[FFmpeg-cvslog] avformat/dfa: Fix packet leak on error
ffmpeg | branch: master | Michael Niedermayer | Mon
Jan 11 17:08:07 2016 +0100| [c71999ef97b7cc8b1cb6eaf39e72e9ecbf825d9e] |
committer: Michael Niedermayer
avformat/dfa: Fix packet leak on error
Fixes:
07fa81f300736485e585b63e7b1cd155/signal_sigabrt_76ae7cb7_16_94ee815791a1357826524072db5bc2dc.dfa
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c71999ef97b7cc8b1cb6eaf39e72e9ecbf825d9e
---
libavformat/dfa.c |1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/dfa.c b/libavformat/dfa.c
index 40e3fad..b16672c 100644
--- a/libavformat/dfa.c
+++ b/libavformat/dfa.c
@@ -101,6 +101,7 @@ static int dfa_read_packet(AVFormatContext *s, AVPacket
*pkt)
frame_size = AV_RL32(pkt->data + pkt->size - 8);
if (frame_size > INT_MAX - 4) {
av_log(s, AV_LOG_ERROR, "Too large chunk size: %"PRIu32"\n",
frame_size);
+av_packet_unref(pkt);
return AVERROR(EIO);
}
if (AV_RL32(pkt->data + pkt->size - 12) == MKTAG('E', 'O', 'F', 'R')) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/wavpackenc: Check the number of channels
ffmpeg | branch: master | Michael Niedermayer | Mon
Jan 11 18:58:08 2016 +0100| [59c915a403af32c4ff5126625b0cc7e38f4beff9] |
committer: Michael Niedermayer
avcodec/wavpackenc: Check the number of channels
They are stored in a byte, thus more than 255 is not possible
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=59c915a403af32c4ff5126625b0cc7e38f4beff9
---
libavcodec/wavpackenc.c |5 +
1 file changed, 5 insertions(+)
diff --git a/libavcodec/wavpackenc.c b/libavcodec/wavpackenc.c
index 05e8f2b..f4e710d 100644
--- a/libavcodec/wavpackenc.c
+++ b/libavcodec/wavpackenc.c
@@ -128,6 +128,11 @@ static av_cold int wavpack_encode_init(AVCodecContext
*avctx)
s->avctx = avctx;
+if (avctx->channels > 255) {
+av_log(avctx, AV_LOG_ERROR, "Too many channels\n", avctx->channels);
+return AVERROR(EINVAL);
+}
+
if (!avctx->frame_size) {
int block_samples;
if (!(avctx->sample_rate & 1))
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/wavpackenc: Headers are per channel
ffmpeg | branch: master | Michael Niedermayer | Mon Jan 11 18:32:32 2016 +0100| [26757b0279b4b93c6066c2151d4d3dbd2ec266bf] | committer: Michael Niedermayer avcodec/wavpackenc: Headers are per channel Fixes: 1b8b83a53bfa751f01b1daa65a4758db/signal_sigabrt_76ae7cb7_7488_403f71d1a2565b598d01b6cb110fac8f.aiff Fixes: assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26757b0279b4b93c6066c2151d4d3dbd2ec266bf --- libavcodec/wavpackenc.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/wavpackenc.c b/libavcodec/wavpackenc.c index 977bcf0..05e8f2b 100644 --- a/libavcodec/wavpackenc.c +++ b/libavcodec/wavpackenc.c @@ -2878,7 +2878,7 @@ static int wavpack_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, } buf_size = s->block_samples * avctx->channels * 8 - + 200 /* for headers */; + + 200 * avctx->channels /* for headers */; if ((ret = ff_alloc_packet2(avctx, avpkt, buf_size, 0)) < 0) return ret; buf = avpkt->data; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] qtpalette: make the color_* variables unsigned again
ffmpeg | branch: master | Andreas Cadhalpun
| Sun Jan 10 10:53:33 2016 +0100| [63c9b30f98ce7d160b3a6dec1b36dc05fbb71941] |
committer: Andreas Cadhalpun
qtpalette: make the color_* variables unsigned again
This fixes segmentation faults due to out of bounds writes, when
color_start is interpreted as negative number.
