aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2011-09-22 01:41:55 +0200
committerMichael Niedermayer <michaelni@gmx.at>2011-09-22 01:48:45 +0200
commita99a35c8ea633a252d3a52a21691478f1f8c1763 (patch)
treee38f9dd8ff73ba17809e7475c08e41ffb5e99f78 /libavcodec
parenta582b028a416a29e60b4748b2ae4221ada11c2b8 (diff)
parent056e9efc8e06faed3516b610d8a74484f24ac07f (diff)
downloadffmpeg-a99a35c8ea633a252d3a52a21691478f1f8c1763.tar.gz
Merge branch 'release/0.8' into release/0.7
* release/0.8: (154 commits) vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Check for huffman tree building error in vp6 decoder. Release old pictures after a resolution change in vp5/6 decoder Check for missing reference in vp5/6 decoder. Check for invalid slices offsets in RV30/40 decoder. Check output buffer size in nellymoser decoder. Hack around gcc 4.6 breaking asm using call. Fix dxva2 decoding for some H264 samples. mp3demux: pass on error code on packet read. Check for invalid slice offsets in real decoder. rmdec: Reject invalid deinterleaving parameters Use deinterleavers for demangling audio packets in RealMedia. rv10: Reject slices that does not have the same type as the first one rmdec: use the deinterleaving mode and not the codec when creating audio packets. MAINTAINERS: add my GPG fingerprint. (cherry picked from commit 7882dc10f871bf25a848fe62a152f63814f9c7d1) Support 3IVD in isom, produced by 3ivx DivX Doctor. mpegpsdec: fix reading first mpegps packet (cherry picked from commit b2f230e23dd61112ac090b0c059d87b5f6bcb307) Avoid NULL dereference on corrupted bitstream with real decoder. Reject slices that does not have the same type than the first one in RV10/RV20 decoder. check all svq3_get_ue_golomb() returns. ... Conflicts: Doxyfile RELEASE VERSION libavcodec/rv34.c libavformat/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/Makefile1
-rw-r--r--libavcodec/aac_adtstoasc_bsf.c2
-rw-r--r--libavcodec/aacdec.c9
-rw-r--r--libavcodec/aacps.c19
-rw-r--r--libavcodec/allcodecs.c2
-rw-r--r--libavcodec/arm/fft_fixed_neon.S2
-rw-r--r--libavcodec/avcodec.h1
-rw-r--r--libavcodec/avs.c2
-rw-r--r--libavcodec/cabac.c10
-rw-r--r--libavcodec/cinepak.c3
-rw-r--r--libavcodec/cljr.c2
-rw-r--r--libavcodec/cook.c5
-rw-r--r--libavcodec/dca.c1
-rw-r--r--libavcodec/dirac.c16
-rw-r--r--libavcodec/dvbsubdec.c2
-rw-r--r--libavcodec/ffv1.c4
-rw-r--r--libavcodec/h264.c104
-rw-r--r--libavcodec/h264.h2
-rw-r--r--libavcodec/h264_refs.c2
-rw-r--r--libavcodec/indeo2.c10
-rw-r--r--libavcodec/jpegls.h2
-rw-r--r--libavcodec/jvdec.c2
-rw-r--r--libavcodec/kgv1dec.c1
-rw-r--r--libavcodec/libspeexenc.c178
-rw-r--r--libavcodec/mjpegdec.c7
-rw-r--r--libavcodec/motionpixels.c3
-rw-r--r--libavcodec/mpeg4videoenc.c4
-rw-r--r--libavcodec/mpegvideo.c5
-rw-r--r--libavcodec/mpegvideo.h1
-rw-r--r--libavcodec/nellymoserdec.c3
-rw-r--r--libavcodec/options.c3
-rw-r--r--libavcodec/qcelpdec.c2
-rw-r--r--libavcodec/ratecontrol.c6
-rw-r--r--libavcodec/rv10.c6
-rw-r--r--libavcodec/rv30.c10
-rw-r--r--libavcodec/rv34.c39
-rw-r--r--libavcodec/rv40.c5
-rw-r--r--libavcodec/smacker.c30
-rw-r--r--libavcodec/svq3.c12
-rw-r--r--libavcodec/tta.c2
-rw-r--r--libavcodec/vc1.c4
-rw-r--r--libavcodec/vc1dec.c16
-rw-r--r--libavcodec/vp3.c22
-rw-r--r--libavcodec/vp5.c3
-rw-r--r--libavcodec/vp56.c16
-rw-r--r--libavcodec/vp56.h2
-rw-r--r--libavcodec/vp6.c30
-rw-r--r--libavcodec/wavpack.c65
-rw-r--r--libavcodec/xan.c44
49 files changed, 555 insertions, 167 deletions
diff --git a/libavcodec/Makefile b/libavcodec/Makefile
index 4e9906e40c..175e6a0d2a 100644
--- a/libavcodec/Makefile
+++ b/libavcodec/Makefile
@@ -588,6 +588,7 @@ OBJS-$(CONFIG_LIBSCHROEDINGER_ENCODER) += libschroedingerenc.o \
libschroedinger.o \
libdirac_libschro.o
OBJS-$(CONFIG_LIBSPEEX_DECODER) += libspeexdec.o
+OBJS-$(CONFIG_LIBSPEEX_ENCODER) += libspeexenc.o
OBJS-$(CONFIG_LIBTHEORA_ENCODER) += libtheoraenc.o
OBJS-$(CONFIG_LIBVO_AACENC_ENCODER) += libvo-aacenc.o mpeg4audio.o
OBJS-$(CONFIG_LIBVO_AMRWBENC_ENCODER) += libvo-amrwbenc.o
diff --git a/libavcodec/aac_adtstoasc_bsf.c b/libavcodec/aac_adtstoasc_bsf.c
index 6558c0280f..2e14b1a0b6 100644
--- a/libavcodec/aac_adtstoasc_bsf.c
+++ b/libavcodec/aac_adtstoasc_bsf.c
@@ -72,7 +72,7 @@ static int aac_adtstoasc_filter(AVBitStreamFilterContext *bsfc,
int pce_size = 0;
uint8_t pce_data[MAX_PCE_SIZE];
if (!hdr.chan_config) {
- init_get_bits(&gb, buf, buf_size);
+ init_get_bits(&gb, buf, buf_size * 8);
if (get_bits(&gb, 3) != 5) {
av_log_missing_feature(avctx, "PCE based channel configuration, where the PCE is not the first syntax element is", 0);
return -1;
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index cb8760801a..6cc0cec0f0 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -1755,12 +1755,10 @@ static void windowing_and_mdct_ltp(AACContext *ac, float *out,
} else {
memset(in, 0, 448 * sizeof(float));
ac->dsp.vector_fmul(in + 448, in + 448, swindow_prev, 128);
- memcpy(in + 576, in + 576, 448 * sizeof(float));
}
if (ics->window_sequence[0] != LONG_START_SEQUENCE) {
ac->dsp.vector_fmul_reverse(in + 1024, in + 1024, lwindow, 1024);
} else {
- memcpy(in + 1024, in + 1024, 448 * sizeof(float));
ac->dsp.vector_fmul_reverse(in + 1024 + 448, in + 1024 + 448, swindow, 128);
memset(in + 1024 + 576, 0, 448 * sizeof(float));
}
@@ -2078,7 +2076,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
ChannelElement *che = NULL, *che_prev = NULL;
enum RawDataBlockType elem_type, elem_type_prev = TYPE_END;
int err, elem_id, data_size_tmp;
- int samples = 0, multiplier;
+ int samples = 0, multiplier, audio_found = 0;
if (show_bits(gb, 12) == 0xfff) {
if (parse_adts_frame_header(ac, gb) < 0) {
@@ -2109,10 +2107,12 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
case TYPE_SCE:
err = decode_ics(ac, &che->ch[0], gb, 0, 0);
+ audio_found = 1;
break;
case TYPE_CPE:
err = decode_cpe(ac, gb, che);
+ audio_found = 1;
break;
case TYPE_CCE:
@@ -2121,6 +2121,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
case TYPE_LFE:
err = decode_ics(ac, &che->ch[0], gb, 0, 0);
+ audio_found = 1;
break;
case TYPE_DSE:
@@ -2197,7 +2198,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
samples, avctx->channels);
}
- if (ac->output_configured)
+ if (ac->output_configured && audio_found)
ac->output_configured = OC_LOCKED;
return 0;
diff --git a/libavcodec/aacps.c b/libavcodec/aacps.c
index fc124d1972..3cfd18d959 100644
--- a/libavcodec/aacps.c
+++ b/libavcodec/aacps.c
@@ -813,14 +813,17 @@ static void stereo_processing(PSContext *ps, float (*l)[32][2], float (*r)[32][2
const float (*H_LUT)[8][4] = (PS_BASELINE || ps->icc_mode < 3) ? HA : HB;
//Remapping
- memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0]));
- memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0]));
- memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0]));
- memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0]));
- memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0]));
- memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0]));
- memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0]));
- memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0]));
+ if (ps->num_env_old) {
+ memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0]));
+ memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0]));
+ memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0]));
+ memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0]));
+ memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0]));
+ memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0]));
+ memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0]));
+ memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0]));
+ }
+
if (is34) {
remap34(&iid_mapped, ps->iid_par, ps->nr_iid_par, ps->num_env, 1);
remap34(&icc_mapped, ps->icc_par, ps->nr_icc_par, ps->num_env, 1);
diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c
index e6305cf7d2..f1c664f5d1 100644
--- a/libavcodec/allcodecs.c
+++ b/libavcodec/allcodecs.c
@@ -380,7 +380,7 @@ void avcodec_register_all(void)
REGISTER_DECODER (LIBOPENCORE_AMRWB, libopencore_amrwb);
REGISTER_DECODER (LIBOPENJPEG, libopenjpeg);
REGISTER_ENCDEC (LIBSCHROEDINGER, libschroedinger);
- REGISTER_DECODER (LIBSPEEX, libspeex);
+ REGISTER_ENCDEC (LIBSPEEX, libspeex);
REGISTER_ENCODER (LIBTHEORA, libtheora);
REGISTER_ENCODER (LIBVO_AACENC, libvo_aacenc);
REGISTER_ENCODER (LIBVO_AMRWBENC, libvo_amrwbenc);
diff --git a/libavcodec/arm/fft_fixed_neon.S b/libavcodec/arm/fft_fixed_neon.S
index bd6c853ec8..4e4b94a8e3 100644
--- a/libavcodec/arm/fft_fixed_neon.S
+++ b/libavcodec/arm/fft_fixed_neon.S
@@ -56,7 +56,7 @@
vhsub.s16 \r0, \d0, \d1 @ t3, t4, t8, t7
vhsub.s16 \r1, \d1, \d0
vhadd.s16 \d0, \d0, \d1 @ t1, t2, t6, t5
- vmov.i64 \d1, #0xffff<<32
+ vmov.i64 \d1, #0xffff00000000
vbit \r0, \r1, \d1
vrev64.16 \r1, \r0 @ t7, t8, t4, t3
vtrn.32 \r0, \r1 @ t3, t4, t7, t8
diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
index ea3dd6f4a6..198d01dbdd 100644
--- a/libavcodec/avcodec.h
+++ b/libavcodec/avcodec.h
@@ -2686,7 +2686,6 @@ typedef struct AVCodecContext {
/**
* Bits per sample/pixel of internal libavcodec pixel/sample format.
