[SCM] libav/master: Imported Upstream version 11.4
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun May 31 17:23:50 UTC 2015
The following commit has been merged in the master branch:
commit ed24c5494765a6acae434957235bbed214502639
Author: Reinhard Tartler <siretart at tauware.de>
Date: Sun May 31 13:06:57 2015 -0400
Imported Upstream version 11.4
diff --git a/Changelog b/Changelog
index 6b8cabc..9fc1556 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,42 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+version 11.4:
+
+ - h264: Make sure reinit failures mark the context as not initialized (CVE-2015-3417)
+ - msrle: Use FFABS to determine the frame size in msrle_decode_pal4 (CVE-2015-3395)
+ - cavs: Remove an unneeded scratch buffer
+ - configure: Disable i686 for i586 and lower CPUs (debian/783082)
+ - mjpegenc: Fix JFIF header byte ordering (bug/808)
+ - nut: Make sure to clean up on read_header failure
+ - png: Set the color range as full range
+ - avi: Validate sample_size
+ - nut: Check chapter creation in decode_info_header
+ - alac: Reject rice_limit 0 if compression is used
+ - ape: Support _0000 files with nblock smaller than 64
+ - mux: Do not leave stale side data pointers in ff_interleave_add_packet()
+ - avresample: Reallocate the internal buffer to the correct size (bug/825)
+ - mpegts: Update the PSI/SI table only if the version change
+ - rtsp: Make sure we don't write too many transport entries into a fixed-size array
+ - rtpenc_jpeg: Handle case of picture dimensions not dividing by 8
+ - mov: Fix little endian audio detection
+ - x86: Put COPY3_IF_LT under HAVE_6REGS (gentoo/541930)
+ - roqvideoenc: set enc->avctx in roq_encode_init
+ - mp3: Properly use AVCodecContext API
+ - libvpx: Fix mixed use of av_malloc() and av_reallocp()
+ - Revert "lavfi: always check av_expr_parse_and_eval() return value"
+ - alsdec: only adapt order for positive max_order
+ - alsdec: check sample pointer range in revert_channel_correlation
+ - aacpsy: correct calculation of minath in psy_3gpp_init
+ - alsdec: limit avctx->bits_per_raw_sample to 32
+ - aasc: return correct buffer size from aasc_decode_frame
+ - matroskadec: fix crash when parsing invalid mkv
+ - avconv: do not overwrite the stream codec context for streamcopy
+ - webp: ensure that each transform is only used once
+ - h264_ps: properly check cropping parameters against overflow
+ - hevc: zero the correct variables on invalid crop parameters
+ - hevc: make the crop sizes unsigned
+
version 11.3:
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
diff --git a/RELEASE b/RELEASE
index 8bb4222..1c7134d 100644
--- a/RELEASE
+++ b/RELEASE
@@ -1 +1 @@
-11.3
+11.4
diff --git a/VERSION b/VERSION
index 8bb4222..1c7134d 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-11.3
+11.4
diff --git a/avconv.c b/avconv.c
index 634101a..66148c0 100644
--- a/avconv.c
+++ b/avconv.c
@@ -318,7 +318,7 @@ static void update_sample_fmt(AVCodecContext *dec, AVCodec *dec_codec,
static void write_frame(AVFormatContext *s, AVPacket *pkt, OutputStream *ost)
{
AVBitStreamFilterContext *bsfc = ost->bitstream_filters;
- AVCodecContext *avctx = ost->enc_ctx;
+ AVCodecContext *avctx = ost->encoding_needed ? ost->enc_ctx : ost->st->codec;
int ret;
/*
@@ -1703,7 +1703,7 @@ static int transcode_init(void)
if (ost->attachment_filename)
continue;
- enc_ctx = ost->enc_ctx;
+ enc_ctx = ost->stream_copy ? ost->st->codec : ost->enc_ctx;
if (ist) {
dec_ctx = ist->dec_ctx;
@@ -1962,18 +1962,19 @@ static int transcode_init(void)
if (ost->enc_ctx->bit_rate && ost->enc_ctx->bit_rate < 1000)
av_log(NULL, AV_LOG_WARNING, "The bitrate parameter is set too low."
