From 8801fac365549a43a639e239faba409d8f91ef86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Wed, 25 Jan 2012 13:47:38 +0200 Subject: [PATCH 01/10] ismindex: Fix build on mingw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Storsjö --- tools/ismindex.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/ismindex.c b/tools/ismindex.c index 59d1286c46..5980869c24 100644 --- a/tools/ismindex.c +++ b/tools/ismindex.c @@ -35,6 +35,10 @@ #include #include #include +#ifdef _WIN32 +#include +#define mkdir(a, b) mkdir(a) +#endif #include "libavformat/avformat.h" #include "libavutil/intreadwrite.h" From d2ee8c17793201ce969afd1f433ba1580c143cd2 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 25 Jan 2012 14:34:21 -0800 Subject: [PATCH 02/10] matroskadec: Pad AAC extradata. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavformat/matroskadec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index e5fbd43266..5b919449f5 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -1440,7 +1440,7 @@ static int matroska_read_header(AVFormatContext *s, AVFormatParameters *ap) } else if (codec_id == CODEC_ID_AAC && !track->codec_priv.size) { int profile = matroska_aac_profile(track->codec_id); int sri = matroska_aac_sri(track->audio.samplerate); - extradata = av_malloc(5); + extradata = av_mallocz(5 + FF_INPUT_BUFFER_PADDING_SIZE); if (extradata == NULL) return AVERROR(ENOMEM); extradata[0] = (profile << 3) | ((sri&0x0E) >> 1); From b3461c29c1aee7d62eeb02a59d46593c60362679 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Wed, 18 Jan 2012 10:59:32 +0100 Subject: [PATCH 03/10] lavf: prevent infinite loops while flushing in avformat_find_stream_info If no data was seen for a stream decoder are returning 0 when fed with empty packets for flushing. We can stop flushing when the decoder does not return delayed delayed frames anymore. Changes try_decode_frame() return value to got_picture or negative error. CC: libav-stable@libav.org --- libavformat/utils.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 093389b386..17eec072d0 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -2130,6 +2130,7 @@ static int has_decode_delay_been_guessed(AVStream *st) st->info->nb_decoded_frames >= 6; } +/* returns 1 or 0 if or if not decoded data was returned, or a negative error */ static int try_decode_frame(AVStream *st, AVPacket *avpkt, AVDictionary **options) { AVCodec *codec; @@ -2177,6 +2178,7 @@ static int try_decode_frame(AVStream *st, AVPacket *avpkt, AVDictionary **option st->info->nb_decoded_frames++; pkt.data += ret; pkt.size -= ret; + ret = got_picture; } } return ret; @@ -2401,16 +2403,20 @@ int avformat_find_stream_info(AVFormatContext *ic, AVDictionary **options) st = ic->streams[i]; /* flush the decoders */ - while ((err = try_decode_frame(st, &empty_pkt, - (options && i < orig_nb_streams) ? - &options[i] : NULL)) >= 0) - if (has_codec_parameters(st->codec)) - break; + do { + err = try_decode_frame(st, &empty_pkt, + (options && i < orig_nb_streams) ? + &options[i] : NULL); + } while (err > 0 && !has_codec_parameters(st->codec)); - if (!has_codec_parameters(st->codec)){ + if (err < 0) { + av_log(ic, AV_LOG_WARNING, + "decoding for stream %d failed\n", st->index); + } else if (!has_codec_parameters(st->codec)){ char buf[256]; avcodec_string(buf, sizeof(buf), st->codec, 0); - av_log(ic, AV_LOG_WARNING, "Could not find codec parameters (%s)\n", buf); + av_log(ic, AV_LOG_WARNING, + "Could not find codec parameters (%s)\n", buf); } else { ret = 0; } From 7de9af65c737baca4bea7d11695118673c9a1451 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Wed, 25 Jan 2012 20:15:34 +0000 Subject: [PATCH 04/10] fate: add XWD image regression test Signed-off-by: Diego Biurrun --- tests/lavf-regression.sh | 4 ++++ tests/ref/lavf/xwd | 3 +++ 2 files changed, 7 insertions(+) create mode 100644 tests/ref/lavf/xwd diff --git a/tests/lavf-regression.sh b/tests/lavf-regression.sh index 4a72e0ac1c..db240b6a71 100755 --- a/tests/lavf-regression.sh +++ b/tests/lavf-regression.sh @@ -175,6 +175,10 @@ if [ -n "$do_pcx" ] ; then do_image_formats pcx fi +if [ -n "$do_xwd" ] ; then +do_image_formats xwd +fi + # audio only if [ -n "$do_wav" ] ; then diff --git a/tests/ref/lavf/xwd b/tests/ref/lavf/xwd new file mode 100644 index 0000000000..346183808f --- /dev/null +++ b/tests/ref/lavf/xwd @@ -0,0 +1,3 @@ +b838561f7df803ea14dd6307a9d3c5ec *./tests/data/images/xwd/02.xwd +./tests/data/images/xwd/%02d.xwd CRC=0x69b329cd +405615 ./tests/data/images/xwd/02.xwd From feaa40020b59e8abb2c70f2944a12cb068ab2850 Mon Sep 17 00:00:00 2001 From: Hendrik Leppkes Date: Fri, 13 Jan 2012 18:43:08 +0100 Subject: [PATCH 05/10] vc1: always read the bfraction element for interlaced fields Previously, it would not be read if refdist_flag was not set, however according to the spec and the reference decoder, it should always be read. Signed-off-by: Kostya Shishkov --- libavcodec/vc1.