Commit Graph
15015 Commits
Author SHA1 Message Date
Laurentiu IonandRonald S. Bultje da2e774fd6 kmvc: Use bytestream2 functions to prevent buffer overreads.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-09 17:26:33 -08:00
Alex Converse 9de3cbc182 aacps: Add missing newline in error message. 2012-01-09 11:06:14 -08:00
Alex Converse 4acd43a295 aacdec: Turn off PS for multichannel files that use PCE based configs.
Fixes al_sbr_cm_48_5.1.mp4.
2012-01-09 11:04:05 -08:00
Diego Biurrun 1ef8ff4534 cabac: remove put_cabac_u/ueg from cabac-test.
The functions are not used in any part of Libav, therefore testing them in the
cabac-test is unnecessary. Since this makes them unused, remove the functions.
2012-01-09 14:10:41 +01:00
Vitor SessakandRonald S. Bultje 39df0c434c mpegaudiodec: optimized iMDCT transform
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 17:40:55 -08:00
Vitor SessakandRonald S. Bultje 06677d0dd9 mpegaudiodec: change imdct window arrangment for better pointer alignment
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 17:37:23 -08:00
Vitor SessakandRonald S. Bultje 6dfcf53092 mpegaudiodec: move imdct and windowing function to mpegaudiodsp
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 17:37:07 -08:00
Vitor SessakandRonald S. Bultje 421c99a4a7 mpegaudiodec: interleave iMDCT buffer to simplify future SIMD implementations
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 17:37:03 -08:00
Daniel HuangandDiego Biurrun 8549cf073b mjpegdec: K&R formatting cosmetics
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-01-08 23:33:00 +01:00
Aneesh DograandRonald S. Bultje ccc27e2139 bfi: Use bytestream2 functions to prevent buffer overreads.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 13:26:54 -08:00
Laurentiu IonandRonald S. Bultje 529a25d6e5 dpcm: Fix invalid writes
Fixes bug: #152

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 13:13:11 -08:00
Aneesh DograandRonald S. Bultje 12e984aed7 utvideo: frame multithreading.
>> time ./avconv -i file.avi -f null -
Before : real	0m7.784s
After  : real   0m3.662s

Tested on a Intel Core i3 Processor (2 cores, 4 threads).

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 12:21:10 -08:00
Chris EvansandReinhard Tartler afb2aa5379 vorbis: An additional defense in the Vorbis codec.
Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-01-08 09:09:26 +01:00
Reinhard Tartler e6d527ff72 vorbisdec: Fix decoding bug with channel handling
Fixes Bug: #191
Chromium Bug: #101458
CVE-2011-3895

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-01-07 23:16:52 +01:00
Diego Biurrun badb195d13 cabac: Move code only used within the CABAC test program into the test program. 2012-01-07 22:13:14 +01:00
Diego Biurrun 1be4b8ccba vp56: Drop unnecessary cabac.h #include. 2012-01-07 22:13:12 +01:00
Diego Biurrun a7e3cb9d32 h264-test: Initialize AVCodecContext.av_class.
This fixes a segfault on startup.

Also remove a commented-out and completely unused variable.
2012-01-07 22:13:10 +01:00
Diego Biurrun 3dc99a18d4 cosmetics: drop some pointless parentheses 2012-01-07 22:13:07 +01:00
Justin Ruggles 3f6aa85ed4 avcodec: attempt to clarify the CODEC_CAP_DELAY documentation 2012-01-07 14:33:16 -05:00
Justin Ruggles 07837e4158 avcodec: fix avcodec_encode_audio() documentation.
the previous documentation indicated how many bytes are read from the input,
not how many samples are read.
2012-01-07 14:33:15 -05:00
Justin Ruggles cf1a259ad6 g722enc: validate AVCodecContext.trellis 2012-01-07 13:38:23 -05:00
Justin Ruggles 77c5b66cbe g722enc: set frame_size, and also handle an odd number of input samples
The fate reference is updated because the previous test skipped a sample in
each encode() call due each input frame having an odd number of samples.
2012-01-07 13:38:23 -05:00
Justin Ruggles 34093ba081 g722enc: split encoding into separate functions for trellis vs. no trellis 2012-01-07 13:38:23 -05:00
Vitor SessakandRonald S. Bultje 96219141e2 mpegaudiodec: Use clearer pointer math
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-07 08:23:27 -08:00
Justin Ruggles 52e9854a83 tta: fix 24-bit decoding.
Decode to the correct output buffer.
2012-01-07 09:44:13 -05:00
Paul B MaholandMartin Storsjö 17aa02b9a1 interplayvideo: Handle changed video dimensions on the fly
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-07 15:25:38 +02:00
Martin Storsjö c5d907b6b0 libavcodec: Handle param change side data in avcodec_decode_video2, too
Also call avcodec_set_dimensions on dimension param change packets.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-07 15:25:35 +02:00
Martin Storsjö 867f923df4 libavcodec: Move apply_param_change up above avcodec_decode_video2
This is in preparation to calling it from avcodec_decode_video2.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-07 15:25:30 +02:00
Janne Grunau be540e0cb3 indeo3: check motion vectors for validity
Fixes null pointer dereferences in fuzzed files found by Oana Stratulat.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2012-01-07 09:41:11 +01:00
Michael NiedermayerandJanne Grunau b18a0cc781 indeo5: Fix null pointer dereference.
Bug found by: Oana Stratulat

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2012-01-07 00:18:42 +01:00
Laurentiu IonandJustin Ruggles b348c852aa flicvideo: fix invalid reads
Prevent invalid reads using bytestream2 functions.
Fixes bug #126.

Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-01-06 16:48:27 -05:00
Chris EvansandReinhard Tartler 57cd6d7095 vorbis: Avoid some out-of-bounds reads
Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-01-06 19:58:22 +01:00
Diego Biurrun 3aa3fc45fe cabac: remove unused function renorm_cabac_decoder 2012-01-06 13:37:55 +01:00
Diego Biurrun 301fb92131 h264: Only use symbols from the SVQ3 decoder under proper conditionals.
Fixes --disable-everything --enable-decoder=h264 --disable-optimizations.
2012-01-06 13:37:53 +01:00
Justin Ruggles 6e8bf6db48 add bytestream2_tell() and bytestream2_seek() functions 2012-01-05 23:36:36 -05:00
Janne Grunau f907615f08 parsers: initialize MpegEncContext.slice_context_count to 1
The mpeg4 video, H264 and VC-1 parser hold (directly or indirectly)
a MpegEncContext in their private context. Since they do not call the
common mpegvideo init function slice_context_count has explicitly set
to 1.
Prevents a null pointer dereference in the h264 parser and fixes
bug 193.
2012-01-06 01:47:45 +01:00
Janne Grunau 696ace50ea truemotion2: check size before GetBitContext initialisation
Prevents null ptr derefence for negative sizes.
2012-01-05 23:19:13 +01:00
Janne Grunau bb5b3940b0 adpcm: ADPCM Electronic Arts has always two channels 2012-01-05 22:29:18 +01:00
Aneesh DograandRonald S. Bultje 9b55b4bb3a 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-05 09:37:16 -08:00
Janne Grunau e268a352af mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
Check explicitly if enough bits are left to prevent an infinite loop
when the bitstream buffer is not followed by zero-padding.

Based on patches by Michael Niedermayer <michaelni@gmx.at>.
2012-01-05 18:20:35 +01:00
Janne Grunau 9b4767e478 vp3: fix streams with non-zero last coefficient
Fixes a regression introduced in 8b94df0f20.
2012-01-05 18:18:08 +01:00
Oana StratulatandRonald S. Bultje 7f09791d28 Report an error if pitch_lag is zero in AMR-NB decoder.
This fixes an infinite loop in the decoder on specially
crafted files, and fixes bug 151.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:33:14 -08:00
Ronald S. Bultje 3fa646e859 Revert "4xm: Prevent buffer overreads."
This reverts commit 295a7c0238. The
patch breaks decoding of regular files (e.g. fate-4xm-2).
2012-01-04 21:27:31 -08:00
Aneesh DograandRonald S. Bultje 295a7c0238 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:15:50 -08:00
Aneesh DograandRonald S. Bultje 4b84f68223 4xm: pass the correct remaining buffer size to decode_i2_frame().
frame_size is the number of bytes left in the packet, so if we are passing
buf-4 we can safely read frame_size+4 bytes.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:10:11 -08:00
Aneesh DograandRonald S. Bultje 893f137679 4xm: fix calculation of the next output line position in decode_i2_frame().
The current code doesn't work unless width is an exact multiple of 16.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:09:22 -08:00
Ronald S. Bultje 89d26797f5 ulti: convert to new bytestream API. 2012-01-04 10:57:37 -08:00
Diego Biurrun 00a1cdd264 Place some START_TIMER invocations in separate blocks.
This fixes compilation failures related to START_TIMER/STOP_TIMER macros and
-Werror=declaration-after-statement.  START_TIMER declares variables and thus
may not be placed after statements outside of a new block.
2012-01-04 15:05:49 +01:00
John BrooksandKostya Shishkov d209c27b09 vc1dec: fix invalid memory access for small video dimensions
For small video dimensions, these calculations of the upper bound
for pixel access may have a negative result. Using an unsigned
comparison to bound a potentially negative value only works if
the greater operand is non-negative. Fixed by doing edge emulation
when the upper bound is probably negative, everywhere that this
pattern appears.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:35:26 +01:00
John BrooksandKostya Shishkov aacf6b3a2f rv34: fix invalid memory access for small video dimensions
For small video dimensions calculations of the upper bound for pixel
access may result in negative value. Using an unsigned comparison
works only if the greater operand is non-negative. This is fixed by
doing edge emulation explicitly for such conditions.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:32:23 +01:00