This regression was introduced in commit 57631f.
Reviewed-by: Mats Peterson
Signed-off-by: Andreas Cadhalpun
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63c9b30f98ce7d160b3a6dec1b36dc05fbb71941
---
libavformat/qtpalette.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/qtpalette.c b/libavformat/qtpalette.c
index a78b6af..666c6b7 100644
--- a/libavformat/qtpalette.c
+++ b/libavformat/qtpalette.c
@@ -48,7 +48,7 @@ int ff_get_qtpalette(int codec_id, AVIOContext *pb, uint32_t
*palette)
/* If the depth is 1, 2, 4, or 8 bpp, file is palettized. */
if ((bit_depth == 1 || bit_depth == 2 || bit_depth == 4 || bit_depth ==
8)) {
-int color_count, color_start, color_end;
+uint32_t color_count, color_start, color_end;
uint32_t a, r, g, b;
/* Ignore the greyscale bit for 1-bit video and sample
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavc/cbrt_tablegen: speed up tablegen
ffmpeg | branch: master | Ganesh Ajjanagadde | Mon Jan
11 17:09:44 2016 -0500| [07a11ebcab9b31e9fc784029e5d24e6fbf486ff3] | committer:
Ganesh Ajjanagadde
lavc/cbrt_tablegen: speed up tablegen
This exploits an approach based on the sieve of Eratosthenes, a popular
method for generating prime numbers.
Tables are identical to previous ones.
Tested with FATE with/without --enable-hardcoded-tables.
Sample benchmark (Haswell, GNU/Linux+gcc):
prev:
7860100 decicycles in cbrt_tableinit, 1 runs, 0 skips
490 decicycles in cbrt_tableinit, 2 runs, 0 skips
[...]
7582339 decicycles in cbrt_tableinit, 256 runs, 0 skips
7563556 decicycles in cbrt_tableinit, 512 runs, 0 skips
new:
2099480 decicycles in cbrt_tableinit, 1 runs, 0 skips
2044470 decicycles in cbrt_tableinit, 2 runs, 0 skips
[...]
1796544 decicycles in cbrt_tableinit, 256 runs, 0 skips
1791631 decicycles in cbrt_tableinit, 512 runs, 0 skips
Both small and large run count given as this is called once so small run
count may give a better picture, small numbers are fairly consistent,
and there is a consistent downward trend from small to large runs,
at which point it stabilizes to a new value.
Reviewed-by: Michael Niedermayer
Signed-off-by: Ganesh Ajjanagadde
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07a11ebcab9b31e9fc784029e5d24e6fbf486ff3
---
libavcodec/cbrt_tablegen.h | 39 +--
1 file changed, 29 insertions(+), 10 deletions(-)
diff --git a/libavcodec/cbrt_tablegen.h b/libavcodec/cbrt_tablegen.h
index 59b5a1d..21e4b9a 100644
--- a/libavcodec/cbrt_tablegen.h
+++ b/libavcodec/cbrt_tablegen.h
@@ -26,12 +26,13 @@
#include
#include
#include "libavutil/attributes.h"
+#include "libavutil/intfloat.h"
#include "libavcodec/aac_defines.h"
#if USE_FIXED
-#define CBRT(x) lrint((x).f * 8192)
+#define CBRT(x) lrint((x) * 8192)
#else
-#define CBRT(x) x.i
+#define CBRT(x) av_float2int((float)(x))
#endif
#if CONFIG_HARDCODED_TABLES
@@ -47,16 +48,34 @@ static uint32_t cbrt_tab[1 << 13];
static av_cold void AAC_RENAME(cbrt_tableinit)(void)
{
+static double cbrt_tab_dbl[1 << 13];
if (!cbrt_tab[(1<<13) - 1]) {
-int i;
-for (i = 0; i < 1<<13; i++) {
-union {
-float f;
-uint32_t i;
-} f;
-f.f = cbrt(i) * i;
-cbrt_tab[i] = CBRT(f);
+int i, j, k;
+double cbrt_val;
+
+for (i = 1; i < 1<<13; i++)
+cbrt_tab_dbl[i] = 1;
+
+/* have to take care of non-squarefree numbers */
+for (i = 2; i < 90; i++) {
+if (cbrt_tab_dbl[i] == 1) {
