From c8370e6e35e528a703b034824d0aad8fbe08c476 Mon Sep 17 00:00:00 2001 From: Mashiat Sarker Shakkhar Date: Wed, 2 May 2012 08:43:36 -0700 Subject: WMAL cosmetics: fix indentation Signed-off-by: Kostya Shishkov --- libavcodec/wmalosslessdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libavcodec') diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 913271e..e2e2997 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -1212,7 +1212,7 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr, /* decode the cross packet frame if it is valid */ if (num_bits_prev_frame < remaining_packet_bits && !s->packet_loss) - decode_frame(s); + decode_frame(s); } else if (s->num_saved_bits - s->frame_offset) { av_dlog(avctx, "ignoring %x previously saved bits\n", s->num_saved_bits - s->frame_offset); -- cgit v1.1 From 0e23b508214611659fc459ed6e5d6704b907694b Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Tue, 1 May 2012 16:09:51 +0200 Subject: wmall: fix reconstructing audio with uncoded channels --- libavcodec/wmalosslessdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'libavcodec') diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index e2e2997..ff63083 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -654,8 +654,6 @@ static void mclms_predict(WmallDecodeCtx *s, int icoef, int *pred) int num_channels = s->num_channels; for (ich = 0; ich < num_channels; ich++) { - if (!s->is_channel_coded[ich]) - continue; pred[ich] = 0; for (i = 0; i < order * num_channels; i++) pred[ich] += s->mclms_prevvalues[i + s->mclms_recent] * @@ -789,7 +787,7 @@ static void revert_inter_ch_decorr(WmallDecodeCtx *s, int tile_size) { if (s->num_channels != 2) return; - else if (s->is_channel_coded[0] && s->is_channel_coded[1]) { + else if (s->is_channel_coded[0] || s->is_channel_coded[1]) { int icoef; for (icoef = 0; icoef < tile_size; icoef++) { s->channel_residues[0][icoef] -= s->channel_residues[1][icoef] >> 1; @@ -955,6 +953,8 @@ static int decode_subframe(WmallDecodeCtx *s) else use_normal_update_speed(s, i); revert_cdlms(s, i, 0, subframe_len); + } else { + memset(s->channel_residues[i], 0, sizeof(**s->channel_residues) * subframe_len); } } if (s->do_mclms) -- cgit v1.1 From bec207f9f9ed5583a8ce49b62ce73bfae1cae85b Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Wed, 2 May 2012 09:55:46 -0700 Subject: snowdsp: explicitily state instruction size. Fixes a compile error with clang at -O0. --- libavcodec/x86/snowdsp_mmx.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libavcodec') diff --git a/libavcodec/x86/snowdsp_mmx.c b/libavcodec/x86/snowdsp_mmx.c index 3e6bc99..00b6261 100644 --- a/libavcodec/x86/snowdsp_mmx.c +++ b/libavcodec/x86/snowdsp_mmx.c @@ -675,14 +675,14 @@ static void ff_snow_vertical_compose97i_mmx(IDWTELEM *b0, IDWTELEM *b1, IDWTELEM #define snow_inner_add_yblock_sse2_end_8\ "sal $1, %%"REG_c" \n\t"\ - "add $"PTR_SIZE"*2, %1 \n\t"\ + "addl $"PTR_SIZE"*2, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "sar $1, %%"REG_c" \n\t"\ "sub $2, %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 #define snow_inner_add_yblock_sse2_end_16\ - "add $"PTR_SIZE"*1, %1 \n\t"\ + "addl $"PTR_SIZE"*1, %1 \n\t"\ snow_inner_add_yblock_sse2_end_common1\ "dec %2 \n\t"\ snow_inner_add_yblock_sse2_end_common2 -- cgit v1.1 From 82a0497cf317a9bf3e5d65fb13485097d0e88321 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 1 May 2012 09:59:04 -0700 Subject: vp8: update frame size changes on thread context switches. This properly synchronizes frame size changes between threads if subsequent threads abort decoding before frame size is initialized, i.e. it prevents the thread after that from ping-ponging back to the original value. