I still don't fully understand the cause but the difference between
the samples that trigger the bug and the samples that don't is
that the former uses delay frames and the later uses drop frames
as placeholders for the packed frame. So, if we see the one type
of frame, we can assume the bug will or won't be present.
Right now, I'm detecting the frame types by size, which may not be
safe in general, but given the specific codec and file type, I
expect any scenario where we encounter these frames where they
aren't being used for b-frame packing won't care one way or
another whether the work around is in effect or not.
Signed-off-by: Philip Langdale <philipl@overt.org>
* qatar/master:
Duplicate AMV: disable DR1 and don't override EMU_EDGE
Duplicate lavf: inspect more frames for fps when container time base is coarse
Wrong and we have correct fix: Fix races in default av_log handler
vorbis: Replace sized int_fast integer types with plain int/unsigned.
Remove disabled non-optimized code variants.
NO bswap.h: Remove disabled code.
Remove some disabled printf debug cruft.
Replace more disabled printf() calls by av_dlog().
NO tests: Remove disabled code.
NO Replace some commented-out debug printf() / av_log() messages with av_dlog().
vorbisdec: Replace some sizeof(type) by sizeof(*variable).
NO vf_fieldorder: Replace FFmpeg by Libav in license boilerplate.
Conflicts:
libavcodec/h264.c
libavcodec/vorbisdec.c
libavutil/log.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This works around a possibly exploitable crash.
Appearently, vlc can be exploited with a malicous file. This should get
reverted as soon as a proper fix is found.
Reported-at: Thu, 21 Apr 2011 14:38:25 +0000
Reported-by: Dominic Chell <Dominic.Chell@ngssecure.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 89f903b3d5)
(cherry picked from commit 9b919571e5)
int/unsigned is the natural memory access type for CPUs, using sized types
for temporary variables, counters and similar just increases code size and
can possibly cause a slowdown.
Make av_get_profile_name() return NULL if no profile is detected.
Fix trac issue #130, fix crash reading file tek3.m2v.
(cherry picked from commit e5d80c7b2d)
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
* qatar/master:
vorbisdec: Rename silly "class_" variable to plain "class".
simple_idct_alpha: Drop some useless casts.
Simplify av_log_missing_feature().
ac3enc: remove check for mismatching channels and channel_layout
If AVCodecContext.channels is 0 and AVCodecContext.channel_layout is non-zero, set channels based on channel_layout.
If AVCodecContext.channel_layout and AVCodecContext.channels are both non-zero, check to make sure they do not contradict eachother.
cosmetics: indentation
Check AVCodec.supported_samplerates and AVCodec.channel_layouts in avcodec_open().
aacdec: remove sf_scale and sf_offset.
aacdec: use a scale of 2 in the LTP MDCT rather than doubling the coefficient table values from the spec.
Define POW_SF2_ZERO in aac.h and use for ff_aac_pow2sf_tabp[] offsets instead of hardcoding 200 everywhere.
Large intensity stereo and PNS indices are legal. Clip them instead of erroring out. A magnitude of 100 corresponds to 2^25 so the will most likely result in clipped output anyway.
qpeg: use reget_buffer() in decode_frame()
ultimotion: use reget_buffer() in ulti_decode_frame()
smacker: remove unnecessary call to avctx->release_buffer in decode_frame()
avparser: don't av_malloc(0).
Merged-by: Michael Niedermayer <michaelni@gmx.at>
avcodec_open().
If the encoder has a channel_layouts list and AVCodecContext.channel_layout
is 0, then only print a warning and let the encoder decide how to handle it.
Instead, scalefactors are adjusted by the offset amount, removing the need
for sf_scale, and the MDCT scales are adjusted to compensate for the higher
scalefactors. Floating-point output will be handled by modifying the MDCT
scales.
