[FFmpeg-cvslog] examples/demuxing_decoding: convert to codecpar
ffmpeg | branch: release/3.1 | James Almer| Wed Aug 10 12:31:16 2016 -0300| [40ab55746e29d27af58a4f78f4bb575813b12965] | committer: James Almer examples/demuxing_decoding: convert to codecpar Signed-off-by: James Almer (cherry picked from commit bba6a03b2816d805d44bce4f9701a71f7d3f8dad) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40ab55746e29d27af58a4f78f4bb575813b12965 --- doc/examples/demuxing_decoding.c | 33 ++--- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/doc/examples/demuxing_decoding.c b/doc/examples/demuxing_decoding.c index 59e0ccc..49fb6af 100644 --- a/doc/examples/demuxing_decoding.c +++ b/doc/examples/demuxing_decoding.c @@ -148,11 +148,10 @@ static int decode_packet(int *got_frame, int cached) } static int open_codec_context(int *stream_idx, - AVFormatContext *fmt_ctx, enum AVMediaType type) + AVCodecContext **dec_ctx, AVFormatContext *fmt_ctx, enum AVMediaType type) { int ret, stream_index; AVStream *st; -AVCodecContext *dec_ctx = NULL; AVCodec *dec = NULL; AVDictionary *opts = NULL; @@ -166,17 +165,31 @@ static int open_codec_context(int *stream_idx, st = fmt_ctx->streams[stream_index]; /* find decoder for the stream */ -dec_ctx = st->codec; -dec = avcodec_find_decoder(dec_ctx->codec_id); +dec = avcodec_find_decoder(st->codecpar->codec_id); if (!dec) { fprintf(stderr, "Failed to find %s codec\n", av_get_media_type_string(type)); return AVERROR(EINVAL); } +/* Allocate a codec context for the decoder */ +*dec_ctx = avcodec_alloc_context3(dec); +if (!*dec_ctx) { +fprintf(stderr, "Failed to allocate the %s codec context\n", +av_get_media_type_string(type)); +return AVERROR(ENOMEM); +} + +/* Copy codec parameters from input stream to output codec context */ +if ((ret = avcodec_parameters_to_context(*dec_ctx, st->codecpar)) < 0) { +fprintf(stderr, "Failed to copy %s codec parameters to decoder context\n", +av_get_media_type_string(type)); +return ret; +} + /* Init the decoders, with or without reference counting */ av_dict_set(, "refcounted_frames", refcount ? "1" : "0", 0); -if ((ret = avcodec_open2(dec_ctx, dec, )) < 0) { +if ((ret = avcodec_open2(*dec_ctx, dec, )) < 0) { fprintf(stderr, "Failed to open %s codec\n", av_get_media_type_string(type)); return ret; @@ -255,9 +268,8 @@ int main (int argc, char **argv) exit(1); } -if (open_codec_context(_stream_idx, fmt_ctx, AVMEDIA_TYPE_VIDEO) >= 0) { +if (open_codec_context(_stream_idx, _dec_ctx, fmt_ctx, AVMEDIA_TYPE_VIDEO) >= 0) { video_stream = fmt_ctx->streams[video_stream_idx]; -video_dec_ctx = video_stream->codec; video_dst_file = fopen(video_dst_filename, "wb"); if (!video_dst_file) { @@ -279,9 +291,8 @@ int main (int argc, char **argv) video_dst_bufsize = ret; } -if (open_codec_context(_stream_idx, fmt_ctx, AVMEDIA_TYPE_AUDIO) >= 0) { +if (open_codec_context(_stream_idx, _dec_ctx, fmt_ctx, AVMEDIA_TYPE_AUDIO) >= 0) { audio_stream = fmt_ctx->streams[audio_stream_idx]; -audio_dec_ctx = audio_stream->codec; audio_dst_file = fopen(audio_dst_filename, "wb"); if (!audio_dst_file) { fprintf(stderr, "Could not open destination file %s\n", audio_dst_filename); @@ -369,8 +380,8 @@ int main (int argc, char **argv) } end: -avcodec_close(video_dec_ctx); -avcodec_close(audio_dec_ctx); +avcodec_free_context(_dec_ctx); +avcodec_free_context(_dec_ctx); avformat_close_input(_ctx); if (video_dst_file) fclose(video_dst_file); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Changelog: update after last commit
ffmpeg | branch: release/3.1 | James Almer| Wed Aug 24 20:43:33 2016 -0300| [c46d22a4a58467bdc7885685b06a2114dd181c43] | committer: James Almer Changelog: update after last commit Signed-off-by: James Almer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c46d22a4a58467bdc7885685b06a2114dd181c43 --- Changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/Changelog b/Changelog index a1bd17d..6089814 100644 --- a/Changelog +++ b/Changelog @@ -5,6 +5,7 @@ version : version 3.1.3: +- examples/demuxing_decoding: convert to codecpar - avcodec/exr: Check tile positions - avcodec/aacenc: Tighter input checks - avformat/wtvdec: Check pointer before use ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] libavcodec/wmalosslessdec: Check the remaining bits
ffmpeg | branch: release/3.1 | Michael Niedermayer| Sun Aug 21 20:30:34 2016 +0200| [2f07937926e52e328ade0aeb40f61d994b41ed9d] | committer: Michael Niedermayer libavcodec/wmalosslessdec: Check the remaining bits Fixes assertion failure Fixes: 24ebfda03228b5cc1ef792608cfba458/signal_sigabrt_76ae7c37_6473_3fa8a111dbc752b1a7c411c5ab79aaa4.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 67318187fbba382d887f9581dde48a50842f1bea) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f07937926e52e328ade0aeb40f61d994b41ed9d --- libavcodec/wmalosslessdec.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c index 6b4edfc..7eb7b4c 100644 --- a/libavcodec/wmalosslessdec.c +++ b/libavcodec/wmalosslessdec.c @@ -1271,6 +1271,11 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr, } } +if (remaining_bits(s, gb) < 0) { +av_log(avctx, AV_LOG_ERROR, "Overread %d\n", -remaining_bits(s, gb)); +s->packet_loss = 1; +} + if (s->packet_done && !s->packet_loss && remaining_bits(s, gb) > 0) { /* save the rest of the data so that it can be decoded ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h2645: Fix NAL unit padding
