It appears there are corner cases with damaged input that can lead
to small overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Code ported from qatar/master, please see there for per line authorship.
Main authors AFAIK are Ronald and Justin. I have no authorship on this.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (58 commits)
amrnbdec: check frame size before decoding.
cscd: use negative error values to indicate decode_init() failures.
h264: prevent overreads in intra PCM decoding.
FATE: do not decode audio in the nuv test.
dxa: set audio stream time base using the sample rate
psx-str: do not allow seeking by bytes
asfdec: Do not set AVCodecContext.frame_size
vqf: set packet parameters after av_new_packet()
mpegaudiodec: use DSPUtil.butterflies_float().
FATE: add mp3 test for sample that exhibited false overreads
fate: add cdxl test for bit line plane arrangement
vmnc: return error on decode_init() failure.
libvorbis: add/update error messages
libvorbis: use AVFifoBuffer for output packet buffer
libvorbis: remove unneeded e_o_s check
libvorbis: check return values for functions that can return errors
libvorbis: use float input instead of s16
libvorbis: do not flush libvorbis analysis if dsp state was not initialized
libvorbis: use VBR by default, with default quality of 3
libvorbis: fix use of minrate/maxrate AVOptions
...
Conflicts:
Changelog
doc/APIchanges
libavcodec/avcodec.h
libavcodec/dpxenc.c
libavcodec/libvorbis.c
libavcodec/vmnc.c
libavformat/asfdec.c
libavformat/id3v2enc.c
libavformat/internal.h
libavformat/mp3enc.c
libavformat/utils.c
libavformat/version.h
libswscale/utils.c
tests/fate/video.mak
tests/ref/fate/nuv
tests/ref/fate/prores-alpha
tests/ref/lavf/ffm
tests/ref/vsynth1/prores
tests/ref/vsynth2/prores
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Its not clear from the spec what to do with values larger than 127
so iam opting for the safe side and ask for a sample.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
With the encode2 API, encoders allocate huge packets to be
sure they have enough room (a typical case is mpeg4, which
allocs ~10M for 1280x768 yuv420p) but only actually use a
very small part of the buffer.
ProRes codes chroma blocks in 444 mode in different order than luma blocks,
so make both decoder and encoder read/write chroma blocks in right order.
Reported by Phil Barrett
[alex.converse@mgail.com]
Move code to get_che()
Update for AAC new channel configuration interface
Only set chan_config if output_configure succeeds.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
This is somewhat redundant as no decoder should call get_buffer() with such argument.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
ALS spec:
11.6.3.1.1 Quantization and encoding of parcor coefficients
...
In all cases the resulting quantized values ak are restricted to the range [-64,63].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
adpcm: Clip step_index values read from the bitstream at the beginning of each frame.
oma: don't read beyond end of leaf_table.
doxygen: Remove documentation for non-existing parameters; misc small fixes.
Indeo3: fix crashes on corrupt bitstreams.
msmpeg4: Replace forward declaration by proper #include.
segment: implement wrap around
avf: reorder AVStream and AVFormatContext
aacdec: Remove erroneous reference to global gain from the out of bounds scalefactor error message.
Conflicts:
libavcodec/indeo3.c
libavformat/avformat.h
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Splits at borders of cells are invalid, since it leaves one of the
cells with a width/height of zero. Also, propagate errors on buffer
allocation failures, so we don't continue decoding (which crashes).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
avcodec_default_reget_buffer(): fix compilation in DEBUG mode
fate: Overhaul WavPack coverage
h264: fix mmxext chroma deblock to use correct TC values.
flvdec: Remove the now redundant check for known broken metadata creator
flvdec: Validate index entries added from metadata while reading
rtsp: Handle requests from server to client
movenc: use timestamps instead of frame_size for samples-per-packet
movenc: use the first cluster duration as the tfhd default duration
movenc: factorize calculation of cluster duration into a separate function
doc/APIchanges: fill in missing dates and hashes.
lavc: reorder AVCodecContext fields.
lavc: reorder AVFrame fields.
Conflicts:
doc/APIchanges
libavcodec/avcodec.h
libavformat/flvdec.c
libavformat/movenc.c
tests/fate/lossless-audio.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
lavf: don't guess r_frame_rate from either stream or codec timebase.
avconv: set discard on input streams automatically.
Fix parser not to clobber has_b_frames when extradata is set.
lavf: don't set codec timebase in avformat_find_stream_info().
avconv: saner output video timebase.
rawdec: set timebase to 1/fps.
avconv: refactor vsync code.
