swscale/vscale: Check that 2 tap filters are bilinear before using bilinear code
Fixes: out of array reads Fixes: 07e8b9c5d348ccdf7add0f37de20cf6c/asan_heap-oob_27e8df7_6849_e56653f768070ec8cb52f587048444c2.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This makes SWS more robust Fixes: 07650a772d98aa63b0fed6370dc89037/asan_heap-oob_27ddeaf_2657_2c81ff264dee5d9712cb3251fb9c3bbb.264 Fixes: out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Claudio Freire [Thu, 14 Jan 2016 03:38:22 +0000 (00:38 -0300)]
avcodec/aacenc_is: replace pow(x, 0.75) by x/sqrtf(sqrtf(x))
This is quite an accurate approximation; testing shows ~ 2ulp error in
the floating point result. Tested with FATE.
Alternatively, if one wants "full accuracy", one can use powf, or sqrt
instead of sqrtf. With powf, one gets 1 ulp error (theoretically should be 0, as
0.75 is exactly representable) on GNU libm, with sqrt, 0 ulp error.
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Abstracted into pos_pow34 utility function
Fixes out of array read Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_8790_ae85ffc889070663319b3417ede777b0.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
All MDCT outputs must be checked in case of 128point MDCTs Fixes: out of array read Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_351_52ca6226eb83547a2d26e322ce84ed84.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Claudio Freire [Sun, 10 Jan 2016 06:04:21 +0000 (03:04 -0300)]
AAC encoder: encode out-of-phase I/S efficiently
Use the ability to invert phase with ms_mask instead of changing
the codebook when possible, to avoid having to switch codebooks
if some bands are INTENSTY_BT and others are INTENSITY_BT2, since
usually a set ms_mask uses less bits that a codebook change. While
it may not always be a win (ie: if it causes an ms_mask bitmap
to be sent when it wouldn't have been otherwise), it's unlikely
since the ms_mask bitmap will almost always be there already for
M/S itself.
Claudio Freire [Fri, 8 Jan 2016 09:18:24 +0000 (06:18 -0300)]
AAC encoder: fix I/S relative error evaluation
The relative error between two encoding strategies is the simple
difference of rate-distortion values, and not the absolute
difference. An absolute measure would allow worsening of the
quantization error as well as improving.
Claudio Freire [Fri, 8 Jan 2016 08:31:32 +0000 (05:31 -0300)]
AAC encoder: various fixes in M/S coding
1. Fix sf_idx and band_type addressing to address only the first
subwindow in the group (others could hold garbage values)
2. Don't step on ms_mask when is_mask is set. I/S selection
already sets the ms_mask properly and shouldn't be overridden.
3. Use mid/sid cb/sf when computing coding error, as should be
since those are the cb/sfs that will eventually be set.
4. Fix distortion computation on multi-subwindow groups (was
subtracting the bits terms multiple times)
5. Clear ms_mask when one side uses PNS and the other doesn't.
When using PNS, ms_mask signals correlated noise, which can be
detected just like regular M/S detection, so we don't skip
noise bands, but when only one side uses PNS setting the flag
can confuse some encoders, so avoid that.
Claudio Freire [Fri, 8 Jan 2016 08:16:18 +0000 (05:16 -0300)]
AAC encoder: in IS, fix index of sf_idx, band_type
Correct addressing of sf_idx and band_type arrays in I/S code.
Both arrays don't guarantee valid values for subwindows at all
times, depending on which coder is being used, which could result
in reading of garbage values. Instead, only the first subwindow
in the window group has to be used, ie: use w*16+g instead of
(w+w2)*16+g
Claudio Freire [Fri, 8 Jan 2016 08:04:37 +0000 (05:04 -0300)]
AAC encoder: don't apply MS on special bands
Change the condition for application of the M/S transform to match
that of the decoder. Namely, that no special coding books must be
in use in either channel. While the condition ought to be
equivalent to the current one when the invariant of is_mask is
kept, matching the decoder's condition is safer and easier to
maintain.
