[FFmpeg-cvslog] swscale/x86/rgb2rgb_template: Do not crash on misaligend stride
ffmpeg | branch: master | Michael Niedermayer | Tue Dec 15 02:06:04 2015 +0100| [80bfce35ccd11458e97f68f417fc094c5347070c] | committer: Michael Niedermayer swscale/x86/rgb2rgb_template: Do not crash on misaligend stride Fixes Ticket5013 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=80bfce35ccd11458e97f68f417fc094c5347070c --- libswscale/x86/rgb2rgb_template.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libswscale/x86/rgb2rgb_template.c b/libswscale/x86/rgb2rgb_template.c index e97ba4f..6524461 100644 --- a/libswscale/x86/rgb2rgb_template.c +++ b/libswscale/x86/rgb2rgb_template.c @@ -1887,8 +1887,10 @@ static void RENAME(interleaveBytes)(const uint8_t *src1, const uint8_t *src2, ui for (h=0; h < height; h++) { int w; -if (width >= 16) +if (width >= 16 #if COMPILE_TEMPLATE_SSE2 +&& !intptr_t)src1) | ((intptr_t)src2) | ((intptr_t)dest))&15) +) __asm__( "xor %%"REG_a", %%"REG_a" \n\t" "1: \n\t" @@ -1908,6 +1910,7 @@ static void RENAME(interleaveBytes)(const uint8_t *src1, const uint8_t *src2, ui : "memory", XMM_CLOBBERS("xmm0", "xmm1", "xmm2",) "%"REG_a ); #else +) __asm__( "xor %%"REG_a", %%"REG_a" \n\t" "1: \n\t" ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/vf_decimate: fix typo in fraction
ffmpeg | branch: master | Michael Niedermayer | Mon Dec 14 22:59:38 2015 +0100| [06987dab972e275a70ea961be27bc12ff531da75] | committer: Michael Niedermayer avfilter/vf_decimate: fix typo in fraction Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=06987dab972e275a70ea961be27bc12ff531da75 --- libavfilter/vf_decimate.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_decimate.c b/libavfilter/vf_decimate.c index a79fc02..cd374c3 100644 --- a/libavfilter/vf_decimate.c +++ b/libavfilter/vf_decimate.c @@ -217,7 +217,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) av_frame_free(&frame); frame = dm->clean_src[i]; } -frame->pts = av_rescale_q(outlink->frame_count, dm->ts_unit, (AVRational){1,0}) + +frame->pts = av_rescale_q(outlink->frame_count, dm->ts_unit, (AVRational){1,1}) + (dm->start_pts == AV_NOPTS_VALUE ? 0 : dm->start_pts); ret = ff_filter_frame(outlink, frame); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] configure: add conditional library dependency for sofalizer and showfreqs
ffmpeg | branch: master | Paul B Mahol | Mon Dec 14 22:41:52 2015 +0100| [e8586ecb86f461aa7194e6882e699a336d92d2a1] | committer: Paul B Mahol configure: add conditional library dependency for sofalizer and showfreqs Signed-off-by: Paul B Mahol > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e8586ecb86f461aa7194e6882e699a336d92d2a1 --- configure |2 ++ 1 file changed, 2 insertions(+) diff --git a/configure b/configure index 04deb2a..4ada587 100755 --- a/configure +++ b/configure @@ -6020,6 +6020,8 @@ enabled resample_filter && prepend avfilter_deps "avresample" enabled sab_filter && prepend avfilter_deps "swscale" enabled scale_filter&& prepend avfilter_deps "swscale" enabled scale2ref_filter&& prepend avfilter_deps "swscale" +enabled sofalizer_filter&& prepend avfilter_deps "avcodec" +enabled showfreqs_filter&& prepend avfilter_deps "avcodec" enabled showspectrum_filter && prepend avfilter_deps "avcodec" enabled smartblur_filter&& prepend avfilter_deps "swscale" enabled subtitles_filter&& prepend avfilter_deps "avformat avcodec" ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/af_sofalizer: add frequency domain processing and use it by default
ffmpeg | branch: master | Paul B Mahol | Sun Dec 13 23:05:09 2015 +0100| [2f12172d670996ff8f18b80ebdee7d0a8c230ac3] | committer: Paul B Mahol avfilter/af_sofalizer: add frequency domain processing and use it by default Code ported from SOFAlizer patch for VLC. Signed-off-by: Paul B Mahol > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f12172d670996ff8f18b80ebdee7d0a8c230ac3 --- configure |3 +- doc/filters.texi |6 + libavfilter/af_sofalizer.c | 297 +++- 3 files changed, 277 insertions(+), 29 deletions(-) diff --git a/configure b/configure index 43fa9a6..04deb2a 100755 --- a/configure +++ b/configure @@ -2892,7 +2892,8 @@ showfreqs_filter_deps="avcodec" showfreqs_filter_select="fft" showspectrum_filter_deps="avcodec" showspectrum_filter_select="rdft" -sofalizer_filter_deps="netcdf" +sofalizer_filter_deps="netcdf avcodec" +sofalizer_filter_select="fft" spp_filter_deps="gpl avcodec" spp_filter_select="fft idctdsp fdctdsp me_cmp pixblockdsp" stereo3d_filter_deps="gpl" diff --git a/doc/filters.texi b/doc/filters.texi index ba2ffc4..78fbd47 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -2916,6 +2916,12 @@ Set elevation of virtual speakers in deg. Default is 0. @item radius Set distance in meters between loudspeakers and the listener with near-field HRTFs. Default is 1. + +@item type +Set processing type. Can be @var{time} or @var{freq}. @var{time} is +processing audio in time domain which is slow but gives high quality output. +@var{freq} is processing audio in frequency domain which is fast but gives +mediocre output. Default is @var{freq}. @end table @section stereotools diff --git a/libavfilter/af_sofalizer.c b/libavfilter/af_sofalizer.c index bcb3519..0aaae4b 100644 --- a/libavfilter/af_sofalizer.c +++ b/libavfilter/af_sofalizer.c @@ -28,12 +28,16 @@ #include #include +#include "libavcodec/avfft.h" #include "libavutil/float_dsp.h" #include "libavutil/opt.h" #include "avfilter.h" #include "internal.h" #include "audio.h" +#define TIME_DOMAIN 0 +#define FREQUENCY_DOMAIN 1 + typedef struct NCSofa { /* contains data of one SOFA file */ int ncid;/* netCDF ID of the opened SOFA file */ int n_samples; /* length of one impulse response (IR) */ @@ -67,6 +71,7 @@ typedef struct SOFAlizerContext { int write[2]; /* current write position to ringbuffer */ int buffer_length; /* is: longest IR plus max. delay in all SOFA files */ /* then choose next power of 2 */ +int n_fft; /* number of samples in one FFT block */ /* netCDF variables */ int *delay[2]; /* broadband delay for each channel/IR to be convolved */ @@ -74,12 +79,17 @@ typedef struct SOFAlizerContext { float *data_ir[2]; /* IRs for all channels to be convolved */ /* (this excludes the LFE) */ float *temp_src[2]; +FFTComplex *temp_fft[2]; /* control variables */ float gain; /* filter gain (in dB) */ float rotation; /* rotation of virtual loudspeakers (in degrees) */ float elevation; /* elevation of virtual loudspeakers (in deg.) */ float radius;/* distance virtual loudspeakers to listener (in metres) */ +int type;/* processing type */ + +FFTContext *fft[2], *ifft[2]; +FFTComplex *data_hrtf[2]; AVFloatDSPContext *fdsp; } SOFAlizerContext; @@ -259,11 +269,8 @@ static int load_sofa(AVFilterContext *ctx, char *filename, int *samplingrate) /* delay and IR values required for each ear and measurement position: */ data_delay = s->sofa.data_delay = av_calloc(m_dim, 2 * sizeof(int)); data_ir = s->sofa.data_ir = av_malloc_array(m_dim * n_samples, sizeof(float) * 2); -s->temp_src[0] = av_calloc(FFALIGN(n_samples, 16), sizeof(float)); -s->temp_src[1] = av_calloc(FFALIGN(n_samples, 16), sizeof(float)); -if (!data_delay || !sp_a || !sp_e || !sp_r || !data_ir || -!s->temp_src[0] || !s->temp_src[1]) { +if (!data_delay || !sp_a || !sp_e || !sp_r || !data_ir) { /* if memory could not be allocated */ close_sofa(&s->sofa); return AVERROR(ENOMEM); @@ -590,6 +597,7 @@ typedef struct ThreadData { int *n_clippings; float **ringbuffer; float **temp_src; +FFTComplex **temp_fft; } ThreadData; static int sofalizer_convolute(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs) @@ -678,6 +686,120 @@ static int sofalizer_convolute(AVFilterContext *ctx, void *arg, int jobnr, int n return 0; } +static int sofalizer_fast_convolute(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs) +{ +SOFAlizerContext *s = ctx->priv; +ThreadData *td = arg; +AVFrame *in = td->in, *out = td->out; +int offset = jobnr; +
[FFmpeg-cvslog] avfilter/vf_decimate: Check that input parameters match
ffmpeg | branch: master | Michael Niedermayer | Mon Dec 14 21:18:39 2015 +0100| [30fe3fd52721c8c6566001192cd16be423ffc92b] | committer: Michael Niedermayer avfilter/vf_decimate: Check that input parameters match Fixes Ticket4964 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30fe3fd52721c8c6566001192cd16be423ffc92b --- libavfilter/vf_decimate.c |9 + 1 file changed, 9 insertions(+) diff --git a/libavfilter/vf_decimate.c b/libavfilter/vf_decimate.c index e580d05..a79fc02 100644 --- a/libavfilter/vf_decimate.c +++ b/libavfilter/vf_decimate.c @@ -362,6 +362,8 @@ static int config_output(AVFilterLink *outlink) DecimateContext *dm = ctx->priv; const AVFilterLink *inlink = ctx->inputs[dm->ppsrc ? INPUT_CLEANSRC : INPUT_MAIN]; +const AVFilterLink *inlink_main = +ctx->inputs[INPUT_MAIN]; AVRational fps = inlink->frame_rate; if (!fps.num || !fps.den) { @@ -369,6 +371,13 @@ static int config_output(AVFilterLink *outlink) "current rate of %d/%d is invalid\n", fps.num, fps.den); return AVERROR(EINVAL); } + +if (inlink->w != inlink_main->w || +inlink->h != inlink_main->h || +inlink->format != inlink_main->format) { +av_log(ctx, AV_LOG_ERROR, "frame parameters differ between inputs\n"); +return AVERROR_PATCHWELCOME; +} fps = av_mul_q(fps, (AVRational){dm->cycle - 1, dm->cycle}); av_log(ctx, AV_LOG_VERBOSE, "FPS: %d/%d -> %d/%d\n", inlink->frame_rate.num, inlink->frame_rate.den, fps.num, fps.den); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] golomb: always check for invalid UE golomb codes in get_ue_golomb
