RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge commit '327ff82bac3081d918dceb4931c77e25d0a1480d' into release/0.10 

* commit '327ff82bac3081d918dceb4931c77e25d0a1480d':
  msrle: convert MS RLE decoding function to bytestream2.
  Update Changelog for the 0.8.6 Release
  wmaprodec: require block_align to be set.
  ivi_common: do not call MC for intra frames when dc_transform is unset
  roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
  Revert "libmp3lame: use the correct remaining buffer size when flushing"
  lzo: fix overflow checking in copy_backptr()
  flacdec: simplify bounds checking in flac_probe()
  atrac3: avoid oversized shifting in decode_bytes()
  avconv: skip attached files when selecting streams to read from.
  lavf: fix arithmetic overflows in avformat_seek_file()

Conflicts:
	Changelog
	avconv.c
	libavcodec/libmp3lame.c
	libavcodec/msrledec.c
	libavformat/utils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-04-07 15:42:45 +02:00
parent 0af8ed29e4 327ff82bac
commit e9d5a6f1c5
13 changed files with 106 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/aasc.c
View File

@ -34,17 +34,10 @@
typedef struct AascContext {
AVCodecContext *avctx;
GetByteContext gb;
AVFrame frame;
} AascContext;
#define FETCH_NEXT_STREAM_BYTE() \
if (stream_ptr >= buf_size) \
{ \
av_log(s->avctx, AV_LOG_ERROR, " AASC: stream ptr just went out of bounds (fetch)\n"); \
break; \
} \
stream_byte = buf[stream_ptr++];
static av_cold int aasc_decode_init(AVCodecContext *avctx)
{
AascContext *s = avctx->priv_data;
@ -89,7 +82,8 @@ static int aasc_decode_frame(AVCodecContext *avctx,
}
break;
case 1:
ff_msrle_decode(avctx, (AVPicture*)&s->frame, 8, buf - 4, buf_size + 4);
bytestream2_init(&s->gb, buf - 4, buf_size + 4);
ff_msrle_decode(avctx, (AVPicture*)&s->frame, 8, &s->gb);
break;
default:
av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n", compr);

7
libavcodec/atrac3.c
View File

@ -184,8 +184,11 @@ static int decode_bytes(const uint8_t* inbuffer, uint8_t* out, int bytes){
uint32_t* obuf = (uint32_t*) out;
off = (intptr_t)inbuffer & 3;
buf = (const uint32_t*) (inbuffer - off);
c = av_be2ne32((0x537F6103 >> (off*8)) | (0x537F6103 << (32-(off*8))));
buf = (const uint32_t *)(inbuffer - off);
if (off)
c = av_be2ne32((0x537F6103U >> (off * 8)) | (0x537F6103U << (32 - (off * 8))));
else
c = av_be2ne32(0x537F6103U);
bytes += 3 + off;
for (i = 0; i < bytes/4; i++)
obuf[i] = c ^ buf[i];

4
libavcodec/bmp.c
View File

@ -53,6 +53,7 @@ static int bmp_decode_frame(AVCodecContext *avctx,
uint8_t *ptr;
int dsize;
const uint8_t *buf0 = buf;
GetByteContext gb;
if(buf_size < 14){
av_log(avctx, AV_LOG_ERROR, "buf size too small (%d)\n", buf_size);
@ -268,7 +269,8 @@ static int bmp_decode_frame(AVCodecContext *avctx,
p->data[0] += p->linesize[0] * (avctx->height - 1);
p->linesize[0] = -p->linesize[0];
}
ff_msrle_decode(avctx, (AVPicture*)p, depth, buf, dsize);
bytestream2_init(&gb, buf, dsize);
ff_msrle_decode(avctx, (AVPicture*)p, depth, &gb);
if(height < 0){
p->data[0] += p->linesize[0] * (avctx->height - 1);
p->linesize[0] = -p->linesize[0];

7
libavcodec/ivi_common.c
View File

@ -480,9 +480,10 @@ int ff_ivi_decode_blocks(GetBitContext *gb, IVIBandDesc *band, IVITile *tile)
/* block not coded */
/* for intra blocks apply the dc slant transform */
/* for inter - perform the motion compensation without delta */
if (is_intra && band->dc_transform) {
band->dc_transform(&prev_dc, band->buf + buf_offs,
band->pitch, blk_size);
if (is_intra) {
if (band->dc_transform)
band->dc_transform(&prev_dc, band->buf + buf_offs,
band->pitch, blk_size);
} else
mc_no_delta_func(band->buf + buf_offs,
band->ref_buf + buf_offs + mv_y * band->pitch + mv_x,