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c index 0a70062893..1394f2cd4b 100644 --- a/libavcodec/vc1.c +++ b/libavcodec/vc1.c @@ -894,20 +894,18 @@ int vc1_parse_frame_header_adv(VC1Context *v, GetBitContext* gb) if (v->field_mode) { if (!v->refdist_flag) v->refdist = 0; - else { - if ((v->s.pict_type != AV_PICTURE_TYPE_B) - && (v->s.pict_type != AV_PICTURE_TYPE_BI)) { - v->refdist = get_bits(gb, 2); - if (v->refdist == 3) - v->refdist += get_unary(gb, 0, 16); - } else { - v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); - v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; - v->frfd = (v->bfraction * v->refdist) >> 8; - v->brfd = v->refdist - v->frfd - 1; - if (v->brfd < 0) - v->brfd = 0; - } + else if ((v->s.pict_type != AV_PICTURE_TYPE_B) && (v->s.pict_type != AV_PICTURE_TYPE_BI)) { + v->refdist = get_bits(gb, 2); + if (v->refdist == 3) + v->refdist += get_unary(gb, 0, 16); + } + if ((v->s.pict_type == AV_PICTURE_TYPE_B) || (v->s.pict_type == AV_PICTURE_TYPE_BI)) { + v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1); + v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index]; + v->frfd = (v->bfraction * v->refdist) >> 8; + v->brfd = v->refdist - v->frfd - 1; + if (v->brfd < 0) + v->brfd = 0; } goto parse_common_info; } From 4fbd3e89e7cdbd0a2cc1b3554a5fb922ae45c862 Mon Sep 17 00:00:00 2001 From: Jean First Date: Thu, 26 Jan 2012 13:21:42 +0100 Subject: [PATCH 06/10] mxfdec: Employ correct printf conversion specifiers for POSIX int types. Signed-off-by: Jean First Signed-off-by: Diego Biurrun --- libavformat/mxfdec.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 0b514dbb24..4089d0f526 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -468,15 +468,18 @@ static int mxf_read_partition_pack(void *arg, AVIOContext *pb, int tag, int size /* some files don'thave FooterPartition set in every partition */ if (footer_partition) { if (mxf->footer_partition && mxf->footer_partition != footer_partition) { - av_log(mxf->fc, AV_LOG_ERROR, "inconsistent FooterPartition value: %li != %li\n", + av_log(mxf->fc, AV_LOG_ERROR, + "inconsistent FooterPartition value: %"PRIu64" != %"PRIu64"\n", mxf->footer_partition, footer_partition); } else { mxf->footer_partition = footer_partition; } } - av_dlog(mxf->fc, "PartitionPack: ThisPartition = 0x%lx, PreviousPartition = 0x%lx, " - "FooterPartition = 0x%lx, IndexSID = %i, BodySID = %i\n", + av_dlog(mxf->fc, + "PartitionPack: ThisPartition = 0x%"PRIX64 + ", PreviousPartition = 0x%"PRIX64", " + "FooterPartition = 0x%"PRIX64", IndexSID = %i, BodySID = %i\n", partition->this_partition, partition->previous_partition, footer_partition, partition->index_sid, partition->body_sid); @@ -957,7 +960,8 @@ static int mxf_absolute_bodysid_offset(MXFContext *mxf, int body_sid, int64_t of offset -= p->essence_length; } - av_log(mxf->fc, AV_LOG_ERROR, "failed to find absolute offset of %lx in BodySID %i - partial file?\n", + av_log(mxf->fc, AV_LOG_ERROR, + "failed to find absolute offset of %"PRIX64" in BodySID %i - partial file?\n", offset_in, body_sid); return AVERROR_INVALIDDATA; @@ -1597,7 +1601,8 @@ static void mxf_compute_essence_containers(MXFContext *mxf) if (p->essence_length < 0) { /* next ThisPartition < essence_offset */ p->essence_length = 0; - av_log(mxf->fc, AV_LOG_ERROR, "partition %i: bad ThisPartition = %lx\n", + av_log(mxf->fc, AV_LOG_ERROR, + "partition %i: bad ThisPartition = %"PRIX64"\n", x+1, mxf->partitions[x+1].this_partition); } } From 62271c4c9a1a4bea6c3de88019429d7f88c847ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomas=20H=C3=A4rdin?