FATE: remove a bunch of useless -vsync 0
cdxl: bit line plane arrangement support
cdxl: remove early check for bpp
cdxl: set pix_fmt PAL8 only if palette is available
Conflicts:
ffmpeg.c
libavcodec/h264_parser.c
libavformat/rawdec.c
tests/fate/demux.mak
tests/fate/ea.mak
tests/fate/h264.mak
tests/fate/prores.mak
tests/fate/video.mak
tests/ref/fate/bethsoft-vid
tests/ref/fate/creatureshock-avs
tests/ref/fate/ea-cmv
tests/ref/fate/interplay-mve-16bit
tests/ref/fate/interplay-mve-8bit
tests/ref/fate/nuv
tests/ref/fate/prores-alpha
tests/ref/fate/qtrle-16bit
tests/ref/fate/qtrle-1bit
tests/ref/fate/real-rv40
tests/ref/fate/rpza
tests/ref/fate/wmv8-drm
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Because in contrast to the decoder, the parser does not setup low_delay.
The code in parse_nal_units would always end up setting has_b_frames
to "1", except when stream is explicitly marked as low delay.
Since the parser itself would create 'extradata', simply reopening
the parser would cause this.
This happens for instance in estimate_timings_from_pts(), which causes the
parser to be reopened on the same stream.
This fixes Libav #22 and FFmpeg (trac) #360
CC: libav-stable@libav.org
Based on a patch by Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(commit 31ac0ac29b)
Comments and description adapted by Reinhard Tartler.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* qatar/master: (34 commits)
mlp_parser: fix the channel mask value used for the top surround channel
vorbisenc: check all allocations for failure
roqaudioenc: return AVERROR codes instead of -1
roqaudioenc: set correct bit rate
roqaudioenc: use AVCodecContext.frame_size correctly.
roqaudioenc: remove unneeded sample_fmt check
ra144enc: use int16_t* for input samples rather than void*
ra144enc: set AVCodecContext.coded_frame
ra144enc: remove unneeded sample_fmt check
nellymoserenc: set AVCodecContext.coded_frame
nellymoserenc: improve error checking in encode_init()
nellymoserenc: return AVERROR codes instead of -1
libvorbis: improve error checking in oggvorbis_encode_init()
mpegaudioenc: return AVERROR codes instead of -1
libfaac: improve error checking and handling in Faac_encode_init()
avutil: add AVERROR_UNKNOWN
check for coded_frame allocation failure in several audio encoders
audio encoders: do not set coded_frame->key_frame.
g722enc: check for trellis data allocation error
libspeexenc: export encoder delay through AVCodecContext.delay
...
Conflicts:
doc/APIchanges
libavcodec/avcodec.h
libavcodec/fraps.c
libavcodec/kgv1dec.c
libavcodec/libfaac.c
libavcodec/libgsm.c
libavcodec/libvorbis.c
libavcodec/mlp_parser.c
libavcodec/roqaudioenc.c
libavcodec/vorbisenc.c
libavutil/avutil.h
libavutil/error.c
libavutil/error.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
It is not allowed to change mid-stream like it does currently. Instead we need
to buffer the first 8 frames before returning them as a single packet, then
only return single frame packets after that.
* qatar/master:
docs: use -bsf:[vas] instead of -[vas]bsf.
mpegaudiodec: Prevent premature clipping of mp3 input buffer.
lavf: move the packet keyframe setting code.
oggenc: free comment header for all codecs
lcl: error out if uncompressed input buffer is smaller than framesize.
mjpeg: abort decoding if packet is too large.
golomb: use HAVE_BITS_REMAINING() macro to prevent infloop on EOF.
get_bits: add HAVE_BITS_REMAINING macro.
lavf/output-example: use new audio encoding API correctly.
lavf/output-example: more proper usage of the new API.
tiff: Prevent overreads in the type_sizes array.
tiff: Make the TIFF_LONG and TIFF_SHORT types unsigned.
apetag: do not leak memory if avio_read() fails
apetag: propagate errors.
SBR DSP x86: implement SSE sbr_hf_g_filt
SBR DSP x86: implement SSE sbr_sum_square_sse
SBR DSP: use intptr_t for the ixh parameter.
Conflicts:
doc/bitstream_filters.texi
doc/examples/muxing.c
doc/ffmpeg.texi
libavcodec/golomb.h
libavcodec/x86/Makefile
libavformat/oggenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Prevents crash when trying to copy from a non-existing plane in e.g.
a RGB32 reference image to a YUV420P target image
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
