This fixes out of global array reads.
The alternative solutions of checking the index or modifying the VLC tables
to prevent the index going outside are each about 1-2 cpu cyclces slower
per coded 4x4 block.
The alternative of padding the global tables directly is more ugly and
moving them to the context should benefit cache locality.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mpeg12: fixed parsing in some mpeg2 streams
Add SMPTE240M transfer characteristics flag.
mpegts: Some additional HDMV types and reg descriptors for mpegts
motionpixels: Clip YUV values after applying a gradient.
jpeg: handle progressive in second field of interlaced.
ituh263dec: Implement enough of Annex O (scalability) to fix a FPE.
h263: more strictly forbid frame size changes with frame-mt.
h264: additional protection against unsupported size/bitdepth changes.
tta: prevents overflows for 32bit integers in header.
configure: remove malloc_aligned.
vp8: update frame size changes on thread context switches.
snowdsp: explicitily state instruction size.
wmall: fix reconstructing audio with uncoded channels
WMAL cosmetics: fix indentation
gitignore: add Win32 library suffixes
Conflicts:
configure
libavcodec/h263dec.c
libavcodec/h264.c
libavcodec/ituh263dec.c
libavcodec/mjpegdec.c
libavcodec/wmalosslessdec.c
libavcodec/x86/snowdsp_mmx.c
libavformat/mpegts.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
During failure conditions ff_h264_decode_init() leaks memory
allocated for nal units. Found via valgrind.
Valgrind traces: http://pastebin.com/GqTqxs8T
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h264: Factorize declaration of mb_sizes array.
vsrc_buffer: when no frame is available, return an error instead of segfaulting.
configure: add dl to frei0r extralibs.
dsputil x86: use SSE float instruction instead of SSE2 integer equivalent
dsputil x86: remove deprecated parameter from scalarproduct_int16 prototype
vp8dsp x86: perform rounding shift with a single instruction
fate: add BMP tests.
swscale: handle complete dimensions for monoblack/white.
aacenc: Mark deinterleave_input_samples argument as const.
vf_unsharp: Mark readonly variable as const.
h264: fix 4:2:2 PCM-macroblocks decoding
Conflicts:
configure
libavcodec/h264.h
libavcodec/x86/dsputil_mmx.c
libavfilter/vf_unsharp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h264: drop ff_h264_ prefix from static function ff_h264_decode_rbsp_trailing()
h264: Make ff_h264_decode_end() static, it is not used externally.
output-example: K&R formatting cosmetics, comment spelling fixes
avf: make the example output the proper message
avf: fix audio writing in the output-example
mov: don't overwrite existing indexes.
lzw: fix potential integer overflow.
truemotion: forbid invalid VLC bitsizes and token values.
truemotion2: handle out-of-frame motion vectors through edge extension.
configure: Check for a different SDL function
Conflicts:
configure
doc/examples/muxing.c
libavcodec/truemotion2.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This prevents some variables from being changed in case of a
rejected resolution change.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
resample: allocate a large enough output buffer
fate: fix enc_dec_pcm tests with remote target
wmaenc: remove bit-exact hack
FATE: remove WMA acodec tests
FATE: add WMAv1 and WMAv2 encode/decode tests with fuzzy comparison
FATE: add AC-3 and E-AC-3 encode/decode tests with fuzzy comparison
qtrle: Use bytestream2 functions to prevent buffer overreads.
vqavideo: check malloc return values
x11grab: fix a memory leak exposed by valgrind
threads: fix old frames returned after avcodec_flush_buffers()
MPV: always mark dummy frames as reference
h264: fix deadlocks on incomplete reference frame decoding.
mpeg4: report frame decoding completion at ff_MPV_frame_end().
mimic: don't use self as reference, and report completion at end of decode().
Conflicts:
libavcodec/h264.c
libavcodec/qtrle.c
libavcodec/resample.c
libavcodec/vqavideo.c
libavdevice/x11grab.c
tests/ref/seek/wmav1_asf
tests/ref/seek/wmav2_asf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h264: K&R formatting cosmetics
s3tc.h: Add missing #include to fix standalone header compilation.
FATE: add capability for audio encode/decode tests with fuzzy psnr comparison
FATE: allow a tolerance in the size comparison in do_tiny_psnr()
FATE: use absolute difference from a target value in do_tiny_psnr()
FATE: allow tests to set CMP_SHIFT to pass to tiny_psnr
FATE: use $fuzz directly in do_tiny_psnr() instead of passing it around
Conflicts:
libavcodec/h264.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
If decoding a second complementary field, and the first was
decoded in our thread, mark decoding of that field as complete.
If decoding fails, mark the decoded field/frame as complete.
