highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'qatar/release/0.7' into release/0.8

Browse Source 
* qatar/release/0.7:
  h264: check ref_count validity for num_ref_idx_active_override_flag
  h264: check context state before decoding slice data partitions
  oggdec: free the ogg streams on read_header failure
  oggdec: check memory allocation
  Fix uninitialized reads on malformed ogg files.
  rtsp: Recheck the reordering queue if getting a new packet
  alacdec: do not be too strict about the extradata size
  h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
  h264: check sps.log2_max_frame_num for validity
  ppc: always use pic for shared libraries
  h264: enable low delay only if no delayed frames were seen
  lavf: avoid integer overflow in ff_compute_frame_duration()

Conflicts:
	libavformat/oggdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-01-17 03:16:46 +01:00
commit 685321e4bd
7 changed files with 82 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure vendored
View File

@ -2379,7 +2379,7 @@ check_host_cflags -std=c99
check_host_cflags -Wall
case "$arch" in
alpha|ia64|mips|parisc|sparc)
alpha|ia64|mips|parisc|ppc|sparc)
spic=$shared
;;
x86)

7
libavcodec/alac.c
View File

@ -664,10 +664,9 @@ static av_cold int alac_decode_init(AVCodecContext * avctx)
alac->numchannels = alac->avctx->channels;
/* initialize from the extradata */
if (alac->avctx->extradata_size != ALAC_EXTRADATA_SIZE) {
av_log(avctx, AV_LOG_ERROR, "alac: expected %d extradata bytes\n",
ALAC_EXTRADATA_SIZE);
return -1;
if (alac->avctx->extradata_size < ALAC_EXTRADATA_SIZE) {
av_log(avctx, AV_LOG_ERROR, "alac: extradata is too small\n");
return AVERROR_INVALIDDATA;
}
if (alac_set_info(alac)) {
av_log(avctx, AV_LOG_ERROR, "alac: set_info failed\n");

21
libavcodec/h264.c
View File

@ -2907,8 +2907,13 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
if(num_ref_idx_active_override_flag){
h->ref_count[0]= get_ue_golomb(&s->gb) + 1;
if(h->slice_type_nos==AV_PICTURE_TYPE_B)
if (h->ref_count[0] < 1)
return AVERROR_INVALIDDATA;
if (h->slice_type_nos == AV_PICTURE_TYPE_B) {
h->ref_count[1]= get_ue_golomb(&s->gb) + 1;
if (h->ref_count[1] < 1)
return AVERROR_INVALIDDATA;
}
}
if (h->ref_count[0]-1 > max || h->ref_count[1]-1 > max){
@ -3851,6 +3856,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
hx->inter_gb_ptr= &hx->inter_gb;
if(hx->redundant_pic_count==0 && hx->intra_gb_ptr && hx->s.data_partitioning
&& s->current_picture_ptr
&& s->context_initialized
&& (avctx->skip_frame < AVDISCARD_NONREF || hx->nal_ref_idc)
&& (avctx->skip_frame < AVDISCARD_BIDIR || hx->slice_type_nos!=AV_PICTURE_TYPE_B)
@ -3866,9 +3872,16 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
init_get_bits(&s->gb, ptr, bit_length);
ff_h264_decode_seq_parameter_set(h);
if (s->flags& CODEC_FLAG_LOW_DELAY ||
(h->sps.bitstream_restriction_flag && !h->sps.num_reorder_frames))
s->low_delay=1;
if (s->flags & CODEC_FLAG_LOW_DELAY ||
(h->sps.bitstream_restriction_flag &&
!h->sps.num_reorder_frames)) {
if (s->avctx->has_b_frames > 1 || h->delayed_pic[0])
av_log(avctx, AV_LOG_WARNING, "Delayed frames seen "
"reenabling low delay requires a codec "
"flush.\n");
else
s->low_delay = 1;
}
if(avctx->has_b_frames < 2)
avctx->has_b_frames= !s->low_delay;