"It takes bits/s as argument, not kbits/s\n");
+
+ ret = avcodec_copy_context(ost->st->codec, ost->enc_ctx);
+ if (ret < 0) {
+ av_log(NULL, AV_LOG_FATAL,
+ "Error initializing the output stream codec context.\n");
+ exit_program(1);
+ }
+
+ ost->st->time_base = ost->enc_ctx->time_base;
} else {
av_opt_set_dict(ost->enc_ctx, &ost->encoder_opts);
+ ost->st->time_base = ost->st->codec->time_base;
}
-
- ret = avcodec_copy_context(ost->st->codec, ost->enc_ctx);
- if (ret < 0) {
- av_log(NULL, AV_LOG_FATAL,
- "Error initializing the output stream codec context.\n");
- exit_program(1);
- }
-
- ost->st->time_base = ost->enc_ctx->time_base;
}
/* init input streams */
diff --git a/configure b/configure
index 33a7a85..dd97ddf 100755
--- a/configure
+++ b/configure
@@ -3282,6 +3282,7 @@ elif enabled x86; then
case $cpu in
i[345]86|pentium)
cpuflags="-march=$cpu"
+ disable i686
disable mmx
;;
# targets that do NOT support nopl and conditional mov (cmov)
diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c
index 66cf6d5..ee465a6 100644
--- a/libavcodec/aacpsy.c
+++ b/libavcodec/aacpsy.c
@@ -307,7 +307,7 @@ static av_cold int psy_3gpp_init(FFPsyContext *ctx) {
ctx->bitres.size = 6144 - pctx->frame_bits;
ctx->bitres.size -= ctx->bitres.size % 8;
pctx->fill_level = ctx->bitres.size;
- minath = ath(3410, ATH_ADD);
+ minath = ath(3410 - 0.733 * ATH_ADD, ATH_ADD);
for (j = 0; j < 2; j++) {
AacPsyCoeffs *coeffs = pctx->psy_coef[j];
const uint8_t *band_sizes = ctx->bands[j];
diff --git a/libavcodec/aasc.c b/libavcodec/aasc.c
index 468e394..1e457ce 100644
--- a/libavcodec/aasc.c
+++ b/libavcodec/aasc.c
@@ -97,7 +97,7 @@ static int aasc_decode_frame(AVCodecContext *avctx,
return ret;
/* report that the buffer was completely consumed */
- return buf_size;
+ return avpkt->size;
}
static av_cold int aasc_decode_end(AVCodecContext *avctx)
diff --git a/libavcodec/alac.c b/libavcodec/alac.c
index 5272f84..5c792c4 100644
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@@ -307,6 +307,12 @@ static int decode_element(AVCodecContext *avctx, AVFrame *frame, int ch_index,
int lpc_quant[2];
int rice_history_mult[2];
+ if (!alac->rice_limit) {
+ avpriv_request_sample(alac->avctx,
+ "Compression with rice limit 0");
+ return AVERROR(ENOSYS);
+ }
+
decorr_shift = get_bits(&alac->gb, 8);
decorr_left_weight = get_bits(&alac->gb, 8);
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index b1965a8..997c162 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -663,7 +663,7 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
if (!sconf->rlslms) {
- if (sconf->adapt_order) {
+ if (sconf->adapt_order && sconf->max_order) {
int opt_order_length = av_ceil_log2(av_clip((bd->block_length >> 3) - 1,
2, sconf->max_order + 1));
*bd->opt_order = get_bits(gb, opt_order_length);
@@ -1223,6 +1223,7 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
ALSChannelData *ch = cd[c];
unsigned int dep = 0;
unsigned int channels = ctx->avctx->channels;
+ unsigned int channel_size = ctx->sconf.frame_length + ctx->sconf.max_order;
if (reverted[c])
return 0;
@@ -1254,9 +1255,9 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
dep = 0;
while (!ch[dep].stop_flag) {
- unsigned int smp;
- unsigned int begin = 1;
- unsigned int end = bd->block_length - 1;
+ ptrdiff_t smp;
+ ptrdiff_t begin = 1;
+ ptrdiff_t end = bd->block_length - 1;
int64_t y;
int32_t *master = ctx->raw_samples[ch[dep].master_channel] + offset;
@@ -1270,6 +1271,15 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
end -= t;
}
+ if (FFMIN(begin - 1, begin - 1 + t) < ctx->raw_buffer - master ||
+ FFMAX(end + 1, end + 1 + t) > ctx->raw_buffer + channels * channel_size - master) {
+ av_log(ctx->avctx, AV_LOG_ERROR,
+ "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n",
+ master + FFMIN(begin - 1, begin - 1 + t), master + FFMAX(end + 1, end + 1 + t),
+ ctx->raw_buffer, ctx->raw_buffer + channels * channel_size);
+ return AVERROR_INVALIDDATA;