Do not allow switching between field modes or field/frame mode
between slices within the same field/frame. Ensure that two
subsequent fields cover top/bottom (rather than top/frame,
bottom/frame or such nonsense situations).
Fixes various deadlocks when decoding samples with errors in
reference frames.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Progressive images can have only 16 references, error out if there are
more, since the data is almost certainly corrupt, and the invalid value
will lead to random crashes or invalid writes later on.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
doc/general: update supported devices table.
doc/general: add missing @tab to codecs table.
h264: Fix invalid interlaced/progressive MB combinations for direct mode prediction.
avconv: reindent
avconv: link '-passlogfile' option to libx264 'stats' AVOption.
libx264: add 'stats' private option for setting 2pass stats filename.
libx264: fix help text for slice-max-size option.
http: Clear the auth state on redirects
http: Retry auth if it failed due to being stale
rtsp: Resend new keepalive commands if they used stale auth
rtsp: Retry authentication if failed due to being stale
httpauth: Parse the stale field in digest auth
dxva2_vc1: pass the overlap flag to the decoder
dxva2_vc1: fix decoding of BI frames
FATE: add shorthand to wavpack test
dfa: convert to bytestream2 API
anm decoder: move buffer allocation from decode_init() to decode_frame()
h264: improve parsing of broken AVC SPS
Conflicts:
ffmpeg.c
libavcodec/anm.c
libavcodec/dfa.c
libavcodec/h264.c
libavcodec/h264_direct.c
libavcodec/h264_ps.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Parsing the entire NAL as SPS fixes decoding of some AVC bitstreams
with broken escaping. Since the size of the NAL unit is known and
checked against the buffer end we can parse it entirely without buffer
overreads.
Fixes playback of
http://streams.videolan.org/streams/mp4/Mr_MrsSmith-h264_aac.mp4
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
This reverts commit 729ebb2f18.
There was an off-by-one error in the bit mask calculation clearing
actually the last valid bit and causing
http://bugzilla.libav.org/show_bug.cgi?id=227
The broken sample (Mr_MrsSmith-h264_aac.mp4) the commit was fixing
does not work after correcting the off-by-one error.
CC: libav-stable@libav.org
* qatar/master: (31 commits)
cdxl demux: do not create packets with uninitialized data at EOF.
Replace computations of remaining bits with calls to get_bits_left().
amrnb/amrwb: Remove get_bits usage.
cosmetics: reindent
avformat: do not require a pixel/sample format if there is no decoder
avformat: do not fill-in audio packet duration in compute_pkt_fields()
lavf: Use av_get_audio_frame_duration() in get_audio_frame_size()
dca_parser: parse the sample rate and frame durations
libspeexdec: do not set AVCodecContext.frame_size
libopencore-amr: do not set AVCodecContext.frame_size
alsdec: do not set AVCodecContext.frame_size
siff: do not set AVCodecContext.frame_size
amr demuxer: do not set AVCodecContext.frame_size.
aiffdec: do not set AVCodecContext.frame_size
mov: do not set AVCodecContext.frame_size
ape: do not set AVCodecContext.frame_size.
rdt: remove workaround for infinite loop with aac
avformat: do not require frame_size in avformat_find_stream_info() for CELT
avformat: do not require frame_size in avformat_find_stream_info() for MP1/2/3
avformat: do not require frame_size in avformat_find_stream_info() for AAC
...
Conflicts:
doc/APIchanges
libavcodec/Makefile
libavcodec/avcodec.h
libavcodec/h264.c
libavcodec/h264_ps.c
libavcodec/utils.c
libavcodec/version.h
libavcodec/x86/dsputil_mmx.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
amrwb: remove duplicate arguments from extrapolate_isf().
amrwb: error out early if mode is invalid.
h264: change underread for 10bit QPEL to overread.
matroska: check buffer size for RM-style byte reordering.
vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
vp8: change int stride to ptrdiff_t stride.
wma: fix invalid buffer size assumptions causing random overreads.
Windows Media Audio Lossless decoder
rv10/20: Fix slice overflow with checked bitstream reader.
h263dec: Disallow width/height changing with frame threads.
rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
rmdec: Honor .RMF tag size rather than assuming 18.
g722: Fix the QMF scaling
r3d: don't set codec timebase.
electronicarts: set timebase for tgv video.
electronicarts: parse the framerate for cmv video.
ogg: don't set codec timebase
electronicarts: don't set codec timebase
avs: don't set codec timebase
wavpack: Fix an integer overflow
...
