From: Michael Niedermayer Date: Sat, 11 Feb 2012 00:22:22 +0000 (+0100) Subject: Merge remote-tracking branch 'qatar/master' X-Git-Tag: android-x86-4.4-r1~13439 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=a78f6b8cb98611a846a68f4bbb77e78fd5c175bf;p=android-x86%2Fexternal-ffmpeg.git Merge remote-tracking branch 'qatar/master' * qatar/master: (38 commits) v210enc: remove redundant check for pix_fmt wavpack: allow user to disable CRC checking v210enc: Use Bytestream2 functions cafdec: Check return value of avio_seek and avoid modifying state if it fails yop: Check return value of avio_seek and avoid modifying state if it fails tta: Check return value of avio_seek and avoid modifying state if it fails tmv: Check return value of avio_seek and avoid modifying state if it fails r3d: Check return value of avio_seek and avoid modifying state if it fails nsvdec: Check return value of avio_seek and avoid modifying state if it fails mpc8: Check return value of avio_seek and avoid modifying state if it fails jvdec: Check return value of avio_seek and avoid modifying state if it fails filmstripdec: Check return value of avio_seek and avoid modifying state if it fails ffmdec: Check return value of avio_seek and avoid modifying state if it fails dv: Check return value of avio_seek and avoid modifying state if it fails bink: Check return value of avio_seek and avoid modifying state if it fails Check AVCodec.pix_fmts in avcodec_open2() svq3: Prevent illegal reads while parsing extradata. remove ParseContext1 vc1: use ff_parse_close mpegvideo parser: move specific fields into private context ... Conflicts: libavcodec/4xm.c libavcodec/aacdec.c libavcodec/h264.c libavcodec/h264.h libavcodec/h264_cabac.c libavcodec/h264_cavlc.c libavcodec/mpeg4video_parser.c libavcodec/svq3.c libavcodec/v210enc.c libavformat/cafdec.c Merged-by: Michael Niedermayer --- a78f6b8cb98611a846a68f4bbb77e78fd5c175bf diff --cc libavcodec/4xm.c index 9581f94344,8d7db98653..f886e3e7a5 --- a/libavcodec/4xm.c +++ b/libavcodec/4xm.c @@@ -318,101 -329,88 +329,109 @@@ static inline void mcdc(uint16_t *dst, } } - static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int log2w, int log2h, int stride){ - const int index= size2index[log2h][log2w]; - const int h= 1<gb, block_type_vlc[1-(f->version>1)][index].table, BLOCK_TYPE_VLC_BITS, 1); - uint16_t *start= (uint16_t*)f->last_picture.data[0]; - uint16_t *end= start + stride*(f->avctx->height-h+1) - (1<=0 && code<=6); - - if(code == 0){ - if (f->g.buffer_end - f->g.buffer < 1){ + static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, + int log2w, int log2h, int stride) + { + const int index = size2index[log2h][log2w]; + const int h = 1 << log2h; + int code = get_vlc2(&f->gb, + block_type_vlc[1 - (f->version > 1)][index].table, + BLOCK_TYPE_VLC_BITS, 1); + uint16_t *start = (uint16_t *)f->last_picture.data[0]; + uint16_t *end = start + stride * (f->avctx->height - h + 1) - (1 << log2w); + + assert(code >= 0 && code <= 6); + + if (code == 0) { ++ if (f->g.buffer_end - f->g.buffer < 1) { + av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n"); + return; + } - src += f->mv[ *f->g.buffer++ ]; - if(start > src || src > end){ + src += f->mv[bytestream2_get_byte(&f->g)]; + if (start > src || src > end) { av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); return; } mcdc(dst, src, log2w, h, stride, 1, 0); - }else if(code == 1){ + } else if (code == 1) { log2h--; - decode_p_block(f, dst , src , log2w, log2h, stride); - decode_p_block(f, dst + (stride<version<2){ + decode_p_block(f, dst , src, log2w, log2h, stride); + decode_p_block(f, dst + (1 << log2w), + src + (1 << log2w), log2w, log2h, stride); + } else if (code == 3 && f->version < 2) { mcdc(dst, src, log2w, h, stride, 1, 0); - }else if(code == 4){ - if (f->g.buffer_end - f->g.buffer < 1){ + } else if (code == 4) { ++ if (f->g.buffer_end - f->g.buffer < 1) { + av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n"); + return; + } - src += f->mv[ *f->g.buffer++ ]; - if(start > src || src > end){ + src += f->mv[bytestream2_get_byte(&f->g)]; + if (start > src || src > end) { av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n"); return; } + if (f->g2.buffer_end - f->g2.buffer < 1){ + av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n"); + return; + } mcdc(dst, src, log2w, h, stride, 1, bytestream2_get_le16(&f->g2)); - }else if(code == 5){ - if (f->g2.buffer_end - f->g2.buffer < 1){ + } else if (code == 5) { ++ if (f->g2.buffer_end - f->g2.buffer < 1) { + av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n"); + return; + } mcdc(dst, src, log2w, h, stride, 0, bytestream2_get_le16(&f->g2)); - }else if(code == 6){ - if (f->g2.buffer_end - f->g2.buffer < 2){ + } else if (code == 6) { ++ if (f->g2.buffer_end - f->g2.buffer < 2) { + av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n"); + return; + } - if(log2w){ - dst[0] = bytestream2_get_le16(&f->g2); - dst[1] = bytestream2_get_le16(&f->g2); - }else{ - dst[0 ] = bytestream2_get_le16(&f->g2); + if (log2w) { + dst[0] = bytestream2_get_le16(&f->g2); + dst[1] = bytestream2_get_le16(&f->g2); + } else { + dst[0] = bytestream2_get_le16(&f->g2); dst[stride] = bytestream2_get_le16(&f->g2); } } } - static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){ + static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length) + { int x, y; - const int width= f->avctx->width; - const int height= f->avctx->height; - uint16_t *src= (uint16_t*)f->last_picture.data[0]; - uint16_t *dst= (uint16_t*)f->current_picture.data[0]; - const int stride= f->current_picture.linesize[0]>>1; - unsigned int bitstream_size, bytestream_size, wordstream_size, extra, bytestream_offset, wordstream_offset; - - if(f->version>1){ - extra=20; + const int width = f->avctx->width; + const int height = f->avctx->height; + uint16_t *src = (uint16_t *)f->last_picture.data[0]; + uint16_t *dst = (uint16_t *)f->current_picture.data[0]; + const int stride = f->current_picture.linesize[0] >> 1; + unsigned int bitstream_size, bytestream_size, wordstream_size, extra, + bytestream_offset, wordstream_offset; + + if (f->version > 1) { + extra = 20; + if (length < extra) + return -1; - bitstream_size= AV_RL32(buf+8); - wordstream_size= AV_RL32(buf+12); - bytestream_size= AV_RL32(buf+16); - }else{ - extra=0; - bitstream_size = AV_RL16(buf-4); - wordstream_size= AV_RL16(buf-2); - bytestream_size= FFMAX(length - bitstream_size - wordstream_size, 0); + bitstream_size = AV_RL32(buf + 8); + wordstream_size = AV_RL32(buf + 12); + bytestream_size = AV_RL32(buf + 16); + } else { + extra = 0; + bitstream_size = AV_RL16(buf - 4); + wordstream_size = AV_RL16(buf - 2); + bytestream_size = FFMAX(length - bitstream_size - wordstream_size, 0); } - if (bitstream_size + bytestream_size + wordstream_size + extra != length - || bitstream_size > (1 << 26) - || bytestream_size > (1 << 26) - || wordstream_size > (1 << 26)) { - av_log(f->avctx, AV_LOG_ERROR, "lengths %d %d %d %d\n", - bitstream_size, bytestream_size, wordstream_size, - bitstream_size + bytestream_size + wordstream_size - length); + if (bitstream_size > length || + bytestream_size > length - bitstream_size || + wordstream_size > length - bytestream_size - bitstream_size || - extra > length - bytestream_size - bitstream_size - wordstream_size){ ++ extra > length - bytestream_size - bitstream_size - wordstream_size) { + av_log(f->avctx, AV_LOG_ERROR, "lengths %d %d %d %d\n", bitstream_size, bytestream_size, wordstream_size, + bitstream_size+ bytestream_size+ wordstream_size - length); return -1; } @@@ -445,29 -447,23 +468,28 @@@ * decode block and dequantize. * Note this is almost identical to MJPEG. */ - static int decode_i_block(FourXContext *f, DCTELEM *block){ + static int decode_i_block(FourXContext *f, DCTELEM *block) + { int code, i, j, level, val; - if(get_bits_left(&f->gb) < 2){ ++ if (get_bits_left(&f->gb) < 2){ + av_log(f->avctx, AV_LOG_ERROR, "%d bits left before decode_i_block()\n", get_bits_left(&f->gb)); + return -1; + } + /* DC coef */ val = get_vlc2(&f->pre_gb, f->pre_vlc.table, ACDC_VLC_BITS, 3); - if (val>>4){ + if (val >> 4) av_log(f->avctx, AV_LOG_ERROR, "error dc run != 0\n"); - } - if(val) + if (val) val = get_xbits(&f->gb, val); - val = val * dequant_table[0] + f->last_dc; - f->last_dc = - block[0] = val; + val = val * dequant_table[0] + f->last_dc; + f->last_dc = block[0] = val; /* AC coefs */ i = 1; - for(;;) { + for (;;) { code = get_vlc2(&f->pre_gb, f->pre_vlc.table, ACDC_VLC_BITS, 3); /* EOB */ @@@ -551,51 -549,55 +575,58 @@@ static int decode_i_mb(FourXContext *f return 0; } - static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf, int buf_size){ + static const uint8_t *read_huffman_tables(FourXContext *f, - const uint8_t * const buf) ++ const uint8_t * const buf, int buf_size) + { int frequency[512]; uint8_t flag[512]; int up[512]; uint8_t len_tab[257]; int bits_tab[257]; int start, end; - const uint8_t *ptr= buf; + const uint8_t *ptr = buf; + const uint8_t *ptr_end = buf + buf_size; int j; memset(frequency, 0, sizeof(frequency)); memset(up, -1, sizeof(up)); - start= *ptr++; - end= *ptr++; - for(;;){ + start = *ptr++; + end = *ptr++; + for (;;) { int i; + if (start <= end && ptr_end - ptr < end - start + 1 + 1) + return NULL; - for(i=start; i<=end; i++){ - frequency[i]= *ptr++; - } - start= *ptr++; - if(start==0) break; + for (i = start; i <= end; i++) + frequency[i] = *ptr++; + start = *ptr++; + if (start == 0) + break; - end= *ptr++; + end = *ptr++; } - frequency[256]=1; + frequency[256] = 1; - while((ptr - buf)&3) ptr++; // 4byte align + while ((ptr - buf) & 3) + ptr++; // 4byte align - for(j=257; j<512; j++){ - int min_freq[2]= {256*256, 256*256}; - int smallest[2]= {0, 0}; + for (j = 257; j < 512; j++) { + int min_freq[2] = { 256 * 256, 256 * 256 }; + int smallest[2] = { 0, 0 }; int i; - for(i=0; i>5; - int red = 2*(c0>>10) + (c1>>10); - return red/3*1024 + green/3*32 + blue/3; + static int mix(int c0, int c1) + { + int blue = 2 * (c0 & 0x001F) + (c1 & 0x001F); + int green = (2 * (c0 & 0x03E0) + (c1 & 0x03E0)) >> 5; + int red = 2 * (c0 >> 10) + (c1 >> 10); + return red / 3 * 1024 + green / 3 * 32 + blue / 3; } - static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){ + static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length) + { int x, y, x2, y2; - const int width= f->avctx->width; - const int height= f->avctx->height; - const int mbs = (FFALIGN(width, 16) >> 4) * (FFALIGN(height, 16) >> 4); - uint16_t *dst= (uint16_t*)f->current_picture.data[0]; - const int stride= f->current_picture.linesize[0]>>1; + const int width = f->avctx->width; + const int height = f->avctx->height; + const int mbs = (FFALIGN(width, 16) >> 4) * (FFALIGN(height, 16) >> 4); + uint16_t *dst = (uint16_t*)f->current_picture.data[0]; + const int stride = f->current_picture.linesize[0]>>1; + const uint8_t *buf_end = buf + length; GetByteContext g3; - if(length < mbs * 8) { + if (length < mbs * 8) { av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n"); return AVERROR_INVALIDDATA; } bytestream2_init(&g3, buf, length); - for(y=0; y>2) + 8*(y2>>2); - dst[y2*stride+x2]= color[(bits>>index)&3]; + // warning following is purely guessed ... + color[0] = bytestream2_get_le16u(&g3); + color[1] = bytestream2_get_le16u(&g3); + + if (color[0] & 0x8000) + av_log(NULL, AV_LOG_ERROR, "unk bit 1\n"); + if (color[1] & 0x8000) + av_log(NULL, AV_LOG_ERROR, "unk bit 2\n"); + + color[2] = mix(color[0], color[1]); + color[3] = mix(color[1], color[0]); + + bits = bytestream2_get_le32u(&g3); + for (y2 = 0; y2 < 16; y2++) { + for (x2 = 0; x2 < 16; x2++) { + int index = 2 * (x2 >> 2) + 8 * (y2 >> 2); + dst[y2 * stride + x2] = color[(bits >> index) & 3]; } } - dst+=16; + dst += 16; } dst += 16 * stride - x; } @@@ -686,11 -690,13 +722,12 @@@ return 0; } - static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length){ + static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length) + { int x, y; - const int width= f->avctx->width; - const int height= f->avctx->height; - const unsigned int bitstream_size= AV_RL32(buf); + const int width = f->avctx->width; + const int height = f->avctx->height; + const unsigned int bitstream_size = AV_RL32(buf); - int token_count av_unused; unsigned int prestream_size; const uint8_t *prestream; @@@ -699,35 -705,39 +736,40 @@@ return AVERROR_INVALIDDATA; } - token_count = AV_RL32(buf + bitstream_size + 8); prestream_size = 4 * AV_RL32(buf + bitstream_size + 4); - prestream = buf + bitstream_size + 12; + prestream = buf + bitstream_size + 12; - if (prestream_size > (1<<26) || - prestream_size != length - (bitstream_size + 12)){ - av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n", prestream_size, bitstream_size, length); + if (prestream_size + bitstream_size + 12 != length + || bitstream_size > (1 << 26) + || prestream_size > (1 << 26)) { + av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n", + prestream_size, bitstream_size, length); return -1; } - prestream= read_huffman_tables(f, prestream, buf + length - prestream); - prestream = read_huffman_tables(f, prestream); ++ prestream = read_huffman_tables(f, prestream, buf + length - prestream); + if (!prestream) + return -1; - init_get_bits(&f->gb, buf + 4, 8*bitstream_size); + init_get_bits(&f->gb, buf + 4, 8 * bitstream_size); - prestream_size= length + buf - prestream; + prestream_size = length + buf - prestream; - av_fast_malloc(&f->bitstream_buffer, &f->bitstream_buffer_size, prestream_size + FF_INPUT_BUFFER_PADDING_SIZE); + av_fast_malloc(&f->bitstream_buffer, &f->bitstream_buffer_size, + prestream_size + FF_INPUT_BUFFER_PADDING_SIZE); if (!f->bitstream_buffer) return AVERROR(ENOMEM); - f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)prestream, prestream_size/4); - memset((uint8_t*)f->bitstream_buffer + prestream_size, 0, FF_INPUT_BUFFER_PADDING_SIZE); - init_get_bits(&f->pre_gb, f->bitstream_buffer, 8*prestream_size); + f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)prestream, + prestream_size / 4); + memset((uint8_t*)f->bitstream_buffer + prestream_size, + 0, FF_INPUT_BUFFER_PADDING_SIZE); + init_get_bits(&f->pre_gb, f->bitstream_buffer, 8 * prestream_size); - f->last_dc= 0*128*8*8; + f->last_dc = 0 * 128 * 8 * 8; - for(y=0; yavctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size, AV_RL32(buf+4)); - } - - if(frame_4cc == AV_RL32("cfrm")){ - int free_index=-1; - const int data_size= buf_size - 20; - const int id= AV_RL32(buf+12); - const int whole_size= AV_RL32(buf+16); + frame_4cc = AV_RL32(buf); + if (buf_size != AV_RL32(buf + 4) + 8 || buf_size < 20) + av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", + buf_size, AV_RL32(buf + 4)); + + if (frame_4cc == AV_RL32("cfrm")) { + int free_index = -1; + const int data_size = buf_size - 20; + const int id = AV_RL32(buf + 12); + const int whole_size = AV_RL32(buf + 16); CFrameBuffer *cfrm; - if (data_size < 0 || whole_size < 0){ ++ if (data_size < 0 || whole_size < 0) { + av_log(f->avctx, AV_LOG_ERROR, "sizes invalid\n"); + return AVERROR_INVALIDDATA; + } + - for(i=0; icfrm[i].id && f->cfrm[i].id < avctx->frame_number) - av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n", f->cfrm[i].id); - } + for (i = 0; i < CFRAME_BUFFER_COUNT; i++) + if (f->cfrm[i].id && f->cfrm[i].id < avctx->frame_number) + av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n", + f->cfrm[i].id); - for(i=0; icfrm[i].id == id) break; - if(f->cfrm[i].size == 0 ) free_index= i; + for (i = 0; i < CFRAME_BUFFER_COUNT; i++) { + if (f->cfrm[i].id == id) + break; + if (f->cfrm[i].size == 