22
libavcodec/h264_ps.c
View File

@ -37,6 +37,9 @@
//#undef NDEBUG
#include <assert.h>
#define MAX_LOG2_MAX_FRAME_NUM (12 + 4)
#define MIN_LOG2_MAX_FRAME_NUM 4
static const AVRational pixel_aspect[17]={
{0, 1},
{1, 1},
@ -311,7 +314,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
MpegEncContext * const s = &h->s;
int profile_idc, level_idc, constraint_set_flags = 0;
unsigned int sps_id;
int i;
int i, log2_max_frame_num_minus4;
SPS *sps;
profile_idc= get_bits(&s->gb, 8);
@ -340,7 +343,11 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
memset(sps->scaling_matrix8, 16, sizeof(sps->scaling_matrix8));
sps->scaling_matrix_present = 0;
if(sps->profile_idc >= 100){ //high profile
if (sps->profile_idc == 100 || sps->profile_idc == 110 ||
sps->profile_idc == 122 || sps->profile_idc == 244 ||
sps->profile_idc == 44 || sps->profile_idc == 83 ||
sps->profile_idc == 86 || sps->profile_idc == 118 ||
sps->profile_idc == 128 || sps->profile_idc == 144) {
sps->chroma_format_idc= get_ue_golomb_31(&s->gb);
if (sps->chroma_format_idc > 3U) {
av_log(h->s.avctx, AV_LOG_ERROR, "chroma_format_idc %d is illegal\n", sps->chroma_format_idc);
@ -363,7 +370,16 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
sps->bit_depth_chroma = 8;
}
sps->log2_max_frame_num= get_ue_golomb(&s->gb) + 4;
log2_max_frame_num_minus4 = get_ue_golomb(&s->gb);
if (log2_max_frame_num_minus4 < MIN_LOG2_MAX_FRAME_NUM - 4 ||
log2_max_frame_num_minus4 > MAX_LOG2_MAX_FRAME_NUM - 4) {
av_log(h->s.avctx, AV_LOG_ERROR,
"log2_max_frame_num_minus4 out of range (0-12): %d\n",
log2_max_frame_num_minus4);
return AVERROR_INVALIDDATA;
}
sps->log2_max_frame_num = log2_max_frame_num_minus4 + 4;
sps->poc_type= get_ue_golomb_31(&s->gb);
if(sps->poc_type == 0){ //FIXME #define