+ }
+
for (smp = begin; smp < end; smp++) {
y = (1 << 6) +
MUL64(ch[dep].weighting[0], master[smp - 1 ]) +
@@ -1282,6 +1292,16 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
bd->raw_samples[smp] += y >> 7;
}
} else {
+
+ if (begin - 1 < ctx->raw_buffer - master ||
+ end + 1 > ctx->raw_buffer + channels * channel_size - master) {
+ av_log(ctx->avctx, AV_LOG_ERROR,
+ "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n",
+ master + begin - 1, master + end + 1,
+ ctx->raw_buffer, ctx->raw_buffer + channels * channel_size);
+ return AVERROR_INVALIDDATA;
+ }
+
for (smp = begin; smp < end; smp++) {
y = (1 << 6) +
MUL64(ch[dep].weighting[0], master[smp - 1]) +
@@ -1641,6 +1661,12 @@ static av_cold int decode_init(AVCodecContext *avctx)
avctx->sample_fmt = sconf->resolution > 1
? AV_SAMPLE_FMT_S32 : AV_SAMPLE_FMT_S16;
avctx->bits_per_raw_sample = (sconf->resolution + 1) * 8;
+ if (avctx->bits_per_raw_sample > 32) {
+ av_log(avctx, AV_LOG_ERROR, "Bits per raw sample %d larger than 32.\n",
+ avctx->bits_per_raw_sample);
+ ret = AVERROR_INVALIDDATA;
+ goto fail;
+ }
}
// set maximum Rice parameter for progressive decoding based on resolution
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index 344c85b..131c6f3 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -614,12 +614,12 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb,
int ksummax, ksummin;
rice->ksum = 0;
- for (i = 0; i < 5; i++) {
+ for (i = 0; i < FFMIN(blockstodecode, 5); i++) {
out[i] = get_rice_ook(&ctx->gb, 10);
rice->ksum += out[i];
}
rice->k = av_log2(rice->ksum / 10) + 1;
- for (; i < 64; i++) {
+ for (; i < FFMIN(blockstodecode, 64); i++) {
out[i] = get_rice_ook(&ctx->gb, rice->k);
rice->ksum += out[i];
rice->k = av_log2(rice->ksum / ((i + 1) * 2)) + 1;
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index b439fa8..ad284da 100644
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -439,10 +439,10 @@ int ff_h264_decode_seq_parameter_set(H264Context *h)
#endif
sps->crop = get_bits1(&h->gb);
if (sps->crop) {
- int crop_left = get_ue_golomb(&h->gb);
- int crop_right = get_ue_golomb(&h->gb);
- int crop_top = get_ue_golomb(&h->gb);
- int crop_bottom = get_ue_golomb(&h->gb);
+ unsigned int crop_left = get_ue_golomb(&h->gb);
+ unsigned int crop_right = get_ue_golomb(&h->gb);
+ unsigned int crop_top = get_ue_golomb(&h->gb);
+ unsigned int crop_bottom = get_ue_golomb(&h->gb);
if (h->avctx->flags2 & CODEC_FLAG2_IGNORE_CROP) {
av_log(h->avctx, AV_LOG_DEBUG, "discarding sps cropping, original "
@@ -469,6 +469,18 @@ int ff_h264_decode_seq_parameter_set(H264Context *h)
crop_left);
}
+ if (INT_MAX / step_x <= crop_left ||
+ INT_MAX / step_x - crop_left <= crop_right ||
+ 16 * sps->mb_width <= step_x * (crop_left + crop_right) ||
+ INT_MAX / step_y <= crop_top ||
+ INT_MAX / step_y - crop_top <= crop_bottom ||
+ 16 * sps->mb_height <= step_y * (crop_top + crop_bottom)) {
+ av_log(h->avctx, AV_LOG_WARNING, "Invalid crop parameters\n");
+ if (h->avctx->err_recognition & AV_EF_EXPLODE)
+ goto fail;
+ crop_left = crop_right = crop_top = crop_bottom = 0;
+ }
+
sps->crop_left = crop_left * step_x;
sps->crop_right = crop_right * step_x;
sps->crop_top = crop_top * step_y;
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index e47a448..c2c3e9f 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1319,6 +1319,7 @@ int ff_h264_decode_slice_header(H264Context *h, H264Context *h0)
}
if (h->context_initialized && needs_reinit) {
+ h->context_initialized = 0;
if (h != h0) {
av_log(h->avctx, AV_LOG_ERROR,
"changing width %d -> %d / height %d -> %d on "
diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index 93c5125..aa84cdc 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -284,10 +284,10 @@ typedef struct RefPicListTab {
} RefPicListTab;
typedef struct HEVCWindow {
- int left_offset;
- int right_offset;
- int top_offset;
- int bottom_offset;
+ unsigned int left_offset;
