From 63d64228a7f31d534e3bcae87cbd37f4a0ae2dd6 Mon Sep 17 00:00:00 2001 From: David Goldwich Date: Sat, 17 Sep 2011 13:50:35 +0200 Subject: [PATCH 01/14] lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails Signed-off-by: David Goldwich Signed-off-by: Anton Khirnov --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index ae71763a87..05d4fda52c 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -470,8 +470,8 @@ int av_open_input_stream(AVFormatContext **ic_ptr, goto fail; ic->pb = ic->pb ? ic->pb : pb; // don't leak custom pb if it wasn't set above - *ic_ptr = ic; fail: + *ic_ptr = ic; av_dict_free(&opts); return err; } From 3e033da84782e12ed529e6a88dd53b6a72199e8e Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 21:17:45 +0000 Subject: [PATCH 02/14] rmdec: use the deinterleaving mode and not the codec when creating audio packets. It prevents crashes due to non initialized fields. Signed-off-by: Anton Khirnov --- libavformat/rmdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 02ff7e93f0..4b891817af 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -813,7 +813,8 @@ ff_rm_retrieve_cache (AVFormatContext *s, AVIOContext *pb, assert (rm->audio_pkt_cnt > 0); - if (st->codec->codec_id == CODEC_ID_AAC) + if (ast->deint_id == DEINT_ID_VBRF || + ast->deint_id == DEINT_ID_VBRS) av_get_packet(pb, pkt, ast->sub_packet_lengths[ast->sub_packet_cnt - rm->audio_pkt_cnt]); else { av_new_packet(pkt, st->codec->block_align); From 9bc393908a6b522c93034b87b8f9f21cb13d7d69 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Tue, 3 May 2011 23:31:14 +0200 Subject: [PATCH 03/14] eval: add sqrt function for computing the square root --- doc/eval.texi | 4 ++++ libavutil/avutil.h | 2 +- libavutil/eval.c | 6 ++++++ tests/ref/fate/eval | 6 ++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/doc/eval.texi b/doc/eval.texi index d8c693f304..4a9495cf30 100644 --- a/doc/eval.texi +++ b/doc/eval.texi @@ -72,6 +72,10 @@ integer. For example, "floor(-1.5)" is "-2.0". @item trunc(expr) Round the value of expression @var{expr} towards zero to the nearest integer. For example, "trunc(-1.5)" is "-1.0". + +@item sqrt(expr) +Compute the square root of @var{expr}. This is equivalent to +"(@var{expr})^.5". @end table Note that: diff --git a/libavutil/avutil.h b/libavutil/avutil.h index 3f9267908a..7d995c25c6 100644 --- a/libavutil/avutil.h +++ b/libavutil/avutil.h @@ -41,7 +41,7 @@ #define LIBAVUTIL_VERSION_MAJOR 51 #define LIBAVUTIL_VERSION_MINOR 10 -#define LIBAVUTIL_VERSION_MICRO 0 +#define LIBAVUTIL_VERSION_MICRO 1 #define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \ LIBAVUTIL_VERSION_MINOR, \ diff --git a/libavutil/eval.c b/libavutil/eval.c index 6d9b8e4208..878cf5c643 100644 --- a/libavutil/eval.c +++ b/libavutil/eval.c @@ -123,6 +123,7 @@ struct AVExpr { e_mod, e_max, e_min, e_eq, e_gt, e_gte, e_pow, e_mul, e_div, e_add, e_last, e_st, e_while, e_floor, e_ceil, e_trunc, + e_sqrt, } type; double value; // is sign in other types union { @@ -149,6 +150,7 @@ static double eval_expr(Parser *p, AVExpr *e) case e_floor: return e->value * floor(eval_expr(p, e->param[0])); case e_ceil : return e->value * ceil (eval_expr(p, e->param[0])); case e_trunc: return e->value * trunc(eval_expr(p, e->param[0])); + case e_sqrt: return e->value * sqrt (eval_expr(p, e->param[0])); case e_while: { double d = NAN; while (eval_expr(p, e->param[0])) @@ -283,6 +285,7 @@ static int parse_primary(AVExpr **e, Parser *p) else if (strmatch(next, "floor" )) d->type = e_floor; else if (strmatch(next, "ceil" )) d->type = e_ceil; else if (strmatch(next, "trunc" )) d->type = e_trunc; + else if (strmatch(next, "sqrt" )) d->type = e_sqrt; else { for (i=0; p->func1_names && p->func1_names[i]; i++) { if (strmatch(next, p->func1_names[i])) { @@ -450,6 +453,7 @@ static int verify_expr(AVExpr *e) case e_floor: case e_ceil: case e_trunc: + case e_sqrt: return verify_expr(e->param[0]); default: return verify_expr(e->param[0]) && verify_expr(e->param[1]); } @@ -600,6 +604,8 @@ int main(int argc, char **argv) "trunc(-123.123)", "ceil(123.123)", "ceil(-123.123)", + "sqrt(1764)", + "sqrt(-1)", NULL }; diff --git a/tests/ref/fate/eval b/tests/ref/fate/eval index ad01891d9c..00e5887a9a 100644 --- a/tests/ref/fate/eval +++ b/tests/ref/fate/eval @@ -133,5 +133,11 @@ Evaluating 'ceil(123.123)' Evaluating 'ceil(-123.123)' 'ceil(-123.123)' -> -123.000000 +Evaluating 'sqrt(1764)' +'sqrt(1764)' -> 42.000000 + +Evaluating 'sqrt(-1)' +'sqrt(-1)' -> -nan + 12.700000 == 12.7 0.931323 == 0.931322575 From 8cee38a298bb818a400f0dce0efd54d593250eec Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Mon, 23 May 2011 13:13:50 +0200 Subject: [PATCH 04/14] eval: implement not() expression --- doc/eval.texi | 8 +++----- libavutil/avutil.h | 2 +- libavutil/eval.c | 8 +++++++- tests/ref/fate/eval | 9 +++++++++ 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/doc/eval.texi b/doc/eval.texi index 4a9495cf30..7d8106b89e 100644 --- a/doc/eval.texi +++ b/doc/eval.texi @@ -76,6 +76,9 @@ integer. For example, "trunc(-1.5)" is "-1.0". @item sqrt(expr) Compute the square root of @var{expr}. This is equivalent to "(@var{expr})^.5". + +@item not(expr) +Return 1.0 if @var{expr} is zero, 0.0 otherwise. @end table Note that: @@ -93,11 +96,6 @@ is equivalent to A*B + not(A)*C @end example -When A evaluates to either 1 or 0, that is the same as -@example -A*B + eq(A,0)*C -@end example - In your C code, you can extend the list of unary and binary functions, and define recognized constants, so that they are available for your expressions. diff --git a/libavutil/avutil.h b/libavutil/avutil.h index 7d995c25c6..5d378ce3a9 100644 --- a/libavutil/avutil.h +++ b/libavutil/avutil.h @@ -41,7 +41,7 @@ #define LIBAVUTIL_VERSION_MAJOR 51 #define LIBAVUTIL_VERSION_MINOR 10 -#define LIBAVUTIL_VERSION_MICRO 1 +#define LIBAVUTIL_VERSION_MICRO 2 #define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \ LIBAVUTIL_VERSION_MINOR, \ diff --git a/libavutil/eval.c b/libavutil/eval.c index 878cf5c643..4126cd7f69 100644 --- a/libavutil/eval.c +++ b/libavutil/eval.c @@ -123,7 +123,7 @@ struct AVExpr { e_mod, e_max, e_min, e_eq, e_gt, e_gte, e_pow, e_mul, e_div, e_add, e_last, e_st, e_while, e_floor, e_ceil, e_trunc, - e_sqrt, + e_sqrt, e_not, } type; double value; // is sign in other types union { @@ -151,6 +151,7 @@ static double eval_expr(Parser *p, AVExpr *e) case e_ceil : return e->value * ceil (eval_expr(p, e->param[0])); case e_trunc: return e->value * trunc(eval_expr(p, e->param[0])); case e_sqrt: return e->value * sqrt (eval_expr(p, e->param[0])); + case e_not: return e->value * eval_expr(p, e->param[0]) == 0; case e_while: { double d = NAN; while (eval_expr(p, e->param[0])) @@ -286,6 +287,7 @@ static int parse_primary(AVExpr **e, Parser *p) else if (strmatch(next, "ceil" )) d->type = e_ceil; else if (strmatch(next, "trunc" )) d->type = e_trunc; else if (strmatch(next, "sqrt" )) d->type = e_sqrt; + else if (strmatch(next, "not" )) d->type = e_not; else { for (i=0; p->func1_names && p->func1_names[i]; i++) { if (strmatch(next, p->func1_names[i])) { @@ -454,6 +456,7 @@ static int verify_expr(AVExpr *e) case e_ceil: case e_trunc: case e_sqrt: + case e_not: return verify_expr(e->param[0]); default: return