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind --- libavcodec/vp8.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'libavcodec') diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 1c973d5..d9fdd4d 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -1833,6 +1833,8 @@ static int vp8_decode_update_thread_context(AVCodecContext *dst, const AVCodecCo (s_src->mb_width != s->mb_width || s_src->mb_height != s->mb_height)) { free_buffers(s); s->maps_are_invalid = 1; + s->mb_width = s_src->mb_width; + s->mb_height = s_src->mb_height; } s->prob[0] = s_src->prob[!s_src->update_probabilities]; -- cgit v1.1 From ac80b812cd177553339467ea12548d71c9ef6865 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 12:44:55 -0700 Subject: tta: prevents overflows for 32bit integers in header. This prevents sample_rate/data_length from going negative, which caused various crashes and undefined behaviour further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/tta.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'libavcodec') diff --git a/libavcodec/tta.c b/libavcodec/tta.c index acaeaaa..e28023f 100644 --- a/libavcodec/tta.c +++ b/libavcodec/tta.c @@ -61,7 +61,8 @@ typedef struct TTAContext { GetBitContext gb; const AVCRC *crc_table; - int format, channels, bps, data_length; + int format, channels, bps; + unsigned data_length; int frame_length, last_frame_length, total_frames; int32_t *decode_buffer; @@ -253,7 +254,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) } // prevent overflow - if (avctx->sample_rate > 0x7FFFFF) { + if (avctx->sample_rate > 0x7FFFFFu) { av_log(avctx, AV_LOG_ERROR, "sample_rate too large\n"); return AVERROR(EINVAL); } @@ -270,7 +271,8 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) s->data_length, s->frame_length, s->last_frame_length, s->total_frames); // FIXME: seek table - if (get_bits_left(&s->gb) < 32 * s->total_frames + 32) + if (avctx->extradata_size <= 26 || s->total_frames > INT_MAX / 4 || + avctx->extradata_size - 26 < s->total_frames * 4) av_log(avctx, AV_LOG_WARNING, "Seek table missing or too small\n"); else if (avctx->err_recognition & AV_EF_CRCCHECK) { if (tta_check_crc(s, avctx->extradata + 22, s->total_frames * 4)) -- cgit v1.1 From 732f9fcfe54fc9a0a7bbce53fe86b38744c2d301 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 16:37:09 -0700 Subject: h264: additional protection against unsupported size/bitdepth changes. Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/h264.c | 4 ++-- libavcodec/h264_ps.c | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'libavcodec') diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 890dd22..6ed251e 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -2971,10 +2971,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0) if (s->context_initialized && (s->width != s->avctx->width || s->height != s->avctx->height || av_cmp_q(h->sps.sar, s->avctx->sample_aspect_ratio))) { - if (h != h0) { + if (h != h0 || (HAVE_THREADS && h->s.avctx->active_thread_type & FF_THREAD_FRAME)) { av_log_missing_feature(s->avctx, "Width/height changing with threads is", 0); - return -1; // width / height changed during parallelized decoding + return AVERROR_PATCHWELCOME; // width / height changed during parallelized decoding } free_tables(h, 0); flush_dpb(s->avctx); diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c index 354469c..3f53af8 100644 --- a/libavcodec/h264_ps.c +++ b/libavcodec/h264_ps.c @@ -475,6 +475,9 @@ int ff_h264_decode_picture_parameter_set(H264Context *h, int bit_length){ if(pps_id >= MAX_PPS_COUNT) { av_log(h->s.avctx, AV_LOG_ERROR, "pps_id (%d) out of range\n", pps_id); return -1; + } else if (h->sps.bit_depth_luma > 10) { + av_log(h->s.avctx, AV_LOG_ERROR, "Unimplemented luma bit depth=%d (max=10)\n", h->sps.bit_depth_luma); + return AVERROR_PATCHWELCOME; } pps= av_mallocz(sizeof(PPS)); -- cgit v1.1 From 2d22d4307dcc1461f39a2ffb9c8db6c6b23fd080 Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 29 Mar 2012 12:24:10 -0700 Subject: h263: more strictly forbid frame size changes with frame-mt. Prevents crashes because the old check was incomplete. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/h263dec.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'libavcodec') diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index cfd9a77..6dba8ce 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -430,6 +430,13 @@ retry: if (ret < 0){ av_log(s->avctx, AV_LOG_ERROR, "header damaged\n"); return -1; + } else if ((s->width != avctx->coded_width || + s->height != avctx->coded_height || + (s->width + 15) >> 4 != s->mb_width || + (s->height + 15) >> 4 != s->mb_height) && + (HAVE_THREADS && (s->avctx->active_thread_type & FF_THREAD_FRAME))) { + av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0); + return AVERROR_PATCHWELCOME; // width / height changed during parallelized decoding } avctx->has_b_frames= !s->low_delay; @@ -571,11 +578,6 @@ retry: /* H.263 could change picture size any time */ ParseContext pc= s->parse_context; //FIXME move these demuxng hack to avformat - if (HAVE_THREADS && (s->avctx->active_thread_type&FF_THREAD_FRAME)) { - av_log_missing_feature(s->avctx, "Width/height/bit depth/chroma idc changing with threads is", 0); - return -1; // width / height changed during parallelized decoding - } - s->parse_context.buffer=0; ff_MPV_common_end(s); s->parse_context= pc; -- cgit v1.1 From 1f05dcbad243622020151a3b0b45c68ea5f2866c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 29 Mar 2012 16:54:28 -0700 Subject: ituh263dec: Implement enough of Annex O (scalability) to fix a FPE. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Ronald S. Bultje --- libavcodec/ituh263dec.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'libavcodec') diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c index f52ac7a..73e8bf5 100644 --- a/libavcodec/ituh263dec.c +++ b/libavcodec/ituh263dec.c @@ -1083,6 +1083,22 @@ int ff_h263_decode_picture_header(MpegEncContext *s) skip_bits(&s->gb, 2); /* Quantization information for B-pictures */ } + if (s->pict_type!=AV_PICTURE_TYPE_B) { + s->time = s->picture_number; + s->pp_time = s->time - s->last_non_b_time; + s->last_non_b_time = s->time; + }else{ + s->time = s->picture_number; + s->pb_time = s->pp_time - (s->last_non_b_time - s->time); + if (s->pp_time <=s->pb_time || + s->pp_time <= s->pp_time - s->pb_time || + s->pp_time <= 0){ + s->pp_time = 2; + s->pb_time = 1; + } + ff_mpeg4_init_direct_mv(s); + } + /* PEI */ while (get_bits1(&s->gb) != 0) { skip_bits(&s->gb, 8); -- cgit v1.1 From 5eec5a79da118170f3cfe185a862783d3fa50abe Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Tue, 13 Mar 2012 17:18:41 -0700 Subject: jpeg: handle progressive in second field of interlaced. Progressive data is allocated later in decode_sof(), not allocating that data leads to NULL dereferences. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/mjpegdec.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'libavcodec') diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 8552ec1..7864d38 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -301,9 +301,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) s->first_picture = 0; } - if (s->interlaced && (s->bottom_field == !s->interlace_polarity)) - return 0; - + if (!