ffmpeg | branch: release/3.1 | Michael Niedermayer| Thu Aug 18 20:41:31 2016 +0200| [055e5c80ee07bb7911016a552df35ad25f7eebdd] | committer: Michael Niedermayer avcodec/h2645: Fix NAL unit padding The parser changes have lost the support for the needed padding, this adds it back Fixes out of array reads Fixes: 03ea21d271abc8acf428d42ace51d8b4/asan_heap-oob_3358eef_5692_16f0cc01ab5225e9ce591659e5c20e35.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit cc13bc8c4f0f4afa30d0b94c3f3a369ccd2aaf0b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=055e5c80ee07bb7911016a552df35ad25f7eebdd --- libavcodec/h264.c| 2 +- libavcodec/h264.h| 2 -- libavcodec/h2645_parse.c | 11 ++- libavcodec/h2645_parse.h | 6 -- libavcodec/h264_parse.c | 2 +- libavcodec/h264_parser.c | 2 +- libavcodec/hevc.c| 2 +- libavcodec/hevc_parser.c | 4 ++-- libavcodec/qsvenc_hevc.c | 2 +- 9 files changed, 17 insertions(+), 16 deletions(-) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index a61379c..a56f900 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -898,7 +898,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size) } ret = ff_h2645_packet_split(>pkt, buf, buf_size, avctx, h->is_avc, -h->nal_length_size, avctx->codec_id); +h->nal_length_size, avctx->codec_id, avctx->flags2 & AV_CODEC_FLAG2_FAST); if (ret < 0) { av_log(avctx, AV_LOG_ERROR, "Error splitting the input into NAL units.\n"); diff --git a/libavcodec/h264.h b/libavcodec/h264.h index efe3555..309f91d 100644 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@ -57,8 +57,6 @@ #define MAX_DELAYED_PIC_COUNT 16 -#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes - /* Compiling in interlaced support reduces the speed * of progressive decoding by about 2%. */ #define ALLOW_INTERLACE diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c index 9979b63..d2fa5a0 100644 --- a/libavcodec/h2645_parse.c +++ b/libavcodec/h2645_parse.c @@ -30,10 +30,11 @@ #include "h2645_parse.h" int ff_h2645_extract_rbsp(const uint8_t *src, int length, - H2645NAL *nal) + H2645NAL *nal, int small_padding) { int i, si, di; uint8_t *dst; +int64_t padding = small_padding ? AV_INPUT_BUFFER_PADDING_SIZE : MAX_MBPAIR_SIZE; nal->skipped_bytes = 0; #define STARTCODE_TEST \ @@ -81,7 +82,7 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length, } #endif /* HAVE_FAST_UNALIGNED */ -if (i >= length - 1) { // no escaped 0 +if (i >= length - 1 && small_padding) { // no escaped 0 nal->data = nal->raw_data = src; nal->size = @@ -90,7 +91,7 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length, } av_fast_malloc(>rbsp_buffer, >rbsp_buffer_size, - length + AV_INPUT_BUFFER_PADDING_SIZE); + length + padding); if (!nal->rbsp_buffer) return AVERROR(ENOMEM); @@ -247,7 +248,7 @@ static int h264_parse_nal_header(H2645NAL *nal, void *logctx) int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, void *logctx, int is_nalff, int nal_length_size, - enum AVCodecID codec_id) + enum AVCodecID codec_id, int small_padding) { int consumed, ret = 0; const uint8_t *next_avc = is_nalff ? buf : buf + length; @@ -322,7 +323,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, } nal = >nals[pkt->nb_nals]; -consumed = ff_h2645_extract_rbsp(buf, extract_length, nal); +consumed = ff_h2645_extract_rbsp(buf, extract_length, nal, small_padding); if (consumed < 0) return consumed; diff --git a/libavcodec/h2645_parse.h b/libavcodec/h2645_parse.h index a3c7e1f..6302359 100644 --- a/libavcodec/h2645_parse.h +++ b/libavcodec/h2645_parse.h @@ -26,6 +26,8 @@ #include "avcodec.h" #include "get_bits.h" +#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes + typedef struct H2645NAL { uint8_t *rbsp_buffer; int rbsp_buffer_size; @@ -74,14 +76,14 @@ typedef struct H2645Packet { * Extract the raw (unescaped) bitstream. */ int ff_h2645_extract_rbsp(const uint8_t *src, int length, - H2645NAL *nal); + H2645NAL *nal, int small_padding); /** * Split an input packet into NAL units. */ int ff_h2645_packet_split(H2645Packet *pkt,
[FFmpeg-cvslog] avformat/wtvdec: Check pointer before use
ffmpeg | branch: release/3.1 | Michael Niedermayer| Sun Aug 21 21:30:36 2016 +0200| [596513ca2ce9f140135a75647cf34ea86c8d86ce] | committer: Michael Niedermayer avformat/wtvdec: Check pointer before use Fixes out of array read Fixes: 049fdf78565f1ce5665df236d90f8657/asan_heap-oob_10a5a97_1026_42f9d4855547329560f385768de2f3fb.wtv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit cc5e5548df4af48674c7aef518e831b19e99f9fc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=596513ca2ce9f140135a75647cf34ea86c8d86ce --- libavformat/wtvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index bd32d70..3ac4501 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -1031,7 +1031,7 @@ static int read_header(AVFormatContext *s) while (1) { uint64_t frame_nb = avio_rl64(pb); uint64_t position = avio_rl64(pb); -while (frame_nb > e->size && e <= e_end) { +while (e <= e_end && frame_nb > e->size) { e->pos = last_position; e++; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/rawdec: Fix bits_per_coded_sample checks
ffmpeg | branch: release/3.1 | Michael Niedermayer| Fri Aug 19 02:07:22 2016 +0200| [afd57722e1a8b749fc3c753824d26c2d7c0f9106] | committer: Michael Niedermayer avcodec/rawdec: Fix bits_per_coded_sample checks Fixes assertion failure Fixes: 9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_76ae7c37_8926_4609a5c3f071d555d2d557625f9687b1.swf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 237207645b36fb79759d313c0399ee93ba467b9d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afd57722e1a8b749fc3c753824d26c2d7c0f9106 --- libavcodec/rawdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c index f97a839..5a98258 100644 --- a/libavcodec/rawdec.c +++ b/libavcodec/rawdec.c @@ -204,8 +204,9 @@ static int raw_decode(AVCodecContext *avctx, void *data, int *got_frame, desc = av_pix_fmt_desc_get(avctx->pix_fmt); -if ((avctx->bits_per_coded_sample == 8 || avctx->bits_per_coded_sample == 4 -|| avctx->bits_per_coded_sample <= 2) && +if ((avctx->bits_per_coded_sample == 8 || avctx->bits_per_coded_sample == 4 || + avctx->bits_per_coded_sample == 2 || avctx->bits_per_coded_sample == 1 || + (avctx->bits_per_coded_sample == 0 && (context->is_nut_pal8 || context->is_mono)) ) && (context->is_mono || context->is_pal8) && (!avctx->codec_tag || avctx->codec_tag == MKTAG('r','a','w',' ') || context->is_nut_mono || context->is_nut_pal8)) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/adpcm: Fix adpcm_ima_wav padding