56
libavformat/oggdec.c
View File

@ -69,8 +69,7 @@ static int ogg_save(AVFormatContext *s)
for (i = 0; i < ogg->nstreams; i++){
struct ogg_stream *os = ogg->streams + i;
os->buf = av_malloc (os->bufsize);
memset (os->buf, 0, os->bufsize);
os->buf = av_mallocz (os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE);
memcpy (os->buf, ost->streams[i].buf, os->bufpos);
}
@ -161,13 +160,18 @@ static int ogg_new_stream(AVFormatContext *s, uint32_t serial, int new_avstream)
AVStream *st;
struct ogg_stream *os;
ogg->streams = av_realloc (ogg->streams,
ogg->nstreams * sizeof (*ogg->streams));
os = av_realloc (ogg->streams, ogg->nstreams * sizeof (*ogg->streams));
if (!os)
return AVERROR(ENOMEM);
ogg->streams = os;
memset (ogg->streams + idx, 0, sizeof (*ogg->streams));
os = ogg->streams + idx;
os->serial = serial;
os->bufsize = DECODER_BUFFER_SIZE;
os->buf = av_malloc(os->bufsize);
os->buf = av_malloc(os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE);
os->header = -1;
if (new_avstream) {
@ -184,7 +188,7 @@ static int ogg_new_stream(AVFormatContext *s, uint32_t serial, int new_avstream)
static int ogg_new_buf(struct ogg *ogg, int idx)
{
struct ogg_stream *os = ogg->streams + idx;
uint8_t *nb = av_malloc(os->bufsize);
uint8_t *nb = av_malloc(os->bufsize + FF_INPUT_BUFFER_PADDING_SIZE);
int size = os->bufpos - os->pstart;
if(os->buf){
memcpy(nb, os->buf + os->pstart, size);
@ -295,7 +299,9 @@ static int ogg_read_page(AVFormatContext *s, int *str)
}
if (os->bufsize - os->bufpos < size){
uint8_t *nb = av_malloc (os->bufsize *= 2);
uint8_t *nb = av_malloc ((os->bufsize *= 2) + FF_INPUT_BUFFER_PADDING_SIZE);
if (!nb)
return AVERROR(ENOMEM);
memcpy (nb, os->buf, os->bufpos);
av_free (os->buf);
os->buf = nb;
@ -309,6 +315,7 @@ static int ogg_read_page(AVFormatContext *s, int *str)
os->granule = gp;
os->flags = flags;
memset(os->buf + os->bufpos, 0, FF_INPUT_BUFFER_PADDING_SIZE);
if (str)
*str = idx;
@ -504,14 +511,28 @@ static int ogg_get_length(AVFormatContext *s)
return 0;
}
static int ogg_read_header(AVFormatContext *s, AVFormatParameters *ap)
static int ogg_read_close(AVFormatContext *s)
{
struct ogg *ogg = s->priv_data;
int ret, i;
int i;
for (i = 0; i < ogg->nstreams; i++) {
av_free(ogg->streams[i].buf);
av_free(ogg->streams[i].private);
}
av_free(ogg->streams);
return 0;
}
static int ogg_read_header(AVFormatContext *s)
{
struct ogg *ogg = s->priv_data;
int i, ret;
ogg->curidx = -1;
//linear headers seek from start
ret = ogg_get_headers (s);
if (ret < 0){
ret = ogg_get_headers(s);
if (ret < 0) {
ogg_read_close(s);
return ret;
}
@ -596,19 +617,6 @@ retry:
return psize;
}
static int ogg_read_close(AVFormatContext *s)
{
struct ogg *ogg = s->priv_data;
int i;
for (i = 0; i < ogg->nstreams; i++){
av_free (ogg->streams[i].buf);
av_free (ogg->streams[i].private);
}
av_free (ogg->streams);
return 0;
}
static int64_t ogg_read_timestamp(AVFormatContext *s, int stream_index,
int64_t *pos_arg, int64_t pos_limit)
{

8
libavformat/rtsp.c
View File

@ -1641,6 +1641,7 @@ int ff_rtsp_fetch_packet(AVFormatContext *s, AVPacket *pkt)
rt->cur_transport_priv = NULL;
}
redo:
if (rt->transport == RTSP_TRANSPORT_RTP) {
int i;
int64_t first_queue_time = 0;
@ -1656,12 +1657,15 @@ int ff_rtsp_fetch_packet(AVFormatContext *s, AVPacket *pkt)
first_queue_st = rt->rtsp_streams[i];
}
}
if (first_queue_time)
if (first_queue_time) {
wait_end = first_queue_time + s->max_delay;
} else {
wait_end = 0;
first_queue_st = NULL;
}
}
/* read next RTP packet */
redo:
if (!rt->recvbuf) {
rt->recvbuf = av_malloc(RECVBUF_SIZE);
if (!rt->recvbuf)

5
libavformat/utils.c
View File

@ -846,7 +846,10 @@ static void compute_frame_duration(int *pnum, int *pden, AVStream *st,
*pnum = st->codec->time_base.num;
*pden = st->codec->time_base.den;
if (pc && pc->repeat_pict) {
*pnum = (*pnum) * (1 + pc->repeat_pict);
if (*pnum > INT_MAX / (1 + pc->repeat_pict))
*pden /= 1 + pc->repeat_pict;
else
*pnum *= 1 + pc->repeat_pict;
}
//If this codec can be interlaced or progressive then we need a parser to compute duration of a packet
//Thus if we have no parser in such case leave duration undefined.