+cbrt_val = i * cbrt(i);
+for (k = i; k < 1<<13; k *= i)
+for (j = k; j < 1<<13; j += k)
+cbrt_tab_dbl[j] *= cbrt_val;
+}
}
+
+for (i = 91; i <= 8191; i+= 2) {
+if (cbrt_tab_dbl[i] == 1) {
+cbrt_val = i * cbrt(i);
+for (j = i; j < 1<<13; j += i)
+cbrt_tab_dbl[j] *= cbrt_val;
+}
+}
+
+for (i = 0; i < 1<<13; i++)
+cbrt_tab[i] = CBRT(cbrt_tab_dbl[i]);
}
}
#endif /* CONFIG_HARDCODED_TABLES */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] ffmdec: change type of len to ptrdiff_t
ffmpeg | branch: master | Andreas Cadhalpun
| Sat Jan 2 16:32:09 2016 +0100| [f6e1c96730ebbcebbd0341329d51d3d3a36b4fa1] |
committer: Andreas Cadhalpun
ffmdec: change type of len to ptrdiff_t
It is used to store the difference between pointers, so ptrdiff_t is the
correct type.
This prevents potential overflows.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f6e1c96730ebbcebbd0341329d51d3d3a36b4fa1
---
libavformat/ffmdec.c |5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
index f754895..41c518f 100644
--- a/libavformat/ffmdec.c
+++ b/libavformat/ffmdec.c
@@ -36,7 +36,7 @@ static int ffm_is_avail_data(AVFormatContext *s, int size)
{
FFMContext *ffm = s->priv_data;
int64_t pos, avail_size;
-int len;
+ptrdiff_t len;
len = ffm->packet_end - ffm->packet_ptr;
if (size <= len)
@@ -87,8 +87,9 @@ static int ffm_read_data(AVFormatContext *s,
{
FFMContext *ffm = s->priv_data;
AVIOContext *pb = s->pb;
-int len, fill_size, size1, frame_offset;
+int fill_size, size1, frame_offset;
uint32_t id;
+ptrdiff_t len;
int64_t last_pos = -1;
size1 = size;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] diracdec: fix idwt_stride calculation in bytes
ffmpeg | branch: master | Andreas Cadhalpun
| Mon Jan 11 23:19:40 2016 +0100| [d637a58750ef456e4254736add04b5c7d0b6dc40] |
committer: Andreas Cadhalpun
diracdec: fix idwt_stride calculation in bytes
The transformation to bytes must happen after alignment to get the same
resulting pointers as before.
This fixes segmentation faults in the assembler code.
The regression was introduced in commit 9553689.
Reviewed-by: Kieran Kunhya
Signed-off-by: Andreas Cadhalpun
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d637a58750ef456e4254736add04b5c7d0b6dc40
---
libavcodec/diracdec.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 486c1b3..9d985351 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -941,7 +941,7 @@ static void init_planes(DiracContext *s)
p->height = s->seq.height >> (i ? s->chroma_y_shift : 0);
p->idwt_width = w = CALC_PADDING(p->width , s->wavelet_depth);
p->idwt_height = h = CALC_PADDING(p->height, s->wavelet_depth);
-p->idwt_stride = FFALIGN(p->idwt_width << (1 + s->pshift), 8);
+p->idwt_stride = FFALIGN(p->idwt_width, 8) << (1 + s->pshift);
for (level = s->wavelet_depth-1; level >= 0; level--) {
w = w>>1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] rtmpdh: Initialize gcrypt before using it
ffmpeg | branch: master | Ricardo Constantino | Tue Dec 29
21:40:14 2015 +| [d50b5d547f4070678c88aa095b5292c872e2c1dc] | committer:
Michael Niedermayer
rtmpdh: Initialize gcrypt before using it
Either disabling or init'ing secure memory is required after the use
of gcry_check_version. From a look at the functions rtmpdh uses, I
noticed none require the use of secure memory, so we disable it [1][2].
