Timo Teräs [Sat, 28 Nov 2015 06:27:39 +0000 (08:27 +0200)]
mpegencts: Fix overflow in cbr mode period calculations
ts->mux_rate is int (signed 32-bit) type. The period calculations
will start to overflow when mux_rate > 5mbps. This fixes overflows
by converting first to 64-bit type.
Fixes #5044.
Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The fps variable is explicitly set to -1 in case of some errors, the check must
thus be signed or the code setting it needs to use 0 as error code
the type of the field could be changed as well but its in an installed header
Fixes: integer overflow Fixes: 9982cc157b1ea90429435640a989122f/asan_generic_3ad004a_3799_22cf198d9cd09928e2d9ad250474fa58.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/jpeg2000: fix type of arguments of tag_tree_size
Fixes: out of array read Fixes: 36b8096fefab16c4c9326a508053e95c/signal_sigsegv_1d9ce18_3233_1a55196b018106dfabeace071a432d9e.r3d Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avutil/crc: avoid needless space wastage of hardcoded crc table
There was no reason AFAIK for making AV_CRC_24_IEEE 12. This simply
resulted in wasted space under --enable-hardcoded-tables:
dynamic: 1318672 libavutil/libavutil.so.55
old : 1330680 libavutil/libavutil.so.55
new : 1326488 libavutil/libavutil.so.55
Minor version number is bumped, with ifdefry due to API breakage.
Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Paul B Mahol [Tue, 1 Dec 2015 19:09:08 +0000 (20:09 +0100)]
avfilter/af_compand: do not clip; allow >0dB curve points
Do not clip output samples, so that clipping can be handled by other filters.
Alow setting curve points above 0dB. This is useful when operating with floats.
avcodec/apedec: Check length in long_filter_high_3800()
Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Claudio Freire [Tue, 1 Dec 2015 06:28:36 +0000 (03:28 -0300)]
AAC encoder: improve SF range utilization
This patch does 4 things, all of which interact and thus it
woudln't be possible to commit them separately without causing
either quality regressions or assertion failures.
Fate comparison targets don't all reflect improvements in
quality, yet listening tests show substantially improved quality
and stability.
1. Increase SF range utilization.
The spec requires SF delta values to be constrained within the
range -60..60. The previous code was applying that range to
the whole SF array and not only the deltas of consecutive values,
because doing so requires smarter code: zeroing or otherwise
skipping a band may invalidate lots of SF choices.
This patch implements that logic to allow the coders to utilize
the full dynamic range of scalefactors, increasing quality quite
considerably, and fixing delta-SF-related assertion failures,
since now the limitation is enforced rather than asserted.
2. PNS tweaks
The previous modification makes big improvements in twoloop's
efficiency, and every time that happens PNS logic needs to be
tweaked accordingly to avoid it from stepping all over twoloop's
decisions. This patch includes modifications of the sort.
3. Account for lowpass cutoff during PSY analysis
The closer PSY's allocation is to final allocation the better
the quality is, and given these modifications, twoloop is now
very efficient at avoiding holes. Thus, to compute accurate
thresholds, PSY needs to account for the lowpass applied
implicitly during twoloop (by zeroing high bands).
This patch makes twoloop set the cutoff in psymodel's context
the first time it runs, and makes PSY account for it during
threshold computation, making PE and threshold computations
closer to the final allocation and thus achieving better
subjective quality.
4. Tweaks to RC lambda tracking loop in relation to PNS
Without this tweak some corner cases cause quality regressions.
Basically, lambda needs to react faster to overall bitrate
efficiency changes since now PNS can be quite successful in
enforcing maximum bitrates, when PSY allocates too many bits
to the lower bands, suppressing the signals RC logic uses to
lower lambda in those cases and causing aggressive PNS.
This tweak makes PNS much less aggressive, though it can still
use some further tweaks.
Also update MIPS specializations and adjust fuzz
Also in lavc/mips/aacpsy_mips.h: remove trailing whitespace
Aaron Colwell [Mon, 23 Nov 2015 20:06:14 +0000 (12:06 -0800)]
avformat/matroskadec: Fix sample_aspect_ratio for stereo matroska content
matroskaenc.c applies divisors to the display width/height when generating
stereo content. This patch adds the corresponding multipliers to matroskadec.c
so that the original sample aspect ratio can be recovered.
avformat/mp3dec: prefer "fast_seek" to TOC seek for CBR files.
"Fast seek" uses linear interpolation to find the position of the
requested seek time. For CBR this is more direct than using the
mp3 TOC and bypassing the TOC avoids problems with TOC precision.
(see https://crbug.com/545914#c13)
For VBR, fast seek is not precise, so continue to prefer the TOC
when available (the lesser of two evils).
Also, some re-ordering of the logic in mp3_seek to simplify and
give usetoc=1 precedence over fastseek flag.
avcodec/mpegaudio_tablegen: more dynamic table creation speedups
This further speeds up runtime initialization, with identical generated tables.
Sample benchmark (x86-64, Haswell, GNU/Linux):
old: 34441423 decicycles in mpegaudio_tableinit, 8192 runs, 0 skips
new: 10776291 decicycles in mpegaudio_tableinit, 8192 runs, 0 skips
Most low hanging fruit is taken care of here. For some idea, note that
83,064 array elements totalling 233,722 bytes need to be initialized.