ffmpeg | branch: master | Andreas Cadhalpun | Sun Dec 13 21:02:16 2015 +0100| [22e960ad478e568f4094971a58c6ad8f549c0180] | committer: Andreas Cadhalpun golomb: always check for invalid UE golomb codes in get_ue_golomb Also correct the check to reject log < 7, because UPDATE_CACHE only guarantees 25 meaningful bits. This fixes undefined behavior: runtime error: shift exponent is negative Testing with START/STOP timers in get_ue_golomb, one for the first branch (A) and one for the second (B), shows that there is practically no slowdown, e.g. for the cavs decoder: With the check in the B branch: 629 decicycles in get_ue_golomb B, 4194260 runs, 44 skips 433 decicycles in get_ue_golomb A,268434102 runs, 1354 skips Without the check: 624 decicycles in get_ue_golomb B, 4194273 runs, 31 skips 433 decicycles in get_ue_golomb A,268434203 runs, 1253 skips Since the B branch is executed far less often than the A branch, this change is negligible, even more so for the h264 decoder, where the ratio B/A is a lot smaller. Fixes: mozilla bug 1230239 Fixes: fbeb8b2c7c996e9b91c6b1af319d7ebc/asan_heap-oob_195450f_2743_e8856ece4579ea486670be2b236099a0.bit Found-by: Tyson Smith Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Michael Niedermayer Signed-off-by: Andreas Cadhalpun > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22e960ad478e568f4094971a58c6ad8f549c0180 --- libavcodec/golomb.h |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h index d30bb6b..5136a04 100644 --- a/libavcodec/golomb.h +++ b/libavcodec/golomb.h @@ -68,7 +68,7 @@ static inline int get_ue_golomb(GetBitContext *gb) int log = 2 * av_log2(buf) - 31; LAST_SKIP_BITS(re, gb, 32 - log); CLOSE_READER(re, gb); -if (CONFIG_FTRAPV && log < 0) { +if (log < 7) { av_log(NULL, AV_LOG_ERROR, "Invalid UE golomb code\n"); return AVERROR_INVALIDDATA; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/vf_decimate: change ts_unit to AVRational
ffmpeg | branch: master | Michael Niedermayer | Mon Dec 14 20:24:21 2015 +0100| [1925eaeaa6f2582660571701d4f20d102b960e4a] | committer: Michael Niedermayer avfilter/vf_decimate: change ts_unit to AVRational This might help with rounding differences between platforms Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1925eaeaa6f2582660571701d4f20d102b960e4a --- libavfilter/vf_decimate.c |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavfilter/vf_decimate.c b/libavfilter/vf_decimate.c index 26f3ce0..e580d05 100644 --- a/libavfilter/vf_decimate.c +++ b/libavfilter/vf_decimate.c @@ -42,7 +42,7 @@ typedef struct { AVFrame *last; ///< last frame from the previous queue AVFrame **clean_src;///< frame queue for the clean source int got_frame[2]; ///< frame request flag for each input stream -double ts_unit; ///< timestamp units for the output frames +AVRational ts_unit; ///< timestamp units for the output frames int64_t start_pts; ///< base for output timestamps uint32_t eof; ///< bitmask for end of stream int hsub, vsub; ///< chroma subsampling values @@ -217,7 +217,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) av_frame_free(&frame); frame = dm->clean_src[i]; } -frame->pts = outlink->frame_count * dm->ts_unit + +frame->pts = av_rescale_q(outlink->frame_count, dm->ts_unit, (AVRational){1,0}) + (dm->start_pts == AV_NOPTS_VALUE ? 0 : dm->start_pts); ret = ff_filter_frame(outlink, frame); if (ret < 0) @@ -377,7 +377,7 @@ static int config_output(AVFilterLink *outlink) outlink->sample_aspect_ratio = inlink->sample_aspect_ratio; outlink->w = inlink->w; outlink->h = inlink->h; -dm->ts_unit = av_q2d(av_inv_q(av_mul_q(fps, outlink->time_base))); +dm->ts_unit = av_inv_q(av_mul_q(fps, outlink->time_base)); return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/vf_mpdecimate: Add missing emms_c()
ffmpeg | branch: master | Michael Niedermayer | Mon Dec 14 18:56:13 2015 +0100| [997de2e8107cc4256e50611463d609b18fe9619f] | committer: Michael Niedermayer avfilter/vf_mpdecimate: Add missing emms_c() Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=997de2e8107cc4256e50611463d609b18fe9619f --- libavfilter/vf_mpdecimate.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_mpdecimate.c b/libavfilter/vf_mpdecimate.c index 25efacf..20b15a2 100644 --- a/libavfilter/vf_mpdecimate.c +++ b/libavfilter/vf_mpdecimate.c @@ -131,10 +131,13 @@ static int decimate_frame(AVFilterContext *ctx, cur->data[plane], cur->linesize[plane], ref->data[plane], ref->linesize[plane], FF_CEIL_RSHIFT(ref->width, hsub), -FF_CEIL_RSHIFT(ref->height, vsub))) +FF_CEIL_RSHIFT(ref->height, vsub))) { +emms_c(); return 0; +} } +emms_c(); return 1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] aacenc: switch to using the RNG from libavutil
ffmpeg | branch: master | Rostislav Pehlivanov | Mon Dec 14 18:53:09 2015 +| [ade31b9424f6bb8f70f277b1acb4575d312ed955] | committer: Rostislav Pehlivanov aacenc: switch to using the RNG from libavutil PSNR doesn't change as expected. The AAC spec doesn't really say anything about how exactly to generate noise. Signed-off-by: Rostislav Pehlivanov > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ade31b9424f6bb8f70f277b1acb4575d312ed955 --- libavcodec/aaccoder.c |8 ++-- libavcodec/aacenc.c |2 +- libavcodec/aacenc.h |2 ++ libavcodec/aacenc_utils.h | 10 -- 4 files changed, 9 insertions(+), 13 deletions(-) diff --git a/libavcodec/aaccoder.c b/libavcodec/aaccoder.c index 7e55494..15d467b 100644 --- a/libavcodec/aaccoder.c +++ b/libavcodec/aaccoder.c @@ -693,8 +693,12 @@ static void search_for_pns(AACEncContext *s, AVCodecContext *avctx, SingleChanne float band_energy, scale, pns_senergy; const int start_c = (w+w2)*128+sce->ics.swb_offset[g]; band = &s->psy.ch[s->cur_channel].psy_bands[(w+w2)*16+g]; -for (i = 0; i < sce->ics.swb_sizes[g]; i++) -PNS[i] = s->random_state = lcg_random(s->random_state); +for (i = 0; i < sce->ics.swb_sizes[g]; i+=2) { +double rnd[2]; +av_bmg_get(&s->lfg, rnd); +PNS[i+0] = (float)rnd[0]; +PNS[i+1] = (float)rnd[1]; +} band_energy = s->fdsp->scalarproduct_float(PNS, PNS, sce->ics.swb_sizes[g]); scale = noise_amp/sqrtf(band_energy); s->fdsp->vector_fmul_scalar(PNS, PNS, scale, sce->ics.swb_sizes[g]); diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c index 3406f43..ec09063 100644 --- a/libavcodec/aacenc.c +++ b/libavcodec/aacenc.c @@ -904,7 +904,6 @@ static av_cold int aac_encode_init(AVCodecContext *avctx) s->channels = avctx->channels; s->chan_map = aac_chan_configs[s->channels-1]; -s->random_state = 0x1f2e3d4c; s->lambda = avctx->global_quality > 0 ? avctx->global_quality : 120; avctx->extradata_size = 5; avctx->frame_size = 1024; @@ -997,6 +996,7 @@ static av_cold int aac_encode_init(AVCodecContext *avctx) goto fail; s->psypp = ff_psy_preprocess_init(avctx); ff_lpc_init(&s->lpc, 2*avctx->frame_size, TNS_MAX_ORDER, FF_LPC_TYPE_LEVINSON); +av_lfg_init(&s->lfg, 0x72adca55); if (HAVE_MIPSDSP) ff_aac_coder_init_mips(s); diff --git a/libavcodec/aacenc.h b/libavcodec/aacenc.h index d8bed82..2b721d3 100644 --- a/libavcodec/aacenc.h +++ b/libavcodec/aacenc.h @@ -23,6 +23,7 @@ #define AVCODEC_AACENC_H #include "libavutil/float_dsp.h" +#include "libavutil/lfg.h" #include "avcodec.h" #include "put_bits.h" @@ -100,6 +101,7 @@ typedef struct AACEncContext { FFTContext mdct1024; ///< long (1024 samples) frame transform context FFTContext mdct128; ///< short (128 samples) frame transform context AVFloatDSPContext *fdsp; +AVLFG lfg; ///< PRNG needed for PNS float *planar_samples[8];///< saved preprocessed input int profile; ///< copied from avctx diff --git a/libavcodec/aacenc_utils.h b/libavcodec/aacenc_utils.h index 5b308f2..736e4a0 100644 --- a/libavcodec/aacenc_utils.h +++ b/libavcodec/aacenc_utils.h @@ -183,16 +183,6 @@ static av_always_inline float bval2bmax(float b) } /* - * linear congruential pseudorandom number generator, copied from the decoder - */ -static inline int lcg_random(unsigned previous_val) -{ -union { unsigned u; int s; } v = { previous_val * 1664525u + 1013904223 }; -return v.s; -} - - -/* * Compute a nextband map to be used with SF delta constraint utilities. * The nextband array should contain 128 elements, and positions that don't * map to valid, nonzero bands of the form w*16+g (with w being the initial ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
ffmpeg | branch: release/2.7 | Michael Niedermayer | Tue Dec 1 12:44:23 2015 +0100| [88ccca204ab67d8eda5745a94eed69882af6a3dc] | committer: Michael Niedermayer avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd The code expects actual positive numbers and gives completely wrong results if INT64_MIN is treated as positive Instead clip it into the valid range that is add 1 and treat it as negative Signed-off-by: Michael Niedermayer (cherry picked from commit 25e37f5ea92d4201976a59ae306ce848d257a7e6) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=88ccca204ab67d8eda5745a94eed69882af6a3dc --- libavutil/mathematics.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavutil/mathematics.c b/libavutil/mathematics.c index 126cffc..b1ffd65 100644 --- a/libavutil/mathematics.c +++ b/libavutil/mathematics.c @@ -76,8 +76,8 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd) rnd -= AV_ROUND_PASS_MINMAX; } -if (a < 0 && a != INT64_MIN) -return -av_rescale_rnd(-a, b, c, rnd ^ ((rnd >> 1) & 1)); +if (a < 0) +return -av_rescale_rnd(-FFMAX(a, -INT64_MAX), b, c, rnd ^ ((rnd >> 1) & 1)); if (rnd == AV_ROUND_NEAR_INF) r = c / 2; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/apedec: Check length in long_filter_high_3800()
