avcodec/aacenc: Check all coefficients for finiteness
This is needed as near infinite values on the input side result in only some
output to be non finite.
Also it may still be insufficient if subsequent computations overflow
avformat/avio: Limit url option parsing to the documented cases
This feature is not know much or used much AFAIK, and it might be helpfull in
exploits.
No specific case is known where it can be used in an exploit though
subsequent commits depend on this commit though
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/img2dec: do not interpret the filename by default if a IO context has been opened
With this, user applications which use custom IO and have set a IO context will not have
their already opened IO context ignored and glob/seq being interpreted
Comments and tests from maintainers of user apps are welcome!
Liked-by: wm4 <nfxjfg@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Updates libkvazaar to pass the exact frame rate to Kvazaar by setting
the numerator and denominator separately instead of a single floating
point number. The exact frame rate is needed for writing timing info to
the bitstream.
Bela Bodecs [Mon, 18 Jan 2016 17:44:09 +0000 (18:44 +0100)]
vf_scale: Detecting changes of incoming frame properties and dinamically evaluate width and height expressions
Currently scale filter accepts expressions in its width and height
parameters but evaluates them only once at init and replaces them with
their actual values. Later on, if any parameter of incoming frames
changes - ie those were used in the original size expressions - then
they new values will not have any affect for width and heigth values.
They remain the same. This patch makes possible that width and height
expressions be evaluated frame-by-frame basis if width/height/sar/format
properties of incoming frame would change. To retain the current
behaviour and not to break any earlier app, a new config parameter has
been introduced. Its name is "eval" and it has two distinct values:
"init" and "frame". The default value is "init".
This feature is very usefull in case of DVBT mpeg-ts streams where SAR
may change time-by-time from 4/3 to 16/9 and vica-versa and the size
remains the same and you want to create a variable sized output with 1/1
SAR.
Signed-off-by: Bela Bodecs <bodecsb@vivanet.hu> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Bela Bodecs [Tue, 19 Jan 2016 19:22:06 +0000 (20:22 +0100)]
vf_overlay: handles expression evaluation of frame size change in frame-by-frame evalutaion mode
vf_overlay video filter accepts expressions in its parameters. In
'frame-by-frame' evaluation mode it recalculates them regularly, but
incoming video frame size changes did not reflect in their values. So if
you used width or height of any source videos in expressions as
parameters, they stayed on their initial values. This patch corrects
this bug.
Signed-off-by: Bela Bodecs <bodecsb@vivanet.hu> Reviewed-by: Paul B Mahol <onemda@gmail.com Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
ffplay: toggle full screen when double-clicking the video window with the left mouse button
Now that the seek only happens with the right mouse button, it makes
sense to toggle full screen when double-clicking with the left mouse
button, like other video players do.
ffplay: seek only when pressing the right mouse button on the video window
Seeking by clicking on the video window can be annoying, because
the user might click on it accidentally while eg. trying to get
focus on it, and ffplay seeks instead.
This commit changes that behaviour to seek only when the right
mouse button is used to click and drag on the window.
Adding mastering display metadata struct to avutil. The mastering display metadata contains information
about the mastering display color volume (SMPTE 2086:2014).
This info comes from HEVC in the SEI_TYPE_MASTERING_DISPLAY_INFO and is soon to be included in MKV:
https://mailarchive.ietf.org/arch/search/?email_list=cellar&gbt=1&index=sZyfPTM-QY69P-0omfOIiTN622o
so it is similar to SEI FPA / stereo_mode in MKV and as such this patch follows how AVStereo3D is implemented.
I'll add support to HEVC in a follow-up (and MKV when spec is approved).
Signed-off-by: Neil Birkbeck <neil.birkbeck@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access Fixes: aaa479088e6fb40b04837b3119f47b04/asan_heap-oob_e38c68_8576_9d653078b2470700e2834636f12ff557.tga Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Mats Peterson [Sun, 17 Jan 2016 21:27:52 +0000 (22:27 +0100)]
lavc/rawdec: Use AV_PIX_FMT_PAL8 for 1-bit raw QuickTime video
Match the use of AV_PIX_FMT_PAL8 for 1-bit QuickTime Animation in
lavc/qtrle. To reiterate, 1-bit video is not necessary black & white in
QuickTime, merely bi-level. The two colors can be any color. The palette,
either included in the sample description, or the default Macintosh
palette (black & white for 1-bit video) will be set in lavf/qtpalette.
See the QuickTime File Format Specification for details.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/tiff: Check subsample & rps values more completely
Fixes out of array access Fixes: 83aedfb29af669c4d6e10f1bfad974d2/asan_heap-oob_1ab42fe_4984_9f6ec14462f8d8a00ea24b320572a963.tif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It seems the previous tables where calculated with 32bit integers ignoring
overflows.
Also check for the max qindex, the value is choosen so that the qfactor/offset
fit in int32.
Fixes: 070b7914fd5dfe8f93248bea71363410/asan_static-oob_c8d034_2764_258e20f4a3c79158aecddb61a833d756.drc
Fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Claudio Freire [Sun, 17 Jan 2016 02:02:41 +0000 (23:02 -0300)]
AAC encoder: TNS fixes on short windows
TNS was computing filter coefficients incorrectly for short windows
due to a few coefficient addressing bugs. Fixing them fixes lots of
instability with transients (short windows).
Claudio Freire [Sat, 16 Jan 2016 23:47:00 +0000 (20:47 -0300)]
AAC encoder: use signed coeffs when measuring IS energy
I/S energy, especially when it comes to phase cancellations,
needs to use signed coefficients as input, yet it was using
abs'd coefficients. That was a slight bug.
Claudio Freire [Sat, 16 Jan 2016 23:44:36 +0000 (20:44 -0300)]
AAC encoder: enforce SF delta in PNS and IS SFs
Make sure to properly enforce maximum scalefactor delta in PNS
and I/S, not as an absolute range but relative to the previous
and first scalefactor, the latter important since PNS uses an
implicit inicial scalefactor derived from the global gain, and
encoded in a different way, which makes a big difference in the
allowed range.
Fixes out of array read Fixes: 1b79b985cdf860ffa228c00ee5497051/signal_sigsegv_1f99d24_315_f0f1fdb451264b1138e9c24eb7d49181.wv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
s->ac_val[0][0] is of type 'int16_t [16]', but points into a larger buffer.
Here it is used as base pointer to find the correct position in the
larger buffer by adding 's->block_index[n] * 16' and thus as 'int16_t *'.
This fixes clang's ubsan runtime error: index out of bounds for type
'int16_t [16]'
Fixes: test_case.mp4 Found-by: Tyson Smith <twsmith@mozilla.com> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Mats Peterson [Tue, 12 Jan 2016 23:32:20 +0000 (00:32 +0100)]
lavf/mov: Confine 0x00000000 to raw/twos fourcc mapping to version 0 sample descriptions
Confine the 0x00000000 to 'raw '/'twos' fourcc mapping to old version 0
sound sample descriptions, since they are the only valid sample
descriptions for this type of mapping.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array accesses Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>