summaryrefslogtreecommitdiffstats
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* h264: support frame parameter changes during frame-mtJanne Grunau2012-12-182-127/+230
| | | | Fixes CVE-2012-2782.
* mpegvideo: allocate scratch buffers after linesize is knownJanne Grunau2012-12-185-22/+85
| | | | | | | | | | | Since we can't know which stride a custom get_buffer() implementation is going to use we have to allocate this scratch buffers after the linesize is known. It was pretty safe for 8 bit per pixel pixel formats since we always allocated memory for up to 16 bits per pixel. It broke hoever with cmdutis.c's alloc_buffer() and high pixel bit depth since it allocated larger edges than mpegvideo expected. Fixes fuzzed sample nasa-8s2.ts_s244342.
* ff_h264_direct_ref_list_init: fix B slice check.Michael Niedermayer2012-12-181-1/+1
| | | | | | Fixes null pointer dereference. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
* h264: increase dist_scale_factor for up to 32 referencesJanne Grunau2012-12-182-8/+11
| | | | | Compute dist_scale_factor_field only for MBAFF since that is the only case in which it is used.
* misc typo, style and wording fixesDiego Biurrun2012-12-183-55/+55
|
* h264: use mbaff ref indices in fill_colmap() only for mbaff referencesMichael Niedermayer2012-12-181-1/+2
| | | | | | Prevents writing beyond array bounds. Signed-off-by: Janne Grunau <janne-libav@jannau.net>
* h264: prevent decoding of slice NALs in extradataJanne Grunau2012-12-182-7/+23
| | | | | | | | It is not posible to call get_buffer during frame-mt codec initialization. Libavformat might pass huge amounts of data as extradata after parsing broken files. The 'extradata' for the fuzzed sample sample_varPAR_s5374_r001-02.avi is 2.8M large and contains multiple slices.
* cosmetics: Use consistent names for multiple inclusion guards.Diego Biurrun2012-12-172-6/+6
|
* h264: fix memleak on error during SPS parsingJanne Grunau2012-12-151-1/+1
| | | | Introduced in d7d6efe42b0d.
* h264-mt: handle NAL_DPAs before calling ff_thread_finish_setupJanne Grunau2012-12-151-0/+1
| | | | | Since a NAL_DPA can start a new frame it has to be handled before ff_thread_finish_setup is called.
* vp56: release frames on errorLuca Barbato2012-12-141-1/+7
| | | | | | Fixes CVE-2012-2783 CC: libav-stable@libav.org
* vp56: make parse_header return standard error codesLuca Barbato2012-12-144-16/+18
| | | | | | Returning 0 for failure is misleading. CC: libav-stable@libav.org
* ivi_common: check that scan pattern is set before using it.Anton Khirnov2012-12-141-0/+5
| | | | | | Fixes CVE-2012-2791. CC: libav-stable@libav.org
* ivi_common: use proper logging context in ivi_decode_blocks().Anton Khirnov2012-12-141-4/+5
|
* ivi_common: make some functions and tables static.Anton Khirnov2012-12-142-128/+111
|
* h264: initialize frame-mt context copies properlyJanne Grunau2012-12-131-0/+2
|
* mpegvideo: treat delayed pictures as usedJanne Grunau2012-12-133-10/+10
| | | | | | This requires to move the avcodec_default_free_buffers() call to ff_MPV_common_end() since otherwise delayed pictures would get freed during a size change.
* lavc: set frame parameters after decoding only if necessaryJanne Grunau2012-12-131-5/+8
| | | | | | | | Direct rendering capable decoders call get_buffer() which will set the frame parameters. Prevents frames with wrong parameters when a decoder outputs delayed frames after a resolution or pixel format change.
* h264: set parameters from SPS whenever it changesJanne Grunau2012-12-133-49/+68
| | | | | Fixes a crash in the fuzzed sample sample_varPAR.avi_s26638 with alternating bit depths.
* vp6: properly fail on unsupported featureLuca Barbato2012-12-131-2/+2
| | | | | | | Interlacing is not supported at all and mismanaged down the normal codepaths causing possible buffer management issues. CC: libav-stable@libav.org
* aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.Alex Converse2012-12-121-1/+1
| | | | | Found-by: pawlkt CC: libav-stable@libav.org
* svq1: Fix building with -DDEBUGMartin Storsjö2012-12-121-2/+2
| | | | Signed-off-by: Martin Storsjö <martin@martin.st>
* svq1: return meaningful error codes.Anton Khirnov2012-12-121-7/+7
|
* lavc: replace some forgotten instances of PixelFormat with AVPixelFormatAnton Khirnov2012-12-122-4/+6
|
* svq1: unmacroify macros used only once.Anton Khirnov2012-12-121-28/+24
|
* svq1: deMpegEncContextizeAnton Khirnov2012-12-121-67/+106
| | | | | This decoder is quite simple and none of the MpegEncContext complexity is actually needed.
