[FFmpeg-cvslog] lavfi: check av_strdup() return value
ffmpeg | branch: master | Paul B Mahol | Tue Jan 6 09:42:59 2015 +| [145a84717b62e086cdb5f26649ad9f1b51ef38d0] | committer: Paul B Mahol lavfi: check av_strdup() return value Signed-off-by: Paul B Mahol > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=145a84717b62e086cdb5f26649ad9f1b51ef38d0 --- libavfilter/af_amix.c |2 ++ libavfilter/af_join.c |2 ++ libavfilter/split.c |2 ++ libavfilter/src_movie.c |2 ++ 4 files changed, 8 insertions(+) diff --git a/libavfilter/af_amix.c b/libavfilter/af_amix.c index e40969f..fd9d135 100644 --- a/libavfilter/af_amix.c +++ b/libavfilter/af_amix.c @@ -496,6 +496,8 @@ static av_cold int init(AVFilterContext *ctx) snprintf(name, sizeof(name), "input%d", i); pad.type = AVMEDIA_TYPE_AUDIO; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); pad.filter_frame = filter_frame; ff_insert_inpad(ctx, i, &pad); diff --git a/libavfilter/af_join.c b/libavfilter/af_join.c index a1717c6..71a454b 100644 --- a/libavfilter/af_join.c +++ b/libavfilter/af_join.c @@ -214,6 +214,8 @@ static av_cold int join_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "input%d", i); pad.type = AVMEDIA_TYPE_AUDIO; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); pad.filter_frame = filter_frame; pad.needs_fifo = 1; diff --git a/libavfilter/split.c b/libavfilter/split.c index 6abd5ee..7353810 100644 --- a/libavfilter/split.c +++ b/libavfilter/split.c @@ -52,6 +52,8 @@ static av_cold int split_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "output%d", i); pad.type = ctx->filter->inputs[0].type; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); ff_insert_outpad(ctx, i, &pad); } diff --git a/libavfilter/src_movie.c b/libavfilter/src_movie.c index 0b97b82..908c03e 100644 --- a/libavfilter/src_movie.c +++ b/libavfilter/src_movie.c @@ -289,6 +289,8 @@ static av_cold int movie_common_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "out%d", i); pad.type = movie->st[i].st->codec->codec_type; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); pad.config_props = movie_config_output_props; pad.request_frame = movie_request_frame; ff_insert_outpad(ctx, i, &pad); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
12:48:38 2015 +0100| [6e70e4aca50696040cc9256ec96e5c31d9641432] | committer:
Michael Niedermayer
avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6e70e4aca50696040cc9256ec96e5c31d9641432
---
libavformat/matroskadec.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index bdc9c5f..95ec67c 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1080,7 +1080,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data)
for (j = 0; j < list->nb_elem;
j++, ptr += syntax[i].list_elem_size)
ebml_free(syntax[i].def.n, ptr);
-av_free(list->elem);
+av_freep(&list->elem);
} else
ebml_free(syntax[i].def.n, data_off);
default:
@@ -2137,7 +2137,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext
*matroska,
{
if (matroska->num_packets > 0) {
memcpy(pkt, matroska->packets[0], sizeof(AVPacket));
-av_free(matroska->packets[0]);
+av_freep(&matroska->packets[0]);
if (matroska->num_packets > 1) {
void *newpackets;
memmove(&matroska->packets[0], &matroska->packets[1],
@@ -2168,7 +2168,7 @@ static void matroska_clear_queue(MatroskaDemuxContext
*matroska)
int n;
for (n = 0; n < matroska->num_packets; n++) {
av_free_packet(matroska->packets[n]);
-av_free(matroska->packets[n]);
+av_freep(&matroska->packets[n]);
}
av_freep(&matroska->packets);
matroska->num_packets = 0;
@@ -3006,7 +3006,7 @@ static int matroska_read_close(AVFormatContext *s)
for (n = 0; n < matroska->tracks.nb_elem; n++)
if (tracks[n].type == MATROSKA_TRACK_TYPE_AUDIO)
-av_free(tracks[n].audio.buf);
+av_freep(&tracks[n].audio.buf);
ebml_free(matroska_cluster, &matroska->current_cluster);
ebml_free(matroska_segment, matroska);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/buffer: use av_freep() to avoid leaving stale pointers in memory
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
12:53:25 2015 +0100| [da0dadbee4e9ba7f45dc668b5da1f8c2d684d2e4] | committer:
Michael Niedermayer
avfilter/buffer: use av_freep() to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da0dadbee4e9ba7f45dc668b5da1f8c2d684d2e4
---
libavfilter/buffer.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavfilter/buffer.c b/libavfilter/buffer.c
index 0327952..43dc669 100644
--- a/libavfilter/buffer.c
+++ b/libavfilter/buffer.c
@@ -38,7 +38,7 @@ void ff_avfilter_default_free_buffer(AVFilterBuffer *ptr)
{
if (ptr->extended_data != ptr->data)
av_freep(&ptr->extended_data);
-av_free(ptr->data[0]);
+av_freep(&ptr->data[0]);
av_free(ptr);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: use av_freep() to avoid leaving stale pointers in memory
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
12:45:25 2015 +0100| [383c6a3a07b71981bd32d083496f5a4935f620f9] | committer:
Michael Niedermayer
avformat/mov: use av_freep() to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=383c6a3a07b71981bd32d083496f5a4935f620f9
---
libavformat/mov.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index e90bfd2..248faf7 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1174,7 +1174,7 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
st->codec->codec_id == AV_CODEC_ID_QDMC ||
st->codec->codec_id == AV_CODEC_ID_SPEEX) {
// pass all frma atom to codec, needed at least for QDMC and QDM2
-av_free(st->codec->extradata);
+av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size) < 0)
return AVERROR(ENOMEM);
} else if (atom.size > 8) { /* to read frma, esds atoms */
@@ -1214,7 +1214,7 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
av_log(c, AV_LOG_WARNING, "ignoring multiple glbl\n");
return 0;
}
-av_free(st->codec->extradata);
+av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size) < 0)
return AVERROR(ENOMEM);
@@ -1239,7 +1239,7 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
return 0;
avio_seek(pb, 6, SEEK_CUR);
-av_free(st->codec->extradata);
+av_freep(&st->codec->extradata);
if ((ret = ff_get_extradata(st->codec, pb, atom.size - 7)) < 0)
return ret;
@@ -1265,7 +1265,7 @@ static int mov_read_strf(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
return AVERROR_INVALIDDATA;
avio_skip(pb, 40);
-av_free(st->codec->extradata);
+av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, pb, atom.size - 40) < 0)
return AVERROR(ENOMEM);
return 0;
@@ -4154,7 +4154,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket
*pkt)
#if CONFIG_DV_DEMUXER
if (mov->dv_demux && sc->dv_audio_container) {
avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size,
pkt->pos);
-av_free(pkt->data);
+av_freep(&pkt->data);
pkt->size = 0;
ret = avpriv_dv_get_packet(mov->dv_demux, pkt);
if (ret < 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/hlsproto: Use av_freep, to avoid leaving stale pointers in memory
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
12:52:55 2015 +0100| [59ca6e2586949c252fa4b9e4562e9d8c5bf6b38c] | committer:
Michael Niedermayer
avformat/hlsproto: Use av_freep, to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59ca6e2586949c252fa4b9e4562e9d8c5bf6b38c
---
libavformat/hlsproto.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/hlsproto.c b/libavformat/hlsproto.c
index a569e92..788562a 100644
--- a/libavformat/hlsproto.c
+++ b/libavformat/hlsproto.c
@@ -80,7 +80,7 @@ static void free_segment_list(HLSContext *s)
{
int i;
for (i = 0; i < s->n_segments; i++)
-av_free(s->segments[i]);
+av_freep(&s->segments[i]);
av_freep(&s->segments);
s->n_segments = 0;
}
@@ -89,7 +89,7 @@ static void free_variant_list(HLSContext *s)
{
int i;
for (i = 0; i < s->n_variants; i++)
-av_free(s->variants[i]);
+av_freep(&s->variants[i]);
av_freep(&s->variants);
s->n_variants = 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/utils: Clear pointer in ff_alloc_extradata() to avoid leaving a stale pointer in memory
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
12:53:53 2015 +0100| [bbfca8e84b0e69abba523d665536c0135fc1c00e] | committer:
Michael Niedermayer
avformat/utils: Clear pointer in ff_alloc_extradata() to avoid leaving a stale
pointer in memory
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbfca8e84b0e69abba523d665536c0135fc1c00e
---
libavformat/utils.c |1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 63a8616..7581957 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -2843,6 +2843,7 @@ int ff_alloc_extradata(AVCodecContext *avctx, int size)
int ret;
if (size < 0 || size >= INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) {
+avctx->extradata = NULL;
avctx->extradata_size = 0;
return AVERROR(EINVAL);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] cmdutils: Use 64bit for file size/ offset related variable in cmdutils_read_file()
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
13:12:22 2015 +0100| [369b4cd4120bf67aa5187b6bc72574970a24ca22] | committer:
Michael Niedermayer
cmdutils: Use 64bit for file size/offset related variable in
cmdutils_read_file()
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=369b4cd4120bf67aa5187b6bc72574970a24ca22
---
cmdutils.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmdutils.c b/cmdutils.c
index 2b4ab9e..b35180e 100644
--- a/cmdutils.c
+++ b/cmdutils.c
@@ -1863,7 +1863,7 @@ int read_yesno(void)
int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
{
-int ret;
+int64_t ret;
FILE *f = av_fopen_utf8(filename, "rb");
if (!f) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: Clear array to prevent potential out of array read from av_dlog()
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 05:54:29 2015 +0100| [62eafb6a0dd63b67d6a1cf66150df7b27a67c21c] | committer: Michael Niedermayer avformat/mov: Clear array to prevent potential out of array read from av_dlog() Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62eafb6a0dd63b67d6a1cf66150df7b27a67c21c --- libavformat/mov.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index a157d60..e90bfd2 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -380,7 +380,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) // worst-case requirement for output string in case of utf8 coded input str_size_alloc = (raw ? str_size : str_size * 2) + 1; -str = av_malloc(str_size_alloc); +str = av_mallocz(str_size_alloc); if (!str) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/id3v2: support USLT tags
ffmpeg | branch: master | wm4 | Mon Jan 5 18:56:20
2015 +0100| [ea7af58fc6b3b867d1c98731ab0db81ec44a3576] | committer: Michael
Niedermayer
avformat/id3v2: support USLT tags
I think this turned out pretty terrible. There's no good way to add new
custom tags that write to AVFormatContext->metadata.
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea7af58fc6b3b867d1c98731ab0db81ec44a3576
---
libavformat/id3v2.c | 50 ++
1 file changed, 50 insertions(+)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 847d4af..02955ff 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -55,6 +55,7 @@ const AVMetadataConv ff_id3v2_34_metadata_conv[] = {
{ "TPUB", "publisher"},
{ "TRCK", "track"},
{ "TSSE", "encoder" },
+{ "USLT", "lyrics" },
{ 0 }
};
@@ -353,6 +354,52 @@ static void read_ttag(AVFormatContext *s, AVIOContext *pb,
int taglen,
av_dict_set(metadata, key, dst, dict_flags);
}
+static void read_uslt(AVFormatContext *s, AVIOContext *pb, int taglen,
+ AVDictionary **metadata)
+{
+uint8_t lang[4];
+uint8_t *descriptor = NULL; // 'Content descriptor'
+uint8_t *text = NULL;
+char *key = NULL;
+int encoding;
+unsigned genre;
+int ok = 0;
+
+if (taglen < 1)
+goto error;
+
+encoding = avio_r8(pb);
+taglen--;
+
+if (avio_read(pb, lang, 3) < 3)
+goto error;
+lang[3] = '\0';
+taglen -= 3;
+
+if (decode_str(s, pb, encoding, &descriptor, &taglen) < 0)
+goto error;
+
+if (decode_str(s, pb, encoding, &text, &taglen) < 0)
+goto error;
+
+// FFmpeg does not support hierarchical metadata, so concatenate the keys.
+key = av_asprintf("lyrics-%s%s%s", descriptor[0] ? (char *)descriptor : "",
+ descriptor[0] ? "-" : "",
+ lang);
+if (!key)
+goto error;
+
+av_dict_set(metadata, key, text, 0);
+
+ok = 1;
+error:
+if (!ok)
+av_log(s, AV_LOG_ERROR, "Error reading lyrics, skipped\n");
+av_free(descriptor);
+av_free(text);
+av_free(key);
+}
+
/**
* Parse GEOB tag into a ID3v2ExtraMetaGEOB struct.
*/
@@ -845,6 +892,7 @@ static void id3v2_parse(AVIOContext *pb, AVDictionary
**metadata,
avio_skip(pb, tlen);
/* check for text tag or supported special meta tag */
} else if (tag[0] == 'T' ||
+ !memcmp(tag, "USLT", 4) ||
(extra_meta &&
(extra_func = get_extra_meta_func(tag, isv34 {
pbx = pb;
@@ -910,6 +958,8 @@ static void id3v2_parse(AVIOContext *pb, AVDictionary
**metadata,
if (tag[0] == 'T')
/* parse text tag */
read_ttag(s, pbx, tlen, metadata, tag);
+else if (!memcmp(tag, "USLT", 4))
+read_uslt(s, pbx, tlen, metadata);
else
/* parse special meta tag */
extra_func->read(s, pbx, tlen, tag, extra_meta, isv34);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] cmdutils.c: Use av_realloc_array()
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
17:52:54 2015 +0100| [d2838f09d6dc788d382bb47dd6d6ef157a112ac4] | committer:
Michael Niedermayer
cmdutils.c: Use av_realloc_array()
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d2838f09d6dc788d382bb47dd6d6ef157a112ac4
---
cmdutils.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmdutils.c b/cmdutils.c
index b35180e..1361106 100644
--- a/cmdutils.c
+++ b/cmdutils.c
@@ -2060,7 +2060,7 @@ void *grow_array(void *array, int elem_size, int *size,
int new_size)
exit_program(1);
}
if (*size < new_size) {
-uint8_t *tmp = av_realloc(array, new_size*elem_size);
+uint8_t *tmp = av_realloc_array(array, new_size, elem_size);
if (!tmp) {
av_log(NULL, AV_LOG_ERROR, "Could not alloc buffer.\n");
exit_program(1);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264_slice: Clear table pointers to avoid stale pointers
ffmpeg | branch: release/2.3 | Michael Niedermayer | Sun Nov
2 01:55:40 2014 +0100| [05bc6f8ba653e979e55bfbc33c7f078031081dba] | committer:
Michael Niedermayer
avcodec/h264_slice: Clear table pointers to avoid stale pointers
Might fix Ticket3889
Signed-off-by: Michael Niedermayer
(cherry picked from commit 547fce95858ef83f8c25ae347e3ae3b8ba437fd9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05bc6f8ba653e979e55bfbc33c7f078031081dba
---
libavcodec/h264_slice.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index ded26f8..489000b 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -586,6 +586,17 @@ int ff_h264_update_thread_context(AVCodecContext *dst,
h->mb_type_pool = NULL;
h->ref_index_pool= NULL;
h->motion_val_pool = NULL;
+h->intra4x4_pred_mode= NULL;
+h->non_zero_count= NULL;
+h->slice_table_base = NULL;
+h->slice_table = NULL;
+h->cbp_table = NULL;
+h->chroma_pred_mode_table = NULL;
+memset(h->mvd_table, 0, sizeof(h->mvd_table));
+h->direct_table = NULL;
+h->list_counts = NULL;
+h->mb2b_xy = NULL;
+h->mb2br_xy = NULL;
for (i = 0; i < 2; i++) {
h->rbsp_buffer[i] = NULL;
h->rbsp_buffer_size[i] = 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavc/utils: Make pix_fmt desc pointer const.
ffmpeg | branch: release/2.3 | Carl Eugen Hoyos | Thu Oct 30
00:27:04 2014 +0100| [d4c70c8b502aa5d0ec1929785986433647f49f6b] | committer:
Michael Niedermayer
lavc/utils: Make pix_fmt desc pointer const.
Fixes an "initialization discards qualifiers from pointer target type" warning.