- * This field is applicable only when sample_fmt is AV_SAMPLE_FMT_S32.
* - encoding: set by user.
* - decoding: set by libavcodec.
*/
diff --git a/libavcodec/avs.c b/libavcodec/avs.c
index 06fcd5cd0e..354b53c241 100644
--- a/libavcodec/avs.c
+++ b/libavcodec/avs.c
@@ -117,7 +117,7 @@ avs_decode_frame(AVCodecContext * avctx,
table = buf + (256 * vect_w * vect_h);
if (sub_type != AVS_I_FRAME) {
int map_size = ((318 / vect_w + 7) / 8) * (198 / vect_h);
- init_get_bits(&change_map, table, map_size);
+ init_get_bits(&change_map, table, map_size * 8);
table += map_size;
}
diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c
index 76253afe3e..9acc2a079f 100644
--- a/libavcodec/cabac.c
+++ b/libavcodec/cabac.c
@@ -161,10 +161,14 @@ void ff_init_cabac_states(CABACContext *c){
ff_h264_mps_state[2*i+1]= 2*mps_state[i]+1;
if( i ){
+ ff_h264_lps_state[2*i+0]=
ff_h264_mlps_state[128-2*i-1]= 2*lps_state[i]+0;
+ ff_h264_lps_state[2*i+1]=
ff_h264_mlps_state[128-2*i-2]= 2*lps_state[i]+1;
}else{
+ ff_h264_lps_state[2*i+0]=
ff_h264_mlps_state[128-2*i-1]= 1;
+ ff_h264_lps_state[2*i+1]=
ff_h264_mlps_state[128-2*i-2]= 0;
}
}
@@ -190,7 +194,8 @@ int main(void){
ff_init_cabac_states(&c);
for(i=0; i<SIZE; i++){
- r[i] = av_lfg_get(&prng) % 7;
+ if(2*i<SIZE) r[i] = av_lfg_get(&prng) % 7;
+ else r[i] = (i>>8)&1;
}
for(i=0; i<SIZE; i++){
@@ -205,6 +210,7 @@ START_TIMER
STOP_TIMER("put_cabac")
}
+#if 0
for(i=0; i<SIZE; i++){
START_TIMER
put_cabac_u(&c, state, r[i], 6, 3, i&1);
@@ -216,7 +222,7 @@ START_TIMER
put_cabac_ueg(&c, state, r[i], 3, 0, 1, 2);
STOP_TIMER("put_cabac_ueg")
}
-
+#endif
put_cabac_terminate(&c, 1);
ff_init_cabac_decoder(&c, b, SIZE);
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index f2cbdc406e..7e1789dda7 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -335,7 +335,8 @@ static int cinepak_decode (CinepakContext *s)
* If the frame header is followed by the bytes FE 00 00 06 00 00 then
* this is probably one of the two known files that have 6 extra bytes
* after the frame header. Else, assume 2 extra bytes. */
- if ((s->data[10] == 0xFE) &&
+ if (s->size >= 16 &&
+ (s->data[10] == 0xFE) &&
(s->data[11] == 0x00) &&
(s->data[12] == 0x00) &&
(s->data[13] == 0x06) &&
diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c
index c9b0911674..e94ad9b42e 100644
--- a/libavcodec/cljr.c
+++ b/libavcodec/cljr.c
@@ -67,7 +67,7 @@ static int decode_frame(AVCodecContext *avctx,
p->pict_type= AV_PICTURE_TYPE_I;
p->key_frame= 1;
- init_get_bits(&a->gb, buf, buf_size);
+ init_get_bits(&a->gb, buf, buf_size * 8);
for(y=0; y<avctx->height; y++){
uint8_t *luma= &a->picture.data[0][ y*a->picture.linesize[0] ];
diff --git a/libavcodec/cook.c b/libavcodec/cook.c
index 116be2fe98..192ec5bdf1 100644
--- a/libavcodec/cook.c
+++ b/libavcodec/cook.c
@@ -1175,8 +1175,9 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
return -1;
}
- if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 0)) {
- av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= 0 and <= 6 allowed!\n",q->subpacket[s].js_vlc_bits);
+ if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 2*q->subpacket[s].joint_stereo)) {
+ av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= %d and <= 6 allowed!\n",
+ q->subpacket[s].js_vlc_bits, 2*q->subpacket[s].joint_stereo);
return -1;
}
diff --git a/libavcodec/dca.c b/libavcodec/dca.c
index 4b445bc743..5166fc5337 100644
--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@@ -1650,6 +1650,7 @@ static int dca_decode_frame(AVCodecContext * avctx,
//set AVCodec values with parsed data
avctx->sample_rate = s->sample_rate;
avctx->bit_rate = s->bit_rate;
+ avctx->frame_size = s->sample_blocks * 32;
s->profile = FF_PROFILE_DTS;
diff --git a/libavcodec/dirac.c b/libavcodec/dirac.c
index af0d799acc..1582a5f8f2 100644
--- a/libavcodec/dirac.c
+++ b/libavcodec/dirac.c
@@ -120,7 +120,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
// chroma subsampling
if (get_bits1(gb))
source->chroma_format = svq3_get_ue_golomb(gb);
- if (source->chroma_format > 2) {
+ if (source->chroma_format > 2U) {
av_log(avctx, AV_LOG_ERROR, "Unknown chroma format %d\n",
source->chroma_format);
return -1;
@@ -128,14 +128,14 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb))
source->interlaced = svq3_get_ue_golomb(gb);
- if (source->interlaced > 1)
+ if (source->interlaced > 1U)
return -1;
// frame rate
if (get_bits1(gb)) {
source->frame_rate_index = svq3_get_ue_golomb(gb);
- if (source->frame_rate_index > 10)
+ if (source->frame_rate_index > 10U)
return -1;
if (!source->frame_rate_index) {
@@ -156,7 +156,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb)) {
source->aspect_ratio_index = svq3_get_ue_golomb(gb);
- if (source->aspect_ratio_index > 6)
+ if (source->aspect_ratio_index > 6U)
return -1;
if (!source->aspect_ratio_index) {
@@ -179,7 +179,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb)) {
source->pixel_range_index = svq3_get_ue_golomb(gb);
- if (source->pixel_range_index > 4)
+ if (source->pixel_range_index > 4U)
return -1;
// This assumes either fullrange or MPEG levels only
@@ -207,7 +207,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb)) {
idx = source->color_spec_index = svq3_get_ue_golomb(gb);
- if (source->color_spec_index > 4)
+ if (source->color_spec_index > 4U)
return -1;
avctx->color_primaries = dirac_color_presets[idx].color_primaries;
@@ -217,7 +217,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (!source->color_spec_index) {
if (get_bits1(gb)) {
idx = svq3_get_ue_golomb(gb);
- if (idx < 3)
+ if (idx < 3U)
avctx->color_primaries = dirac_primaries[idx];
}
@@ -259,7 +259,7 @@ int ff_dirac_parse_sequence_header(AVCodecContext *avctx, GetBitContext *gb,
else if (version_major > 2)
av_log(avctx, AV_LOG_WARNING, "Stream may have unhandled features\n");
- if (video_format > 20)
+ if (video_format > 20U)
return -1;
// Fill in defaults for the source parameters.
diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c
index 5b09eb14d6..e43dd29a14 100644
--- a/libavcodec/dvbsubdec.c
+++ b/libavcodec/dvbsubdec.c
@@ -1360,7 +1360,7 @@ static int dvbsub_display_end_segment(AVCodecContext *avctx, const uint8_t *buf,
rect->y = display->y_pos + offset_y;
rect->w = region->width;
rect->h = region->height;
- rect->nb_colors = 16;
+ rect->nb_colors = (1 << region->depth);
rect->type = SUBTITLE_BITMAP;
rect->pict.linesize[0] = region->width;
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index a0a4a1d009..8fe725f78a 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -1805,7 +1805,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
bytes_read = c->bytestream - c->bytestream_start - 1;
if(bytes_read ==0) av_log(avctx, AV_LOG_ERROR, "error at end of AC stream\n"); //FIXME
//printf("pos=%d\n", bytes_read);
- init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, buf_size - bytes_read);
+ init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, (buf_size - bytes_read) * 8);
} else {
bytes_read = 0; /* avoid warning */
}
@@ -1822,7 +1822,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
if(fs->ac){
ff_init_range_decoder(&fs->c, buf_p, v);
}else{
- init_get_bits(&fs->gb, buf_p, v);
+ init_get_bits(&fs->gb, buf_p, v * 8);
}
}
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 2fae265edd..0ac20a60c0 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -183,20 +183,28 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_l
i-= RS;
}
- if(i>=length-1){ //no escaped 0
- *dst_length= length;
- *consumed= length+1; //+1 for the header
- return src;
- }
-
bufidx = h->nal_unit_type == NAL_DPC ? 1 : 0; // use second escape buffer for inter data
- av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE);
+ si=h->rbsp_buffer_size[bufidx];
+ av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);
dst= h->rbsp_buffer[bufidx];
+ if(si != h->rbsp_buffer_size[bufidx])
+ memset(dst + length, 0, FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);
if (dst == NULL){
return NULL;
}
+ if(i>=length-1){ //no escaped 0
+ *dst_length= length;
+ *consumed= length+1; //+1 for the header
+ if(h->s.avctx->flags2 & CODEC_FLAG2_FAST){
+ return src;
+ }else{
+ memcpy(dst, src, length);
+ return dst;
+ }
+ }
+
//printf("decoding esc\n");
memcpy(dst, src, i);
si=di=i;
@@ -1165,7 +1173,10 @@ static int decode_update_thread_context(AVCodecContext *dst, const AVCodecContex
memcpy(&h->s + 1, &h1->s + 1, sizeof(H264Context) - sizeof(MpegEncContext)); //copy all fields after MpegEnc
memset(h->sps_buffers, 0, sizeof(h->sps_buffers));
memset(h->pps_buffers, 0, sizeof(h->pps_buffers));
- ff_h264_alloc_tables(h);
+ if (ff_h264_alloc_tables(h) < 0) {
+ av_log(dst, AV_LOG_ERROR, "Could not allocate memory for h264\n");
+ return AVERROR(ENOMEM);
+ }
context_init(h);
for(i=0; i<2; i++){
@@ -1403,7 +1414,7 @@ static void decode_postinit(H264Context *h, int setup_finished){
pics = 0;
while(h->delayed_pic[pics]) pics++;
- assert(pics <= MAX_DELAYED_PIC_COUNT);
+ av_assert0(pics <= MAX_DELAYED_PIC_COUNT);
h->delayed_pic[pics++] = cur;
if(cur->reference == 0)
@@ -1848,15 +1859,30 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i
tmp_y[j] = get_bits(&gb, bit_depth);
}
if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){
- for (i = 0; i < 8; i++) {
- uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize);
- for (j = 0; j < 8; j++)
- tmp_cb[j] = get_bits(&gb, bit_depth);
- }
- for (i = 0; i < 8; i++) {
- uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize);
- for (j = 0; j < 8; j++)
- tmp_cr[j] = get_bits(&gb, bit_depth);
+ if (!h->sps.chroma_format_idc) {
+ for (i = 0; i < 8; i++) {
+ uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize);
+ for (j = 0; j < 8; j++) {
+ tmp_cb[j] = 1 << (bit_depth - 1);
+ }
+ }
+ for (i = 0; i < 8; i++) {
+ uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize);
+ for (j = 0; j < 8; j++) {
+ tmp_cr[j] = 1 << (bit_depth - 1);
+ }
+ }
+ } else {
+ for (i = 0; i < 8; i++) {
+ uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize);
+ for (j = 0; j < 8; j++)
+ tmp_cb[j] = get_bits(&gb, bit_depth);
+ }
+ for (i = 0; i < 8; i++) {
+ uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize);
+ for (j = 0; j < 8; j++)
+ tmp_cr[j] = get_bits(&gb, bit_depth);
+ }
}
}
} else {
@@ -1864,9 +1890,16 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i
memcpy(dest_y + i* linesize, h->mb + i*8, 16);
}
if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){
- for (i=0; i<8; i++) {
- memcpy(dest_cb+ i*uvlinesize, h->mb + 128 + i*4, 8);
- memcpy(dest_cr+ i*uvlinesize, h->mb + 160 + i*4, 8);
+ if (!h->sps.chroma_format_idc) {
+ for (i = 0; i < 8; i++) {
+ memset(dest_cb + i*uvlinesize, 128, 8);
+ memset(dest_cr + i*uvlinesize, 128, 8);
+ }
+ } else {
+ for (i = 0; i < 8; i++) {
+ memcpy(dest_cb + i*uvlinesize, h->mb + 128 + i*4, 8);
+ memcpy(dest_cr + i*uvlinesize, h->mb + 160 + i*4, 8);
+ }
}
}
}
@@ -2198,15 +2231,17 @@ static void implicit_weight_table(H264Context *h, int field){
for(ref0=ref_start; ref0 < ref_count0; ref0++){
int poc0 = h->ref_list[0][ref0].poc;
for(ref1=ref_start; ref1 < ref_count1; ref1++){
- int poc1 = h->ref_list[1][ref1].poc;
- int td = av_clip(poc1 - poc0, -128, 127);
- int w= 32;
- if(td){
- int tb = av_clip(cur_poc - poc0, -128, 127);
- int tx = (16384 + (FFABS(td) >> 1)) / td;
- int dist_scale_factor = (tb*tx + 32) >> 8;
- if(dist_scale_factor >= -64 && dist_scale_factor <= 128)
- w = 64 - dist_scale_factor;
+ int w = 32;
+ if (!h->ref_list[0][ref0].long_ref && !h->ref_list[1][ref1].long_ref) {
+ int poc1 = h->ref_list[1][ref1].poc;
+ int td = av_clip(poc1 - poc0, -128, 127);
+ if(td){
+ int tb = av_clip(cur_poc - poc0, -128, 127);
+ int tx = (16384 + (FFABS(td) >> 1)) / td;
+ int dist_scale_factor = (tb*tx + 32) >> 8;
+ if(dist_scale_factor >= -64 && dist_scale_factor <= 128)
+ w = 64 - dist_scale_factor;
+ }
}
if(field<0){
h->implicit_weight[ref0][ref1][0]=
@@ -2233,7 +2268,7 @@ static void idr(H264Context *h){
static void flush_dpb(AVCodecContext *avctx){
H264Context *h= avctx->priv_data;
int i;
- for(i=0; i<MAX_DELAYED_PIC_COUNT; i++) {
+ for(i=0; i<=MAX_DELAYED_PIC_COUNT; i++) {
if(h->delayed_pic[i])
h->delayed_pic[i]->reference= 0;
h->delayed_pic[i]= NULL;
@@ -2638,7 +2673,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
h->prev_interlaced_frame = 1;
init_scan_tables(h);
- ff_h264_alloc_tables(h);
+ if (ff_h264_alloc_tables(h) < 0) {
+ av_log(h->s.avctx, AV_LOG_ERROR, "Could not allocate memory for h264\n");
+ return AVERROR(ENOMEM);
+ }
if (!HAVE_THREADS || !(s->avctx->active_thread_type&FF_THREAD_SLICE)) {
if (context_init(h) < 0) {
@@ -3668,7 +3706,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
s->workaround_bugs |= FF_BUG_TRUNCATED;
if(!(s->workaround_bugs & FF_BUG_TRUNCATED)){
- while(ptr[dst_length - 1] == 0 && dst_length > 0)
+ while(dst_length > 0 && ptr[dst_length - 1] == 0)
dst_length--;
}
bit_length= !dst_length ? 0 : (8*dst_length - ff_h264_decode_rbsp_trailing(h, ptr + dst_length - 1));
diff --git a/libavcodec/h264.h b/libavcodec/h264.h
index 4188ad922c..76e9832975 100644
--- a/libavcodec/h264.h
+++ b/libavcodec/h264.h
@@ -53,6 +53,8 @@
#define MAX_DELAYED_PIC_COUNT 16
+#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes
+
/* Compiling in interlaced support reduces the speed
* of progressive decoding by about 2%. */
#define ALLOW_INTERLACE
diff --git a/libavcodec/h264_refs.c b/libavcodec/h264_refs.c
index 9554201522..83a5564e4c 100644
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -678,7 +678,7 @@ int ff_h264_decode_ref_pic_marking(H264Context *h, GetBitContext *gb){
}
if(opcode==MMCO_SHORT2LONG || opcode==MMCO_LONG2UNUSED || opcode==MMCO_LONG || opcode==MMCO_SET_MAX_LONG){
unsigned int long_arg= get_ue_golomb_31(gb);
- if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){
+ if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_SET_MAX_LONG && long_arg == 16) && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){
av_log(h->s.avctx, AV_LOG_ERROR, "illegal long ref in memory management control operation %d\n", opcode);
return -1;
}
diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c
index f58804bab3..152b7cca6c 100644
--- a/libavcodec/indeo2.c
+++ b/libavcodec/indeo2.c
@@ -153,6 +153,13 @@ static int ir2_decode_frame(AVCodecContext *avctx,
return -1;
}
+ start = 48; /* hardcoded for now */
+
+ if (start >= buf_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size);
+ return AVERROR_INVALIDDATA;
+ }
+
s->decode_delta = buf[18];
/* decide whether frame uses deltas or not */
@@ -160,9 +167,8 @@ static int ir2_decode_frame(AVCodecContext *avctx,
for (i = 0; i < buf_size; i++)
buf[i] = av_reverse[buf[i]];
#endif
- start = 48; /* hardcoded for now */
- init_get_bits(&s->gb, buf + start, buf_size - start);
+ init_get_bits(&s->gb, buf + start, (buf_size - start) * 8);
if (s->decode_delta) { /* intraframe */
ir2_decode_plane(s, avctx->width, avctx->height,
diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h
index 28c75248be..2c21f774e8 100644
--- a/libavcodec/jpegls.h
+++ b/libavcodec/jpegls.h
@@ -86,6 +86,8 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q){
}
static inline int ff_jpegls_update_state_regular(JLSState *state, int Q, int err){
+ if(FFABS(err) > 0xFFFF)
+ return -0x10000;
state->A[Q] += FFABS(err);
err *= state->twonear;
state->B[Q] += err;
diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index f4941992f6..f1fdee5d43 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -150,7 +150,7 @@ static int decode_frame(AVCodecContext *avctx,
if (video_type == 0 || video_type == 1) {
GetBitContext gb;
- init_get_bits(&gb, buf, FFMIN(video_size, buf_end - buf));
+ init_get_bits(&gb, buf, FFMIN(video_size, (buf_end - buf) * 8));
for (j = 0; j < avctx->height; j += 8)
for (i = 0; i < avctx->width; i += 8)
diff --git a/libavcodec/kgv1dec.c b/libavcodec/kgv1dec.c
index c364cfc593..3e3922774e 100644
--- a/libavcodec/kgv1dec.c
+++ b/libavcodec/kgv1dec.c
@@ -174,6 +174,5 @@ AVCodec ff_kgv1_decoder = {
NULL,
decode_end,
decode_frame,
- .max_lowres = 1,
.long_name = NULL_IF_CONFIG_SMALL("Kega Game Video"),
};
diff --git a/libavcodec/libspeexenc.c b/libavcodec/libspeexenc.c
new file mode 100644
index 0000000000..79a9fb0760
--- /dev/null
+++ b/libavcodec/libspeexenc.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 2009 by Xuggle Incorporated. All rights reserved.
