Update for 0.8.9

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
vp3: fix regression with mplayer-crash.ogv
2012-01-02 20:20:14 +01:00 · 2012-01-02 17:24:31 +01:00 · 2011-12-27 21:33:32 +01:00 · 2011-12-25 21:45:57 +01:00 · 2011-12-25 19:25:27 +01:00 · 2011-12-24 01:41:43 +01:00
10 changed files with 27 additions and 22 deletions
--- a/2
+++ b/2
@ -31,7 +31,7 @@ PROJECT_NAME           = FFmpeg
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.

-PROJECT_NUMBER         = 0.8.6
+PROJECT_NUMBER         = 0.8.9

 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.
--- a/2
+++ b/2
@ -1 +1 @@
-0.8.6
+0.8.9
--- a/2
+++ b/2
@ -1 +1 @@
-0.8.6
+0.8.9
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@ -694,10 +694,13 @@ static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length){
    unsigned int prestream_size;
    const uint8_t *prestream;

-    if (bitstream_size > (1<<26) || length < bitstream_size + 12)
-        return -1;
-    prestream_size = 4*AV_RL32(buf + bitstream_size + 4);
-    prestream = buf + bitstream_size + 12;
+    if (length < bitstream_size + 12) {
+        av_log(f->avctx, AV_LOG_ERROR, "packet size too small\n");
+        return AVERROR_INVALIDDATA;
+    }
+
+    prestream_size = 4 * AV_RL32(buf + bitstream_size + 4);
+    prestream      = buf + bitstream_size + 12;

    if (prestream_size > (1<<26) ||
        prestream_size != length - (bitstream_size + 12)){
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@ -2810,11 +2810,9 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
                s0->first_field = FIELD_PICTURE;

            } else {
-                if (h->nal_ref_idc &&
-                        s0->current_picture_ptr->reference &&
-                        s0->current_picture_ptr->frame_num != h->frame_num) {
+                if (s0->current_picture_ptr->frame_num != h->frame_num) {
                    /*
-                     * This and previous field were reference, but had
+                     * This and previous field had
                     * different frame_nums. Consider this field first in
                     * pair. Throw away previous field except for reference
                     * purposes.
--- a/libavcodec/h264.h
+++ b/libavcodec/h264.h
@ -1075,7 +1075,7 @@ static void fill_decode_caches(H264Context *h, int mb_type){
                AV_ZERO32(h->mv_cache [list][scan8[0] + 4 - 1*8]);
                h->ref_cache[list][scan8[0] + 4 - 1*8]= topright_type ? LIST_NOT_USED : PART_NOT_AVAILABLE;
            }
-            if(h->ref_cache[list][scan8[0] + 4 - 1*8] < 0){
+            if(h->ref_cache[list][scan8[0] + 2 - 1*8] < 0 || h->ref_cache[list][scan8[0] + 4 - 1*8] < 0){
                if(USES_LIST(topleft_type, list)){
                    const int b_xy = h->mb2b_xy [topleft_xy] + 3 + h->b_stride + (h->topleft_partition & 2*h->b_stride);
                    const int b8_xy= 4*topleft_xy + 1 + (h->topleft_partition & 2);
--- a/libavcodec/libaacplus.c
+++ b/libavcodec/libaacplus.c
@ -63,9 +63,7 @@ static av_cold int aacPlus_encode_init(AVCodecContext *avctx)

    aacplus_cfg->bitRate = avctx->bit_rate;
    aacplus_cfg->bandWidth = avctx->cutoff;
-    if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) {
-        aacplus_cfg->outputFormat = 0; //raw aac
-    }
+    aacplus_cfg->outputFormat = !(avctx->flags & CODEC_FLAG_GLOBAL_HEADER);
    aacplus_cfg->inputFormat = AACPLUS_INPUT_16BIT;
    if (!aacplusEncSetConfiguration(s->aacplus_handle, aacplus_cfg)) {
        av_log(avctx, AV_LOG_ERROR, "libaacplus doesn't support this output format!\n");
--- a/libavcodec/wma.c
+++ b/libavcodec/wma.c
@ -137,6 +137,9 @@ int ff_wma_init(AVCodecContext *avctx, int flags2)