(cherry picked from commit f05855414ed4cce97c06ba2a31f4987af47e6d4e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4c70c8b502aa5d0ec1929785986433647f49f6b
---
libavcodec/utils.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 8919e15..85d614a 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -297,7 +297,7 @@ void avcodec_align_dimensions2(AVCodecContext *s, int
*width, int *height,
int i;
int w_align = 1;
int h_align = 1;
-AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(s->pix_fmt);
+AVPixFmtDescriptor const *desc = av_pix_fmt_desc_get(s->pix_fmt);
if (desc) {
w_align = 1 << desc->log2_chroma_w;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/options_table fix min of audio channels and sample rate
ffmpeg | branch: release/2.3 | Michael Niedermayer | Mon Nov
3 13:20:24 2014 +0100| [6ed35a66745eded0b2774aa5fe925947d2df8e95] | committer:
Michael Niedermayer
avcodec/options_table fix min of audio channels and sample rate
Found-by: Lukasz Marek
Signed-off-by: Michael Niedermayer
(cherry picked from commit 206c98f303e833c9e94427c9e3f9867f85265f78)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ed35a66745eded0b2774aa5fe925947d2df8e95
---
libavcodec/options_table.h |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/options_table.h b/libavcodec/options_table.h
index cbefa52..ca70076 100644
--- a/libavcodec/options_table.h
+++ b/libavcodec/options_table.h
@@ -102,8 +102,8 @@ static const AVOption avcodec_options[] = {
{"extradata_size", NULL, OFFSET(extradata_size), AV_OPT_TYPE_INT, {.i64 =
DEFAULT }, INT_MIN, INT_MAX},
{"time_base", NULL, OFFSET(time_base), AV_OPT_TYPE_RATIONAL, {.dbl = 0},
INT_MIN, INT_MAX},
{"g", "set the group of picture (GOP) size", OFFSET(gop_size),
AV_OPT_TYPE_INT, {.i64 = 12 }, INT_MIN, INT_MAX, V|E},
-{"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate),
AV_OPT_TYPE_INT, {.i64 = DEFAULT }, INT_MIN, INT_MAX, A|D|E},
-{"ac", "set number of audio channels", OFFSET(channels), AV_OPT_TYPE_INT,
{.i64 = DEFAULT }, INT_MIN, INT_MAX, A|D|E},
+{"ar", "set audio sampling rate (in Hz)", OFFSET(sample_rate),
AV_OPT_TYPE_INT, {.i64 = DEFAULT }, 0, INT_MAX, A|D|E},
+{"ac", "set number of audio channels", OFFSET(channels), AV_OPT_TYPE_INT,
{.i64 = DEFAULT }, 0, INT_MAX, A|D|E},
{"cutoff", "set cutoff bandwidth", OFFSET(cutoff), AV_OPT_TYPE_INT, {.i64 =
DEFAULT }, INT_MIN, INT_MAX, A|E},
{"frame_size", NULL, OFFSET(frame_size), AV_OPT_TYPE_INT, {.i64 = DEFAULT },
INT_MIN, INT_MAX, A|E},
{"frame_number", NULL, OFFSET(frame_number), AV_OPT_TYPE_INT, {.i64 = DEFAULT
}, INT_MIN, INT_MAX},
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/hlsenc: Free context after hls_append_segment
ffmpeg | branch: release/2.3 | Michael Niedermayer | Sun Nov 16 04:02:56 2014 +0100| [693d0d3ac520b5bd516b4c9165e9b04f6623d45e] | committer: Michael Niedermayer avformat/hlsenc: Free context after hls_append_segment Fixes reading uninitialized memory Signed-off-by: Michael Niedermayer (cherry picked from commit 530eb6acf8ee867bf00728bf7efaf505da107e17) Conflicts: libavformat/hlsenc.c (cherry picked from commit 0ac22f043bee2f1c4daf5e1044b014326325d929) Conflicts: libavformat/hlsenc.c > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=693d0d3ac520b5bd516b4c9165e9b04f6623d45e --- libavformat/hlsenc.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 388a23a..313fcd3 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -314,9 +314,10 @@ static int hls_write_trailer(struct AVFormatContext *s) av_write_trailer(oc); avio_closep(&oc->pb); -avformat_free_context(oc); av_free(hls->basename); append_entry(hls, hls->duration); +avformat_free_context(oc); +hls->avf = NULL; hls_window(s, 1); free_entries(hls); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegdec: Fix context fields becoming inconsistent
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Nov
25 13:53:06 2014 +0100| [6c63eb59099e7096aad3c15a1dab62afc87b] | committer:
Michael Niedermayer
avcodec/mjpegdec: Fix context fields becoming inconsistent
Fixes out of array access
Fixes:
asan_heap-oob_1ca4f85_2760_cov_19187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 0eecf40935b22644e6cd74c586057237ecfd6844)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c63eb59099e7096aad3c15a1dab62afc87b
---
libavcodec/mjpegdec.c | 20
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 37652e9..e1dff5a 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1595,6 +1595,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
}
if (id == AV_RB32("LJIF")) {
+int rgb = s->rgb;
+int pegasus_rct = s->pegasus_rct;
if (s->avctx->debug & FF_DEBUG_PICT_INFO)
av_log(s->avctx, AV_LOG_INFO,
"Pegasus lossless jpeg header found\n");
@@ -1604,17 +1606,27 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
skip_bits(&s->gb, 16); /* unknown always 0? */
switch (i=get_bits(&s->gb, 8)) {
case 1:
-s->rgb = 1;
-s->pegasus_rct = 0;
+rgb = 1;
+pegasus_rct = 0;
break;
case 2:
-s->rgb = 1;
-s->pegasus_rct = 1;
+rgb = 1;
+pegasus_rct = 1;
break;
default:
av_log(s->avctx, AV_LOG_ERROR, "unknown colorspace %d\n", i);
}
+
len -= 9;
+if (s->got_picture)
+if (rgb != s->rgb || pegasus_rct != s->pegasus_rct) {
+av_log(s->avctx, AV_LOG_WARNING, "Mismatching LJIF tag\n");
+goto out;
+}
+
+s->rgb = rgb;
+s->pegasus_rct = pegasus_rct;
+
goto out;
}
if (id == AV_RL32("colr") && len > 0) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swscale/x86/rgb2rgb_template: handle the first 2 lines with C in rgb24toyv12_*()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Nov
20 00:43:45 2014 +0100| [dca70c59317869a8ff699fcb9bd17f9c184e4903] | committer:
Michael Niedermayer
swscale/x86/rgb2rgb_template: handle the first 2 lines with C in rgb24toyv12_*()
This avoids out of array accesses
Should fix Ticket3451
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4388e78a0f022c8572996f9ab568a39b5f716f9d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dca70c59317869a8ff699fcb9bd17f9c184e4903
---
libswscale/x86/rgb2rgb_template.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/libswscale/x86/rgb2rgb_template.c
b/libswscale/x86/rgb2rgb_template.c
index 3899d0a..7796d38 100644
--- a/libswscale/x86/rgb2rgb_template.c
+++ b/libswscale/x86/rgb2rgb_template.c
@@ -1634,6 +1634,16 @@ static inline void RENAME(rgb24toyv12)(const uint8_t
*src, uint8_t *ydst, uint8_
#define BGR2V_IDX "16*4+16*34"
int y;
const x86_reg chromWidth= width>>1;
+
+if (height > 2) {
+ff_rgb24toyv12_c(src, ydst, udst, vdst, width, 2, lumStride,
chromStride, srcStride, rgb2yuv);
+src += 2*srcStride;
+ydst += 2*lumStride;
+udst += chromStride;
+vdst += chromStride;
+height -= 2;
+}
+
for (y=0; yhttp://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_ps: Check num_long_term_ref_pics_sps
ffmpeg | branch: release/2.3 | Michael Niedermayer | Fri Nov
28 03:46:56 2014 +0100| [87d0339d67669b9cca9142603c4b00ee10d833c5] | committer:
Michael Niedermayer
avcodec/hevc_ps: Check num_long_term_ref_pics_sps
Fixes out of array access
Fixes: signal_sigsegv_35bd0f0_1182_cov_791726764_STRUCT_B_Samsung_4.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit ea38e5a6b75706477898eb1e6582d667dbb9946c)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=87d0339d67669b9cca9142603c4b00ee10d833c5
---
libavcodec/hevc_ps.c |5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 357ff75..c81fb46 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -865,6 +865,11 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
sps->long_term_ref_pics_present_flag = get_bits1(gb);
if (sps->long_term_ref_pics_present_flag) {
sps->num_long_term_ref_pics_sps = get_ue_golomb_long(gb);
+if (sps->num_long_term_ref_pics_sps > 31U) {
+av_log(0, AV_LOG_ERROR, "num_long_term_ref_pics_sps %d is out of
range.\n",
+ sps->num_long_term_ref_pics_sps);
+goto err;
+}
for (i = 0; i < sps->num_long_term_ref_pics_sps; i++) {
sps->lt_ref_pic_poc_lsb_sps[i] = get_bits(gb,
sps->log2_max_poc_lsb);
sps->used_by_curr_pic_lt_sps_flag[i] = get_bits1(gb);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/rawdec: Check the return code of avpicture_get_size()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Nov 26 18:56:39 2014 +0100| [e0822b147f25e56c65b48b7717eaa68f249346eb] | committer: Michael Niedermayer avcodec/rawdec: Check the return code of avpicture_get_size() Fixes out of array access Fixes: asan_heap-oob_22388d0_3435_cov_3297128910_small_roll5_FlashCine1.cine Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1d3a3b9f8907625b361420d48fe05716859620ff) Conflicts: libavcodec/rawdec.c > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e0822b147f25e56c65b48b7717eaa68f249346eb --- libavcodec/rawdec.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c index ee1f397..04fd68f 100644 --- a/libavcodec/rawdec.c +++ b/libavcodec/rawdec.c @@ -117,6 +117,9 @@ static av_cold int raw_init_decoder(AVCodecContext *avctx) context->frame_size = avpicture_get_size(avctx->pix_fmt, avctx->width, avctx->height); } +if (context->frame_size < 0) +return context->frame_size; + if ((avctx->extradata_size >= 9 && !memcmp(avctx->extradata + avctx->extradata_size - 9, "BottomUp", 9)) || ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/flacdec: Call ff_flacdsp_init() unconditionally
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Nov 26 03:29:03 2014 +0100| [419bd6e30311ecbfa09e3e774f51819b8218bc26] | committer: Michael Niedermayer avcodec/flacdec: Call ff_flacdsp_init() unconditionally Fixes out of array access Fixes: signal_sigsegv_324b135_3398_cov_246853371_short.flac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit e5c01ccdf5a9a330d4c51a9b9ea721fd8f1fb70b) Conflicts: libavcodec/flacdec.c > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=419bd6e30311ecbfa09e3e774f51819b8218bc26 --- libavcodec/flacdec.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c index b8d45b8..614f5aa 100644 --- a/libavcodec/flacdec.c +++ b/libavcodec/flacdec.c @@ -471,10 +471,10 @@ static int decode_frame(FLACContext *s) ret = allocate_buffers(s); if (ret < 0) return ret; -ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps); s->got_streaminfo = 1; dump_headers(s->avctx, (FLACStreaminfo *)s); } +ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps); //dump_headers(s->avctx, (FLACStreaminfo *)s); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization
ffmpeg | branch: release/2.3 | Michael Niedermayer | Mon Nov 10 23:07:50 2014 +0100| [66261cfa77893cdb5b727db2a01e354ab34e933e] | committer: Michael Niedermayer avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization Fixes out of array read Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 5dcb99033df16eccc4dbbc4a099ad64457f9f090) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=66261cfa77893cdb5b727db2a01e354ab34e933e --- libavcodec/wmaprodec.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index 2f6c485..345fad8 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -422,6 +422,9 @@ static av_cold int decode_init(AVCodecContext *avctx) offset &= ~3; if (offset > s->sfb_offsets[i][band - 1]) s->sfb_offsets[i][band++] = offset; + +if (offset >= subframe_len) +break; } s->sfb_offsets[i][band - 1] = subframe_len; s->num_sfb[i] = band - 1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavu/opt: fix av_opt_get function
ffmpeg | branch: release/2.3 | Lukasz Marek | Tue
Nov 11 21:17:58 2014 +0100| [bb2c09310cbdbb1f48a1eae21f68ba8a63f4e9ba] |
committer: Michael Niedermayer
lavu/opt: fix av_opt_get function
Signed-off-by: Lukasz Marek
(cherry picked from commit 173d51c982f1ecaa8d28cd0d8611164be0c9d36d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb2c09310cbdbb1f48a1eae21f68ba8a63f4e9ba
---
libavutil/opt.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/libavutil/opt.c b/libavutil/opt.c
index 4115484..f1c7100 100644
--- a/libavutil/opt.c
+++ b/libavutil/opt.c
@@ -711,6 +711,10 @@ int av_opt_get(void *obj, const char *name, int
search_flags, uint8_t **out_val)
return AVERROR(EINVAL);
if (!(*out_val = av_malloc(len*2 + 1)))
return AVERROR(ENOMEM);
+if (!len) {
+*out_val[0] = '\0';
+return 0;
+}
bin = *(uint8_t**)dst;
for (i = 0; i < len; i++)
snprintf(*out_val + i*2, 3, "%02X", bin[i]);
@@ -726,12 +730,14 @@ int av_opt_get(void *obj, const char *name, int
search_flags, uint8_t **out_val)
break;
case AV_OPT_TYPE_DURATION:
i64 = *(int64_t *)dst;
-ret = snprintf(buf, sizeof(buf), "%"PRIi64"d:%02d:%02d.%06d",
+ret = snprintf(buf, sizeof(buf), "%"PRIi64":%02d:%02d.%06d",
i64 / 36, (int)((i64 / 6000) % 60),
(int)((i64 / 100) % 60), (int)(i64 % 100));
break;
case AV_OPT_TYPE_COLOR:
-ret = snprintf(buf, sizeof(buf), "0x%02x%02x%02x%02x", ((int
*)dst)[0], ((int *)dst)[1], ((int *)dst)[2], ((int *)dst)[3]);
+ret = snprintf(buf, sizeof(buf), "0x%02x%02x%02x%02x",
+ (int)((uint8_t *)dst)[0], (int)((uint8_t *)dst)[1],
+ (int)((uint8_t *)dst)[2], (int)((uint8_t *)dst)[3]);
break;
case AV_OPT_TYPE_CHANNEL_LAYOUT:
i64 = *(int64_t *)dst;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Nov
25 14:45:30 2014 +0100| [494d3d14dbff87dbdc1b79154deef96b96246d87] | committer:
Michael Niedermayer
avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata()
Fixes out of array read
Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3d5d95db3f5d8e2093e9e19d0c46e86f54ed2a5d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=494d3d14dbff87dbdc1b79154deef96b96246d87
---
libavcodec/utils.c |5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 85d614a..a30b6d9 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -3601,6 +3601,11 @@ int avpriv_bprint_to_extradata(AVCodecContext *avctx,
struct AVBPrint *buf)
ret = av_bprint_finalize(buf, &str);
if (ret < 0)
return ret;
+if (!av_bprint_is_complete(buf)) {
+av_free(str);
+return AVERROR(ENOMEM);
+}
+
avctx->extradata = str;
/* Note: the string is NUL terminated (so extradata can be read as a
* string), but the ending character is not accounted in the size (in
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegdec: Check for pixfmtid 0x42111100 || 0x24111100 with more than 8 bits
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Nov
25 01:14:38 2014 +0100| [142896f2d0e26dd7291ecd8c999b499a7bdd8cf4] | committer:
Michael Niedermayer
avcodec/mjpegdec: Check for pixfmtid 0x4200 || 0x2400 with more than 8
bits
These cases are not supported yet
Fixes assertion failure
Fixes: signal_sigabrt_76ac7bb9_1_cov_1553101927_00.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 0bf416f2628137e5389050fa323c329692dd4ba6)
Conflicts:
libavcodec/mjpegdec.c
(cherry picked from commit bc73ee996b08b331d5a6c41df6acdd53e8deeb5d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=142896f2d0e26dd7291ecd8c999b499a7bdd8cf4
---
libavcodec/mjpegdec.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index b29b340..37652e9 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -513,6 +513,8 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
else s->avctx->pix_fmt = AV_PIX_FMT_YUV420P16;
s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG :
AVCOL_RANGE_JPEG;
if (pix_fmt_id == 0x4200) {
+if (s->bits > 8)
+goto unk_pixfmt;
s->upscale_h = 6;
s->chroma_height = s->height / 2;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] doc/APIchanges: Fix some wrong versions
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Nov 18 11:52:17 2014 +0100| [17ff5d3f882672c039ca9c6dbc91b322f1a773bf] | committer: Michael Niedermayer doc/APIchanges: Fix some wrong versions Signed-off-by: Michael Niedermayer (cherry picked from commit 4eae568a0712b8b59cb74b3882963f938c26eab4) Conflicts: doc/APIchanges (cherry picked from commit f00c8f879ac311066001b74d3f396cf3dc1f9ad3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=17ff5d3f882672c039ca9c6dbc91b322f1a773bf --- doc/APIchanges |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/APIchanges b/doc/APIchanges index 1a9d103..2497d88 100644 --- a/doc/APIchanges +++ b/doc/APIchanges @@ -105,10 +105,10 @@ API changes, most recent first: 2014-05-11 - 14aef38 / 66e6c8a - lavu 52.83.100 / 53.14.0 - pixfmt.h Add AV_PIX_FMT_VDA for new-style VDA acceleration. -2014-05-xx - xxx - lavu 52.82.0 - fifo.h +2014-05-xx - xxx - lavu 52.82.100 - fifo.h Add av_fifo_freep() function. -2014-05-02 - ba52fb11 - lavu 52.81.0 - opt.h +2014-05-02 - ba52fb11 - lavu 52.81.100 - opt.h Add av_opt_set_dict2() function. 2014-05-01 - e77b985 / a2941c8 - lavc 55.60.103 / 55.50.3 - avcodec.h ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/pngdec: Check IHDR/IDAT order
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Nov
26 15:45:47 2014 +0100| [1bfd23d2c934db2f7fc20c1e4de5404869555991] | committer:
Michael Niedermayer
avcodec/pngdec: Check IHDR/IDAT order
Fixes out of array access
Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 79ceaf827be0b070675d4cd0a55c3386542defd8)
Conflicts:
libavcodec/pngdec.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1bfd23d2c934db2f7fc20c1e4de5404869555991
---
libavcodec/pngdec.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 8f3da77..5e62a60 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -576,6 +576,12 @@ static int decode_frame(AVCodecContext *avctx,
case MKTAG('I', 'H', 'D', 'R'):
if (length != 13)
goto fail;
+
+if (s->state & PNG_IDAT) {
+av_log(avctx, AV_LOG_ERROR, "IHDR after IDAT\n");
+goto fail;
+}
+
s->width = bytestream2_get_be32(&s->gb);
s->height = bytestream2_get_be32(&s->gb);
if (av_image_check_size(s->width, s->height, 0, avctx)) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegdec: Fix integer overflow in shift
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Nov
27 19:27:05 2014 +0100| [fac6ae0814c901c1f1b47f9bccac8cdf6bf4fb77] | committer:
Michael Niedermayer
avcodec/mjpegdec: Fix integer overflow in shift
Fixes: signal_sigabrt_76ac7bb9_2683_cov_4120310995_m_ijpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 970a8f1c256f08d2f6414d573a54f2fa035c8e7a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fac6ae0814c901c1f1b47f9bccac8cdf6bf4fb77
---
libavcodec/mjpegdec.c |5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index e1dff5a..7f6e054 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -244,7 +244,8 @@ int ff_mjpeg_decode_dht(MJpegDecodeContext *s)
int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
{
-int len, nb_components, i, width, height, bits, pix_fmt_id, ret;
+int len, nb_components, i, width, height, bits, ret;
+unsigned pix_fmt_id;
int h_count[MAX_COMPONENTS];
int v_count[MAX_COMPONENTS];
@@ -378,7 +379,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
else if (!s->lossless)
s->rgb = 0;
/* XXX: not complete test ! */
-pix_fmt_id = (s->h_count[0] << 28) | (s->v_count[0] << 24) |
+pix_fmt_id = ((unsigned)s->h_count[0] << 28) | (s->v_count[0] << 24) |
(s->h_count[1] << 20) | (s->v_count[1] << 16) |
(s->h_count[2] << 12) | (s->v_count[2] << 8) |
(s->h_count[3] << 4) | s->v_count[3];
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/aviobuf: Check that avio_seek() target is non negative
ffmpeg | branch: release/2.3 | Michael Niedermayer | Sun Dec
14 17:26:11 2014 +0100| [0e9fe8510ec3113514758ec2d4cb1afdf3d3d0dc] | committer:
Michael Niedermayer
avformat/aviobuf: Check that avio_seek() target is non negative
Fixes out of array access
Suggested-by: Andrew Scherkus
Signed-off-by: Michael Niedermayer
(cherry picked from commit ed86dbd05d61363dc1c0d33f3267e2177c985fdd)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e9fe8510ec3113514758ec2d4cb1afdf3d3d0dc
---
libavformat/aviobuf.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 8955825..baf7d60 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -220,6 +220,9 @@ int64_t avio_seek(AVIOContext *s, int64_t offset, int
whence)
return offset1;
offset += offset1;
}
+if (offset < 0)
+return AVERROR(EINVAL);
+
offset1 = offset - pos;
if (!s->must_flush && (!s->direct || !s->seek) &&
offset1 >= 0 && offset1 <= buffer_size) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/aviobuf: Fix infinite loop in ff_get_line()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec 3 19:05:56 2014 +0100| [bb70b6673f94f319cd791aadfa9d1f881a657eb5] | committer: Michael Niedermayer avformat/aviobuf: Fix infinite loop in ff_get_line() Fixes ticket4152 Signed-off-by: Michael Niedermayer (cherry picked from commit eac5c7b8377f3f0e8262ab44e5ccb2c7ed060cdd) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb70b6673f94f319cd791aadfa9d1f881a657eb5 --- libavformat/aviobuf.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c index 738459e..8955825 100644 --- a/libavformat/aviobuf.c +++ b/libavformat/aviobuf.c @@ -666,7 +666,7 @@ int ff_get_line(AVIOContext *s, char *buf, int maxlen) if (c && i < maxlen-1) buf[i++] = c; } while (c != '\n' && c != '\r' && c); -if (c == '\r' && avio_r8(s) != '\n') +if (c == '\r' && avio_r8(s) != '\n' && !url_feof(s)) avio_skip(s, -1); buf[i] = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] opusdec: make sure all substreams have the same number of coded samples
ffmpeg | branch: release/2.3 | Anton Khirnov | Mon Nov 24
11:16:46 2014 +0100| [5630d5cdc2673a6699c8e0173075be324430576b] | committer:
Michael Niedermayer
opusdec: make sure all substreams have the same number of coded samples
Fixes invalid writes with invalid multichannel streams.