4
libavcodec/msrle.c
View File

@ -40,6 +40,7 @@ typedef struct MsrleContext {
AVCodecContext *avctx;
AVFrame frame;
GetByteContext gb;
const unsigned char *buf;
int size;
@ -127,7 +128,8 @@ static int msrle_decode_frame(AVCodecContext *avctx,
ptr += s->frame.linesize[0];
}
} else {
ff_msrle_decode(avctx, (AVPicture*)&s->frame, avctx->bits_per_coded_sample, buf, buf_size);
bytestream2_init(&s->gb, buf, buf_size);
ff_msrle_decode(avctx, (AVPicture*)&s->frame, avctx->bits_per_coded_sample, &s->gb);
}
*data_size = sizeof(AVFrame);

134
libavcodec/msrledec.c
View File

@ -30,18 +30,9 @@
#include "avcodec.h"
#include "msrledec.h"
#define FETCH_NEXT_STREAM_BYTE() \
if (stream_ptr >= data_size) \
{ \
av_log(avctx, AV_LOG_ERROR, " MS RLE: stream ptr just went out of bounds (1)\n"); \
return -1; \
} \
stream_byte = data[stream_ptr++];
static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
const uint8_t *data, int data_size)
GetByteContext *gb)
{
int stream_ptr = 0;
unsigned char rle_code;
unsigned char extra_byte, odd_pixel;
unsigned char stream_byte;
@ -52,11 +43,16 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
int i;
while (row_ptr >= 0) {
FETCH_NEXT_STREAM_BYTE();
rle_code = stream_byte;
if (bytestream2_get_bytes_left(gb) <= 0) {
av_log(avctx, AV_LOG_ERROR,
"MS RLE: bytestream overrun, %d rows left\n",
row_ptr);
return AVERROR_INVALIDDATA;
}
rle_code = stream_byte = bytestream2_get_byteu(gb);
if (rle_code == 0) {
/* fetch the next byte to see how to handle escape code */
FETCH_NEXT_STREAM_BYTE();
stream_byte = bytestream2_get_byte(gb);
if (stream_byte == 0) {
/* line is done, goto the next one */
row_ptr -= row_dec;
@ -66,24 +62,26 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
return 0;
} else if (stream_byte == 2) {
/* reposition frame decode coordinates */
FETCH_NEXT_STREAM_BYTE();
stream_byte = bytestream2_get_byte(gb);
pixel_ptr += stream_byte;
FETCH_NEXT_STREAM_BYTE();
stream_byte = bytestream2_get_byte(gb);
row_ptr -= stream_byte * row_dec;
} else {
// copy pixels from encoded stream
odd_pixel = stream_byte & 1;
rle_code = (stream_byte + 1) / 2;
extra_byte = rle_code & 0x01;
if (row_ptr + pixel_ptr + stream_byte > frame_size) {
av_log(avctx, AV_LOG_ERROR, " MS RLE: frame ptr just went out of bounds (1)\n");
return -1;
if (row_ptr + pixel_ptr + stream_byte > frame_size ||
bytestream2_get_bytes_left(gb) < rle_code) {
av_log(avctx, AV_LOG_ERROR,
"MS RLE: frame/stream ptr just went out of bounds (copy)\n");
return AVERROR_INVALIDDATA;
}
for (i = 0; i < rle_code; i++) {
if (pixel_ptr >= avctx->width)
break;
FETCH_NEXT_STREAM_BYTE();
stream_byte = bytestream2_get_byteu(gb);
pic->data[0][row_ptr + pixel_ptr] = stream_byte >> 4;
pixel_ptr++;
if (i + 1 == rle_code && odd_pixel)
@ -96,15 +94,16 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
// if the RLE code is odd, skip a byte in the stream
if (extra_byte)
stream_ptr++;
bytestream2_skip(gb, 1);
}
} else {
// decode a run of data
if (row_ptr + pixel_ptr + stream_byte > frame_size) {
av_log(avctx, AV_LOG_ERROR, " MS RLE: frame ptr just went out of bounds (1)\n");
return -1;
av_log(avctx, AV_LOG_ERROR,
"MS RLE: frame ptr just went out of bounds (run)\n");
return AVERROR_INVALIDDATA;
}
FETCH_NEXT_STREAM_BYTE();
stream_byte = bytestream2_get_byte(gb);
for (i = 0; i < rle_code; i++) {
if (pixel_ptr >= avctx->width)
break;
@ -118,21 +117,21 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
}
/* one last sanity check on the way out */
if (stream_ptr < data_size) {
av_log(avctx, AV_LOG_ERROR, " MS RLE: ended frame decode with bytes left over (%d < %d)\n",
stream_ptr, data_size);
return -1;
if (bytestream2_get_bytes_left(gb)) {
av_log(avctx, AV_LOG_ERROR,
"MS RLE: ended frame decode with %d bytes left over\n",
bytestream2_get_bytes_left(gb));
return AVERROR_INVALIDDATA;
}
return 0;
}
static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int depth,
const uint8_t *data, int srcsize)
static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic,
int depth, GetByteContext *gb)
{
uint8_t *output, *output_end;
const uint8_t* src = data;