    /* compute MDCT block size */
    s->frame_len_bits = ff_wma_get_frame_len_bits(s->sample_rate, s->version, 0);
+    s->next_block_len_bits = s->frame_len_bits;
+    s->prev_block_len_bits = s->frame_len_bits;
+    s->block_len_bits      = s->frame_len_bits;

    s->frame_len = 1 << s->frame_len_bits;
    if (s->use_variable_block_len) {
--- a/libavformat/mpegtsenc.c
+++ b/libavformat/mpegtsenc.c
@ -23,6 +23,7 @@
 #include "libavutil/crc.h"
 #include "libavutil/dict.h"
 #include "libavutil/opt.h"
+#include "libavutil/avassert.h"
 #include "libavcodec/mpegvideo.h"
 #include "avformat.h"
 #include "internal.h"
@ -947,19 +948,20 @@ static int mpegts_write_packet(AVFormatContext *s, AVPacket *pkt)
        }
    }

-    if (st->codec->codec_type != AVMEDIA_TYPE_AUDIO) {
+    if (ts_st->payload_index && ts_st->payload_index + size > DEFAULT_PES_PAYLOAD_SIZE) {
+        mpegts_write_pes(s, st, ts_st->payload, ts_st->payload_index,
+                         ts_st->payload_pts, ts_st->payload_dts);
+        ts_st->payload_index = 0;
+    }
+
+    if (st->codec->codec_type != AVMEDIA_TYPE_AUDIO || size > DEFAULT_PES_PAYLOAD_SIZE) {
+        av_assert0(!ts_st->payload_index);
        // for video and subtitle, write a single pes packet
        mpegts_write_pes(s, st, buf, size, pts, dts);
        av_free(data);
        return 0;
    }