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include <libavcodec/avcodec.h>
+#include <speex/speex.h>
+#include <speex/speex_header.h>
+#include <speex/speex_stereo.h>
+
+typedef struct {
+ SpeexBits bits;
+ void *enc_state;
+ SpeexHeader header;
+} LibSpeexEncContext;
+
+
+static av_cold int libspeex_encode_init(AVCodecContext *avctx)
+{
+ LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+ const SpeexMode *mode;
+
+ if ((avctx->sample_fmt != SAMPLE_FMT_S16 && avctx->sample_fmt != SAMPLE_FMT_FLT) ||
+ avctx->sample_rate <= 0 ||
+ avctx->channels <= 0 ||
+ avctx->channels > 2)
+ {
+ av_log(avctx, AV_LOG_ERROR, "Unsupported sample format, rate, or channels for speex");
+ return -1;
+ }
+
+ if (avctx->sample_rate <= 8000)
+ mode = &speex_nb_mode;
+ else if (avctx->sample_rate <= 16000)
+ mode = &speex_wb_mode;
+ else
+ mode = &speex_uwb_mode;
+
+ speex_bits_init(&s->bits);
+ s->enc_state = speex_encoder_init(mode);
+ if (!s->enc_state)
+ {
+ av_log(avctx, AV_LOG_ERROR, "could not initialize speex encoder");
+ return -1;
+ }
+
+ // initialize the header
+ speex_init_header(&s->header, avctx->sample_rate,
+ avctx->channels, mode);
+
+ // TODO: It'd be nice to support VBR here, but
+ // I'm uncertain what AVCodecContext options to use
+ // to signal whether to turn it on.
+ if (avctx->flags & CODEC_FLAG_QSCALE) {
+ spx_int32_t quality = 0;
+ // Map global_quality's mpeg 1/2/4 scale into Speex's 0-10 scale
+ if (avctx->global_quality > FF_LAMBDA_MAX)
+ quality = 0; // lowest possible quality
+ else
+ quality = (spx_int32_t)((FF_LAMBDA_MAX-avctx->global_quality)*10.0/FF_LAMBDA_MAX);
+ speex_encoder_ctl(s->enc_state, SPEEX_SET_QUALITY, &quality);
+ } else {
+ // default to CBR
+ if (avctx->bit_rate > 0)
+ speex_encoder_ctl(s->enc_state, SPEEX_SET_BITRATE, &avctx->bit_rate);
+ // otherwise just take the default quality setting
+ }
+ // reset the bit-rate to the actual bit rate speex will use
+ speex_encoder_ctl(s->enc_state, SPEEX_GET_BITRATE, &s->header.bitrate);
+ avctx->bit_rate = s->header.bitrate;
+
+ // get the actual sample rate
+ speex_encoder_ctl(s->enc_state, SPEEX_GET_SAMPLING_RATE, &s->header.rate);
+ avctx->sample_rate = s->header.rate;
+
+ // get the frame-size. To align with FLV, we're going to put 2 frames
+ // per packet. If someone can tell me how to make this configurable
+ // from the avcodec contents, I'll mod this so it's not hard-coded.
+ // but without this, FLV files with speex data won't play correctly
+ // in flash player 10.
+ speex_encoder_ctl(s->enc_state, SPEEX_GET_FRAME_SIZE, &s->header.frame_size);
+ s->header.frames_per_packet = 2; // Need for FLV container support
+ avctx->frame_size = s->header.frame_size*s->header.frames_per_packet;
+
+ // and we'll put a speex header packet into extradata so that muxers
+ // can use it.
+ avctx->extradata = speex_header_to_packet(&s->header, &avctx->extradata_size);
+ return 0;
+}
+
+static av_cold int libspeex_encode_frame(
+ AVCodecContext *avctx, uint8_t *frame,
+ int buf_size, void *data)
+{
+ LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+ int i = 0;
+
+ if (!data)
+ // nothing to flush
+ return 0;
+
+ speex_bits_reset(&s->bits);
+ for(i = 0; i < s->header.frames_per_packet; i++)
+ {
+ if (avctx->sample_fmt == SAMPLE_FMT_FLT)
+ {
+ if (avctx->channels == 2) {
+ speex_encode_stereo(
+ (float*)data+i*s->header.frame_size,
+ s->header.frame_size,
+ &s->bits);
+ }
+ speex_encode(s->enc_state,
+ (float*)data+i*s->header.frame_size, &s->bits);
+ } else {
+ if (avctx->channels == 2) {
+ speex_encode_stereo_int(
+ (spx_int16_t*)data+i*s->header.frame_size,
+ s->header.frame_size,
+ &s->bits);
+ }
+ speex_encode_int(s->enc_state,
+ (spx_int16_t*)data+i*s->header.frame_size, &s->bits);
+ }
+ }
+ // put in a terminator so this will fit in a OGG or FLV packet
+ speex_bits_insert_terminator(&s->bits);
+
+ if (buf_size >= speex_bits_nbytes(&s->bits)) {
+ return speex_bits_write(&s->bits, frame, buf_size);
+ } else {
+ av_log(avctx, AV_LOG_ERROR, "output buffer too small");
+ return -1;
+ }
+}
+
+static av_cold int libspeex_encode_close(AVCodecContext *avctx)
+{
+ LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+
+ speex_bits_destroy(&s->bits);
+ speex_encoder_destroy(s->enc_state);
+ s->enc_state = 0;
+ if (avctx->extradata)
+ speex_header_free(avctx->extradata);
+ avctx->extradata = 0;
+ avctx->extradata_size = 0;
+
+ return 0;
+}
+
+AVCodec ff_libspeex_encoder = {
+ "libspeex",
+ AVMEDIA_TYPE_AUDIO,
+ CODEC_ID_SPEEX,
+ sizeof(LibSpeexEncContext),
+ libspeex_encode_init,
+ libspeex_encode_frame,
+ libspeex_encode_close,
+ 0,
+ .capabilities = CODEC_CAP_DELAY,
+ .supported_samplerates = (const int[]){8000, 16000, 32000, 0},
+ .sample_fmts = (enum SampleFormat[]){SAMPLE_FMT_S16,SAMPLE_FMT_FLT,SAMPLE_FMT_NONE},
+ .long_name = NULL_IF_CONFIG_SMALL("libspeex Speex Encoder"),
+};
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index e64ea5cd68..817636fa47 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -318,8 +318,10 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
case 0x11111100:
if(s->rgb){
s->avctx->pix_fmt = PIX_FMT_BGRA;
- }else
+ }else{
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV444P : PIX_FMT_YUVJ444P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
+ }
assert(s->nb_components==3);
break;
case 0x11000000:
@@ -327,12 +329,15 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
break;
case 0x12111100:
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV440P : PIX_FMT_YUVJ440P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
break;
case 0x21111100:
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV422P : PIX_FMT_YUVJ422P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
break;
case 0x22111100:
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV420P : PIX_FMT_YUVJ420P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
break;
default:
av_log(s->avctx, AV_LOG_ERROR, "Unhandled pixel format 0x%x\n", pix_fmt_id);
diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index 01558ab95b..b18efa6b9c 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -279,7 +279,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
if (sz == 0)
goto end;
- init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+ if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+ goto end;
mp_decode_frame_helper(mp, &gb);
free_vlc(&mp->vlc);
diff --git a/libavcodec/mpeg4videoenc.c b/libavcodec/mpeg4videoenc.c
index bdff535a99..f4ec50c9af 100644
--- a/libavcodec/mpeg4videoenc.c
+++ b/libavcodec/mpeg4videoenc.c
@@ -898,8 +898,8 @@ static void mpeg4_encode_gop_header(MpegEncContext * s){
s->last_time_base= FFUDIV(time, s->avctx->time_base.den);
seconds= FFUDIV(time, s->avctx->time_base.den);
- minutes= FFUDIV(seconds, 60); FFUMOD(seconds, 60);
- hours = FFUDIV(minutes, 60); FFUMOD(minutes, 60);
+ minutes= FFUDIV(seconds, 60); seconds = FFUMOD(seconds, 60);
+ hours = FFUDIV(minutes, 60); minutes = FFUMOD(minutes, 60);
hours = FFUMOD(hours , 24);
put_bits(&s->pb, 5, hours);
diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index cdbda34185..458ac19980 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -285,9 +285,10 @@ int ff_alloc_picture(MpegEncContext *s, Picture *pic, int shared){
}
FF_ALLOCZ_OR_GOTO(s->avctx, pic->mbskip_table , mb_array_size * sizeof(uint8_t)+2, fail) //the +2 is for the slice end check
- FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table , mb_array_size * sizeof(uint8_t) , fail)
+ FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table_base , (big_mb_num + s->mb_stride) * sizeof(uint8_t) , fail)
FF_ALLOCZ_OR_GOTO(s->avctx, pic->mb_type_base , (big_mb_num + s->mb_stride) * sizeof(uint32_t), fail)
pic->mb_type= pic->mb_type_base + 2*s->mb_stride+1;
+ pic->qscale_table = pic->qscale_table_base + 2*s->mb_stride + 1;
if(s->out_format == FMT_H264){
for(i=0; i<2; i++){
FF_ALLOCZ_OR_GOTO(s->avctx, pic->motion_val_base[i], 2 * (b4_array_size+4) * sizeof(int16_t), fail)
@@ -339,7 +340,7 @@ static void free_picture(MpegEncContext *s, Picture *pic){
av_freep(&pic->mc_mb_var);
av_freep(&pic->mb_mean);
av_freep(&pic->mbskip_table);
- av_freep(&pic->qscale_table);
+ av_freep(&pic->qscale_table_base);
av_freep(&pic->mb_type_base);
av_freep(&pic->dct_coeff);
av_freep(&pic->pan_scan);
diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h
index 499792dff7..57cc59c6e1 100644
--- a/libavcodec/mpegvideo.h
+++ b/libavcodec/mpegvideo.h
@@ -88,6 +88,7 @@ typedef struct Picture{
* halfpel luma planes.