ffmpeg | branch: release/2.7 | Michael Niedermayer | Wed Dec 2 21:16:27 2015 +0100| [d259a0534ee2f89b103cfc52b988b452c6411662] | committer: Michael Niedermayer avcodec/apedec: Check length in long_filter_high_3800() Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit cd7524fdd13dc8d0cf22e2cfd8300a245542b13a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d259a0534ee2f89b103cfc52b988b452c6411662 --- libavcodec/apedec.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 03afd75..9984b40 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -892,6 +892,9 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len int32_t dotprod, sign; int32_t coeffs[256], delay[256]; +if (order >= length) +return; + memset(coeffs, 0, order * sizeof(*coeffs)); for (i = 0; i < order; i++) delay[i] = buffer[i]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/dump: Fix integer overflow in av_dump_format()
ffmpeg | branch: release/2.7 | Michael Niedermayer | Tue Dec 1 12:40:32 2015 +0100| [cf1f615b67a4a486176b9aeaedeceef0337023e9] | committer: Michael Niedermayer avformat/dump: Fix integer overflow in av_dump_format() Fixes part of mozilla bug 1229167 Found-by: Tyson Smith Signed-off-by: Michael Niedermayer (cherry picked from commit 8e7f4520226d2d9ad6a58ad6c32d1455a8b244b2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf1f615b67a4a486176b9aeaedeceef0337023e9 --- libavformat/dump.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/dump.c b/libavformat/dump.c index 7bb593c..7a746b3 100644 --- a/libavformat/dump.c +++ b/libavformat/dump.c @@ -493,7 +493,7 @@ void av_dump_format(AVFormatContext *ic, int index, av_log(NULL, AV_LOG_INFO, " Duration: "); if (ic->duration != AV_NOPTS_VALUE) { int hours, mins, secs, us; -int64_t duration = ic->duration + 5000; +int64_t duration = ic->duration + (ic->duration <= INT64_MAX - 5000 ? 5000 : 0); secs = duration / AV_TIME_BASE; us= duration % AV_TIME_BASE; mins = secs / 60; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd () for overflows
ffmpeg | branch: release/2.7 | Michael Niedermayer | Tue Dec 1 13:32:31 2015 +0100| [86a52988bd50b16d7f4c52e610de00d5354c5174] | committer: Michael Niedermayer avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for overflows Fixes integer overflow Fixes: mozilla bug 1229167 Found-by: Tyson Smith Signed-off-by: Michael Niedermayer (cherry picked from commit f03c2ceec174877e03bb302f5971fbe9ffbe4856) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86a52988bd50b16d7f4c52e610de00d5354c5174 --- libavutil/mathematics.c | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavutil/mathematics.c b/libavutil/mathematics.c index b1ffd65..4d8467b 100644 --- a/libavutil/mathematics.c +++ b/libavutil/mathematics.c @@ -77,7 +77,7 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd) } if (a < 0) -return -av_rescale_rnd(-FFMAX(a, -INT64_MAX), b, c, rnd ^ ((rnd >> 1) & 1)); +return -(uint64_t)av_rescale_rnd(-FFMAX(a, -INT64_MAX), b, c, rnd ^ ((rnd >> 1) & 1)); if (rnd == AV_ROUND_NEAR_INF) r = c / 2; @@ -87,8 +87,13 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd) if (b <= INT_MAX && c <= INT_MAX) { if (a <= INT_MAX) return (a * b + r) / c; -else -return a / c * b + (a % c * b + r) / c; +else { +int64_t ad = a / c; +int64_t a2 = (a % c * b + r) / c; +if (ad >= INT32_MAX && ad > (INT64_MAX - a2) / b) +return INT64_MIN; +return ad * b + a2; +} } else { #if 1 uint64_t a0 = a & 0x; @@ -112,6 +117,8 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd) t1++; } } +if (t1 > INT64_MAX) +return INT64_MIN; return t1; } #else ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] mpegencts: Fix overflow in cbr mode period calculations
ffmpeg | branch: release/2.7 | Timo Teräs | Sat Nov 28 08:27:39 2015 +0200| [76cb34f7f5b8608670d1998b587ef9e12856ab99] | committer: Michael Niedermayer mpegencts: Fix overflow in cbr mode period calculations ts->mux_rate is int (signed 32-bit) type. The period calculations will start to overflow when mux_rate > 5mbps. This fixes overflows by converting first to 64-bit type. Fixes #5044. Signed-off-by: Timo Teräs Signed-off-by: Michael Niedermayer (cherry picked from commit 64f7db554ee83846f207e82a08946a6a5a6acfe2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=76cb34f7f5b8608670d1998b587ef9e12856ab99 --- libavformat/mpegtsenc.c |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/mpegtsenc.c b/libavformat/mpegtsenc.c index 9efa9fc..043a80f 100644 --- a/libavformat/mpegtsenc.c +++ b/libavformat/mpegtsenc.c @@ -751,11 +751,11 @@ static int mpegts_write_header(AVFormatContext *s) ts_st = pcr_st->priv_data; if (ts->mux_rate > 1) { -service->pcr_packet_period = (ts->mux_rate * ts->pcr_period) / +service->pcr_packet_period = (int64_t)ts->mux_rate * ts->pcr_period / (TS_PACKET_SIZE * 8 * 1000); -ts->sdt_packet_period = (ts->mux_rate * SDT_RETRANS_TIME) / +ts->sdt_packet_period = (int64_t)ts->mux_rate * SDT_RETRANS_TIME / (TS_PACKET_SIZE * 8 * 1000); -ts->pat_packet_period = (ts->mux_rate * PAT_RETRANS_TIME) / +ts->pat_packet_period = (int64_t)ts->mux_rate * PAT_RETRANS_TIME / (TS_PACKET_SIZE * 8 * 1000); if (ts->copyts < 1) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4videodec: Check available data before reading custom matrix
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sun Nov 29 23:44:40 2015 +0100| [fc69fa8474ae2a3b3420074c17c908e0204c82af] | committer: Michael Niedermayer avcodec/mpeg4videodec: Check available data before reading custom matrix Fixes: out of array read Fixes: 76c515fc3779d1b838667c61ea13ce92/asan_heap-oob_1fc0d07_8913_794a4629a264ebdb25b58d3a94ed1785.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 891dc8f87536ac2ec695c70d081345224524ad99) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc69fa8474ae2a3b3420074c17c908e0204c82af --- libavcodec/mpeg4videodec.c |8 1 file changed, 8 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index e151f9e..dd2414b 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -1875,6 +1875,10 @@ static int decode_vol_header(Mpeg4DecContext *ctx, GetBitContext *gb) int last = 0; for (i = 0; i < 64; i++) { int j; +if (get_bits_left(gb) < 8) { +av_log(s->avctx, AV_LOG_ERROR, "insufficient data for custom matrix\n"); +return AVERROR_INVALIDDATA; +} v = get_bits(gb, 8); if (v == 0) break; @@ -1898,6 +1902,10 @@ static int decode_vol_header(Mpeg4DecContext *ctx, GetBitContext *gb) int last = 0; for (i = 0; i < 64; i++) { int j; +if (get_bits_left(gb) < 8) { +av_log(s->avctx, AV_LOG_ERROR, "insufficient data for custom matrix\n"); +return AVERROR_INVALIDDATA; +} v = get_bits(gb, 8); if (v == 0) break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/smacker: fix integer overflow with pts_inc
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Dec 5 13:06:16 2015 +0100| [4e80d4bf25589f3beecc5e0633b148cc113fe708] | committer: Michael Niedermayer avformat/smacker: fix integer overflow with pts_inc Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 7ed47e97297fd5ef473d0cc93f0455adbadaac83) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4e80d4bf25589f3beecc5e0633b148cc113fe708 --- libavformat/smacker.c |5 + 1 file changed, 5 insertions(+) diff --git a/libavformat/smacker.c b/libavformat/smacker.c index 5dcf4ad..de8bbdb 100644 --- a/libavformat/smacker.c +++ b/libavformat/smacker.c @@ -120,6 +120,11 @@ static int smacker_read_header(AVFormatContext *s) smk->height = avio_rl32(pb); smk->frames = avio_rl32(pb); smk->pts_inc = (int32_t)avio_rl32(pb); +if (smk->pts_inc > INT_MAX / 100) { +av_log(s, AV_LOG_ERROR, "pts_inc %d is too large\n", smk->pts_inc); +return AVERROR_INVALIDDATA; +} + smk->flags = avio_rl32(pb); if(smk->flags & SMACKER_FLAG_RING_FRAME) smk->frames++; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utils: Clear dimensions in ff_get_buffer() on failure
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Nov 28 20:08:46 2015 +0100| [fad0748b9221fbc7ca806e2ca9aac84927cd7234] | committer: Michael Niedermayer avcodec/utils: Clear dimensions in ff_get_buffer() on failure Fixes out of array access Fixes: 482d8f2fd17c9f532b586458a33f267c/asan_heap-oob_4a52b6_7417_1d08d477736d66cdadd833d146bb8bae.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit abee0a1c60612e8638640a8a3738fffb65e16dbf) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fad0748b9221fbc7ca806e2ca9aac84927cd7234 --- libavcodec/utils.c |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index f960295..0e8e466 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -1037,8 +1037,10 @@ end: int ff_get_buffer(AVCodecContext *avctx, AVFrame *frame, int flags) { int ret = get_buffer_internal(avctx, frame, flags); -if (ret < 0) +if (ret < 0) { av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); +frame->width = frame->height = 0; +} return ret; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp3: always set pix_fmt in theora_decode_header()
ffmpeg | branch: release/2.7 | Michael Niedermayer | Mon Nov 30 03:32:36 2015 +0100| [710dccf0360baa7375130b31c7ccae17a5aaa601] | committer: Michael Niedermayer avcodec/vp3: always set pix_fmt in theora_decode_header() Fixes assertion failure Fixes: d0bb0662da342ec65f8f2a081222e6b9/signal_sigabrt_76ae7cc9_5471_82964f0a9ac2f4d3d59390c15473f6f7.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a814f1d364ba912adf61adef158168c5f7604e93) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=710dccf0360baa7375130b31c7ccae17a5aaa601 --- libavcodec/vp3.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 26c2ea7..33c3e39 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2321,7 +2321,8 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb) return AVERROR_INVALIDDATA; } skip_bits(gb, 3); /* reserved */ -} +} else +avctx->pix_fmt = AV_PIX_FMT_YUV420P; ret = ff_set_dimensions(avctx, s->width, s->height); if (ret < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp3: Clear context on reinitialization failure