+ unsigned int right_offset;
+ unsigned int top_offset;
+ unsigned int bottom_offset;
} HEVCWindow;
typedef struct VUI {
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index bc18990..db658be 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -883,10 +883,10 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
}
av_log(s->avctx, AV_LOG_WARNING,
"Displaying the whole video surface.\n");
- sps->pic_conf_win.left_offset =
- sps->pic_conf_win.right_offset =
- sps->pic_conf_win.top_offset =
- sps->pic_conf_win.bottom_offset = 0;
+ sps->output_window.left_offset =
+ sps->output_window.right_offset =
+ sps->output_window.top_offset =
+ sps->output_window.bottom_offset = 0;
sps->output_width = sps->width;
sps->output_height = sps->height;
}
diff --git a/libavcodec/libvpxenc.c b/libavcodec/libvpxenc.c
index 2c43895..0323885 100644
--- a/libavcodec/libvpxenc.c
+++ b/libavcodec/libvpxenc.c
@@ -291,7 +291,7 @@ static av_cold int vpx_init(AVCodecContext *avctx,
if (enccfg.g_pass == VPX_RC_FIRST_PASS)
enccfg.g_lag_in_frames = 0;
else if (enccfg.g_pass == VPX_RC_LAST_PASS) {
- int decode_size;
+ int decode_size, ret;
if (!avctx->stats_in) {
av_log(avctx, AV_LOG_ERROR, "No stats file for second pass\n");
@@ -299,12 +299,12 @@ static av_cold int vpx_init(AVCodecContext *avctx,
}
ctx->twopass_stats.sz = strlen(avctx->stats_in) * 3 / 4;
- ctx->twopass_stats.buf = av_malloc(ctx->twopass_stats.sz);
- if (!ctx->twopass_stats.buf) {
+ ret = av_reallocp(&ctx->twopass_stats.buf, ctx->twopass_stats.sz);
+ if (ret < 0) {
av_log(avctx, AV_LOG_ERROR,
"Stat buffer alloc (%zu bytes) failed\n",
ctx->twopass_stats.sz);
- return AVERROR(ENOMEM);
+ return ret;
}
decode_size = av_base64_decode(ctx->twopass_stats.buf, avctx->stats_in,
ctx->twopass_stats.sz);
diff --git a/libavcodec/mjpegenc_common.c b/libavcodec/mjpegenc_common.c
index adb335e..9373e4a 100644
--- a/libavcodec/mjpegenc_common.c
+++ b/libavcodec/mjpegenc_common.c
@@ -96,7 +96,10 @@ static void jpeg_put_comments(AVCodecContext *avctx, PutBitContext *p)
put_marker(p, APP0);
put_bits(p, 16, 16);
avpriv_put_string(p, "JFIF", 1); /* this puts the trailing zero-byte too */
- put_bits(p, 16, 0x0201); /* v 1.02 */
+ /* The most significant byte is used for major revisions, the least
+ * significant byte for minor revisions. Version 1.02 is the current
+ * released revision. */
+ put_bits(p, 16, 0x0102);
put_bits(p, 8, 0); /* units type: 0 - aspect ratio */
put_bits(p, 16, avctx->sample_aspect_ratio.num);
put_bits(p, 16, avctx->sample_aspect_ratio.den);
diff --git a/libavcodec/msrledec.c b/libavcodec/msrledec.c
index af2a247..370d9bd 100644
--- a/libavcodec/msrledec.c
+++ b/libavcodec/msrledec.c
@@ -39,7 +39,7 @@ static int msrle_decode_pal4(AVCodecContext *avctx, AVPicture *pic,
unsigned int pixel_ptr = 0;
int row_dec = pic->linesize[0];
int row_ptr = (avctx->height - 1) * row_dec;
- int frame_size = row_dec * avctx->height;
+ int frame_size = FFABS(row_dec) * avctx->height;
int i;
while (row_ptr >= 0) {
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index fa7f7cc..2790bf4 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -645,6 +645,8 @@ static av_cold int png_dec_init(AVCodecContext *avctx)
{
PNGDecContext *s = avctx->priv_data;
+ avctx->color_range = AVCOL_RANGE_JPEG;
+
s->prev = av_frame_alloc();
if (!s->prev)
return AVERROR(ENOMEM);
diff --git a/libavcodec/roqvideoenc.c b/libavcodec/roqvideoenc.c
index af0089f..871371b 100644
--- a/libavcodec/roqvideoenc.c
+++ b/libavcodec/roqvideoenc.c
@@ -959,6 +959,8 @@ static av_cold int roq_encode_init(AVCodecContext *avctx)
av_lfg_init(&enc->randctx, 1);
+ enc->avctx = avctx;
+
enc->framesSinceKeyframe = 0;
if ((avctx->width & 0xf) || (avctx->height & 0xf)) {
av_log(avctx, AV_LOG_ERROR, "Dimensions must be divisible by 16\n");
diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index 58f7810..62f35f7 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -1081,7 +1081,7 @@ static int vp8_lossless_decode_frame(AVCodecContext *avctx, AVFrame *p,