Claudio Freire [Tue, 29 Dec 2015 08:18:40 +0000 (05:18 -0300)]
AAC encoder: fix assertion error with prediction
Fixes an assertion error reported in #2686 that happens when
using prediction (either explicitly or implicitly by setting
the AAC main profile), since prediction code would allow
creating new zeroes or removing existing ones, without
properly checking for SF delta violations.
This patch forbids creating/removing zeroes, perhaps an
overly conservative approach, but a safe one. More permissive
and sophisticated approaches may be attempted in the future.
Fixes out of array read Fixes: 03c406ec9530e594a074ce2979f8a1f0/asan_heap-oob_7dec26_4664_37c52495b2870a2eaac65f53958e76c1.flac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Either disabling or init'ing secure memory is required after the use
of gcry_check_version. From a look at the functions rtmpdh uses, I
noticed none require the use of secure memory, so we disable it [1][2].
This resolves some errors returned by rtmpdh code with uninitialized
gcrypt, especifically:
Fatal: failed to create the RNG lock: Invalid argument
FATAL: failed to acquire the FSM lock in libgrypt: Invalid argument
Version "1.5.4" was arbitrarily chosen. An older version probably works
as well, but I couldn't compile older versions to test on my machine.
This exploits an approach based on the sieve of Eratosthenes, a popular
method for generating prime numbers.
Tables are identical to previous ones.
Tested with FATE with/without --enable-hardcoded-tables.
Sample benchmark (Haswell, GNU/Linux+gcc):
prev: 7860100 decicycles in cbrt_tableinit, 1 runs, 0 skips 7777490 decicycles in cbrt_tableinit, 2 runs, 0 skips
[...] 7582339 decicycles in cbrt_tableinit, 256 runs, 0 skips 7563556 decicycles in cbrt_tableinit, 512 runs, 0 skips
new: 2099480 decicycles in cbrt_tableinit, 1 runs, 0 skips 2044470 decicycles in cbrt_tableinit, 2 runs, 0 skips
[...] 1796544 decicycles in cbrt_tableinit, 256 runs, 0 skips 1791631 decicycles in cbrt_tableinit, 512 runs, 0 skips
Both small and large run count given as this is called once so small run
count may give a better picture, small numbers are fairly consistent,
and there is a consistent downward trend from small to large runs,
at which point it stabilizes to a new value.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Mats Peterson [Sun, 10 Jan 2016 02:59:21 +0000 (03:59 +0100)]
lavf/matroskadec: Normalize noncompliant A_QUICKTIME/V_QUICKTIME private data
This patch adds a new static function get_qt_codec() that takes care of
the initial retrieval of the fourcc and codec ID for A_QUICKTIME and
V_QUICKTIME. It also normalizes noncompliant private data found in some
older files that incorrectly starts with the fourcc by expanding/shifting
the data by 4 bytes, and storing the data size at the start. This is
necessary in order for the rest of the code in the A_QUICKTIME and
V_QUICKTIME blocks (and most likely other code as well) to correctly
parse the private data.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes index out of bounds error Fixes: aac_index_out_of_bounds.wmv Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Aman Gupta [Sat, 9 Jan 2016 01:56:09 +0000 (17:56 -0800)]
lavc/ccaption_dec: extract capture_screen() for future use
unlike reap_screen(), capture_screen() can be used to populate buffer
without touching the timestamps. this is useful for upcoming commits
which implement a real time caption stream.
Aman Gupta [Tue, 5 Jan 2016 22:53:29 +0000 (14:53 -0800)]
lavc/ccaption_dec: reap_screen() is responsible for clearing output buffer and signaling screen_changed
moves the screen_changed bit and the bprint_clear into reap_screen() so
the logic is centralized and callers do not need to touch the bit or the
buffer before calling reap_screen()