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Nov 28 00:23:54 2015 +0100| [c1d29678f1ca993e201b32b8e4af3f9846c5db32] | committer: Michael Niedermayer avcodec/vp3: Clear context on reinitialization failure Fixes null pointer dereference Fixes: 1536b9b096a8f95b742bae9d3d761cc6/signal_sigsegv_294aaed_2039_8d1797aeb823ea43858d0fa45c9eb899.ogv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 6105b7219a90438deae71b0dc5a034c71ee30fc0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c1d29678f1ca993e201b32b8e4af3f9846c5db32 --- libavcodec/vp3.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 2c8a8fe..26c2ea7 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2014,17 +2014,19 @@ static int vp3_decode_frame(AVCodecContext *avctx, vp3_decode_end(avctx); ret = theora_decode_header(avctx, &gb); +if (ret >= 0) +ret = vp3_decode_init(avctx); if (ret < 0) { vp3_decode_end(avctx); -} else -ret = vp3_decode_init(avctx); +} return ret; } else if (type == 2) { ret = theora_decode_tables(avctx, &gb); +if (ret >= 0) +ret = vp3_decode_init(avctx); if (ret < 0) { vp3_decode_end(avctx); -} else -ret = vp3_decode_init(avctx); +} return ret; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc: allocate entries unconditionally
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Nov 27 23:33:03 2015 +0100| [4fe6f9f6271c3e33ec9fddc3dbac17c0436c0f9a] | committer: Michael Niedermayer avcodec/hevc: allocate entries unconditionally Fixes out of array access Fixes: 08664a2a7921ef48172f26495c7455be/asan_heap-oob_23036c6_3301_523388ef84285a0270caf67a43247b59.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d85aa76115214183e7e3b7d65e950da61474959a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4fe6f9f6271c3e33ec9fddc3dbac17c0436c0f9a --- libavcodec/hevc.c |4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 8e7e736..b52a6d1 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2436,11 +2436,9 @@ static int hls_slice_data_wpp(HEVCContext *s, const uint8_t *nal, int length) return AVERROR(ENOMEM); } +ff_alloc_entries(s->avctx, s->sh.num_entry_point_offsets + 1); if (!s->sList[1]) { -ff_alloc_entries(s->avctx, s->sh.num_entry_point_offsets + 1); - - for (i = 1; i < s->threads_number; i++) { s->sList[i] = av_malloc(sizeof(HEVCContext)); memcpy(s->sList[i], s, sizeof(HEVCContext)); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] mjpegdec: consider chroma subsampling in size check
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Wed Dec 2 21:52:23 2015 +0100| [9a8d2f51cf0548aa3724e2a46e58416b333c755f] | committer: Michael Niedermayer mjpegdec: consider chroma subsampling in size check If the chroma components are subsampled, smaller buffers are allocated for them. In that case the maximal block_offset for the chroma components is not as large as for the luma component. This fixes out of bounds writes causing segmentation faults or memory corruption. Reviewed-by: Michael Niedermayer Signed-off-by: Andreas Cadhalpun (cherry picked from commit 5adb5d9d894aa495e7bf9557b4c78350cbfc9d32) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a8d2f51cf0548aa3724e2a46e58416b333c755f --- libavcodec/mjpegdec.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 30fc99a..48f5ca4 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -1241,7 +1241,7 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, int mb_bitmask_size, const AVFrame *reference) { -int i, mb_x, mb_y; +int i, mb_x, mb_y, chroma_h_shift, chroma_v_shift, chroma_width, chroma_height; uint8_t *data[MAX_COMPONENTS]; const uint8_t *reference_data[MAX_COMPONENTS]; int linesize[MAX_COMPONENTS]; @@ -1258,6 +1258,11 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, s->restart_count = 0; +av_pix_fmt_get_chroma_sub_sample(s->avctx->pix_fmt, &chroma_h_shift, + &chroma_v_shift); +chroma_width = FF_CEIL_RSHIFT(s->width, chroma_h_shift); +chroma_height = FF_CEIL_RSHIFT(s->height, chroma_v_shift); + for (i = 0; i < nb_components; i++) { int c = s->comp_index[i]; data[c] = s->picture_ptr->data[c]; @@ -1294,8 +1299,8 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, if (s->interlaced && s->bottom_field) block_offset += linesize[c] >> 1; -if ( 8*(h * mb_x + x) < s->width -&& 8*(v * mb_y + y) < s->height) { +if ( 8*(h * mb_x + x) < ((c == 1) || (c == 2) ? chroma_width : s->width) +&& 8*(v * mb_y + y) < ((c == 1) || (c == 2) ? chroma_height : s->height)) { ptr = data[c] + block_offset; } else ptr = NULL; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_refs: Check that long references match before use
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sun Nov 29 03:25:41 2015 +0100| [900039e7dc321ca33db696f7ae11b4058d6494ba] | committer: Michael Niedermayer avcodec/h264_refs: Check that long references match before use Fixes out of array read Fixes: 59bb925e90201fa0f87f0a31945d43b5/asan_heap-oob_4a52e5_3388_66027f11e3d072f1e02401ecc6193361.jvt Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit aa427537b529cd584cd73222980286d36a00fe28) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=900039e7dc321ca33db696f7ae11b4058d6494ba --- libavcodec/h264_refs.c | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c index 548a3ba..2d787a5 100644 --- a/libavcodec/h264_refs.c +++ b/libavcodec/h264_refs.c @@ -122,6 +122,14 @@ static int add_sorted(H264Picture **sorted, H264Picture **src, int len, int limi return out_i; } +static int mismatches_ref(H264Context *h, H264Picture *pic) +{ +AVFrame *f = pic->f; +return (h->cur_pic_ptr->f->width != f->width || +h->cur_pic_ptr->f->height != f->height || +h->cur_pic_ptr->f->format != f->format); +} + int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl) { int i, len; @@ -193,10 +201,7 @@ int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl) for (j = 0; j<1+(sl->slice_type_nos == AV_PICTURE_TYPE_B); j++) { for (i = 0; i < sl->ref_count[j]; i++) { if (h->default_ref_list[j][i].parent) { -AVFrame *f = h->default_ref_list[j][i].parent->f; -if (h->cur_pic_ptr->f->width != f->width || -h->cur_pic_ptr->f->height != f->height || -h->cur_pic_ptr->f->format != f->format) { +if (mismatches_ref(h, h->default_ref_list[j][i].parent)) { av_log(h->avctx, AV_LOG_ERROR, "Discarding mismatching reference\n"); memset(&h->default_ref_list[j][i], 0, sizeof(h->default_ref_list[j][i])); } @@ -305,7 +310,7 @@ int ff_h264_decode_ref_pic_list_reordering(H264Context *h, H264SliceContext *sl) } ref = h->long_ref[long_idx]; assert(!(ref && !ref->reference)); -if (ref && (ref->reference & pic_structure)) { +if (ref && (ref->reference & pic_structure) && !mismatches_ref(h, ref)) { ref->pic_id = pic_id; assert(ref->long_ref); i = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Nov 27 21:02:13 2015 +0100| [c1db1a5ff47fd3b99cb074c761d76fd0bf05dd82] | committer: Michael Niedermayer avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*() Signed-off-by: Michael Niedermayer (cherry picked from commit feb3f39614b88c113211a98dda1bc2fe5c3c6957) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c1db1a5ff47fd3b99cb074c761d76fd0bf05dd82 --- libavcodec/jpeg2000dwt.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/jpeg2000dwt.c b/libavcodec/jpeg2000dwt.c index 015a4fe..925adea 100644 --- a/libavcodec/jpeg2000dwt.c +++ b/libavcodec/jpeg2000dwt.c @@ -540,6 +540,9 @@ int ff_jpeg2000_dwt_init(DWTContext *s, uint16_t border[2][2], int ff_dwt_encode(DWTContext *s, void *t) { +if (s->ndeclevels == 0) +return 0; + switch(s->type){ case FF_DWT97: dwt_encode97_float(s, t); break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/timecode: Fix fps check
ffmpeg | branch: release/2.7 | Michael Niedermayer | Thu Dec 3 03:14:11 2015 +0100| [da87a699ea9c1ba0b330413528dbca29bcc54ef8] | committer: Michael Niedermayer avutil/timecode: Fix fps check The fps variable is explicitly set to -1 in case of some errors, the check must thus be signed or the code setting it needs to use 0 as error code the type of the field could be changed as well but its in an installed header Fixes: integer overflow Fixes: 9982cc157b1ea90429435640a989122f/asan_generic_3ad004a_3799_22cf198d9cd09928e2d9ad250474fa58.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b46dcd5209a77254345ae098b83a872634c5591b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da87a699ea9c1ba0b330413528dbca29bcc54ef8 --- libavutil/timecode.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/timecode.c b/libavutil/timecode.c index 1dfd040..bf463ed 100644 --- a/libavutil/timecode.c +++ b/libavutil/timecode.c @@ -151,7 +151,7 @@ static int check_fps(int fps) static int check_timecode(void *log_ctx, AVTimecode *tc) { -if (tc->fps <= 0) { +if ((int)tc->fps <= 0) { av_log(log_ctx, AV_LOG_ERROR, "Timecode frame rate must be specified\n"); return AVERROR(EINVAL); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Nov 27 20:52:39 2015 +0100| [8ef86669ca25b71a61e4b69d428b69b5d71ec7b7] | committer: Michael Niedermayer avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*() Fixes out of array access Fixes: 01859c9a9ac6cd60a008274123275574/asan_heap-oob_1dff571_8250_50d3d1611e294c3519fd1fa82198b69b.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 75422280fbcdfbe9dc56bde5525b4d8b280f1bc5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8ef86669ca25b71a61e4b69d428b69b5d71ec7b7 --- libavcodec/jpeg2000dwt.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/jpeg2000dwt.c b/libavcodec/jpeg2000dwt.c index ceceda3..015a4fe 100644 --- a/libavcodec/jpeg2000dwt.c +++ b/libavcodec/jpeg2000dwt.c @@ -555,6 +555,9 @@ int ff_dwt_encode(DWTContext *s, void *t) int ff_dwt_decode(DWTContext *s, void *t) { +if (s->ndeclevels == 0) +return 0; + switch (s->type) { case FF_DWT97: dwt_decode97_float(s, t); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_parser: Fix potential overflows in pointer checks