CC:libav-sta...@libav.org
(cherry picked from commit 1973079417e8701b52ba810a72cb6c7c6f7f9a56)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5630d5cdc2673a6699c8e0173075be324430576b
---
libavcodec/opusdec.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
index b28edfb..3ce519d 100644
--- a/libavcodec/opusdec.c
+++ b/libavcodec/opusdec.c
@@ -499,6 +499,12 @@ static int opus_decode_packet(AVCodecContext *avctx, void
*data,
av_log(avctx, AV_LOG_ERROR, "Error parsing the packet
header.\n");
return ret;
}
+if (coded_samples != s->packet.frame_count *
s->packet.frame_duration) {
+av_log(avctx, AV_LOG_ERROR,
+ "Mismatching coded sample count in substream %d.\n", i);
+return AVERROR_INVALIDDATA;
+}
+
s->silk_samplerate = get_silk_samplerate(s->packet.config);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/matroskadec: fix handling of recursive SeekHead elements
ffmpeg | branch: release/2.3 | wm4 | Sat Dec 6
16:53:30 2014 +0100| [a6f808b36ae87cda814f08685f063ca56c8023a4] | committer:
Michael Niedermayer
avformat/matroskadec: fix handling of recursive SeekHead elements
When matroska_execute_seekhead() is called, it goes through the list of
seekhead entries and attempts to read elements not read yet. When doing
this, the parser can find further SeekHead elements, and will extend the
matroska->seekhead list. This can lead to a (practically) infinite loop
with certain broken files. (Maybe it can happen even with valid files.
The demuxer doesn't seem to check correctly whether an element has
already been read.)
Fix this by ignoring elements that were added to the seekhead field
during executing seekhead entries.
This does not fix the possible situation when multiple SeekHead elements
after the file header (i.e. occur after the "before_pos" file position)
point to the same elements. These elements will probably be parsed
multiple times, likely leading to bugs.
Fixes ticket #4162.
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6551acab6877addae815decd02aeca33ba4990c8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6f808b36ae87cda814f08685f063ca56c8023a4
---
libavformat/matroskadec.c |6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index ea0b5ab..9e5faba 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1471,13 +1471,17 @@ static void
matroska_execute_seekhead(MatroskaDemuxContext *matroska)
EbmlList *seekhead_list = &matroska->seekhead;
int64_t before_pos = avio_tell(matroska->ctx->pb);
int i;
+int nb_elem;
// we should not do any seeking in the streaming case
if (!matroska->ctx->pb->seekable ||
(matroska->ctx->flags & AVFMT_FLAG_IGNIDX))
return;
-for (i = 0; i < seekhead_list->nb_elem; i++) {
+// do not read entries that are added while parsing seekhead entries
+nb_elem = seekhead_list->nb_elem;
+
+for (i = 0; i < nb_elem; i++) {
MatroskaSeekhead *seekhead = seekhead_list->elem;
if (seekhead[i].pos <= before_pos)
continue;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/motion_est: use 2x8x8 for interlaced qpel
ffmpeg | branch: release/2.3 | Michael Niedermayer | Mon Dec
1 13:23:24 2014 +0100| [a07dfcdd6d72768696e6572f4d614d63a68f4969] | committer:
Michael Niedermayer
avcodec/motion_est: use 2x8x8 for interlaced qpel
Fixes out of array read
Fixes Ticket4121
Signed-off-by: Michael Niedermayer
(cherry picked from commit b50e003e1cb6a215df44ffa3354603bf600b4aa3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a07dfcdd6d72768696e6572f4d614d63a68f4969
---
libavcodec/motion_est.c |8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c
index 6b3cd61..6e6d3f6 100644
--- a/libavcodec/motion_est.c
+++ b/libavcodec/motion_est.c
@@ -190,7 +190,13 @@ static av_always_inline int cmp_inline(MpegEncContext *s,
const int x, const int
int uvdxy; /* no, it might not be used uninitialized */
if(dxy){
if(qpel){
-c->qpel_put[size][dxy](c->temp, ref[0] + x + y*stride,
stride); //FIXME prototype (add h)
+if (h << size == 16) {
+c->qpel_put[size][dxy](c->temp, ref[0] + x + y*stride,
stride); //FIXME prototype (add h)
+} else if (size == 0 && h == 8) {
+c->qpel_put[1][dxy](c->temp, ref[0] + x + y*stride
, stride);
+c->qpel_put[1][dxy](c->temp + 8, ref[0] + x + y*stride +
8, stride);
+} else
+av_assert2(0);
if(chroma){
int cx= hx/2;
int cy= hy/2;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/rmdec: Check codec_data_size
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec 3 20:01:18 2014 +0100| [de75b4063d19dd58f73a5b09f8f56ded48f66ed7] | committer: Michael Niedermayer avformat/rmdec: Check codec_data_size Fixes infinite loop Fixes Ticket4154 Signed-off-by: Michael Niedermayer (cherry picked from commit a6f730730b82645a9d31aad0968487cb77d6946c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de75b4063d19dd58f73a5b09f8f56ded48f66ed7 --- libavformat/rmdec.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 36764ee..11878a4 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -312,6 +312,9 @@ ff_rm_read_mdpr_codecdata (AVFormatContext *s, AVIOContext *pb, int64_t codec_pos; int ret; +if (codec_data_size < 0) +return AVERROR_INVALIDDATA; + avpriv_set_pts_info(st, 64, 1, 1000); codec_pos = avio_tell(pb); v = avio_rb32(pb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dcadec: Check that the added xch channel isnt already there
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec
17 15:33:05 2014 +0100| [c8fb53357dbf15ed8cd881c4f810cd1170b1e501] | committer:
Michael Niedermayer
avcodec/dcadec: Check that the added xch channel isnt already there
Fixes null pointer dereference
Fixes: signal_sigsegv_369609d_623_cov_2008234281_ES_6.1_16bit.dts
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7d593495e42e92693cc8f3ce9b42cf3edcea377a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c8fb53357dbf15ed8cd881c4f810cd1170b1e501
---
libavcodec/dcadec.c |4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/dcadec.c b/libavcodec/dcadec.c
index c671fcd..06fd74c 100644
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@@ -2359,6 +2359,10 @@ FF_ENABLE_DEPRECATION_WARNINGS
#else
if (s->xch_present && !s->xch_disable) {
#endif
+if (avctx->channel_layout & AV_CH_BACK_CENTER) {
+avpriv_request_sample(avctx, "XCh with Back center
channel");
+return AVERROR_INVALIDDATA;
+}
avctx->channel_layout |= AV_CH_BACK_CENTER;
if (s->lfe) {
avctx->channel_layout |= AV_CH_LOW_FREQUENCY;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/flvdec: Use av_freep() avoid leaving stale pointers in memory
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Dec
16 15:03:32 2014 +0100| [557e3790ef1ff7c7f660e9bae013216f4723fc12] | committer:
Michael Niedermayer
avformat/flvdec: Use av_freep() avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer
(cherry picked from commit 91ea466551c148bd897706a1b6a168e783761a06)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=557e3790ef1ff7c7f660e9bae013216f4723fc12
---
libavformat/flvdec.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 899a036..ee73dd7 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -620,7 +620,7 @@ static int flv_read_close(AVFormatContext *s)
static int flv_get_extradata(AVFormatContext *s, AVStream *st, int size)
{
-av_free(st->codec->extradata);
+av_freep(&st->codec->extradata);
if (ff_get_extradata(st->codec, s->pb, size) < 0)
return AVERROR(ENOMEM);
return 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swresample/soxr_resample: fix error handling
ffmpeg | branch: release/2.3 | Rob Sykes | Sat Dec 13
21:12:56 2014 +0100| [1f59cfe65bc5f7e7787ca02cec37fa6f1d6f78dc] | committer:
Michael Niedermayer
swresample/soxr_resample: fix error handling
Fixes CID1257659
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4b6f2253741f3023928e61ae5105ccd4b1c515fb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1f59cfe65bc5f7e7787ca02cec37fa6f1d6f78dc
---
libswresample/soxr_resample.c |8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libswresample/soxr_resample.c b/libswresample/soxr_resample.c
index 064451d..9e87f2f 100644
--- a/libswresample/soxr_resample.c
+++ b/libswresample/soxr_resample.c
@@ -76,8 +76,12 @@ static int process(
AudioData *src, int src_size, int *consumed){
size_t idone, odone;
soxr_error_t error = soxr_set_error((soxr_t)c,
soxr_set_num_channels((soxr_t)c, src->ch_count));
-error = soxr_process((soxr_t)c, src->ch, (size_t)src_size,
-&idone, dst->ch, (size_t)dst_size, &odone);
+if (!error)
+error = soxr_process((soxr_t)c, src->ch, (size_t)src_size,
+ &idone, dst->ch, (size_t)dst_size, &odone);
+else
+idone = 0;
+
*consumed = (int)idone;
return error? -1 : odone;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec
3 20:21:56 2014 +0100| [cedb96db37236b6a02782b7747d2c5bf1211b9be] | committer:
Michael Niedermayer
swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output
Fixes Ticket4151
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8524558858b7e14bc50afa10233e0194f591ab9d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cedb96db37236b6a02782b7747d2c5bf1211b9be
---
libswscale/x86/rgb2rgb_template.c |1 +
1 file changed, 1 insertion(+)
diff --git a/libswscale/x86/rgb2rgb_template.c
b/libswscale/x86/rgb2rgb_template.c
index 7796d38..e71c7eb 100644
--- a/libswscale/x86/rgb2rgb_template.c
+++ b/libswscale/x86/rgb2rgb_template.c
@@ -1887,6 +1887,7 @@ static void RENAME(interleaveBytes)(const uint8_t *src1,
const uint8_t *src2, ui
for (h=0; h < height; h++) {
int w;
+if (width >= 16)
#if COMPILE_TEMPLATE_SSE2
__asm__(
"xor %%"REG_a", %%"REG_a" \n\t"
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264: Clear delayed_pic on deallocation
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec
17 21:27:37 2014 +0100| [3353a00d58e26806c7e693d0a524987aac722d90] | committer:
Michael Niedermayer
avcodec/h264: Clear delayed_pic on deallocation
Fixes use of freed memory
Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski
Signed-off-by: Michael Niedermayer
(cherry picked from commit e8714f6f93d1a32f4e4655209960afcf4c185214)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3353a00d58e26806c7e693d0a524987aac722d90
---
libavcodec/h264.c |1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 297d498..ce9b799 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -392,6 +392,7 @@ void ff_h264_free_tables(H264Context *h, int free_rbsp)
if (free_rbsp && h->DPB) {
for (i = 0; i < H264_MAX_PICTURE_COUNT; i++)
ff_h264_unref_picture(h, &h->DPB[i]);
+memset(h->delayed_pic, 0, sizeof(h->delayed_pic));
av_freep(&h->DPB);
} else if (h->DPB) {
for (i = 0; i < H264_MAX_PICTURE_COUNT; i++)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/utils: Do not update programs streams from program-less streams in update_wrap_reference ()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Sun Dec
14 19:46:31 2014 +0100| [0621421ee2a36bc0abd4901f363c4c3cf05d2e4a] | committer:
Michael Niedermayer
avformat/utils: Do not update programs streams from program-less streams in
update_wrap_reference()
Fixes Ticket3686
Signed-off-by: Michael Niedermayer
(cherry picked from commit a29524bf2e197dd8d582445de0fe17f03b79f79d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0621421ee2a36bc0abd4901f363c4c3cf05d2e4a
---
libavformat/utils.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index e095d60..a4929b3 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -730,6 +730,8 @@ static int update_wrap_reference(AVFormatContext *s,
AVStream *st, int stream_in
int default_stream_index = av_find_default_stream_index(s);
if (s->streams[default_stream_index]->pts_wrap_reference ==
AV_NOPTS_VALUE) {
for (i = 0; i < s->nb_streams; i++) {
+if (av_find_program_from_stream(s, NULL, i))
+continue;
s->streams[i]->pts_wrap_reference = pts_wrap_reference;
s->streams[i]->pts_wrap_behavior = pts_wrap_behavior;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264: Check *log2_weight_denom
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Dec
18 03:16:39 2014 +0100| [730826275fcf4e4c8466f64ade029689f23702be] | committer:
Michael Niedermayer
avcodec/h264: Check *log2_weight_denom
Fixes undefined behavior
Fixes:
signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 61296d41e2de3b41304339e4631dd44c2e15f805)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=730826275fcf4e4c8466f64ade029689f23702be
---
libavcodec/h264.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index ce9b799..34e520d 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -991,6 +991,16 @@ int ff_pred_weight_table(H264Context *h)
h->luma_log2_weight_denom = get_ue_golomb(&h->gb);
if (h->sps.chroma_format_idc)
h->chroma_log2_weight_denom = get_ue_golomb(&h->gb);
+
+if (h->luma_log2_weight_denom > 7U) {
+av_log(h->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is out of
range\n", h->luma_log2_weight_denom);
+h->luma_log2_weight_denom = 0;
+}
+if (h->chroma_log2_weight_denom > 7U) {
+av_log(h->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of
range\n", h->chroma_log2_weight_denom);
+h->chroma_log2_weight_denom = 0;
+}
+
luma_def = 1 << h->luma_log2_weight_denom;
chroma_def = 1 << h->chroma_log2_weight_denom;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/indeo3: ensure offsets are non negative
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Dec
18 18:57:27 2014 +0100| [185e55279c24f0f23627308e4d8320e5fec362b5] | committer:
Michael Niedermayer
avcodec/indeo3: ensure offsets are non negative
Signed-off-by: Michael Niedermayer
(cherry picked from commit 368642361f3a589d7b0c23ea327d988edb434e3f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=185e55279c24f0f23627308e4d8320e5fec362b5
---
libavcodec/indeo3.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index 4659b18..97ca180 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -982,7 +982,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx,
AVCodecContext *avctx,
ctx->y_data_size = ends[0] - starts[0];
ctx->v_data_size = ends[1] - starts[1];
ctx->u_data_size = ends[2] - starts[2];
-if (FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 ||
+if (FFMIN3(y_offset, v_offset, u_offset) < 0 ||
+FFMAX3(y_offset, v_offset, u_offset) >= ctx->data_size - 16 ||
FFMIN3(y_offset, v_offset, u_offset) < gb.buffer - bs_hdr + 16 ||
FFMIN3(ctx->y_data_size, ctx->v_data_size, ctx->u_data_size) <= 0) {
av_log(avctx, AV_LOG_ERROR, "One of the y/u/v offsets is invalid\n");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] mmvideo: check frame dimensions
ffmpeg | branch: release/2.3 | Anton Khirnov | Sun Dec 14
21:01:59 2014 +0100| [8a01fb3729e58aab2fdc17ed6ddfa2c4efb3a54c] | committer:
Michael Niedermayer
mmvideo: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 2.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
See: 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
These should be redundant, but are backported for saftey anyway
(cherry picked from commit b0273232d8fffdc8a977ccdad460b8071a0e353c)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a01fb3729e58aab2fdc17ed6ddfa2c4efb3a54c
