From f1aa859728f662850a7d8c742c6a74fa647ab1c2 Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Sun, 29 Apr 2012 16:33:28 +0000 Subject: gitignore: add Win32 library suffixes Signed-off-by: Michael Niedermayer Signed-off-by: Derek Buitenhuis --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 31a02c0..7450234 100644 --- a/.gitignore +++ b/.gitignore @@ -3,8 +3,11 @@ *.a *.o *.d +*.def +*.dll *.exe *.ho +*.lib *.pc *.so *.so.* -- cgit v1.1 From c8370e6e35e528a703b034824d0aad8fbe08c476 Mon Sep 17 00:00:00 2001 From: Mashiat Sarker Shakkhar Date: Wed, 2 May 2012 08:43:36 -0700 Subject: WMAL cosmetics: fix indentation Signed-off-by: Kostya Shishkov --- libavcodec/wmalosslessdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 913271e..e2e2997 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -1212,7 +1212,7 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr, /* decode the cross packet frame if it is valid */ if (num_bits_prev_frame < remaining_packet_bits && !s->packet_loss) - decode_frame(s); + decode_frame(s); } else if (s->num_saved_bits - s->frame_offset) { av_dlog(avctx, "ignoring %x previously saved bits\n", s->num_saved_bits - s->frame_offset); -- cgit v1.1 From 0e23b508214611659fc459ed6e5d6704b907694b Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Tue, 1 May 2012 16:09:51 +0200 Subject: wmall: fix reconstructing audio with uncoded channels --- libavcodec/wmalosslessdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index e2e2997..ff63083 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -654,8 +654,6 @@ static void mclms_predict(WmallDecodeCtx *s, int icoef, int *pred) int num_channels = s->num_channels; for (ich = 0; ich < num_channels; ich++) { - if (!s->is_channel_coded[ich]) - continue; pred[ich] = 0; for (i = 0; i < order * num_channels; i++) pred[ich] += s->mclms_prevvalues[i + s->mclms_recent] * @@ -789,7 +787,7 @@ static void revert_inter_ch_decorr(WmallDecodeCtx *s, int tile_size) { if (s->num_channels != 2) return; - else if (s->is_channel_coded[0] && s->is_channel_coded[1]) { + else if (s->is_channel_coded[0] || s->is_channel_coded[1]) { int icoef; for (icoef = 0; icoef < tile_size; icoef++) { s->channel_residues[0][icoef] -= s->channel_residues[1][icoef] >> 1; @@ -955,6 +953,8 @@ static int decode_subframe(WmallDecodeCtx *s) else use_normal_update_speed(s, i); revert_cdlms(s, i, 0, subframe_len); + } else { + memset(s->channel_residues[i], 0, sizeof(**s->channel_residues) * subframe_len); } } if (s->do_mclms) -- cgit v1.1 From bec207f9f9ed5583a8ce49b62ce73bfae1cae85b Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Wed, 2 May 2012 09:55:46 -0700 Subject: snowdsp: explicitily state instruction size. Fixes a compile error with clang at -O0. --- libavcodec/x86/snowdsp_mmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/x86/snowdsp_mmx.c b/libavcodec/x86/snowdsp_mmx.c index 3e6bc99..00b6261 100644 --- a/libavcodec/x86/snowdsp_mmx.c +++ b/libavcodec/x86/snowdsp_mmx.c @@ -675,14 +675,14 @@ static void ff_snow_vertical_compose97i_mmx(IDWTELEM *b0, IDWTELEM *b1, IDWTELEM #define snow_inner_add_yblock_sse2_end_8\ "sal $1, %%"REG_c" \n\t"\ - "add $"PTR_SIZE"*2, %1 \n\t"\ + "addl $"PTR_SIZE"*2, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "sar $1, %%"REG_c" \n\t"\ "sub $2, %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 #define snow_inner_add_yblock_sse2_end_16\ - "add $"PTR_SIZE"*1, %1 \n\t"\ + "addl $"PTR_SIZE"*1, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "dec %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 -- cgit v1.1 From 82a0497cf317a9bf3e5d65fb13485097d0e88321 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 1 May 2012 09:59:04 -0700 Subject: vp8: update frame size changes on thread context switches. This properly synchronizes frame size changes between threads if subsequent threads abort decoding before frame size is initialized, i.e. it prevents the thread after that from ping-ponging back to the original value. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind --- libavcodec/vp8.