* x86inc: support stack mem allocation and re-alignment in PROLOGUERonald S. Bultje2012-12-124-65/+42
| | | | | | | Use this in VP8/H264-8bit loopfilter functions so they can be used if there is no aligned stack (e.g. MSVC 32bit or ICC 10.x). Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* Make LOCAL_ALIGNED syntactically similar on all systemsMans Rullgard2012-12-111-1/+3
| | | | | | | | | This changes the LOCAL_ALIGNED definition on systems where DECLARE_ALIGNED is used so it matches the manual alignment case, ensuring invalid use will not compile on x86 only to fail on everything else. Signed-off-by: Mans Rullgard <mans@mansr.com>
* ZeroCodec: Flip outputCarl Eugen Hoyos2012-12-102-4/+7
| | | | | | | | | | The initial testing of the VFW binary codec was flawed, likely due to an AviSynth bug. Re-testing using VirtualDub and various professional editing applications has revealed it should have been flipped. Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* sh4: dsputil: remove duplicate of ff_gmc_c()Mans Rullgard2012-12-102-58/+0
| | | | | | This function is an exact duplicate of the generic one. Signed-off-by: Mans Rullgard <mans@mansr.com>
* dsputil: remove unused macro WRAPPER8_16Mans Rullgard2012-12-091-6/+0
| | | | | | This macro has never been used. Signed-off-by: Mans Rullgard <mans@mansr.com>
* libvpxenc: Support forcing keyframesMartin Storsjö2012-12-091-1/+4
| | | | Signed-off-by: Martin Storsjö <martin@martin.st>
* ac3dec: decode directly into output buffersMans Rullgard2012-12-091-7/+20
| | | | Signed-off-by: Mans Rullgard <mans@mansr.com>
* ac3dec: make downmix() take array of pointers to channel dataMans Rullgard2012-12-095-33/+59
|
* ac3dec: output planar float onlyMans Rullgard2012-12-092-27/+6
| | | | Signed-off-by: Mans Rullgard <mans@mansr.com>
* svq3: make slice type value unsigned to match svq3_get_ue_golomb return typeJanne Grunau2012-12-091-3/+4
|
* cosmetics: Fix dropable --> droppable typoDiego Biurrun2012-12-096-28/+31
|
* mjpeg: initialize input padding after unescaped buffer to zeroJanne Grunau2012-12-081-0/+4
| | | | | | Fixes valgrind --undef-value-errors=yes warnings caused by valid overreads in the fate vsynth jpegls, cover-art-ape and cover-art-wv tests.
* h264: check for invalid zeros_left before writingRonald S. Bultje2012-12-081-5/+6
| | | | | | | Prevent an invalid write into coeffs[scantable[-1]] if zeros_left itself was an invalid VLC code (and thus -1). Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* golomb: use unsigned arithmetics in svq3_get_ue_golomb()Janne Grunau2012-12-083-14/+14
| | | | | | | | | | This prevents undefined behaviour of signed left shift if the coded value is larger than 2^31. Large values are most likely invalid and caused errors or by feeding random. Validate every use of svq3_get_ue_golomb() and changed the place there the return value was compared with negative numbers. dirac.c was clean, fixed rv30 and svq3.
* takdec: fix initialisation of LOCAL_ALIGNED arrayJosh Allmann2012-12-081-1/+3
| | | | | | | When LOCAL_ALIGNED uses manual alignment initialisation is not possible. Signed-off-by: Janne Grunau <janne-libav@jannau.net>
* takdec: fix initialisation of LOCAL_ALIGNED arrayMans Rullgard2012-12-071-1/+3
| | | | | | | When LOCAL_ALIGNED uses manual alignment initialisation is not possible. Signed-off-by: Mans Rullgard <mans@mansr.com>
* tak: demuxer, parser, and decoderPaul B Mahol2012-12-079-1/+1387
| | | | | Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
* parser: fix large overreadsMichael Niedermayer2012-12-071-1/+3
| | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
* bitstream: add get_bits64() to support reading more than 32 bits at onceMichael Niedermayer2012-12-071-0/+18
| | | | | | | Also remove a duplicate function in the MPEG-TS demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
* arm: rename ARMVFP config symbol to VFPMans Rullgard2012-12-071-2/+2
| | | | | | | This is consistent with usual ARM nomenclature as well as with the VFPV3 and NEON symbols which both lack the ARM prefix. Signed-off-by: Mans Rullgard <mans@mansr.com>
* arm: use HAVE*_INLINE/EXTERNAL macros for conditional compilationMans Rullgard2012-12-077-13/+13
| | | | | | These macros reflect the actual capabilities required here. Signed-off-by: Mans Rullgard <mans@mansr.com>
* dct-test: arm: indicate required cpu features for optimised funcsMans Rullgard2012-12-071-3/+3
| | | | Signed-off-by: Mans Rullgard <mans@mansr.com>
* snow: fix build after 594d4d5df3c70404168701dd5c90b7e6e5587793Anton Khirnov2012-12-072-3/+5
|
* arm: fix use of uninitialised value in ff_fft_fixed_init_arm()Mans Rullgard2012-12-071-1/+1
| | | | | | | | | When initialising an FFTContext for a plain FFT, mdct_bits is not set and can contain a garbage value. Since nbits is always valid and for MDCT operation is mdct_bits - 2 checking this instead avoids using an uninitialised value while having the same effect. Signed-off-by: Mans Rullgard <mans@mansr.com>
OpenPOWER on IntegriCloud