---
libavcodec/mmvideo.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c
index baedccd..9af35e5 100644
--- a/libavcodec/mmvideo.c
+++ b/libavcodec/mmvideo.c
@@ -61,6 +61,13 @@ static av_cold int mm_decode_init(AVCodecContext *avctx)
avctx->pix_fmt = AV_PIX_FMT_PAL8;
+if (!avctx->width || !avctx->height ||
+(avctx->width & 1) || (avctx->height & 1)) {
+av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n",
+ avctx->width, avctx->height);
+return AVERROR(EINVAL);
+}
+
s->frame = av_frame_alloc();
if (!s->frame)
return AVERROR(ENOMEM);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: strengthen some table allocations
ffmpeg | branch: release/2.3 | Clément Bœsch | Mon Nov 10 18:21:28 2014 +0100| [15601df419c6592b7c51fd53b48793d58beae12c] | committer: Michael Niedermayer avformat/mov: strengthen some table allocations (cherry picked from commit 5ab882d7283f57560c889919c35f2688253b1d9c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15601df419c6592b7c51fd53b48793d58beae12c --- libavformat/mov.c | 48 +++- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 3ffaf0b..156bbbd 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1173,14 +1173,12 @@ static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!entries) return 0; -if (entries >= UINT_MAX/sizeof(int64_t)) -return AVERROR_INVALIDDATA; if (sc->chunk_offsets) av_log(c->fc, AV_LOG_WARNING, "Duplicate STCO atom\n"); av_free(sc->chunk_offsets); sc->chunk_count = 0; -sc->chunk_offsets = av_malloc(entries * sizeof(int64_t)); +sc->chunk_offsets = av_malloc_array(entries, sizeof(*sc->chunk_offsets)); if (!sc->chunk_offsets) return AVERROR(ENOMEM); sc->chunk_count = entries; @@ -1749,13 +1747,11 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!entries) return 0; -if (entries >= UINT_MAX / sizeof(*sc->stsc_data)) -return AVERROR_INVALIDDATA; if (sc->stsc_data) av_log(c->fc, AV_LOG_WARNING, "Duplicate STSC atom\n"); av_free(sc->stsc_data); sc->stsc_count = 0; -sc->stsc_data = av_malloc(entries * sizeof(*sc->stsc_data)); +sc->stsc_data = av_malloc_array(entries, sizeof(*sc->stsc_data)); if (!sc->stsc_data) return AVERROR(ENOMEM); @@ -1787,9 +1783,11 @@ static int mov_read_stps(MOVContext *c, AVIOContext *pb, MOVAtom atom) avio_rb32(pb); // version + flags entries = avio_rb32(pb); -if (entries >= UINT_MAX / sizeof(*sc->stps_data)) -return AVERROR_INVALIDDATA; -sc->stps_data = av_malloc(entries * sizeof(*sc->stps_data)); +if (sc->stps_data) +av_log(c->fc, AV_LOG_WARNING, "Duplicate STPS atom\n"); +av_free(sc->stps_data); +sc->stps_count = 0; +sc->stps_data = av_malloc_array(entries, sizeof(*sc->stps_data)); if (!sc->stps_data) return AVERROR(ENOMEM); @@ -1831,9 +1829,11 @@ static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom) st->need_parsing = AVSTREAM_PARSE_HEADERS; return 0; } -if (entries >= UINT_MAX / sizeof(int)) -return AVERROR_INVALIDDATA; -sc->keyframes = av_malloc(entries * sizeof(int)); +if (sc->keyframes) +av_log(c->fc, AV_LOG_WARNING, "Duplicate STSS atom\n"); +av_free(sc->keyframes); +sc->keyframe_count = 0; +sc->keyframes = av_malloc_array(entries, sizeof(*sc->keyframes)); if (!sc->keyframes) return AVERROR(ENOMEM); @@ -1892,9 +1892,13 @@ static int mov_read_stsz(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!entries) return 0; -if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size) +if (entries >= (UINT_MAX - 4) / field_size) return AVERROR_INVALIDDATA; -sc->sample_sizes = av_malloc(entries * sizeof(int)); +if (sc->sample_sizes) +av_log(c->fc, AV_LOG_WARNING, "Duplicate STSZ atom\n"); +av_free(sc->sample_sizes); +sc->sample_count = 0; +sc->sample_sizes = av_malloc_array(entries, sizeof(*sc->sample_sizes)); if (!sc->sample_sizes) return AVERROR(ENOMEM); @@ -1948,11 +1952,11 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom) av_dlog(c->fc, "track[%i].stts.entries = %i\n", c->fc->nb_streams-1, entries); -if (entries >= UINT_MAX / sizeof(*sc->stts_data)) -return -1; - +if (sc->stts_data) +av_log(c->fc, AV_LOG_WARNING, "Duplicate STTS atom\n"); av_free(sc->stts_data); -sc->stts_data = av_malloc(entries * sizeof(*sc->stts_data)); +sc->stts_count = 0; +sc->stts_data = av_malloc_array(entries, sizeof(*sc->stts_data)); if (!sc->stts_data) return AVERROR(ENOMEM); @@ -2091,9 +2095,11 @@ static int mov_read_sbgp(MOVContext *c, AVIOContext *pb, MOVAtom atom) entries = avio_rb32(pb); if (!entries) return 0; -if (entries >= UINT_MAX / sizeof(*sc->rap_group)) -return AVERROR_INVALIDDATA; -sc->rap_group = av_malloc(entries * sizeof(*sc->rap_group)); +if (sc->rap_group) +av_log(c->fc, AV_LOG_WARNING, "Duplicate SBGP atom\n"); +av_free(sc->rap_group); +sc->rap_group_count = 0; +sc->rap_group = av_malloc_array(entries, sizeof(*sc->rap_group)); if (!sc->rap_group) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslo
[FFmpeg-cvslog] avformat/mov: Fix memleaks for duplicate STCO/CO64/STSC atoms
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Nov 26 18:16:15 2014 +0100| [103cf56c62a14297c0721f2c170ccd456fdd2af8] | committer: Michael Niedermayer avformat/mov: Fix memleaks for duplicate STCO/CO64/STSC atoms Also see [FFmpeg-devel] [PATCH] avformat/mov: strengthen some table allocations which contains more fixes but is unfinished Fixes: signal_sigabrt_76ac7bb9_3484_cov_183177_starfox2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 1b5d11240692025f036e945bc37968735679320a) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=103cf56c62a14297c0721f2c170ccd456fdd2af8 --- libavformat/mov.c |8 1 file changed, 8 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index 5ad4786..3ffaf0b 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -1176,6 +1176,10 @@ static int mov_read_stco(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (entries >= UINT_MAX/sizeof(int64_t)) return AVERROR_INVALIDDATA; +if (sc->chunk_offsets) +av_log(c->fc, AV_LOG_WARNING, "Duplicate STCO atom\n"); +av_free(sc->chunk_offsets); +sc->chunk_count = 0; sc->chunk_offsets = av_malloc(entries * sizeof(int64_t)); if (!sc->chunk_offsets) return AVERROR(ENOMEM); @@ -1747,6 +1751,10 @@ static int mov_read_stsc(MOVContext *c, AVIOContext *pb, MOVAtom atom) return 0; if (entries >= UINT_MAX / sizeof(*sc->stsc_data)) return AVERROR_INVALIDDATA; +if (sc->stsc_data) +av_log(c->fc, AV_LOG_WARNING, "Duplicate STSC atom\n"); +av_free(sc->stsc_data); +sc->stsc_count = 0; sc->stsc_data = av_malloc(entries * sizeof(*sc->stsc_data)); if (!sc->stsc_data) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] configure: create the tests directory like the doc directory
ffmpeg | branch: release/2.3 | Michael Niedermayer | Mon Dec 15 04:32:23 2014 +0100| [2b15ceec6247846644a7bd0f283778cff112c824] | committer: Michael Niedermayer configure: create the tests directory like the doc directory This fixes an issue where the tests directory is not created for out of tree builds before its needed Tested-by: Dave Yeo Signed-off-by: Michael Niedermayer (cherry picked from commit e631872f13b6be0583603d45a11e53319754bc8d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b15ceec6247846644a7bd0f283778cff112c824 --- configure |1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index ceaaf17..d61c6f9 100755 --- a/configure +++ b/configure @@ -5535,6 +5535,7 @@ enabled getenv || echo "#define getenv(x) NULL" >> $TMPH mkdir -p doc +mkdir -p tests echo "@c auto-generated by configure" > doc/config.texi print_config ARCH_ "$config_files" $ARCH_LIST ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_ps: Check return code from pps_range_extensions()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Nov
27 02:31:46 2014 +0100| [0c51b26729996bdf2acbf4fd34b74b4d14d92a33] | committer:
Michael Niedermayer
avcodec/hevc_ps: Check return code from pps_range_extensions()
Fixes out of array read
Fixes: asan_heap-oob_177e222_885_cov_1532528832_MERGE_D_TI_3.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9f9440bd8122cc8798139c9370db0873a24ae14b)
Conflicts:
libavcodec/hevc_ps.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0c51b26729996bdf2acbf4fd34b74b4d14d92a33
---
libavcodec/hevc_ps.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 98d987d..357ff75 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1289,7 +1289,8 @@ int ff_hevc_decode_nal_pps(HEVCContext *s)
if (sps->ptl.general_ptl.profile_idc == FF_PROFILE_HEVC_REXT &&
pps_range_extensions_flag) {
av_log(s->avctx, AV_LOG_ERROR,
"PPS extension flag is partially implemented.\n");
-pps_range_extensions(s, pps, sps);
+if ((ret = pps_range_extensions(s, pps, sps)) < 0)
+goto err;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/flvdec: do not inject dts= 0 metadata packets which failed to be parsed into a new data stream
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Jan
1 18:07:24 2015 +0100| [c9a25ff5a02a228f5f15bd203e37f505e4b79634] | committer:
Michael Niedermayer
avformat/flvdec: do not inject dts=0 metadata packets which failed to be parsed
into a new data stream
Such data streams (which then contain no other packets except the faulty one)
confuse some user applications, like VLC
Works around vlcticket 12389
Signed-off-by: Michael Niedermayer
(cherry picked from commit 322f0f5960a743cac47252d90a0f1ea7a025feff)
Conflicts:
libavformat/flvdec.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9a25ff5a02a228f5f15bd203e37f505e4b79634
---
libavformat/flvdec.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index ee73dd7..d77c06d 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -555,13 +555,13 @@ static int flv_read_metabody(AVFormatContext *s, int64_t
next_pos)
type = avio_r8(ioc);
if (type != AMF_DATA_TYPE_STRING ||
amf_get_string(ioc, buffer, sizeof(buffer)) < 0)
-return -1;
+return 2;
if (!strcmp(buffer, "onTextData"))
return 1;
if (strcmp(buffer, "onMetaData"))
-return -1;
+return 2;
// find the streams now so that amf_parse_object doesn't need to do
// the lookup every time it is called.
@@ -819,7 +819,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket
*pkt)
stream_type=FLV_STREAM_TYPE_DATA;
if (size > 13 + 1 + 4 && dts == 0) { // Header-type metadata stuff
meta_pos = avio_tell(s->pb);
-if (flv_read_metabody(s, next) == 0) {
+if (flv_read_metabody(s, next) <= 0) {
goto skip;
}
avio_seek(s->pb, meta_pos, SEEK_SET);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] doc/examples/transcoding: check encoder before using it
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Dec
4 18:58:38 2014 +0100| [4a495766d1e820264fdf5d62e8105a83853c7805] | committer:
Michael Niedermayer
doc/examples/transcoding: check encoder before using it
Fixes null pointer exception
Found-by: stoupeace
Signed-off-by: Michael Niedermayer
(cherry picked from commit bde27e1e617dfeb3c026f530f48a77f5ed8aa2ea)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a495766d1e820264fdf5d62e8105a83853c7805
---
doc/examples/transcoding.c |4
1 file changed, 4 insertions(+)
diff --git a/doc/examples/transcoding.c b/doc/examples/transcoding.c
index a8f4210..d7c4a84 100644
--- a/doc/examples/transcoding.c
+++ b/doc/examples/transcoding.c
@@ -116,6 +116,10 @@ static int open_output_file(const char *filename)
|| dec_ctx->codec_type == AVMEDIA_TYPE_AUDIO) {
/* in this example, we choose transcoding to same codec */
encoder = avcodec_find_encoder(dec_ctx->codec_id);
+if (!encoder) {
+av_log(NULL, AV_LOG_FATAL, "Neccessary encoder not found\n");
+return AVERROR_INVALIDDATA;
+}
/* In this example, we transcode to same properties (picture size,
* sample rate etc.). These properties can be changed for output
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/flvdec: Increase string array size
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Jan 1 18:15:16 2015 +0100| [0b033cd3a14bb9dc728b928c2c76e7a56c594077] | committer: Michael Niedermayer avformat/flvdec: Increase string array size Fixes parsing httphostheader of Scarlatti\,\ Pieter-Jan\ Belder\ -\ Sonata\ K113\ in\ A\ major\ -\ Alle.flv Signed-off-by: Michael Niedermayer (cherry picked from commit eb767a276bfdb9a0493bdb0b38203638230b7ccb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b033cd3a14bb9dc728b928c2c76e7a56c594077 --- libavformat/flvdec.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index d77c06d..263a703 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -390,7 +390,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream, FLVContext *flv = s->priv_data; AVIOContext *ioc; AMFDataType amf_type; -char str_val[256]; +char str_val[1024]; double num_val; num_val = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavu/frame: fix malloc error path in av_frame_copy_props()
ffmpeg | branch: release/2.3 | wm4 | Mon Dec 15 04:32:58 2014 +0100| [c3cd7b8a2904566de19a70215ceaef4cab841d44] | committer: Michael Niedermayer lavu/frame: fix malloc error path in av_frame_copy_props() The error path frees all side data, but forgets to reset the side data count. This can blow up later in av_frame_unref() and free_side_data(). Signed-off-by: Michael Niedermayer (cherry picked from commit a400edbb6d00c0211de38e4f1b4f593681db91d8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c3cd7b8a2904566de19a70215ceaef4cab841d44 --- libavutil/frame.c |1 + 1 file changed, 1 insertion(+) diff --git a/libavutil/frame.c b/libavutil/frame.c index fdfbc46..e44ce8e 100644 --- a/libavutil/frame.c +++ b/libavutil/frame.c @@ -503,6 +503,7 @@ int av_frame_copy_props(AVFrame *dst, const AVFrame *src) free_side_data(&dst->side_data[i]); } av_freep(&dst->side_data); +dst->nb_side_data = 0; return AVERROR(ENOMEM); } memcpy(sd_dst->data, sd_src->data, sd_src->size); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: fix integer overflow in mov_read_udta_string()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Jan 6 04:29:10 2015 +0100| [ffe915b6f596de5fc54eabf631b7b9b1a19aaa63] | committer: Michael Niedermayer avformat/mov: fix integer overflow in mov_read_udta_string() Found-by: Paul Mehta Signed-off-by: Michael Niedermayer (cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffe915b6f596de5fc54eabf631b7b9b1a19aaa63 --- libavformat/mov.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 3711d29..d7e5669 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -359,7 +359,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (!key) return 0; -if (atom.size < 0) +if (atom.size < 0 || str_size >= INT_MAX/2) return AVERROR_INVALIDDATA; str_size = FFMIN3(sizeof(str)-1, str_size, atom.size); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Makefile: add dependencies which require ffversion.h
