aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2011-09-22 04:17:01 +0200
committerMichael Niedermayer <michaelni@gmx.at>2011-09-22 04:34:43 +0200
commit040ad30bc8bf2c97ec315fc84a2778d98029909e (patch)
tree2933e66a26da5edd782156d416544b6ef90c9736 /libavcodec
parentcc0ac0244189cfcda258cad996f468c48eca01ff (diff)
parent1450d6e6377df00a538ae7542981a0ebff9415da (diff)
downloadffmpeg-040ad30bc8bf2c97ec315fc84a2778d98029909e.tar.gz
Merge branch 'release/0.7' into oldabi
* release/0.7: (296 commits) Update version numbers for 0.7.5 vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Check for huffman tree building error in vp6 decoder. Release old pictures after a resolution change in vp5/6 decoder Check for missing reference in vp5/6 decoder. Check for invalid slices offsets in RV30/40 decoder. Check output buffer size in nellymoser decoder. Hack around gcc 4.6 breaking asm using call. Hack around gcc 4.6 breaking asm using call. Fix dxva2 decoding for some H264 samples. (cherry picked from commit bf7dc6b29d785f149f18c39db021413e08735546) Fix dxva2 decoding for some H264 samples. mp3demux: pass on error code on packet read. Check for invalid slice offsets in real decoder. rmdec: Reject invalid deinterleaving parameters Use deinterleavers for demangling audio packets in RealMedia. rv10: Reject slices that does not have the same type as the first one rmdec: use the deinterleaving mode and not the codec when creating audio packets. MAINTAINERS: add my GPG fingerprint. (cherry picked from commit 7882dc10f871bf25a848fe62a152f63814f9c7d1) Support 3IVD in isom, produced by 3ivx DivX Doctor. mpegpsdec: fix reading first mpegps packet (cherry picked from commit b2f230e23dd61112ac090b0c059d87b5f6bcb307) ... Conflicts: Changelog Doxyfile Makefile RELEASE configure doc/general.texi ffmpeg.c ffplay.c libavcodec/dxva2_h264.c libavcodec/h264.c libavcodec/h264_loopfilter.c libavcodec/h264idct_template.c libavcodec/kgv1dec.c libavcodec/mpegvideo.c libavcodec/tableprint.h libavcodec/vp3.c libavdevice/alsa-audio.h libavformat/gxf.c libavformat/mpegts.c libavformat/segafilm.c libavformat/utils.c libavutil/dict.h Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/Makefile1
-rw-r--r--libavcodec/aac_adtstoasc_bsf.c2
-rw-r--r--libavcodec/aacdec.c7
-rw-r--r--libavcodec/allcodecs.c2
-rw-r--r--libavcodec/avcodec.h1
-rw-r--r--libavcodec/avs.c2
-rw-r--r--libavcodec/bink.c20
-rw-r--r--libavcodec/cabac.c10
-rw-r--r--libavcodec/cavsdec.c12
-rw-r--r--libavcodec/cinepak.c3
-rw-r--r--libavcodec/cljr.c2
-rw-r--r--libavcodec/cook.c5
-rw-r--r--libavcodec/dirac.c16
-rw-r--r--libavcodec/dvbsubdec.c2
-rw-r--r--libavcodec/ffv1.c4
-rw-r--r--libavcodec/h264.c38
-rw-r--r--libavcodec/h264.h2
-rw-r--r--libavcodec/indeo2.c10
-rw-r--r--libavcodec/jpegls.h2
-rw-r--r--libavcodec/jvdec.c2
-rw-r--r--libavcodec/libspeexenc.c178
-rw-r--r--libavcodec/mjpegdec.c7
-rw-r--r--libavcodec/motionpixels.c3
-rw-r--r--libavcodec/mpeg4videoenc.c4
-rw-r--r--libavcodec/mpegaudiodec.c2
-rw-r--r--libavcodec/nellymoserdec.c3
-rw-r--r--libavcodec/opt.h6
-rw-r--r--libavcodec/options.c3
-rw-r--r--libavcodec/qcelpdec.c2
-rw-r--r--libavcodec/ratecontrol.c6
-rw-r--r--libavcodec/rv10.c6
-rw-r--r--libavcodec/rv30.c10
-rw-r--r--libavcodec/rv34.c39
-rw-r--r--libavcodec/rv40.c5
-rw-r--r--libavcodec/smacker.c30
-rw-r--r--libavcodec/svq3.c12
-rw-r--r--libavcodec/tta.c2
-rw-r--r--libavcodec/utils.c2
-rw-r--r--libavcodec/vc1.c4
-rw-r--r--libavcodec/vc1dec.c16
-rw-r--r--libavcodec/vp3.c1
-rw-r--r--libavcodec/vp5.c3
-rw-r--r--libavcodec/vp56.c16
-rw-r--r--libavcodec/vp56.h2
-rw-r--r--libavcodec/vp6.c30
-rw-r--r--libavcodec/wavpack.c65
-rw-r--r--libavcodec/xan.c44
47 files changed, 507 insertions, 137 deletions
diff --git a/libavcodec/Makefile b/libavcodec/Makefile
index 5092c19761..91fe5690d9 100644
--- a/libavcodec/Makefile
+++ b/libavcodec/Makefile
@@ -590,6 +590,7 @@ OBJS-$(CONFIG_LIBSCHROEDINGER_ENCODER) += libschroedingerenc.o \
libschroedinger.o \
libdirac_libschro.o
OBJS-$(CONFIG_LIBSPEEX_DECODER) += libspeexdec.o
+OBJS-$(CONFIG_LIBSPEEX_ENCODER) += libspeexenc.o
OBJS-$(CONFIG_LIBTHEORA_ENCODER) += libtheoraenc.o
OBJS-$(CONFIG_LIBVO_AACENC_ENCODER) += libvo-aacenc.o mpeg4audio.o
OBJS-$(CONFIG_LIBVO_AMRWBENC_ENCODER) += libvo-amrwbenc.o
diff --git a/libavcodec/aac_adtstoasc_bsf.c b/libavcodec/aac_adtstoasc_bsf.c
index 6558c0280f..2e14b1a0b6 100644
--- a/libavcodec/aac_adtstoasc_bsf.c
+++ b/libavcodec/aac_adtstoasc_bsf.c
@@ -72,7 +72,7 @@ static int aac_adtstoasc_filter(AVBitStreamFilterContext *bsfc,
int pce_size = 0;
uint8_t pce_data[MAX_PCE_SIZE];
if (!hdr.chan_config) {
- init_get_bits(&gb, buf, buf_size);
+ init_get_bits(&gb, buf, buf_size * 8);
if (get_bits(&gb, 3) != 5) {
av_log_missing_feature(avctx, "PCE based channel configuration, where the PCE is not the first syntax element is", 0);
return -1;
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 927d4314fa..f2da043e61 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -2113,7 +2113,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
ChannelElement *che = NULL, *che_prev = NULL;
enum RawDataBlockType elem_type, elem_type_prev = TYPE_END;
int err, elem_id, data_size_tmp;
- int samples = 0, multiplier;
+ int samples = 0, multiplier, audio_found = 0;
if (show_bits(gb, 12) == 0xfff) {
if (parse_adts_frame_header(ac, gb) < 0) {
@@ -2144,10 +2144,12 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
case TYPE_SCE:
err = decode_ics(ac, &che->ch[0], gb, 0, 0);
+ audio_found = 1;
break;
case TYPE_CPE:
err = decode_cpe(ac, gb, che);
+ audio_found = 1;
break;
case TYPE_CCE:
@@ -2156,6 +2158,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
case TYPE_LFE:
err = decode_ics(ac, &che->ch[0], gb, 0, 0);
+ audio_found = 1;
break;
case TYPE_DSE:
@@ -2232,7 +2235,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
samples, avctx->channels);
}
- if (ac->output_configured)
+ if (ac->output_configured && audio_found)
ac->output_configured = OC_LOCKED;
return 0;
diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c
index 5480c7e78b..592072ef9d 100644
--- a/libavcodec/allcodecs.c
+++ b/libavcodec/allcodecs.c
@@ -380,7 +380,7 @@ void avcodec_register_all(void)
REGISTER_DECODER (LIBOPENCORE_AMRWB, libopencore_amrwb);
REGISTER_DECODER (LIBOPENJPEG, libopenjpeg);
REGISTER_ENCDEC (LIBSCHROEDINGER, libschroedinger);
- REGISTER_DECODER (LIBSPEEX, libspeex);
+ REGISTER_ENCDEC (LIBSPEEX, libspeex);
REGISTER_ENCODER (LIBTHEORA, libtheora);
REGISTER_ENCODER (LIBVO_AACENC, libvo_aacenc);
REGISTER_ENCODER (LIBVO_AMRWBENC, libvo_amrwbenc);
diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
index 61fed2385d..cd270e0be0 100644
--- a/libavcodec/avcodec.h
+++ b/libavcodec/avcodec.h
@@ -2714,7 +2714,6 @@ typedef struct AVCodecContext {
/**
* Bits per sample/pixel of internal libavcodec pixel/sample format.
- * This field is applicable only when sample_fmt is AV_SAMPLE_FMT_S32.
* - encoding: set by user.