Conflicts:
libavcodec/arm/vp8dsp_init_arm.c
libavcodec/fraps.c
libavcodec/h264.c
libavcodec/mpeg4videodec.c
libavcodec/mpegvideo.c
libavcodec/msmpeg4.c
libavcodec/pnmdec.c
libavcodec/qpeg.c
libavcodec/rawenc.c
libavcodec/ulti.c
libavcodec/vcr1.c
libavcodec/version.h
libavcodec/wmalosslessdec.c
libavformat/electronicarts.c
libswscale/ppc/yuv2rgb_altivec.c
tests/ref/acodec/g722
tests/ref/fate/ea-cmv
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
h264: error out on invalid bitdepth.
aacsbr: use a swap index for the Y matrix rather than copy buffers.
huffyuv: do not abort on unknown pix_fmt; instead, return an error.
lcl: return negative error codes on decode_init() errors.
rtpenc: Use MB info side data for splitting H263 packets for RFC 2190
h263enc: Add an option for outputting info about MBs as side data
avpacket: Add a function for shrinking already allocated side data
nellymoserdec: Saner and faster IMDCT windowing
Conflicts:
doc/APIchanges
libavcodec/avpacket.c
libavcodec/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes invalid reads while initializing the dequant tables, which uses
the bit depth to determine the QP table size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This zeros all the memory once and avoids valgrind warnings.
alternatively the warnings could be suppressed.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (38 commits)
v210enc: remove redundant check for pix_fmt
wavpack: allow user to disable CRC checking
v210enc: Use Bytestream2 functions
cafdec: Check return value of avio_seek and avoid modifying state if it fails
yop: Check return value of avio_seek and avoid modifying state if it fails
tta: Check return value of avio_seek and avoid modifying state if it fails
tmv: Check return value of avio_seek and avoid modifying state if it fails
r3d: Check return value of avio_seek and avoid modifying state if it fails
nsvdec: Check return value of avio_seek and avoid modifying state if it fails
mpc8: Check return value of avio_seek and avoid modifying state if it fails
jvdec: Check return value of avio_seek and avoid modifying state if it fails
filmstripdec: Check return value of avio_seek and avoid modifying state if it fails
ffmdec: Check return value of avio_seek and avoid modifying state if it fails
dv: Check return value of avio_seek and avoid modifying state if it fails
bink: Check return value of avio_seek and avoid modifying state if it fails
Check AVCodec.pix_fmts in avcodec_open2()
svq3: Prevent illegal reads while parsing extradata.
remove ParseContext1
vc1: use ff_parse_close
mpegvideo parser: move specific fields into private context
...
Conflicts:
libavcodec/4xm.c
libavcodec/aacdec.c
libavcodec/h264.c
libavcodec/h264.h
libavcodec/h264_cabac.c
libavcodec/h264_cavlc.c
libavcodec/mpeg4video_parser.c
libavcodec/svq3.c
libavcodec/v210enc.c
libavformat/cafdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Conversion of the luma intra prediction mode to one of the constrained
("alzheimer") ones can happen by crafting special bitstreams, causing
a crash because we'll call a NULL function pointer for 16x16 block intra
prediction, since constrained intra prediction functions are only
implemented for chroma (8x8 blocks).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master: (29 commits)
fate: add golomb-test
golomb-test: K&R formatting cosmetics
h264: Split h264-test off into a separate file - golomb-test.c.
h264-test: cleanup: drop timer invocations, commented out code and other cruft
h264-test: Remove unused DSP and AVCodec contexts and related init calls.
adpcm: Add missing stdint.h #include to fix standalone header compilation.
lavf: add functions for accessing the fourcc<->CodecID mapping tables.
lavc: set AVCodecContext.codec in avcodec_get_context_defaults3().
lavc: make avcodec_close() work properly on unopened codecs.
lavc: add avcodec_is_open().
lavf: rename AVInputFormat.value to raw_codec_id.
lavf: remove the pointless value field from flv and iv8
lavc/lavf: remove unnecessary symbols from the symbol version script.
lavc: reorder AVCodec fields.
lavf: reorder AVInput/OutputFormat fields.
mp3dec: Fix a heap-buffer-overflow
adpcmenc: remove some unneeded casts
adpcmenc: use int16_t and uint8_t instead of short and unsigned char.
adpcmenc: fix adpcm_ms extradata allocation
adpcmenc: return proper AVERROR codes instead of -1
...
Conflicts:
doc/APIchanges
libavcodec/Makefile
libavcodec/adpcmenc.c
libavcodec/avcodec.h
libavcodec/h264.c
libavcodec/libavcodec.v
libavcodec/mpc7.c
libavcodec/mpegaudiodec.c
libavcodec/options.c
libavformat/Makefile
libavformat/avformat.h
libavformat/flvdec.c
libavformat/libavformat.v
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Previously this was just checked in case of slice threads,
but frame threads do not support this either currently.
Making them support this is of course the long term goal
Fixes bug155
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>