ffmpeg | branch: release/2.3 | Michael Niedermayer | Sat Dec 20 04:09:01 2014 +0100| [d4c45f92497157f1284e4319dcda25177d9af5d2] | committer: Michael Niedermayer Makefile: add dependencies which require ffversion.h Without this ffversion.h could sometimes be built too late Signed-off-by: Michael Niedermayer (cherry picked from commit 4ae87554f3c8bc54db572873f5049427a7e6cb31) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4c45f92497157f1284e4319dcda25177d9af5d2 --- Makefile |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 86b3508..e83ec39 100644 --- a/Makefile +++ b/Makefile @@ -110,7 +110,7 @@ endef $(foreach P,$(PROGS),$(eval $(call DOPROG,$(P:$(PROGSSUF)$(EXESUF)= -ffprobe.o cmdutils.o : libavutil/ffversion.h +ffprobe.o cmdutils.o libavcodec/utils.o libavformat/utils.o libavdevice/avdevice.o libavfilter/avfilter.o libavutil/utils.o libpostproc/postprocess.o libswresample/swresample.o libswscale/utils.o : libavutil/ffversion.h $(PROGS): %$(PROGSSUF)$(EXESUF): %$(PROGSSUF)_g$(EXESUF) $(CP) $< $@ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: fix integer overflow of size
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Dec
16 21:29:27 2014 +0100| [dbe690b572ddad346be831a029f3d5b9239bfdf8] | committer:
Michael Niedermayer
avformat/mov: fix integer overflow of size
Fixes: case1_call_stack_overflow.mp4
Found-by: Michal Zalewski
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dbe690b572ddad346be831a029f3d5b9239bfdf8
---
libavformat/mov.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 70bc053..5ad4786 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1452,7 +1452,7 @@ static void mov_parse_stsd_audio(MOVContext *c,
AVIOContext *pb,
static void mov_parse_stsd_subtitle(MOVContext *c, AVIOContext *pb,
AVStream *st, MOVStreamContext *sc,
-int size)
+int64_t size)
{
// ttxt stsd contains display flags, justification, background
// color, fonts, and default styles, so fake an atom to read it
@@ -1517,10 +1517,10 @@ static int mov_rewrite_dvd_sub_extradata(AVStream *st)
static int mov_parse_stsd_data(MOVContext *c, AVIOContext *pb,
AVStream *st, MOVStreamContext *sc,
-int size)
+int64_t size)
{
if (st->codec->codec_tag == MKTAG('t','m','c','d')) {
-if (ff_get_extradata(st->codec, pb, size) < 0)
+if ((int)size != size || ff_get_extradata(st->codec, pb, size) < 0)
return AVERROR(ENOMEM);
if (size > 16) {
MOVStreamContext *tmcd_ctx = st->priv_data;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/h264: make the first field of H264Context an AVClass
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec
17 01:31:48 2014 +0100| [a74a0a5c0c2659ea78cb945ec04cda681be6a761] | committer:
Michael Niedermayer
avcodec/h264: make the first field of H264Context an AVClass
Fixes use of freed memory
Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit f3b5b139ad853b6f69c6a0b036815a60e7b3f261)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a74a0a5c0c2659ea78cb945ec04cda681be6a761
---
libavcodec/h264.h |1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/h264.h b/libavcodec/h264.h
index cf84e93..fd42df8 100644
--- a/libavcodec/h264.h
+++ b/libavcodec/h264.h
@@ -338,6 +338,7 @@ typedef struct H264Picture {
* H264Context
*/
typedef struct H264Context {
+AVClass *av_class;
AVCodecContext *avctx;
VideoDSPContext vdsp;
H264DSPContext h264dsp;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Add FFMPEG_VERSION into the binary libs
ffmpeg | branch: release/2.3 | Michael Niedermayer | Fri Dec
19 18:04:40 2014 +0100| [841ce9a83816199ab0ecbda76589f09677e04b08] | committer:
Michael Niedermayer
Add FFMPEG_VERSION into the binary libs
This simplifies identifying from which revision a binary of a lib came from
Signed-off-by: Michael Niedermayer
(cherry picked from commit 649c158e8c94ac0cff7f03e97d6ea8bbf71b7f02)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=841ce9a83816199ab0ecbda76589f09677e04b08
---
libavcodec/utils.c |3 +++
libavdevice/avdevice.c |3 +++
libavfilter/avfilter.c |3 +++
libavformat/utils.c|3 +++
libavutil/utils.c |3 +++
libpostproc/postprocess.c |3 +++
libswresample/swresample.c |3 +++
7 files changed, 21 insertions(+)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index a30b6d9..020524f 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -66,6 +66,9 @@
#include "compat/os2threads.h"
#endif
+#include "libavutil/ffversion.h"
+const char av_codec_ffversion[] = "FFmpeg version " FFMPEG_VERSION;
+
#if HAVE_PTHREADS || HAVE_W32THREADS || HAVE_OS2THREADS
static int default_lockmgr_cb(void **arg, enum AVLockOp op)
{
diff --git a/libavdevice/avdevice.c b/libavdevice/avdevice.c
index 6a75bd7..c391931 100644
--- a/libavdevice/avdevice.c
+++ b/libavdevice/avdevice.c
@@ -23,6 +23,9 @@
#include "avdevice.h"
#include "config.h"
+#include "libavutil/ffversion.h"
+const char av_device_ffversion[] = "FFmpeg version " FFMPEG_VERSION;
+
#define E AV_OPT_FLAG_ENCODING_PARAM
#define D AV_OPT_FLAG_DECODING_PARAM
#define A AV_OPT_FLAG_AUDIO_PARAM
diff --git a/libavfilter/avfilter.c b/libavfilter/avfilter.c
index 7e166e0..885be47 100644
--- a/libavfilter/avfilter.c
+++ b/libavfilter/avfilter.c
@@ -37,6 +37,9 @@
#include "formats.h"
#include "internal.h"
+#include "libavutil/ffversion.h"
+const char av_filter_ffversion[] = "FFmpeg version " FFMPEG_VERSION;
+
static int ff_filter_frame_framed(AVFilterLink *link, AVFrame *frame);
void ff_tlog_ref(void *ctx, AVFrame *ref, int end)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index a4929b3..c4f745c 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -53,6 +53,9 @@
#include "riff.h"
#include "url.h"
+#include "libavutil/ffversion.h"
+const char av_format_ffversion[] = "FFmpeg version " FFMPEG_VERSION;
+
/**
* @file
* various utility functions for use within FFmpeg
diff --git a/libavutil/utils.c b/libavutil/utils.c
index aafd3b9..da8b5ae 100644
--- a/libavutil/utils.c
+++ b/libavutil/utils.c
@@ -27,6 +27,9 @@
* various utility functions
*/
+#include "libavutil/ffversion.h"
+const char av_util_ffversion[] = "FFmpeg version " FFMPEG_VERSION;
+
unsigned avutil_version(void)
{
static int checks_done;
diff --git a/libpostproc/postprocess.c b/libpostproc/postprocess.c
index 37206c5..f2757ac 100644
--- a/libpostproc/postprocess.c
+++ b/libpostproc/postprocess.c
@@ -89,6 +89,9 @@ try to unroll inner for(x=0 ... loop to avoid these damn if(x
... checks
#include "postprocess_internal.h"
#include "libavutil/avstring.h"
+#include "libavutil/ffversion.h"
+const char postproc_ffversion[] = "FFmpeg version " FFMPEG_VERSION;
+
unsigned postproc_version(void)
{
av_assert0(LIBPOSTPROC_VERSION_MICRO >= 100);
diff --git a/libswresample/swresample.c b/libswresample/swresample.c
index bba628b..fa09dca 100644
--- a/libswresample/swresample.c
+++ b/libswresample/swresample.c
@@ -28,6 +28,9 @@
#define ALIGN 32
+#include "libavutil/ffversion.h"
+const char swr_ffversion[] = "FFmpeg version " FFMPEG_VERSION;
+
unsigned swresample_version(void)
{
av_assert0(LIBSWRESAMPLE_VERSION_MICRO >= 100);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/segment: Use av_freep() avoid leaving stale pointers in memory
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Dec
25 12:38:20 2014 +0100| [d071c1f0e143b248a5bf8ab85a5ab71615c5a564] | committer:
Michael Niedermayer
avformat/segment: Use av_freep() avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer
(cherry picked from commit 68fa549230af35179df2a2af2bdb84ee6c825bed)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d071c1f0e143b248a5bf8ab85a5ab71615c5a564
---
libavformat/segment.c | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/libavformat/segment.c b/libavformat/segment.c
index e73f33f..07351d6 100644
--- a/libavformat/segment.c
+++ b/libavformat/segment.c
@@ -336,7 +336,7 @@ static int segment_end(AVFormatContext *s, int
write_trailer, int is_last)
if (seg->list_size && seg->segment_count > seg->list_size) {
entry = seg->segment_list_entries;
seg->segment_list_entries = seg->segment_list_entries->next;
-av_free(entry->filename);
+av_freep(&entry->filename);
av_freep(&entry);
}
@@ -494,10 +494,10 @@ static int open_null_ctx(AVIOContext **ctx)
return 0;
}
-static void close_null_ctx(AVIOContext *pb)
+static void close_null_ctxp(AVIOContext **pb)
{
-av_free(pb->buffer);
-av_free(pb);
+av_freep(&(*pb)->buffer);
+av_freep(pb);
}
static int select_reference_stream(AVFormatContext *s)
@@ -661,7 +661,7 @@ static int seg_write_header(AVFormatContext *s)
s->avoid_negative_ts = 1;
if (!seg->write_header_trailer) {
-close_null_ctx(oc->pb);
+close_null_ctxp(&oc->pb);
if ((ret = avio_open2(&oc->pb, oc->filename, AVIO_FLAG_WRITE,
&s->interrupt_callback, NULL)) < 0)
goto fail;
@@ -787,7 +787,7 @@ static int seg_write_trailer(struct AVFormatContext *s)
goto fail;
open_null_ctx(&oc->pb);
ret = av_write_trailer(oc);
-close_null_ctx(oc->pb);
+close_null_ctxp(&oc->pb);
} else {
ret = segment_end(s, 1, 1);
}
@@ -802,7 +802,7 @@ fail:
cur = seg->segment_list_entries;
while (cur) {
next = cur->next;
-av_free(cur->filename);
+av_freep(&cur->filename);
av_free(cur);
cur = next;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] mov: Fix negative size calculation in mov_read_default().
ffmpeg | branch: release/2.3 | Dale Curtis | Mon Jan
5 16:34:17 2015 -0800| [27a910a8575879d08edaae9d8956ab6d1821044a] | committer:
Michael Niedermayer
mov: Fix negative size calculation in mov_read_default().
The previous code assumed if an atom was marked with a 64-bit
size extension, it actually had that data available. The new
code verfies there's enough data in the atom for this to be
done.
Failure to verify causes total_size > atom.size which will
result in negative size calculations later on.
Found-by: Paul Mehta
Signed-off-by: Dale Curtis
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3ebd76a9c57558e284e94da367dd23b435e6a6d0)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=27a910a8575879d08edaae9d8956ab6d1821044a
---
libavformat/mov.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index d7e5669..4f4dcc9 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3208,7 +3208,7 @@ static int mov_read_default(MOVContext *c, AVIOContext
*pb, MOVAtom atom)
}
}
total_size += 8;
-if (a.size == 1) { /* 64 bit extended size */
+if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit
extended size */
a.size = avio_rb64(pb) - 8;
total_size += 8;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vmdvideo: Check len before using it in method 3
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Dec
16 16:24:55 2014 +0100| [942806cbe41e2d25bf1d25fa97b9fe04885afb77] | committer:
Michael Niedermayer
avcodec/vmdvideo: Check len before using it in method 3
Fixes out of array access
Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3030fb7e0d41836f8add6399e9a7c7b740b48bfd)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=942806cbe41e2d25bf1d25fa97b9fe04885afb77
---
libavcodec/vmdvideo.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/vmdvideo.c b/libavcodec/vmdvideo.c
index 279c56a..42e19ae 100644
--- a/libavcodec/vmdvideo.c
+++ b/libavcodec/vmdvideo.c
@@ -339,6 +339,9 @@ static int vmd_decode(VmdVideoContext *s, AVFrame *frame)
ofs += slen;
bytestream2_skip(&gb, len);
} else {
+if (ofs + len > frame_width ||
+bytestream2_get_bytes_left(&gb) < len)
+return AVERROR_INVALIDDATA;
bytestream2_get_buffer(&gb, &dp[ofs], len);
ofs += len;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] jvdec: check frame dimensions
ffmpeg | branch: release/2.3 | Anton Khirnov | Sun Dec 14
21:01:59 2014 +0100| [b5dbe93c8bc4b2180f9723a7a68b1db5591f3168] | committer:
Michael Niedermayer
jvdec: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 8.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
See: 105654e376a736d243aef4a1d121abebce912e6b
These should be redundant, but are backported for saftey anyway
(cherry picked from commit e012cb8dea7969c7b3927dbf846ef2742cd4a7ab)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5dbe93c8bc4b2180f9723a7a68b1db5591f3168
---
libavcodec/jvdec.c |7 +++
1 file changed, 7 insertions(+)
diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index 47e8edc..9c4a8d4 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -43,6 +43,13 @@ static av_cold int decode_init(AVCodecContext *avctx)
{
JvContext *s = avctx->priv_data;
+if (!avctx->width || !avctx->height ||
+(avctx->width & 7) || (avctx->height & 7)) {
+av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n",
+ avctx->width, avctx->height);
+return AVERROR(EINVAL);
+}
+
s->frame = av_frame_alloc();
if (!s->frame)
return AVERROR(ENOMEM);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/cdxl: Fix integer overflow of image_size
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec 31 21:41:46 2014 +0100| [3ee4a610c2c07ebb0012d1216e4e88f993c1f5f4] | committer: Michael Niedermayer avformat/cdxl: Fix integer overflow of image_size Signed-off-by: Michael Niedermayer (cherry picked from commit 3eb5cbe0c50d0a0bbe10bcabbd6b16d73d93c128) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ee4a610c2c07ebb0012d1216e4e88f993c1f5f4 --- libavformat/cdxl.c |2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/cdxl.c b/libavformat/cdxl.c index ab8a846..51b9567 100644 --- a/libavformat/cdxl.c +++ b/libavformat/cdxl.c @@ -127,6 +127,8 @@ static int cdxl_read_packet(AVFormatContext *s, AVPacket *pkt) height = AV_RB16(&cdxl->header[16]); palette_size = AV_RB16(&cdxl->header[20]); audio_size = AV_RB16(&cdxl->header[22]); +if (FFALIGN(width, 16) * (uint64_t)height * cdxl->header[19] > INT_MAX) +return AVERROR_INVALIDDATA; image_size = FFALIGN(width, 16) * height * cdxl->header[19] / 8; video_size = palette_size + image_size; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utvideodec: Fix handling of slice_height=0
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Dec 16 20:45:31 2014 +0100| [7ef11e82213fb7732e746c02664e061f4318] | committer: Michael Niedermayer avcodec/utvideodec: Fix handling of slice_height=0 Fixes out of array accesses Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 3881606240953b9275a247a1c98a567f3c44890f) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ef11e82213fb7732e746c02664e061f4318 --- libavcodec/utvideodec.c |4 1 file changed, 4 insertions(+) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index 05c943f..abf550b 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -214,6 +214,8 @@ static void restore_median(uint8_t *src, int step, int stride, slice_height = slice + 1) * height) / slices) & cmask) - slice_start; +if (!slice_height) +continue; bsrc = src + slice_start * stride; // first line - left neighbour prediction @@ -269,6 +271,8 @@ static void restore_median_il(uint8_t *src, int step, int stride, slice_height = slice + 1) * height) / slices) & cmask) - slice_start; slice_height >>= 1; +if (!slice_height) +continue; bsrc = src + slice_start * stride; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/dvdsubdec: fix out of bounds accesses
ffmpeg | branch: release/2.3 | wm4 | Mon Jan 5
04:45:26 2015 +0100| [f03888b449faf2888a149cae3b340ea13c6f85fa] | committer:
Michael Niedermayer
avcodec/dvdsubdec: fix out of bounds accesses
The code blindly trusted buffer offsets read from the file in the RLE
decoder. Explicitly check the offset. Also error out on other RLE
decoding errors.