0) + free_index = i; } - if(i>=CFRAME_BUFFER_COUNT){ - i= free_index; - f->cfrm[i].id= id; + if (i >= CFRAME_BUFFER_COUNT) { + i = free_index; + f->cfrm[i].id = id; } - cfrm= &f->cfrm[i]; + cfrm = &f->cfrm[i]; + if (data_size > UINT_MAX - cfrm->size - FF_INPUT_BUFFER_PADDING_SIZE) + return AVERROR_INVALIDDATA; - cfrm->data= av_fast_realloc(cfrm->data, &cfrm->allocated_size, cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE); - if(!cfrm->data){ //explicit check needed as memcpy below might not catch a NULL ++ + cfrm->data = av_fast_realloc(cfrm->data, &cfrm->allocated_size, + cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE); + // explicit check needed as memcpy below might not catch a NULL + if (!cfrm->data) { av_log(f->avctx, AV_LOG_ERROR, "realloc falure"); return -1; } - memcpy(cfrm->data + cfrm->size, buf+20, data_size); + memcpy(cfrm->data + cfrm->size, buf + 20, data_size); cfrm->size += data_size; - if(cfrm->size >= whole_size){ - buf= cfrm->data; - frame_size= cfrm->size; + if (cfrm->size >= whole_size) { + buf = cfrm->data; + frame_size = cfrm->size; - if(id != avctx->frame_number){ - av_log(f->avctx, AV_LOG_ERROR, "cframe id mismatch %d %d\n", id, avctx->frame_number); - } + if (id != avctx->frame_number) + av_log(f->avctx, AV_LOG_ERROR, "cframe id mismatch %d %d\n", + id, avctx->frame_number); - cfrm->size= cfrm->id= 0; - frame_4cc= AV_RL32("pfrm"); - }else + cfrm->size = cfrm->id = 0; + frame_4cc = AV_RL32("pfrm"); + } else return buf_size; - }else{ - buf= buf + 12; - frame_size= buf_size - 12; + } else { + buf = buf + 12; + frame_size = buf_size - 12; } - temp= f->current_picture; - f->current_picture= f->last_picture; - f->last_picture= temp; + temp = f->current_picture; + f->current_picture = f->last_picture; + f->last_picture = temp; - p= &f->current_picture; - avctx->coded_frame= p; + p = &f->current_picture; + avctx->coded_frame = p; - avctx->flags |= CODEC_FLAG_EMU_EDGE; // alternatively we would have to use our own buffer management + // alternatively we would have to use our own buffer management + avctx->flags |= CODEC_FLAG_EMU_EDGE; - if (p->data[0]) - avctx->release_buffer(avctx, p); - - p->reference = 1; - if (avctx->get_buffer(avctx, p) < 0) { - av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); + p->reference= 3; + if (avctx->reget_buffer(avctx, p) < 0) { + av_log(avctx, AV_LOG_ERROR, "reget_buffer() failed\n"); return -1; } - if(frame_4cc == AV_RL32("ifr2")){ + if (frame_4cc == AV_RL32("ifr2")) { - p->pict_type = AV_PICTURE_TYPE_I; - if (decode_i2_frame(f, buf - 4, frame_size + 4) < 0) + p->pict_type= AV_PICTURE_TYPE_I; - if(decode_i2_frame(f, buf-4, frame_size + 4) < 0) { ++ if (decode_i2_frame(f, buf - 4, frame_size + 4) < 0) { + av_log(f->avctx, AV_LOG_ERROR, "decode i2 frame failed\n"); return -1; + } - }else if(frame_4cc == AV_RL32("ifrm")){ + } else if (frame_4cc == AV_RL32("ifrm")) { - p->pict_type = AV_PICTURE_TYPE_I; - if (decode_i_frame(f, buf, frame_size) < 0) + p->pict_type= AV_PICTURE_TYPE_I; - if(decode_i_frame(f, buf, frame_size) < 0){ ++ if (decode_i_frame(f, buf, frame_size) < 0) { + av_log(f->avctx, AV_LOG_ERROR, "decode i frame failed\n"); return -1; + } - }else if(frame_4cc == AV_RL32("pfrm") || frame_4cc == AV_RL32("pfr2")){ - if(!f->last_picture.data[0]){ - f->last_picture.reference= 3; - if(avctx->get_buffer(avctx, &f->last_picture) < 0){ + } else if (frame_4cc == AV_RL32("pfrm") || frame_4cc == AV_RL32("pfr2")) { + if (!f->last_picture.data[0]) { - f->last_picture.reference = 1; ++ f->last_picture.reference = 3; + if (avctx->get_buffer(avctx, &f->last_picture) < 0) { av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); return -1; } } - p->pict_type= AV_PICTURE_TYPE_P; - if(decode_p_frame(f, buf, frame_size) < 0){ + p->pict_type = AV_PICTURE_TYPE_P; - if (decode_p_frame(f, buf, frame_size) < 0) ++ if (decode_p_frame(f, buf, frame_size) < 