Commit Graph

15006 Commits

Author SHA1 Message Date
Aneesh Dogra ccc27e2139 bfi: Use bytestream2 functions to prevent buffer overreads.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 13:26:54 -08:00
Laurentiu Ion 529a25d6e5 dpcm: Fix invalid writes
Fixes bug: #152

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 13:13:11 -08:00
Aneesh Dogra 12e984aed7 utvideo: frame multithreading.
>> time ./avconv -i file.avi -f null -
Before : real	0m7.784s
After  : real   0m3.662s

Tested on a Intel Core i3 Processor (2 cores, 4 threads).

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-08 12:21:10 -08:00
Chris Evans afb2aa5379 vorbis: An additional defense in the Vorbis codec.
Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-01-08 09:09:26 +01:00
Reinhard Tartler e6d527ff72 vorbisdec: Fix decoding bug with channel handling
Fixes Bug: #191
Chromium Bug: #101458
CVE-2011-3895

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-01-07 23:16:52 +01:00
Diego Biurrun badb195d13 cabac: Move code only used within the CABAC test program into the test program. 2012-01-07 22:13:14 +01:00
Diego Biurrun 1be4b8ccba vp56: Drop unnecessary cabac.h #include. 2012-01-07 22:13:12 +01:00
Diego Biurrun a7e3cb9d32 h264-test: Initialize AVCodecContext.av_class.
This fixes a segfault on startup.

Also remove a commented-out and completely unused variable.
2012-01-07 22:13:10 +01:00
Diego Biurrun 3dc99a18d4 cosmetics: drop some pointless parentheses 2012-01-07 22:13:07 +01:00
Justin Ruggles 3f6aa85ed4 avcodec: attempt to clarify the CODEC_CAP_DELAY documentation 2012-01-07 14:33:16 -05:00
Justin Ruggles 07837e4158 avcodec: fix avcodec_encode_audio() documentation.
the previous documentation indicated how many bytes are read from the input,
not how many samples are read.
2012-01-07 14:33:15 -05:00
Justin Ruggles cf1a259ad6 g722enc: validate AVCodecContext.trellis 2012-01-07 13:38:23 -05:00
Justin Ruggles 77c5b66cbe g722enc: set frame_size, and also handle an odd number of input samples
The fate reference is updated because the previous test skipped a sample in
each encode() call due each input frame having an odd number of samples.
2012-01-07 13:38:23 -05:00
Justin Ruggles 34093ba081 g722enc: split encoding into separate functions for trellis vs. no trellis 2012-01-07 13:38:23 -05:00
Vitor Sessak 96219141e2 mpegaudiodec: Use clearer pointer math
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-07 08:23:27 -08:00
Justin Ruggles 52e9854a83 tta: fix 24-bit decoding.
Decode to the correct output buffer.
2012-01-07 09:44:13 -05:00
Paul B Mahol 17aa02b9a1 interplayvideo: Handle changed video dimensions on the fly
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-07 15:25:38 +02:00
Martin Storsjö c5d907b6b0 libavcodec: Handle param change side data in avcodec_decode_video2, too
Also call avcodec_set_dimensions on dimension param change packets.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-07 15:25:35 +02:00
Martin Storsjö 867f923df4 libavcodec: Move apply_param_change up above avcodec_decode_video2
This is in preparation to calling it from avcodec_decode_video2.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-07 15:25:30 +02:00
Janne Grunau be540e0cb3 indeo3: check motion vectors for validity
Fixes null pointer dereferences in fuzzed files found by Oana Stratulat.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2012-01-07 09:41:11 +01:00
Michael Niedermayer b18a0cc781 indeo5: Fix null pointer dereference.
Bug found by: Oana Stratulat

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
2012-01-07 00:18:42 +01:00
Laurentiu Ion b348c852aa flicvideo: fix invalid reads
Prevent invalid reads using bytestream2 functions.
Fixes bug #126.

Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2012-01-06 16:48:27 -05:00
Chris Evans 57cd6d7095 vorbis: Avoid some out-of-bounds reads
Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-01-06 19:58:22 +01:00
Diego Biurrun 3aa3fc45fe cabac: remove unused function renorm_cabac_decoder 2012-01-06 13:37:55 +01:00
Diego Biurrun 301fb92131 h264: Only use symbols from the SVQ3 decoder under proper conditionals.
Fixes --disable-everything --enable-decoder=h264 --disable-optimizations.
2012-01-06 13:37:53 +01:00
Justin Ruggles 6e8bf6db48 add bytestream2_tell() and bytestream2_seek() functions 2012-01-05 23:36:36 -05:00
Janne Grunau f907615f08 parsers: initialize MpegEncContext.slice_context_count to 1
The mpeg4 video, H264 and VC-1 parser hold (directly or indirectly)
a MpegEncContext in their private context. Since they do not call the
common mpegvideo init function slice_context_count has explicitly set
to 1.
Prevents a null pointer dereference in the h264 parser and fixes
bug 193.
2012-01-06 01:47:45 +01:00
Janne Grunau 696ace50ea truemotion2: check size before GetBitContext initialisation
Prevents null ptr derefence for negative sizes.
2012-01-05 23:19:13 +01:00
Janne Grunau bb5b3940b0 adpcm: ADPCM Electronic Arts has always two channels 2012-01-05 22:29:18 +01:00
Aneesh Dogra 9b55b4bb3a 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-05 09:37:16 -08:00
Janne Grunau e268a352af mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
Check explicitly if enough bits are left to prevent an infinite loop
when the bitstream buffer is not followed by zero-padding.