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Dec 5 17:11:54 2015 +0100| [d092b7f04ca8dfb977343aa12289b6b6123260ea] | committer: Michael Niedermayer avcodec/dirac_parser: Fix potential overflows in pointer checks Signed-off-by: Michael Niedermayer (cherry picked from commit 79798f7c57b098c78e0bbc6becd64b9888b013d1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d092b7f04ca8dfb977343aa12289b6b6123260ea --- libavcodec/dirac_parser.c |8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c index 83c35a2..12f1a60 100644 --- a/libavcodec/dirac_parser.c +++ b/libavcodec/dirac_parser.c @@ -100,10 +100,12 @@ typedef struct DiracParseUnit { static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc, int offset) { -uint8_t *start = pc->buffer + offset; -uint8_t *end = pc->buffer + pc->index; -if (start < pc->buffer || (start + 13 > end)) +int8_t *start; + +if (offset < 0 || pc->index - 13 < offset) return 0; + +start = pc->buffer + offset; pu->pu_type = start[4]; pu->next_pu_offset = AV_RB32(start + 5); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized
ffmpeg | branch: release/2.7 | Michael Niedermayer | Tue Nov 24 22:12:37 2015 +0100| [54e94522b899111dd4b9f93386d582d26859ead5] | committer: Michael Niedermayer avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized Fixes out of array access Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2049_f2192b6829ab6e0eefcb035329c03c60.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 4ea4d2f438c9a7eba37980c9a87be4b34943e4d5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54e94522b899111dd4b9f93386d582d26859ead5 --- libavcodec/h264_slice.c |1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index 10f4d77..9cbe8d2 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -1086,6 +1086,7 @@ static int h264_slice_header_init(H264Context *h) nb_slices = max_slices; } h->slice_context_count = nb_slices; +h->max_contexts = FFMIN(h->max_contexts, nb_slices); if (!HAVE_THREADS || !(h->avctx->active_thread_type & FF_THREAD_SLICE)) { ret = ff_h264_slice_context_init(h, &h->slice_ctx[0]); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
ffmpeg | branch: release/2.7 | Michael Niedermayer | Wed Sep 30 13:10:48 2015 +0200| [8405b6329463af8ac2e5dac4fcdda03888388f78] | committer: Michael Niedermayer avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup The variable is not a constant and can lead to race conditions Fixes: repro.webm (not reproducable with FFmpeg alone) Found-by: Dale Curtis Tested-by: Dale Curtis Signed-off-by: Michael Niedermayer (cherry picked from commit dabea74d0e82ea80cd344f630497cafcb3ef872c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8405b6329463af8ac2e5dac4fcdda03888388f78 --- libavcodec/vp8.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c index 25fe70a..29379f4 100644 --- a/libavcodec/vp8.c +++ b/libavcodec/vp8.c @@ -164,7 +164,7 @@ int update_dimensions(VP8Context *s, int width, int height, int is_vp7) s->mb_height = (s->avctx->coded_height + 15) / 16; s->mb_layout = is_vp7 || avctx->active_thread_type == FF_THREAD_SLICE && - FFMIN(s->num_coeff_partitions, avctx->thread_count) > 1; + avctx->thread_count > 1; if (!s->mb_layout) { // Frame threading and one thread s->macroblocks_base = av_mallocz((s->mb_width + s->mb_height * 2 + 1) * sizeof(*s->macroblocks)); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp3: Fix "runtime error: left shift of negative value"
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Dec 4 12:47:20 2015 +0100| [e3ffc7ab4a07cfaa25b6a36e78e91cf47a47c942] | committer: Michael Niedermayer avcodec/vp3: Fix "runtime error: left shift of negative value" Fixes: 5c6129154b356b80bcab86f9e3ee5d29/signal_sigabrt_76ae7cc9_7322_d26ac6d7cb6567db1b8be0159b387d0b.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 18268f761bffb37552f59f87542fef3d5c80618c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e3ffc7ab4a07cfaa25b6a36e78e91cf47a47c942 --- libavcodec/vp3.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 33c3e39..fbb7da7 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -209,8 +209,8 @@ typedef struct Vp3DecodeContext { int16_t *dct_tokens[3][64]; int16_t *dct_tokens_base; #define TOKEN_EOB(eob_run) ((eob_run) << 2) -#define TOKEN_ZERO_RUN(coeff, zero_run) (((coeff) << 9) + ((zero_run) << 2) + 1) -#define TOKEN_COEFF(coeff) (((coeff) << 2) + 2) +#define TOKEN_ZERO_RUN(coeff, zero_run) (((coeff) * 512) + ((zero_run) << 2) + 1) +#define TOKEN_COEFF(coeff) (((coeff) * 4) + 2) /** * number of blocks that contain DCT coefficients at ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Nov 28 17:26:05 2015 +0100| [6c25411c06a9867eb993ad2c0ee477b4573516c1] | committer: Michael Niedermayer avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string() Fixes integer overflow Fixes: 3a45b2ae02f2cf12b7bd99543cdcdae5/asan_heap-oob_1dff502_8022_899f75e1e81046ebd7b6c2394a1419f4.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 4f03bebc79f76df3a3e5bb9e1bc32baabfb7797c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c25411c06a9867eb993ad2c0ee477b4573516c1 --- libavcodec/utils.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/utils.c b/libavcodec/utils.c index cc689d8..f960295 100644 --- a/libavcodec/utils.c +++ b/libavcodec/utils.c @@ -3115,8 +3115,8 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode) if (enc->sample_aspect_ratio.num) { av_reduce(&display_aspect_ratio.num, &display_aspect_ratio.den, - enc->width * enc->sample_aspect_ratio.num, - enc->height * enc->sample_aspect_ratio.den, + enc->width * (int64_t)enc->sample_aspect_ratio.num, + enc->height * (int64_t)enc->sample_aspect_ratio.den, 1024 * 1024); snprintf(buf + strlen(buf), buf_size - strlen(buf), " [SAR %d:%d DAR %d:%d]", ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc: Check entry_point_offsets
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Nov 27 18:30:05 2015 +0100| [0cd23e0d1e89c0f7faecea997ade67b56abbc83d] | committer: Michael Niedermayer avcodec/hevc: Check entry_point_offsets Fixes out of array read Fixes: 007c4a36608ebdf27ee260ad60a81184/asan_heap-oob_32076b4_2243_116b1cb29d91cc4974d6680e3d10bd91.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit ef9f7bbfa47317f9d46bf46982a394d2be78503c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0cd23e0d1e89c0f7faecea997ade67b56abbc83d --- libavcodec/hevc.c |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 05e7f12..8e7e736 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2426,7 +2426,7 @@ static int hls_slice_data_wpp(HEVCContext *s, const uint8_t *nal, int length) HEVCLocalContext *lc = s->HEVClc; int *ret = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int)); int *arg = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int)); -int offset; +int64_t offset; int startheader, cmpt = 0; int i, j, res = 0; @@ -2473,6 +2473,11 @@ static int hls_slice_data_wpp(HEVCContext *s, const uint8_t *nal, int length) } if (s->sh.num_entry_point_offsets != 0) { offset += s->sh.entry_point_offset[s->sh.num_entry_point_offsets - 1] - cmpt; +if (length < offset) { +av_log(s->avctx, AV_LOG_ERROR, "entry_point_offset table is corrupted\n"); +res = AVERROR_INVALIDDATA; +goto error; +} s->sh.size[s->sh.num_entry_point_offsets - 1] = length - offset; s->sh.offset[s->sh.num_entry_point_offsets - 1] = offset; @@ -2499,6 +2504,7 @@ static int hls_slice_data_wpp(HEVCContext *s, const uint8_t *nal, int length) for (i = 0; i <= s->sh.num_entry_point_offsets; i++) res += ret[i]; +error: av_free(ret); av_free(arg); return res; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/jpeg2000dec: Check bpno in decode_cblk()
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Dec 4 16:23:24 2015 +0100| [0f331f94c0db42647bb950c8ae529e43215c32df] | committer: Michael Niedermayer avcodec/jpeg2000dec: Check bpno in decode_cblk() Fixes: undefined shift Fixes: c409ef86f892335a0a164b5871174d5a/asan_heap-oob_1dff564_2159_162b7234616deab02b544410455eb07b.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a85b02dcf70f62a6a433a607143f1f78fa5648bb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f331f94c0db42647bb950c8ae529e43215c32df --- libavcodec/jpeg2000dec.c |4 1 file changed, 4 insertions(+) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index caaf2f7..54006af 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -1106,6 +1106,10 @@ static int decode_cblk(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *codsty, ff_mqc_initdec(&t1->mqc, cblk->data); while (passno--) { +if (bpno < 0) { +av_log(s->avctx, AV_LOG_ERROR, "bpno became negative\n"); +return AVERROR_INVALIDDATA; +} switch(pass_t) { case 0: decode_sigpass(t1, width, height, bpno + 1, bandpos, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc: Fix integer overflow of entry_point_offset
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Dec 5 22:08:59 2015 +0100| [5af5396970b7cbaf22bd8754257f9bf9ffb36297] | committer: Michael Niedermayer avcodec/hevc: Fix integer overflow of entry_point_offset Fixes out of array read Fixes: d41d8cd98f00b204e9800998ecf8427e/signal_sigsegv_321165b_7641_077dfcd8cbc80b1c0b470c8554cd6ffb.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 214085852491448631dcecb008b5d172c11b8892) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5af5396970b7cbaf22bd8754257f9bf9ffb36297 --- libavcodec/hevc.c |4 ++-- libavcodec/hevc.h |2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index b52a6d1..c520878 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -730,7 +730,7 @@ static int hls_slice_header(HEVCContext *s) av_freep(&sh->entry_point_offset); av_freep(&sh->offset); av_freep(&sh->size); -sh->entry_point_offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(int)); +sh->entry_point_offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(unsigned)); sh->offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(int)); sh->size = av_malloc_array(sh->num_entry_point_offsets, sizeof(int)); if (!sh->entry_point_offset || !sh->offset || !sh->size) { @@ -2427,7 +2427,7 @@ static int hls_slice_data_wpp(HEVCContext *s, const uint8_t *nal, int length) int *ret = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int)); int *arg = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int)); int64_t offset; -int startheader, cmpt = 0; +int64_t startheader, cmpt = 0; int i, j, res = 0; if (!ret || !arg) { diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index 2b47de2..96fc258 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -609,7 +609,7 @@ typedef struct SliceHeader { unsigned int max_num_merge_cand; ///< 5 - 5_minus_max_num_merge_cand -int *entry_point_offset; +unsigned *entry_point_offset; int * offset; int * size; int num_entry_point_offsets; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swscale/utils: Fix for runtime error: left shift of negative value -1