unsigned int data_size, int is_alpha_chunk)
{
WebPContext *s = avctx->priv_data;
- int w, h, ret, i;
+ int w, h, ret, i, used;
if (!is_alpha_chunk) {
s->lossless = 1;
@@ -1131,9 +1131,17 @@ static int vp8_lossless_decode_frame(AVCodecContext *avctx, AVFrame *p,
/* parse transformations */
s->nb_transforms = 0;
s->reduced_width = 0;
+ used = 0;
while (get_bits1(&s->gb)) {
enum TransformType transform = get_bits(&s->gb, 2);
s->transforms[s->nb_transforms++] = transform;
+ if (used & (1 << transform)) {
+ av_log(avctx, AV_LOG_ERROR, "Transform %d used more than once\n",
+ transform);
+ ret = AVERROR_INVALIDDATA;
+ goto free_and_return;
+ }
+ used |= (1 << transform);
switch (transform) {
case PREDICTOR_TRANSFORM:
ret = parse_transform_predictor(s);
diff --git a/libavcodec/x86/cavsdsp.c b/libavcodec/x86/cavsdsp.c
index b323a10..39eec4b 100644
--- a/libavcodec/x86/cavsdsp.c
+++ b/libavcodec/x86/cavsdsp.c
@@ -142,9 +142,7 @@ static void cavs_idct8_add_mmx(uint8_t *dst, int16_t *block, int stride)
DECLARE_ALIGNED(8, int16_t, b2)[64];
for(i=0; i<2; i++){
- DECLARE_ALIGNED(8, uint64_t, tmp);
-
- cavs_idct8_1d(block+4*i, ff_pw_4.a);
+ cavs_idct8_1d(block + 4 * i, ff_pw_4.a);
__asm__ volatile(
"psraw $3, %%mm7 \n\t"
@@ -155,20 +153,20 @@ static void cavs_idct8_add_mmx(uint8_t *dst, int16_t *block, int stride)
"psraw $3, %%mm2 \n\t"
"psraw $3, %%mm1 \n\t"
"psraw $3, %%mm0 \n\t"
- "movq %%mm7, %0 \n\t"
+ "movq %%mm7, (%0) \n\t"
TRANSPOSE4( %%mm0, %%mm2, %%mm4, %%mm6, %%mm7 )
- "movq %%mm0, 8(%1) \n\t"
- "movq %%mm6, 24(%1) \n\t"
- "movq %%mm7, 40(%1) \n\t"
- "movq %%mm4, 56(%1) \n\t"
- "movq %0, %%mm7 \n\t"
+ "movq %%mm0, 8(%0) \n\t"
+ "movq %%mm6, 24(%0) \n\t"
+ "movq %%mm7, 40(%0) \n\t"
+ "movq %%mm4, 56(%0) \n\t"
+ "movq (%0), %%mm7 \n\t"
TRANSPOSE4( %%mm7, %%mm5, %%mm3, %%mm1, %%mm0 )
- "movq %%mm7, (%1) \n\t"
- "movq %%mm1, 16(%1) \n\t"
- "movq %%mm0, 32(%1) \n\t"
- "movq %%mm3, 48(%1) \n\t"
- : "=m"(tmp)
- : "r"(b2+32*i)
+ "movq %%mm7, (%0) \n\t"
+ "movq %%mm1, 16(%0) \n\t"
+ "movq %%mm0, 32(%0) \n\t"
+ "movq %%mm3, 48(%0) \n\t"
+ :
+ : "r"(b2 + 32 * i)
: "memory"
);
}
diff --git a/libavcodec/x86/mathops.h b/libavcodec/x86/mathops.h
index a62094e..2c04d9d 100644
--- a/libavcodec/x86/mathops.h
+++ b/libavcodec/x86/mathops.h
@@ -23,7 +23,9 @@
#define AVCODEC_X86_MATHOPS_H
#include "config.h"
+
#include "libavutil/common.h"
+#include "libavutil/x86/asm.h"
#if HAVE_INLINE_ASM
@@ -88,6 +90,7 @@ static inline av_const int mid_pred(int a, int b, int c)
return i;
}
+#if HAVE_6REGS
#define COPY3_IF_LT(x, y, a, b, c, d)\
__asm__ volatile(\
"cmpl %0, %3 \n\t"\
@@ -97,6 +100,8 @@ __asm__ volatile(\
: "+&r" (x), "+&r" (a), "+r" (c)\
: "r" (y), "r" (b), "r" (d)\
);
+#endif /* HAVE_6REGS */
+
#endif /* HAVE_I686 */
#define MASK_ABS(mask, level) \
diff --git a/libavfilter/vf_pad.c b/libavfilter/vf_pad.c
index bacb505..634af4c 100644
--- a/libavfilter/vf_pad.c
+++ b/libavfilter/vf_pad.c
@@ -158,10 +158,9 @@ static int config_input(AVFilterLink *inlink)
var_values[VAR_VSUB] = 1<<s->vsub;
/* evaluate width and height */
- if ((ret = av_expr_parse_and_eval(&res, (expr = s->w_expr),
- var_names, var_values,
- NULL, NULL, NULL, NULL, NULL, 0, ctx)) < 0)
- goto eval_fail;
+ av_expr_parse_and_eval(&res, (expr = s->w_expr),
+ var_names, var_values,
+ NULL, NULL, NULL, NULL, NULL, 0, ctx);
s->w = var_values[VAR_OUT_W] = var_values[VAR_OW] = res;
if ((ret = av_expr_parse_and_eval(&res, (expr = s->h_expr),
var_names, var_values,
@@ -176,10 +175,9 @@ static int config_input(AVFilterLink *inlink)
s->w = var_values[VAR_OUT_W] = var_values[VAR_OW] = res;
/* evaluate x and y */
- if ((ret = av_expr_parse_and_eval(&res, (expr = s->x_expr),
- var_names, var_values,
- NULL, NULL, NULL, NULL, NULL, 0, ctx)) < 0)
- goto eval_fail;
+ av_expr_parse_and_eval(&res, (expr = s->x_expr),
+ var_names, var_values,