ffmpeg | branch: release/3.1 | Michael Niedermayer| Sun Aug 21 01:42:20 2016 +0200| [4943abe05110562870b9f4d5e0ac85feb9ae2a63] | committer: Michael Niedermayer avcodec/adpcm: Fix adpcm_ima_wav padding Fixes out of array read Fixes: f29f134ea5f5590df554a7733294a587/asan_stack-oob_309d14e_9188_ea01743d6355aff20530f3d4cdaa841a.wav Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit f2a9a30fd6a2914197ae42ee67703a1471fac2eb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4943abe05110562870b9f4d5e0ac85feb9ae2a63 --- libavcodec/adpcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c index 46c63a2..06ba83e 100644 --- a/libavcodec/adpcm.c +++ b/libavcodec/adpcm.c @@ -803,7 +803,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data, if (avctx->bits_per_coded_sample != 4) { int samples_per_block = ff_adpcm_ima_block_samples[avctx->bits_per_coded_sample - 2]; int block_size = ff_adpcm_ima_block_sizes[avctx->bits_per_coded_sample - 2]; -uint8_t temp[20] = { 0 }; +uint8_t temp[20 + AV_INPUT_BUFFER_PADDING_SIZE] = { 0 }; GetBitContext g; for (n = 0; n < (nb_samples - 1) / samples_per_block; n++) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/aacenc: Tighter input checks
ffmpeg | branch: release/3.1 | Michael Niedermayer| Tue Aug 23 11:00:29 2016 +0200| [ae893819620b49f1a04902dca35852139aaa8d36] | committer: Michael Niedermayer avcodec/aacenc: Tighter input checks Fixes occurance of NaN/Inf leading to assertion failures and out of array access Fixes: d1c38a09acc34845c6be3a127a5aacaf/signal_sigsegv_3982225_6121_d18bd5451d4245ee09408f04badd1b83.wmv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 77bf96b04710b98a52aaddb93bfd32da0d506191) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae893819620b49f1a04902dca35852139aaa8d36 --- libavcodec/aacenc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c index 2653cef..4b80d38 100644 --- a/libavcodec/aacenc.c +++ b/libavcodec/aacenc.c @@ -622,8 +622,8 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, } for (k = 0; k < 1024; k++) { -if (!isfinite(cpe->ch[ch].coeffs[k])) { -av_log(avctx, AV_LOG_ERROR, "Input contains NaN/+-Inf\n"); +if (!(fabs(cpe->ch[ch].coeffs[k]) < 1E16)) { // Ensure headroom for energy calculation +av_log(avctx, AV_LOG_ERROR, "Input contains (near) NaN/+-Inf\n"); return AVERROR(EINVAL); } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_parser: Factor get_avc_nalsize() out
ffmpeg | branch: release/3.1 | Michael Niedermayer| Sat Aug 20 00:36:38 2016 +0200| [93422bc92e942e71b2435e7dac7dbbad3a32ddcc] | committer: Michael Niedermayer avcodec/h264_parser: Factor get_avc_nalsize() out Signed-off-by: Michael Niedermayer (cherry picked from commit f10ea03df3dd1c15e3a957ca0aba528251438a79) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93422bc92e942e71b2435e7dac7dbbad3a32ddcc --- libavcodec/h2645_parse.h | 20 libavcodec/h264_parser.c | 22 +- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/libavcodec/h2645_parse.h b/libavcodec/h2645_parse.h index 6302359..3a60f3f 100644 --- a/libavcodec/h2645_parse.h +++ b/libavcodec/h2645_parse.h @@ -90,4 +90,24 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, */ void ff_h2645_packet_uninit(H2645Packet *pkt); +static inline int get_nalsize(int nal_length_size, const uint8_t *buf, + int buf_size, int *buf_index, void *logctx) +{ +int i, nalsize = 0; + +if (*buf_index >= buf_size - nal_length_size) { +// the end of the buffer is reached, refill it +return AVERROR(EAGAIN); +} + +for (i = 0; i < nal_length_size; i++) +nalsize = ((unsigned)nalsize << 8) | buf[(*buf_index)++]; +if (nalsize <= 0 || nalsize > buf_size - *buf_index) { +av_log(logctx, AV_LOG_ERROR, + "Invalid nal size %d\n", nalsize); +return AVERROR_INVALIDDATA; +} +return nalsize; +} + #endif /* AVCODEC_H2645_PARSE_H */ diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index 2ae9869..abe5961 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -226,26 +226,6 @@ static int scan_mmco_reset(AVCodecParserContext *s, GetBitContext *gb, return 0; } -static inline int get_avc_nalsize(H264ParseContext *p, const uint8_t *buf, - int buf_size, int *buf_index, void *logctx) -{ -int i, nalsize = 0; - -if (*buf_index >= buf_size - p->nal_length_size) { -// the end of the buffer is reached, refill it -return AVERROR(EAGAIN); -} - -for (i = 0; i < p->nal_length_size; i++) -nalsize = ((unsigned)nalsize << 8) | buf[(*buf_index)++]; -if (nalsize <= 0 || nalsize > buf_size - *buf_index) { -av_log(logctx, AV_LOG_ERROR, - "AVC: nal size %d\n", nalsize); -return AVERROR_INVALIDDATA; -} -return nalsize; -} - /** * Parse NAL units of found picture and decode some basic information. * @@ -286,7 +266,7 @@ static inline int parse_nal_units(AVCodecParserContext *s, int src_length, consumed, nalsize = 0; if (buf_index >= next_avc) { -nalsize = get_avc_nalsize(p, buf, buf_size, _index, avctx); +nalsize = get_nalsize(p->nal_length_size, buf, buf_size, _index, avctx); if (nalsize < 0) break; next_avc = buf_index + nalsize; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] h2645_parse: only read avc length code at the correct position
ffmpeg | branch: release/3.1 | Hendrik Leppkes| Thu Jul 7 20:18:26 2016 +0200| [fabc1c9e567df696c87b557bc156e92420b26fa0] | committer: Michael Niedermayer h2645_parse: only read avc length code at the correct position Reading it from any other position would result in a wrong size being read, instead fallback to the re-sync mechanic in the else clause. (cherry picked from commit c3e9b098e12b8932693361625d4a69bc30583d9a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fabc1c9e567df696c87b557bc156e92420b26fa0 --- libavcodec/h2645_parse.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c index 4d18de8..e92e38a 100644 --- a/libavcodec/h2645_parse.c +++ b/libavcodec/h2645_parse.c @@ -259,7 +259,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, int extract_length = 0; int skip_trailing_zeros = 1; -if (buf >= next_avc) { +if (buf == next_avc) { int i; for (i = 0; i < nal_length_size; i++) extract_length = (extract_length << 8) | buf[i]; @@ -272,6 +272,9 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, } next_avc = buf + extract_length; } else { +if (buf > next_avc) +av_log(logctx, AV_LOG_WARNING, "Exceeded next NALFF position, re-syncing.\n"); + /* search start code */ while (buf[0] != 0 || buf[1] != 0 || buf[2] != 1) { ++buf; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/swfdec: Fix inflate() error code check