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 1c973d5..d9fdd4d 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -1833,6 +1833,8 @@ static int vp8_decode_update_thread_context(AVCodecContext *dst, const AVCodecCo (s_src->mb_width != s->mb_width || s_src->mb_height != s->mb_height)) { free_buffers(s); s->maps_are_invalid = 1; + s->mb_width = s_src->mb_width; + s->mb_height = s_src->mb_height; } s->prob[0] = s_src->prob[!s_src->update_probabilities]; -- cgit v1.1 From 77cfb2563c6bc234a354c1694de8a9eb76a309cf Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Sun, 29 Apr 2012 10:40:37 -0700 Subject: configure: remove malloc_aligned. It was to signal that allocations are 16-byte aligned, but AVX requires 32-byte alignment, thus the check is no longer useful (and causes crashes). --- configure | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/configure b/configure index 1dc2e3e..fd72f1e 100755 --- a/configure +++ b/configure @@ -2462,7 +2462,6 @@ case $target_os in oss_outdev_extralibs="-lossaudio" ;; openbsd) - enable malloc_aligned # On OpenBSD 4.5. the compiler does not use PIC unless # explicitly using -fPIC. Libav builds fine without PIC, # however the generated executable will not do anything @@ -2475,17 +2474,14 @@ case $target_os in oss_outdev_extralibs="-lossaudio" ;; dragonfly) - enable malloc_aligned disable symver ;; freebsd) - enable malloc_aligned ;; bsd/os) add_extralibs -lpoll -lgnugetopt ;; darwin) - enable malloc_aligned gas="gas-preprocessor.pl $cc" enabled ppc && add_asflags -force_cpusubtype_ALL SHFLAGS='-dynamiclib -Wl,-single_module -Wl,-install_name,$(SHLIBDIR)/$(SLIBNAME_WITH_MAJOR),-current_version,$(LIBVERSION),-compatibility_version,$(LIBMAJOR)' @@ -2508,7 +2504,6 @@ case $target_os in fi LIBTARGET=i386 if enabled x86_64; then - enable malloc_aligned LIBTARGET="i386:x86-64" elif enabled arm; then LIBTARGET=arm-wince @@ -3188,7 +3183,7 @@ check_deps $CONFIG_LIST \ enabled asm || { arch=c; disable $ARCH_LIST $ARCH_EXT_LIST; } -! enabled_any memalign posix_memalign malloc_aligned && +! enabled_any memalign posix_memalign && enabled_any $need_memalign && enable memalign_hack echo "install prefix $prefix" -- cgit v1.1 From ac80b812cd177553339467ea12548d71c9ef6865 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 12:44:55 -0700 Subject: tta: prevents overflows for 32bit integers in header. This prevents sample_rate/data_length from going negative, which caused various crashes and undefined behaviour further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/tta.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/tta.c b/libavcodec/tta.c index acaeaaa..e28023f 100644 --- a/libavcodec/tta.c +++ b/libavcodec/tta.c @@ -61,7 +61,8 @@ typedef struct TTAContext { GetBitContext gb; const AVCRC *crc_table; - int format, channels, bps, data_length; + int format, channels, bps; + unsigned data_length; int frame_length, last_frame_length, total_frames; int32_t *decode_buffer; @@ -253,7 +254,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) } // prevent overflow - if (avctx->sample_rate > 0x7FFFFF) { + if (avctx->sample_rate > 0x7FFFFFu) { av_log(avctx, AV_LOG_ERROR, "sample_rate too large\n"); return AVERROR(EINVAL); } @@ -270,7 +271,8 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) s->data_length, s->frame_length, s->last_frame_length, s->total_frames); // FIXME: seek table - if (get_bits_left(&s->gb) < 32 * s->total_frames + 32) + if (avctx->extradata_size <= 26 || s->total_frames > INT_MAX / 4 || + avctx->extradata_size - 26 < s->total_frames * 4) av_log(avctx, AV_LOG_WARNING, "Seek table missing or too small\n"); else if (avctx->err_recognition & AV_EF_CRCCHECK) { if (tta_check_crc(s, avctx->extradata + 22, s->total_frames * 4)) -- cgit v1.1 From 732f9fcfe54fc9a0a7bbce53fe86b38744c2d301 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 16:37:09 -0700 Subject: h264: additional protection against unsupported size/bitdepth changes. Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/h264.c | 4 ++-- libavcodec/h264_ps.c | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 890dd22..6ed251e 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2971,10 +2971,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (s->context_initialized && (s->width != s->avctx->width || s->height != s->avctx->height || av_cmp_q(h->sps.sar, s->avctx->sample_aspect_ratio))) { - if (h != h0) { + if (h != h0 || (HAVE_THREADS && h->s.avctx->active_thread_type & FF_THREAD_FRAME)) { av_log_missing_feature(s->avctx, "Width/height changing with threads is", 0); - return -1; // width / height changed during parallelized decoding + return AVERROR_PATCHWELCOME; // width / height changed during parallelized decoding } free_tables(h, 0); flush_dpb(s->avctx); diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 354469c..3f53af8 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -475,6 +475,9 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){ if(pps_id >= MAX_PPS_COUNT) { av_log(h->s.avctx, AV_LOG_ERROR, "pps_id (%d) out of range\n", pps_id); return -1; + } else if (h->sps.bit_depth_luma > 10) { + av_log(h->s.avctx, AV_LOG_ERROR, "Unimplemented luma bit depth=%d (max=10)\n", h->sps.bit_depth_luma); + return AVERROR_PATCHWELCOME; } pps= av_mallocz(sizeof(PPS)); -- cgit v1.1 From 2d22d4307dcc1461f39a2ffb9c8db6c6b23fd080 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 12:24:10 -0700 Subject: h263: more strictly forbid frame size changes with frame-mt. Prevents crashes because the old check was incomplete. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/h263dec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index cfd9a77..6dba8ce 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -430,6 +430,13 @@ retry: if (ret < 0){ av_log(s->avctx, AV_LOG_ERROR, "header damaged\n"); return -1; + } else if ((s->width != avctx->coded_width || + s->height != avctx->coded_height || + (s->width + 15) >> 4 != s->mb_width || + (s->height + 15) >> 4 != s->mb_height) && + (HAVE_THREADS && (s->avctx->active_thread_type & FF_THREAD_FRAME))) { + av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0); + return AVERROR_PATCHWELCOME; // width / height changed during parallelized decoding } avctx->has_b_frames= !s->low_delay; @@ -571,11 +578,6 @@ retry: /* H.263 could change picture size any time */ ParseContext pc= s->parse_context; //FIXME move these demuxng hack to avformat - if (HAVE_THREADS && (s->avctx->active_thread_type&FF_THREAD_FRAME)) { - av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0); - return -1; // width / height changed during parallelized decoding - } - s->parse_context.buffer=0; ff_MPV_common_end(s); s->parse_context= pc; -- cgit v1.1 From 1f05dcbad243622020151a3b0b45c68ea5f2866c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Mar 2012 16:54:28 -0700 Subject: ituh263dec: Implement enough of Annex O (scalability) to fix a FPE. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Ronald S. Bultje --- libavcodec/ituh263dec.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c index f52ac7a..73e8bf5 100644 --- a/libavcodec/ituh263dec.c +++ b/libavcodec/ituh263dec.c @@ -1083,6 +1083,22 @@ int ff_h263_decode_picture_header(MpegEncContext *s) skip_bits(&s->gb, 2); /* Quantization information for B-pictures */ } + if (s->pict_type!=AV_PICTURE_TYPE_B) { + s->time = s->picture_number; + s->pp_time = s->time - s->last_non_b_time; + s->last_non_b_time = s->time; + }else{ + s->time = s->picture_number; + s->pb_time = s->pp_time - (s->last_non_b_time - s->time); + if (s->pp_time <=s->pb_time || + s->pp_time <= s->pp_time - s->pb_time || + s->pp_time <= 0){ + s->pp_time = 2; + s->pb_time = 1; + } + ff_mpeg4_init_direct_mv(s); + } + /* PEI */ while (get_bits1(&s->gb) != 0) { skip_bits(&s->gb, 8); -- cgit v1.1 From 5eec5a79da118170f3cfe185a862783d3fa50abe Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 13 Mar 2012 17:18:41 -0700 Subject: jpeg: handle progressive in second field of interlaced. Progressive data is allocated later in decode_sof(), not allocating that data leads to NULL dereferences. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/mjpegdec.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 8552ec1..7864d38 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -301,9 +301,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) s->first_picture = 0; } - if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) - return 0; - + if (!