Signed-off-by: Michael Niedermayer
(cherry picked from commit c9151de7c42553bb145be608df8513c1287f1f24)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f03888b449faf2888a149cae3b340ea13c6f85fa
---
libavcodec/dvdsubdec.c | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 39b0e25..7dbaf17 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -105,6 +105,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w,
int h,
int x, y, len, color;
uint8_t *d;
+if (start >= buf_size)
+return -1;
+
bit_len = (buf_size - start) * 8;
init_get_bits(&gb, buf + start, bit_len);
@@ -356,10 +359,12 @@ static int decode_dvd_subtitles(DVDSubContext *ctx,
AVSubtitle *sub_header,
sub_header->rects[0] = av_mallocz(sizeof(AVSubtitleRect));
sub_header->num_rects = 1;
sub_header->rects[0]->pict.data[0] = bitmap;
-decode_rle(bitmap, w * 2, w, (h + 1) / 2,
- buf, offset1, buf_size, is_8bit);
-decode_rle(bitmap + w, w * 2, w, h / 2,
- buf, offset2, buf_size, is_8bit);
+if (decode_rle(bitmap, w * 2, w, (h + 1) / 2,
+ buf, offset1, buf_size, is_8bit) < 0)
+goto fail;
+if (decode_rle(bitmap + w, w * 2, w, h / 2,
+ buf, offset2, buf_size, is_8bit) < 0)
+goto fail;
sub_header->rects[0]->pict.data[1] =
av_mallocz(AVPALETTE_SIZE);
if (is_8bit) {
if (yuv_palette == 0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swscale: increase yuv2rgb table headroom
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Dec 16 22:21:21 2014 +0100| [0f77303c57457fbc7483ac3a6834233e17b167bc] | committer: Michael Niedermayer swscale: increase yuv2rgb table headroom Fixes out of array access Fixes: case2_bad_read_yuv2rgbx32.mp4 Found-by: Michal Zalewski Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f77303c57457fbc7483ac3a6834233e17b167bc --- libswscale/swscale_internal.h |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswscale/swscale_internal.h b/libswscale/swscale_internal.h index 8d2d56a..7e48a62 100644 --- a/libswscale/swscale_internal.h +++ b/libswscale/swscale_internal.h @@ -37,7 +37,7 @@ #define STR(s) AV_TOSTRING(s) // AV_STRINGIFY is too long -#define YUVRGB_TABLE_HEADROOM 128 +#define YUVRGB_TABLE_HEADROOM 256 #define MAX_FILTER_SIZE SWS_MAX_FILTER_SIZE ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/indeo3: use signed variables to avoid underflow
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec
17 03:14:21 2014 +0100| [30e7dae22c307f4468f85df42737309ced7effb2] | committer:
Michael Niedermayer
avcodec/indeo3: use signed variables to avoid underflow
Fixes out of array read
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3305acdc92fa37869f160a11a87741c8a0de0454)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30e7dae22c307f4468f85df42737309ced7effb2
---
libavcodec/indeo3.c |5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index aa9c30a..4659b18 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -94,7 +94,7 @@ typedef struct Indeo3DecodeContext {
int16_t width, height;
uint32_tframe_num; ///< current frame number (zero-based)
-uint32_tdata_size; ///< size of the frame data in bytes
+int data_size; ///< size of the frame data in bytes
uint16_tframe_flags;///< frame properties
uint8_t cb_offset; ///< needed for selecting VQ tables
uint8_t buf_sel;///< active frame buffer: 0 - primary, 1
-secondary
@@ -899,7 +899,8 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx,
AVCodecContext *avctx,
GetByteContext gb;
const uint8_t *bs_hdr;
uint32_tframe_num, word2, check_sum, data_size;
-uint32_ty_offset, u_offset, v_offset, starts[3], ends[3];
+int y_offset, u_offset, v_offset;
+uint32_tstarts[3], ends[3];
uint16_theight, width;
int i, j;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: check atom nesting depth
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Dec
16 21:14:40 2014 +0100| [6eca20aaec5c1c3a1878b389d2389026103772a7] | committer:
Michael Niedermayer
avformat/mov: check atom nesting depth
Fixes call stack overflow
Fixes: case1_call_stack_overflow.mp4
Found-by: Michal Zalewski
Signed-off-by: Michael Niedermayer
(cherry picked from commit caa7a3914f499f74b3ee346f26d598ebdc0ec210)
Conflicts:
libavformat/isom.h
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6eca20aaec5c1c3a1878b389d2389026103772a7
---
libavformat/isom.h |1 +
libavformat/mov.c | 13 -
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/libavformat/isom.h b/libavformat/isom.h
index 414b87c..ab285af 100644
--- a/libavformat/isom.h
+++ b/libavformat/isom.h
@@ -171,6 +171,7 @@ typedef struct MOVContext {
int *bitrates; ///< bitrates read before streams creation
int bitrates_count;
int moov_retry;
+int atom_depth;
} MOVContext;
int ff_mp4_read_descr_len(AVIOContext *pb);
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 9b4832f..70bc053 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -3151,6 +3151,12 @@ static int mov_read_default(MOVContext *c, AVIOContext
*pb, MOVAtom atom)
MOVAtom a;
int i;
+if (c->atom_depth > 10) {
+av_log(c->fc, AV_LOG_ERROR, "Atoms too deeply nested\n");
+return AVERROR_INVALIDDATA;
+}
+c->atom_depth ++;
+
if (atom.size < 0)
atom.size = INT64_MAX;
while (total_size + 8 <= atom.size && !url_feof(pb)) {
@@ -3180,6 +3186,7 @@ static int mov_read_default(MOVContext *c, AVIOContext
*pb, MOVAtom atom)
{
av_log(c->fc, AV_LOG_ERROR, "Broken file, trak/mdat not at
top-level\n");
avio_skip(pb, -8);
+c->atom_depth --;
return 0;
}
}
@@ -3216,13 +3223,16 @@ static int mov_read_default(MOVContext *c, AVIOContext
*pb, MOVAtom atom)
int64_t start_pos = avio_tell(pb);
int64_t left;
int err = parse(c, pb, a);
-if (err < 0)
+if (err < 0) {
+c->atom_depth --;
return err;
+}
if (c->found_moov && c->found_mdat &&
((!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX) ||
start_pos + a.size == avio_size(pb))) {
if (!pb->seekable || c->fc->flags & AVFMT_FLAG_IGNIDX)
c->next_root_atom = start_pos + a.size;
+c->atom_depth --;
return 0;
}
left = a.size - avio_tell(pb) + start_pos;
@@ -3242,6 +3252,7 @@ static int mov_read_default(MOVContext *c, AVIOContext
*pb, MOVAtom atom)
if (total_size < atom.size && atom.size < 0x7)
avio_skip(pb, atom.size - total_size);
+c->atom_depth --;
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] cmdutils: Use 64bit for file size/ offset related variable in cmdutils_read_file()
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Jan
6 13:12:22 2015 +0100| [a620c463f05a5e852d125de551d6f25646e53f4a] | committer:
Michael Niedermayer
cmdutils: Use 64bit for file size/offset related variable in
cmdutils_read_file()
Signed-off-by: Michael Niedermayer
(cherry picked from commit 369b4cd4120bf67aa5187b6bc72574970a24ca22)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a620c463f05a5e852d125de551d6f25646e53f4a
---
cmdutils.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmdutils.c b/cmdutils.c
index 67bb66e..081d37b 100644
--- a/cmdutils.c
+++ b/cmdutils.c
@@ -1857,7 +1857,7 @@ int read_yesno(void)
int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
{
-int ret;
+int64_t ret;
FILE *f = av_fopen_utf8(filename, "rb");
if (!f) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/utils: Clear pointer in ff_alloc_extradata() to avoid leaving a stale pointer in memory
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Jan
6 12:53:53 2015 +0100| [63b5cb1fb0cd3182bdc1a2a4a0b8b1193b4029b6] | committer:
Michael Niedermayer
avformat/utils: Clear pointer in ff_alloc_extradata() to avoid leaving a stale
pointer in memory
Signed-off-by: Michael Niedermayer
(cherry picked from commit bbfca8e84b0e69abba523d665536c0135fc1c00e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63b5cb1fb0cd3182bdc1a2a4a0b8b1193b4029b6
---
libavformat/utils.c |1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index c4f745c..c43050f 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -2954,6 +2954,7 @@ int ff_alloc_extradata(AVCodecContext *avctx, int size)
int ret;
if (size < 0 || size >= INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) {
+avctx->extradata = NULL;
avctx->extradata_size = 0;
return AVERROR(EINVAL);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavfi: check av_strdup() return value
ffmpeg | branch: release/2.3 | Paul B Mahol | Tue Jan 6 09:42:59 2015 +| [bbfe0f7b084e7217800e7f5e1cb34968840173f0] | committer: Michael Niedermayer lavfi: check av_strdup() return value Signed-off-by: Paul B Mahol (cherry picked from commit 145a84717b62e086cdb5f26649ad9f1b51ef38d0) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bbfe0f7b084e7217800e7f5e1cb34968840173f0 --- libavfilter/af_amix.c |2 ++ libavfilter/af_join.c |2 ++ libavfilter/split.c |2 ++ libavfilter/src_movie.c |2 ++ 4 files changed, 8 insertions(+) diff --git a/libavfilter/af_amix.c b/libavfilter/af_amix.c index 1eef70d..34f23b0 100644 --- a/libavfilter/af_amix.c +++ b/libavfilter/af_amix.c @@ -496,6 +496,8 @@ static av_cold int init(AVFilterContext *ctx) snprintf(name, sizeof(name), "input%d", i); pad.type = AVMEDIA_TYPE_AUDIO; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); pad.filter_frame = filter_frame; ff_insert_inpad(ctx, i, &pad); diff --git a/libavfilter/af_join.c b/libavfilter/af_join.c index 3e9ccc8..7d99a4c 100644 --- a/libavfilter/af_join.c +++ b/libavfilter/af_join.c @@ -214,6 +214,8 @@ static av_cold int join_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "input%d", i); pad.type = AVMEDIA_TYPE_AUDIO; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); pad.filter_frame = filter_frame; pad.needs_fifo = 1; diff --git a/libavfilter/split.c b/libavfilter/split.c index 6abd5ee..7353810 100644 --- a/libavfilter/split.c +++ b/libavfilter/split.c @@ -52,6 +52,8 @@ static av_cold int split_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "output%d", i); pad.type = ctx->filter->inputs[0].type; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); ff_insert_outpad(ctx, i, &pad); } diff --git a/libavfilter/src_movie.c b/libavfilter/src_movie.c index bcc8e05..b7b1ec7 100644 --- a/libavfilter/src_movie.c +++ b/libavfilter/src_movie.c @@ -292,6 +292,8 @@ static av_cold int movie_common_init(AVFilterContext *ctx) snprintf(name, sizeof(name), "out%d", i); pad.type = movie->st[i].st->codec->codec_type; pad.name = av_strdup(name); +if (!pad.name) +return AVERROR(ENOMEM); pad.config_props = movie_config_output_props; pad.request_frame = movie_request_frame; ff_insert_outpad(ctx, i, &pad); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/utvideodec: fix assumtation that slice_height >= 1
ffmpeg | branch: release/2.3 | Michael Niedermayer | Mon Nov 10 19:44:20 2014 +0100| [b89b136c001b2bacab01c8778b3b1231f2a07849] | committer: Michael Niedermayer avcodec/utvideodec: fix assumtation that slice_height >= 1 Fixes out of array read Fixes: asan_heap-oob_2573085_3783_utvideo_rgba_median.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 7656c4c6e66f8a787d384f027ad824cc1677fda1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b89b136c001b2bacab01c8778b3b1231f2a07849 --- libavcodec/utvideodec.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/utvideodec.c b/libavcodec/utvideodec.c index afd56ea..05c943f 100644 --- a/libavcodec/utvideodec.c +++ b/libavcodec/utvideodec.c @@ -224,7 +224,7 @@ static void restore_median(uint8_t *src, int step, int stride, A= bsrc[i]; } bsrc += stride; -if (slice_height == 1) +if (slice_height <= 1) continue; // second line - first element has top prediction, the rest uses median C= bsrc[-stride]; @@ -284,7 +284,7 @@ static void restore_median_il(uint8_t *src, int step, int stride, A = bsrc[stride + i]; } bsrc += stride2; -if (slice_height == 1) +if (slice_height <= 1) continue; // second line - first element has top prediction, the rest uses median C= bsrc[-stride2]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc: clear filter_slice_edges() on allocation
ffmpeg | branch: release/2.3 | Michael Niedermayer | Wed Dec 17 19:42:57 2014 +0100| [b052ea0f5b62341861d9faea0d440f133790a89f] | committer: Michael Niedermayer avcodec/hevc: clear filter_slice_edges() on allocation This avoids use of uninitialized memory Fixes: asan_static-oob_17aa046_582_cov_212287884_DBLK_G_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 8aa8d12554868c32436750f881954193087219c8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b052ea0f5b62341861d9faea0d440f133790a89f --- libavcodec/hevc.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 3fb8a8a..d88bca8 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -108,7 +108,7 @@ static int pic_arrays_init(HEVCContext *s, const HEVCSPS *sps) if (!s->tab_ipm || !s->cbf_luma || !s->is_pcm) goto fail; -s->filter_slice_edges = av_malloc(ctb_count); +s->filter_slice_edges = av_mallocz(ctb_count); s->tab_slice_address = av_malloc_array(pic_size_in_ctb, sizeof(*s->tab_slice_address)); s->qp_y_tab = av_malloc_array(pic_size_in_ctb, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/hevc_ps: Check diff_cu_qp_delta_depth
ffmpeg | branch: release/2.3 | Michael Niedermayer | Thu Dec
18 02:09:23 2014 +0100| [afd7fac3f19de0c3fd4ed8aa78026ae4c6189cb7] | committer:
Michael Niedermayer
avcodec/hevc_ps: Check diff_cu_qp_delta_depth
Fixes undefined behavior
Fixes: asan_static-oob_17aa046_582_cov_1577759978_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3281fa892599d71b4dc298a426af8296419cd90e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afd7fac3f19de0c3fd4ed8aa78026ae4c6189cb7
---
libavcodec/hevc_ps.c |8
1 file changed, 8 insertions(+)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index c81fb46..40b8b74 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1169,6 +1169,14 @@ int ff_hevc_decode_nal_pps(HEVCContext *s)
if (pps->cu_qp_delta_enabled_flag)
pps->diff_cu_qp_delta_depth = get_ue_golomb_long(gb);
+if (pps->diff_cu_qp_delta_depth < 0 ||
+pps->diff_cu_qp_delta_depth >
sps->log2_diff_max_min_coding_block_size) {
+av_log(s->avctx, AV_LOG_ERROR, "diff_cu_qp_delta_depth %d is
invalid\n",
+ pps->diff_cu_qp_delta_depth);
+ret = AVERROR_INVALIDDATA;
+goto err;
+}
+
pps->cb_qp_offset = get_se_golomb(gb);
if (pps->cb_qp_offset < -12 || pps->cb_qp_offset > 12) {
av_log(s->avctx, AV_LOG_ERROR, "pps_cb_qp_offset out of range: %d\n",
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/vf_sab: fix filtering tiny images
ffmpeg | branch: release/2.3 | Michael Niedermayer | Sun Jan
4 01:03:26 2015 +0100| [11c0531099da3185d0f03c4230018ac623f226ca] | committer:
Michael Niedermayer
avfilter/vf_sab: fix filtering tiny images
Fixes out of array reads
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9bff052b51f27f6cce04e8d7d8b405c710d7ad67)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=11c0531099da3185d0f03c4230018ac623f226ca
---
libavfilter/vf_sab.c | 22 --
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/libavfilter/vf_sab.c b/libavfilter/vf_sab.c
index aa38b53..b8af27c 100644
--- a/libavfilter/vf_sab.c
+++ b/libavfilter/vf_sab.c
@@ -220,6 +220,19 @@ static int config_props(AVFilterLink *inlink)
#define NB_PLANES 4
+static inline int mirror(int x, int w)
+{
+if (!w)
+return 0;
+
+while ((unsigned)x > (unsigned)w) {
+x = -x;
+if (x < 0)
+x += 2 * w;
+}
+return x;
+}
+
static void blur(uint8_t *dst, const int dst_linesize,
const uint8_t *src, const int src_linesize,
const int w, const int h, FilterParam *fp)
@@ -253,8 +266,7 @@ static void blur(uint8_t *dst, const int dst_linesize,
for (dy = 0; dy < radius*2 + 1; dy++) {
int dx;
int iy = y+dy - radius;
-if (iy < 0) iy = -iy;
-else if (iy >= h) iy = h+h-iy-1;
+iy = mirror(iy, h-1);
for (dx = 0; dx < radius*2 + 1; dx++) {
const int ix = x+dx - radius;
@@ -265,13 +277,11 @@ static void blur(uint8_t *dst, const int
dst_linesize,
for (dy = 0; dy < radius*2+1; dy++) {
int dx;
int iy = y+dy - radius;
-if (iy < 0) iy = -iy;
-else if (iy >= h) iy = h+h-iy-1;
+iy = mirror(iy, h-1);
for (dx = 0; dx < radius*2 + 1; dx++) {
int ix = x+dx - radius;
-if (ix < 0) ix = -ix;
-else if (ix >= w) ix = w+w-ix-1;
+ix = mirror(ix, w-1);
UPDATE_FACTOR;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] mov: Avoid overflow with mov_metadata_raw()
ffmpeg | branch: release/2.3 | Dale Curtis | Mon Jan
5 16:19:09 2015 -0800| [22558d6f6e8652d362add0c5c195964c5e65cfd2] | committer:
Michael Niedermayer
mov: Avoid overflow with mov_metadata_raw()
The code previously added 1 to len without checking its size,
resulting in an overflow which can corrupt value[-1] -- which
may be used to store unaligned ptr information for certain
allocators.
Found-by: Paul Mehta
Signed-off-by: Dale Curtis
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22558d6f6e8652d362add0c5c195964c5e65cfd2
---
libavformat/mov.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 156bbbd..3711d29 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -214,6 +214,9 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb,
int type, int len)
static int mov_metadata_raw(MOVContext *c, AVIOContext *pb,
unsigned len, const char *key)
{
+// Check for overflow.