(s->interlaced && (s->bottom_field == !s->interlace_polarity))) { /* XXX: not complete test ! */ pix_fmt_id = (s->h_count[0] << 28) | (s->v_count[0] << 24) | (s->h_count[1] << 20) | (s->v_count[1] << 16) | @@ -370,6 +368,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) if (len != (8 + (3 * nb_components))) av_log(s->avctx, AV_LOG_DEBUG, "decode_sof0: error, len(%d) mismatch\n", len); + } /* totally blank picture as progressive JPEG will only add details to it */ if (s->progressive) { -- cgit v1.1 From b5da848facd41169283d7bfe568b83bdfa7fc42e Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 2 May 2012 12:08:03 -0700 Subject: motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org --- libavcodec/motionpixels.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'libavcodec') diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c index 6151e6a..8a3c870 100644 --- a/libavcodec/motionpixels.c +++ b/libavcodec/motionpixels.c @@ -190,10 +190,13 @@ static void mp_decode_line(MotionPixelsContext *mp, GetBitContext *gb, int y) p = mp_get_yuv_from_rgb(mp, x - 1, y); } else { p.y += mp_gradient(mp, 0, mp_get_vlc(mp, gb)); + p.y = av_clip(p.y, 0, 31); if ((x & 3) == 0) { if ((y & 3) == 0) { p.v += mp_gradient(mp, 1, mp_get_vlc(mp, gb)); + p.v = av_clip(p.v, -32, 31); p.u += mp_gradient(mp, 2, mp_get_vlc(mp, gb)); + p.u = av_clip(p.u, -32, 31); mp->hpt[((y / 4) * mp->avctx->width + x) / 4] = p; } else { p.v = mp->hpt[((y / 4) * mp->avctx->width + x) / 4].v; @@ -217,9 +220,12 @@ static void mp_decode_frame_helper(MotionPixelsContext *mp, GetBitContext *gb) p = mp_get_yuv_from_rgb(mp, 0, y); } else { p.y += mp_gradient(mp, 0, mp_get_vlc(mp, gb)); + p.y = av_clip(p.y, 0, 31); if ((y & 3) == 0) { p.v += mp_gradient(mp, 1, mp_get_vlc(mp, gb)); + p.v = av_clip(p.v, -32, 31); p.u += mp_gradient(mp, 2, mp_get_vlc(mp, gb)); + p.u = av_clip(p.u, -32, 31); } mp->vpt[y] = p; mp_set_rgb_from_yuv(mp, 0, y, &p); -- cgit v1.1 From ca93f0fa361c302e60455c5b82f88422ab66f589 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Sun, 29 Apr 2012 16:33:34 +0000 Subject: Add SMPTE240M transfer characteristics flag. Signed-off-by: Michael Niedermayer Signed-off-by: Derek Buitenhuis --- libavcodec/avcodec.h | 1 + 1 file changed, 1 insertion(+) (limited to 'libavcodec') diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h index 63857d0..8ae8992 100644 --- a/libavcodec/avcodec.h +++ b/libavcodec/avcodec.h @@ -489,6 +489,7 @@ enum AVColorTransferCharacteristic{ AVCOL_TRC_UNSPECIFIED = 2, AVCOL_TRC_GAMMA22 = 4, ///< also ITU-R BT470M / ITU-R BT1700 625 PAL & SECAM AVCOL_TRC_GAMMA28 = 5, ///< also ITU-R BT470BG + AVCOL_TRC_SMPTE240M = 7, AVCOL_TRC_NB , ///< Not part of ABI }; -- cgit v1.1 From 1d4a01474d54a4d3bb59dc94d285334f7bcbd889 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Sun, 29 Apr 2012 16:33:40 +0000 Subject: mpeg12: fixed parsing in some mpeg2 streams Signed-off-by: Michael Niedermayer Signed-off-by: Derek Buitenhuis --- libavcodec/mpeg12.c | 1 + 1 file changed, 1 insertion(+) (limited to 'libavcodec') diff --git a/libavcodec/mpeg12.c b/libavcodec/mpeg12.c index 40ba97b..c40649d 100644 --- a/libavcodec/mpeg12.c +++ b/libavcodec/mpeg12.c @@ -2161,6 +2161,7 @@ int ff_mpeg1_find_frame_end(ParseContext *pc, const uint8_t *buf, int buf_size, pc->frame_start_found = 4; } if (state == SEQ_END_CODE) { + pc->frame_start_found = 0; pc->state=-1; return i+1; } -- cgit v1.1