*/
uint8_t *interpolated[3];
+ int8_t *qscale_table_base;
int16_t (*motion_val_base[2])[2];
uint32_t *mb_type_base;
#define MB_TYPE_INTRA MB_TYPE_INTRA4x4 //default mb_type if there is just one type
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index 59c1b3bdd8..d85483dbf4 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
NellyMoserDecodeContext *s = avctx->priv_data;
+ int data_max = *data_size;
int blocks, i;
int16_t* samples;
*data_size = 0;
@@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
*/
for (i=0 ; i<blocks ; i++) {
+ if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
+ return i > 0 ? i * NELLY_BLOCK_LEN : -1;
nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
*data_size += NELLY_SAMPLES*sizeof(int16_t);
diff --git a/libavcodec/options.c b/libavcodec/options.c
index f35cb3cc0f..0a0a442f87 100644
--- a/libavcodec/options.c
+++ b/libavcodec/options.c
@@ -447,10 +447,9 @@ static const AVOption options[]={
{"lpc_passes", "deprecated, use flac-specific options", OFFSET(lpc_passes), FF_OPT_TYPE_INT, {.dbl = -1 }, INT_MIN, INT_MAX, A|E},
#endif
{"slices", "number of slices, used in parallelized decoding", OFFSET(slices), FF_OPT_TYPE_INT, {.dbl = 0 }, 0, INT_MAX, V|E},
-{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_INT, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"},
+{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_FLAGS, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"},
{"slice", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_SLICE }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
{"frame", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_FRAME }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
-{"vbv_delay", "initial buffer fill time in periods of 27Mhz clock", 0, FF_OPT_TYPE_INT64, {.dbl = 0 }, 0, INT64_MAX},
{"audio_service_type", "audio service type", OFFSET(audio_service_type), FF_OPT_TYPE_INT, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, 0, AV_AUDIO_SERVICE_TYPE_NB-1, A|E, "audio_service_type"},
{"ma", "Main Audio Service", 0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, INT_MIN, INT_MAX, A|E, "audio_service_type"},
{"ef", "Effects", 0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_EFFECTS }, INT_MIN, INT_MAX, A|E, "audio_service_type"},
diff --git a/libavcodec/qcelpdec.c b/libavcodec/qcelpdec.c
index 3ed821c81e..e83704d801 100644
--- a/libavcodec/qcelpdec.c
+++ b/libavcodec/qcelpdec.c
@@ -839,7 +839,7 @@ erasure:
*data_size = 160 * sizeof(*outbuffer);
- return *data_size;
+ return buf_size;
}
AVCodec ff_qcelp_decoder =
diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c
index 6874fc7034..cc742d15a1 100644
--- a/libavcodec/ratecontrol.c
+++ b/libavcodec/ratecontrol.c
@@ -866,6 +866,12 @@ static int init_pass2(MpegEncContext *s)
assert(filter_size%2==1);
/* fixed I/B QP relative to P mode */
+ for(i=FFMAX(0, rcc->num_entries-300); i<rcc->num_entries; i++){
+ RateControlEntry *rce= &rcc->entry[i];
+
+ qscale[i]= get_diff_limited_q(s, rce, qscale[i]);
+ }
+
for(i=rcc->num_entries-1; i>=0; i--){
RateControlEntry *rce= &rcc->entry[i];
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c
index 2f822a8ac2..189b79f4d0 100644
--- a/libavcodec/rv10.c
+++ b/libavcodec/rv10.c
@@ -559,8 +559,14 @@ static int rv10_decode_packet(AVCodecContext *avctx,
if(MPV_frame_start(s, avctx) < 0)
return -1;
ff_er_frame_start(s);
+ } else {
+ if (s->current_picture_ptr->pict_type != s->pict_type) {
+ av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n");
+ return -1;
+ }
}
+
av_dlog(avctx, "qscale=%d\n", s->qscale);
/* default quantization values */
diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c
index b43859b9cb..600656b466 100644
--- a/libavcodec/rv30.c
+++ b/libavcodec/rv30.c
@@ -51,6 +51,11 @@ static int rv30_parse_slice_header(RV34DecContext *r, GetBitContext *gb, SliceIn
skip_bits1(gb);
si->pts = get_bits(gb, 13);
rpr = get_bits(gb, r->rpr);
+ if (r->s.avctx->extradata_size < 8 + rpr*2) {
+ av_log(r->s.avctx, AV_LOG_WARNING,
+ "Extradata does not contain selected resolution\n");
+ rpr = 0;
+ }
if(rpr){
w = r->s.avctx->extradata[6 + rpr*2] << 2;
h = r->s.avctx->extradata[7 + rpr*2] << 2;
@@ -74,7 +79,7 @@ static int rv30_decode_intra_types(RV34DecContext *r, GetBitContext *gb, int8_t
for(i = 0; i < 4; i++, dst += r->intra_types_stride - 4){
for(j = 0; j < 4; j+= 2){
int code = svq3_get_ue_golomb(gb) << 1;
- if(code >= 81*2){
+ if(code >= 81U*2U){
av_log(r->s.avctx, AV_LOG_ERROR, "Incorrect intra prediction code\n");
return -1;
}
@@ -103,7 +108,7 @@ static int rv30_decode_mb_info(RV34DecContext *r)
GetBitContext *gb = &s->gb;
int code = svq3_get_ue_golomb(gb);
- if(code > 11){
+ if(code > 11U){
av_log(s->avctx, AV_LOG_ERROR, "Incorrect MB type code\n");
return -1;
}
@@ -256,6 +261,7 @@ static av_cold int rv30_decode_init(AVCodecContext *avctx)
if(avctx->extradata_size - 8 < (r->rpr - 1) * 2){
av_log(avctx, AV_LOG_ERROR, "Insufficient extradata - need at least %d bytes, got %d\n",
6 + r->rpr * 2, avctx->extradata_size);
+ return AVERROR(EINVAL);
}
r->parse_slice_header = rv30_parse_slice_header;
r->decode_intra_types = rv30_decode_intra_types;
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c
index 132d953474..089ad429b7 100644
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c
@@ -1305,6 +1305,17 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int
r->next_pts = r->cur_pts;
}
s->mb_x = s->mb_y = 0;
+ } else {
+ int slice_type = r->si.type ? r->si.type : AV_PICTURE_TYPE_I;
+
+ if (slice_type != s->pict_type) {
+ av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n");
+ return AVERROR_INVALIDDATA;
+ }
+ if (s->width != r->si.width || s->height != r->si.height) {
+ av_log(s->avctx, AV_LOG_ERROR, "Size mismatch\n");
+ return AVERROR_INVALIDDATA;
+ }
}
r->si.end = end;
@@ -1436,15 +1447,17 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
slice_count = (*buf++) + 1;
slices_hdr = buf + 4;
buf += 8 * slice_count;
+ buf_size -= 1 + 8 * slice_count;
}else
slice_count = avctx->slice_count;
//parse first slice header to check whether this frame can be decoded
- if(get_slice_offset(avctx, slices_hdr, 0) > buf_size){
- av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
+ if(get_slice_offset(avctx, slices_hdr, 0) < 0 ||
+ get_slice_offset(avctx, slices_hdr, 0) > buf_size){
+ av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
return -1;
}
- init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), buf_size-get_slice_offset(avctx, slices_hdr, 0));
+ init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8);
if(r->parse_slice_header(r, &r->s.gb, &si) < 0 || si.start){
av_log(avctx, AV_LOG_ERROR, "First slice header is incorrect\n");
return -1;
@@ -1457,8 +1470,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
#endif
if( (avctx->skip_frame >= AVDISCARD_NONREF && si.type==AV_PICTURE_TYPE_B)
|| (avctx->skip_frame >= AVDISCARD_NONKEY && si.type!=AV_PICTURE_TYPE_I)
- || avctx->skip_frame >= AVDISCARD_ALL)
- return buf_size;
+ || avctx->skip_frame >= AVDISCARD_ALL) return avpkt->size;
#if FF_API_HURRY_UP
/* skip everything if we are in a hurry>=5 */
if(avctx->hurry_up>=5)
@@ -1473,13 +1485,18 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
else
size= get_slice_offset(avctx, slices_hdr, i+1) - offset;
- if(offset > buf_size){
- av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
+ if(offset < 0 || offset > buf_size){
+ av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
break;
}
r->si.end = s->mb_width * s->mb_height;
if(i+1 < slice_count){
+ if (get_slice_offset(avctx, slices_hdr, i+1) < 0 ||
+ get_slice_offset(avctx, slices_hdr, i+1) > buf_size) {
+ av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
+ break;
+ }
init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8);
if(r->parse_slice_header(r, &r->s.gb, &si) < 0){
if(i+2 < slice_count)
@@ -1489,13 +1506,17 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
}else
r->si.end = si.start;
}
+ if (size < 0 || size > buf_size - offset) {
+ av_log(avctx, AV_LOG_ERROR, "Slice size is invalid\n");
+ break;
+ }
last = rv34_decode_slice(r, r->si.end, buf + offset, size);
s->mb_num_left = r->s.mb_x + r->s.mb_y*r->s.mb_width - r->si.start;
if(last)
break;
}
- if(last){
+ if(last && s->current_picture_ptr){
if(r->loop_filter)
r->loop_filter(r, s->mb_height - 1);
ff_er_frame_end(s);
@@ -1512,7 +1533,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
}
s->current_picture_ptr= NULL; //so we can detect if frame_end wasnt called (find some nicer solution...)