This resolves some errors returned by rtmpdh code with uninitialized
gcrypt, especifically:
Fatal: failed to create the RNG lock: Invalid argument
FATAL: failed to acquire the FSM lock in libgrypt: Invalid argument
Version "1.5.4" was arbitrarily chosen. An older version probably works
as well, but I couldn't compile older versions to test on my machine.
[1]
https://gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
[2]
https://www.gnupg.org/documentation/manuals/gcrypt/Controlling-the-library.html
Signed-off-by: Ricardo Constantino
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d50b5d547f4070678c88aa095b5292c872e2c1dc
---
libavformat/rtmpdh.c | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libavformat/rtmpdh.c b/libavformat/rtmpdh.c
index 91b1349..42ad72c 100644
--- a/libavformat/rtmpdh.c
+++ b/libavformat/rtmpdh.c
@@ -97,7 +97,16 @@
mpz_fdiv_r_2exp(bn, bn, num_bits);\
} while (0)
#elif CONFIG_GCRYPT
-#define bn_new(bn) bn = gcry_mpi_new(1)
+#define bn_new(bn) \
+do {\
+if (!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) { \
+if (!gcry_check_version("1.5.4")) \
+return AVERROR(EINVAL); \
+gcry_control(GCRYCTL_DISABLE_SECMEM, 0);\
+gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); \
+} \
+bn = gcry_mpi_new(1); \
+} while (0)
#define bn_free(bn) gcry_mpi_release(bn)
#define bn_set_word(bn, w) gcry_mpi_set_ui(bn, w)
#define bn_cmp(a, b)gcry_mpi_cmp(a, b)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpeg4video: Check time_incr
ffmpeg | branch: master | Michael Niedermayer | Tue
Jan 12 03:03:01 2016 +0100| [7c97946d6131b31340954a3f603b6bf92590a9a5] |
committer: Michael Niedermayer
avcodec/mpeg4video: Check time_incr
Fixes assertion failure
Fixes out of memory access
Fixes: test_casex.ivf
Found-by: Tyson Smith
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7c97946d6131b31340954a3f603b6bf92590a9a5
---
libavcodec/mpeg4video.h|2 +-
libavcodec/mpeg4videoenc.c | 10 +-
libavcodec/mpegvideo_enc.c |8 +---
3 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/libavcodec/mpeg4video.h b/libavcodec/mpeg4video.h
index 49bc13f..5998c71 100644
--- a/libavcodec/mpeg4video.h
+++ b/libavcodec/mpeg4video.h
@@ -140,7 +140,7 @@ void ff_mpeg4_encode_mb(MpegEncContext *s,
void ff_mpeg4_pred_ac(MpegEncContext *s, int16_t *block, int n,
int dir);
void ff_set_mpeg4_time(MpegEncContext *s);
-void ff_mpeg4_encode_picture_header(MpegEncContext *s, int picture_number);
+int ff_mpeg4_encode_picture_header(MpegEncContext *s, int picture_number);
int ff_mpeg4_decode_picture_header(Mpeg4DecContext *ctx, GetBitContext *gb);
void ff_mpeg4_encode_video_packet_header(MpegEncContext *s);
diff --git a/libavcodec/mpeg4videoenc.c b/libavcodec/mpeg4videoenc.c
index 15d8825..4c1bce8 100644
--- a/libavcodec/mpeg4videoenc.c
+++ b/libavcodec/mpeg4videoenc.c
@@ -1086,7 +1086,7 @@ static void mpeg4_encode_vol_header(MpegEncContext *s,
}
/* write mpeg4 VOP header */
-void ff_mpeg4_encode_picture_header(MpegEncContext *s, int picture_number)
+int ff_mpeg4_encode_picture_header(MpegEncContext *s, int picture_number)
{
int time_incr;
int time_div, time_mod;