+ NULL, NULL, NULL, NULL, NULL, 0, ctx);
s->x = var_values[VAR_X] = res;
if ((ret = av_expr_parse_and_eval(&res, (expr = s->y_expr),
var_names, var_values,
diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c
index 2b9e7e8..73ea9d2 100644
--- a/libavfilter/vf_scale.c
+++ b/libavfilter/vf_scale.c
@@ -177,10 +177,9 @@ static int config_props(AVFilterLink *outlink)
var_values[VAR_VSUB] = 1 << desc->log2_chroma_h;
/* evaluate width and height */
- if ((ret = av_expr_parse_and_eval(&res, (expr = scale->w_expr),
- var_names, var_values,
- NULL, NULL, NULL, NULL, NULL, 0, ctx)) < 0)
- goto fail;
+ av_expr_parse_and_eval(&res, (expr = scale->w_expr),
+ var_names, var_values,
+ NULL, NULL, NULL, NULL, NULL, 0, ctx);
scale->w = var_values[VAR_OUT_W] = var_values[VAR_OW] = res;
if ((ret = av_expr_parse_and_eval(&res, (expr = scale->h_expr),
var_names, var_values,
diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index c24a6c4..54c4814 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -569,6 +569,23 @@ static int avi_read_header(AVFormatContext *s)
av_log(s, AV_LOG_ERROR, "unknown stream type %X\n", tag1);
goto fail;
}
+
+ if (ast->sample_size < 0) {
+ if (s->error_recognition & AV_EF_EXPLODE) {
+ av_log(s, AV_LOG_ERROR,
+ "Invalid sample_size %d at stream %d\n",
+ ast->sample_size,
+ stream_index);
+ goto fail;
+ }
+ av_log(s, AV_LOG_WARNING,
+ "Invalid sample_size %d at stream %d "
+ "setting it to 0\n",
+ ast->sample_size,
+ stream_index);
+ ast->sample_size = 0;
+ }
+
if (ast->sample_size == 0)
st->duration = st->nb_frames;
ast->frame_offset = ast->cum_len;
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index f384458..67df4b34 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1825,8 +1825,12 @@ static int matroska_read_header(AVFormatContext *s)
matroska->ctx = s;
/* First read the EBML header. */
- if (ebml_parse(matroska, ebml_syntax, &ebml) ||
- ebml.version > EBML_VERSION ||
+ if (ebml_parse(matroska, ebml_syntax, &ebml) || !ebml.doctype) {
+ av_log(matroska->ctx, AV_LOG_ERROR, "EBML header parsing failed\n");
+ ebml_free(ebml_syntax, &ebml);
+ return AVERROR_INVALIDDATA;
+ }
+ if (ebml.version > EBML_VERSION ||
ebml.max_size > sizeof(uint64_t) ||
ebml.id_length > sizeof(uint32_t) ||
ebml.doctype_version > 3) {
diff --git a/libavformat/mov.c b/libavformat/mov.c
index d14dc7c..60d171d 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -864,7 +864,7 @@ static int mov_read_enda(MOVContext *c, AVIOContext *pb, MOVAtom atom)
return 0;
st = c->fc->streams[c->fc->nb_streams-1];
- little_endian = avio_rb16(pb);
+ little_endian = !!avio_rb16(pb);
av_dlog(c->fc, "enda %d\n", little_endian);
if (little_endian == 1) {
switch (st->codec->codec_id) {
diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c
index bf12fdb..cba6778 100644
--- a/libavformat/mp3dec.c
+++ b/libavformat/mp3dec.c
@@ -31,6 +31,7 @@
#include "id3v1.h"
#include "replaygain.h"
+#include "libavcodec/avcodec.h"
#include "libavcodec/mpegaudiodecheader.h"
#define XING_FLAG_FRAMES 0x01
@@ -55,7 +56,10 @@ static int mp3_read_probe(AVProbeData *p)
int fsize, frames, sample_rate;
uint32_t header;
uint8_t *buf, *buf0, *buf2, *end;
- AVCodecContext avctx;
+ AVCodecContext *avctx = avcodec_alloc_context3(NULL);
+
+ if (!avctx)
+ return AVERROR(ENOMEM);
buf0 = p->buf;
end = p->buf + p->buf_size - sizeof(uint32_t);
@@ -70,7 +74,9 @@ static int mp3_read_probe(AVProbeData *p)
for(frames = 0; buf2 < end; frames++) {
header = AV_RB32(buf2);
- fsize = avpriv_mpa_decode_header(&avctx, header, &sample_rate, &sample_rate, &sample_rate, &sample_rate);
+ fsize = avpriv_mpa_decode_header(avctx, header, &sample_rate,
+ &sample_rate, &sample_rate,
+ &sample_rate);
if(fsize < 0)
break;
buf2 += fsize;
@@ -79,6 +85,7 @@ static int mp3_read_probe(AVProbeData *p)
if(buf == buf0)
first_frames= frames;
}
+ avcodec_free_context(&avctx);
// keep this in sync with ac3 probe, both need to avoid
// issues with MPEG-files!