ffmpeg | branch: release/3.1 | Michael Niedermayer| Fri Aug 19 10:28:22 2016 +0200| [4770eac663da306fc8298ff8b73ebeabdc23489c] | committer: Michael Niedermayer avformat/swfdec: Fix inflate() error code check Fixes infinite loop Fixes endless.poc Found-by: 连一汉 Signed-off-by: Michael Niedermayer (cherry picked from commit a453bbb68f3eec202673728988bba3bc76071761) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4770eac663da306fc8298ff8b73ebeabdc23489c --- libavformat/swfdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index fa2435e..c6f5fe6 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -119,10 +119,10 @@ retry: z->avail_out = buf_size; ret = inflate(z, Z_NO_FLUSH); -if (ret < 0) -return AVERROR(EINVAL); if (ret == Z_STREAM_END) return AVERROR_EOF; +if (ret != Z_OK) +return AVERROR(EINVAL); if (buf_size - z->avail_out == 0) goto retry; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Update for 3.1.3
ffmpeg | branch: release/3.1 | Michael Niedermayer| Thu Aug 25 03:35:17 2016 +0200| [949094a4cdd946a2e38b6fc570e190ac8df1b5ec] | committer: Michael Niedermayer Update for 3.1.3 > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=949094a4cdd946a2e38b6fc570e190ac8df1b5ec --- Changelog| 22 ++ RELEASE | 2 +- doc/Doxyfile | 2 +- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index 6100077..a1bd17d 100644 --- a/Changelog +++ b/Changelog @@ -4,6 +4,28 @@ releases are sorted from youngest to oldest. version : +version 3.1.3: +- avcodec/exr: Check tile positions +- avcodec/aacenc: Tighter input checks +- avformat/wtvdec: Check pointer before use +- libavcodec/wmalosslessdec: Check the remaining bits +- avcodec/adpcm: Fix adpcm_ima_wav padding +- avcodec/svq3: fix slice size check +- avcodec/diracdec: Check numx/y +- avcodec/h2645_parse: fix nal size +- avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split() +- h2645_parse: only read avc length code at the correct position +- h2645_parse: don't overread AnnexB NALs within an avc stream +- avcodec/h264_parser: Factor get_avc_nalsize() out +- avcodec/cfhd: Increase minimum band dimension to 3 +- avcodec/indeo2: check ctab +- avformat/swfdec: Fix inflate() error code check +- avcodec/rawdec: Fix bits_per_coded_sample checks +- vcodec/h2645_parse: Clear buffer padding +- avcodec/h2645: Fix NAL unit padding +- avfilter/drawutils: Fix single plane with alpha +- cmdutils: check for SetDllDirectory() availability + version 3.1.2: - cmdutils: remove the current working directory from the DLL search path on win32 - avcodec/rawdec: Fix palette handling with changing palettes diff --git a/RELEASE b/RELEASE index ef538c2..ff365e0 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -3.1.2 +3.1.3 diff --git a/doc/Doxyfile b/doc/Doxyfile index 20dcf77..5c8b2ed 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.1.2 +PROJECT_NUMBER = 3.1.3 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split()
ffmpeg | branch: release/3.1 | Michael Niedermayer| Sat Aug 20 00:39:07 2016 +0200| [ec30a498e66a6498c3c5045244aec9a38d41799e] | committer: Michael Niedermayer avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split() This fixes several regressions in h.264 Signed-off-by: Michael Niedermayer (cherry picked from commit 528171ba84b24830b74d9c19dd957ac3609f7270) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec30a498e66a6498c3c5045244aec9a38d41799e --- libavcodec/h2645_parse.c | 13 ++--- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c index e92e38a..0059437 100644 --- a/libavcodec/h2645_parse.c +++ b/libavcodec/h2645_parse.c @@ -260,16 +260,15 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, int skip_trailing_zeros = 1; if (buf == next_avc) { -int i; -for (i = 0; i < nal_length_size; i++) -extract_length = (extract_length << 8) | buf[i]; +int i = 0; +extract_length = get_nalsize(nal_length_size, + buf, length, , logctx); +if (extract_length < 0) +return extract_length; + buf+= nal_length_size; length -= nal_length_size; -if (extract_length > length) { -av_log(logctx, AV_LOG_ERROR, "Invalid NAL unit size.\n"); -return AVERROR_INVALIDDATA; -} next_avc = buf + extract_length; } else { if (buf > next_avc) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/diracdec: Check numx/y
ffmpeg | branch: release/3.1 | Michael Niedermayer| Sat Aug 20 19:21:07 2016 +0200| [049d7677156af30ea34f5871df88846a8b9bc385] | committer: Michael Niedermayer avcodec/diracdec: Check numx/y Fixes division by 0 Fixes: 60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit a31e08fa1aa5c5f0518b8af850f28eb945268e66) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=049d7677156af30ea34f5871df88846a8b9bc385 --- libavcodec/diracdec.c | 5 + 1 file changed, 5 insertions(+) diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c index c473e87..769dac3 100644 --- a/libavcodec/diracdec.c +++ b/libavcodec/diracdec.c @@ -1153,6 +1153,11 @@ static int dirac_unpack_idwt_params(DiracContext *s) else { s->num_x= get_interleaved_ue_golomb(gb); s->num_y= get_interleaved_ue_golomb(gb); +if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > INT_MAX) { +av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n"); +s->num_x = s->num_y = 0; +return AVERROR_INVALIDDATA; +} if (s->ld_picture) { s->lowdelay.bytes.num = get_interleaved_ue_golomb(gb); s->lowdelay.bytes.den = get_interleaved_ue_golomb(gb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h2645_parse: fix nal size