* - decoding: set by libavcodec.
*/
diff --git a/libavcodec/avs.c b/libavcodec/avs.c
index 14f7cf0507..b3c71bb34b 100644
--- a/libavcodec/avs.c
+++ b/libavcodec/avs.c
@@ -117,7 +117,7 @@ avs_decode_frame(AVCodecContext * avctx,
table = buf + (256 * vect_w * vect_h);
if (sub_type != AVS_I_FRAME) {
int map_size = ((318 / vect_w + 7) / 8) * (198 / vect_h);
- init_get_bits(&change_map, table, map_size);
+ init_get_bits(&change_map, table, map_size * 8);
table += map_size;
}
diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index e137312693..91092be33a 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -572,6 +572,22 @@ static inline int binkb_get_value(BinkContext *c, int bundle_num)
return ret;
}
+static inline DCTELEM dequant(DCTELEM in, uint32_t quant, int dc)
+{
+ /* Note: multiplication is unsigned but we want signed shift
+ * otherwise clipping breaks.
+ * TODO: The official decoder does not use clipping at all
+ * but instead uses the full 32-bit result.
+ * However clipping at least gets rid of the case that a
+ * half-black half-white intra block gets black and white swapped
+ * and should cause at most minor differences (except for DC). */
+ int32_t res = in * quant;
+ res >>= 11;
+ if (!dc)
+ res = av_clip_int16(res);
+ return res;
+}
+
/**
* Read 8x8 block of DCT coefficients.
*
@@ -669,10 +685,10 @@ static int read_dct_coeffs(GetBitContext *gb, int32_t block[64], const uint8_t *
quant = quant_matrices[quant_idx];
- block[0] = (block[0] * quant[0]) >> 11;
+ block[0] = dequant(block[0], quant[0], 1);
for (i = 0; i < coef_count; i++) {
int idx = coef_idx[i];
- block[scan[idx]] = (block[scan[idx]] * quant[idx]) >> 11;
+ block[scan[idx]] = dequant(block[scan[idx]], quant[idx], 0);
}
return 0;
diff --git a/libavcodec/cabac.c b/libavcodec/cabac.c
index 5632bf811e..e03043f91f 100644
--- a/libavcodec/cabac.c
+++ b/libavcodec/cabac.c
@@ -150,10 +150,14 @@ void ff_init_cabac_states(CABACContext *c){
ff_h264_mps_state[2*i+1]= 2*mps_state[i]+1;
if( i ){
+ ff_h264_lps_state[2*i+0]=
ff_h264_mlps_state[128-2*i-1]= 2*lps_state[i]+0;
+ ff_h264_lps_state[2*i+1]=
ff_h264_mlps_state[128-2*i-2]= 2*lps_state[i]+1;
}else{
+ ff_h264_lps_state[2*i+0]=
ff_h264_mlps_state[128-2*i-1]= 1;
+ ff_h264_lps_state[2*i+1]=
ff_h264_mlps_state[128-2*i-2]= 0;
}
}
@@ -313,7 +317,8 @@ int main(void){
ff_init_cabac_states(&c);
for(i=0; i<SIZE; i++){
- r[i] = av_lfg_get(&prng) % 7;
+ if(2*i<SIZE) r[i] = av_lfg_get(&prng) % 7;
+ else r[i] = (i>>8)&1;
}
for(i=0; i<SIZE; i++){
@@ -328,6 +333,7 @@ START_TIMER
STOP_TIMER("put_cabac")
}
+#if 0
for(i=0; i<SIZE; i++){
START_TIMER
put_cabac_u(&c, state, r[i], 6, 3, i&1);
@@ -339,7 +345,7 @@ START_TIMER
put_cabac_ueg(&c, state, r[i], 3, 0, 1, 2);
STOP_TIMER("put_cabac_ueg")
}
-
+#endif
put_cabac_terminate(&c, 1);
ff_init_cabac_decoder(&c, b, SIZE);
diff --git a/libavcodec/cavsdec.c b/libavcodec/cavsdec.c
index 5671c25444..fedee8bf72 100644
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -115,7 +115,8 @@ static inline int get_ue_code(GetBitContext *gb, int order) {
static int decode_residual_block(AVSContext *h, GetBitContext *gb,
const struct dec_2dvlc *r, int esc_golomb_order,
int qp, uint8_t *dst, int stride) {
- int i, level_code, esc_code, level, run, mask;
+ int i, esc_code, level, mask;
+ unsigned int level_code, run;
DCTELEM level_buf[65];
uint8_t run_buf[65];
DCTELEM *block = h->block;
@@ -124,6 +125,8 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb,
level_code = get_ue_code(gb,r->golomb_order);
if(level_code >= ESCAPE_CODE) {
run = ((level_code - ESCAPE_CODE) >> 1) + 1;
+ if(run > 64)
+ return -1;
esc_code = get_ue_code(gb,esc_golomb_order);
level = esc_code + (run > r->max_run ? 1 : r->level_add[run]);
while(level > r->inc_limit)
@@ -189,7 +192,8 @@ static inline int decode_residual_inter(AVSContext *h) {
static int decode_mb_i(AVSContext *h, int cbp_code) {
GetBitContext *gb = &h->s.gb;
- int block, pred_mode_uv;
+ unsigned pred_mode_uv;
+ int block;
uint8_t top[18];
uint8_t *left = NULL;
uint8_t *d;
@@ -445,6 +449,8 @@ static inline int check_for_slice(AVSContext *h) {
if((show_bits_long(gb,24+align) & 0xFFFFFF) == 0x000001) {
skip_bits_long(gb,24+align);
h->stc = get_bits(gb,8);
+ if (h->stc >= h->mb_height)
+ return 0;
decode_slice_header(h,gb);
return 1;
}
@@ -659,7 +665,7 @@ static int cavs_decode_frame(AVCodecContext * avctx,void *data, int *data_size,
buf_end = buf + buf_size;
for(;;) {
buf_ptr = ff_find_start_code(buf_ptr,buf_end, &stc);
- if(stc & 0xFFFFFE00)
+ if((stc & 0xFFFFFE00) || buf_ptr == buf_end)
return FFMAX(0, buf_ptr - buf - s->parse_context.last_index);
input_size = (buf_end - buf_ptr)*8;
switch(stc) {
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index 6bdb29b9eb..b9e0d17aaf 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -335,7 +335,8 @@ static int cinepak_decode (CinepakContext *s)
* If the frame header is followed by the bytes FE 00 00 06 00 00 then
* this is probably one of the two known files that have 6 extra bytes
* after the frame header. Else, assume 2 extra bytes. */
- if ((s->data[10] == 0xFE) &&
+ if (s->size >= 16 &&
+ (s->data[10] == 0xFE) &&
(s->data[11] == 0x00) &&
(s->data[12] == 0x00) &&
(s->data[13] == 0x06) &&
diff --git a/libavcodec/cljr.c b/libavcodec/cljr.c
index 2e7fd51f1f..8af149fa58 100644
--- a/libavcodec/cljr.c
+++ b/libavcodec/cljr.c
@@ -67,7 +67,7 @@ static int decode_frame(AVCodecContext *avctx,
p->pict_type= AV_PICTURE_TYPE_I;
p->key_frame= 1;
- init_get_bits(&a->gb, buf, buf_size);
+ init_get_bits(&a->gb, buf, buf_size * 8);
for(y=0; y<avctx->height; y++){
uint8_t *luma= &a->picture.data[0][ y*a->picture.linesize[0] ];
diff --git a/libavcodec/cook.c b/libavcodec/cook.c
index 6def1ac2f7..0d09bb83fb 100644
--- a/libavcodec/cook.c
+++ b/libavcodec/cook.c
@@ -1174,8 +1174,9 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
return -1;
}
- if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 0)) {
- av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= 0 and <= 6 allowed!\n",q->subpacket[s].js_vlc_bits);
+ if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 2*q->subpacket[s].joint_stereo)) {
+ av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= %d and <= 6 allowed!\n",
+ q->subpacket[s].js_vlc_bits, 2*q->subpacket[s].joint_stereo);
return -1;
}
diff --git a/libavcodec/dirac.c b/libavcodec/dirac.c
index af0d799acc..1582a5f8f2 100644
--- a/libavcodec/dirac.c
+++ b/libavcodec/dirac.c
@@ -120,7 +120,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
// chroma subsampling
if (get_bits1(gb))
source->chroma_format = svq3_get_ue_golomb(gb);
- if (source->chroma_format > 2) {
+ if (source->chroma_format > 2U) {
av_log(avctx, AV_LOG_ERROR, "Unknown chroma format %d\n",
source->chroma_format);
return -1;
@@ -128,14 +128,14 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb))
source->interlaced = svq3_get_ue_golomb(gb);
- if (source->interlaced > 1)
+ if (source->interlaced > 1U)
return -1;
// frame rate
if (get_bits1(gb)) {
source->frame_rate_index = svq3_get_ue_golomb(gb);
- if (source->frame_rate_index > 10)
+ if (source->frame_rate_index > 10U)
return -1;
if (!source->frame_rate_index) {
@@ -156,7 +156,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb)) {
source->aspect_ratio_index = svq3_get_ue_golomb(gb);
- if (source->aspect_ratio_index > 6)
+ if (source->aspect_ratio_index > 6U)
return -1;
if (!source->aspect_ratio_index) {
@@ -179,7 +179,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb)) {
source->pixel_range_index = svq3_get_ue_golomb(gb);
- if (source->pixel_range_index > 4)
+ if (source->pixel_range_index > 4U)
return -1;
// This assumes either fullrange or MPEG levels only
@@ -207,7 +207,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (get_bits1(gb)) {
idx = source->color_spec_index = svq3_get_ue_golomb(gb);
- if (source->color_spec_index > 4)
+ if (source->color_spec_index > 4U)
return -1;
avctx->color_primaries = dirac_color_presets[idx].color_primaries;
@@ -217,7 +217,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
if (!source->color_spec_index) {
if (get_bits1(gb)) {
idx = svq3_get_ue_golomb(gb);
- if (idx < 3)
+ if (idx < 3U)
avctx->color_primaries = dirac_primaries[idx];
}
@@ -259,7 +259,7 @@ int ff_dirac_parse_sequence_header(AVCodecContext *avctx, GetBitContext *gb,
else if (version_major > 2)
av_log(avctx, AV_LOG_WARNING, "Stream may have unhandled features\n");
- if (video_format > 20)
+ if (video_format > 20U)
return -1;
// Fill in defaults for the source parameters.
diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c
index 1ee7aad5d1..ad213c88f1 100644
--- a/libavcodec/dvbsubdec.c
+++ b/libavcodec/dvbsubdec.c
@@ -1360,7 +1360,7 @@ static int dvbsub_display_end_segment(AVCodecContext *avctx, const uint8_t *buf,
rect->y = display->y_pos + offset_y;
rect->w = region->width;
rect->h = region->height;
- rect->nb_colors = 16;
+ rect->nb_colors = (1 << region->depth);
rect->type = SUBTITLE_BITMAP;
rect->pict.linesize[0] = region->width;
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 8d9dc72018..2b7a928ca0 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -1733,7 +1733,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
bytes_read = c->bytestream - c->bytestream_start - 1;
if(bytes_read ==0) av_log(avctx, AV_LOG_ERROR, "error at end of AC stream\n"); //FIXME
//printf("pos=%d\n", bytes_read);
- init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, buf_size - bytes_read);
+ init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, (buf_size - bytes_read) * 8);
} else {
bytes_read = 0; /* avoid warning */
}
@@ -1750,7 +1750,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
if(fs->ac){
ff_init_range_decoder(&fs->c, buf_p, v);
}else{
- init_get_bits(&fs->gb, buf_p, v);
+ init_get_bits(&fs->gb, buf_p, v * 8);
}
}
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 39b2ab9d2c..465ec07922 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -174,20 +174,28 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_l
i-= RS;
}
- if(i>=length-1){ //no escaped 0
- *dst_length= length;
- *consumed= length+1; //+1 for the header
- return src;
- }
-
bufidx = h->nal_unit_type == NAL_DPC ? 1 : 0; // use second escape buffer for inter data
- av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE);
+ si=h->rbsp_buffer_size[bufidx];
+ av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);
dst= h->rbsp_buffer[bufidx];
+ if(si != h->rbsp_buffer_size[bufidx])
+ memset(dst + length, 0, FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);
if (dst == NULL){
return NULL;
}
+ if(i>=length-1){ //no escaped 0
+ *dst_length= length;
+ *consumed= length+1; //+1 for the header
+ if(h->s.avctx->flags2 & CODEC_FLAG2_FAST){
+ return src;
+ }else{
+ memcpy(dst, src, length);
+ return dst;
+ }
+ }
+
//printf("decoding esc\n");
memcpy(dst, src, i);
si=di=i;
@@ -1138,7 +1146,10 @@ static int decode_update_thread_context(AVCodecContext *dst, const AVCodecContex
memcpy(&h->s + 1, &h1->s + 1, sizeof(H264Context) - sizeof(MpegEncContext)); //copy all fields after MpegEnc
memset(h->sps_buffers, 0, sizeof(h->sps_buffers));
memset(h->pps_buffers, 0, sizeof(h->pps_buffers));
- ff_h264_alloc_tables(h);
+ if (ff_h264_alloc_tables(h) < 0) {
+ av_log(dst, AV_LOG_ERROR, "Could not allocate memory for h264\n");
+ return AVERROR(ENOMEM);
+ }
context_init(h);
for(i=0; i<2; i++){
@@ -1376,7 +1387,7 @@ static void decode_postinit(H264Context *h, int setup_finished){
pics = 0;
while(h->delayed_pic[pics]) pics++;
- assert(pics <= MAX_DELAYED_PIC_COUNT);
+ av_assert0(pics <= MAX_DELAYED_PIC_COUNT);
h->delayed_pic[pics++] = cur;
if (cur->f.reference == 0)
@@ -2211,7 +2222,7 @@ static void idr(H264Context *h){
static void flush_dpb(AVCodecContext *avctx){
H264Context *h= avctx->priv_data;
int i;
- for(i=0; i<MAX_DELAYED_PIC_COUNT; i++) {
+ for(i=0; i<=MAX_DELAYED_PIC_COUNT; i++) {
if(h->delayed_pic[i])
h->delayed_pic[i]->f.reference = 0;
h->delayed_pic[i]= NULL;
@@ -2616,7 +2627,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
h->prev_interlaced_frame = 1;
init_scan_tables(h);
- ff_h264_alloc_tables(h);
+ if (ff_h264_alloc_tables(h) < 0) {
+ av_log(h->s.avctx, AV_LOG_ERROR, "Could not allocate memory for h264\n");
+ return AVERROR(ENOMEM);
+ }
if (!HAVE_THREADS || !(s->avctx->active_thread_type&FF_THREAD_SLICE)) {
if (context_init(h) < 0) {
@@ -3593,7 +3607,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
s->workaround_bugs |= FF_BUG_TRUNCATED;
if(!(s->workaround_bugs & FF_BUG_TRUNCATED)){
- while(ptr[dst_length - 1] == 0 && dst_length > 0)
+ while(dst_length > 0 && ptr[dst_length - 1] == 0)
dst_length--;
}
bit_length= !dst_length ? 0 : (8*dst_length - ff_h264_decode_rbsp_trailing(h, ptr + dst_length - 1));
diff --git a/libavcodec/h264.h b/libavcodec/h264.h
index d448fc3330..7f692cec0c 100644
--- a/libavcodec/h264.h
+++ b/libavcodec/h264.h
@@ -53,6 +53,8 @@
#define MAX_DELAYED_PIC_COUNT 16
+#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes
+
/* Compiling in interlaced support reduces the speed
* of progressive decoding by about 2%. */
#define ALLOW_INTERLACE
diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c
index 30d4758064..f7798e307d 100644
--- a/libavcodec/indeo2.c
+++ b/libavcodec/indeo2.c
@@ -153,6 +153,13 @@ static int ir2_decode_frame(AVCodecContext *avctx,
return -1;
}
+ start = 48; /* hardcoded for now */
+
+ if (start >= buf_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size);
+ return AVERROR_INVALIDDATA;
+ }
+
s->decode_delta = buf[18];
/* decide whether frame uses deltas or not */
@@ -160,9 +167,8 @@ static int ir2_decode_frame(AVCodecContext *avctx,
for (i = 0; i < buf_size; i++)
buf[i] = av_reverse[buf[i]];
#endif
- start = 48; /* hardcoded for now */
- init_get_bits(&s->gb, buf + start, buf_size - start);
+ init_get_bits(&s->gb, buf + start, (buf_size - start) * 8);
if (s->decode_delta) { /* intraframe */
ir2_decode_plane(s, avctx->width, avctx->height,
diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h
index 28c75248be..2c21f774e8 100644
--- a/libavcodec/jpegls.h
+++ b/libavcodec/jpegls.h
@@ -86,6 +86,8 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q){
}
static inline int ff_jpegls_update_state_regular(JLSState *state, int Q, int err){
+ if(FFABS(err) > 0xFFFF)
+ return -0x10000;
state->A[Q] += FFABS(err);
err *= state->twonear;
state->B[Q] += err;
diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index f4941992f6..f1fdee5d43 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -150,7 +150,7 @@ static int decode_frame(AVCodecContext *avctx,
if (video_type == 0 || video_type == 1) {
GetBitContext gb;
- init_get_bits(&gb, buf, FFMIN(video_size, buf_end - buf));
+ init_get_bits(&gb, buf, FFMIN(video_size, (buf_end - buf) * 8));
for (j = 0; j < avctx->height; j += 8)
for (i = 0; i < avctx->width; i += 8)
diff --git a/libavcodec/libspeexenc.c b/libavcodec/libspeexenc.c
new file mode 100644
index 0000000000..79a9fb0760
--- /dev/null
+++ b/libavcodec/libspeexenc.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 2009 by Xuggle Incorporated. All rights reserved.