int p1, p2, line=avctx->height - 1, pos=0, i;
uint16_t av_uninit(pix16);
uint32_t av_uninit(pix32);
@ -140,23 +139,30 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de
output = pic->data[0] + (avctx->height - 1) * pic->linesize[0];
output_end = pic->data[0] + avctx->height * pic->linesize[0];
while(src + 1 < data + srcsize) {
p1 = *src++;
while (bytestream2_get_bytes_left(gb) > 0) {
p1 = bytestream2_get_byteu(gb);
if(p1 == 0) { //Escape code
p2 = *src++;
p2 = bytestream2_get_byte(gb);
if(p2 == 0) { //End-of-line
output = pic->data[0] + (--line) * pic->linesize[0];
if (line < 0 && !(src+1 < data + srcsize && AV_RB16(src) == 1)) {
av_log(avctx, AV_LOG_ERROR, "Next line is beyond picture bounds\n");
return -1;
if (line < 0) {
if (bytestream2_get_be16(gb) == 1) { // end-of-picture
return 0;
} else {
av_log(avctx, AV_LOG_ERROR,
"Next line is beyond picture bounds (%d bytes left)\n",
bytestream2_get_bytes_left(gb));
return AVERROR_INVALIDDATA;
}
}
pos = 0;
continue;
} else if(p2 == 1) { //End-of-picture
return 0;
} else if(p2 == 2) { //Skip
p1 = *src++;
p2 = *src++;
p1 = bytestream2_get_byte(gb);
p2 = bytestream2_get_byte(gb);
line -= p2;
pos += p1;
if (line < 0 || pos >= width){
@ -167,35 +173,31 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de
continue;
}
// Copy data
if ((pic->linesize[0] > 0 && output + p2 * (depth >> 3) > output_end)
||(pic->linesize[0] < 0 && output + p2 * (depth >> 3) < output_end)) {
src += p2 * (depth >> 3);
if ((pic->linesize[0] > 0 && output + p2 * (depth >> 3) > output_end) ||
(pic->linesize[0] < 0 && output + p2 * (depth >> 3) < output_end)) {
bytestream2_skip(gb, 2 * (depth >> 3));
continue;
} else if (bytestream2_get_bytes_left(gb) < p2 * (depth >> 3)) {
av_log(avctx, AV_LOG_ERROR, "bytestream overrun\n");
return AVERROR_INVALIDDATA;
}
if(data + srcsize - src < p2 * (depth >> 3)){
av_log(avctx, AV_LOG_ERROR, "Copy beyond input buffer\n");
return -1;
}
if ((depth == 8) || (depth == 24)) {
for(i = 0; i < p2 * (depth >> 3); i++) {
*output++ = *src++;
*output++ = bytestream2_get_byteu(gb);
}
// RLE8 copy is actually padded - and runs are not!
if(depth == 8 && (p2 & 1)) {
src++;
bytestream2_skip(gb, 1);
}
} else if (depth == 16) {
for(i = 0; i < p2; i++) {
pix16 = AV_RL16(src);
src += 2;
*(uint16_t*)output = pix16;
*(uint16_t*)output = bytestream2_get_le16u(gb);
output += 2;
}
} else if (depth == 32) {
for(i = 0; i < p2; i++) {
pix32 = AV_RL32(src);
src += 4;
*(uint32_t*)output = pix32;
*(uint32_t*)output = bytestream2_get_le32u(gb);
output += 4;
}
}
@ -203,21 +205,19 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de
} else { //run of pixels
uint8_t pix[3]; //original pixel
switch(depth){
case 8: pix[0] = *src++;
case 8: pix[0] = bytestream2_get_byte(gb);
break;
case 16: pix16 = AV_RL16(src);
src += 2;
case 16: pix16 = bytestream2_get_le16(gb);
break;
case 24: pix[0] = *src++;
pix[1] = *src++;
pix[2] = *src++;
case 24: pix[0] = bytestream2_get_byte(gb);
pix[1] = bytestream2_get_byte(gb);
pix[2] = bytestream2_get_byte(gb);
break;
case 32: pix32 = AV_RL32(src);
src += 4;
case 32: pix32 = bytestream2_get_le32(gb);
break;
}
if ((pic->linesize[0] > 0 && output + p1 * (depth >> 3) > output_end)
||(pic->linesize[0] < 0 && output + p1 * (depth >> 3) < output_end))
if ((pic->linesize[0] > 0 && output + p1 * (depth >> 3) > output_end) ||
(pic->linesize[0] < 0 && output + p1 * (depth >> 3) < output_end))
continue;
for(i = 0; i < p1; i++) {
switch(depth){
@ -244,17 +244,17 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de
}
int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic, int depth,
const uint8_t* data, int data_size)
int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic,
int depth, GetByteContext *gb)
{
switch(depth){
case 4:
return msrle_decode_pal4(avctx, pic, data, data_size);
return msrle_decode_pal4(avctx, pic, gb);
case 8:
case 16:
case 24:
case 32:
return msrle_decode_8_16_24_32(avctx, pic, depth, data, data_size);
return msrle_decode_8_16_24_32(avctx, pic, depth, gb);
default:
av_log(avctx, AV_LOG_ERROR, "Unknown depth %d\n", depth);
return -1;