}
- return buf_size;
+ return avpkt->size;
}
av_cold int ff_rv34_decode_end(AVCodecContext *avctx)
diff --git a/libavcodec/rv40.c b/libavcodec/rv40.c
index 54d786a3a6..842f01af02 100644
--- a/libavcodec/rv40.c
+++ b/libavcodec/rv40.c
@@ -231,8 +231,11 @@ static int rv40_decode_mb_info(RV34DecContext *r)
int blocks[RV34_MB_TYPES] = {0};
int count = 0;
- if(!r->s.mb_skip_run)
+ if(!r->s.mb_skip_run) {
r->s.mb_skip_run = svq3_get_ue_golomb(gb) + 1;
+ if(r->s.mb_skip_run > (unsigned)s->mb_num)
+ return -1;
+ }
if(--r->s.mb_skip_run)
return RV34_MB_SKIP;
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index b8eab837ff..be4bc2336f 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -134,11 +134,13 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx
return -1;
}
b1 = get_bits_count(gb);
- i1 = get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3);
+ i1 = ctx->v1->table ? get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3) : 0;
b1 = get_bits_count(gb) - b1;
b2 = get_bits_count(gb);
- i2 = get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3);
+ i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0;
b2 = get_bits_count(gb) - b2;
+ if (i1 < 0 || i2 < 0)
+ return -1;
val = ctx->recode1[i1] | (ctx->recode2[i2] << 8);
if(val == ctx->escapes[0]) {
ctx->last[0] = hc->current;
@@ -290,7 +292,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->mmap_tbl[0] = 0;
smk->mmap_last[0] = smk->mmap_last[1] = smk->mmap_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size))
+ return -1;
}
if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n");
@@ -298,7 +301,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->mclr_tbl[0] = 0;
smk->mclr_last[0] = smk->mclr_last[1] = smk->mclr_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size))
+ return -1;
}
if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n");
@@ -306,7 +310,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->full_tbl[0] = 0;
smk->full_last[0] = smk->full_last[1] = smk->full_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size))
+ return -1;
}
if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n");
@@ -314,7 +319,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->type_tbl[0] = 0;
smk->type_last[0] = smk->type_last[1] = smk->type_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size))
+ return -1;
}
return 0;
@@ -523,8 +529,8 @@ static av_cold int decode_init(AVCodecContext *avctx)
return -1;
}
- decode_header_trees(c);
-
+ if (decode_header_trees(c))
+ return -1;
return 0;
}
@@ -619,9 +625,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
if(bits) { //decode 16-bit data
for(i = stereo; i >= 0; i--)
pred[i] = av_bswap16(get_bits(&gb, 16));
- for(i = 0; i < stereo; i++)
+ for(i = 0; i <= stereo; i++)
*samples++ = pred[i];
- for(i = 0; i < unp_size / 2; i++) {
+ for(; i < unp_size / 2; i++) {
if(i & stereo) {
if(vlc[2].table)
res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3);
@@ -653,9 +659,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
} else { //8-bit data
for(i = stereo; i >= 0; i--)
pred[i] = get_bits(&gb, 8);
- for(i = 0; i < stereo; i++)
+ for(i = 0; i <= stereo; i++)
*samples8++ = pred[i];
- for(i = 0; i < unp_size; i++) {
+ for(; i < unp_size; i++) {
if(i & stereo){
if(vlc[1].table)
res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3);
diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index b1f3601ee7..e7839be8b5 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -221,7 +221,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block,
for (limit = (16 >> intra); index < 16; index = limit, limit += 8) {
for (; (vlc = svq3_get_ue_golomb(gb)) != 0; index++) {
- if (vlc == INVALID_VLC)
+ if (vlc < 0)
return -1;
sign = (vlc & 0x1) - 1;
@@ -239,7 +239,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block,
level = ((vlc + 9) >> 2) - run;
}
} else {
- if (vlc < 16) {
+ if (vlc < 16U) {
run = svq3_dct_tables[intra][vlc].run;
level = svq3_dct_tables[intra][vlc].level;
} else if (intra) {
@@ -569,7 +569,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type)
for (i = 0; i < 16; i+=2) {
vlc = svq3_get_ue_golomb(&s->gb);
- if (vlc >= 25){
+ if (vlc >= 25U){
av_log(h->s.avctx, AV_LOG_ERROR, "luma prediction:%d\n", vlc);
return -1;
}
@@ -641,7 +641,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type)
}
if (!IS_INTRA16x16(mb_type) && (!IS_SKIP(mb_type) || s->pict_type == AV_PICTURE_TYPE_B)) {
- if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48){
+ if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48U){
av_log(h->s.avctx, AV_LOG_ERROR, "cbp_vlc=%d\n", vlc);
return -1;
}
@@ -651,7 +651,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type)
if (IS_INTRA16x16(mb_type) || (s->pict_type != AV_PICTURE_TYPE_I && s->adaptive_quant && cbp)) {
s->qscale += svq3_get_se_golomb(&s->gb);
- if (s->qscale > 31){
+ if (s->qscale > 31U){
av_log(h->s.avctx, AV_LOG_ERROR, "qscale:%d\n", s->qscale);
return -1;
}
@@ -755,7 +755,7 @@ static int svq3_decode_slice_header(AVCodecContext *avctx)
skip_bits_long(&s->gb, 0);
}
- if ((i = svq3_get_ue_golomb(&s->gb)) == INVALID_VLC || i >= 3){
+ if ((i = svq3_get_ue_golomb(&s->gb)) >= 3U){
av_log(h->s.avctx, AV_LOG_ERROR, "illegal slice type %d \n", i);
return -1;
}
diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index dccca46132..ed7665ee29 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -226,7 +226,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx)
if (avctx->extradata_size < 30)
return -1;
- init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size);
+ init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size * 8);
if (show_bits_long(&s->gb, 32) == AV_RL32("TTA1"))
{
/* signature */
diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index d6b48b46d0..90130a0b25 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -485,8 +485,8 @@ static int decode_sequence_header_adv(VC1Context *v, GetBitContext *gb)
if(ar && ar < 14){
v->s.avctx->sample_aspect_ratio = ff_vc1_pixel_aspect[ar];
}else if(ar == 15){
- w = get_bits(gb, 8);
- h = get_bits(gb, 8);
+ w = get_bits(gb, 8) + 1;
+ h = get_bits(gb, 8) + 1;
v->s.avctx->sample_aspect_ratio = (AVRational){w, h};
}
av_log(v->s.avctx, AV_LOG_DEBUG, "Aspect: %i:%i\n", v->s.avctx->sample_aspect_ratio.num, v->s.avctx->sample_aspect_ratio.den);
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 8f70baa918..88607bf68e 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -243,7 +243,7 @@ static void vc1_loop_filter_iblk(VC1Context *v, int pq)
}
v->vc1dsp.vc1_v_loop_filter16(s->dest[0] + 8*s->linesize, s->linesize, pq);
- if (s->mb_y == s->mb_height-1) {
+ if (s->mb_y == s->end_mb_y-1) {
if (s->mb_x) {
v->vc1dsp.vc1_h_loop_filter16(s->dest[0], s->linesize, pq);
v->vc1dsp.vc1_h_loop_filter8(s->dest[1], s->uvlinesize, pq);
@@ -295,7 +295,7 @@ static void vc1_loop_filter_iblk_delayed(VC1Context *v, int pq)
v->vc1dsp.vc1_v_loop_filter16(s->dest[0] - 8 * s->linesize, s->linesize, pq);
}
- if (s->mb_y == s->mb_height) {
+ if (s->mb_y == s->end_mb_y) {
if (s->mb_x) {
if (s->mb_x >= 2)
v->vc1dsp.vc1_h_loop_filter16(s->dest[0] - 16 * s->linesize - 16, s->linesize, pq);
@@ -2330,7 +2330,7 @@ static av_always_inline void vc1_apply_p_v_loop_filter(VC1Context *v, int block_
} else {
dst = s->dest[0] + (block_num & 1) * 8 + ((block_num & 2) * 4 - 8) * linesize;
}
- if (s->mb_y != s->mb_height || block_num < 2) {
+ if (s->mb_y != s->end_mb_y || block_num < 2) {
int16_t (*mv)[2];
int mv_stride;