+if (len >= INT_MAX)
+return AVERROR(EINVAL);
char *value = av_malloc(len + 1);
if (!value)
return AVERROR(ENOMEM);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Jan
6 12:48:38 2015 +0100| [7959b9a0f3f9dad15db480417ccfde7d37019b4b] | committer:
Michael Niedermayer
avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6e70e4aca50696040cc9256ec96e5c31d9641432)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7959b9a0f3f9dad15db480417ccfde7d37019b4b
---
libavformat/matroskadec.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 9e5faba..ac7d0ea 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1078,7 +1078,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data)
for (j = 0; j < list->nb_elem;
j++, ptr += syntax[i].list_elem_size)
ebml_free(syntax[i].def.n, ptr);
-av_free(list->elem);
+av_freep(&list->elem);
} else
ebml_free(syntax[i].def.n, data_off);
default:
@@ -2189,7 +2189,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext
*matroska,
{
if (matroska->num_packets > 0) {
memcpy(pkt, matroska->packets[0], sizeof(AVPacket));
-av_free(matroska->packets[0]);
+av_freep(&matroska->packets[0]);
if (matroska->num_packets > 1) {
void *newpackets;
memmove(&matroska->packets[0], &matroska->packets[1],
@@ -2220,7 +2220,7 @@ static void matroska_clear_queue(MatroskaDemuxContext
*matroska)
int n;
for (n = 0; n < matroska->num_packets; n++) {
av_free_packet(matroska->packets[n]);
-av_free(matroska->packets[n]);
+av_freep(&matroska->packets[n]);
}
av_freep(&matroska->packets);
matroska->num_packets = 0;
@@ -3068,7 +3068,7 @@ static int matroska_read_close(AVFormatContext *s)
for (n = 0; n < matroska->tracks.nb_elem; n++)
if (tracks[n].type == MATROSKA_TRACK_TYPE_AUDIO)
-av_free(tracks[n].audio.buf);
+av_freep(&tracks[n].audio.buf);
ebml_free(matroska_cluster, &matroska->current_cluster);
ebml_free(matroska_segment, matroska);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: Fix mixed declaration and statement warning
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Jan
6 19:51:38 2015 +0100| [db27f50e0658e91758e8a17fdcf390e6bc93c1d2] | committer:
Michael Niedermayer
avformat/mov: Fix mixed declaration and statement warning
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db27f50e0658e91758e8a17fdcf390e6bc93c1d2
---
libavformat/mov.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 4f4dcc9..f57568a 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -214,10 +214,11 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb,
int type, int len)
static int mov_metadata_raw(MOVContext *c, AVIOContext *pb,
unsigned len, const char *key)
{
+char *value;
// Check for overflow.
if (len >= INT_MAX)
return AVERROR(EINVAL);
-char *value = av_malloc(len + 1);
+value = av_malloc(len + 1);
if (!value)
return AVERROR(ENOMEM);
avio_read(pb, value, len);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Update for 2.3.6
ffmpeg | branch: release/2.3 | Michael Niedermayer | Tue Jan 6 19:37:09 2015 +0100| [8327bef1c920c6e2ad654e239f3b746dca20cd89] | committer: Michael Niedermayer Update for 2.3.6 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8327bef1c920c6e2ad654e239f3b746dca20cd89 --- RELEASE |2 +- doc/Doxyfile |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE b/RELEASE index cc6c9a4..e75da3e 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.3.5 +2.3.6 diff --git a/doc/Doxyfile b/doc/Doxyfile index c4f0236..2ae11e6 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.3.5 +PROJECT_NUMBER = 2.3.6 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Tag n2.3.6 : FFmpeg 2.3.6 release
[ffmpeg] [branch: refs/tags/n2.3.6] Tag:ac39a09744777048f3c99281a1cb4aafadfda54b > http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=ac39a09744777048f3c99281a1cb4aafadfda54b Tagger: Michael Niedermayer Date: Tue Jan 6 20:00:03 2015 +0100 FFmpeg 2.3.6 release ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] [ffmpeg-web] branch master updated. b3b45be web/security: add 2.3.6
The branch, master has been updated via b3b45be3eb355827d0beaf328bd34bf18c7c9b04 (commit) via a7e37f2c55a9e70aa22247a20a25012e9e7517df (commit) from fb1004459c9d8d2b142f0d1b49e02234a2815454 (commit) - Log - commit b3b45be3eb355827d0beaf328bd34bf18c7c9b04 Author: Michael Niedermayer AuthorDate: Tue Jan 6 20:34:23 2015 +0100 Commit: Michael Niedermayer CommitDate: Tue Jan 6 20:36:21 2015 +0100 web/security: add 2.3.6 diff --git a/src/security b/src/security index 3632144..05f523c 100644 --- a/src/security +++ b/src/security @@ -53,6 +53,17 @@ CVE-2014-8549, 84d26ab6eb07e22ad6ffcd8109ca1d1a0cd57bce / 550f3e9df3410b3dd975e5 FFmpeg 2.3 +2.3.6 + +Fixes following vulnerabilities: + + +CVE-2014-9316, 6c63eb59099e7096aad3c15a1dab62afc87b / 0eecf40935b22644e6cd74c586057237ecfd6844 +CVE-2014-9317, 1bfd23d2c934db2f7fc20c1e4de5404869555991 / 79ceaf827be0b070675d4cd0a55c3386542defd8 +CVE-2014-9318, e0822b147f25e56c65b48b7717eaa68f249346eb / 1d3a3b9f8907625b361420d48fe05716859620ff +CVE-2014-9319, 87d0339d67669b9cca9142603c4b00ee10d833c5 / ea38e5a6b75706477898eb1e6582d667dbb9946c + + 2.3.5 Fixes following vulnerabilities: commit a7e37f2c55a9e70aa22247a20a25012e9e7517df Author: Michael Niedermayer AuthorDate: Tue Jan 6 20:11:30 2015 +0100 Commit: Michael Niedermayer CommitDate: Tue Jan 6 20:36:20 2015 +0100 web/olddownload: add 2.3.6 diff --git a/src/olddownload b/src/olddownload index bc509a4..b8fe85d 100644 --- a/src/olddownload +++ b/src/olddownload @@ -6,10 +6,10 @@ maintaining an old release. -FFmpeg 2.3.5 "Mandelbrot" +FFmpeg 2.3.6 "Mandelbrot" -2.3.5 was released on 2014-11-01. It is the latest stable FFmpeg release +2.3.6 was released on 2015-01-06. It is the latest stable FFmpeg release from the 2.3 release branch, which was cut from master on 2014-07-16. Amongst lots of other changes, it includes all changes from ffmpeg-mt, libav master of 2014-07-15, libav 10.2 as of 2014-07-15. @@ -29,15 +29,15 @@ libpostproc52. 3.100 - Download bzip2 tarball - PGP signature + Download bzip2 tarball + PGP signature - Download gzip tarball - PGP signature + Download gzip tarball + PGP signature - http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n2.3.5";>Changelog + http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n2.3.6";>Changelog http://git.videolan.org/?p=ffmpeg.git;a=blob;f=RELEASE_NOTES;hb=489d066";>Release Notes --- Summary of changes: src/olddownload | 14 +++--- src/security| 11 +++ 2 files changed, 18 insertions(+), 7 deletions(-) hooks/post-receive -- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] tools/ismindex: Keep count fields consistent with arrays in case of errors
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
21:07:50 2015 +0100| [a0a7b154bb49080d187170d0ed06e607fcc0b8d2] | committer:
Michael Niedermayer
tools/ismindex: Keep count fields consistent with arrays in case of errors
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0a7b154bb49080d187170d0ed06e607fcc0b8d2
---
tools/ismindex.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/ismindex.c b/tools/ismindex.c
index 3e53046..d6386ac 100644
--- a/tools/ismindex.c
+++ b/tools/ismindex.c
@@ -340,6 +340,7 @@ static int read_tfra(struct Tracks *tracks, int
start_index, AVIOContext *f)
track->chunks = avio_rb32(f);
track->offsets = av_mallocz_array(track->chunks, sizeof(*track->offsets));
if (!track->offsets) {
+track->chunks = 0;
ret = AVERROR(ENOMEM);
goto fail;
}
@@ -448,10 +449,11 @@ fail:
static int get_private_data(struct Track *track, AVCodecContext *codec)
{
-track->codec_private_size = codec->extradata_size;
+track->codec_private_size = 0;
track->codec_private = av_mallocz(codec->extradata_size);
if (!track->codec_private)
return AVERROR(ENOMEM);
+track->codec_private_size = codec->extradata_size;
memcpy(track->codec_private, codec->extradata, codec->extradata_size);
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] tools/ismindex.c: Use av_realloc_array()
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
21:08:20 2015 +0100| [dede2f7fc4441606fd07035e7c3e62421ec756b0] | committer:
Michael Niedermayer
tools/ismindex.c: Use av_realloc_array()
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dede2f7fc4441606fd07035e7c3e62421ec756b0
---
tools/ismindex.c |5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tools/ismindex.c b/tools/ismindex.c
index d6386ac..47a148c 100644
--- a/tools/ismindex.c
+++ b/tools/ismindex.c
@@ -532,8 +532,9 @@ static int handle_file(struct Tracks *tracks, const char
*file, int split,
err = AVERROR(ENOMEM);
goto fail;
}
-temp = av_realloc(tracks->tracks,
- sizeof(*tracks->tracks) * (tracks->nb_tracks + 1));
+temp = av_realloc_array(tracks->tracks,
+tracks->nb_tracks + 1,
+sizeof(*tracks->tracks));
if (!temp) {
av_free(track);
err = AVERROR(ENOMEM);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] opt: check memory allocation
ffmpeg | branch: master | Vittorio Giovara | Thu
Dec 18 20:26:57 2014 +0100| [07a0c0f0005072d115ace61e60f46be68582cc3a] |
committer: Vittorio Giovara
opt: check memory allocation
CC: libav-sta...@libav.org
Bug-Id: CID 1257771
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07a0c0f0005072d115ace61e60f46be68582cc3a
---
libavutil/opt.c |2 ++
1 file changed, 2 insertions(+)
diff --git a/libavutil/opt.c b/libavutil/opt.c
index 6785a08..b3435e0 100644
--- a/libavutil/opt.c
+++ b/libavutil/opt.c
@@ -119,6 +119,8 @@ static int set_string_binary(void *obj, const AVOption *o,
const char *val, uint
len /= 2;
ptr = bin = av_malloc(len);
+if (!ptr)
+return AVERROR(ENOMEM);
while (*val) {
int a = hexchar2int(*val++);
int b = hexchar2int(*val++);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit '07a0c0f0005072d115ace61e60f46be68582cc3a'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 21:37:33 2015 +0100| [b20e79dbe99806d60ae856da830b9d866ffabcc6] | committer: Michael Niedermayer Merge commit '07a0c0f0005072d115ace61e60f46be68582cc3a' * commit '07a0c0f0005072d115ace61e60f46be68582cc3a': opt: check memory allocation Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b20e79dbe99806d60ae856da830b9d866ffabcc6 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swscale: check memory allocations
ffmpeg | branch: master | Vittorio Giovara | Wed
Dec 17 16:02:07 2014 +0100| [1dd797e3c9f179f957316a0becbec048b42df8aa] |
committer: Vittorio Giovara
swscale: check memory allocations
CC: libav-sta...@libav.org
Bug-Id: CID 1257779
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1dd797e3c9f179f957316a0becbec048b42df8aa
---
libswscale/yuv2rgb.c | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/libswscale/yuv2rgb.c b/libswscale/yuv2rgb.c
index 480fbe3..a4f7a11 100644
--- a/libswscale/yuv2rgb.c
+++ b/libswscale/yuv2rgb.c
@@ -736,9 +736,13 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const
int inv_table[4],
av_free(c->yuvTable);
+#define ALLOC_YUV_TABLE(x) \
+c->yuvTable = av_malloc(x); \
+if (!c->yuvTable) \
+return AVERROR(ENOMEM);
switch (bpp) {
case 1:
-c->yuvTable = av_malloc(1024);
+ALLOC_YUV_TABLE(1024);
y_table = c->yuvTable;
yb = -(384 << 16) - oy;
for (i = 0; i < 1024 - 110; i++) {
@@ -753,7 +757,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const
int inv_table[4],
rbase = isRgb ? 3 : 0;
gbase = 1;
bbase = isRgb ? 0 : 3;
-c->yuvTable = av_malloc(1024 * 3);
+ALLOC_YUV_TABLE(1024 * 3);
y_table = c->yuvTable;
yb = -(384 << 16) - oy;
for (i = 0; i < 1024 - 110; i++) {
@@ -772,7 +776,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const
int inv_table[4],
rbase = isRgb ? 5 : 0;
gbase = isRgb ? 2 : 3;
bbase = isRgb ? 0 : 6;
-c->yuvTable = av_malloc(1024 * 3);
+ALLOC_YUV_TABLE(1024 * 3);
y_table = c->yuvTable;
yb = -(384 << 16) - oy;
for (i = 0; i < 1024 - 38; i++) {
@@ -791,7 +795,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const
int inv_table[4],
rbase = isRgb ? 8 : 0;
gbase = 4;
bbase = isRgb ? 0 : 8;
-c->yuvTable = av_malloc(1024 * 3 * 2);
+ALLOC_YUV_TABLE(1024 * 3 * 2);
y_table16 = c->yuvTable;
yb = -(384 << 16) - oy;
for (i = 0; i < 1024; i++) {
@@ -814,7 +818,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const
int inv_table[4],
rbase = isRgb ? bpp - 5 : 0;
gbase = 5;
bbase = isRgb ? 0 : (bpp - 5);
-c->yuvTable = av_malloc(1024 * 3 * 2);
+ALLOC_YUV_TABLE(1024 * 3 * 2);
y_table16 = c->yuvTable;
yb = -(384 << 16) - oy;
for (i = 0; i < 1024; i++) {
@@ -834,7 +838,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const
int inv_table[4],
break;
case 24:
case 48:
-c->yuvTable = av_malloc(1024);
+ALLOC_YUV_TABLE(1024);
y_table = c->yuvTable;
yb = -(384 << 16) - oy;
for (i = 0; i < 1024; i++) {
@@ -855,7 +859,7 @@ av_cold int ff_yuv2rgb_c_init_tables(SwsContext *c, const
int inv_table[4],
needAlpha = CONFIG_SWSCALE_ALPHA && isALPHA(c->srcFormat);
if (!needAlpha)
abase = (base + 24) & 31;
-c->yuvTable = av_malloc(1024 * 3 * 4);
+ALLOC_YUV_TABLE(1024 * 3 * 4);
y_table32 = c->yuvTable;
yb = -(384 << 16) - oy;
for (i = 0; i < 1024; i++) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit '1dd797e3c9f179f957316a0becbec048b42df8aa'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 21:44:08 2015 +0100| [90de28befd88fccb2a4d96d55e1d72eac96c4278] | committer: Michael Niedermayer Merge commit '1dd797e3c9f179f957316a0becbec048b42df8aa' * commit '1dd797e3c9f179f957316a0becbec048b42df8aa': swscale: check memory allocations Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90de28befd88fccb2a4d96d55e1d72eac96c4278 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] ffv1: Drop unnecessary casts and const qualifiers to match function signatures
ffmpeg | branch: master | Diego Biurrun | Thu Dec 18
20:07:28 2014 +0100| [ca09effb01e126b0ac74ff3de70a475423ddee82] | committer:
Vittorio Giovara
ffv1: Drop unnecessary casts and const qualifiers to match function signatures
libavcodec/ffv1dec.c:898:36: warning: cast discards ‘const’ qualifier from
pointer target type
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca09effb01e126b0ac74ff3de70a475423ddee82
---
libavcodec/ffv1dec.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 50b220f..4349af5 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -827,13 +827,13 @@ static av_cold int ffv1_decode_init(AVCodecContext *avctx)
static int ffv1_decode_frame(AVCodecContext *avctx, void *data,
int *got_frame, AVPacket *avpkt)
{
-const uint8_t *buf = avpkt->data;
+uint8_t *buf= avpkt->data;
int buf_size= avpkt->size;
FFV1Context *f = avctx->priv_data;
RangeCoder *const c = &f->slice_context[0]->c;
int i, ret;
uint8_t keystate = 128;
-const uint8_t *buf_p;
+uint8_t *buf_p;
AVFrame *const p= data;
f->cur = p;
@@ -895,7 +895,7 @@ static int ffv1_decode_frame(AVCodecContext *avctx, void
*data,
if (i) {
ff_init_range_decoder(&fs->c, buf_p, v);
} else
-fs->c.bytestream_end = (uint8_t *)(buf_p + v);
+fs->c.bytestream_end = buf_p + v;
fs->cur = p;
}
@@ -919,7 +919,7 @@ static int ffv1_decode_frame(AVCodecContext *avctx, void
*data,
f->last_picture->linesize[j] *
(fs->slice_y >> sv) + (fs->slice_x >> sh);
}
-av_image_copy(dst, p->linesize, (const uint8_t **)src,
+av_image_copy(dst, p->linesize, src,
f->last_picture->linesize,
avctx->pix_fmt, fs->slice_width,
fs->slice_height);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit 'ca09effb01e126b0ac74ff3de70a475423ddee82'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 21:54:26 2015 +0100| [f4cc19cdd082aa07db2f6fd1c5fbc2b674a74a63] | committer: Michael Niedermayer Merge commit 'ca09effb01e126b0ac74ff3de70a475423ddee82' * commit 'ca09effb01e126b0ac74ff3de70a475423ddee82': ffv1: Drop unnecessary casts and const qualifiers to match function signatures Conflicts: libavcodec/ffv1dec.c Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4cc19cdd082aa07db2f6fd1c5fbc2b674a74a63 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] ffv1: const correctness for encode_rgb_frame()
ffmpeg | branch: master | Diego Biurrun | Thu Dec 18
20:07:29 2014 +0100| [0352ff102d62ee94e79e0baaf64d5ad4e66f907b] | committer:
Vittorio Giovara
ffv1: const correctness for encode_rgb_frame()
libavcodec/ffv1enc.c:922:53: warning: passing argument 5 of ‘encode_rgb_frame’
discards ‘const’ qualifier from pointer target type
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0352ff102d62ee94e79e0baaf64d5ad4e66f907b
---
libavcodec/ffv1enc.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index 93630b4..bda5f72 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -293,8 +293,8 @@ static void encode_plane(FFV1Context *s, uint8_t *src, int
w, int h,
}
}
-static void encode_rgb_frame(FFV1Context *s, uint8_t *src[3], int w, int h,
- int stride[3])
+static void encode_rgb_frame(FFV1Context *s, const uint8_t *src[3],
+ int w, int h, const int stride[3])
{
int x, y, p, i;
const int ring_size = s->avctx->context_model ? 3 : 2;
@@ -320,15 +320,15 @@ static void encode_rgb_frame(FFV1Context *s, uint8_t
*src[3], int w, int h,
for (x = 0; x < w; x++) {
int b, g, r, av_uninit(a);
if (lbd) {
-unsigned v = *((uint32_t *)(src[0] + x * 4 + stride[0] * y));
+unsigned v = *((const uint32_t *)(src[0] + x * 4 + stride[0] *
y));
b = v & 0xFF;
g = (v >> 8) & 0xFF;
r = (v >> 16) & 0xFF;
a = v >> 24;
} else {
-b = *((uint16_t *)(src[0] + x * 2 + stride[0] * y));
-g = *((uint16_t *)(src[1] + x * 2 + stride[1] * y));
-r = *((uint16_t *)(src[2] + x * 2 + stride[2] * y));
+b = *((const uint16_t *)(src[0] + x * 2 + stride[0] * y));
+g = *((const uint16_t *)(src[1] + x * 2 + stride[1] * y));
+r = *((const uint16_t *)(src[2] + x * 2 + stride[2] * y));
}
b -= g;
@@ -916,9 +916,9 @@ static int encode_slice(AVCodecContext *c, void *arg)
encode_plane(fs, p->data[3] + ps * x + y * p->linesize[3], width,
height, p->linesize[3], 2);
} else {
-uint8_t *planes[3] = { p->data[0] + ps * x + y * p->linesize[0],
- p->data[1] + ps * x + y * p->linesize[1],
- p->data[2] + ps * x + y * p->linesize[2] };
+const uint8_t *planes[3] = { p->data[0] + ps * x + y * p->linesize[0],
+ p->data[1] + ps * x + y * p->linesize[1],
+ p->data[2] + ps * x + y * p->linesize[2]
};
encode_rgb_frame(fs, planes, width, height, p->linesize);
}
emms_c();
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/ffv1enc: Fix incompatible pointer type warning
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
22:05:13 2015 +0100| [9198397115bfef265ebb1ab04e4991defa908d11] | committer:
Michael Niedermayer
avcodec/ffv1enc: Fix incompatible pointer type warning
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9198397115bfef265ebb1ab04e4991defa908d11
---
libavcodec/ffv1enc.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index 4b16a16..39a1501 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -1017,7 +1017,7 @@ static void encode_slice_header(FFV1Context *f,
FFV1Context *fs)
}
}
-static void choose_rct_params(FFV1Context *fs, uint8_t *src[3], const int
stride[3], int w, int h)
+static void choose_rct_params(FFV1Context *fs, const uint8_t *src[3], const
int stride[3], int w, int h)
{
#define NB_Y_COEFF 15
static const int rct_y_coeff[15][2] = {
@@ -1053,14 +1053,14 @@ static void choose_rct_params(FFV1Context *fs, uint8_t
*src[3], const int stride
int b, g, r;
int ab, ag, ar;
if (lbd) {
-unsigned v = *((uint32_t*)(src[0] + x*4 + stride[0]*y));
+unsigned v = *((const uint32_t*)(src[0] + x*4 + stride[0]*y));
b = v& 0xFF;
g = (v >> 8) & 0xFF;
r = (v >> 16) & 0xFF;
} else {
-b = *((uint16_t*)(src[0] + x*2 + stride[0]*y));
-g = *((uint16_t*)(src[1] + x*2 + stride[1]*y));
-r = *((uint16_t*)(src[2] + x*2 + stride[2]*y));
+b = *((const uint16_t*)(src[0] + x*2 + stride[0]*y));
+g = *((const uint16_t*)(src[1] + x*2 + stride[1]*y));
+r = *((const uint16_t*)(src[2] + x*2 + stride[2]*y));
}
ar = r - lastr;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit '0352ff102d62ee94e79e0baaf64d5ad4e66f907b'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 22:03:57 2015 +0100| [3b3782d74e5a5827e4a52f0be990decd6a303654] | committer: Michael Niedermayer Merge commit '0352ff102d62ee94e79e0baaf64d5ad4e66f907b' * commit '0352ff102d62ee94e79e0baaf64d5ad4e66f907b': ffv1: const correctness for encode_rgb_frame() Conflicts: libavcodec/ffv1enc.c Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3b3782d74e5a5827e4a52f0be990decd6a303654 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] vda: error out if decoded CVPixelBuffer is empty
ffmpeg | branch: master | Stefano Pigozzi | Mon Dec
29 21:28:50 2014 +0100| [2cef68da69a17ed09c313ba3c3850ec1cc0a80e0] | committer:
Vittorio Giovara
vda: error out if decoded CVPixelBuffer is empty
On some video samples, VDA silently fails to decode frames and returns
kVDADecoderNoErr. Error out in these cases to avoid producing AVFrames with
empty planes.