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include <libavcodec/avcodec.h>
+#include <speex/speex.h>
+#include <speex/speex_header.h>
+#include <speex/speex_stereo.h>
+
+typedef struct {
+ SpeexBits bits;
+ void *enc_state;
+ SpeexHeader header;
+} LibSpeexEncContext;
+
+
+static av_cold int libspeex_encode_init(AVCodecContext *avctx)
+{
+ LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+ const SpeexMode *mode;
+
+ if ((avctx->sample_fmt != SAMPLE_FMT_S16 && avctx->sample_fmt != SAMPLE_FMT_FLT) ||
+ avctx->sample_rate <= 0 ||
+ avctx->channels <= 0 ||
+ avctx->channels > 2)
+ {
+ av_log(avctx, AV_LOG_ERROR, "Unsupported sample format, rate, or channels for speex");
+ return -1;
+ }
+
+ if (avctx->sample_rate <= 8000)
+ mode = &speex_nb_mode;
+ else if (avctx->sample_rate <= 16000)
+ mode = &speex_wb_mode;
+ else
+ mode = &speex_uwb_mode;
+
+ speex_bits_init(&s->bits);
+ s->enc_state = speex_encoder_init(mode);
+ if (!s->enc_state)
+ {
+ av_log(avctx, AV_LOG_ERROR, "could not initialize speex encoder");
+ return -1;
+ }
+
+ // initialize the header
+ speex_init_header(&s->header, avctx->sample_rate,
+ avctx->channels, mode);
+
+ // TODO: It'd be nice to support VBR here, but
+ // I'm uncertain what AVCodecContext options to use
+ // to signal whether to turn it on.
+ if (avctx->flags & CODEC_FLAG_QSCALE) {
+ spx_int32_t quality = 0;
+ // Map global_quality's mpeg 1/2/4 scale into Speex's 0-10 scale
+ if (avctx->global_quality > FF_LAMBDA_MAX)
+ quality = 0; // lowest possible quality
+ else
+ quality = (spx_int32_t)((FF_LAMBDA_MAX-avctx->global_quality)*10.0/FF_LAMBDA_MAX);
+ speex_encoder_ctl(s->enc_state, SPEEX_SET_QUALITY, &quality);
+ } else {
+ // default to CBR
+ if (avctx->bit_rate > 0)
+ speex_encoder_ctl(s->enc_state, SPEEX_SET_BITRATE, &avctx->bit_rate);
+ // otherwise just take the default quality setting
+ }
+ // reset the bit-rate to the actual bit rate speex will use
+ speex_encoder_ctl(s->enc_state, SPEEX_GET_BITRATE, &s->header.bitrate);
+ avctx->bit_rate = s->header.bitrate;
+
+ // get the actual sample rate
+ speex_encoder_ctl(s->enc_state, SPEEX_GET_SAMPLING_RATE, &s->header.rate);
+ avctx->sample_rate = s->header.rate;
+
+ // get the frame-size. To align with FLV, we're going to put 2 frames
+ // per packet. If someone can tell me how to make this configurable
+ // from the avcodec contents, I'll mod this so it's not hard-coded.
+ // but without this, FLV files with speex data won't play correctly
+ // in flash player 10.
+ speex_encoder_ctl(s->enc_state, SPEEX_GET_FRAME_SIZE, &s->header.frame_size);
+ s->header.frames_per_packet = 2; // Need for FLV container support
+ avctx->frame_size = s->header.frame_size*s->header.frames_per_packet;
+
+ // and we'll put a speex header packet into extradata so that muxers
+ // can use it.
+ avctx->extradata = speex_header_to_packet(&s->header, &avctx->extradata_size);
+ return 0;
+}
+
+static av_cold int libspeex_encode_frame(
+ AVCodecContext *avctx, uint8_t *frame,
+ int buf_size, void *data)
+{
+ LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+ int i = 0;
+
+ if (!data)
+ // nothing to flush
+ return 0;
+
+ speex_bits_reset(&s->bits);
+ for(i = 0; i < s->header.frames_per_packet; i++)
+ {
+ if (avctx->sample_fmt == SAMPLE_FMT_FLT)
+ {
+ if (avctx->channels == 2) {
+ speex_encode_stereo(
+ (float*)data+i*s->header.frame_size,
+ s->header.frame_size,
+ &s->bits);
+ }
+ speex_encode(s->enc_state,
+ (float*)data+i*s->header.frame_size, &s->bits);
+ } else {
+ if (avctx->channels == 2) {
+ speex_encode_stereo_int(
+ (spx_int16_t*)data+i*s->header.frame_size,
+ s->header.frame_size,
+ &s->bits);
+ }
+ speex_encode_int(s->enc_state,
+ (spx_int16_t*)data+i*s->header.frame_size, &s->bits);
+ }
+ }
+ // put in a terminator so this will fit in a OGG or FLV packet
+ speex_bits_insert_terminator(&s->bits);
+
+ if (buf_size >= speex_bits_nbytes(&s->bits)) {
+ return speex_bits_write(&s->bits, frame, buf_size);
+ } else {
+ av_log(avctx, AV_LOG_ERROR, "output buffer too small");
+ return -1;
+ }
+}
+
+static av_cold int libspeex_encode_close(AVCodecContext *avctx)
+{
+ LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+
+ speex_bits_destroy(&s->bits);
+ speex_encoder_destroy(s->enc_state);
+ s->enc_state = 0;
+ if (avctx->extradata)
+ speex_header_free(avctx->extradata);
+ avctx->extradata = 0;
+ avctx->extradata_size = 0;
+
+ return 0;
+}
+
+AVCodec ff_libspeex_encoder = {
+ "libspeex",
+ AVMEDIA_TYPE_AUDIO,
+ CODEC_ID_SPEEX,
+ sizeof(LibSpeexEncContext),
+ libspeex_encode_init,
+ libspeex_encode_frame,
+ libspeex_encode_close,
+ 0,
+ .capabilities = CODEC_CAP_DELAY,
+ .supported_samplerates = (const int[]){8000, 16000, 32000, 0},
+ .sample_fmts = (enum SampleFormat[]){SAMPLE_FMT_S16,SAMPLE_FMT_FLT,SAMPLE_FMT_NONE},
+ .long_name = NULL_IF_CONFIG_SMALL("libspeex Speex Encoder"),
+};
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index b895149cd8..9172fb84da 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -318,8 +318,10 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
case 0x11111100:
if(s->rgb){
s->avctx->pix_fmt = PIX_FMT_BGRA;
- }else
+ }else{
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV444P : PIX_FMT_YUVJ444P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
+ }
assert(s->nb_components==3);
break;
case 0x11000000:
@@ -327,12 +329,15 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
break;
case 0x12111100:
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV440P : PIX_FMT_YUVJ440P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
break;
case 0x21111100:
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV422P : PIX_FMT_YUVJ422P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
break;
case 0x22111100:
s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV420P : PIX_FMT_YUVJ420P;
+ s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
break;
default:
av_log(s->avctx, AV_LOG_ERROR, "Unhandled pixel format 0x%x\n", pix_fmt_id);
diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index a3868e10cc..160508007d 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -279,7 +279,8 @@ static int mp_decode_frame(AVCodecContext *avctx,
if (sz == 0)
goto end;
- init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+ if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+ goto end;
mp_decode_frame_helper(mp, &gb);
free_vlc(&mp->vlc);
diff --git a/libavcodec/mpeg4videoenc.c b/libavcodec/mpeg4videoenc.c
index db0db045e8..1e7fa1b558 100644
--- a/libavcodec/mpeg4videoenc.c
+++ b/libavcodec/mpeg4videoenc.c
@@ -834,8 +834,8 @@ static void mpeg4_encode_gop_header(MpegEncContext * s){
s->last_time_base= FFUDIV(time, s->avctx->time_base.den);
seconds= FFUDIV(time, s->avctx->time_base.den);
- minutes= FFUDIV(seconds, 60); FFUMOD(seconds, 60);
- hours = FFUDIV(minutes, 60); FFUMOD(minutes, 60);
+ minutes= FFUDIV(seconds, 60); seconds = FFUMOD(seconds, 60);
+ hours = FFUDIV(minutes, 60); minutes = FFUMOD(minutes, 60);
hours = FFUMOD(hours , 24);
put_bits(&s->pb, 5, hours);
diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index 56a48ce71b..9fbae0c316 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -1809,7 +1809,7 @@ static int decode_frame(AVCodecContext * avctx,
av_log(avctx, AV_LOG_ERROR, "incomplete frame\n");
return -1;
}else if(s->frame_size < buf_size){
- av_log(avctx, AV_LOG_ERROR, "incorrect frame size\n");
+ av_log(avctx, AV_LOG_DEBUG, "incorrect frame size - multiple frames in buffer?\n");
buf_size= s->frame_size;
}
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index a153dc0603..23fecbfa26 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
NellyMoserDecodeContext *s = avctx->priv_data;
+ int data_max = *data_size;
int blocks, i;
int16_t* samples;
*data_size = 0;
@@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
*/
for (i=0 ; i<blocks ; i++) {
+ if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
+ return i > 0 ? i * NELLY_BLOCK_LEN : -1;
nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
*data_size += NELLY_SAMPLES*sizeof(int16_t);
diff --git a/libavcodec/opt.h b/libavcodec/opt.h
index 95147595b7..505377d7d9 100644