Thus, with this patch, we average ~ 12.9 cycles per element or ~ 4.6
cycles per byte.
avcodec/mpegaudio_tablegen: speed up dynamic table creation
This does some miscellaneous stuff mainly avoiding the usage of pow to
achieve significant speedups. This is not speed critical, but is
unnecessary latency and cycles wasted for a user.
All tables tested and are identical to the old ones
(bit-exact even in floating point case).
avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
The code expects actual positive numbers and gives completely wrong
results if INT64_MIN is treated as positive
Instead clip it into the valid range that is add 1 and treat it as
negative
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The table in question is a 253 byte one. In fact, it turns out that
dynamic generation of the table results in an increased binary size.
Code compiled with GCC 5.2.0, x86-64 (size in bytes), before and after
patch:
old: 62321064 libavcodec/libavcodec.so.57
new: 62320536 libavcodec/libavcodec.so.57
Thus, it always make sense to statically allocate this.
Tested with FATE with/without --enable-hardcoded-tables.
Will Kelleher [Tue, 27 Oct 2015 17:08:45 +0000 (12:08 -0500)]
qsvenc: write a53 caption data to SEI
Signed-off-by: Will Kelleher <wkelleher@gogoair.com>
Previous version reviewed-by: Ivan Uskov <ivan.uskov@nablet.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: ==13287== Invalid read of size 4
==13287== at 0x45161A: flush_buffer (aviobuf.c:143)
==13287== by 0x451971: avio_flush (aviobuf.c:200)
==13287== by 0x512CCF: av_write_trailer (mux.c:1016)
==13287== by 0x41A5E0: close_connection (ffserver.c:853)
==13287== by 0x421EDC: rtsp_cmd_interrupt (ffserver.c:3245)
==13287== by 0x420B9C: rtsp_parse_request (ffserver.c:2854)
==13287== by 0x41A9C2: handle_connection (ffserver.c:930)
==13287== by 0x41A04B: http_server (ffserver.c:700)
==13287== by 0x423A60: main (ffserver.c:3897)
==13287== Address 0xb6cd258 is 88 bytes inside a block of size 192 free'd
==13287== at 0x4C2B5D9: free (vg_replace_malloc.c:446)
==13287== by 0x1004DAC: av_free (mem.c:239)
==13287== by 0x454835: avio_close_dyn_buf (aviobuf.c:1170)
==13287== by 0x41F385: http_prepare_data (ffserver.c:2368)
==13287== by 0x41F59B: http_send_data (ffserver.c:2416)
==13287== by 0x41ABE2: handle_connection (ffserver.c:986)
==13287== by 0x41A04B: http_server (ffserver.c:700)
==13287== by 0x423A60: main (ffserver.c:3897)
Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mpeg4videodec: Check available data before reading custom matrix
Fixes: out of array read Fixes: 76c515fc3779d1b838667c61ea13ce92/asan_heap-oob_1fc0d07_8913_794a4629a264ebdb25b58d3a94ed1785.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The DC VLC table used is too small, fixing this requires a sample,
thus request a sample.
Some samples are said to work even though the table has the wrong size, thus
this is left enabled if the user enables experimental features.
Fixes: 2abd25478c62a675f335fac00b467023/asan_static-oob_10aff98_1227_8811480c6ef1e970a7977ceb7e5a9958.mxf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Approved-by: kurosu Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Claudio Freire [Sun, 29 Nov 2015 18:03:45 +0000 (15:03 -0300)]
AAC encoder: make pe.min a local minimum
As noted in a comment, pe.min in the reference encoder
is centered around current pe. The bit reservoir algo
needs pe.min to be a local minimum, because it can only
account for local PE variations. If it's set to a global
minimum as was being done, bit reservoir logic doesn't
work as efficiently.
This patch tries to forget old minimums and converge to
a local minimum without losing the stability of the
previous solution. Listening tests until now suggest this
solves numerous RC issues.
Paul B Mahol [Sun, 29 Nov 2015 11:37:48 +0000 (12:37 +0100)]
avfilter/avf_showvolume: fix several issues
Fix color fading: previously color could fade to red when
volume level for red color was actually never reached.
Display volume value on right side.
Use red color only if clipping is needed.
Hendrik Leppkes [Mon, 16 Nov 2015 23:28:58 +0000 (00:28 +0100)]
avformat/mlpdec: consider all valid mlp access units when probing
Fixes probing of truehd/mlp files with a lot of frames in between the
major sync frames. The spec allows a distance of up to 128 frames in
between major sync frames, which leads to the probing code not reaching
the desired score.
avcodec/h264_refs: Check that long references match before use
Fixes out of array read Fixes: 59bb925e90201fa0f87f0a31945d43b5/asan_heap-oob_4a52e5_3388_66027f11e3d072f1e02401ecc6193361.jvt Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/utils: Clear dimensions in ff_get_buffer() on failure
Fixes out of array access Fixes: 482d8f2fd17c9f532b586458a33f267c/asan_heap-oob_4a52b6_7417_1d08d477736d66cdadd833d146bb8bae.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read Fixes: 2f95ddd996db8a6281d2e18c184595a7/asan_heap-oob_192fe91_3330_58e4441181e30a66c19f743dcb392347.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>