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Dec 4 21:44:05 2015 +0100| [dc0bc71471bff6dedd371d97c0b1a45d0ea59042] | committer: Michael Niedermayer swscale/utils: Fix for runtime error: left shift of negative value -1 Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 325b59368dae3c3f2f5cc39873002b4cf133ccbc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dc0bc71471bff6dedd371d97c0b1a45d0ea59042 --- libswscale/utils.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/utils.c b/libswscale/utils.c index 63fb05c..93cbad7 100644 --- a/libswscale/utils.c +++ b/libswscale/utils.c @@ -384,7 +384,7 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos, xDstInSrc = ((dstPos*(int64_t)xInc)>>7) - ((srcPos*0x1LL)>>7); for (i = 0; i < dstW; i++) { -int xx = (xDstInSrc - ((int64_t)(filterSize - 2) << 16)) / (1 << 17); +int xx = (xDstInSrc - (filterSize - 2) * (1LL<<16)) / (1 << 17); int j; (*filterPos)[i] = xx; for (j = 0; j < filterSize; j++) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H
ffmpeg | branch: release/2.7 | zjh8890 <243186...@qq.com> | Sun Nov 22 00:07:35 2015 +0800| [a9ce4583dfbb65dc2d0d7483f11c6e71b413bac8] | committer: Michael Niedermayer avcodec/aarch64/neon.S: Update neon.s for transpose_4x4H The transpose_4x4H is wrong which cost me much time to find this bug. The orders of r2 and r3 are wrong, this bug waste me much time while I make aarch64 arm instruction which used the function. (cherry picked from commit c18176bd551b4616757080376707637e30547fd0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9ce4583dfbb65dc2d0d7483f11c6e71b413bac8 --- libavcodec/aarch64/neon.S |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aarch64/neon.S b/libavcodec/aarch64/neon.S index 619aec6..a227cbd 100644 --- a/libavcodec/aarch64/neon.S +++ b/libavcodec/aarch64/neon.S @@ -107,8 +107,8 @@ .macro transpose_4x4H r0, r1, r2, r3, r4, r5, r6, r7 trn1\r4\().4H, \r0\().4H, \r1\().4H trn2\r5\().4H, \r0\().4H, \r1\().4H -trn1\r7\().4H, \r3\().4H, \r2\().4H -trn2\r6\().4H, \r3\().4H, \r2\().4H +trn1\r7\().4H, \r2\().4H, \r3\().4H +trn2\r6\().4H, \r2\().4H, \r3\().4H trn1\r0\().2S, \r4\().2S, \r7\().2S trn2\r3\().2S, \r4\().2S, \r7\().2S trn1\r1\().2S, \r5\().2S, \r6\().2S ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/cabac_functions: Fix "left shift of negative value -31767"
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Nov 27 12:11:29 2015 +0100| [1258bdf7f0985ec489e2767a1a633bb47ceecc92] | committer: Michael Niedermayer avcodec/cabac_functions: Fix "left shift of negative value -31767" Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer (cherry picked from commit a1f6b05f5228979dab0e149deca7a30d22e98af5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1258bdf7f0985ec489e2767a1a633bb47ceecc92 --- libavcodec/cabac_functions.h |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/cabac_functions.h b/libavcodec/cabac_functions.h index 15dba29..4e13253 100644 --- a/libavcodec/cabac_functions.h +++ b/libavcodec/cabac_functions.h @@ -74,7 +74,8 @@ static inline void renorm_cabac_decoder_once(CABACContext *c){ #ifndef get_cabac_inline static void refill2(CABACContext *c){ -int i, x; +int i; +unsigned x; x= c->low ^ (c->low-1); i= 7 - ff_h264_norm_shift[x>>(CABAC_BITS-1)]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented in type int
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Dec 4 21:38:12 2015 +0100| [0a06e2824a675fb778cd98ccab35a8936db569b9] | committer: Michael Niedermayer avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented in type int Fixes: b293a6479bb4b5286cff24d356bfd955/asan_generic_225c3c9_7819_cc526b657450c6cdef1371b526499626.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 4f2419888ba49245761f4ab343679c38e7880cfe) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0a06e2824a675fb778cd98ccab35a8936db569b9 --- libavcodec/pgssubdec.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/pgssubdec.c b/libavcodec/pgssubdec.c index 0d307f5..e567f53 100644 --- a/libavcodec/pgssubdec.c +++ b/libavcodec/pgssubdec.c @@ -33,7 +33,7 @@ #include "libavutil/imgutils.h" #include "libavutil/opt.h" -#define RGBA(r,g,b,a) (((a) << 24) | ((r) << 16) | ((g) << 8) | (b)) +#define RGBA(r,g,b,a) (((unsigned)(a) << 24) | ((r) << 16) | ((g) << 8) | (b)) #define MAX_EPOCH_PALETTES 8 // Max 8 allowed per PGS epoch #define MAX_EPOCH_OBJECTS 64 // Max 64 allowed per PGS epoch #define MAX_OBJECT_REFS2 // Max objects per display set ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc: Check max ctb addresses for WPP
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Nov 28 13:42:05 2015 +0100| [d013f51303de27126f92dfa4357c14243019037a] | committer: Michael Niedermayer avcodec/hevc: Check max ctb addresses for WPP Fixes out of array read Fixes: 2f95ddd996db8a6281d2e18c184595a7/asan_heap-oob_192fe91_3330_58e4441181e30a66c19f743dcb392347.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit dad354f38ddc9bfc834bc21358a1d0ad41532ca0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d013f51303de27126f92dfa4357c14243019037a --- libavcodec/hevc.c |9 + 1 file changed, 9 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index c520878..7d1565e 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2436,6 +2436,15 @@ static int hls_slice_data_wpp(HEVCContext *s, const uint8_t *nal, int length) return AVERROR(ENOMEM); } +if (s->sh.slice_ctb_addr_rs + s->sh.num_entry_point_offsets * s->sps->ctb_width >= s->sps->ctb_width * s->sps->ctb_height) { +av_log(s->avctx, AV_LOG_ERROR, "WPP ctb addresses are wrong (%d %d %d %d)\n", +s->sh.slice_ctb_addr_rs, s->sh.num_entry_point_offsets, +s->sps->ctb_width, s->sps->ctb_height +); +res = AVERROR_INVALIDDATA; +goto error; +} + ff_alloc_entries(s->avctx, s->sh.num_entry_point_offsets + 1); if (!s->sList[1]) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/integer: Fix av_mod_i() with negative dividend
ffmpeg | branch: release/2.7 | Michael Niedermayer | Tue Dec 1 12:41:43 2015 +0100| [07a30246315b568fc2155e17a4e78529082657ed] | committer: Michael Niedermayer avutil/integer: Fix av_mod_i() with negative dividend Signed-off-by: Michael Niedermayer (cherry picked from commit 3a9cb18855d29c96a5d9d2f5ad30448cae3a2ddf) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07a30246315b568fc2155e17a4e78529082657ed --- libavutil/integer.c |8 1 file changed, 8 insertions(+) diff --git a/libavutil/integer.c b/libavutil/integer.c index 5bcde0d..6d6855f 100644 --- a/libavutil/integer.c +++ b/libavutil/integer.c @@ -29,6 +29,8 @@ #include "integer.h" #include "avassert.h" +static const AVInteger zero_i; + AVInteger av_add_i(AVInteger a, AVInteger b){ int i, carry=0; @@ -111,6 +113,12 @@ AVInteger av_mod_i(AVInteger *quot, AVInteger a, AVInteger b){ AVInteger quot_temp; if(!quot) quot = "_temp; +if ((int16_t)a.v[AV_INTEGER_SIZE-1] < 0) { +a = av_mod_i(quot, av_sub_i(zero_i, a), b); +*quot = av_sub_i(zero_i, *quot); +return av_sub_i(zero_i, a); +} + av_assert2((int16_t)a.v[AV_INTEGER_SIZE-1] >= 0 && (int16_t)b.v[AV_INTEGER_SIZE-1] >= 0); av_assert2(av_log2_i(b)>=0); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Dec 5 13:48:06 2015 +0100| [1601420be4b505d4b9f8f2d92d37e19a44cc42bd] | committer: Michael Niedermayer avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows Fixes: 549d5aab1480d10f2a775ed90b0342f1/signal_sigabrt_76ae7cc9_5643_96bbb0cfe3e28be1dadfce1075016345.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 66e05f6ff5e5c105bdd7bf3a49234ddac1b592c5) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1601420be4b505d4b9f8f2d92d37e19a44cc42bd --- libavcodec/wmaprodec.c |6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index 5b59da5..8653bda 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -300,6 +300,12 @@ static av_cold int decode_init(AVCodecContext *avctx) s->decode_flags= AV_RL16(edata_ptr+14); channel_mask = AV_RL32(edata_ptr+2); s->bits_per_sample = AV_RL16(edata_ptr); + +if (s->bits_per_sample > 32 || s->bits_per_sample < 1) { +avpriv_request_sample(avctx, "bits per sample is %d", s->bits_per_sample); +return AVERROR_PATCHWELCOME; +} + /** dump the extradata */ for (i = 0; i < avctx->extradata_size; i++) ff_dlog(avctx, "[%x] ", avctx->extradata[i]); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/wmaprodec: Fix overflow of cutoff