--- a/libavcodec/opt.h
+++ b/libavcodec/opt.h
@@ -19,6 +19,12 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+/**
+ * @file
+ * This header is provided for compatibility only and will be removed
+ * on next major bump
+ */
+
#ifndef AVCODEC_OPT_H
#define AVCODEC_OPT_H
diff --git a/libavcodec/options.c b/libavcodec/options.c
index b4d84ddb06..611651255c 100644
--- a/libavcodec/options.c
+++ b/libavcodec/options.c
@@ -454,10 +454,9 @@ static const AVOption options[]={
{"lpc_passes", "deprecated, use flac-specific options", OFFSET(lpc_passes), FF_OPT_TYPE_INT, {.dbl = -1 }, INT_MIN, INT_MAX, A|E},
#endif
{"slices", "number of slices, used in parallelized decoding", OFFSET(slices), FF_OPT_TYPE_INT, {.dbl = 0 }, 0, INT_MAX, V|E},
-{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_INT, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"},
+{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_FLAGS, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"},
{"slice", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_SLICE }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
{"frame", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_FRAME }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
-{"vbv_delay", "initial buffer fill time in periods of 27Mhz clock", 0, FF_OPT_TYPE_INT64, {.dbl = 0 }, 0, INT64_MAX},
{"audio_service_type", "audio service type", OFFSET(audio_service_type), FF_OPT_TYPE_INT, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, 0, AV_AUDIO_SERVICE_TYPE_NB-1, A|E, "audio_service_type"},
{"ma", "Main Audio Service", 0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, INT_MIN, INT_MAX, A|E, "audio_service_type"},
{"ef", "Effects", 0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_EFFECTS }, INT_MIN, INT_MAX, A|E, "audio_service_type"},
diff --git a/libavcodec/qcelpdec.c b/libavcodec/qcelpdec.c
index d565003a9e..96e605e588 100644
--- a/libavcodec/qcelpdec.c
+++ b/libavcodec/qcelpdec.c
@@ -839,7 +839,7 @@ erasure:
*data_size = 160 * sizeof(*outbuffer);
- return *data_size;
+ return buf_size;
}
AVCodec ff_qcelp_decoder =
diff --git a/libavcodec/ratecontrol.c b/libavcodec/ratecontrol.c
index af8289e312..d085f04113 100644
--- a/libavcodec/ratecontrol.c
+++ b/libavcodec/ratecontrol.c
@@ -866,6 +866,12 @@ static int init_pass2(MpegEncContext *s)
assert(filter_size%2==1);
/* fixed I/B QP relative to P mode */
+ for(i=FFMAX(0, rcc->num_entries-300); i<rcc->num_entries; i++){
+ RateControlEntry *rce= &rcc->entry[i];
+
+ qscale[i]= get_diff_limited_q(s, rce, qscale[i]);
+ }
+
for(i=rcc->num_entries-1; i>=0; i--){
RateControlEntry *rce= &rcc->entry[i];
diff --git a/libavcodec/rv10.c b/libavcodec/rv10.c
index dfd384a63b..ccf2098cfc 100644
--- a/libavcodec/rv10.c
+++ b/libavcodec/rv10.c
@@ -559,8 +559,14 @@ static int rv10_decode_packet(AVCodecContext *avctx,
if(MPV_frame_start(s, avctx) < 0)
return -1;
ff_er_frame_start(s);
+ } else {
+ if (s->current_picture_ptr->f.pict_type != s->pict_type) {
+ av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n");
+ return -1;
+ }
}
+
av_dlog(avctx, "qscale=%d\n", s->qscale);
/* default quantization values */
diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c
index d2cc533d80..a228e158ad 100644
--- a/libavcodec/rv30.c
+++ b/libavcodec/rv30.c
@@ -51,6 +51,11 @@ static int rv30_parse_slice_header(RV34DecContext *r, GetBitContext *gb, SliceIn
skip_bits1(gb);
si->pts = get_bits(gb, 13);
rpr = get_bits(gb, r->rpr);
+ if (r->s.avctx->extradata_size < 8 + rpr*2) {
+ av_log(r->s.avctx, AV_LOG_WARNING,
+ "Extradata does not contain selected resolution\n");
+ rpr = 0;
+ }
if(rpr){
w = r->s.avctx->extradata[6 + rpr*2] << 2;
h = r->s.avctx->extradata[7 + rpr*2] << 2;
@@ -74,7 +79,7 @@ static int rv30_decode_intra_types(RV34DecContext *r, GetBitContext *gb, int8_t
for(i = 0; i < 4; i++, dst += r->intra_types_stride - 4){
for(j = 0; j < 4; j+= 2){
int code = svq3_get_ue_golomb(gb) << 1;
- if(code >= 81*2){
+ if(code >= 81U*2U){
av_log(r->s.avctx, AV_LOG_ERROR, "Incorrect intra prediction code\n");
return -1;
}
@@ -103,7 +108,7 @@ static int rv30_decode_mb_info(RV34DecContext *r)
GetBitContext *gb = &s->gb;
int code = svq3_get_ue_golomb(gb);
- if(code > 11){
+ if(code > 11U){
av_log(s->avctx, AV_LOG_ERROR, "Incorrect MB type code\n");
return -1;
}
@@ -256,6 +261,7 @@ static av_cold int rv30_decode_init(AVCodecContext *avctx)
if(avctx->extradata_size - 8 < (r->rpr - 1) * 2){
av_log(avctx, AV_LOG_ERROR, "Insufficient extradata - need at least %d bytes, got %d\n",
6 + r->rpr * 2, avctx->extradata_size);
+ return AVERROR(EINVAL);
}
r->parse_slice_header = rv30_parse_slice_header;
r->decode_intra_types = rv30_decode_intra_types;
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c
index 97091c96b0..5dcfd38f64 100644
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c
@@ -1285,6 +1285,17 @@ static int rv34_decode_slice(RV34DecContext *r, int end, const uint8_t* buf, int
r->next_pts = r->cur_pts;
}
s->mb_x = s->mb_y = 0;
+ } else {
+ int slice_type = r->si.type ? r->si.type : AV_PICTURE_TYPE_I;
+
+ if (slice_type != s->pict_type) {
+ av_log(s->avctx, AV_LOG_ERROR, "Slice type mismatch\n");
+ return AVERROR_INVALIDDATA;
+ }
+ if (s->width != r->si.width || s->height != r->si.height) {
+ av_log(s->avctx, AV_LOG_ERROR, "Size mismatch\n");
+ return AVERROR_INVALIDDATA;
+ }
}
r->si.end = end;
@@ -1416,15 +1427,17 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
slice_count = (*buf++) + 1;
slices_hdr = buf + 4;
buf += 8 * slice_count;
+ buf_size -= 1 + 8 * slice_count;
}else
slice_count = avctx->slice_count;
//parse first slice header to check whether this frame can be decoded
- if(get_slice_offset(avctx, slices_hdr, 0) > buf_size){
- av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
+ if(get_slice_offset(avctx, slices_hdr, 0) < 0 ||
+ get_slice_offset(avctx, slices_hdr, 0) > buf_size){
+ av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
return -1;
}
- init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), buf_size-get_slice_offset(avctx, slices_hdr, 0));
+ init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0), (buf_size-get_slice_offset(avctx, slices_hdr, 0))*8);
if(r->parse_slice_header(r, &r->s.gb, &si) < 0 || si.start){
av_log(avctx, AV_LOG_ERROR, "First slice header is incorrect\n");
return -1;
@@ -1437,8 +1450,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
#endif
if( (avctx->skip_frame >= AVDISCARD_NONREF && si.type==AV_PICTURE_TYPE_B)
|| (avctx->skip_frame >= AVDISCARD_NONKEY && si.type!=AV_PICTURE_TYPE_I)
- || avctx->skip_frame >= AVDISCARD_ALL)
- return buf_size;
+ || avctx->skip_frame >= AVDISCARD_ALL) return avpkt->size;
#if FF_API_HURRY_UP
/* skip everything if we are in a hurry>=5 */
if(avctx->hurry_up>=5)
@@ -1453,13 +1465,18 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
else
size= get_slice_offset(avctx, slices_hdr, i+1) - offset;
- if(offset > buf_size){
- av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
+ if(offset < 0 || offset > buf_size){
+ av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
break;
}
r->si.end = s->mb_width * s->mb_height;
if(i+1 < slice_count){
+ if (get_slice_offset(avctx, slices_hdr, i+1) < 0 ||
+ get_slice_offset(avctx, slices_hdr, i+1) > buf_size) {
+ av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
+ break;
+ }
init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8);
if(r->parse_slice_header(r, &r->s.gb, &si) < 0){
if(i+2 < slice_count)
@@ -1469,13 +1486,17 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
}else
r->si.end = si.start;
}
+ if (size < 0 || size > buf_size - offset) {
+ av_log(avctx, AV_LOG_ERROR, "Slice size is invalid\n");
+ break;
+ }
last = rv34_decode_slice(r, r->si.end, buf + offset, size);
s->mb_num_left = r->s.mb_x + r->s.mb_y*r->s.mb_width - r->si.start;
if(last)
break;
}
- if(last){
+ if(last && s->current_picture_ptr){
if(r->loop_filter)
r->loop_filter(r, s->mb_height - 1);
ff_er_frame_end(s);
@@ -1492,7 +1513,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
}
s->current_picture_ptr= NULL; //so we can detect if frame_end wasnt called (find some nicer solution...)