@@ -3020,7 +3020,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v)
s->mb_x = 0;
ff_init_block_index(s);
memset(&s->coded_block[s->block_index[0]-s->b8_stride], 0,
- s->b8_stride * sizeof(*s->coded_block));
+ (1 + s->b8_stride) * sizeof(*s->coded_block));
}
for(; s->mb_y < s->end_mb_y; s->mb_y++) {
s->mb_x = 0;
@@ -3096,7 +3096,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v)
if(v->s.loop_filter) vc1_loop_filter_iblk_delayed(v, v->pq);
}
if (v->s.loop_filter)
- ff_draw_horiz_band(s, (s->mb_height-1)*16, 16);
+ ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16);
ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END));
}
@@ -3219,7 +3219,7 @@ static void vc1_decode_b_blocks(VC1Context *v)
s->first_slice_line = 0;
}
if (v->s.loop_filter)
- ff_draw_horiz_band(s, (s->mb_height-1)*16, 16);
+ ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16);
ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END));
}
@@ -3227,9 +3227,9 @@ static void vc1_decode_skip_blocks(VC1Context *v)
{
MpegEncContext *s = &v->s;
- ff_er_add_slice(s, 0, 0, s->mb_width - 1, s->mb_height - 1, (AC_END|DC_END|MV_END));
+ ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END));
s->first_slice_line = 1;
- for(s->mb_y = 0; s->mb_y < s->mb_height; s->mb_y++) {
+ for(s->mb_y = s->start_mb_y; s->mb_y < s->end_mb_y; s->mb_y++) {
s->mb_x = 0;
ff_init_block_index(s);
ff_update_block_index(s);
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index 148f1179e3..b9af998bc5 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2321,6 +2321,26 @@ static av_cold int theora_decode_init(AVCodecContext *avctx)
return vp3_decode_init(avctx);
}
+static void vp3_decode_flush(AVCodecContext *avctx)
+{
+ Vp3DecodeContext *s = avctx->priv_data;
+
+ if (s->golden_frame.data[0]) {
+ if (s->golden_frame.data[0] == s->last_frame.data[0])
+ memset(&s->last_frame, 0, sizeof(AVFrame));
+ if (s->current_frame.data[0] == s->golden_frame.data[0])
+ memset(&s->current_frame, 0, sizeof(AVFrame));
+ ff_thread_release_buffer(avctx, &s->golden_frame);
+ }
+ if (s->last_frame.data[0]) {
+ if (s->current_frame.data[0] == s->last_frame.data[0])
+ memset(&s->current_frame, 0, sizeof(AVFrame));
+ ff_thread_release_buffer(avctx, &s->last_frame);
+ }
+ if (s->current_frame.data[0])
+ ff_thread_release_buffer(avctx, &s->current_frame);
+}
+
AVCodec ff_theora_decoder = {
"theora",
AVMEDIA_TYPE_VIDEO,
@@ -2332,6 +2352,7 @@ AVCodec ff_theora_decoder = {
vp3_decode_frame,
CODEC_CAP_DR1 | CODEC_CAP_DRAW_HORIZ_BAND | CODEC_CAP_FRAME_THREADS,
NULL,
+ .flush = vp3_decode_flush,
.long_name = NULL_IF_CONFIG_SMALL("Theora"),
.update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context)
};
@@ -2348,6 +2369,7 @@ AVCodec ff_vp3_decoder = {
vp3_decode_frame,
CODEC_CAP_DR1 | CODEC_CAP_DRAW_HORIZ_BAND | CODEC_CAP_FRAME_THREADS,
NULL,
+ .flush = vp3_decode_flush,
.long_name = NULL_IF_CONFIG_SMALL("On2 VP3"),
.update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context)
};
diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c
index e9de38e6dd..f1b0169ae1 100644
--- a/libavcodec/vp5.c
+++ b/libavcodec/vp5.c
@@ -116,7 +116,7 @@ static void vp5_parse_vector_models(VP56Context *s)
model->vector_pdv[comp][node] = vp56_rac_gets_nn(c, 7);
}
-static void vp5_parse_coeff_models(VP56Context *s)
+static int vp5_parse_coeff_models(VP56Context *s)
{
VP56RangeCoder *c = &s->c;
VP56Model *model = s->modelp;
@@ -160,6 +160,7 @@ static void vp5_parse_coeff_models(VP56Context *s)
for (ctx=0; ctx<6; ctx++)
for (node=0; node<5; node++)
model->coeff_acct[pt][ct][cg][ctx][node] = av_clip(((model->coeff_ract[pt][ct][cg][node] * vp5_ract_lc[ct][cg][node][ctx][0] + 128) >> 8) + vp5_ract_lc[ct][cg][node][ctx][1], 1, 254);
+ return 0;
}
static void vp5_parse_coeff(VP56Context *s)
diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c
index ad451c251f..30f3efbc46 100644
--- a/libavcodec/vp56.c
+++ b/libavcodec/vp56.c
@@ -399,6 +399,8 @@ static void vp56_decode_mb(VP56Context *s, int row, int col, int is_alpha)
frame_current = s->framep[VP56_FRAME_CURRENT];
frame_ref = s->framep[ref_frame];
+ if (mb_type != VP56_MB_INTRA && !frame_ref->data[0])
+ return;
ab = 6*is_alpha;
b_max = 6 - 2*is_alpha;
@@ -511,6 +513,16 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
if (!res)
return -1;
+ if (res == 2) {
+ int i;
+ for (i = 0; i < 4; i++) {
+ if (s->frames[i].data[0])
+ avctx->release_buffer(avctx, &s->frames[i]);
+ }
+ if (is_alpha)
+ return -1;
+ }
+
if (!is_alpha) {
p->reference = 1;
if (avctx->get_buffer(avctx, p) < 0) {
@@ -537,7 +549,8 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
s->mb_type = VP56_MB_INTER_NOVEC_PF;
}
- s->parse_coeff_models(s);
+ if (s->parse_coeff_models(s))
+ goto next;
memset(s->prev_dc, 0, sizeof(s->prev_dc));
s->prev_dc[1][VP56_FRAME_CURRENT] = 128;
@@ -601,6 +614,7 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
}
}
+ next:
if (p->key_frame || golden_frame) {
if (s->framep[VP56_FRAME_GOLDEN]->data[0] &&
s->framep[VP56_FRAME_GOLDEN] != s->framep[VP56_FRAME_GOLDEN2])
diff --git a/libavcodec/vp56.h b/libavcodec/vp56.h
index d1735e5609..4d560dac6a 100644
--- a/libavcodec/vp56.h
+++ b/libavcodec/vp56.h
@@ -46,7 +46,7 @@ typedef void (*VP56Filter)(VP56Context *s, uint8_t *dst, uint8_t *src,
typedef void (*VP56ParseCoeff)(VP56Context *s);
typedef void (*VP56DefaultModelsInit)(VP56Context *s);
typedef void (*VP56ParseVectorModels)(VP56Context *s);
-typedef void (*VP56ParseCoeffModels)(VP56Context *s);
+typedef int (*VP56ParseCoeffModels)(VP56Context *s);
typedef int (*VP56ParseHeader)(VP56Context *s, const uint8_t *buf,
int buf_size, int *golden_frame);
diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c
index 0a02ce58d6..d05a3618f7 100644
--- a/libavcodec/vp6.c
+++ b/libavcodec/vp6.c
@@ -213,8 +213,8 @@ static int vp6_huff_cmp(const void *va, const void *vb)
return (a->count - b->count)*16 + (b->sym - a->sym);
}
-static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[],
- const uint8_t *map, unsigned size, VLC *vlc)
+static int vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[],
+ const uint8_t *map, unsigned size, VLC *vlc)
{
Node nodes[2*VP6_MAX_HUFF_SIZE], *tmp = &nodes[size];
int a, b, i;
@@ -229,12 +229,12 @@ static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[],
}
free_vlc(vlc);
- /* then build the huffman tree accodring to probabilities */
- ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp,
- FF_HUFFMAN_FLAG_HNODE_FIRST);
+ /* then build the huffman tree according to probabilities */
+ return ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp,
+ FF_HUFFMAN_FLAG_HNODE_FIRST);
}
-static void vp6_parse_coeff_models(VP56Context *s)
+static int vp6_parse_coeff_models(VP56Context *s)
{
VP56RangeCoder *c = &s->c;
VP56Model *model = s->modelp;
@@ -279,15 +279,18 @@ static void vp6_parse_coeff_models(VP56Context *s)
if (s->use_huffman) {
for (pt=0; pt<2; pt++) {
- vp6_build_huff_tree(s, model->coeff_dccv[pt],
- vp6_huff_coeff_map, 12, &s->dccv_vlc[pt]);
- vp6_build_huff_tree(s, model->coeff_runv[pt],
- vp6_huff_run_map, 9, &s->runv_vlc[pt]);
+ if (vp6_build_huff_tree(s, model->coeff_dccv[pt],
+ vp6_huff_coeff_map, 12, &s->dccv_vlc[pt]))
+ return -1;
+ if (vp6_build_huff_tree(s, model->coeff_runv[pt],
+ vp6_huff_run_map, 9, &s->runv_vlc[pt]))
+ return -1;
for (ct=0; ct<3; ct++)
for (cg = 0; cg < 6; cg++)
- vp6_build_huff_tree(s, model->coeff_ract[pt][ct][cg],
- vp6_huff_coeff_map, 12,
- &s->ract_vlc[pt][ct][cg]);
+ if (vp6_build_huff_tree(s, model->coeff_ract[pt][ct][cg],