Signed-off-by: Stefano Pigozzi
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2cef68da69a17ed09c313ba3c3850ec1cc0a80e0
---
libavcodec/vda_h264.c | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/libavcodec/vda_h264.c b/libavcodec/vda_h264.c
index c7f6a74..acefde6 100644
--- a/libavcodec/vda_h264.c
+++ b/libavcodec/vda_h264.c
@@ -345,24 +345,25 @@ static int vda_h264_end_frame(AVCodecContext *avctx)
CFRelease(coded_frame);
+if (!vda->frame)
+return AVERROR_UNKNOWN;
+
if (status != kVDADecoderNoErr) {
av_log(avctx, AV_LOG_ERROR, "Failed to decode frame (%d)\n", status);
return AVERROR_UNKNOWN;
}
-if (vda->frame) {
-av_buffer_unref(&frame->buf[0]);
+av_buffer_unref(&frame->buf[0]);
-frame->buf[0] = av_buffer_create((uint8_t*)vda->frame,
- sizeof(vda->frame),
- release_buffer, NULL,
- AV_BUFFER_FLAG_READONLY);
-if (!frame->buf)
-return AVERROR(ENOMEM);
+frame->buf[0] = av_buffer_create((uint8_t*)vda->frame,
+ sizeof(vda->frame),
+ release_buffer, NULL,
+ AV_BUFFER_FLAG_READONLY);
+if (!frame->buf)
+return AVERROR(ENOMEM);
-frame->data[3] = (uint8_t*)vda->frame;
-vda->frame = NULL;
-}
+frame->data[3] = (uint8_t*)vda->frame;
+vda->frame = NULL;
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit '2cef68da69a17ed09c313ba3c3850ec1cc0a80e0'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 22:12:53 2015 +0100| [2ab6deb36f1904cf97b8f276414043b2f9574135] | committer: Michael Niedermayer Merge commit '2cef68da69a17ed09c313ba3c3850ec1cc0a80e0' * commit '2cef68da69a17ed09c313ba3c3850ec1cc0a80e0': vda: error out if decoded CVPixelBuffer is empty Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ab6deb36f1904cf97b8f276414043b2f9574135 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] build: Use -Werror=format-security
ffmpeg | branch: master | Agostino Sarubbo | Sun Dec 21 14:38:57 2014 +0100| [fe082998683334e7f573cfe3876810fb80c5249c] | committer: Vittorio Giovara build: Use -Werror=format-security Reduce the chance of introducing a class of bugs quite hard to track. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe082998683334e7f573cfe3876810fb80c5249c --- configure |1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 6648035..1408689 100755 --- a/configure +++ b/configure @@ -4452,6 +4452,7 @@ elif enabled gcc; then check_cflags -Werror=return-type check_cflags -Werror=declaration-after-statement check_cflags -Werror=vla +check_cflags -Werror=format-security enabled extra_warnings || check_disable_warning -Wno-maybe-uninitialized elif enabled llvm_gcc; then check_cflags -mllvm -stack-alignment=16 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] vf_interlace: use image width rather than linesize
ffmpeg | branch: master | Vittorio Giovara | Tue
Dec 2 14:58:38 2014 +| [696141e898193311c994b399a8dc60713709092f] |
committer: Vittorio Giovara
vf_interlace: use image width rather than linesize
Based on a patch by Michael Niedermayer .
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=696141e898193311c994b399a8dc60713709092f
---
libavfilter/vf_interlace.c |9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavfilter/vf_interlace.c b/libavfilter/vf_interlace.c
index 3c36568..3e2a044 100644
--- a/libavfilter/vf_interlace.c
+++ b/libavfilter/vf_interlace.c
@@ -131,16 +131,17 @@ static void copy_picture_field(InterlaceContext *s,
int lowpass)
{
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(inlink->format);
+int hsub = desc->log2_chroma_w;
int vsub = desc->log2_chroma_h;
int plane, j;
for (plane = 0; plane < desc->nb_components; plane++) {
+int cols = (plane == 1 || plane == 2) ? -(-inlink->w) >> hsub :
inlink->w;
int lines = (plane == 1 || plane == 2) ? -(-inlink->h) >> vsub :
inlink->h;
-ptrdiff_t linesize = av_image_get_linesize(inlink->format, inlink->w,
plane);
uint8_t *dstp = dst_frame->data[plane];
const uint8_t *srcp = src_frame->data[plane];
-av_assert0(linesize >= 0);
+av_assert0(cols >= 0);
lines = (lines + (field_type == FIELD_UPPER)) / 2;
if (field_type == FIELD_LOWER)
@@ -157,14 +158,14 @@ static void copy_picture_field(InterlaceContext *s,
srcp_above = srcp; // there is no line above
if (j == 1)
srcp_below = srcp; // there is no line below
-s->lowpass_line(dstp, linesize, srcp, srcp_above, srcp_below);
+s->lowpass_line(dstp, cols, srcp, srcp_above, srcp_below);
dstp += dstp_linesize;
srcp += srcp_linesize;
}
} else {
av_image_copy_plane(dstp, dst_frame->linesize[plane] * 2,
srcp, src_frame->linesize[plane] * 2,
-linesize, lines);
+cols, lines);
}
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit '696141e898193311c994b399a8dc60713709092f'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 22:38:11 2015 +0100| [f931b1ef450e67c211c6294788da3a1265c0af81] | committer: Michael Niedermayer Merge commit '696141e898193311c994b399a8dc60713709092f' * commit '696141e898193311c994b399a8dc60713709092f': vf_interlace: use image width rather than linesize Conflicts: libavfilter/vf_interlace.c See: f043965cd5145d8540d55c013b0d809b6a874c53 Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f931b1ef450e67c211c6294788da3a1265c0af81 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] vfilter/vf_tinterlace: Fix issues with linesize and cols
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6
23:20:18 2015 +0100| [ac3f6429ba5b596406da12746659f1fb7c5b7b07] | committer:
Michael Niedermayer
vfilter/vf_tinterlace: Fix issues with linesize and cols
Based on patch by Vittorio Giovara from
696141e898193311c994b399a8dc60713709092f
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac3f6429ba5b596406da12746659f1fb7c5b7b07
---
libavfilter/vf_tinterlace.c |9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/libavfilter/vf_tinterlace.c b/libavfilter/vf_tinterlace.c
index c644895..f3411f9 100644
--- a/libavfilter/vf_tinterlace.c
+++ b/libavfilter/vf_tinterlace.c
@@ -197,20 +197,17 @@ void copy_picture_field(TInterlaceContext *tinterlace,
int flags)
{
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(format);
+int hsub = desc->log2_chroma_w;
int plane, vsub = desc->log2_chroma_h;
int k = src_field == FIELD_UPPER_AND_LOWER ? 1 : 2;
int h;
for (plane = 0; plane < desc->nb_components; plane++) {
int lines = plane == 1 || plane == 2 ? FF_CEIL_RSHIFT(src_h, vsub) :
src_h;
-int cols = plane == 1 || plane == 2 ? FF_CEIL_RSHIFT(w,
desc->log2_chroma_w) : w;
-int linesize = av_image_get_linesize(format, w, plane);
+int cols = plane == 1 || plane == 2 ? FF_CEIL_RSHIFT(w, hsub) : w;
uint8_t *dstp = dst[plane];
const uint8_t *srcp = src[plane];
-if (linesize < 0)
-return;
-
lines = (lines + (src_field == FIELD_UPPER)) / k;
if (src_field == FIELD_LOWER)
srcp += src_linesize[plane];
@@ -234,7 +231,7 @@ void copy_picture_field(TInterlaceContext *tinterlace,
}
} else {
av_image_copy_plane(dstp, dst_linesize[plane] * (interleave ? 2 :
1),
-srcp, src_linesize[plane]*k, linesize, lines);
+srcp, src_linesize[plane]*k, cols, lines);
}
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit 'fe082998683334e7f573cfe3876810fb80c5249c'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 22:33:18 2015 +0100| [30cf755548a9c73753db6c405bda935016a86f49] | committer: Michael Niedermayer Merge commit 'fe082998683334e7f573cfe3876810fb80c5249c' * commit 'fe082998683334e7f573cfe3876810fb80c5249c': build: Use -Werror=format-security Conflicts: configure See: 97592faa51eacda9a949c4f0ba2a6d7989ef5f3b Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30cf755548a9c73753db6c405bda935016a86f49 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit '046f75a970701b4c947d38bfd2186dcc5f2ddae2'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 23:40:11 2015 +0100| [6279cb3597cc1c70638857a4940aa6a9da9a91c5] | committer: Michael Niedermayer Merge commit '046f75a970701b4c947d38bfd2186dcc5f2ddae2' * commit '046f75a970701b4c947d38bfd2186dcc5f2ddae2': vf_interlace: also assert for height Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6279cb3597cc1c70638857a4940aa6a9da9a91c5 --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] vf_interlace: also assert for height
ffmpeg | branch: master | Vittorio Giovara | Tue Dec 2 14:58:39 2014 +| [046f75a970701b4c947d38bfd2186dcc5f2ddae2] | committer: Vittorio Giovara vf_interlace: also assert for height > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=046f75a970701b4c947d38bfd2186dcc5f2ddae2 --- libavfilter/vf_interlace.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/vf_interlace.c b/libavfilter/vf_interlace.c index 3e2a044..0b2444c 100644 --- a/libavfilter/vf_interlace.c +++ b/libavfilter/vf_interlace.c @@ -141,7 +141,7 @@ static void copy_picture_field(InterlaceContext *s, uint8_t *dstp = dst_frame->data[plane]; const uint8_t *srcp = src_frame->data[plane]; -av_assert0(cols >= 0); +av_assert0(cols >= 0 || lines >= 0); lines = (lines + (field_type == FIELD_UPPER)) / 2; if (field_type == FIELD_LOWER) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Merge commit '15ea222778caaec0877b3f9938140b707c931d96'
ffmpeg | branch: master | Michael Niedermayer | Tue Jan 6 23:50:45 2015 +0100| [82b1bcd7f9b650a9d46a22079c0cdac05badeebc] | committer: Michael Niedermayer Merge commit '15ea222778caaec0877b3f9938140b707c931d96' * commit '15ea222778caaec0877b3f9938140b707c931d96': vf_interlace: merge FIELD_LOWER check Merged-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=82b1bcd7f9b650a9d46a22079c0cdac05badeebc --- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] vf_interlace: merge FIELD_LOWER check
ffmpeg | branch: master | Vittorio Giovara | Tue
Dec 2 14:58:41 2014 +| [15ea222778caaec0877b3f9938140b707c931d96] |
committer: Vittorio Giovara
vf_interlace: merge FIELD_LOWER check
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15ea222778caaec0877b3f9938140b707c931d96
---
libavfilter/vf_interlace.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_interlace.c b/libavfilter/vf_interlace.c
index 0b2444c..0f551ca 100644
--- a/libavfilter/vf_interlace.c
+++ b/libavfilter/vf_interlace.c
@@ -144,10 +144,10 @@ static void copy_picture_field(InterlaceContext *s,
av_assert0(cols >= 0 || lines >= 0);
lines = (lines + (field_type == FIELD_UPPER)) / 2;
-if (field_type == FIELD_LOWER)
+if (field_type == FIELD_LOWER) {
srcp += src_frame->linesize[plane];
-if (field_type == FIELD_LOWER)
dstp += dst_frame->linesize[plane];
+}
if (lowpass) {
int srcp_linesize = src_frame->linesize[plane] * 2;
int dstp_linesize = dst_frame->linesize[plane] * 2;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] ulti: invert the order of parameters of ulti_decode_frame()
ffmpeg | branch: master | Vittorio Giovara | Thu
Dec 18 20:26:58 2014 +0100| [ed97963bdbf3bb17fca4f9ea0aa1a97722dec907] |
committer: Vittorio Giovara
ulti: invert the order of parameters of ulti_decode_frame()
This is the order that the caller uses in the rest of the file.
Variables are modified to reflect the order above too and their
initialization is merged with their declarationt. No behavioral
change.
Bug-Id: CID 732286
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed97963bdbf3bb17fca4f9ea0aa1a97722dec907
---
libavcodec/ulti.c |7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libavcodec/ulti.c b/libavcodec/ulti.c
index 186f1a6..b955dd7 100644
--- a/libavcodec/ulti.c
+++ b/libavcodec/ulti.c
@@ -384,12 +384,11 @@ static int ulti_decode_frame(AVCodecContext *avctx,
Y[3] = bytestream2_get_byteu(&s->gb) & 0x3F;
ulti_grad(s->frame, tx, ty, Y, chroma, angle);
//draw block
} else { // some patterns
-int f0, f1;
-f0 = bytestream2_get_byteu(&s->gb);
-f1 = tmp;
+int f0 = tmp;
+int f1 = bytestream2_get_byteu(&s->gb);
Y[0] = bytestream2_get_byteu(&s->gb) & 0x3F;
Y[1] = bytestream2_get_byteu(&s->gb) & 0x3F;
-ulti_pattern(s->frame, tx, ty, f1, f0, Y[0], Y[1],
chroma);
+ulti_pattern(s->frame, tx, ty, f0, f1, Y[0], Y[1],
chroma);
}
}
break;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
