nutdec: fix illegal count check in decode_main_header
The existing check has two problems:
1) i + count can overflow, so that the check '< 256' returns true.
2) In the (i == 'N') case occurs a j-- so that the loop runs once more.
This can trigger the assertion 'nut->header_len[0] == 0' or cause
segmentation faults or infinite hangs.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Check extended sync word for 16-bit LE and BE core streams to reduce
probability of alias sync detection. Previously sync word extension was
checked only for 14-bit streams.
This follows up the similar change in avcodec/dca_parser.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
apedec: prevent out of array writes in decode_array_0000
s->decoded_buffer is allocated with a min_size of:
2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)
Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8)
to s->decoded[1]) and passed as out buffer to decode_array_0000.
In this function 64 elements of the out buffer are written
unconditionally and outside the array if blockstodecode is too small.
This causes memory corruption, leading to segmentation faults or other
crashes.
Thus change decode_array_0000 to write at most blockstodecode elements
of the out buffer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
AVOpenCLDeviceNode and AVOpenCLPlatformNode used fixed static buffer for holding the device and platform name.
This patch modifies these structures to use pointers instead. The memory required to hold the names is
now dynamically allocated, the size for which is determined by querying appropriate OpenCL runtime APIs.
Signed-off-by: Maneesh Gupta <maneesh.gupta@amd.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
The opt_opencl_bench function copied the device name using strcpy without checking if the source string was larger.
This patch fixes this by replacing the strcpy with av_strlcpy, with the string copy size capped to the destination buffer size.
Signed-off-by: Maneesh Gupta <maneesh.gupta@amd.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Remove the direct profile from UTCTiming element. Per DASH spec,
direct profile value should be the time at which the request was
made to the server and not the time at which the manifest was
written. So ffmpeg cannot write this value. This patch removes
the direct profile and write the UTCTiming element with the http
profile only if a URL is passed as a parameter. Update the fate
test to reflect this change.
Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
tests: make sure subtitles tests are run with a rawdiff
This will test properly CRLF with make fate, make fate-subtitles and any
make fate-sub-* test. Before this commit, the rawdiff was triggered only
by make fate-subtitles.
Also make sure fate-sub-* only match the tests relying on fmtstdout
command, to at least avoid failing on MingW. See
https://ffmpeg.org/pipermail/ffmpeg-devel/2015-April/172395.html
Rong Yan [Mon, 27 Apr 2015 03:29:51 +0000 (03:29 +0000)]
avcodec/ppc/fdctdsp: POWER LE support in ff_fdct_altivec() delete macros VEC_FMERGEH() VEC_FMERGEL(), they where wrong
GCC tool had a bug of PPC intrinsic interpret, which has been fixed in GCC 4.9.1. This bug lead to
errors in two of our previous patches. We found this when we update our GCC tools to 4.9.1 and by
reading the related info on GCC website. We fix our previous error in two separate commits
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Rong Yan [Mon, 27 Apr 2015 03:19:45 +0000 (03:19 +0000)]
swscale/ppc/swscale_altivec.c: POWER LE support in yuv2planeX_8() delete macro GET_VF() it was wrong
GCC tool had a bug of PPC intrinsic interpret, which has been fixed in GCC 4.9.1. This bug lead to
errors in two of our previous patches. We found this when we update our GCC tools to 4.9.1 and by
reading the related info on GCC website. We fix our previous error in two separate commits
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
HAVE_LOONGSON is replaced by HAVE_LOONGSON3. Even Loongson-2E and 2F support
Loongson SIMD instructs but have low performance for decoding. We plan to focus
on optimizing Loongson-3A1000, 3B1500 and 3A1500, and modify the configure file
to support Loongson-2 series later by adding HAVE_LOONGSON2.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avcodec/movtextdec: Decoding of Bold-Italic_Underlined styles for 3gpp timed text subtitles
Signed-off-by: Niklesh <niklesh.lalwani@iitb.ac.in>
Previous version reviewed-by: Philip Langdale <philipl@overt.org>
Previous version reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Ronald S. Bultje [Thu, 23 Apr 2015 00:14:19 +0000 (20:14 -0400)]
vp9: use aligned size to write segmentation map into cache.
The unaligned size is not handled in setctx_2d(), causing edges of images
to have improper segmentation prediction, which causes visual artifacts
at image edges a few frames later.
Ronald S. Bultje [Wed, 22 Apr 2015 16:24:41 +0000 (12:24 -0400)]
vp9: add fate tests for show-existing-frame feature.
Samples available at:
http://downloads.webmproject.org/test_data/libvpx/vp90-2-10-show-existing-frame.webm
http://downloads.webmproject.org/test_data/libvpx/vp90-2-10-show-existing-frame2.webm
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avformat/mp3: large id3 tags break concatenated file detection
If the file size is much larger than what is indicated in the XING
header, the demuxer assumes it's a concatenated file, and throws away
the (presumably) incorrect duration information. Unfortunately, this
also triggers if the id3 tags are very large (embedded pictures and
such). Then the half-baked heuristic not only breaks the duration
display, but also gapless audio.
Fix it by subtracting the size of the headers (the check is off by some
bytes, but that doesn't matter at all). Note that there could be an
arbitrary amount of tags _after_ the mp3 data, but hopefully these are
not too large to trigger the heuristic in practice.
Also add a warning when this happens.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
While I'm not sure why exactly sure why the old code could end up in the
wrong position, using the generic index code is much simpler and is
known to work correctly.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Reviewed-by: Timothy Gu <timothygu99@gmail.com> Thanks-to: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> for the link Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Martin Storsjö [Wed, 22 Apr 2015 20:15:58 +0000 (23:15 +0300)]
rtsp: Don't warn about unparsed time ranges
This removes the error logging added in 4e54432164.
This avoids warnings about "Invalid interval start specification 'now'"
for live rtsp streams.
We only try to parse some of the many valid values for time ranges
in RTSP - the other ones are fully valid but not interesting for the
use case in rtsp.c, so we shouldn't warn about them.
(Parsing the time ranges is needed to allow seeking, but e.g. setting
the current realtime clock for the start time doesn't make sense.
av_parse_time has got a different mode for parsing absolute times
as well, which can handle the special case "now", but that doesn't
make much sense for this particular use in rtsp.c.)