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Dec 5 13:11:23 2015 +0100| [bdf79f29db6ff5ebd7d09082734c6e39f5afc39f] | committer: Michael Niedermayer avcodec/wmaprodec: Fix overflow of cutoff Fixes: 129ca3e28d73af7b1e24a9d4118e7a2d/signal_sigabrt_76ae7cc9_836_762b310fc3ef6087bd7771e5d8e90b9b.asf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 0c56f8303e676556ea09bfac73d881c6c9057259) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bdf79f29db6ff5ebd7d09082734c6e39f5afc39f --- libavcodec/wmaprodec.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index ecc3aae..5b59da5 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -477,7 +477,7 @@ static av_cold int decode_init(AVCodecContext *avctx) /** calculate subwoofer cutoff values */ for (i = 0; i < num_possible_block_sizes; i++) { int block_size = s->samples_per_frame >> i; -int cutoff = (440*block_size + 3 * (s->avctx->sample_rate >> 1) - 1) +int cutoff = (440*block_size + 3LL * (s->avctx->sample_rate >> 1) - 1) / s->avctx->sample_rate; s->subwoofer_cutoffs[i] = av_clip(cutoff, 4, block_size); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_cabac: Fix multiple integer overflows
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Nov 27 22:45:46 2015 +0100| [694416e327c2fb6495cbc62f63acec65d8c5446c] | committer: Michael Niedermayer avcodec/hevc_cabac: Fix multiple integer overflows Fixes: 04ec80eefa77aecd7a49a442cc02baea/asan_heap-oob_19544fa_3303_1905796cd9d8e15f86d664332caabc00.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d5028f61e44b7607b6a547f218f7d85217490a5b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=694416e327c2fb6495cbc62f63acec65d8c5446c --- libavcodec/hevc_cabac.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/hevc_cabac.c b/libavcodec/hevc_cabac.c index 3d16896..c1c9f20 100644 --- a/libavcodec/hevc_cabac.c +++ b/libavcodec/hevc_cabac.c @@ -883,11 +883,13 @@ static av_always_inline int mvd_decode(HEVCContext *s) int k = 1; while (k < CABAC_MAX_BIN && get_cabac_bypass(&s->HEVClc->cc)) { -ret += 1 << k; +ret += 1U << k; k++; } -if (k == CABAC_MAX_BIN) +if (k == CABAC_MAX_BIN) { av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", k); +return 0; +} while (k--) ret += get_cabac_bypass(&s->HEVClc->cc) << k; return get_cabac_bypass_sign(&s->HEVClc->cc, -ret); @@ -1025,8 +1027,10 @@ static av_always_inline int coeff_abs_level_remaining_decode(HEVCContext *s, int while (prefix < CABAC_MAX_BIN && get_cabac_bypass(&s->HEVClc->cc)) prefix++; -if (prefix == CABAC_MAX_BIN) +if (prefix == CABAC_MAX_BIN) { av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", prefix); +return 0; +} if (prefix < 3) { for (i = 0; i < rc_rice_param; i++) suffix = (suffix << 1) | get_cabac_bypass(&s->HEVClc->cc); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mxfenc: Do not crash if there is no packet in the first stream
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sun Dec 13 16:13:22 2015 +0100| [4aa876f2880c0252b547e0de9c2ca1034d6120d9] | committer: Michael Niedermayer avformat/mxfenc: Do not crash if there is no packet in the first stream Fixes: Ticket4914 Signed-off-by: Michael Niedermayer (cherry picked from commit b51e7554e74cbf007a1cab83c7bed3ad9fa2793a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4aa876f2880c0252b547e0de9c2ca1034d6120d9 --- libavformat/mxfenc.c |4 1 file changed, 4 insertions(+) diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c index db7d2bf..319d3c7 100644 --- a/libavformat/mxfenc.c +++ b/libavformat/mxfenc.c @@ -2448,6 +2448,10 @@ static int mxf_write_packet(AVFormatContext *s, AVPacket *pkt) } mxf->edit_units_count++; } else if (!mxf->edit_unit_byte_count && st->index == 1) { +if (!mxf->edit_units_count) { +av_log(s, AV_LOG_ERROR, "No packets in first stream\n"); +return AVERROR_PATCHWELCOME; +} mxf->index_entries[mxf->edit_units_count-1].slice_offset = mxf->body_offset - mxf->index_entries[mxf->edit_units_count-1].offset; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/mathematics: Fix division by 0
ffmpeg | branch: release/2.7 | Michael Niedermayer | Wed Dec 9 17:39:38 2015 +0100| [8be41ad2bb3201aac6ec608e860ecb3e4ff02c26] | committer: Michael Niedermayer avutil/mathematics: Fix division by 0 Fixes: CID1341571 Signed-off-by: Michael Niedermayer (cherry picked from commit bc8b1e694cc395fdf5e2917377ef11263c937d85) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8be41ad2bb3201aac6ec608e860ecb3e4ff02c26 --- libavutil/mathematics.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/mathematics.c b/libavutil/mathematics.c index 4d8467b..78a87d8 100644 --- a/libavutil/mathematics.c +++ b/libavutil/mathematics.c @@ -90,7 +90,7 @@ int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd) else { int64_t ad = a / c; int64_t a2 = (a % c * b + r) / c; -if (ad >= INT32_MAX && ad > (INT64_MAX - a2) / b) +if (ad >= INT32_MAX && b && ad > (INT64_MAX - a2) / b) return INT64_MIN; return ad * b + a2; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/cabac: Check initial cabac decoder state
ffmpeg | branch: release/2.7 | Michael Niedermayer | Fri Nov 27 13:37:50 2015 +0100| [ed3d4336769425912b925dc46c8d647fbfb4a400] | committer: Michael Niedermayer avcodec/cabac: Check initial cabac decoder state Fixes integer overflows Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer (cherry picked from commit 8000d484b83aafa752d84fbdbfb352ffe0dc64f8) Conflicts: libavcodec/cabac.h > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed3d4336769425912b925dc46c8d647fbfb4a400 --- libavcodec/cabac.c |5 - libavcodec/cabac.h |2 +- libavcodec/cabac_functions.h |3 ++- libavcodec/h264_cabac.c |5 - libavcodec/h264_slice.c |4 +++- 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c index 8cc9333..f298336 100644 --- a/libavcodec/cabac.c +++ b/libavcodec/cabac.c @@ -51,7 +51,7 @@ void ff_init_cabac_encoder(CABACContext *c, uint8_t *buf, int buf_size){ * * @param buf_size size of buf in bits */ -void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){ +int ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){ c->bytestream_start= c->bytestream= buf; c->bytestream_end= buf + buf_size; @@ -64,6 +64,9 @@ void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){ #endif c->low+= ((*c->bytestream++)<<2) + 2; c->range= 0x1FE; +if ((c->range<<(CABAC_BITS+1)) < c->low) +return AVERROR_INVALIDDATA; +return 0; } void ff_init_cabac_states(void) diff --git a/libavcodec/cabac.h b/libavcodec/cabac.h index f9eafed..857211c 100644 --- a/libavcodec/cabac.h +++ b/libavcodec/cabac.h @@ -56,7 +56,7 @@ typedef struct CABACContext{ }CABACContext; void ff_init_cabac_encoder(CABACContext *c, uint8_t *buf, int buf_size); -void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size); +int ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size); void ff_init_cabac_states(void); #endif /* AVCODEC_CABAC_H */ diff --git a/libavcodec/cabac_functions.h b/libavcodec/cabac_functions.h index 4e13253..2d1d2a6 100644 --- a/libavcodec/cabac_functions.h +++ b/libavcodec/cabac_functions.h @@ -191,7 +191,8 @@ static av_unused const uint8_t* skip_bytes(CABACContext *c, int n) { #endif if ((int) (c->bytestream_end - ptr) < n) return NULL; -ff_init_cabac_decoder(c, ptr + n, c->bytestream_end - ptr - n); +if (ff_init_cabac_decoder(c, ptr + n, c->bytestream_end - ptr - n) < 0) +return NULL; return ptr; } diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c index c1c8b80..04d412b 100644 --- a/libavcodec/h264_cabac.c +++ b/libavcodec/h264_cabac.c @@ -2026,6 +2026,7 @@ decode_intra_mb: const int mb_size = ff_h264_mb_sizes[h->sps.chroma_format_idc] * h->sps.bit_depth_luma >> 3; const uint8_t *ptr; +int ret; // We assume these blocks are very rare so we do not optimize it. // FIXME The two following lines get the bitstream position in the cabac @@ -2042,7 +2043,9 @@ decode_intra_mb: sl->intra_pcm_ptr = ptr; ptr += mb_size; -ff_init_cabac_decoder(&sl->cabac, ptr, sl->cabac.bytestream_end - ptr); +ret = ff_init_cabac_decoder(&sl->cabac, ptr, sl->cabac.bytestream_end - ptr); +if (ret < 0) +return ret; // All blocks are present h->cbp_table[mb_xy] = 0xf7ef; diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index 9cbe8d2..2f32948 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -2319,9 +2319,11 @@ static int decode_slice(struct AVCodecContext *avctx, void *arg) align_get_bits(&sl->gb); /* init cabac */ -ff_init_cabac_decoder(&sl->cabac, +ret = ff_init_cabac_decoder(&sl->cabac, sl->gb.buffer + get_bits_count(&sl->gb) / 8, (get_bits_left(&sl->gb) + 7) / 8); +if (ret < 0) +return ret; ff_h264_init_cabac_states(h, sl); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/matroskaenc: Check codecdelay before use
ffmpeg | branch: release/2.7 | Michael Niedermayer | Wed Dec 9 16:16:46 2015 +0100| [5c7ffbbda3e7addc63702ff51cee95c33457f194] | committer: Michael Niedermayer avformat/matroskaenc: Check codecdelay before use Fixes CID1238790 Signed-off-by: Michael Niedermayer (cherry picked from commit e6971db12b8ae49712b77378fa8141de4904082b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c7ffbbda3e7addc63702ff51cee95c33457f194 --- libavformat/matroskaenc.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index 3b525ad..dd4f356 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -904,14 +904,18 @@ static int mkv_write_track(AVFormatContext *s, MatroskaMuxContext *mkv, } if (codec->codec_type == AVMEDIA_TYPE_AUDIO && codec->initial_padding && codec->codec_id == AV_CODEC_ID_OPUS) { +int64_t codecdelay = av_rescale_q(codec->initial_padding, + (AVRational){ 1, codec->sample_rate }, + (AVRational){ 1, 10 }); +if (codecdelay < 0) { +av_log(s, AV_LOG_ERROR, "Initial padding is invalid\n"); +return AVERROR(EINVAL); +} // mkv->tracks[i].ts_offset = av_rescale_q(codec->initial_padding, // (AVRational){ 1, codec->sample_rate }, // st->time_base); -put_ebml_uint(pb, MATROSKA_ID_CODECDELAY, - av_rescale_q(codec->initial_padding, - (AVRational){ 1, codec->sample_rate }, - (AVRational){ 1, 10 })); +put_ebml_uint(pb, MATROSKA_ID_CODECDELAY, codecdelay); } if (codec->codec_id == AV_CODEC_ID_OPUS) { put_ebml_uint(pb, MATROSKA_ID_SEEKPREROLL, OPUS_SEEK_PREROLL); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/utils: estimate_timings_from_pts - increase retry counter, fixes invalid duration for ts files with hevc codec
