rv34_decode_slice() can return without allocating any pictures.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d0f6ab0298)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This prevents crashes with some corrupted bitstreams.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4a29b47186)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 28d948ac44)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit a3d471e500)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
stereo & 16bit is untested due to lack of samples
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5166376f24)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 78cd2e18a4)
Conflicts:
libavcodec/smacker.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
1<<31 overflows because 1 is signed, so force it to unsigned.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 5938e02185)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Correct computation of implicit weight tables when referencing pictures
that are marked for long reference.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 87cf70eb23)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The current check on MMCO parameters prohibits a "max long term frame index
plus 1" of 16 (frame idx of 15) for the "set max long term frame index" MMCO.
Fix this off-by-one error to allow the full range of legal values.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 29a09eae9a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This removes out-of-edge motion compensation artifacts (easily spotted green
blocks in avplay, gray blocks in transcoding), for example here:
http://samples.libav.org/samples/real/tv_watching_t1.rm
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 331971116d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Metadata currently is written only at the start of the file in normal
cases, when transcoding from a rtmp source metadata could be
written later and the offset recorded can exceed 32bit.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7f5bf4fbaf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit fe3e7297fe)
Conflicts:
libavformat/flvenc.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Custom PAR num/denum are in 1-256 range.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 0e86965514)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit bac3ab13ea)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 59a22afa0b)
Conflicts:
libavcodec/h264.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This prevents out of bounds reads when extradata is being decoded.
(cherry picked from commit 1f6f58d585)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
On some platforms EINVAL could be positive, ensure we return negative values.
(cherry picked from commit e5985185d2)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
According to MPEG-TS specs, the continuity_counter shall not be
incremented when the adaptation_field_control of the packet
equals '00' or '10'.
Signed-off-by: Jindrich Makovicka <jindrich.makovicka@nangu.tv>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 8923cfa328)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
buffer_size/4 is the value used by aplay. This fixes output to null
devices, e.g. writing ALSA output to a file.
(cherry picked from commit 8bfd7f6a47)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 4d5e7ab5c4)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Set the frame size when decoding DTS audio.
This has the side effect of fixing the computation of timestamps for DTS-HD in compute_pkt_fields. Since frame_size is
not currently set, the duration of a frame is being guessed based on the streams bitrate. But for DTS-HD, the bitrate
currently used is the rate of the DTS core which is much different than the whole DTS-HD stream and leads to a wildly
inaccurate frame duration estimate.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 49c7006c7e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0631896885)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
filter_mb_fast assumed that qscale_table was padded like many of the other tables.
(cherry picked from commit 5029a40633)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fixes decoding of MJPEG files produced by some UVC Logitec web cameras,
such as "Notebook Pro" and "HD C910".
References:
http://trac.videolan.org/vlc/ticket/4215http://ffmpeg.org/trac/ffmpeg/ticket/267
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Reviewed-by: Kostya <kostya.shishkov@gmail.com>
(cherry picked from commit 8c0fa61a97)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Originally committed as revision 23513 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 77d3f1f792)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68)
Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77d2ef13a8)
NB: MSVR-11-0080 doesn't seem to exist. This issue seems to be known
as MSVR11-011 instead.
Fixes: CVE-2011-3504
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This removes all valgrind-reported invalid writes with one
specific test file.
Fixes http://www.ocert.org/advisories/ocert-2011-002.html
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 4a71da0f3a)
Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Dustin Brody
Laurent Aimar
Michael Niedermayer
Kostya Shishkov
Alex Converse
Sean McGovern
Jeff Downs
Luca Barbato
Reimar Döffinger
Baptiste Coudurier
Diego Biurrun
Rafaël Carré
Mans Rullgard
Jindrich Makovicka
Justin Ruggles
Clément Bœsch
John Stebbins
Jason Garrett-Glaser
Piotr Kaczuba
Alex Converse
Tomas Härdin
Reinhard Tartler