Commit Graph

77915 Commits

Author SHA1 Message Date
Andreas Cadhalpun
74474750f1 asfdec_o: prevent overflow causing seekback
This fixes infinite loops.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:38:50 +01:00
Andreas Cadhalpun
0002d845e8 asfdec_o: check avio_skip in asf_read_simple_index
The loop can be very long, even though the file is very short.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:37:30 +01:00
Andreas Cadhalpun
aa18016996 asfdec_o: reject size > INT64_MAX in asf_read_unknown
Both avio_skip and detect_unknown_subobject use int64_t for the size
parameter.

This fixes a segmentation fault due to infinite recursion.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:37:13 +01:00
Andreas Cadhalpun
763c572801 asfdec_o: only set asf_pkt->data_size after sanity checks
Otherwise invalid values are used unchecked in the next run.
This can cause NULL pointer dereferencing.

Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:36:41 +01:00
Andreas Cadhalpun
f8bc0137bd lavu: prevent overflow in av_clip_intp2_c
This fixes ubsan runtime error: signed integer overflow: 8388608 +
2140274688 cannot be represented in type 'int'

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-15 00:32:54 +01:00
Ganesh Ajjanagadde
2e4fd16f5b lavc/aacenc: use isfinite to simplify isnan/isinf logic
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2016-01-14 18:28:38 -05:00
Michael Niedermayer
c3a24006d5 avformat/rmdec: Fix Packet memleak at close()
Fixes: asan_heap-oob_445b39_1741_d00eb645ab48eb2203b4a04a5b997103.ivr

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Michael Niedermayer
80fd348bb7 avformat/rmdec: Check size in ivr_read_packet() before use
Fixes out of array access
Fixes: asan_heap-oob_445b39_1741_d00eb645ab48eb2203b4a04a5b997103.ivr

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Michael Niedermayer
fc2588a1d6 swscale/vscale: Use matching sliceY/chrSliceY for luma/chroma
No case known where that makes a difference

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 23:49:52 +01:00
Aman Gupta
3a0e5cfcee lavc/ccaption_dec: clear all unused rows during rollup
Sometimes rollup captions can move around the screen. This fixes "ghost"
captions from below the current rollup area from continuing to be
captured when a rollup moves higher up on the screen.
2016-01-14 23:13:15 +01:00
Aman Gupta
9027806e3c lavc/ccaption_dec: clean up whitespace 2016-01-14 23:13:09 +01:00
Aman Gupta
fdbe5cd5c5 fate: add test for realtime ccaption decoder 2016-01-14 22:41:41 +01:00
Aman Gupta
5c041e2ccc lavc/ccaption_dec: implement real_time option
This new mode is useful for realtime decoding of closed captions so they
can be display along with mpeg2 frames.

Closed caption streams contain two major types of captions:

- POPON captions, which are buffered off-screen and displayed
  only after EOC (end of caption, aka display buffer)

- PAINTON/ROLLUP captions, which are written to the display as soon as
  they arrive.

In a typical real-time eia608 decoder, commands like EOC (end of
caption; display buffer), EDM (erase display memory) and EBM (erase
buffered memory) perform their expected functions as soon as the
commands are processed. This is implemented in the real_time branches
added in this commit.

Before this commit, and in the !real_time branches after this commit,
the decoder cleverly implements its own version of the decoder which is
specifically geared towards buffered decoding. It does so by actively
ignoring commands like EBM (erase buffered memory), and then re-using
the non-display buffer to hold the previous caption while the new one is
received. This is the opposite of the real-time decoder, which uses the
non-display buffer to hold the new caption while the display buffer is
still showing the current caption.

In addition to ignoring EBM, the buffered decoder also has custom
implementations for EDM and EOC. An EDM (erase display memory) command
flushes the existing contents before clearing the screen, and EOC
similarly always flushes the active buffer (the previous subtitle)
before flipping buffers.
2016-01-14 22:41:41 +01:00
Paul B Mahol
d6f1abe9ce avfilter/vf_fftfilt: this is video filter so use pixels instead of samples
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 22:20:25 +01:00
Paul B Mahol
2bbc7e9625 avfilter/vf_fftfilt: use the name 's' for the pointer to the private context
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 22:19:52 +01:00
Aman Gupta
260e368717 lavc/ccaption_dec: flush context on seek 2016-01-14 22:08:59 +01:00
Michael Niedermayer
eb7802afef swscale/vscale: Check that 2 tap filters are bilinear before using bilinear code
Fixes: out of array reads
Fixes: 07e8b9c5d348ccdf7add0f37de20cf6c/asan_heap-oob_27e8df7_6849_e56653f768070ec8cb52f587048444c2.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:59:12 +01:00
Michael Niedermayer
b99f498716 swscale/output: Assert that yalpha and uvalpha are within their expected range
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
fe6372bb61 swscale/vscale: Add fixme comment to "ugly" code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
705a2f70ee swscale/slice: Fix indention
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
8feeffc1d7 swscale/slice: Fix doc typo
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
e06403331c swscale: Move Contexts used only in hscale.c into it
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Michael Niedermayer
7b6e6895f2 swscale: Move VScalerContext into vscale.c
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 21:58:02 +01:00
Paul B Mahol
653f9d84ae avfilter: add spectrumsynth filter
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 20:51:20 +01:00
Michael Niedermayer
cc538e9dbd swscale/utils: Detect and skip unneeded sws_setColorspaceDetails() calls
This avoids running various table inits unnecessarily

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Michael Niedermayer
8f3a9a8c27 swscale/yuv2rgb: Increase YUV2RGB table headroom
This makes SWS more robust
Fixes: 07650a772d98aa63b0fed6370dc89037/asan_heap-oob_27ddeaf_2657_2c81ff264dee5d9712cb3251fb9c3bbb.264
Fixes: out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Michael Niedermayer
5e5f82a287 swscale/yuv2rgb: Factor YUVRGB_TABLE_LUMA_HEADROOM out
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 15:46:55 +01:00
Paul B Mahol
70df51112c avfilter/af_dynaudnorm: fix possible null pointer dereference
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2016-01-14 14:30:36 +01:00
Claudio Freire
62dfe1d40d avcodec/aacenc_is: replace pow(x, 0.75) by x/sqrtf(sqrtf(x))
This is quite an accurate approximation; testing shows ~ 2ulp error in
the floating point result. Tested with FATE.

Alternatively, if one wants "full accuracy", one can use powf, or sqrt
instead of sqrtf. With powf, one gets 1 ulp error (theoretically should be 0, as
0.75 is exactly representable) on GNU libm, with sqrt, 0 ulp error.

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>

Abstracted into pos_pow34 utility function

Signed-off-by: Claudio Freire <klaussfreire@gmail.com>
2016-01-14 00:38:22 -03:00
Ganesh Ajjanagadde
a0a47a09b0 lavu/libm: add isfinite fallback
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2016-01-13 20:00:19 -05:00
Andreas Cadhalpun
44ac13eed4 dca: fix misaligned access in avpriv_dca_convert_bitstream
src and dst are only 8-bit-aligned, so accessing them as uint16_t causes
SIGBUS crashes on architectures like sparc.

This fixes ubsan runtime error: load of misaligned address for type
'const uint16_t', which requires 2 byte alignment

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-01-14 01:23:54 +01:00
Maxim Andreev
7145e80b4f avformat/hls: forbid all protocols except http(s) & file
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-14 00:18:00 +01:00
Michael Niedermayer
92465a2347 avcodec/aacenc: Check for +-Inf too
Fixes out of array read
Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_8790_ae85ffc889070663319b3417ede777b0.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 23:49:27 +01:00
James Almer
17e7fdf61a avcodec/wavpackenc: print channel count in av_log call
Fixes a warning with -Wformat-extra-args
2016-01-13 19:26:40 -03:00
Michael Niedermayer
39fb3f18c5 avcodec/diracdec: Handle the 0 vlc case at the top of coeff_unpack_golomb()
decoding changes from 17 to 20 fps

Reviewed-by; Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 18:56:49 +01:00
Michael Niedermayer
bbd9771625 avcodec/diracdec: Factor +2 out of the inner loop
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 18:55:46 +01:00
Michael Niedermayer
da144c2ddd avcodec/diracdec: Inline svq3_get_ue_golomb() and merge the sign bit decoding into it
This avoids closing and opening the bit reader

Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 18:54:50 +01:00
Michael Niedermayer
9006567bae avcodec/aacenc: mark output as const as its not written to
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 17:09:15 +01:00
Michael Niedermayer
0634c54253 avcodec/aacenc: Fix NAN check
All MDCT outputs must be checked in case of 128point MDCTs
Fixes: out of array read
Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_351_52ca6226eb83547a2d26e322ce84ed84.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 17:09:15 +01:00
Kieran Kunhya
bfc8a4dabe diracdec: Add slice threading to HQ profile 2016-01-13 16:08:56 +00:00
Claudio Freire
699c2ee560 AAC encoder: encode out-of-phase I/S efficiently
Use the ability to invert phase with ms_mask instead of changing
the codebook when possible, to avoid having to switch codebooks
if some bands are INTENSTY_BT and others are INTENSITY_BT2, since
usually a set ms_mask uses less bits that a codebook change. While
it may not always be a win (ie: if it causes an ms_mask bitmap
to be sent when it wouldn't have been otherwise), it's unlikely
since the ms_mask bitmap will almost always be there already for
M/S itself.
2016-01-13 05:28:34 -03:00
Claudio Freire
aa64a48357 AAC encoder: fix I/S relative error evaluation
The relative error between two encoding strategies is the simple
difference of rate-distortion values, and not the absolute
difference. An absolute measure would allow worsening of the
quantization error as well as improving.
2016-01-13 05:28:34 -03:00
Claudio Freire
6711aa21e2 AAC encoder: various fixes in M/S coding
1. Fix sf_idx and band_type addressing to address only the first
subwindow in the group (others could hold garbage values)

2. Don't step on ms_mask when is_mask is set. I/S selection
already sets the ms_mask properly and shouldn't be overridden.

3. Use mid/sid cb/sf when computing coding error, as should be
since those are the cb/sfs that will eventually be set.

4. Fix distortion computation on multi-subwindow groups (was
subtracting the bits terms multiple times)

5. Clear ms_mask when one side uses PNS and the other doesn't.
When using PNS, ms_mask signals correlated noise, which can be
detected just like regular M/S detection, so we don't skip
noise bands, but when only one side uses PNS setting the flag
can confuse some encoders, so avoid that.
2016-01-13 05:28:34 -03:00
Claudio Freire
4dcb69cc12 AAC encoder: in IS, fix index of sf_idx, band_type
Correct addressing of sf_idx and band_type arrays in I/S code.

Both arrays don't guarantee valid values for subwindows at all
times, depending on which coder is being used, which could result
in reading of garbage values. Instead, only the first subwindow
in the window group has to be used, ie: use w*16+g instead of
(w+w2)*16+g
2016-01-13 05:28:34 -03:00
Claudio Freire
509f168017 AAC encoder: don't apply MS on special bands
Change the condition for application of the M/S transform to match
that of the decoder. Namely, that no special coding books must be
in use in either channel. While the condition ought to be
equivalent to the current one when the invariant of is_mask is
kept, matching the decoder's condition is safer and easier to
maintain.
2016-01-13 05:28:34 -03:00
Claudio Freire
00d481b2c3 AAC encoder: avoid assertion failure on PNS
In rare corner cases it could still fail an assert on sf_diff due
to failure to update prev_sf in some code paths. Fix that case.
2016-01-13 05:28:34 -03:00
Claudio Freire
2a31b076b4 AAC encoder: fix assertion error with prediction
Fixes an assertion error reported in #2686 that happens when
using prediction (either explicitly or implicitly by setting
the AAC main profile), since prediction code would allow
creating new zeroes or removing existing ones, without
properly checking for SF delta violations.

This patch forbids creating/removing zeroes, perhaps an
overly conservative approach, but a safe one. More permissive
and sophisticated approaches may be attempted in the future.
2016-01-13 05:28:34 -03:00
Carl Eugen Hoyos
d3fe2e0dc9 lavc/mjpeg2jpeg: Accept more mjpeg streams as input.
Fixes ticket #5151.
2016-01-13 09:01:29 +01:00
Michael Niedermayer
9ca64c31d2 avutil/common: Protect GET_BYTE in GET_UTF8() by ()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 03:09:08 +01:00
Michael Niedermayer
115fb6d03e avformat/aviobuf: Fix end check in put_str16()
Fixes out of array read
Fixes: 03c406ec9530e594a074ce2979f8a1f0/asan_heap-oob_7dec26_4664_37c52495b2870a2eaac65f53958e76c1.flac

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-01-13 03:09:08 +01:00