@@ -1112,6 +1112,12 @@ void ff_mpeg4_encode_picture_header(MpegEncContext *s,
int picture_number)
time_mod = FFUMOD(s->time, s->avctx->time_base.den);
time_incr = time_div - s->last_time_base;
av_assert0(time_incr >= 0);
+
+// This limits the frame duration to max 1 hour
+if (time_incr > 3600) {
+av_log(s->avctx, AV_LOG_ERROR, "time_incr %d too large\n", time_incr);
+return AVERROR(EINVAL);
+}
while (time_incr--)
put_bits(&s->pb, 1, 1);
@@ -1137,6 +1143,8 @@ void ff_mpeg4_encode_picture_header(MpegEncContext *s,
int picture_number)
put_bits(&s->pb, 3, s->f_code); /* fcode_for */
if (s->pict_type == AV_PICTURE_TYPE_B)
put_bits(&s->pb, 3, s->b_code); /* fcode_back */
+
+return 0;
}
static av_cold void init_uni_dc_tab(void)
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index 89ab1c3..0d5 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -3836,9 +3836,11 @@ static int encode_picture(MpegEncContext *s, int
picture_number)
ff_wmv2_encode_picture_header(s, picture_number);
else if (CONFIG_MSMPEG4_ENCODER && s->msmpeg4_version)
ff_msmpeg4_encode_picture_header(s, picture_number);
-else if (CONFIG_MPEG4_ENCODER && s->h263_pred)
-ff_mpeg4_encode_picture_header(s, picture_number);
-else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) {
+else if (CONFIG_MPEG4_ENCODER && s->h263_pred) {
+ret = ff_mpeg4_encode_picture_header(s, picture_number);
+if (ret < 0)
+return ret;
+} else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) {
ret = ff_rv10_encode_picture_header(s, picture_number);
if (ret < 0)
return ret;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Correct two build/built typos
ffmpeg | branch: master | Timothy Gu | Mon Jan 11
20:51:03 2016 -0800| [d64d6edfc7f57293ac96b1417124c56bf40685d8] | committer:
Timothy Gu
Correct two build/built typos
Found-by: Leo Izen as thebombzen on IRC
Signed-off-by: Timothy Gu
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d64d6edfc7f57293ac96b1417124c56bf40685d8
---
libavdevice/v4l2.c |2 +-
libavutil/utils.c |2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavdevice/v4l2.c b/libavdevice/v4l2.c
index fee0fb0..383033e 100644
--- a/libavdevice/v4l2.c
+++ b/libavdevice/v4l2.c
@@ -126,7 +126,7 @@ static int device_open(AVFormatContext *ctx)
#if CONFIG_LIBV4L2
SET_WRAPPERS(v4l2_);
#else
-av_log(ctx, AV_LOG_ERROR, "libavdevice is not build with libv4l2
support.\n");
+av_log(ctx, AV_LOG_ERROR, "libavdevice is not built with libv4l2
support.\n");
return AVERROR(EINVAL);
#endif
} else {
diff --git a/libavutil/utils.c b/libavutil/utils.c
index e337c83..f409f32 100644
--- a/libavutil/utils.c
+++ b/libavutil/utils.c
@@ -53,7 +53,7 @@ unsigned avutil_version(void)
av_assert0(((size_t)-1) > 0); // C guarantees this but if false on a
platform we care about revert at least b284e1ffe343d6697fb950d1ee517bafda8a9844
if (av_sat_dadd32(1, 2) != 5) {
-av_log(NULL, AV_LOG_FATAL, "Libavutil has been build with a broken
binutils, please upgrade binutils and rebuild\n");
+av_log(NULL, AV_LOG_FATAL, "Libavutil has been built with a broken
binutils, please upgrade binutils and rebuild\n");
abort();
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