ffmpeg | branch: release/3.1 | Michael Niedermayer| Fri Aug 19 23:54:28 2016 +0200| [8003a5d23792d79187e5f99be55c518e997bc1fd] | committer: Michael Niedermayer avcodec/h2645_parse: fix nal size Found-by: Signed-off-by: Michael Niedermayer (cherry picked from commit 15dd56c093be480e719d7bbc39f8dbddb586694d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8003a5d23792d79187e5f99be55c518e997bc1fd --- libavcodec/h2645_parse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c index 0059437..c3961a5 100644 --- a/libavcodec/h2645_parse.c +++ b/libavcodec/h2645_parse.c @@ -88,7 +88,8 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length, nal->size = nal->raw_size = length; return length; -} +} else if (i > length) +i = length; av_fast_padded_malloc(>rbsp_buffer, >rbsp_buffer_size, length + padding); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: Check tile positions
ffmpeg | branch: release/3.1 | Michael Niedermayer| Wed Aug 17 21:22:29 2016 +0200| [79f52a0dbd484aad111e4bf4a4f7047c7ceb6137] | committer: Michael Niedermayer avcodec/exr: Check tile positions This also disabled the case of mixed x/ymin with tiles, the code handles these cases inconsistent for the 2 coordinate axis and is unlikely working correctly. Fixes crash Fixes: poc1.exr, poc2.exr Found-by: Yaoguang Chen of Aliapy unLimit Security Team Signed-off-by: Michael Niedermayer (cherry picked from commit 01aee8148d4fa439cce678a11f5110656c98de1f) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137 --- libavcodec/exr.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index cabe329..de46028 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -1027,8 +1027,9 @@ static int decode_block(AVCodecContext *avctx, void *tdata, uint64_t line_offset, uncompressed_size; uint16_t *ptr_x; uint8_t *ptr; -uint32_t data_size, line, col = 0; -uint32_t tileX, tileY, tileLevelX, tileLevelY; +uint32_t data_size; +uint64_t line, col = 0; +uint64_t tileX, tileY, tileLevelX, tileLevelY; const uint8_t *src; int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components; /* nb pixel to add at the right of the datawindow */ int bxmin = s->xmin * 2 * s->desc->nb_components; /* nb pixel to add at the left of the datawindow */ @@ -1059,9 +1060,18 @@ static int decode_block(AVCodecContext *avctx, void *tdata, return AVERROR_PATCHWELCOME; } +if (s->xmin || s->ymin) { +avpriv_report_missing_feature(s->avctx, "Tiles with xmin/ymin"); +return AVERROR_PATCHWELCOME; +} + line = s->tile_attr.ySize * tileY; col = s->tile_attr.xSize * tileX; +if (line < s->ymin || line > s->ymax || +col < s->xmin || col > s->xmax) +return AVERROR_INVALIDDATA; + td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tileY * s->tile_attr.ySize); td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tileX * s->tile_attr.xSize); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/cfhd: Increase minimum band dimension to 3
ffmpeg | branch: release/3.1 | Michael Niedermayer| Fri Aug 19 21:34:38 2016 +0200| [22a0c0e7642729db3d3e2820be56a6af38c61f2f] | committer: Michael Niedermayer avcodec/cfhd: Increase minimum band dimension to 3 The implementation does not currently support len=2 Fixes out of array accesses Fixes: 29d1b3db5ba2205e82b0b3a533e057a3/asan_heap-oob_12b650c_9254_3b8c4e4d931eb2c32841c18ebb297f1d.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit b8b36717217c6f45db71c77ad4e7c65521e7d9ff) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22a0c0e7642729db3d3e2820be56a6af38c61f2f --- libavcodec/cfhd.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c index 74facd4..dfc9ace 100644 --- a/libavcodec/cfhd.c +++ b/libavcodec/cfhd.c @@ -320,7 +320,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, s->plane[s->channel_num].band[0][0].width = data; s->plane[s->channel_num].band[0][0].stride = data; av_log(avctx, AV_LOG_DEBUG, "Lowpass width %"PRIu16"\n", data); -if (data < 2 || data > s->plane[s->channel_num].band[0][0].a_width) { +if (data < 3 || data > s->plane[s->channel_num].band[0][0].a_width) { av_log(avctx, AV_LOG_ERROR, "Invalid lowpass width\n"); ret = AVERROR(EINVAL); break; @@ -328,7 +328,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, } else if (tag == 28) { s->plane[s->channel_num].band[0][0].height = data; av_log(avctx, AV_LOG_DEBUG, "Lowpass height %"PRIu16"\n", data); -if (data < 2 || data > s->plane[s->channel_num].band[0][0].height) { +if (data < 3 || data > s->plane[s->channel_num].band[0][0].height) { av_log(avctx, AV_LOG_ERROR, "Invalid lowpass height\n"); ret = AVERROR(EINVAL); break; @@ -366,7 +366,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, s->plane[s->channel_num].band[s->level][s->subband_num].width = data; s->plane[s->channel_num].band[s->level][s->subband_num].stride = FFALIGN(data, 8); av_log(avctx, AV_LOG_DEBUG, "Highpass width %i channel %i level %i subband %i\n", data, s->channel_num, s->level, s->subband_num); -if (data < 2) { +if (data < 3) { av_log(avctx, AV_LOG_ERROR, "Invalid highpass width\n"); ret = AVERROR(EINVAL); break; @@ -374,7 +374,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, } else if (tag == 42) { s->plane[s->channel_num].band[s->level][s->subband_num].height = data; av_log(avctx, AV_LOG_DEBUG, "Highpass height %i\n", data); -if (data < 2) { +if (data < 3) { av_log(avctx, AV_LOG_ERROR, "Invalid highpass height\n"); ret = AVERROR(EINVAL); break; @@ -383,7 +383,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, s->plane[s->channel_num].band[s->level][s->subband_num].width = data; s->plane[s->channel_num].band[s->level][s->subband_num].stride = FFALIGN(data, 8); av_log(avctx, AV_LOG_DEBUG, "Highpass width2 %i\n", data); -if (data < 2) { +if (data < 3) { av_log(avctx, AV_LOG_ERROR, "Invalid highpass width2\n"); ret = AVERROR(EINVAL); break; @@ -391,7 +391,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, } else if (tag == 50) { s->plane[s->channel_num].band[s->level][s->subband_num].height = data; av_log(avctx, AV_LOG_DEBUG, "Highpass height2 %i\n", data); -if (data < 2) { +if (data < 3) { av_log(avctx, AV_LOG_ERROR, "Invalid highpass height2\n"); ret = AVERROR(EINVAL); break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/svq3: fix slice size check