8
libavcodec/msrledec.h
View File

@ -23,6 +23,7 @@
#define AVCODEC_MSRLEDEC_H
#include "avcodec.h"
#include "bytestream.h"
/**
* Decode stream in MS RLE format into frame.
@ -30,11 +31,10 @@
* @param avctx codec context
* @param pic destination frame
* @param depth bit depth
* @param data input stream
* @param data_size input size
* @param gb input bytestream context
*/
int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic, int depth,
const uint8_t* data, int data_size);
int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic,
int depth, GetByteContext *gb);
#endif /* AVCODEC_MSRLEDEC_H */

2
libavcodec/roqvideodec.c
View File

@ -43,7 +43,7 @@ static void roqvideo_decode_frame(RoqContext *ri)
roq_qcell *qcell;
int64_t chunk_start;
while (bytestream2_get_bytes_left(&ri->gb) > 0) {
while (bytestream2_get_bytes_left(&ri->gb) >= 8) {
chunk_id = bytestream2_get_le16(&ri->gb);
chunk_size = bytestream2_get_le32(&ri->gb);
chunk_arg = bytestream2_get_le16(&ri->gb);

8
libavcodec/tscc.c
View File

@ -58,6 +58,7 @@ typedef struct TsccContext {
unsigned int decomp_size;
// Decompression buffer
unsigned char* decomp_buf;
GetByteContext gb;
int height;
z_stream zstream;
@ -105,8 +106,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
}
if(zret != Z_DATA_ERROR)
ff_msrle_decode(avctx, (AVPicture*)&c->pic, c->bpp, c->decomp_buf, c->decomp_size - c->zstream.avail_out);
if (zret != Z_DATA_ERROR) {
bytestream2_init(&c->gb, c->decomp_buf,
c->decomp_size - c->zstream.avail_out);
ff_msrle_decode(avctx, (AVPicture*)&c->pic, c->bpp, &c->gb);
}
/* make the palette available on the way out */
if (c->avctx->pix_fmt == PIX_FMT_PAL8) {

5
libavcodec/wmaprodec.c
View File

@ -280,6 +280,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
int log2_max_num_subframes;
int num_possible_block_sizes;
if (!avctx->block_align) {
av_log(avctx, AV_LOG_ERROR, "block_align is not set\n");
return AVERROR(EINVAL);
}
s->avctx = avctx;
dsputil_init(&s->dsp, avctx);
ff_fmt_convert_init(&s->fmt_conv, avctx);

8
libavformat/flacdec.c
View File

@ -143,11 +143,9 @@ static int flac_read_header(AVFormatContext *s,
static int flac_probe(AVProbeData *p)
{
uint8_t *bufptr = p->buf;
uint8_t *end = p->buf + p->buf_size;
if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0;
else return AVPROBE_SCORE_MAX/2;
if (p->buf_size < 4 || memcmp(p->buf, "fLaC", 4))
return 0;
return AVPROBE_SCORE_MAX/2;
}
AVInputFormat ff_flac_demuxer = {

2
libavformat/utils.c
View File

@ -1948,7 +1948,7 @@ int avformat_seek_file(AVFormatContext *s, int stream_index, int64_t min_ts, int
//Note the old has somewat different sematics
AV_NOWARN_DEPRECATED(
if(s->iformat->read_seek || 1)
return av_seek_frame(s, stream_index, ts, flags | (ts - min_ts > (uint64_t)(max_ts - ts) ? AVSEEK_FLAG_BACKWARD : 0));
return av_seek_frame(s, stream_index, ts, flags | ((uint64_t)ts - min_ts > (uint64_t)max_ts - ts ? AVSEEK_FLAG_BACKWARD : 0));
)
// try some generic seek like seek_frame_generic() but with new ts semantics

3
libavutil/lzo.c
View File

@ -119,9 +119,8 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt);
* thus creating a repeating pattern with a period length of back.
*/
static inline void copy_backptr(LZOContext *c, int back, int cnt) {
register const uint8_t *src = &c->out[-back];
register uint8_t *dst = c->out;
if (src < c->out_start || src > dst) {
if (dst - c->out_start < back) {
c->error |= AV_LZO_INVALID_BACKPTR;
return;
}