}
- return buf_size;
+ return avpkt->size;
}
av_cold int ff_rv34_decode_end(AVCodecContext *avctx)
diff --git a/libavcodec/rv40.c b/libavcodec/rv40.c
index 67676c26cc..cf416dc874 100644
--- a/libavcodec/rv40.c
+++ b/libavcodec/rv40.c
@@ -231,8 +231,11 @@ static int rv40_decode_mb_info(RV34DecContext *r)
int blocks[RV34_MB_TYPES] = {0};
int count = 0;
- if(!r->s.mb_skip_run)
+ if(!r->s.mb_skip_run) {
r->s.mb_skip_run = svq3_get_ue_golomb(gb) + 1;
+ if(r->s.mb_skip_run > (unsigned)s->mb_num)
+ return -1;
+ }
if(--r->s.mb_skip_run)
return RV34_MB_SKIP;
diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index bcfde4c8ba..3a4ba1a114 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -134,11 +134,13 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx
return -1;
}
b1 = get_bits_count(gb);
- i1 = get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3);
+ i1 = ctx->v1->table ? get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3) : 0;
b1 = get_bits_count(gb) - b1;
b2 = get_bits_count(gb);
- i2 = get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3);
+ i2 = ctx->v2->table ? get_vlc2(gb, ctx->v2->table, SMKTREE_BITS, 3) : 0;
b2 = get_bits_count(gb) - b2;
+ if (i1 < 0 || i2 < 0)
+ return -1;
val = ctx->recode1[i1] | (ctx->recode2[i2] << 8);
if(val == ctx->escapes[0]) {
ctx->last[0] = hc->current;
@@ -290,7 +292,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->mmap_tbl[0] = 0;
smk->mmap_last[0] = smk->mmap_last[1] = smk->mmap_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->mmap_tbl, smk->mmap_last, mmap_size))
+ return -1;
}
if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping MCLR tree\n");
@@ -298,7 +301,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->mclr_tbl[0] = 0;
smk->mclr_last[0] = smk->mclr_last[1] = smk->mclr_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->mclr_tbl, smk->mclr_last, mclr_size))
+ return -1;
}
if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping FULL tree\n");
@@ -306,7 +310,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->full_tbl[0] = 0;
smk->full_last[0] = smk->full_last[1] = smk->full_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->full_tbl, smk->full_last, full_size))
+ return -1;
}
if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping TYPE tree\n");
@@ -314,7 +319,8 @@ static int decode_header_trees(SmackVContext *smk) {
smk->type_tbl[0] = 0;
smk->type_last[0] = smk->type_last[1] = smk->type_last[2] = 1;
} else {
- smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size);
+ if (smacker_decode_header_tree(smk, &gb, &smk->type_tbl, smk->type_last, type_size))
+ return -1;
}
return 0;
@@ -523,8 +529,8 @@ static av_cold int decode_init(AVCodecContext *avctx)
return -1;
}
- decode_header_trees(c);
-
+ if (decode_header_trees(c))
+ return -1;
return 0;
}
@@ -619,9 +625,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
if(bits) { //decode 16-bit data
for(i = stereo; i >= 0; i--)
pred[i] = av_bswap16(get_bits(&gb, 16));
- for(i = 0; i < stereo; i++)
+ for(i = 0; i <= stereo; i++)
*samples++ = pred[i];
- for(i = 0; i < unp_size / 2; i++) {
+ for(; i < unp_size / 2; i++) {
if(i & stereo) {
if(vlc[2].table)
res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3);
@@ -653,9 +659,9 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
} else { //8-bit data
for(i = stereo; i >= 0; i--)
pred[i] = get_bits(&gb, 8);
- for(i = 0; i < stereo; i++)
+ for(i = 0; i <= stereo; i++)
*samples8++ = pred[i];
- for(i = 0; i < unp_size; i++) {
+ for(; i < unp_size; i++) {
if(i & stereo){
if(vlc[1].table)
res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3);
diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 417507fc7e..2c9c7fe022 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -221,7 +221,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block,
for (limit = (16 >> intra); index < 16; index = limit, limit += 8) {
for (; (vlc = svq3_get_ue_golomb(gb)) != 0; index++) {
- if (vlc == INVALID_VLC)
+ if (vlc < 0)
return -1;
sign = (vlc & 0x1) - 1;
@@ -239,7 +239,7 @@ static inline int svq3_decode_block(GetBitContext *gb, DCTELEM *block,
level = ((vlc + 9) >> 2) - run;
}
} else {
- if (vlc < 16) {
+ if (vlc < 16U) {
run = svq3_dct_tables[intra][vlc].run;
level = svq3_dct_tables[intra][vlc].level;
} else if (intra) {
@@ -571,7 +571,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type)
for (i = 0; i < 16; i+=2) {
vlc = svq3_get_ue_golomb(&s->gb);
- if (vlc >= 25){
+ if (vlc >= 25U){
av_log(h->s.avctx, AV_LOG_ERROR, "luma prediction:%d\n", vlc);
return -1;
}
@@ -643,7 +643,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type)
}
if (!IS_INTRA16x16(mb_type) && (!IS_SKIP(mb_type) || s->pict_type == AV_PICTURE_TYPE_B)) {
- if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48){
+ if ((vlc = svq3_get_ue_golomb(&s->gb)) >= 48U){
av_log(h->s.avctx, AV_LOG_ERROR, "cbp_vlc=%d\n", vlc);
return -1;
}
@@ -653,7 +653,7 @@ static int svq3_decode_mb(SVQ3Context *svq3, unsigned int mb_type)
if (IS_INTRA16x16(mb_type) || (s->pict_type != AV_PICTURE_TYPE_I && s->adaptive_quant && cbp)) {
s->qscale += svq3_get_se_golomb(&s->gb);
- if (s->qscale > 31){
+ if (s->qscale > 31U){
av_log(h->s.avctx, AV_LOG_ERROR, "qscale:%d\n", s->qscale);
return -1;
}
@@ -757,7 +757,7 @@ static int svq3_decode_slice_header(AVCodecContext *avctx)
skip_bits_long(&s->gb, 0);
}
- if ((i = svq3_get_ue_golomb(&s->gb)) == INVALID_VLC || i >= 3){
+ if ((i = svq3_get_ue_golomb(&s->gb)) >= 3U){
av_log(h->s.avctx, AV_LOG_ERROR, "illegal slice type %d \n", i);
return -1;
}
diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index 1ce1946333..0bd8c600bf 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -208,7 +208,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx)
if (avctx->extradata_size < 30)
return -1;
- init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size);
+ init_get_bits(&s->gb, avctx->extradata, avctx->extradata_size * 8);
if (show_bits_long(&s->gb, 32) == AV_RL32("TTA1"))
{
/* signature */
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 50a3eaa637..bda44f9449 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -605,6 +605,8 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, AVCodec *codec, AVD
if (avctx->codec->encode) {
int i;
if (avctx->codec->sample_fmts) {
+ if (avctx->sample_fmt == AV_SAMPLE_FMT_NONE)
+ avctx->sample_fmt = AV_SAMPLE_FMT_S16;
for (i = 0; avctx->codec->sample_fmts[i] != AV_SAMPLE_FMT_NONE; i++)
if (avctx->sample_fmt == avctx->codec->sample_fmts[i])
break;
diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index 9504238b86..41cc1c8d21 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -485,8 +485,8 @@ static int decode_sequence_header_adv(VC1Context *v, GetBitContext *gb)
if(ar && ar < 14){
v->s.avctx->sample_aspect_ratio = ff_vc1_pixel_aspect[ar];
}else if(ar == 15){
- w = get_bits(gb, 8);
- h = get_bits(gb, 8);
+ w = get_bits(gb, 8) + 1;
+ h = get_bits(gb, 8) + 1;
v->s.avctx->sample_aspect_ratio = (AVRational){w, h};
}
av_log(v->s.avctx, AV_LOG_DEBUG, "Aspect: %i:%i\n", v->s.avctx->sample_aspect_ratio.num, v->s.avctx->sample_aspect_ratio.den);
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index c354a535fd..e82546b69e 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -242,7 +242,7 @@ static void vc1_loop_filter_iblk(VC1Context *v, int pq)
}
v->vc1dsp.vc1_v_loop_filter16(s->dest[0] + 8*s->linesize, s->linesize, pq);
- if (s->mb_y == s->mb_height-1) {
+ if (s->mb_y == s->end_mb_y-1) {
if (s->mb_x) {
v->vc1dsp.vc1_h_loop_filter16(s->dest[0], s->linesize, pq);
v->vc1dsp.vc1_h_loop_filter8(s->dest[1], s->uvlinesize, pq);
@@ -294,7 +294,7 @@ static void vc1_loop_filter_iblk_delayed(VC1Context *v, int pq)
v->vc1dsp.vc1_v_loop_filter16(s->dest[0] - 8 * s->linesize, s->linesize, pq);
}
- if (s->mb_y == s->mb_height) {
+ if (s->mb_y == s->end_mb_y) {
if (s->mb_x) {
if (s->mb_x >= 2)
v->vc1dsp.vc1_h_loop_filter16(s->dest[0] - 16 * s->linesize - 16, s->linesize, pq);
@@ -2329,7 +2329,7 @@ static av_always_inline void vc1_apply_p_v_loop_filter(VC1Context *v, int block_
} else {
dst = s->dest[0] + (block_num & 1) * 8 + ((block_num & 2) * 4 - 8) * linesize;
}
- if (s->mb_y != s->mb_height || block_num < 2) {
+ if (s->mb_y != s->end_mb_y || block_num < 2) {
int16_t (*mv)[2];
int mv_stride;
@@ -3019,7 +3019,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v)
s->mb_x = 0;
ff_init_block_index(s);
memset(&s->coded_block[s->block_index[0]-s->b8_stride], 0,
- s->b8_stride * sizeof(*s->coded_block));
+ (1 + s->b8_stride) * sizeof(*s->coded_block));
}
for(; s->mb_y < s->end_mb_y; s->mb_y++) {
s->mb_x = 0;
@@ -3095,7 +3095,7 @@ static void vc1_decode_i_blocks_adv(VC1Context *v)
if(v->s.loop_filter) vc1_loop_filter_iblk_delayed(v, v->pq);
}
if (v->s.loop_filter)
- ff_draw_horiz_band(s, (s->mb_height-1)*16, 16);
+ ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16);
ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END));
}
@@ -3218,7 +3218,7 @@ static void vc1_decode_b_blocks(VC1Context *v)
s->first_slice_line = 0;
}
if (v->s.loop_filter)
- ff_draw_horiz_band(s, (s->mb_height-1)*16, 16);
+ ff_draw_horiz_band(s, (s->end_mb_y-1)*16, 16);
ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END));
}
@@ -3226,9 +3226,9 @@ static void vc1_decode_skip_blocks(VC1Context *v)
{
MpegEncContext *s = &v->s;
- ff_er_add_slice(s, 0, 0, s->mb_width - 1, s->mb_height - 1, (AC_END|DC_END|MV_END));
+ ff_er_add_slice(s, 0, s->start_mb_y, s->mb_width - 1, s->end_mb_y - 1, (AC_END|DC_END|MV_END));
s->first_slice_line = 1;
- for(s->mb_y = 0; s->mb_y < s->mb_height; s->mb_y++) {
+ for(s->mb_y = s->start_mb_y; s->mb_y < s->end_mb_y; s->mb_y++) {
s->mb_x = 0;
ff_init_block_index(s);
ff_update_block_index(s);
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index 7dcd14718b..3001a4f4da 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2366,6 +2366,7 @@ AVCodec ff_vp3_decoder = {
.decode = vp3_decode_frame,
.capabilities = CODEC_CAP_DR1 | CODEC_CAP_DRAW_HORIZ_BAND | CODEC_CAP_FRAME_THREADS,
.flush = vp3_decode_flush,
+
.long_name = NULL_IF_CONFIG_SMALL("On2 VP3"),
.update_thread_context = ONLY_IF_THREADS_ENABLED(vp3_update_thread_context)
};
diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c
index 04df3e29a5..50bd868b51 100644
--- a/libavcodec/vp5.c
+++ b/libavcodec/vp5.c
@@ -118,7 +118,7 @@ static void vp5_parse_vector_models(VP56Context *s)
model->vector_pdv[comp][node] = vp56_rac_gets_nn(c, 7);
}
-static void vp5_parse_coeff_models(VP56Context *s)
+static int vp5_parse_coeff_models(VP56Context *s)
{
VP56RangeCoder *c = &s->c;
VP56Model *model = s->modelp;
@@ -162,6 +162,7 @@ static void vp5_parse_coeff_models(VP56Context *s)
for (ctx=0; ctx<6; ctx++)
for (node=0; node<5; node++)
model->coeff_acct[pt][ct][cg][ctx][node] = av_clip(((model->coeff_ract[pt][ct][cg][node] * vp5_ract_lc[ct][cg][node][ctx][0] + 128) >> 8) + vp5_ract_lc[ct][cg][node][ctx][1], 1, 254);
+ return 0;
}
static void vp5_parse_coeff(VP56Context *s)
diff --git a/libavcodec/vp56.c b/libavcodec/vp56.c
index 0c6f45a767..996eba0040 100644
--- a/libavcodec/vp56.c
+++ b/libavcodec/vp56.c
@@ -401,6 +401,8 @@ static void vp56_decode_mb(VP56Context *s, int row, int col, int is_alpha)
frame_current = s->framep[VP56_FRAME_CURRENT];
frame_ref = s->framep[ref_frame];
+ if (mb_type != VP56_MB_INTRA && !frame_ref->data[0])
+ return;
ab = 6*is_alpha;
b_max = 6 - 2*is_alpha;
@@ -513,6 +515,16 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
if (!res)
return -1;
+ if (res == 2) {
+ int i;
+ for (i = 0; i < 4; i++) {
+ if (s->frames[i].data[0])
+ avctx->release_buffer(avctx, &s->frames[i]);
+ }
+ if (is_alpha)
+ return -1;
+ }
+
if (!is_alpha) {
p->reference = 1;
if (avctx->get_buffer(avctx, p) < 0) {
@@ -539,7 +551,8 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
s->mb_type = VP56_MB_INTER_NOVEC_PF;
}
- s->parse_coeff_models(s);
+ if (s->parse_coeff_models(s))
+ goto next;
memset(s->prev_dc, 0, sizeof(s->prev_dc));
s->prev_dc[1][VP56_FRAME_CURRENT] = 128;
@@ -603,6 +616,7 @@ int ff_vp56_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
}
}
+ next:
if (p->key_frame || golden_frame) {
if (s->framep[VP56_FRAME_GOLDEN]->data[0] &&
s->framep[VP56_FRAME_GOLDEN] != s->framep[VP56_FRAME_GOLDEN2])
diff --git a/libavcodec/vp56.h b/libavcodec/vp56.h
index b982435156..7d411f400c 100644
--- a/libavcodec/vp56.h
+++ b/libavcodec/vp56.h
@@ -48,7 +48,7 @@ typedef void (*VP56Filter)(VP56Context *s, uint8_t *dst, uint8_t *src,
typedef void (*VP56ParseCoeff)(VP56Context *s);
typedef void (*VP56DefaultModelsInit)(VP56Context *s);
typedef void (*VP56ParseVectorModels)(VP56Context *s);
-typedef void (*VP56ParseCoeffModels)(VP56Context *s);
+typedef int (*VP56ParseCoeffModels)(VP56Context *s);
typedef int (*VP56ParseHeader)(VP56Context *s, const uint8_t *buf,
int buf_size, int *golden_frame);
diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c
index e6132abeb6..31af095e14 100644
--- a/libavcodec/vp6.c
+++ b/libavcodec/vp6.c
@@ -215,8 +215,8 @@ static int vp6_huff_cmp(const void *va, const void *vb)
return (a->count - b->count)*16 + (b->sym - a->sym);
}
-static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[],
- const uint8_t *map, unsigned size, VLC *vlc)
+static int vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[],
+ const uint8_t *map, unsigned size, VLC *vlc)
{
Node nodes[2*VP6_MAX_HUFF_SIZE], *tmp = &nodes[size];
int a, b, i;
@@ -231,12 +231,12 @@ static void vp6_build_huff_tree(VP56Context *s, uint8_t coeff_model[],
}
free_vlc(vlc);
- /* then build the huffman tree accodring to probabilities */
- ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp,
- FF_HUFFMAN_FLAG_HNODE_FIRST);
+ /* then build the huffman tree according to probabilities */
+ return ff_huff_build_tree(s->avctx, vlc, size, nodes, vp6_huff_cmp,
+ FF_HUFFMAN_FLAG_HNODE_FIRST);
}
-static void vp6_parse_coeff_models(VP56Context *s)
+static int vp6_parse_coeff_models(VP56Context *s)
{
VP56RangeCoder *c = &s->c;
VP56Model *model = s->modelp;
@@ -281,15 +281,18 @@ static void vp6_parse_coeff_models(VP56Context *s)
if (s->use_huffman) {
for (pt=0; pt<2; pt++) {
- vp6_build_huff_tree(s, model->coeff_dccv[pt],
- vp6_huff_coeff_map, 12, &s->dccv_vlc[pt]);
- vp6_build_huff_tree(s, model->coeff_runv[pt],
- vp6_huff_run_map, 9, &s->runv_vlc[pt]);
+ if (vp6_build_huff_tree(s, model->coeff_dccv[pt],
+ vp6_huff_coeff_map, 12, &s->dccv_vlc[pt]))
+ return -1;
+ if (vp6_build_huff_tree(s, model->coeff_runv[pt],
+ vp6_huff_run_map, 9, &s->runv_vlc[pt]))
+ return -1;
for (ct=0; ct<3; ct++)
for (cg = 0; cg < 6; cg++)
- vp6_build_huff_tree(s, model->coeff_ract[pt][ct][cg],
- vp6_huff_coeff_map, 12,
- &s->ract_vlc[pt][ct][cg]);
+ if (vp6_build_huff_tree(s, model->coeff_ract[pt][ct][cg],
+ vp6_huff_coeff_map, 12,
+ &s->ract_vlc[pt][ct][cg]))
+ return -1;
}
memset(s->nb_null, 0, sizeof(s->nb_null));