= Date: Thu, 26 Jan 2012 13:21:45 +0100 Subject: [PATCH 07/10] mxfdec: Fix files with essence containers larger than 2 GiB. For such files, accumulating into an int would cause an overflow. Signed-off-by: Diego Biurrun --- libavformat/mxfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index 4089d0f526..bbe862ff6a 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -994,7 +994,7 @@ static int64_t mxf_essence_container_end(MXFContext *mxf, int body_sid) static int mxf_edit_unit_absolute_offset(MXFContext *mxf, MXFIndexTable *index_table, int64_t edit_unit, int64_t *edit_unit_out, int64_t *offset_out, int nag) { int i; - int offset_temp = 0; + int64_t offset_temp = 0; for (i = 0; i < index_table->nb_segments; i++) { MXFIndexTableSegment *s = index_table->segments[i]; From dac56d9ce01eb9963f28f26b97a81db5cbd46c1c Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 25 Jan 2012 15:27:11 -0800 Subject: [PATCH 08/10] qdm2: Check data block size for bytes to bits overflow. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/qdm2.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c index 91c47a8ec2..6acb7d8362 100644 --- a/libavcodec/qdm2.c +++ b/libavcodec/qdm2.c @@ -1819,6 +1819,10 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx) extradata += 4; s->checksum_size = AV_RB32(extradata); + if (s->checksum_size >= 1U << 28) { + av_log(avctx, AV_LOG_ERROR, "data block size too large (%u)\n", s->checksum_size); + return AVERROR_INVALIDDATA; + } s->fft_order = av_log2(s->fft_size) + 1; s->fft_frame_size = 2 * s->fft_size; // complex has two floats From 90c0c83e1421fe97d37cb83c46f4135de377c8e7 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 25 Jan 2012 16:22:05 -0800 Subject: [PATCH 09/10] smacker: remove dead store --- libavcodec/smacker.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 0c7c40560f..1624e6ad0a 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -334,16 +334,14 @@ static av_always_inline void last_reset(int *recode, int *last) { /* get code and update history */ static av_always_inline int smk_get_code(GetBitContext *gb, int *recode, int *last) { register int *table = recode; - int v, b; + int v; - b = get_bits_count(gb); while(*table & SMK_NODE) { if(get_bits1(gb)) table += (*table) & (~SMK_NODE); table++; } v = *table; - b = get_bits_count(gb) - b; if(v != recode[last[0]]) { recode[last[2]] = recode[last[1]]; From 9adf25c1cf78dbf1d71bf386c49dc74cb8a60df0 Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 25 Jan 2012 16:12:42 -0800 Subject: [PATCH 10/10] smacker: Sanity check huffman tables found in the headers. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org --- libavcodec/smacker.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c index 1624e6ad0a..44331f267b 100644 --- a/libavcodec/smacker.c +++ b/libavcodec/smacker.c @@ -128,12 +128,12 @@ static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t pref */ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx) { + if (hc->current + 1 >= hc->length) { + av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n"); + return -1; + } if(!get_bits1(gb)){ //Leaf int val, i1, i2, b1, b2; - if(hc->current >= hc->length){ - av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n"); - return -1; - } b1 = get_bits_count(gb); i1 = ctx->v1->table ? get_vlc2(gb, ctx->v1->table, SMKTREE_BITS, 3) : 0; b1 = get_bits_count(gb) - b1; @@ -157,7 +157,7 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx hc->values[hc->current++] = val; return 1; } else { //Node - int r = 0, t; + int r = 0, r_new, t; t = hc->current++; r = smacker_decode_bigtree(gb, hc, ctx); @@ -165,8 +165,10 @@ static int smacker_decode_bigtree(GetBitContext *gb, HuffContext *hc, DBCtx *ctx return r; hc->values[t] = SMK_NODE | r; r++; - r += smacker_decode_bigtree(gb, hc, ctx); - return r; + r_new = smacker_decode_bigtree(gb, hc, ctx); + if (r_new < 0) + return r_new; + return r + r_new; } } @@ -181,6 +183,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int VLC vlc[2]; int escapes[3]; DBCtx ctx; + int err = 0; if(size >= UINT_MAX>>4){ // (((size + 3) >> 2) + 3) << 2 must not overflow av_log(smk->avctx, AV_LOG_ERROR, "size too large\n"); @@ -254,7 +257,8 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int huff.current = 0; huff.values = av_mallocz(huff.length * sizeof(int)); - smacker_decode_bigtree(gb, &huff, &ctx); + if (smacker_decode_bigtree(gb, &huff, &ctx) < 0) + err = -1; skip_bits1(gb); if(ctx.last[0] == -1) ctx.last[0] = huff.current++; if(ctx.last[1] == -1) ctx.last[1] = huff.current++; @@ -273,7 +277,7 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int av_free(tmp2.lengths); av_free(tmp2.values); - return 0; + return err; } static int decode_header_trees(SmackVContext *smk) {