Based on patches by Michael Niedermayer <michaelni@gmx.at>.
2012-01-05 18:20:35 +01:00
Janne Grunau 9b4767e478 vp3: fix streams with non-zero last coefficient
Fixes a regression introduced in 8b94df0f20.
2012-01-05 18:18:08 +01:00
Oana Stratulat 7f09791d28 Report an error if pitch_lag is zero in AMR-NB decoder.
This fixes an infinite loop in the decoder on specially
crafted files, and fixes bug 151.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:33:14 -08:00
Ronald S. Bultje 3fa646e859 Revert "4xm: Prevent buffer overreads."
This reverts commit 295a7c0238. The
patch breaks decoding of regular files (e.g. fate-4xm-2).
2012-01-04 21:27:31 -08:00
Aneesh Dogra 295a7c0238 4xm: Prevent buffer overreads.
4xm decoder while decoding i2 frames can overread the buffer if proper checks
are not made.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:15:50 -08:00
Aneesh Dogra 4b84f68223 4xm: pass the correct remaining buffer size to decode_i2_frame().
frame_size is the number of bytes left in the packet, so if we are passing
buf-4 we can safely read frame_size+4 bytes.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:10:11 -08:00
Aneesh Dogra 893f137679 4xm: fix calculation of the next output line position in decode_i2_frame().
The current code doesn't work unless width is an exact multiple of 16.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
2012-01-04 21:09:22 -08:00
Ronald S. Bultje 89d26797f5 ulti: convert to new bytestream API. 2012-01-04 10:57:37 -08:00
Diego Biurrun 00a1cdd264 Place some START_TIMER invocations in separate blocks.
This fixes compilation failures related to START_TIMER/STOP_TIMER macros and
-Werror=declaration-after-statement.  START_TIMER declares variables and thus
may not be placed after statements outside of a new block.
2012-01-04 15:05:49 +01:00
John Brooks d209c27b09 vc1dec: fix invalid memory access for small video dimensions
For small video dimensions, these calculations of the upper bound
for pixel access may have a negative result. Using an unsigned
comparison to bound a potentially negative value only works if
the greater operand is non-negative. Fixed by doing edge emulation
when the upper bound is probably negative, everywhere that this
pattern appears.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:35:26 +01:00
John Brooks aacf6b3a2f rv34: fix invalid memory access for small video dimensions
For small video dimensions calculations of the upper bound for pixel
access may result in negative value. Using an unsigned comparison
works only if the greater operand is non-negative. This is fixed by
doing edge emulation explicitly for such conditions.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:32:23 +01:00
Christophe GISQUET 98f24ecd6c rv34: joint coefficient decoding and dequantization
Perform dequantization while decoding coefficients instead of performing it
on the entire coefficients buffer.

Since quantized coefficients are very sparse, this usually causes a small
speedup. Speedup of around 1% on Panda board compared to the removed here
neon code. Global speedup is probably around 3%.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-04 10:30:01 +01:00
Ronald S. Bultje 400ba1d735 h264: return index in buffer on end-of-sequence.
Fixes hangs if the last packet contains an end-of-sequence NAL unit,
bug 158.
2012-01-03 19:50:22 -08:00
Diego Biurrun 54e68fb3b8 Merge some declarations and initializations.
This fixes compilation failures related to START_TIMER/STOP_TIMER macros and
-Werror=declaration-after-statement.  START_TIMER declares variables and thus
may not be placed after statements outside of a new block.
2012-01-04 01:28:28 +01:00
Diego Biurrun 9dec55748c cabac: drop unused and disabled get_cabac_u() / get_cabac_ueg() functions 2012-01-04 01:09:54 +01:00
Diego Biurrun e451c26c5f cabac: drop unused STRICT_LIMITS code branch 2012-01-04 01:09:53 +01:00
Justin Ruggles 9785082c15 libspeexenc: fix pts calculations for more than 1 frame per packet 2012-01-03 18:56:41 -05:00
Justin Ruggles 730280f90d adxdec: clear eof flag and channel states when seeking 2012-01-03 18:47:42 -05:00
Justin Ruggles 754ebd1a5b adxenc: check output buffer size before writing 2012-01-03 18:47:42 -05:00
Justin Ruggles 1fb47728cd adxenc: use bytestream functions for header writing.
also add more documentation about the header structure
2012-01-03 18:47:42 -05:00