verify_expr(e->param[0]) && verify_expr(e->param[1]); } @@ -606,6 +609,9 @@ int main(int argc, char **argv) "ceil(-123.123)", "sqrt(1764)", "sqrt(-1)", + "not(1)", + "not(NAN)", + "not(0)", NULL }; diff --git a/tests/ref/fate/eval b/tests/ref/fate/eval index 00e5887a9a..0e4844efc5 100644 --- a/tests/ref/fate/eval +++ b/tests/ref/fate/eval @@ -139,5 +139,14 @@ Evaluating 'sqrt(1764)' Evaluating 'sqrt(-1)' 'sqrt(-1)' -> -nan +Evaluating 'not(1)' +'not(1)' -> 0.000000 + +Evaluating 'not(NAN)' +'not(NAN)' -> 0.000000 + +Evaluating 'not(0)' +'not(0)' -> 1.000000 + 12.700000 == 12.7 0.931323 == 0.931322575 From deb58ab4475f6c59f9f859345ce85967d23acca6 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Wed, 25 May 2011 09:37:25 +0200 Subject: [PATCH 05/14] vsrc_buffer: remove duplicated file description Signed-off-by: Anton Khirnov --- libavfilter/vsrc_buffer.h | 1 - 1 file changed, 1 deletion(-) diff --git a/libavfilter/vsrc_buffer.h b/libavfilter/vsrc_buffer.h index cfaf7919ac..13a209c768 100644 --- a/libavfilter/vsrc_buffer.h +++ b/libavfilter/vsrc_buffer.h @@ -1,5 +1,4 @@ /* - * Memory buffer source filter * Copyright (c) 2008 Vitor Sessak * * This file is part of Libav. From 753890d0dbb641af156706594dfb2dec39644f4a Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 18 Jun 2011 01:46:27 +0200 Subject: [PATCH 06/14] vsrc_color: add @file doxy Also remove outdated reference to color in vf_pad.c. Signed-off-by: Anton Khirnov --- libavfilter/vf_pad.c | 2 +- libavfilter/vsrc_color.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libavfilter/vf_pad.c b/libavfilter/vf_pad.c index 851172c058..27440d842f 100644 --- a/libavfilter/vf_pad.c +++ b/libavfilter/vf_pad.c @@ -21,7 +21,7 @@ /** * @file - * video padding filter and color source + * video padding filter */ #include "avfilter.h" diff --git a/libavfilter/vsrc_color.c b/libavfilter/vsrc_color.c index 0fb08d7dc6..fafa219435 100644 --- a/libavfilter/vsrc_color.c +++ b/libavfilter/vsrc_color.c @@ -18,6 +18,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +/** + * @file + * color source + */ + #include "avfilter.h" #include "libavutil/pixdesc.h" #include "libavutil/colorspace.h" From 91aff2665dc5bcd74ab3a3a2ae47b653fecdf178 Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 18 Jun 2011 01:47:37 +0200 Subject: [PATCH 07/14] vsrc_color: set output pos values to -1 -1 is more correct than 0, as the position in the file is undefined. Signed-off-by: Anton Khirnov --- libavfilter/vsrc_color.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vsrc_color.c b/libavfilter/vsrc_color.c index fafa219435..1248ffd959 100644 --- a/libavfilter/vsrc_color.c +++ b/libavfilter/vsrc_color.c @@ -140,7 +140,7 @@ static int color_request_frame(AVFilterLink *link) AVFilterBufferRef *picref = avfilter_get_video_buffer(link, AV_PERM_WRITE, color->w, color->h); picref->video->pixel_aspect = (AVRational) {1, 1}; picref->pts = av_rescale_q(color->pts++, color->time_base, AV_TIME_BASE_Q); - picref->pos = 0; + picref->pos = -1; avfilter_start_frame(link, avfilter_ref_buffer(picref, ~0)); ff_draw_rectangle(picref->data, picref->linesize, From ab09df9deae8be0e3346e9255a80d616517c32d5 Mon Sep 17 00:00:00 2001 From: Joakim Plate Date: Sun, 3 Jul 2011 13:19:44 +0200 Subject: [PATCH 08/14] vf_yadif: add an option to enable/disable deinterlacing based on src frame "interlaced" flag Signed-off-by: Joakim Plate Signed-off-by: Anton Khirnov --- doc/filters.texi | 14 +++++++++++++- libavfilter/vf_yadif.c | 28 ++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/doc/filters.texi b/doc/filters.texi index a86b20e86d..f0a43813b6 100644 --- a/doc/filters.texi +++ b/doc/filters.texi @@ -1504,7 +1504,7 @@ Flip the input video vertically. Deinterlace the input video ("yadif" means "yet another deinterlacing filter"). -It accepts the optional parameters: @var{mode}:@var{parity}. +It accepts the optional parameters: @var{mode}:@var{parity}:@var{auto}. @var{mode} specifies the interlacing mode to adopt, accepts one of the following values: @@ -1538,6 +1538,18 @@ Default value is -1. If interlacing is unknown or decoder does not export this information, top field first will be assumed. +@var{auto] specifies if deinterlacer should trust the interlaced flag +and only deinterlace frames marked as interlaced + +@table @option +@item 0 +deinterlace all frames +@item 1 +only deinterlace frames marked as interlaced +@end table + +Default value is 0. + @c man end VIDEO FILTERS @chapter Video Sources diff --git a/libavfilter/vf_yadif.c b/libavfilter/vf_yadif.c index 42a7219d26..aa5c434af9 100644 --- a/libavfilter/vf_yadif.c +++ b/libavfilter/vf_yadif.c @@ -46,6 +46,12 @@ typedef struct { int frame_pending; + /** + * 0: deinterlace all frames + * 1: only deinterlace frames marked as interlaced + */ + int auto_enable; + AVFilterBufferRef *cur; AVFilterBufferRef *next; AVFilterBufferRef *prev; @@ -242,6 +248,14 @@ static void start_frame(AVFilterLink *link, AVFilterBufferRef *picref) if (!yadif->cur) return; + if (yadif->auto_enable && !yadif->cur->video->interlaced) { + yadif->out = avfilter_ref_buffer(yadif->cur, AV_PERM_READ); + avfilter_unref_buffer(yadif->prev); + yadif->prev = NULL; + avfilter_start_frame(ctx->outputs[0], yadif->out); + return; + } + if (!yadif->prev) yadif->prev = avfilter_ref_buffer(yadif->cur, AV_PERM_READ); @@ -261,6 +275,12 @@ static void end_frame(AVFilterLink *link) if (!yadif->out) return; + if (yadif->auto_enable && !yadif->cur->video->interlaced) { + avfilter_draw_slice(ctx->outputs[0], 0, link->h, 1); + avfilter_end_frame(ctx->outputs[0]); + return; + } + return_frame(ctx, 0); } @@ -301,6 +321,9 @@ static int poll_frame(AVFilterLink *link) } assert(yadif->next || !val); + if (yadif->auto_enable && yadif->next && !yadif->next->video->interlaced) + return val; + return val * ((yadif->mode&1)+1); } @@ -346,9 +369,10 @@ static av_cold int init(AVFilterContext *ctx, const char *args, void *opaque) yadif->mode = 0; yadif->parity = -1; + yadif->auto_enable = 0; yadif->csp = NULL; - if (args) sscanf(args, "%d:%d", &yadif->mode, &yadif->parity); + if (args) sscanf(args, "%d:%d:%d", &yadif->mode, &yadif->parity, &yadif->auto_enable); yadif->filter_line = filter_line_c; if (HAVE_SSSE3 && cpu_flags & AV_CPU_FLAG_SSSE3) @@ -358,7 +382,7 @@ static av_cold int init(AVFilterContext *ctx, const char *args, void *opaque) else if (HAVE_MMX && cpu_flags & AV_CPU_FLAG_MMX) yadif->filter_line = ff_yadif_filter_line_mmx; - av_log(ctx, AV_LOG_INFO, "mode:%d parity:%d\n", yadif->mode, yadif->parity); + av_log(ctx, AV_LOG_INFO, "mode:%d parity:%d auto_enable:%d\n", yadif->mode, yadif->parity, yadif->auto_enable); return 0; } From 4a29b471869353c3077fb4b25b6518eb1047afb7 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sun, 18 Sep 2011 00:03:08 +0200 Subject: [PATCH 09/14] rv10: Reject slices that does not have the same type as the first one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö --- libavcodec/rv10.