0) { + av_log(f->avctx, AV_LOG_ERROR, "decode p frame failed\n"); return -1; + } - }else if(frame_4cc == AV_RL32("snd_")){ - av_log(avctx, AV_LOG_ERROR, "ignoring snd_ chunk length:%d\n", buf_size); - }else{ - av_log(avctx, AV_LOG_ERROR, "ignoring unknown chunk length:%d\n", buf_size); + } else if (frame_4cc == AV_RL32("snd_")) { + av_log(avctx, AV_LOG_ERROR, "ignoring snd_ chunk length:%d\n", + buf_size); + } else { + av_log(avctx, AV_LOG_ERROR, "ignoring unknown chunk length:%d\n", + buf_size); } - p->key_frame= p->pict_type == AV_PICTURE_TYPE_I; + p->key_frame = p->pict_type == AV_PICTURE_TYPE_I; - *picture= *p; + *picture = *p; *data_size = sizeof(AVPicture); emms_c(); @@@ -887,14 -893,8 +938,14 @@@ static av_cold int decode_init(AVCodecC av_log(avctx, AV_LOG_ERROR, "extradata wrong or missing\n"); return 1; } + if((avctx->width % 16) || (avctx->height % 16)) { + av_log(avctx, AV_LOG_ERROR, "unsupported width/height\n"); + return AVERROR_INVALIDDATA; + } + avcodec_get_frame_defaults(&f->current_picture); + avcodec_get_frame_defaults(&f->last_picture); - f->version= AV_RL32(avctx->extradata)>>16; + f->version = AV_RL32(avctx->extradata) >> 16; common_init(avctx); init_vlcs(f); diff --cc libavcodec/aacdec.c index 4e591222fc,1100a61d3e..a206a47acc --- a/libavcodec/aacdec.c +++ b/libavcodec/aacdec.c @@@ -226,43 -408,32 +408,32 @@@ static av_cold int output_configure(AAC int channel_config, enum OCStatus oc_type) { AVCodecContext *avctx = ac->avctx; - int i, type, channels = 0, ret; - - if (new_che_pos) - memcpy(ac->che_pos, new_che_pos, 4 * MAX_ELEM_ID * sizeof(new_che_pos[0][0])); - - if (channel_config) { - for (i = 0; i < tags_per_config[channel_config]; i++) { - int id = aac_channel_layout_map[channel_config - 1][i][1]; - type = aac_channel_layout_map[channel_config - 1][i][0]; - if ((ret = che_configure(ac, ac->che_pos[type][id], - type, id, &channels))) - return ret; - } + int i, channels = 0, ret; + uint64_t layout = 0; - memset(ac->tag_che_map, 0, 4 * MAX_ELEM_ID * sizeof(ac->che[0][0])); - - avctx->channel_layout = aac_channel_layout[channel_config - 1]; - } else { - /* Allocate or free elements depending on if they are in the - * current program configuration. - * - * Set up default 1:1 output mapping. - */ - - for (i = 0; i < MAX_ELEM_ID; i++) { - for (type = 0; type < 4; type++) { - if ((ret = che_configure(ac, ac->che_pos[type][i], - type, i, &channels))) - return ret; - } - } + if (ac->layout_map != layout_map) { + memcpy(ac->layout_map, layout_map, tags * sizeof(layout_map[0])); + ac->layout_map_tags = tags; + } - memcpy(ac->tag_che_map, ac->che, 4 * MAX_ELEM_ID * sizeof(ac->che[0][0])); + // Try to sniff a reasonable channel order, otherwise output the + // channels in the order the PCE declared them. + if (avctx->request_channel_layout != AV_CH_LAYOUT_NATIVE) + layout = sniff_channel_order(layout_map, tags); + for (i = 0; i < tags; i++) { + int type = layout_map[i][0]; + int id = layout_map[i][1]; + int position = layout_map[i][2]; + // Allocate or free elements depending on if they are in the + // current program configuration. + ret = che_configure(ac, position, type, id, &channels); + if (ret < 0) + return ret; } + memcpy(ac->tag_che_map, ac->che, 4 * MAX_ELEM_ID * sizeof(ac->che[0][0])); - avctx->channel_layout = layout; ++ if (layout) avctx->channel_layout = layout; avctx->channels = channels; - ac->output_configured = oc_type; return 0; @@@ -338,14 -507,14 +524,18 @@@ static int decode_pce(AVCodecContext *a if (get_bits1(gb)) skip_bits(gb, 3); // mixdown_coeff_index and pseudo_surround + if (get_bits_left(gb) < 4 * (num_front + num_side + num_back + num_lfe + num_assoc_data + num_cc)) { + av_log(avctx, AV_LOG_ERROR, overread_err); + return -1; + } - decode_channel_map(new_che_pos[TYPE_CPE], new_che_pos[TYPE_SCE], AAC_CHANNEL_FRONT, gb, num_front); - decode_channel_map(new_che_pos[TYPE_CPE], new_che_pos[TYPE_SCE], AAC_CHANNEL_SIDE, gb, num_side ); - decode_channel_map(new_che_pos[TYPE_CPE], new_che_pos[TYPE_SCE], AAC_CHANNEL_BACK, gb, num_back ); - decode_channel_map(NULL, new_che_pos[TYPE_LFE], AAC_CHANNEL_LFE, gb, num_lfe ); + decode_channel_map(layout_map , AAC_CHANNEL_FRONT, gb, num_front); + tags = num_front; + decode_channel_map(layout_map + tags, AAC_CHANNEL_SIDE, gb, num_side); + tags += num_side; + decode_channel_map(layout_map + tags, AAC_CHANNEL_BACK, gb, num_back); + tags += num_back; + decode_channel_map(layout_map + tags, AAC_CHANNEL_LFE, gb, num_lfe); + tags += num_lfe; skip_bits_long(gb, 4 * num_assoc_data); @@@ -2210,16 -2353,18 +2375,19 @@@ static int aac_decode_frame_int(AVCodec break; case TYPE_PCE: { - enum ChannelPosition new_che_pos[4][MAX_ELEM_ID]; - memset(new_che_pos, 0, 4 * MAX_ELEM_ID * sizeof(new_che_pos[0][0])); - if ((err = decode_pce(avctx, &ac->m4ac, new_che_pos, gb))) + uint8_t layout_map[MAX_ELEM_ID*4][3]; + int tags; + tags = decode_pce(avctx, &ac->m4ac, layout_map, gb); + if (tags < 0) { + err = tags; break; + } if (ac->output_configured > OC_TRIAL_PCE) - av_log(avctx, AV_LOG_ERROR, - "Not evaluating a further program_config_element as this construct is dubious at best.\n"); - else - err = output_configure(ac, layout_map, tags, 0, OC_TRIAL_PCE); + av_log(avctx, AV_LOG_INFO, + "Evaluating a further program_config_element.\n"); - err = output_configure(ac, new_che_pos, 0, OC_TRIAL_PCE); ++ err = output_configure(ac, layout_map, tags, 0, OC_TRIAL_PCE); + if (!err) + ac->m4ac.chan_config = 0; break; } diff --cc libavcodec/dvdata.h index 557e744b8e,d729b4dff5..8c1be96183 --- a/libavcodec/dvdata.h +++ b/libavcodec/dvdata.h @@@ -275,44 -107,7 +107,9 @@@ enum dv_pack_type #define DV_MAX_BPM 8 const DVprofile* avpriv_dv_frame_profile(const DVprofile *sys, - const uint8_t* frame, unsigned buf_size); + const uint8_t* frame, unsigned buf_size); +const DVprofile* avpriv_dv_frame_profile2(AVCodecContext* codec, const DVprofile *sys, + const uint8_t* frame, unsigned buf_size); const DVprofile* avpriv_dv_codec_profile(AVCodecContext* codec); - static inline int dv_write_dif_id(enum dv_section_type t, uint8_t chan_num, - uint8_t seq_num, uint8_t dif_num, - uint8_t* buf) - { - buf[0] = (uint8_t)t; /* Section type */ - buf[1] = (seq_num << 4) | /* DIF seq number 0-9 for 525/60; 0-11 for 625/50 */ - (chan_num << 3) | /* FSC: for 50Mb/s 0 - first channel; 1 - second */ - 7; /* reserved -- always 1 */ - buf[2] = dif_num; /* DIF block number Video: 0-134, Audio: 0-8 */ - return 3; - } - - - static inline int dv_write_ssyb_id(uint8_t syb_num, uint8_t fr, uint8_t* buf) - { - if (syb_num == 0 || syb_num == 6) { - buf[0] = (fr << 7) | /* FR ID 1 - first half of each channel; 0 - second */ - (0 << 4) | /* AP3 (Subcode application ID) */ - 0x0f; /* reserved -- always 1 */ - } - else if (syb_num == 11) { - buf[0] = (fr << 7) | /* FR ID 1 - first half of each channel; 0 - second */ - 0x7f; /* reserved -- always 1 */ - } - else { - buf[0] = (fr << 7) | /* FR ID 1 - first half of each channel; 0 - second */ - (0 << 4) | /* APT (Track application ID) */ - 0x0f; /* reserved -- always 1 */ - } - buf[1] = 0xf0 | /* reserved -- always 1 */ - (syb_num & 0x0f); /* SSYB number 0 - 11 */ - buf[2] = 0xff; /* reserved -- always 1 */ - return 3; - } - #endif /* AVCODEC_DVDATA_H */ diff --cc libavcodec/h264.c index 7a16bdaedc,a80183b4a1..48aaddfe68 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@@ -102,9 -99,13 +102,9 @@@ int ff_h264_check_intra4x4_pred_mode(H2 } return 0; -} //FIXME cleanup like ff_h264_check_intra_pred_mode +} //FIXME cleanup like check_intra_pred_mode - static int check_intra_pred_mode(H264Context *h, int mode, int is_chroma){ -/** - * Check if the top & left blocks are available if needed and - * change the dc mode so it only uses the available blocks. - */ + int ff_h264_check_intra_pred_mode(H264Context *h, int mode, int is_chroma){ MpegEncContext * const s = &h->s; static const int8_t top [7]= {LEFT_DC_PRED8x8, 1,-1,-1}; static const int8_t left[7]= { TOP_DC_PRED8x8,-1, 2,-1,DC_128_PRED8x8}; @@@ -136,23 -137,6 +136,7 @@@ return mode; } - /** - * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks. - */ - int ff_h264_check_intra16x16_pred_mode(H264Context *h, int mode) - { - return check_intra_pred_mode(h, mode, 0); - } - - /** - * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks. - */ - int ff_h264_check_intra_chroma_pred_mode(H264Context *h, int mode) - { - return check_intra_pred_mode(h, mode, 1); - } - + const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_length, int *consumed, int length){ int i, si, di; uint8_t *dst; diff --cc libavcodec/h264.h index 495439f738,8680f5fdbd..d0dfca3442 --- a/libavcodec/h264.h +++ b/libavcodec/h264.h @@@ -671,15 -654,10 +671,7 @@@ void ff_generate_sliding_window_mmcos(H */ int ff_h264_check_intra4x4_pred_mode(H264Context *h); - /** - * Check if the top & left blocks are available if needed & change the dc mode so it only uses the available blocks. - */ - int ff_h264_check_intra16x16_pred_mode(H264Context *h, int mode); - --/** -- * Check if the top & left blocks are available if needed & change the dc mode so it only uses the available blocks. -- */ - int ff_h264_check_intra_chroma_pred_mode(H264Context *h, int mode); + int ff_h264_check_intra_pred_mode(H264Context *h, int mode, int is_chroma); void ff_h264_hl_decode_mb(H264Context *h); int ff_h264_frame_start(H264Context *h); diff --cc libavcodec/mpeg4video_parser.c index 3bd2b14291,5362ad8d82..e9d713f371 --- a/libavcodec/mpeg4video_parser.c +++ b/libavcodec/mpeg4video_parser.c @@@ -95,14 -98,10 +100,11 @@@ static int av_mpeg4_decode_header(AVCod static av_cold int mpeg4video_parse_init(AVCodecParserContext *s) { - ParseContext1 *pc = s->priv_data; + struct Mp4vParseContext *pc = s->priv_data; - pc->enc = av_mallocz(sizeof(MpegEncContext)); - if (!pc->enc) - return -1; pc->first_picture = 1; - pc->enc->quant_precision=5; - pc->enc->slice_context_count = 1; ++ pc->enc.quant_precision=5; + pc->enc.slice_context_count = 1; return 0; } diff --cc libavcodec/svq3.c index d96ce8ee8d,eeb8ed7051..aec56fd161 --- a/libavcodec/svq3.c +++ b/libavcodec/svq3.c @@@ -831,13 -831,17 +833,18 @@@ static av_cold int svq3_decode_init(AVC svq3->thirdpel_flag = 1; svq3->unknown_flag = 0; + /* prowl for the "SEQH" marker in the extradata */ extradata = (unsigned char *)avctx->extradata; - for (m = 0; m < avctx->extradata_size; m++) { - if (!memcmp(extradata, "SEQH", 4)) - break; - extradata++; + extradata_end = avctx->extradata + avctx->extradata_size; + if (extradata) { + for (m = 0; m + 8 < avctx->extradata_size; m++) { + if (!memcmp(extradata, "SEQH", 4)) { + marker_found = 1; + break; + } + extradata++; + } } /* if a match was found, parse the extra data */ diff --cc libavcodec/v210enc.c index a2efb5e83f,d5445cb973..2bf60d7bfc --- a/libavcodec/v210enc.c +++ b/libavcodec/v210enc.c @@@ -90,19 -87,18 +87,18 @@@ static int encode_frame(AVCodecContext val = CLIP(*y++); if (w == avctx->width - 2) - bytestream_put_le32(&p, val); + bytestream2_put_le32u(&p, val); - } - if (w < avctx->width - 3) { - val |= (CLIP(*u++) << 10) | (CLIP(*y++) << 20); - bytestream2_put_le32u(&p, val); + if (w < avctx->width - 3) { + val |= (CLIP(*u++) << 10) | (CLIP(*y++) << 20); - bytestream_put_le32(&p, val); ++ bytestream2_put_le32u(&p, val); - val = CLIP(*v++) | (CLIP(*y++) << 10); - bytestream2_put_le32u(&p, val); + val = CLIP(*v++) | (CLIP(*y++) << 10); - bytestream_put_le32(&p, val); ++ bytestream2_put_le32u(&p, val); + } } - pdst += stride; - memset(p, 0, pdst - p); - p = pdst; + bytestream2_set_buffer(&p, 0, line_padding); + y += pic->linesize[0] / 2 - avctx->width; u += pic->linesize[1] / 2 - avctx->width / 2; v += pic->linesize[2] / 2 - avctx->width / 2;