-    if (ts_st->payload_index + size > DEFAULT_PES_PAYLOAD_SIZE) {
-        mpegts_write_pes(s, st, ts_st->payload, ts_st->payload_index,
-                         ts_st->payload_pts, ts_st->payload_dts);
-        ts_st->payload_index = 0;
-    }
-
    if (!ts_st->payload_index) {
        ts_st->payload_pts = pts;
        ts_st->payload_dts = dts;
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@ -44,6 +44,7 @@
 #include "libavutil/cpu.h"
 #include "libavutil/avutil.h"
 #include "libavutil/bswap.h"
+#include "libavutil/mathematics.h"
 #include "libavutil/opt.h"
 #include "libavutil/pixdesc.h"
Author	SHA1	Message	Date
Michael Niedermayer	cee1568ae1	Update for 0.8.9 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-02 20:20:14 +01:00
Michael Niedermayer	c409ac5adc	vp3: fix regression with mplayer-crash.ogv Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a2a12e3358`)	2012-01-02 17:24:31 +01:00
Michael Niedermayer	680880c98d	h264: fix init of topleft ref/mv. Fixes Ticket778 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-27 21:33:32 +01:00
Michael Niedermayer	d75909f247	Update for 0.8.8 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-25 21:45:57 +01:00
Michael Niedermayer	8413f12e1b	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update Changelog for 0.7.3 release Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-25 19:25:27 +01:00
Michael Niedermayer	df825c956a	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 This merge is primary for metadata, theres little actually changed except cosmetics * qatar/release/0.7: 4xm: Add a check in decode_i_frame to prevent buffer overreads wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. Update RELEASE file for 0.7.3 swscale: #include "libavutil/mathematics.h" vp3dec: Check coefficient index in vp3_dequant() svq1dec: call avcodec_set_dimensions() after dimensions changed. swscale: Readd #define _SVID_SOURCE Conflicts: RELEASE libavcodec/4xm.c libavcodec/vp3.c libswscale/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-24 01:41:43 +01:00
Reinhard Tartler	d61b38b9db	Update Changelog for 0.7.3 release	2011-12-23 22:40:24 +01:00
Shitiz Garg	d912a30c7d	4xm: Add a check in decode_i_frame to prevent buffer overreads Fixes bugzilla #135 Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `355d917c0b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 22:27:02 +01:00
Justin Ruggles	8dba5608dc	wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. The initial values are not checked against the number of block sizes. Initializing them to frame_len_bits will result in a block size index of 0 in these cases instead of something that might be out-of-range. Fixes Bug 81. (cherry picked from commit `05d1e45d1f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 22:27:02 +01:00
Reinhard Tartler	7ce728050b	Update RELEASE file for 0.7.3	2011-12-23 16:00:17 +01:00
Reinhard Tartler	851098c9e0	swscale: #include "libavutil/mathematics.h" this file uses the M_PI macro since `4e74187db2`, so include the correct header directly. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `5089ce1b5a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:58:31 +01:00
Reinhard Tartler	bba709214a	vp3dec: Check coefficient index in vp3_dequant() Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes NGS00145, CVE-2011-4352 Found-by: Phillip Langlois Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `8b94df0f20`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:56:01 +01:00
Michael Niedermayer	0eca0da06e	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `6e24b9488e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:55:38 +01:00
Michael Niedermayer	d38580a7bb	mpegtsenc: fix handling of large audio packets (sorry i have no sample, just a user report) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e31c5ebe11`) Conflicts: libavformat/mpegtsenc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-09 03:45:40 +01:00
Michael Niedermayer	8acf9905a1	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 Note, all these commits where already in our release, this merge thus changes nothing, its just for metadata * qatar/release/0.7: vp6: Fix illegal read. vp6: Fix illegal read. vp6: Reset the internal state when aborting key frames header parsing vp6: Check for huffman tree build errors vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling imgutils: Fix illegal read. qdm2: check output buffer size before decoding Fix out of bound reads in the QDM2 decoder. Check for out of bound writes in the QDM2 decoder. vmd: fix segfaults on corruped streams Conflicts: libavcodec/qdm2.c libavcodec/vmdav.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-08 01:14:02 +01:00
Michael Niedermayer	1550c0885d	h264: Use mismatching frame numbers in fields to synchronize the first/second field state independant of them being reference or not. Fixes Ticket354 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `545ec935a4`)	2011-12-06 23:31:39 +01:00
Martin Storsjö	38a511e84c	swscale: Readd #define _SVID_SOURCE This was removed erroneously in `046f081b46`. This define still is necessary for getting MAP_ANONYMOUS defined on linux/glibc, despite the define reshuffling done in that commit. Without MAP_ANONYMOUS defined, the mprotect calls for setting the generated mmx2 scaler code pages executable are left out, causing crashes if that codepath is chosen. This patch fixes scaling from 192x144 to 320x240 with -sws_flags fast_bilinear, which crashes on linux at the moment. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `f32dfad9dc`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-05 21:12:11 +01:00
Thierry Foucu	ba4b08b789	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `e0966eb140`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:21:09 +01:00
Alex Converse	67a7ed623b	vp6: Fix illegal read. (cherry picked from commit `2a6eb06254`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:49 +01:00
Laurent Aimar	c76505e0de	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `a72cad0a6c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:28 +01:00
Laurent Aimar	30c08e2261	vp6: Check for huffman tree build errors Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `066fff755a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:10 +01:00
Dustin Brody	7367cbec1b	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `f913eeea43`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:19:29 +01:00
Thierry Foucu	28acce2861	imgutils: Fix illegal read. Found with address sanitizer. Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `c693aa6f71`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:18:17 +01:00
Justin Ruggles	7347205351	qdm2: check output buffer size before decoding (cherry picked from commit `7d49f79f1c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 08:55:55 +01:00
Laurent Aimar	0d93d5c461	Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `5a19acb17c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 08:55:55 +01:00
Laurent Aimar	a31ccacb1a	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `291d74a46d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 08:44:09 +01:00
Laurent Aimar	494cfacdb9	vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-03 21:07:07 +01:00
Sergiy Gur'yev	4f58d8ebc1	Fix adts format creation in aac+ encoder modified: libavcodec/libaacplus.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `32ed7da135`)	2011-11-24 14:53:04 +01:00
Michael Niedermayer	e66860a66b	Update for 0.8.7 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-21 20:00:52 +01:00
 @ -1 +1 @@
 .8.6
 .8.9