald S. Bultje
3fa646e859 Revert "4xm: Prevent buffer overreads."
This reverts commit 295a7c0238. The
patch breaks decoding of regular files (e.g. fate-4xm-2).
2012-01-04 21:27:31 -08:00
Aneesh Dogra
295a7c0238 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:15:50 -08:00
Aneesh Dogra
4b84f68223 4xm: pass the correct remaining buffer size to decode_i2_frame().
frame_size is the number of bytes left in the packet, so if we are passing
buf-4 we can safely read frame_size+4 bytes.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:10:11 -08:00
Aneesh Dogra
893f137679 4xm: fix calculation of the next output line position in decode_i2_frame().
The current code doesn't work unless width is an exact multiple of 16.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:09:22 -08:00
Ronald S. Bultje
89d26797f5 ulti: convert to new bytestream API. 2012-01-04 10:57:37 -08:00
Diego Biurrun
00a1cdd264 Place some START_TIMER invocations in separate blocks.
This fixes compilation failures related to START_TIMER/STOP_TIMER macros and
-Werror=declaration-after-statement.  START_TIMER declares variables and thus
may not be placed after statements outside of a new block.
2012-01-04 15:05:49 +01:00
John Brooks
d209c27b09 vc1dec: fix invalid memory access for small video dimensions
For small video dimensions, these calculations of the upper bound
for pixel access may have a negative result. Using an unsigned
comparison to bound a potentially negative value only works if
the greater operand is non-negative. Fixed by doing edge emulation
when the upper bound is probably negative, everywhere that this
pattern appears.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:35:26 +01:00
John Brooks
aacf6b3a2f rv34: fix invalid memory access for small video dimensions
For small video dimensions calculations of the upper bound for pixel
access may result in negative value. Using an unsigned comparison
works only if the greater operand is non-negative. This is fixed by
doing edge emulation explicitly for such conditions.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:32:23 +01:00
Christophe GISQUET
98f24ecd6c rv34: joint coefficient decoding and dequantization
Perform dequantization while decoding coefficients instead of performing it
on the entire coefficients buffer.

Since quantized coefficients are very sparse, this usually causes a small
speedup. Speedup of around 1% on Panda board compared to the removed here
neon code. Global speedup is probably around 3%.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:30:01 +01:00
Ronald S. Bultje
400ba1d735 h264: return index in buffer on end-of-sequence.
Fixes hangs if the last packet contains an end-of-sequence NAL unit,
bug 158.
2012-01-03 19:50:22 -08:00
Diego Biurrun
54e68fb3b8 Merge some declarations and initializations.
This fixes compilation failures related to START_TIMER/STOP_TIMER macros and
-Werror=declaration-after-statement.  START_TIMER declares variables and thus
may not be placed after statements outside of a new block.
2012-01-04 01:28:28 +01:00
Diego Biurrun
9dec55748c cabac: drop unused and disabled get_cabac_u() / get_cabac_ueg() functions 2012-01-04 01:09:54 +01:00
Diego Biurrun
e451c26c5f cabac: drop unused STRICT_LIMITS code branch 2012-01-04 01:09:53 +01:00
Justin Ruggles
9785082c15 libspeexenc: fix pts calculations for more than 1 frame per packet 2012-01-03 18:56:41 -05:00
Justin Ruggles
730280f90d adxdec: clear eof flag and channel states when seeking 2012-01-03 18:47:42 -05:00
Justin Ruggles
754ebd1a5b adxenc: check output buffer size before writing 2012-01-03 18:47:42 -05:00
Justin Ruggles
1fb47728cd adxenc: use bytestream functions for header writing.
also add more documentation about the header structure
2012-01-03 18:47:42 -05:00
Justin Ruggles
656e606cae adxenc: use BLOCK_SIZE and BLOCK_SAMPLES macros 2012-01-03 18:47:42 -05:00
Justin Ruggles
f1be41c63d adxenc: use a loop to encode each channel 2012-01-03 18:47:42 -05:00
Justin Ruggles
6c117bd8e0 adxenc: remove unneeded loops
avctx->frame_size is 32, so that is how many samples we process per call.
2012-01-03 18:47:42 -05:00
Justin Ruggles
613668210b adxenc: avoid stereo deinterleaving 2012-01-03 18:47:41 -05:00
Justin Ruggles
6b77f07074 adxenc: remove unnecessary setting of coded_frame->key_frame.
It is already set by avcodec_alloc_frame().
2012-01-03 18:47:41 -05:00
Justin Ruggles
cc40c056d0 adxenc: log an error message and return AVERROR(EINVAL) for invalid channels 2012-01-03 18:47:41 -05:00
Justin Ruggles
a85ab8ad45 adxenc: cosmetics: pretty-printing 2012-01-03 18:47:41 -05:00
Justin Ruggles
25edfc88e3 adxenc: change some data types 2012-01-03 18:47:41 -05:00
Justin Ruggles
c98c6e18d8 adxenc: remove unneeded log message 2012-01-03 18:47:41 -05:00
Justin Ruggles
e3d4f59f95 adxenc: remove unneeded comments 2012-01-03 18:47:41 -05:00
Michael Niedermayer
b024209b1f adx_parser: rewrite.
The previous code ended in multiple different infinite
loops. See stl_ten_1_big.sfd as example with and without zzuf

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-01-03 16:28:17 -05:00
Justin Ruggles
6fd075f180 adxdec: Validate channel count to fix a division by zero. 2012-01-03 16:28:17 -05:00
Michael Niedermayer
4f1a787744 adxdec: Do not require extradata.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-01-03 16:28:17 -05:00
Justin Ruggles
e49d21306a alacdec: implement the 2-pass prediction type.
The reference encoder does not generate any streams using this, but the
reference decoder can handle it, so we should as well.
2012-01-03 13:15:24 -05:00
Justin Ruggles
bb63475aec alacenc: implement the 2-pass prediction type.
This isn't used by the reference encoder, but it is supported by the decoder.
2012-01-03 13:15:23 -05:00
Justin Ruggles
149e1b0468 alacenc: do not generate invalid multi-channel ALAC files 2012-01-03 13:15:23 -05:00
Justin Ruggles
e76c7b856f alacdec: fill in missing or guessed info about the extradata format.
Now that there is official documentation from Apple about this, we don't have
to guess anymore.
2012-01-03 13:15:23 -05:00
Kostya Shishkov
490dcda6b6 utvideo: proper median prediction for interlaced videos 2012-01-03 17:08:49 +01:00
Shitiz Garg
f37b4efe03 dca: K&R formatting cosmetics
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-01-03 15:25:54 +01:00
Aneesh Dogra
2e70b2de58 dct: K&R formatting cosmetics
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-01-03 15:25:51 +01:00
Daniel Verkamp
02e8f4272c win32: detect number of CPUs using affinity
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2012-01-03 14:25:57 +01:00
Diego Biurrun
418f066f8c snow: Restore three mistakenly removed casts. 2012-01-03 10:27:45 +01:00