Progressive images can have only 16 references, error out if there are
more, since the data is almost certainly corrupt, and the invalid value
will lead to random crashes or invalid writes later on.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Interlaced images can have 32 references (16 per field), so limiting the
array size to 16 leads to invalid writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The safe bitstream reader broke it since the buffer size was specified
in bytes instead of bits.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
CC: libav-stable@libav.org
* qatar/master:
doc/general: update supported devices table.
doc/general: add missing @tab to codecs table.
h264: Fix invalid interlaced/progressive MB combinations for direct mode prediction.
avconv: reindent
avconv: link '-passlogfile' option to libx264 'stats' AVOption.
libx264: add 'stats' private option for setting 2pass stats filename.
libx264: fix help text for slice-max-size option.
http: Clear the auth state on redirects
http: Retry auth if it failed due to being stale
rtsp: Resend new keepalive commands if they used stale auth
rtsp: Retry authentication if failed due to being stale
httpauth: Parse the stale field in digest auth
dxva2_vc1: pass the overlap flag to the decoder
dxva2_vc1: fix decoding of BI frames
FATE: add shorthand to wavpack test
dfa: convert to bytestream2 API
anm decoder: move buffer allocation from decode_init() to decode_frame()
h264: improve parsing of broken AVC SPS
Conflicts:
ffmpeg.c
libavcodec/anm.c
libavcodec/dfa.c
libavcodec/h264.c
libavcodec/h264_direct.c
libavcodec/h264_ps.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This bug might have been exploitable (out of HEAP buffer writes)
Bug introduced by libav
commit a55d5bdc6e
Date: Tue Mar 6 15:15:42 2012 -0800
algmm: convert to bytestream2 API.
* qatar/master:
pcm-mpeg: convert to bytestream2 API
Revert "h264: clear trailing bits in partially parsed NAL units"
remove iwmmxt optimizations
mimic: do not continue if swap_buf_size is 0
mimic: convert to bytestream2 API
frwu: use MKTAG to check marker instead of AV_RL32
txd: port to bytestream2 API
c93: convert to bytestream2 API
iff: make .long_name more descriptive
FATE: add test for cdxl demuxer
rtsp: Fix a typo
Conflicts:
libavcodec/arm/dsputil_iwmmxt.c
libavcodec/arm/dsputil_iwmmxt_rnd_template.c
libavcodec/arm/mpegvideo_iwmmxt.c
libavcodec/c93.c
libavcodec/txd.c
libavutil/arm/cpu.c
tests/fate/demux.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Parsing the entire NAL as SPS fixes decoding of some AVC bitstreams
with broken escaping. Since the size of the NAL unit is known and
checked against the buffer end we can parse it entirely without buffer
overreads.
Fixes playback of
http://streams.videolan.org/streams/mp4/Mr_MrsSmith-h264_aac.mp4
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
This reverts commit 729ebb2f18.
There was an off-by-one error in the bit mask calculation clearing
actually the last valid bit and causing
http://bugzilla.libav.org/show_bug.cgi?id=227
The broken sample (Mr_MrsSmith-h264_aac.mp4) the commit was fixing
does not work after correcting the off-by-one error.
CC: libav-stable@libav.org
The were broken since August of 2010 without anyone noticing until
three weeks ago. Nobody cares about it anymore and hopefully Marvell
will support NEON like in the PXA978 from now on.
Yasm creates an implicit unaligned text section if "struc" is used
outside of any section:
http://tortall.lighthouseapp.com/projects/78676-yasm/tickets/247
Since yasm only honors the "align" annotation on the first declaration
of a section, this implicit text section causes all text section
alignments to be ignored. Also fixes a yasm warning about it agnoring
alignment.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
cook: expand dither_tab[], and make sure indexes into it don't overflow.
xxan: reindent xan_unpack_luma().
xxan: protect against chroma LUT overreads.
xxan: convert to bytestream2 API.
xxan: don't read before start of buffer in av_memcpy_backptr().
vp8: convert mbedge loopfilter x86 assembly to use named arguments.
vp8: convert inner loopfilter x86 assembly to use named arguments.
Conflicts:
libavcodec/xxan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
MPC8 allows indices of mpc_CC up to -1, and mpc_SCF up to -6, thus pad
the tables by that much on the left end.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