+ vp6_huff_coeff_map, 12,
+ &s->ract_vlc[pt][ct][cg]))
+ return -1;
}
memset(s->nb_null, 0, sizeof(s->nb_null));
} else {
@@ -297,6 +300,7 @@ static void vp6_parse_coeff_models(VP56Context *s)
for (node=0; node<5; node++)
model->coeff_dcct[pt][ctx][node] = av_clip(((model->coeff_dccv[pt][node] * vp6_dccv_lc[ctx][node][0] + 128) >> 8) + vp6_dccv_lc[ctx][node][1], 1, 255);
}
+ return 0;
}
static void vp6_parse_vector_adjustment(VP56Context *s, VP56mv *vect)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index d5102320fd..a785b90046 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -292,7 +292,14 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
}
}else{
t = get_unary_0_33(gb);
- if(t >= 2) t = get_bits(gb, t - 1) | (1 << (t-1));
+ if(t >= 2){
+ if(get_bits_left(gb) < t-1)
+ goto error;
+ t = get_bits(gb, t - 1) | (1 << (t-1));
+ }else{
+ if(get_bits_left(gb) < 0)
+ goto error;
+ }
ctx->zeroes = t;
if(ctx->zeroes){
memset(ctx->ch[0].median, 0, sizeof(ctx->ch[0].median));
@@ -303,24 +310,24 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
}
}
- if(get_bits_count(gb) >= ctx->data_size){
- *last = 1;
- return 0;
- }
-
if(ctx->zero){
t = 0;
ctx->zero = 0;
}else{
t = get_unary_0_33(gb);
- if(get_bits_count(gb) >= ctx->data_size){
- *last = 1;
- return 0;
- }
+ if(get_bits_left(gb) < 0)
+ goto error;
if(t == 16) {
t2 = get_unary_0_33(gb);
- if(t2 < 2) t += t2;
- else t += get_bits(gb, t2 - 1) | (1 << (t2 - 1));
+ if(t2 < 2){
+ if(get_bits_left(gb) < 0)
+ goto error;
+ t += t2;
+ }else{
+ if(get_bits_left(gb) < t2 - 1)
+ goto error;
+ t += get_bits(gb, t2 - 1) | (1 << (t2 - 1));
+ }
}
if(ctx->one){
@@ -360,9 +367,13 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
}
if(!c->error_limit){
ret = base + get_tail(gb, add);
+ if (get_bits_left(gb) <= 0)
+ goto error;
}else{
int mid = (base*2 + add + 1) >> 1;
while(add > c->error_limit){
+ if(get_bits_left(gb) <= 0)
+ goto error;
if(get_bits1(gb)){
add -= (mid - base);
base = mid;
@@ -376,6 +387,10 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
if(ctx->hybrid_bitrate)
c->slow_level += wp_log2(ret) - LEVEL_DECAY(c->slow_level);
return sign ? ~ret : ret;
+
+error:
+ *last = 1;
+ return 0;
}
static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, int S)
@@ -385,7 +400,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in
if(s->extra_bits){
S <<= s->extra_bits;
- if(s->got_extra_bits){
+ if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){
S |= get_bits(&s->gb_extra_bits, s->extra_bits);
*crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16);
}
@@ -580,7 +595,10 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, vo
count++;
}while(!last && count < s->max_samples);
- s->samples_left -= count;
+ if (last)
+ s->samples_left = 0;
+ else
+ s->samples_left -= count;
if(!s->samples_left){
if(crc != s->CRC){
av_log(s->avctx, AV_LOG_ERROR, "CRC error\n");
@@ -658,7 +676,10 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, void
count++;
}while(!last && count < s->max_samples);
- s->samples_left -= count;
+ if (last)
+ s->samples_left = 0;
+ else
+ s->samples_left -= count;
if(!s->samples_left){
if(crc != s->CRC){
av_log(s->avctx, AV_LOG_ERROR, "CRC error\n");
@@ -779,7 +800,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
s->samples = AV_RL32(buf); buf += 4;
if(!s->samples){
*data_size = 0;
- return buf_size;
+ return 0;
}
}else{
s->samples = wc->samples;
@@ -841,12 +862,13 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
}
switch(id & WP_IDF_MASK){
case WP_ID_DECTERMS:
- s->terms = size;
- if(s->terms > MAX_TERMS){
+ if(size > MAX_TERMS){
av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n");
+ s->terms = 0;
buf += ssize;
continue;
}
+ s->terms = size;
for(i = 0; i < s->terms; i++) {
s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5;
s->decorr[s->terms - i - 1].delta = *buf >> 5;
@@ -1098,6 +1120,10 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_S32);
else
samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_FLT);
+
+ if (samplecount < 0)
+ return -1;
+
samplecount >>= 1;
}else{
const int channel_stride = avctx->channels;
@@ -1109,6 +1135,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
else
samplecount = wv_unpack_mono(s, &s->gb, samples, AV_SAMPLE_FMT_FLT);
+ if (samplecount < 0)
+ return -1;
+
if(s->stereo && avctx->sample_fmt == AV_SAMPLE_FMT_S16){
int16_t *dst = (int16_t*)samples + 1;
int16_t *src = (int16_t*)samples;
diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index f5d1812aec..357593bf2d 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -97,17 +97,21 @@ static av_cold int xan_decode_init(AVCodecContext *avctx)
return 0;
}
-static int xan_huffman_decode(unsigned char *dest, const unsigned char *src,
- int dest_len)
+static int xan_huffman_decode(unsigned char *dest, int dest_len,
+ const unsigned char *src, int src_len)
{
unsigned char byte = *src++;
unsigned char ival = byte + 0x16;
const unsigned char * ptr = src + byte*2;
+ int ptr_len = src_len - 1 - byte*2;
unsigned char val = ival;
unsigned char *dest_end = dest + dest_len;
GetBitContext gb;
- init_get_bits(&gb, ptr, 0); // FIXME: no src size available
+ if (ptr_len < 0)
+ return AVERROR_INVALIDDATA;
+
+ init_get_bits(&gb, ptr, ptr_len * 8);
while ( val != 0x16 ) {
val = src[val - 0x17 + get_bits1(&gb) * byte];
@@ -246,7 +250,7 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s,
}
}
-static void xan_wc3_decode_frame(XanContext *s) {
+static int xan_wc3_decode_frame(XanContext *s) {
int width = s->avctx->width;
int height = s->avctx->height;
@@ -266,13 +270,30 @@ static void xan_wc3_decode_frame(XanContext *s) {
const unsigned char *size_segment;
const unsigned char *vector_segment;
const unsigned char *imagedata_segment;
+ int huffman_offset, size_offset, vector_offset, imagedata_offset;
+
+ if (s->size < 8)
+ return AVERROR_INVALIDDATA;
+
+ huffman_offset = AV_RL16(&s->buf[0]);
+ size_offset = AV_RL16(&s->buf[2]);
+ vector_offset = AV_RL16(&s->buf[4]);
+ imagedata_offset = AV_RL16(&s->buf[6]);
- huffman_segment = s->buf + AV_RL16(&s->buf[0]);
- size_segment = s->buf + AV_RL16(&s->buf[2]);
- vector_segment = s->buf + AV_RL16(&s->buf[4]);
- imagedata_segment = s->buf + AV_RL16(&s->buf[6]);
+ if (huffman_offset >= s->size ||
+ size_offset >= s->size ||
+ vector_offset >= s->size ||
+ imagedata_offset >= s->size)
+ return AVERROR_INVALIDDATA;
- xan_huffman_decode(opcode_buffer, huffman_segment, opcode_buffer_size);
+ huffman_segment = s->buf + huffman_offset;
+ size_segment = s->buf + size_offset;
+ vector_segment = s->buf + vector_offset;
+ imagedata_segment = s->buf + imagedata_offset;
+
+ if (xan_huffman_decode(opcode_buffer, opcode_buffer_size,
+ huffman_segment, s->size - huffman_offset) < 0)
+ return AVERROR_INVALIDDATA;
if (imagedata_segment[0] == 2)
xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size);
@@ -358,6 +379,7 @@ static void xan_wc3_decode_frame(XanContext *s) {
y += (x + size) / width;
x = (x + size) % width;
}
+ return 0;
}
#if RUNTIME_GAMMA
@@ -519,7 +541,8 @@ static int xan_decode_frame(AVCodecContext *avctx,
s->buf = buf;
s->size = buf_size;
- xan_wc3_decode_frame(s);
+ if (xan_wc3_decode_frame(s) < 0)
+ return AVERROR_INVALIDDATA;
/* release the last frame if it is allocated */
if (s->last_frame.data[0])
@@ -564,4 +587,3 @@ AVCodec ff_xan_wc3_decoder = {
CODEC_CAP_DR1,
.long_name = NULL_IF_CONFIG_SMALL("Wing Commander III / Xan"),
};
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-07 09:17:26 +0000