} else {
@@ -299,6 +302,7 @@ static void vp6_parse_coeff_models(VP56Context *s)
for (node=0; node<5; node++)
model->coeff_dcct[pt][ctx][node] = av_clip(((model->coeff_dccv[pt][node] * vp6_dccv_lc[ctx][node][0] + 128) >> 8) + vp6_dccv_lc[ctx][node][1], 1, 255);
}
+ return 0;
}
static void vp6_parse_vector_adjustment(VP56Context *s, VP56mv *vect)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index ba974bd089..f2139216d2 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -292,7 +292,14 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
}
}else{
t = get_unary_0_33(gb);
- if(t >= 2) t = get_bits(gb, t - 1) | (1 << (t-1));
+ if(t >= 2){
+ if(get_bits_left(gb) < t-1)
+ goto error;
+ t = get_bits(gb, t - 1) | (1 << (t-1));
+ }else{
+ if(get_bits_left(gb) < 0)
+ goto error;
+ }
ctx->zeroes = t;
if(ctx->zeroes){
memset(ctx->ch[0].median, 0, sizeof(ctx->ch[0].median));
@@ -303,24 +310,24 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
}
}
- if(get_bits_count(gb) >= ctx->data_size){
- *last = 1;
- return 0;
- }
-
if(ctx->zero){
t = 0;
ctx->zero = 0;
}else{
t = get_unary_0_33(gb);
- if(get_bits_count(gb) >= ctx->data_size){
- *last = 1;
- return 0;
- }
+ if(get_bits_left(gb) < 0)
+ goto error;
if(t == 16) {
t2 = get_unary_0_33(gb);
- if(t2 < 2) t += t2;
- else t += get_bits(gb, t2 - 1) | (1 << (t2 - 1));
+ if(t2 < 2){
+ if(get_bits_left(gb) < 0)
+ goto error;
+ t += t2;
+ }else{
+ if(get_bits_left(gb) < t2 - 1)
+ goto error;
+ t += get_bits(gb, t2 - 1) | (1 << (t2 - 1));
+ }
}
if(ctx->one){
@@ -360,9 +367,13 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
}
if(!c->error_limit){
ret = base + get_tail(gb, add);
+ if (get_bits_left(gb) <= 0)
+ goto error;
}else{
int mid = (base*2 + add + 1) >> 1;
while(add > c->error_limit){
+ if(get_bits_left(gb) <= 0)
+ goto error;
if(get_bits1(gb)){
add -= (mid - base);
base = mid;
@@ -376,6 +387,10 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb, int channel
if(ctx->hybrid_bitrate)
c->slow_level += wp_log2(ret) - LEVEL_DECAY(c->slow_level);
return sign ? ~ret : ret;
+
+error:
+ *last = 1;
+ return 0;
}
static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, int S)
@@ -385,7 +400,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in
if(s->extra_bits){
S <<= s->extra_bits;
- if(s->got_extra_bits){
+ if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){
S |= get_bits(&s->gb_extra_bits, s->extra_bits);
*crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16);
}
@@ -580,7 +595,10 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, vo
count++;
}while(!last && count < s->max_samples);
- s->samples_left -= count;
+ if (last)
+ s->samples_left = 0;
+ else
+ s->samples_left -= count;
if(!s->samples_left){
if(crc != s->CRC){
av_log(s->avctx, AV_LOG_ERROR, "CRC error\n");
@@ -658,7 +676,10 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, void
count++;
}while(!last && count < s->max_samples);
- s->samples_left -= count;
+ if (last)
+ s->samples_left = 0;
+ else
+ s->samples_left -= count;
if(!s->samples_left){
if(crc != s->CRC){
av_log(s->avctx, AV_LOG_ERROR, "CRC error\n");
@@ -779,7 +800,7 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
s->samples = AV_RL32(buf); buf += 4;
if(!s->samples){
*data_size = 0;
- return buf_size;
+ return 0;
}
}else{
s->samples = wc->samples;
@@ -841,12 +862,13 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
}
switch(id & WP_IDF_MASK){
case WP_ID_DECTERMS:
- s->terms = size;
- if(s->terms > MAX_TERMS){
+ if(size > MAX_TERMS){
av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n");
+ s->terms = 0;
buf += ssize;
continue;
}
+ s->terms = size;
for(i = 0; i < s->terms; i++) {
s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5;
s->decorr[s->terms - i - 1].delta = *buf >> 5;
@@ -1098,6 +1120,10 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_S32);
else
samplecount = wv_unpack_stereo(s, &s->gb, samples, AV_SAMPLE_FMT_FLT);
+
+ if (samplecount < 0)
+ return -1;
+
samplecount >>= 1;
}else{
const int channel_stride = avctx->channels;
@@ -1109,6 +1135,9 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
else
samplecount = wv_unpack_mono(s, &s->gb, samples, AV_SAMPLE_FMT_FLT);
+ if (samplecount < 0)
+ return -1;
+
if(s->stereo && avctx->sample_fmt == AV_SAMPLE_FMT_S16){
int16_t *dst = (int16_t*)samples + 1;
int16_t *src = (int16_t*)samples;
diff --git a/libavcodec/xan.c b/libavcodec/xan.c
index 598d1e1423..3e950f1466 100644
--- a/libavcodec/xan.c
+++ b/libavcodec/xan.c
@@ -97,17 +97,21 @@ static av_cold int xan_decode_init(AVCodecContext *avctx)
return 0;
}
-static int xan_huffman_decode(unsigned char *dest, const unsigned char *src,
- int dest_len)
+static int xan_huffman_decode(unsigned char *dest, int dest_len,
+ const unsigned char *src, int src_len)
{
unsigned char byte = *src++;
unsigned char ival = byte + 0x16;
const unsigned char * ptr = src + byte*2;
+ int ptr_len = src_len - 1 - byte*2;
unsigned char val = ival;
unsigned char *dest_end = dest + dest_len;
GetBitContext gb;
- init_get_bits(&gb, ptr, 0); // FIXME: no src size available
+ if (ptr_len < 0)
+ return AVERROR_INVALIDDATA;
+
+ init_get_bits(&gb, ptr, ptr_len * 8);
while ( val != 0x16 ) {
val = src[val - 0x17 + get_bits1(&gb) * byte];
@@ -246,7 +250,7 @@ static inline void xan_wc3_copy_pixel_run(XanContext *s,
}
}
-static void xan_wc3_decode_frame(XanContext *s) {
+static int xan_wc3_decode_frame(XanContext *s) {
int width = s->avctx->width;
int height = s->avctx->height;
@@ -266,13 +270,30 @@ static void xan_wc3_decode_frame(XanContext *s) {
const unsigned char *size_segment;
const unsigned char *vector_segment;
const unsigned char *imagedata_segment;
+ int huffman_offset, size_offset, vector_offset, imagedata_offset;
+
+ if (s->size < 8)
+ return AVERROR_INVALIDDATA;
+
+ huffman_offset = AV_RL16(&s->buf[0]);
+ size_offset = AV_RL16(&s->buf[2]);
+ vector_offset = AV_RL16(&s->buf[4]);
+ imagedata_offset = AV_RL16(&s->buf[6]);
- huffman_segment = s->buf + AV_RL16(&s->buf[0]);
- size_segment = s->buf + AV_RL16(&s->buf[2]);
- vector_segment = s->buf + AV_RL16(&s->buf[4]);
- imagedata_segment = s->buf + AV_RL16(&s->buf[6]);
+ if (huffman_offset >= s->size ||
+ size_offset >= s->size ||
+ vector_offset >= s->size ||
+ imagedata_offset >= s->size)
+ return AVERROR_INVALIDDATA;
- xan_huffman_decode(opcode_buffer, huffman_segment, opcode_buffer_size);
+ huffman_segment = s->buf + huffman_offset;
+ size_segment = s->buf + size_offset;
+ vector_segment = s->buf + vector_offset;
+ imagedata_segment = s->buf + imagedata_offset;
+
+ if (xan_huffman_decode(opcode_buffer, opcode_buffer_size,
+ huffman_segment, s->size - huffman_offset) < 0)
+ return AVERROR_INVALIDDATA;
if (imagedata_segment[0] == 2)
xan_unpack(s->buffer2, &imagedata_segment[1], s->buffer2_size);
@@ -358,6 +379,7 @@ static void xan_wc3_decode_frame(XanContext *s) {
y += (x + size) / width;
x = (x + size) % width;
}
+ return 0;
}
#if RUNTIME_GAMMA
@@ -519,7 +541,8 @@ static int xan_decode_frame(AVCodecContext *avctx,
s->buf = buf;
s->size = buf_size;
- xan_wc3_decode_frame(s);
+ if (xan_wc3_decode_frame(s) < 0)
+ return AVERROR_INVALIDDATA;
/* release the last frame if it is allocated */
if (s->last_frame.data[0])
@@ -563,4 +586,3 @@ AVCodec ff_xan_wc3_decoder = {
.capabilities = CODEC_CAP_DR1,
.long_name = NULL_IF_CONFIG_SMALL("Wing Commander III / Xan"),
};
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-06 14:47:58 +0000