ffmpeg | branch: release/3.1 | Michael Niedermayer| Sat Aug 20 22:09:54 2016 +0200| [8c4a67183b0790735cc4611015a3a66c2616f6f1] | committer: Michael Niedermayer avcodec/svq3: fix slice size check Fixes out of array read Fixes: 09f46aa2175cade93e3e3932646a56a9/asan_heap-oob_4a5385_2995_498f6abfdc0248288cefe5f4b7ad316c.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 2624695484cde26baedac10192856ebfd97f2cc7) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8c4a67183b0790735cc4611015a3a66c2616f6f1 --- libavcodec/svq3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c index a927063..5e7d164 100644 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@ -1027,7 +1027,7 @@ static int svq3_decode_slice_header(AVCodecContext *avctx) slice_bits = slice_length * 8; slice_bytes = slice_length + length - 1; -if (slice_bytes > get_bits_left(>gb)) { +if (8LL*slice_bytes > get_bits_left(>gb)) { av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n"); return -1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/indeo2: check ctab
ffmpeg | branch: release/3.1 | Michael Niedermayer| Fri Aug 19 13:07:14 2016 +0200| [77f978996bd55f8ee22ced3accb6264cbbc36859] | committer: Michael Niedermayer avcodec/indeo2: check ctab Fixes out of array access Fixes: 6b73fa392ac808f02e95a4e0a5770026/asan_static-oob_1b15f9a_1969_e7778535e5f27225fe0d6ded14721430.AVI Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 9ffe44c5c75c485b4cbb12751e228f18da219df3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=77f978996bd55f8ee22ced3accb6264cbbc36859 --- libavcodec/indeo2.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c index 17f2367..7ad686d 100644 --- a/libavcodec/indeo2.c +++ b/libavcodec/indeo2.c @@ -171,6 +171,12 @@ static int ir2_decode_frame(AVCodecContext *avctx, ltab = buf[0x22] & 3; ctab = buf[0x22] >> 2; + +if (ctab > 3) { +av_log(avctx, AV_LOG_ERROR, "ctab %d is invalid\n", ctab); +return AVERROR_INVALIDDATA; +} + if (s->decode_delta) { /* intraframe */ if ((ret = ir2_decode_plane(s, avctx->width, avctx->height, p->data[0], p->linesize[0], ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] h2645_parse: don't overread AnnexB NALs within an avc stream
ffmpeg | branch: release/3.1 | Hendrik Leppkes| Thu Jul 7 20:19:51 2016 +0200| [0ad4d4198a40f3907b77390d525bf6fd7868538f] | committer: Michael Niedermayer h2645_parse: don't overread AnnexB NALs within an avc stream We know the maximum size of an AnnexB NAL, signaling it as the maximum NAL size allows ff_h2645_extract_rbsp to determine the correct size. (cherry picked from commit 83a940e7fb9640954d631870e2ec6e8b3fc528ed) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ad4d4198a40f3907b77390d525bf6fd7868538f --- libavcodec/h2645_parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c index 50837b6..4d18de8 100644 --- a/libavcodec/h2645_parse.c +++ b/libavcodec/h2645_parse.c @@ -291,7 +291,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, buf += 3; length-= 3; -extract_length = length; +extract_length = FFMIN(length, next_avc - buf); if (buf >= next_avc) { /* skip to the start of the next NAL */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] vcodec/h2645_parse: Clear buffer padding
ffmpeg | branch: release/3.1 | Michael Niedermayer| Thu Aug 18 22:23:32 2016 +0200| [7d42daeea2df35e26dd4d45c3cce693a4d7a788c] | committer: Michael Niedermayer vcodec/h2645_parse: Clear buffer padding Fixes use of uninitialized memory Fixes: 044100cb22845944988a4bd821ff8074/asan_heap-oob_329927a_1366_c3de34ce9217dac820fbb46171031bbb.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 382a68b0088b06b8df20d0133d767d53d8f161ef) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d42daeea2df35e26dd4d45c3cce693a4d7a788c --- libavcodec/h2645_parse.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c index d2fa5a0..50837b6 100644 --- a/libavcodec/h2645_parse.c +++ b/libavcodec/h2645_parse.c @@ -34,7 +34,7 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length, { int i, si, di; uint8_t *dst; -int64_t padding = small_padding ? AV_INPUT_BUFFER_PADDING_SIZE : MAX_MBPAIR_SIZE; +int64_t padding = small_padding ? 0 : MAX_MBPAIR_SIZE; nal->skipped_bytes = 0; #define STARTCODE_TEST \ @@ -90,8 +90,8 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length, return length; } -av_fast_malloc(>rbsp_buffer, >rbsp_buffer_size, - length + padding); +av_fast_padded_malloc(>rbsp_buffer, >rbsp_buffer_size, + length + padding); if (!nal->rbsp_buffer) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/drawutils: Fix single plane with alpha
ffmpeg | branch: release/3.1 | Michael Niedermayer| Tue Aug 9 12:22:15 2016 +0200| [905372be8f746ded92023fa92b858599368b2597] | committer: Michael Niedermayer avfilter/drawutils: Fix single plane with alpha Fixes Ticket5720 Signed-off-by: Michael Niedermayer (cherry picked from commit 369ed11e3c8acc08db39fb2ed4e980a918cab61e) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=905372be8f746ded92023fa92b858599368b2597 --- libavfilter/drawutils.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavfilter/drawutils.c b/libavfilter/drawutils.c index e533040..8153fde 100644 --- a/libavfilter/drawutils.c +++ b/libavfilter/drawutils.c @@ -450,6 +450,7 @@ void ff_blend_rectangle(FFDrawContext *draw, FFDrawColor *color, alpha = 0x101 * color->rgba[3] + 0x2; } nb_planes = draw->nb_planes - !!(draw->desc->flags & AV_PIX_FMT_FLAG_ALPHA); +nb_planes += !nb_planes; for (plane = 0; plane < nb_planes; plane++) { nb_comp = draw->pixelstep[plane]; p0 = pointer_at(draw, dst, dst_linesize, plane, x0, y0); @@ -627,6 +628,7 @@ void ff_blend_mask(FFDrawContext *draw, FFDrawColor *color, alpha = (0x101 * color->rgba[3] + 0x2) >> 8; } nb_planes = draw->nb_planes - !!(draw->desc->flags & AV_PIX_FMT_FLAG_ALPHA); +nb_planes += !nb_planes; for (plane = 0; plane < nb_planes; plane++) { nb_comp = draw->pixelstep[plane]; p0 = pointer_at(draw, dst, dst_linesize, plane, x0, y0); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/exr: Check tile positions