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c index d789eff787..3ba8102b50 100644 --- a/libavcodec/rv10.c +++ b/libavcodec/rv10.c @@ -531,6 +531,11 @@ static int rv10_decode_packet(AVCodecContext *avctx, if(MPV_frame_start(s, avctx) < 0) return -1; ff_er_frame_start(s); + } else { + if (s->current_picture_ptr->f.pict_type != s->pict_type) { + av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n"); + return -1; + } } av_dlog(avctx, "qscale=%d\n", s->qscale); From d0f6ab0298f2309c6104626787ed73416298b019 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 23:43:58 +0200 Subject: [PATCH 10/14] rv34: Avoid NULL dereference on corrupted bitstream MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Martin Storsjö --- libavcodec/rv34.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 90ff51d8f2..aa52a93dbb 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1533,7 +1533,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, break; } - if(last){ + if(last && s->current_picture_ptr){ if(r->loop_filter) r->loop_filter(r, s->mb_height - 1); ff_er_frame_end(s); From d2213b649383bc4d9428af42943457f782493be0 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 16:56:36 +0200 Subject: [PATCH 11/14] rv34: Fix buffer size used for MC of B frames after a resolution change MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- libavcodec/rv34.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index aa52a93dbb..5ec8bb369c 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1303,15 +1303,15 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int r->cbp_luma = av_realloc(r->cbp_luma, r->s.mb_stride * r->s.mb_height * sizeof(*r->cbp_luma)); r->cbp_chroma = av_realloc(r->cbp_chroma, r->s.mb_stride * r->s.mb_height * sizeof(*r->cbp_chroma)); r->deblock_coefs = av_realloc(r->deblock_coefs, r->s.mb_stride * r->s.mb_height * sizeof(*r->deblock_coefs)); + av_freep(&r->tmp_b_block_base); } s->pict_type = r->si.type ? r->si.type : AV_PICTURE_TYPE_I; if(MPV_frame_start(s, s->avctx) < 0) return -1; ff_er_frame_start(s); - if (!r->tmp_b_block_base || s->width != r->si.width || s->height != r->si.height) { + if (!r->tmp_b_block_base) { int i; - av_free(r->tmp_b_block_base); //realloc() doesn't guarantee alignment r->tmp_b_block_base = av_malloc(s->linesize * 48); for (i = 0; i < 2; i++) r->tmp_b_block_y[i] = r->tmp_b_block_base + i * 16 * s->linesize; From b4ed3d78cb6c41c9d3ee5918c326ab925edd6a89 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 16:56:30 +0200 Subject: [PATCH 12/14] rv34: Fix potential overreads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- libavcodec/rv34.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c index 5ec8bb369c..8223e92df3 100644 --- a/libavcodec/rv34.c +++ b/libavcodec/rv34.c @@ -1483,6 +1483,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, slice_count = (*buf++) + 1; slices_hdr = buf + 4; buf += 8 * slice_count; + buf_size -= 1 + 8 * slice_count; }else slice_count = avctx->slice_count; @@ -1501,7 +1502,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, if( (avctx->skip_frame >= AVDISCARD_NONREF && si.type==AV_PICTURE_TYPE_B) || (avctx->skip_frame >= AVDISCARD_NONKEY && si.type!=AV_PICTURE_TYPE_I) || avctx->skip_frame >= AVDISCARD_ALL) - return buf_size; + return avpkt->size; for(i = 0; i < slice_count; i++){ int offset = get_slice_offset(avctx, slices_hdr, i); @@ -1550,7 +1551,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx, } s->current_picture_ptr = NULL; //so we can detect if frame_end wasnt called (find some nicer solution...) } - return buf_size; + return avpkt->size; } av_cold int ff_rv34_decode_end(AVCodecContext *avctx) From f06068bbd6ed1f831dee0b0ee46e00ebe42ec1e2 Mon Sep 17 00:00:00 2001 From: Laurent Aimar Date: Sat, 17 Sep 2011 00:05:13 +0200 Subject: [PATCH 13/14] rmdec: Reject invalid deinterleaving parameters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- libavformat/rmdec.c | 57 ++++++++++++++++++++++++--------------------- 1 file changed, 31 insertions(+), 26 deletions(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 4b891817af..56ad3313cf 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -194,18 +194,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codec->codec_id = ff_codec_get_id(ff_rm_codec_tags, st->codec->codec_tag); - switch (ast->deint_id) { - case DEINT_ID_GENR: - case DEINT_ID_INT0: - case DEINT_ID_INT4: - case DEINT_ID_SIPR: - case DEINT_ID_VBRS: - case DEINT_ID_VBRF: - break; - default: - av_log(NULL,0,"Unknown interleaver %X\n", ast->deint_id); - return AVERROR_INVALIDDATA; - } switch (st->codec->codec_id) { case CODEC_ID_AC3: st->need_parsing = AVSTREAM_PARSE_FULL; @@ -214,13 +202,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codec->extradata_size= 0; ast->audio_framesize = st->codec->block_align; st->codec->block_align = coded_framesize; - - if(ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "ast->audio_framesize * sub_packet_h too large\n"); - return -1; - } - - av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h); break; case CODEC_ID_COOK: case CODEC_ID_ATRAC3: @@ -251,13 +232,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, } if ((ret = rm_read_extradata(pb, st->codec, codecdata_length)) < 0) return ret; - - if(ast->audio_framesize >= UINT_MAX / sub_packet_h){ - av_log(s, AV_LOG_ERROR, "rm->audio_framesize * sub_packet_h too large\n"); - return -1; - } - - av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h); break; case CODEC_ID_AAC: avio_rb16(pb); avio_r8(pb); @@ -277,6 +251,37 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, default: av_strlcpy(st->codec->codec_name, buf, sizeof(st->codec->codec_name)); } + if (ast->deint_id == DEINT_ID_INT4 || + ast->deint_id == DEINT_ID_GENR || + ast->deint_id == DEINT_ID_SIPR) { + if (st->codec->block_align <= 0 || + ast->audio_framesize * sub_packet_h > (unsigned)INT_MAX || + ast->audio_framesize * sub_packet_h < st->codec->block_align) + return AVERROR_INVALIDDATA; + if (av_new_packet(&ast->pkt, ast->audio_framesize * sub_packet_h) < 0) + return AVERROR(ENOMEM); + } + switch (ast->deint_id) { + case DEINT_ID_INT4: + if (ast->coded_framesize > ast->audio_framesize || + ast->coded_framesize * sub_packet_h > (2 + (sub_packet_h & 1)) * ast->audio_framesize) + return AVERROR_INVALIDDATA; + break; + case DEINT_ID_GENR: + if (ast->sub_packet_size <= 0 || + ast->sub_packet_size > ast->audio_framesize) + return AVERROR_INVALIDDATA; + break; + case DEINT_ID_SIPR: + case DEINT_ID_INT0: + case DEINT_ID_VBRS: + case DEINT_ID_VBRF: + break; + default: + av_log(NULL,0,"Unknown interleaver %X\n", ast->deint_id); + return AVERROR_INVALIDDATA; + } + if (read_all) { avio_r8(pb); avio_r8(pb); From c92a2a4eb8b883e82871c2415f757153d263b6b3 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Mon, 19 Sep 2011 15:15:56 +0200 Subject: [PATCH 14/14] movenc: fix NULL reference in mov_write_tkhd_tag st may be NULL when there are more mov streams than AVStreams, e.g. when chapters are present. --- libavformat/movenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index 88239c5655..b79bbe83c6 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -1217,7 +1217,7 @@ static int mov_write_tkhd_tag(AVIOContext *pb, MOVTrack *track, AVStream *st) avio_wb32(pb, 0); /* reserved */ avio_wb32(pb, 0); /* reserved */ avio_wb16(pb, 0); /* layer */ - avio_wb16(pb, st->codec->codec_type); /* alternate group) */ + avio_wb16(pb, st ? st->codec->codec_type : 0); /* alternate group) */ /* Volume, only for audio */ if(track->enc->codec_type == AVMEDIA_TYPE_AUDIO) avio_wb16(pb, 0x0100);