if (first_frames >= 10)
diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index dced537..57efabd 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -73,6 +73,7 @@ typedef void SetServiceCallback (void *opaque, int ret);
typedef struct MpegTSSectionFilter {
int section_index;
int section_h_size;
+ int last_ver;
uint8_t *section_buf;
unsigned int check_crc : 1;
unsigned int end_of_section_reached : 1;
@@ -354,6 +355,8 @@ static MpegTSFilter *mpegts_open_section_filter(MpegTSContext *ts,
sec->opaque = opaque;
sec->section_buf = av_malloc(MAX_SECTION_SIZE);
sec->check_crc = check_crc;
+ sec->last_ver = -1;
+
if (!sec->section_buf) {
av_free(filter);
return NULL;
@@ -1234,6 +1237,7 @@ static void m4sl_cb(MpegTSFilter *filter, const uint8_t *section,
int section_len)
{
MpegTSContext *ts = filter->u.section_filter.opaque;
+ MpegTSSectionFilter *tssf = &filter->u.section_filter;
SectionHeader h;
const uint8_t *p, *p_end;
AVIOContext pb;
@@ -1248,6 +1252,9 @@ static void m4sl_cb(MpegTSFilter *filter, const uint8_t *section,
return;
if (h.tid != M4OD_TID)
return;
+ if (h.version == tssf->last_ver)
+ return;
+ tssf->last_ver = h.version;
mp4_read_od(s, p, (unsigned) (p_end - p), mp4_descr, &mp4_descr_count,
MAX_MP4_DESCR_COUNT);
@@ -1433,6 +1440,7 @@ int ff_parse_mpeg2_descriptor(AVFormatContext *fc, AVStream *st, int stream_type
static void pmt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len)
{
MpegTSContext *ts = filter->u.section_filter.opaque;
+ MpegTSSectionFilter *tssf = &filter->u.section_filter;
SectionHeader h1, *h = &h1;
PESContext *pes;
AVStream *st;
@@ -1452,6 +1460,9 @@ static void pmt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len
p = section;
if (parse_section_header(h, &p, p_end) < 0)
return;
+ if (h->version == tssf->last_ver)
+ return;
+ tssf->last_ver = h->version;
av_dlog(ts->stream, "sid=0x%x sec_num=%d/%d\n",
h->id, h->sec_num, h->last_sec_num);
@@ -1583,6 +1594,7 @@ out:
static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len)
{
MpegTSContext *ts = filter->u.section_filter.opaque;
+ MpegTSSectionFilter *tssf = &filter->u.section_filter;
SectionHeader h1, *h = &h1;
const uint8_t *p, *p_end;
int sid, pmt_pid;
@@ -1596,6 +1608,9 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len
return;
if (h->tid != PAT_TID)
return;
+ if (h->version == tssf->last_ver)
+ return;
+ tssf->last_ver = h->version;
clear_programs(ts);
for (;;) {
@@ -1626,6 +1641,7 @@ static void pat_cb(MpegTSFilter *filter, const uint8_t *section, int section_len
static void sdt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len)
{
MpegTSContext *ts = filter->u.section_filter.opaque;
+ MpegTSSectionFilter *tssf = &filter->u.section_filter;
SectionHeader h1, *h = &h1;
const uint8_t *p, *p_end, *desc_list_end, *desc_end;
int onid, val, sid, desc_list_len, desc_tag, desc_len, service_type;
@@ -1640,6 +1656,10 @@ static void sdt_cb(MpegTSFilter *filter, const uint8_t *section, int section_len
return;
if (h->tid != SDT_TID)
return;
+ if (h->version == tssf->last_ver)
+ return;
+ tssf->last_ver = h->version;
+
onid = get16(&p, p_end);
if (onid < 0)
return;
diff --git a/libavformat/mux.c b/libavformat/mux.c
index df4f57a..d4492d1 100644
--- a/libavformat/mux.c
+++ b/libavformat/mux.c
@@ -400,6 +400,8 @@ FF_DISABLE_DEPRECATION_WARNINGS
FF_ENABLE_DEPRECATION_WARNINGS
#endif
pkt->buf = NULL;
+ pkt->side_data = NULL;
+ pkt->side_data_elems = 0;
// Duplicate the packet if it uses non-allocated memory
if ((ret = av_dup_packet(&this_pktl->pkt)) < 0) {
av_free(this_pktl);
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 36ca754..d669733 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -482,6 +482,10 @@ static int decode_info_header(NUTContext *nut)
nut->time_base[chapter_start %