ffmpeg | branch: release/2.7 | Rainer Hochecker | Sun Nov 15 13:58:50 2015 +0100| [93fa19addf6dcf503989709de083b33443dc65c5] | committer: Michael Niedermayer avformat/utils: estimate_timings_from_pts - increase retry counter, fixes invalid duration for ts files with hevc codec Fixes a mpegts file with hevc that fails estimating duration. Increasing number of retries fixes the issue. Signed-off-by: Michael Niedermayer (cherry picked from commit 2d8c2f1a28073d451c7db31291c333cb15ca3d0b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93fa19addf6dcf503989709de083b33443dc65c5 --- libavformat/utils.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 5729b0b..47d0707 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2391,7 +2391,7 @@ static void estimate_timings_from_bit_rate(AVFormatContext *ic) } #define DURATION_MAX_READ_SIZE 25LL -#define DURATION_MAX_RETRY 4 +#define DURATION_MAX_RETRY 6 /* only usable for MPEG-PS streams */ static void estimate_timings_from_pts(AVFormatContext *ic, int64_t old_offset) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp3: ensure header is parsed successfully before tables
ffmpeg | branch: release/2.7 | Michael Niedermayer | Wed Dec 2 22:59:56 2015 +0100| [548a07cdc439def22a24d64a9092830af9ea7e2c] | committer: Michael Niedermayer avcodec/vp3: ensure header is parsed successfully before tables Fixes assertion failure Fixes: 266ee543812e934f7b4a72923a2701d4/signal_sigabrt_76ae7cc9_7322_85218d61759d461bdf7387180e8000c9.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 26379d4fddc17cac853ef297ff327b58c44edbad) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=548a07cdc439def22a24d64a9092830af9ea7e2c --- libavcodec/vp3.c |7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index fbb7da7..1670aba 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -131,7 +131,7 @@ static const uint8_t hilbert_offset[16][2] = { typedef struct Vp3DecodeContext { AVCodecContext *avctx; -int theora, theora_tables; +int theora, theora_tables, theora_header; int version; int width, height; int chroma_x_shift, chroma_y_shift; @@ -2251,6 +2251,7 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb) int ret; AVRational fps, aspect; +s->theora_header = 0; s->theora = get_bits_long(gb, 24); av_log(avctx, AV_LOG_DEBUG, "Theora bitstream version %X\n", s->theora); @@ -2356,6 +2357,7 @@ static int theora_decode_header(AVCodecContext *avctx, GetBitContext *gb) avctx->color_trc = AVCOL_TRC_BT709; } +s->theora_header = 1; return 0; } @@ -2364,6 +2366,9 @@ static int theora_decode_tables(AVCodecContext *avctx, GetBitContext *gb) Vp3DecodeContext *s = avctx->priv_data; int i, n, matrices, inter, plane; +if (!s->theora_header) +return AVERROR_INVALIDDATA; + if (s->theora >= 0x030200) { n = get_bits(gb, 3); /* loop filter limit values table */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_parser: Add basic validity checks for next_pu_offset and prev_pu_offset
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Dec 5 17:14:36 2015 +0100| [ece3912daf656651b092f2362f62203594418a3a] | committer: Michael Niedermayer avcodec/dirac_parser: Add basic validity checks for next_pu_offset and prev_pu_offset Signed-off-by: Michael Niedermayer (cherry picked from commit c7d6ec947c053699950af90f695413a5640b3872) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ece3912daf656651b092f2362f62203594418a3a --- libavcodec/dirac_parser.c |9 + 1 file changed, 9 insertions(+) diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c index 12f1a60..c7c4b69 100644 --- a/libavcodec/dirac_parser.c +++ b/libavcodec/dirac_parser.c @@ -114,6 +114,15 @@ static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc, if (pu->pu_type == 0x10 && pu->next_pu_offset == 0) pu->next_pu_offset = 13; +if (pu->next_pu_offset && pu->next_pu_offset < 13) { +av_log(NULL, AV_LOG_ERROR, "next_pu_offset %d is invalid\n", pu->next_pu_offset); +return 0; +} +if (pu->prev_pu_offset && pu->prev_pu_offset < 13) { +av_log(NULL, AV_LOG_ERROR, "prev_pu_offset %d is invalid\n", pu->prev_pu_offset); +return 0; +} + return 1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dirac_parser: Check that there is a previous PU before accessing it
ffmpeg | branch: release/2.7 | Michael Niedermayer | Sat Dec 5 17:15:38 2015 +0100| [d17298b666bcbaba2931d98a292c866c29cc94da] | committer: Michael Niedermayer avcodec/dirac_parser: Check that there is a previous PU before accessing it Fixes out of array read Fixes: 99d142c47e6ba3510a74b872a1a2ae72/asan_heap-oob_11b36f4_3811_0f5c69e7609a88a580135678de1df844.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a08681f1e614152184615e2bcd71c3d63835f810) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d17298b666bcbaba2931d98a292c866c29cc94da --- libavcodec/dirac_parser.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c index c7c4b69..1ca7e31 100644 --- a/libavcodec/dirac_parser.c +++ b/libavcodec/dirac_parser.c @@ -201,7 +201,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx, } /* Get the picture number to set the pts and dts*/ -if (parse_timing_info) { +if (parse_timing_info && pu1.prev_pu_offset >= 13) { uint8_t *cur_pu = pc->buffer + pc->index - 13 - pu1.prev_pu_offset; int pts = AV_RB32(cur_pu + 13); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/vf_delogo: fix show option when clipping
ffmpeg | branch: master | Jean Delvare | Mon Dec 14 11:23:05 2015 +0100| [932cbc846f5574ed6b775a0fd586e70b5c8f84a2] | committer: Michael Niedermayer avfilter/vf_delogo: fix show option when clipping The show option did not take clipping into account, so the borders on the clipped side wouldn't show up. Fix it. Signed-off-by: Jean Delvare Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=932cbc846f5574ed6b775a0fd586e70b5c8f84a2 --- libavfilter/vf_delogo.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavfilter/vf_delogo.c b/libavfilter/vf_delogo.c index 168af89..8058ea9 100644 --- a/libavfilter/vf_delogo.c +++ b/libavfilter/vf_delogo.c @@ -101,8 +101,8 @@ static void apply_delogo(uint8_t *dst, int dst_linesize, xdst = dst+logo_x1+1, xsrc = src+logo_x1+1; x < logo_x2-1; x++, xdst++, xsrc++) { -if (show && (y == logo_y+1 || y == logo_y+logo_h-2 || - x == logo_x+1 || x == logo_x+logo_w-2)) { +if (show && (y == logo_y1+1 || y == logo_y2-2 || + x == logo_x1+1 || x == logo_x2-2)) { *xdst = 0; continue; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/nvenc: clamp initial qp value to [1, 51]
ffmpeg | branch: master | Agatha Hu | Mon Dec 14 10:34:59 2015 +0100| [758be457564983b879122f6e08701aa236a7f3bf] | committer: Timo Rothenpieler avcodec/nvenc: clamp initial qp value to [1, 51] Signed-off-by: Timo Rothenpieler > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=758be457564983b879122f6e08701aa236a7f3bf --- libavcodec/nvenc.c |8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/nvenc.c b/libavcodec/nvenc.c index 4ab56fe..31f2dfd 100644 --- a/libavcodec/nvenc.c +++ b/libavcodec/nvenc.c @@ -843,10 +843,10 @@ static av_cold int nvenc_encode_init(AVCodecContext *avctx) ctx->encode_config.rcParams.initialRCQP.qpInterP = qp_inter_p; if(avctx->i_quant_factor != 0.0 && avctx->b_quant_factor != 0.0) { -ctx->encode_config.rcParams.initialRCQP.qpIntra = qp_inter_p * fabs(avctx->i_quant_factor); -ctx->encode_config.rcParams.initialRCQP.qpIntra += avctx->i_quant_offset; -ctx->encode_config.rcParams.initialRCQP.qpInterB = qp_inter_p * fabs(avctx->b_quant_factor); -ctx->encode_config.rcParams.initialRCQP.qpInterB += avctx->b_quant_offset; +ctx->encode_config.rcParams.initialRCQP.qpIntra = av_clip( +qp_inter_p * fabs(avctx->i_quant_factor) + avctx->i_quant_offset, 0, 51); +ctx->encode_config.rcParams.initialRCQP.qpInterB = av_clip( +qp_inter_p * fabs(avctx->b_quant_factor) + avctx->b_quant_offset, 0, 51); } else { ctx->encode_config.rcParams.initialRCQP.qpIntra = qp_inter_p; ctx->encode_config.rcParams.initialRCQP.qpInterB = qp_inter_p; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/nvenc: set slice number to 1 to improve encoding quality
ffmpeg | branch: master | Agatha Hu | Mon Dec 14 10:27:36 2015 +0100| [f1a889737532ad8696574cdb95b844371f74c864] | committer: Timo Rothenpieler avcodec/nvenc: set slice number to 1 to improve encoding quality Signed-off-by: Timo Rothenpieler > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1a889737532ad8696574cdb95b844371f74c864 --- libavcodec/nvenc.c |6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/nvenc.c b/libavcodec/nvenc.c index 43b8e78..4ab56fe 100644 --- a/libavcodec/nvenc.c +++ b/libavcodec/nvenc.c @@ -876,6 +876,9 @@ static av_cold int nvenc_encode_init(AVCodecContext *avctx) ctx->encode_config.encodeCodecConfig.h264Config.h264VUIParameters.videoFullRangeFlag = avctx->color_range == AVCOL_RANGE_JPEG; +ctx->encode_config.encodeCodecConfig.h264Config.sliceMode = 3; +ctx->encode_config.encodeCodecConfig.h264Config.sliceModeData = 1; + ctx->encode_config.encodeCodecConfig.h264Config.disableSPSPPS = (avctx->flags & AV_CODEC_FLAG_GLOBAL_HEADER) ? 1 : 0; ctx->encode_config.encodeCodecConfig.h264Config.repeatSPSPPS = (avctx->flags & AV_CODEC_FLAG_GLOBAL_HEADER) ? 0 : 1; @@ -940,6 +943,9 @@ static av_cold int nvenc_encode_init(AVCodecContext *avctx) break; case AV_CODEC_ID_H265: +ctx->encode_config.encodeCodecConfig.hevcConfig.sliceMode = 3; +ctx->encode_config.encodeCodecConfig.hevcConfig.sliceModeData = 1; + ctx->encode_config.encodeCodecConfig.hevcConfig.disableSPSPPS = (avctx->flags & AV_CODEC_FLAG_GLOBAL_HEADER) ? 1 : 0; ctx->encode_config.encodeCodecConfig.hevcConfig.repeatSPSPPS = (avctx->flags & AV_CODEC_FLAG_GLOBAL_HEADER) ? 0 : 1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog