diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-04-07 15:42:45 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-04-07 15:42:45 +0200 |
| commit | e9d5a6f1c5b65319400a45446ae6523a2296de73 (patch) | |
| tree | 11110d207fd762b9c52233cde9aba0b32090d0b1 | |
| parent | 0af8ed29e4a756c3e207ac65f479c23ca8ed025b (diff) | |
| parent | 327ff82bac3081d918dceb4931c77e25d0a1480d (diff) | |
| download | ffmpeg-e9d5a6f1c5b65319400a45446ae6523a2296de73.tar.gz | |
Merge commit '327ff82bac3081d918dceb4931c77e25d0a1480d' into release/0.10
* commit '327ff82bac3081d918dceb4931c77e25d0a1480d':
msrle: convert MS RLE decoding function to bytestream2.
Update Changelog for the 0.8.6 Release
wmaprodec: require block_align to be set.
ivi_common: do not call MC for intra frames when dc_transform is unset
roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
Revert "libmp3lame: use the correct remaining buffer size when flushing"
lzo: fix overflow checking in copy_backptr()
flacdec: simplify bounds checking in flac_probe()
atrac3: avoid oversized shifting in decode_bytes()
avconv: skip attached files when selecting streams to read from.
lavf: fix arithmetic overflows in avformat_seek_file()
Conflicts:
Changelog
avconv.c
libavcodec/libmp3lame.c
libavcodec/msrledec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/aasc.c | 12 | ||||
| -rw-r--r-- | libavcodec/atrac3.c | 7 | ||||
| -rw-r--r-- | libavcodec/bmp.c | 4 | ||||
| -rw-r--r-- | libavcodec/ivi_common.c | 7 | ||||
| -rw-r--r-- | libavcodec/msrle.c | 4 | ||||
| -rw-r--r-- | libavcodec/msrledec.c | 134 | ||||
| -rw-r--r-- | libavcodec/msrledec.h | 8 | ||||
| -rw-r--r-- | libavcodec/roqvideodec.c | 2 | ||||
| -rw-r--r-- | libavcodec/tscc.c | 8 | ||||
| -rw-r--r-- | libavcodec/wmaprodec.c | 5 | ||||
| -rw-r--r-- | libavformat/flacdec.c | 8 | ||||
| -rw-r--r-- | libavformat/utils.c | 2 | ||||
| -rw-r--r-- | libavutil/lzo.c | 3 |
13 files changed, 106 insertions, 98 deletions
diff --git a/libavcodec/aasc.c b/libavcodec/aasc.c index 197bfe5f05..5bdfeb8aa9 100644 --- a/libavcodec/aasc.c +++ b/libavcodec/aasc.c @@ -34,17 +34,10 @@ typedef struct AascContext { AVCodecContext *avctx; + GetByteContext gb; AVFrame frame; } AascContext; -#define FETCH_NEXT_STREAM_BYTE() \ - if (stream_ptr >= buf_size) \ - { \ - av_log(s->avctx, AV_LOG_ERROR, " AASC: stream ptr just went out of bounds (fetch)\n"); \ - break; \ - } \ - stream_byte = buf[stream_ptr++]; - static av_cold int aasc_decode_init(AVCodecContext *avctx) { AascContext *s = avctx->priv_data; @@ -89,7 +82,8 @@ static int aasc_decode_frame(AVCodecContext *avctx, } break; case 1: - ff_msrle_decode(avctx, (AVPicture*)&s->frame, 8, buf - 4, buf_size + 4); + bytestream2_init(&s->gb, buf - 4, buf_size + 4); + ff_msrle_decode(avctx, (AVPicture*)&s->frame, 8, &s->gb); break; default: av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n", compr); diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c index df09ea1802..e88c7eefd9 100644 --- a/libavcodec/atrac3.c +++ b/libavcodec/atrac3.c @@ -184,8 +184,11 @@ static int decode_bytes(const uint8_t* inbuffer, uint8_t* out, int bytes){ uint32_t* obuf = (uint32_t*) out; off = (intptr_t)inbuffer & 3; - buf = (const uint32_t*) (inbuffer - off); - c = av_be2ne32((0x537F6103 >> (off*8)) | (0x537F6103 << (32-(off*8)))); + buf = (const uint32_t *)(inbuffer - off); + if (off) + c = av_be2ne32((0x537F6103U >> (off * 8)) | (0x537F6103U << (32 - (off * 8)))); + else + c = av_be2ne32(0x537F6103U); bytes += 3 + off; for (i = 0; i < bytes/4; i++) obuf[i] = c ^ buf[i]; diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c index 14fd19379a..af3c381446 100644 --- a/libavcodec/bmp.c +++ b/libavcodec/bmp.c @@ -53,6 +53,7 @@ static int bmp_decode_frame(AVCodecContext *avctx, uint8_t *ptr; int dsize; const uint8_t *buf0 = buf; + GetByteContext gb; if(buf_size < 14){ av_log(avctx, AV_LOG_ERROR, "buf size too small (%d)\n", buf_size); @@ -268,7 +269,8 @@ static int bmp_decode_frame(AVCodecContext *avctx, p->data[0] += p->linesize[0] * (avctx->height - 1); p->linesize[0] = -p->linesize[0]; } - ff_msrle_decode(avctx, (AVPicture*)p, depth, buf, dsize); + bytestream2_init(&gb, buf, dsize); + ff_msrle_decode(avctx, (AVPicture*)p, depth, &gb); if(height < 0){ p->data[0] += p->linesize[0] * (avctx->height - 1); p->linesize[0] = -p->linesize[0]; diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c index 3eb7d811c9..ff954cd452 100644 --- a/libavcodec/ivi_common.c +++ b/libavcodec/ivi_common.c @@ -480,9 +480,10 @@ int ff_ivi_decode_blocks(GetBitContext *gb, IVIBandDesc *band, IVITile *tile) /* block not coded */ /* for intra blocks apply the dc slant transform */ /* for inter - perform the motion compensation without delta */ - if (is_intra && band->dc_transform) { - band->dc_transform(&prev_dc, band->buf + buf_offs, - band->pitch, blk_size); + if (is_intra) { + if (band->dc_transform) + band->dc_transform(&prev_dc, band->buf + buf_offs, + band->pitch, blk_size); } else mc_no_delta_func(band->buf + buf_offs, band->ref_buf + buf_offs + mv_y * band->pitch + mv_x, diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c index 2f3f876b15..1e6976f854 100644 --- a/libavcodec/msrle.c +++ b/libavcodec/msrle.c @@ -40,6 +40,7 @@ typedef struct MsrleContext { AVCodecContext *avctx; AVFrame frame; + GetByteContext gb; const unsigned char *buf; int size; @@ -127,7 +128,8 @@ static int msrle_decode_frame(AVCodecContext *avctx, ptr += s->frame.linesize[0]; } } else { - ff_msrle_decode(avctx, (AVPicture*)&s->frame, avctx->bits_per_coded_sample, buf, buf_size); + bytestream2_init(&s->gb, buf, buf_size); + ff_msrle_decode(avctx, (AVPicture*)&s->frame, avctx->bits_per_coded_sample, &s->gb); } *data_size = sizeof(AVFrame); diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c index 129f0e0bc0..10bc482329 100644 --- a/libavcodec/msrledec.c +++ b/libavcodec/msrledec.c @@ -30,18 +30,9 @@ #include "avcodec.h" #include "msrledec.h" -#define FETCH_NEXT_STREAM_BYTE() \ - if (stream_ptr >= data_size) \ - { \ - av_log(avctx, AV_LOG_ERROR, " MS RLE: stream ptr just went out of bounds (1)\n"); \ - return -1; \ - } \ - stream_byte = data[stream_ptr++]; - static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, - const uint8_t *data, int data_size) + GetByteContext *gb) { - int stream_ptr = 0; unsigned char rle_code; unsigned char extra_byte, odd_pixel; unsigned char stream_byte; @@ -52,11 +43,16 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, int i; while (row_ptr >= 0) { - FETCH_NEXT_STREAM_BYTE(); - rle_code = stream_byte; + if (bytestream2_get_bytes_left(gb) <= 0) { + av_log(avctx, AV_LOG_ERROR, + "MS RLE: bytestream overrun, %d rows left\n", + row_ptr); + return AVERROR_INVALIDDATA; + } + rle_code = stream_byte = bytestream2_get_byteu(gb); if (rle_code == 0) { /* fetch the next byte to see how to handle escape code */ - FETCH_NEXT_STREAM_BYTE(); + stream_byte = bytestream2_get_byte(gb); if (stream_byte == 0) { /* line is done, goto the next one */ row_ptr -= row_dec; @@ -66,24 +62,26 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, return 0; } else if (stream_byte == 2) { /* reposition frame decode coordinates */ - FETCH_NEXT_STREAM_BYTE(); + stream_byte = bytestream2_get_byte(gb); pixel_ptr += stream_byte; - FETCH_NEXT_STREAM_BYTE(); + stream_byte = bytestream2_get_byte(gb); row_ptr -= stream_byte * row_dec; } else { // copy pixels from encoded stream odd_pixel = stream_byte & 1; rle_code = (stream_byte + 1) / 2; extra_byte = rle_code & 0x01; - if (row_ptr + pixel_ptr + stream_byte > frame_size) { - av_log(avctx, AV_LOG_ERROR, " MS RLE: frame ptr just went out of bounds (1)\n"); - return -1; + if (row_ptr + pixel_ptr + stream_byte > frame_size || + bytestream2_get_bytes_left(gb) < rle_code) { + av_log(avctx, AV_LOG_ERROR, + "MS RLE: frame/stream ptr just went out of bounds (copy)\n"); + return AVERROR_INVALIDDATA; } for (i = 0; i < rle_code; i++) { if (pixel_ptr >= avctx->width) break; - FETCH_NEXT_STREAM_BYTE(); + stream_byte = bytestream2_get_byteu(gb); pic->data[0][row_ptr + pixel_ptr] = stream_byte >> 4; pixel_ptr++; if (i + 1 == rle_code && odd_pixel) @@ -96,15 +94,16 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, // if the RLE code is odd, skip a byte in the stream if (extra_byte) - stream_ptr++; + bytestream2_skip(gb, 1); } } else { // decode a run of data if (row_ptr + pixel_ptr + stream_byte > frame_size) { - av_log(avctx, AV_LOG_ERROR, " MS RLE: frame ptr just went out of bounds (1)\n"); - return -1; + av_log(avctx, AV_LOG_ERROR, + "MS RLE: frame ptr just went out of bounds (run)\n"); + return AVERROR_INVALIDDATA; } - FETCH_NEXT_STREAM_BYTE(); + stream_byte = bytestream2_get_byte(gb); for (i = 0; i < rle_code; i++) { if (pixel_ptr >= avctx->width) break; @@ -118,21 +117,21 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic, } /* one last sanity check on the way out */ - if (stream_ptr < data_size) { - av_log(avctx, AV_LOG_ERROR, " MS RLE: ended frame decode with bytes left over (%d < %d)\n", - stream_ptr, data_size); - return -1; + if (bytestream2_get_bytes_left(gb)) { + av_log(avctx, AV_LOG_ERROR, + "MS RLE: ended frame decode with %d bytes left over\n", + bytestream2_get_bytes_left(gb)); + return AVERROR_INVALIDDATA; } return 0; } -static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int depth, - const uint8_t *data, int srcsize) +static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, + int depth, GetByteContext *gb) { uint8_t *output, *output_end; - const uint8_t* src = data; int p1, p2, line=avctx->height - 1, pos=0, i; uint16_t av_uninit(pix16); uint32_t av_uninit(pix32); @@ -140,23 +139,30 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de output = pic->data[0] + (avctx->height - 1) * pic->linesize[0]; output_end = pic->data[0] + avctx->height * pic->linesize[0]; - while(src + 1 < data + srcsize) { - p1 = *src++; + + while (bytestream2_get_bytes_left(gb) > 0) { + p1 = bytestream2_get_byteu(gb); if(p1 == 0) { //Escape code - p2 = *src++; + p2 = bytestream2_get_byte(gb); if(p2 == 0) { //End-of-line output = pic->data[0] + (--line) * pic->linesize[0]; - if (line < 0 && !(src+1 < data + srcsize && AV_RB16(src) == 1)) { - av_log(avctx, AV_LOG_ERROR, "Next line is beyond picture bounds\n"); - return -1; + if (line < 0) { + if (bytestream2_get_be16(gb) == 1) { // end-of-picture + return 0; + } else { + av_log(avctx, AV_LOG_ERROR, + "Next line is beyond picture bounds (%d bytes left)\n", + bytestream2_get_bytes_left(gb)); + return AVERROR_INVALIDDATA; + } } pos = 0; continue; } else if(p2 == 1) { //End-of-picture return 0; } else if(p2 == 2) { //Skip - p1 = *src++; - p2 = *src++; + p1 = bytestream2_get_byte(gb); + p2 = bytestream2_get_byte(gb); line -= p2; pos += p1; if (line < 0 || pos >= width){ @@ -167,35 +173,31 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de continue; } // Copy data - if ((pic->linesize[0] > 0 && output + p2 * (depth >> 3) > output_end) - ||(pic->linesize[0] < 0 && output + p2 * (depth >> 3) < output_end)) { - src += p2 * (depth >> 3); + if ((pic->linesize[0] > 0 && output + p2 * (depth >> 3) > output_end) || + (pic->linesize[0] < 0 && output + p2 * (depth >> 3) < output_end)) { + bytestream2_skip(gb, 2 * (depth >> 3)); continue; + } else if (bytestream2_get_bytes_left(gb) < p2 * (depth >> 3)) { + av_log(avctx, AV_LOG_ERROR, "bytestream overrun\n"); + return AVERROR_INVALIDDATA; } - if(data + srcsize - src < p2 * (depth >> 3)){ - av_log(avctx, AV_LOG_ERROR, "Copy beyond input buffer\n"); - return -1; - } + if ((depth == 8) || (depth == 24)) { for(i = 0; i < p2 * (depth >> 3); i++) { - *output++ = *src++; + *output++ = bytestream2_get_byteu(gb); } // RLE8 copy is actually padded - and runs are not! if(depth == 8 && (p2 & 1)) { - src++; + bytestream2_skip(gb, 1); } } else if (depth == 16) { for(i = 0; i < p2; i++) { - pix16 = AV_RL16(src); - src += 2; - *(uint16_t*)output = pix16; + *(uint16_t*)output = bytestream2_get_le16u(gb); output += 2; } } else if (depth == 32) { for(i = 0; i < p2; i++) { - pix32 = AV_RL32(src); - src += 4; - *(uint32_t*)output = pix32; + *(uint32_t*)output = bytestream2_get_le32u(gb); output += 4; } } @@ -203,21 +205,19 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de } else { //run of pixels uint8_t pix[3]; //original pixel switch(depth){ - case 8: pix[0] = *src++; + case 8: pix[0] = bytestream2_get_byte(gb); break; - case 16: pix16 = AV_RL16(src); - src += 2; + case 16: pix16 = bytestream2_get_le16(gb); break; - case 24: pix[0] = *src++; - pix[1] = *src++; - pix[2] = *src++; + case 24: pix[0] = bytestream2_get_byte(gb); + pix[1] = bytestream2_get_byte(gb); + pix[2] = bytestream2_get_byte(gb); break; - case 32: pix32 = AV_RL32(src); - src += 4; + case 32: pix32 = bytestream2_get_le32(gb); break; } - if ((pic->linesize[0] > 0 && output + p1 * (depth >> 3) > output_end) - ||(pic->linesize[0] < 0 && output + p1 * (depth >> 3) < output_end)) + if ((pic->linesize[0] > 0 && output + p1 * (depth >> 3) > output_end) || + (pic->linesize[0] < 0 && output + p1 * (depth >> 3) < output_end)) continue; for(i = 0; i < p1; i++) { switch(depth){ @@ -244,17 +244,17 @@ static int msrle_decode_8_16_24_32(AVCodecContext *avctx, AVPicture *pic, int de } -int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic, int depth, - const uint8_t* data, int data_size) +int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic, + int depth, GetByteContext *gb) { switch(depth){ case 4: - return msrle_decode_pal4(avctx, pic, data, data_size); + return msrle_decode_pal4(avctx, pic, gb); case 8: case 16: case 24: case 32: - return msrle_decode_8_16_24_32(avctx, pic, depth, data, data_size); + return msrle_decode_8_16_24_32(avctx, pic, depth, gb); default: av_log(avctx, AV_LOG_ERROR, "Unknown depth %d\n", depth); return -1; diff --git a/libavcodec/msrledec.h b/libavcodec/msrledec.h index 2230162691..84278129f5 100644 --- a/libavcodec/msrledec.h +++ b/libavcodec/msrledec.h @@ -23,6 +23,7 @@ #define AVCODEC_MSRLEDEC_H #include "avcodec.h" +#include "bytestream.h" /** * Decode stream in MS RLE format into frame. @@ -30,11 +31,10 @@ * @param avctx codec context * @param pic destination frame * @param depth bit depth - * @param data input stream - * @param data_size input size + * @param gb input bytestream context */ -int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic, int depth, - const uint8_t* data, int data_size); +int ff_msrle_decode(AVCodecContext *avctx, AVPicture *pic, + int depth, GetByteContext *gb); #endif /* AVCODEC_MSRLEDEC_H */ diff --git a/libavcodec/roqvideodec.c b/libavcodec/roqvideodec.c index 7ff366051f..20374859f4 100644 --- a/libavcodec/roqvideodec.c +++ b/libavcodec/roqvideodec.c @@ -43,7 +43,7 @@ static void roqvideo_decode_frame(RoqContext *ri) roq_qcell *qcell; int64_t chunk_start; - while (bytestream2_get_bytes_left(&ri->gb) > 0) { + while (bytestream2_get_bytes_left(&ri->gb) >= 8) { chunk_id = bytestream2_get_le16(&ri->gb); chunk_size = bytestream2_get_le32(&ri->gb); chunk_arg = bytestream2_get_le16(&ri->gb); diff --git a/libavcodec/tscc.c b/libavcodec/tscc.c index c07f3a87f7..75728778ca 100644 --- a/libavcodec/tscc.c +++ b/libavcodec/tscc.c @@ -58,6 +58,7 @@ typedef struct TsccContext { unsigned int decomp_size; // Decompression buffer unsigned char* decomp_buf; + GetByteContext gb; int height; z_stream zstream; @@ -105,8 +106,11 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac } - if(zret != Z_DATA_ERROR) - ff_msrle_decode(avctx, (AVPicture*)&c->pic, c->bpp, c->decomp_buf, c->decomp_size - c->zstream.avail_out); + if (zret != Z_DATA_ERROR) { + bytestream2_init(&c->gb, c->decomp_buf, + c->decomp_size - c->zstream.avail_out); + ff_msrle_decode(avctx, (AVPicture*)&c->pic, c->bpp, &c->gb); + } /* make the palette available on the way out */ if (c->avctx->pix_fmt == PIX_FMT_PAL8) { diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index 775484cbc1..85c18f03c2 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -280,6 +280,11 @@ static av_cold int decode_init(AVCodecContext *avctx) int log2_max_num_subframes; int num_possible_block_sizes; + if (!avctx->block_align) { + av_log(avctx, AV_LOG_ERROR, "block_align is not set\n"); + return AVERROR(EINVAL); + } + s->avctx = avctx; dsputil_init(&s->dsp, avctx); ff_fmt_convert_init(&s->fmt_conv, avctx); diff --git a/libavformat/flacdec.c b/libavformat/flacdec.c index 070f9af3f6..6af54712d9 100644 --- a/libavformat/flacdec.c +++ b/libavformat/flacdec.c @@ -143,11 +143,9 @@ static int flac_read_header(AVFormatContext *s, static int flac_probe(AVProbeData *p) { - uint8_t *bufptr = p->buf; - uint8_t *end = p->buf + p->buf_size; - - if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0; - else return AVPROBE_SCORE_MAX/2; + if (p->buf_size < 4 || memcmp(p->buf, "fLaC", 4)) + return 0; + return AVPROBE_SCORE_MAX/2; } AVInputFormat ff_flac_demuxer = { diff --git a/libavformat/utils.c b/libavformat/utils.c index 7e807c2333..33967df0b2 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -1948,7 +1948,7 @@ int avformat_seek_file(AVFormatContext *s, int stream_index, int64_t min_ts, int //Note the old has somewat different sematics AV_NOWARN_DEPRECATED( if(s->iformat->read_seek || 1) - return av_seek_frame(s, stream_index, ts, flags | (ts - min_ts > (uint64_t)(max_ts - ts) ? AVSEEK_FLAG_BACKWARD : 0)); + return av_seek_frame(s, stream_index, ts, flags | ((uint64_t)ts - min_ts > (uint64_t)max_ts - ts ? AVSEEK_FLAG_BACKWARD : 0)); ) // try some generic seek like seek_frame_generic() but with new ts semantics diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 3642308100..8cb8da43a3 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -119,9 +119,8 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt); * thus creating a repeating pattern with a period length of back. */ static inline void copy_backptr(LZOContext *c, int back, int cnt) { - register const uint8_t *src = &c->out[-back]; register uint8_t *dst = c->out; - if (src < c->out_start || src > dst) { + if (dst - c->out_start < back) { c->error |= AV_LZO_INVALID_BACKPTR; return; } |