nut->time_base_count],
start, start + chapter_len, NULL);
+ if (!chapter) {
+ av_log(s, AV_LOG_ERROR, "Could not create chapter.\n");
+ return AVERROR(ENOMEM);
+ }
metadata = &chapter->metadata;
} else if (stream_id_plus1) {
st = s->streams[stream_id_plus1 - 1];
@@ -678,6 +682,20 @@ fail:
return ret;
}
+static int nut_read_close(AVFormatContext *s)
+{
+ NUTContext *nut = s->priv_data;
+ int i;
+
+ av_freep(&nut->time_base);
+ av_freep(&nut->stream);
+ ff_nut_free_sp(nut);
+ for (i = 1; i < nut->header_count; i++)
+ av_freep(&nut->header[i]);
+
+ return 0;
+}
+
static int nut_read_header(AVFormatContext *s)
{
NUTContext *nut = s->priv_data;
@@ -693,7 +711,7 @@ static int nut_read_header(AVFormatContext *s)
pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
- return AVERROR_INVALIDDATA;
+ goto fail;
}
} while (decode_main_header(nut) < 0);
@@ -703,7 +721,7 @@ static int nut_read_header(AVFormatContext *s)
pos = find_startcode(bc, STREAM_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "Not all stream headers found.\n");
- return AVERROR_INVALIDDATA;
+ goto fail;
}
if (decode_stream_header(nut) >= 0)
initialized_stream_count++;
@@ -717,7 +735,7 @@ static int nut_read_header(AVFormatContext *s)
if (startcode == 0) {
av_log(s, AV_LOG_ERROR, "EOF before video frames\n");
- return AVERROR_INVALIDDATA;
+ goto fail;
} else if (startcode == SYNCPOINT_STARTCODE) {
nut->next_startcode = startcode;
break;
@@ -740,6 +758,11 @@ static int nut_read_header(AVFormatContext *s)
ff_metadata_conv_ctx(s, NULL, ff_nut_metadata_conv);
return 0;
+
+fail:
+ nut_read_close(s);
+
+ return AVERROR_INVALIDDATA;
}
static int decode_frame_header(NUTContext *nut, int64_t *pts, int *stream_id,
@@ -1014,20 +1037,6 @@ static int read_seek(AVFormatContext *s, int stream_index,
return 0;
}
-static int nut_read_close(AVFormatContext *s)
-{
- NUTContext *nut = s->priv_data;
- int i;
-
- av_freep(&nut->time_base);
- av_freep(&nut->stream);
- ff_nut_free_sp(nut);
- for (i = 1; i < nut->header_count; i++)
- av_freep(&nut->header[i]);
-
- return 0;
-}
-
AVInputFormat ff_nut_demuxer = {
.name = "nut",
.long_name = NULL_IF_CONFIG_SMALL("NUT"),
diff --git a/libavformat/rtpenc_jpeg.c b/libavformat/rtpenc_jpeg.c
index 9d0915b..b8c880a 100644
--- a/libavformat/rtpenc_jpeg.c
+++ b/libavformat/rtpenc_jpeg.c
@@ -40,8 +40,8 @@ void ff_rtp_send_jpeg(AVFormatContext *s1, const uint8_t *buf, int size)
s->timestamp = s->cur_timestamp;
/* convert video pixel dimensions from pixels to blocks */
- w = s1->streams[0]->codec->width >> 3;
- h = s1->streams[0]->codec->height >> 3;
+ w = (s1->streams[0]->codec->width + 7) >> 3;
+ h = (s1->streams[0]->codec->height + 7) >> 3;
/* get the pixel format type or fail */
if (s1->streams[0]->codec->pix_fmt == AV_PIX_FMT_YUVJ422P ||
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 4e79bc1..3d040d3 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -927,6 +927,8 @@ static void rtsp_parse_transport(RTSPMessageHeader *reply, const char *p)
p++;
reply->nb_transports++;
+ if (reply->nb_transports >= RTSP_MAX_TRANSPORTS)
+ break;
}
}
diff --git a/libavresample/resample.c b/libavresample/resample.c
index 4553b2c..679e9e9 100644
--- a/libavresample/resample.c
+++ b/libavresample/resample.c
@@ -432,7 +432,9 @@ int ff_audio_resample(ResampleContext *c, AudioData *dst, AudioData *src)
int bps = av_get_bytes_per_sample(c->avr->internal_sample_fmt);
int i;
- ret = ff_audio_data_realloc(c->buffer, in_samples + c->padding_size);
+ ret = ff_audio_data_realloc(c->buffer,
+ FFMAX(in_samples, in_leftover) +
+ c->padding_size);
if (ret < 0) {
av_log(c->avr, AV_LOG_ERROR, "Error reallocating resampling buffer\n");
return AVERROR(ENOMEM);
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list