ffmpeg | branch: master | Michael Niedermayer| Wed Aug 17 21:22:29 2016 +0200| [01aee8148d4fa439cce678a11f5110656c98de1f] | committer: Michael Niedermayer avcodec/exr: Check tile positions This also disabled the case of mixed x/ymin with tiles, the code handles these cases inconsistent for the 2 coordinate axis and is unlikely working correctly. Fixes crash Fixes: poc1.exr, poc2.exr Found-by: Yaoguang Chen of Aliapy unLimit Security Team Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01aee8148d4fa439cce678a11f5110656c98de1f --- libavcodec/exr.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index 9ad11d6..c250eea 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -1029,8 +1029,9 @@ static int decode_block(AVCodecContext *avctx, void *tdata, uint64_t line_offset, uncompressed_size; uint16_t *ptr_x; uint8_t *ptr; -uint32_t data_size, line, col = 0; -uint32_t tileX, tileY, tileLevelX, tileLevelY; +uint32_t data_size; +uint64_t line, col = 0; +uint64_t tileX, tileY, tileLevelX, tileLevelY; const uint8_t *src; int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components; /* nb pixel to add at the right of the datawindow */ int bxmin = s->xmin * 2 * s->desc->nb_components; /* nb pixel to add at the left of the datawindow */ @@ -1062,9 +1063,18 @@ static int decode_block(AVCodecContext *avctx, void *tdata, return AVERROR_PATCHWELCOME; } +if (s->xmin || s->ymin) { +avpriv_report_missing_feature(s->avctx, "Tiles with xmin/ymin"); +return AVERROR_PATCHWELCOME; +} + line = s->tile_attr.ySize * tileY; col = s->tile_attr.xSize * tileX; +if (line < s->ymin || line > s->ymax || +col < s->xmin || col > s->xmax) +return AVERROR_INVALIDDATA; + td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tileY * s->tile_attr.ySize); td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tileX * s->tile_attr.xSize); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] af_hdcd: check return value of av_frame_copy_props()
ffmpeg | branch: master | Burt P| Mon Aug 22 17:14:49 2016 -0500| [8a78fc5b015f34e0a0c877b4b22b33fb961f847b] | committer: Burt P af_hdcd: check return value of av_frame_copy_props() Anton Khirnov: "[av_frame_copy_props()] potentially contains memory allocation, so the return value needs to be checked." Signed-off-by: Burt P > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a78fc5b015f34e0a0c877b4b22b33fb961f847b --- libavfilter/af_hdcd.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavfilter/af_hdcd.c b/libavfilter/af_hdcd.c index 1bcd279..2324dc3 100644 --- a/libavfilter/af_hdcd.c +++ b/libavfilter/af_hdcd.c @@ -1530,14 +1530,18 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) AVFrame *out; const int16_t *in_data; int32_t *out_data; -int n, c; +int n, c, result; out = ff_get_audio_buffer(outlink, in->nb_samples); if (!out) { av_frame_free(); return AVERROR(ENOMEM); } -av_frame_copy_props(out, in); +result = av_frame_copy_props(out, in); +if (result) { +av_frame_free(); +return result; +} out->format = outlink->format; in_data = (int16_t*)in->data[0]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] fate: add test for af_hdcd analyze mode
ffmpeg | branch: master | Burt P| Mon Aug 22 17:11:42 2016 -0500| [0cfe6acbe4987b3ce8ec364408256a09895a1f9b] | committer: Burt P fate: add test for af_hdcd analyze mode Signed-off-by: Burt P > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0cfe6acbe4987b3ce8ec364408256a09895a1f9b --- tests/fate/filter-audio.mak | 6 ++ 1 file changed, 6 insertions(+) diff --git a/tests/fate/filter-audio.mak b/tests/fate/filter-audio.mak index d1d9d59..2066fa9 100644 --- a/tests/fate/filter-audio.mak +++ b/tests/fate/filter-audio.mak @@ -238,6 +238,12 @@ fate-filter-hdcd: CMD = md5 -i $(SRC) -af hdcd -f s24le fate-filter-hdcd: CMP = oneline fate-filter-hdcd: REF = 5db465a58d2fd0d06ca944b883b33476 +FATE_AFILTER_SAMPLES-$(call FILTERDEMDECENCMUX, HDCD, FLAC, FLAC, PCM_S24LE, PCM_S24LE) += fate-filter-hdcd-analyze +fate-filter-hdcd-analyze: SRC = $(TARGET_SAMPLES)/filter/hdcd.flac +fate-filter-hdcd-analyze: CMD = md5 -i $(SRC) -af hdcd=analyze_mode=pe -f s24le +fate-filter-hdcd-analyze: CMP = oneline +fate-filter-hdcd-analyze: REF = 81a4f00f85a585bc0198e9a0670a8cde + FATE_AFILTER_SAMPLES-$(call FILTERDEMDECENCMUX, HDCD, FLAC, FLAC, PCM_S24LE, PCM_S24LE) += fate-filter-hdcd-false-positive fate-filter-hdcd-false-positive: SRC = $(TARGET_SAMPLES)/filter/hdcd-false-positive.flac fate-filter-hdcd-false-positive: CMD = md5 -i $(SRC) -af hdcd -f s24le ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/vf_lut: add planar RGB support
ffmpeg | branch: master | Paul B Mahol| Wed Aug 24 08:30:22 2016 +0200| [0edfd8e6f4bbab7412aa27beb0e3dbe864196062] | committer: Paul B Mahol avfilter/vf_lut: add planar RGB support > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0edfd8e6f4bbab7412aa27beb0e3dbe864196062 --- libavfilter/vf_lut.c | 17 - tests/ref/fate/filter-pixfmts-lut | 6 ++ 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/libavfilter/vf_lut.c b/libavfilter/vf_lut.c index 5148663..3e2f43c 100644 --- a/libavfilter/vf_lut.c +++ b/libavfilter/vf_lut.c @@ -66,6 +66,7 @@ typedef struct LutContext { int hsub, vsub; double var_values[VAR_VARS_NB]; int is_rgb, is_yuv; +int is_planar; int is_16bit; int step; int negate_alpha; /* only used by negate */ @@ -126,7 +127,12 @@ static av_cold void uninit(AVFilterContext *ctx) AV_PIX_FMT_ARGB, AV_PIX_FMT_RGBA, \ AV_PIX_FMT_ABGR, AV_PIX_FMT_BGRA, \ AV_PIX_FMT_RGB24,AV_PIX_FMT_BGR24,\ -AV_PIX_FMT_RGB48LE, AV_PIX_FMT_RGBA64LE +AV_PIX_FMT_RGB48LE, AV_PIX_FMT_RGBA64LE, \ +AV_PIX_FMT_GBRP, AV_PIX_FMT_GBRAP,\ +AV_PIX_FMT_GBRP9,AV_PIX_FMT_GBRP10, \ +AV_PIX_FMT_GBRP12, AV_PIX_FMT_GBRP14, \ +AV_PIX_FMT_GBRP16, AV_PIX_FMT_GBRAP12, \ +AV_PIX_FMT_GBRAP16 static const enum AVPixelFormat yuv_pix_fmts[] = { YUV_FORMATS, AV_PIX_FMT_NONE }; static const enum AVPixelFormat rgb_pix_fmts[] = { RGB_FORMATS, AV_PIX_FMT_NONE }; @@ -268,10 +274,11 @@ static int config_props(AVFilterLink *inlink) break; default: min[0] = min[1] = min[2] = min[3] = 0; -max[0] = max[1] = max[2] = max[3] = 255; +max[0] = max[1] = max[2] = max[3] = 255 * (1 << (desc->comp[0].depth - 8)); } s->is_yuv = s->is_rgb = 0; +s->is_planar = desc->flags & AV_PIX_FMT_FLAG_PLANAR; if (ff_fmt_is_in(inlink->format, yuv_pix_fmts)) s->is_yuv = 1; else if (ff_fmt_is_in(inlink->format, rgb_pix_fmts)) s->is_rgb = 1; @@ -345,7 +352,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) av_frame_copy_props(out, in); } -if (s->is_rgb && s->is_16bit) { +if (s->is_rgb && s->is_16bit && !s->is_planar) { /* packed, 16-bit */ uint16_t *inrow, *outrow, *inrow0, *outrow0; const int w = inlink->w; @@ -382,7 +389,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) inrow0 += in_linesize; outrow0 += out_linesize; } -} else if (s->is_rgb) { +} else if (s->is_rgb && !s->is_planar) { /* packed */ uint8_t *inrow, *outrow, *inrow0, *outrow0; const int w = inlink->w; @@ -412,7 +419,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) outrow0 += out_linesize; } } else if (s->is_16bit) { -// planar yuv >8 bit depth +// planar >8 bit depth uint16_t *inrow, *outrow; for (plane = 0; plane < 4 && in->data[plane] && in->linesize[plane]; plane++) { diff --git a/tests/ref/fate/filter-pixfmts-lut b/tests/ref/fate/filter-pixfmts-lut index 47e79d1..1f7c2ea 100644 --- a/tests/ref/fate/filter-pixfmts-lut +++ b/tests/ref/fate/filter-pixfmts-lut @@ -2,6 +2,12 @@ abgr0a932e831efd4ec22f68b25278bac402 argb4f575be3cd02799389f581df99c4de38 bgr24 fa43e3b2abfde8d9e60e157a9acc553d bgra4e2e689897ee7a8e42b16234597bab35 +gbrap 0d1eb2c39e291c53c57302cdc653c2fc +gbrpe572d53183f3f2ed3951aa9940d440a1 +gbrp10lea8fd1ebbc36a477e2b134241fed91687 +gbrp12lec5a4b89571f7095eb737ad9fd6b1ee08 +gbrp14lebdfdfd6f36c60497d1cdae791f3cc117 +gbrp9le a8c4e29f4cb627db81ba053e0853e702 rgb24 a356171207723a580e7d277078072005 rgb48le 5c7dd8575836d18c91e09f1915cf9aa9 rgba7bc854c2698b78af3e9159a19c2d9d21 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] fate: update for gbrap after 61980dc479ce045d2e280bff0ba2118ccb8ce595
ffmpeg | branch: master | Paul B Mahol| Wed Aug 24 08:03:20 2016 +0200| [35a0bc0d94bc7a5106fe93db8ec1b59e10a6a184] | committer: Paul B Mahol fate: update for gbrap after 61980dc479ce045d2e280bff0ba2118ccb8ce595 > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35a0bc0d94bc7a5106fe93db8ec1b59e10a6a184 --- tests/ref/fate/filter-pixdesc-gbrap | 2 +- tests/ref/fate/filter-pixfmts-copy | 2 +- tests/ref/fate/filter-pixfmts-crop | 2 +- tests/ref/fate/filter-pixfmts-field | 2 +- tests/ref/fate/filter-pixfmts-fieldorder | 2 +- tests/ref/fate/filter-pixfmts-hflip | 2 +- tests/ref/fate/filter-pixfmts-il | 2 +- tests/ref/fate/filter-pixfmts-null | 2 +- tests/ref/fate/filter-pixfmts-pad| 2 +- tests/ref/fate/filter-pixfmts-rotate | 2 +- tests/ref/fate/filter-pixfmts-scale | 2 +- tests/ref/fate/filter-pixfmts-vflip | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/ref/fate/filter-pixdesc-gbrap b/tests/ref/fate/filter-pixdesc-gbrap index 6be442b..c8f5354 100644 --- a/tests/ref/fate/filter-pixdesc-gbrap +++ b/tests/ref/fate/filter-pixdesc-gbrap @@ -1 +1 @@ -pixdesc-gbrap a2b9d6261ad24d75d192cbb3af277022 +pixdesc-gbrap 62c4d187a269f9f6fc87bb87e904ea71 diff --git a/tests/ref/fate/filter-pixfmts-copy b/tests/ref/fate/filter-pixfmts-copy index 0059c9f..5890d4d 100644 --- a/tests/ref/fate/filter-pixfmts-copy +++ b/tests/ref/fate/filter-pixfmts-copy @@ -18,7 +18,7 @@ bgr8898a66734bda0572dfab1edd8239f6a2 bgra3934fb81a602dfa7d29420b1a66f0fd8 bgra64bec8d3217bf58d34f080ac88c0b0012c77 bgra64leb71d75a928aac14cb768403e6f6a9910 -gbrap ae09c3e9dcbe0d1ef21b2342be369210 +gbrap 98d30987407c51e5620921e11d40a4ff gbrp5fbc319e30110d19d539f5b274eddb6d gbrp10be703a17591a2a5c236675c5101c349bcc gbrp10leee014153f55c011918df5b2394815780 diff --git a/tests/ref/fate/filter-pixfmts-crop b/tests/ref/fate/filter-pixfmts-crop index 4932b01..9b0b36f 100644 --- a/tests/ref/fate/filter-pixfmts-crop +++ b/tests/ref/fate/filter-pixfmts-crop @@ -18,7 +18,7 @@ bgr8142275ecc024d3f7b66c168ac2279ae2 bgrae66a5f68ba463cbc89fce23a61bb5203 bgra64be1ad8dd02714cafec793fb89577ddde47 bgra64ledd29ec9aba43aa3e8f9f5b9a93ca8831 -gbrap da6be176149efdfecb2a690bc64a644e +gbrap 188cd467fe7ae7d85ae9ca8bdfa07739 gbrpec671f573c2105072ab68a1933c58fee gbrp10be6f0130a41f01e58593d3840446dd94b7 gbrp10le9c152b7dfb7ad7bc477518d97316d04f diff --git a/tests/ref/fate/filter-pixfmts-field b/tests/ref/fate/filter-pixfmts-field index 05bbc37..135814a 100644 --- a/tests/ref/fate/filter-pixfmts-field +++ b/tests/ref/fate/filter-pixfmts-field @@ -18,7 +18,7 @@ bgr847b2118262ad932cacf731cb66905ffd bgra66d6e0846990fff0f09a07c43c3add71 bgra64beec0bdef8663dc9d73818a48419cb4764 bgra64le9e2def541e51bc6e77fbffbff7fa146a -gbrap 5bbed2c5c872748b38db078dbd7535fa +gbrap 08a28b79dbd19246d1a94e3466af3624 gbrp838025a3062f7f31e99196ce66961ad7 gbrp10bef63c2555ea19fc78b00fd5b3e2b48e8c gbrp10lebe64c374ab318235d912372e99a0516a diff --git a/tests/ref/fate/filter-pixfmts-fieldorder b/tests/ref/fate/filter-pixfmts-fieldorder index 6c15a71..6dac638 100644 --- a/tests/ref/fate/filter-pixfmts-fieldorder +++ b/tests/ref/fate/filter-pixfmts-fieldorder @@ -18,7 +18,7 @@ bgr8cfc405aaf0162b4edfe9b3e047c5624d bgra5967b559257dbb6784f93b9d2bef4edd bgra64be64a4ec15bc35ede2018f650b50c2429b bgra64le5029192d0f32383c9f25f8e7da7cb5a0 -gbrap 8096c8ee9ade98101348c10eb22504cb +gbrap 00afb65d44bea99c31b318fdbeb3be10 gbrp506dea2fe492e985a396d1b11ccd8db3 gbrp10be55bbfe2d472780dcbadf3027778caa0e gbrp10le13a39077ab1b2c3b49afd3e250b84a77 diff --git a/tests/ref/fate/filter-pixfmts-hflip b/tests/ref/fate/filter-pixfmts-hflip index ca152e4..561aa9f 100644 --- a/tests/ref/fate/filter-pixfmts-hflip +++ b/tests/ref/fate/filter-pixfmts-hflip @@ -18,7 +18,7 @@ bgr867fb3fd116f0c0eb36d8ed03bdfbb0a6 bgra275f05a382bcbc9bc77c06b79e1d8a71 bgra64be1cabeafe9c21a4f7ccd976220f22ee5a bgra64le1b15c01c94cf9af89273da1d1f994cff -gbrap 28e8d545a8f32a330c9368c927d97b66 +gbrap bf6a2b2f206fbbb332a718fb570d7cb7 gbrp0ecfeca171ba3a1a2ff4e92f572b71cf gbrp10be774398c2f81757a536c094f16cfc541a gbrp10lee9a6434d691be541f789f850963da181 diff --git a/tests/ref/fate/filter-pixfmts-il b/tests/ref/fate/filter-pixfmts-il index d7f2d60..7795c9b 100644 --- a/tests/ref/fate/filter-pixfmts-il +++