(s->interlaced && (s->bottom_field == !s->interlace_polarity))) { /* XXX: not complete test ! */ pix_fmt_id = (s->h_count[0] << 28) | (s->v_count[0] << 24) | (s->h_count[1] << 20) | (s->v_count[1] << 16) | @@ -370,6 +368,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) if (len != (8 + (3 * nb_components))) av_log(s->avctx, AV_LOG_DEBUG, "decode_sof0: error, len(%d) mismatch\n", len); + } /* totally blank picture as progressive JPEG will only add details to it */ if (s->progressive) { -- cgit v1.1 From b5da848facd41169283d7bfe568b83bdfa7fc42e Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 2 May 2012 12:08:03 -0700 Subject: motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org --- libavcodec/motionpixels.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index 6151e6a..8a3c870 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -190,10 +190,13 @@ static void mp_decode_line(MotionPixelsContext *mp, GetBitContext *gb, int y) p = mp_get_yuv_from_rgb(mp, x - 1, y); } else { p.y += mp_gradient(mp, 0, mp_get_vlc(mp, gb)); + p.y = av_clip(p.y, 0, 31); if ((x & 3) == 0) { if ((y & 3) == 0) { p.v += mp_gradient(mp, 1, mp_get_vlc(mp, gb)); + p.v = av_clip(p.v, -32, 31); p.u += mp_gradient(mp, 2, mp_get_vlc(mp, gb)); + p.u = av_clip(p.u, -32, 31); mp->hpt[((y / 4) * mp->avctx->width + x) / 4] = p; } else { p.v = mp->hpt[((y / 4) * mp->avctx->width + x) / 4].v; @@ -217,9 +220,12 @@ static void mp_decode_frame_helper(MotionPixelsContext *mp, GetBitContext *gb) p = mp_get_yuv_from_rgb(mp, 0, y); } else { p.y += mp_gradient(mp, 0, mp_get_vlc(mp, gb)); + p.y = av_clip(p.y, 0, 31); if ((y & 3) == 0) { p.v += mp_gradient(mp, 1, mp_get_vlc(mp, gb)); + p.v = av_clip(p.v, -32, 31); p.u += mp_gradient(mp, 2, mp_get_vlc(mp, gb)); + p.u = av_clip(p.u, -32, 31); } mp->vpt[y] = p; mp_set_rgb_from_yuv(mp, 0, y, &p); -- cgit v1.1 From 68b9ed83918f96a97ad6dc8860423961b1d4bc0a Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Sun, 29 Apr 2012 16:33:32 +0000 Subject: mpegts: Some additional HDMV types and reg descriptors for mpegts Signed-off-by: Michael Niedermayer Signed-off-by: Derek Buitenhuis --- libavformat/mpegts.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c index 2222f25..1b3eb8b 100644 --- a/libavformat/mpegts.c +++ b/libavformat/mpegts.c @@ -534,6 +534,8 @@ static const StreamType HDMV_types[] = { { 0x82, AVMEDIA_TYPE_AUDIO, CODEC_ID_DTS }, { 0x83, AVMEDIA_TYPE_AUDIO, CODEC_ID_TRUEHD }, { 0x84, AVMEDIA_TYPE_AUDIO, CODEC_ID_EAC3 }, + { 0x85, AVMEDIA_TYPE_AUDIO, CODEC_ID_DTS }, /* DTS HD */ + { 0x86, AVMEDIA_TYPE_AUDIO, CODEC_ID_DTS }, /* DTS HD MASTER*/ { 0x90, AVMEDIA_TYPE_SUBTITLE, CODEC_ID_HDMV_PGS_SUBTITLE }, { 0 }, }; @@ -549,6 +551,10 @@ static const StreamType REGD_types[] = { { MKTAG('d','r','a','c'), AVMEDIA_TYPE_VIDEO, CODEC_ID_DIRAC }, { MKTAG('A','C','-','3'), AVMEDIA_TYPE_AUDIO, CODEC_ID_AC3 }, { MKTAG('B','S','S','D'), AVMEDIA_TYPE_AUDIO, CODEC_ID_S302M }, + { MKTAG('D','T','S','1'), AVMEDIA_TYPE_AUDIO, CODEC_ID_DTS }, + { MKTAG('D','T','S','2'), AVMEDIA_TYPE_AUDIO, CODEC_ID_DTS }, + { MKTAG('D','T','S','3'), AVMEDIA_TYPE_AUDIO, CODEC_ID_DTS }, + { MKTAG('V','C','-','1'), AVMEDIA_TYPE_VIDEO, CODEC_ID_VC1 }, { 0 }, }; -- cgit v1.1 From ca93f0fa361c302e60455c5b82f88422ab66f589 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Sun, 29 Apr 2012 16:33:34 +0000 Subject: Add SMPTE240M transfer characteristics flag. Signed-off-by: Michael Niedermayer Signed-off-by: Derek Buitenhuis --- libavcodec/avcodec.h | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 63857d0..8ae8992 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -489,6 +489,7 @@ enum AVColorTransferCharacteristic{ AVCOL_TRC_UNSPECIFIED = 2, AVCOL_TRC_GAMMA22 = 4, ///< also ITU-R BT470M / ITU-R BT1700 625 PAL & SECAM AVCOL_TRC_GAMMA28 = 5, ///< also ITU-R BT470BG + AVCOL_TRC_SMPTE240M = 7, AVCOL_TRC_NB , ///< Not part of ABI }; -- cgit v1.1 From 1d4a01474d54a4d3bb59dc94d285334f7bcbd889 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Sun, 29 Apr 2012 16:33:40 +0000 Subject: mpeg12: fixed parsing in some mpeg2 streams Signed-off-by: Michael Niedermayer Signed-off-by: Derek Buitenhuis --- libavcodec/mpeg12.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 40ba97b..c40649d 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -2161,6 +2161,7 @@ int ff_mpeg1_find_frame_end(ParseContext *pc, const uint8_t *buf, int buf_size, pc->frame_start_found = 4; } if (state == SEQ_END_CODE) { + pc->frame_start_found = 0; pc->state=-1; return i+1; } -- cgit v1.1