Luca Barbato
5b2a29552c
indeo: Reject impossible FRAMETYPE_NULL
...
A frame marked FRAMETYPE_NULL cannot be scalable and requires a
previous frame successfully decoded.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
f9e5261cab
indeo: Do not reference mismatched tiles
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
28dda8a691
indeo: Sanitize ff_ivi_init_planes fail paths
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
25a6666f6c
indeo: Bound-check before applying motion compensation
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
dc79685195
indeo: Bound-check before applying transform
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
6a10142faa
indeo: reject negative array indexes
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
6dfacd7ab1
indeo: Cosmetic formatting
...
Trim some overly long lines.
12 years ago
Luca Barbato
62256010e9
indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
...
Spin large and mostly self contained blocks into stand alone
functions.
12 years ago
Luca Barbato
f6f36ca8ca
indeo: Refactor ff_ivi_dec_huff_desc
...
Spare an indentation level.
12 years ago
Luca Barbato
e6d8acf6a8
indeo: use a typedef for the mc function pointer
12 years ago
Luca Barbato
b36e1893ef
indeo: check for reference when inheriting mvs
...
The same is done already for qdelta.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Luca Barbato
dd3754a488
indeo: use proper error code
12 years ago
Luca Barbato
7388c0c586
indeo: Properly forward the error codes
...
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
12 years ago
Kostya Shishkov
33f64fd5d5
indeo4: expand allowed quantiser range
...
Indeo 4 has quantiser range 0-31 instead of 0-23 for Indeo 5, and clipping
quantiser leads to incorrect quantisation and DC prediction on low-quality
videos.
This fixes bug 259.
12 years ago
Diego Biurrun
6fee1b90ce
avcodec: Add av_cold attributes to init functions missing them
12 years ago
Clément Bœsch
1ec94b0f06
lavc: factorize ff_{thread_,re,}get_buffer error messages.
...
Coccinelle profile used:
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_get_buffer(ctx, f, flags)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str;
@@
-if ((r = ff_reget_buffer(ctx, f)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_reget_buffer(ctx, f)) < 0)
+ return r;
@@
expression r, ctx, f, loglevel, str, flags;
@@
-if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0) {
- av_log(ctx, loglevel, str);
- return r;
-}
+if ((r = ff_thread_get_buffer(ctx, f, flags)) < 0)
+ return r;
...along with some manual patches for the remaining ones.
12 years ago
Anton Khirnov
3ba40ebb6c
ivi_common: do not call MC for intra frames when dc_transform is unset
...
CC:libav-stable@libav.org
12 years ago
Anton Khirnov
759001c534
lavc decoders: work with refcounted frames.
12 years ago
Michael Niedermayer
30872fa09b
ivi_common: Fix use of uninitialized warnings
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Anton Khirnov
deabb52ab4
ivi_common: check that scan pattern is set before using it.
...
Fixes CVE-2012-2791.
CC: libav-stable@libav.org
12 years ago
Anton Khirnov
07acdd651d
ivi_common: use proper logging context in ivi_decode_blocks().
12 years ago
Anton Khirnov
8ab42021f2
ivi_common: make some functions and tables static.
12 years ago
Anton Khirnov
df9b956751
lavc: fix decode_frame() third parameter semantics for video decoders
...
It's got_frame, not data size
12 years ago
Anton Khirnov
594d4d5df3
lavc: add a wrapper for AVCodecContext.get_buffer().
...
It will be useful in the upcoming transition to refcounted AVFrames.
12 years ago
Michael Niedermayer
0efcf16a3e
replace av_log(0, by av_log(NULL,
...
The first parameter is a pointer and NULL is more correct
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
dab70c62d2
ivi_common: check ref_tile size, fix out of array accesses
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
a93c7ca6ef
ivi_common: more MV Checks, fixes out of array reads
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
4c6e7c2d4d
ivi_common: dont dereference null pointers.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Michael Niedermayer
5eaeb4237b
ivi_common: dc_transform is needed for intra
...
Fixes CID90582 CID90536
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
12 years ago
Diego Biurrun
87cdd7c694
ivi_common: Drop unused function parameter from decode_band()
12 years ago
Diego Biurrun
d5c62122a7
Move av_reverse table to libavcodec
...
It is only used in that library.
12 years ago
Janne Grunau
6d556e8327
indeo4/5: remove constant parameter num_bands from wavelet recomposition
...
Fixes bogus uninitialized value compiler and coverity warnings.
12 years ago
Anton Khirnov
ae3da0ae55
indeo4/5: check empty tile size in decode_mb_info().
...
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2012-2800
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
12 years ago
Anton Khirnov
5d2170c53b
ivi_common: make ff_ivi_process_empty_tile() static.
...
It's not used outside of ivi_common.c
12 years ago
Michael Niedermayer
b146d74730
indeo4: update AVCodecContext width/height on size change
...
Fixes CVE-2012-2787
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
12 years ago
Michael Niedermayer
891918431d
indeo5dec: Make sure we have had a valid gop header.
...
This prevents decoding happening on a half initialized context.
Fixes CVE-2012-2779
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
12 years ago
Anton Khirnov
36ef5369ee
Replace all CODEC_ID_* with AV_CODEC_ID_*
12 years ago
Michael Niedermayer
8258697c49
ivi_common: skip null frames for all indeo variants
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Diego Biurrun
4f04f5cc8b
indeo: Make ivi_calc_band_checksum() static, it is only used in one file.
13 years ago
Diego Biurrun
9ccbdc0aca
indeo: Drop unused debug function ivi_check_band().
13 years ago
Kostya Shishkov
cf61aaaca1
indeo: check for invalid motion vectors
13 years ago
Kostya Shishkov
9603738221
indeo: check that band output buffer exists
13 years ago
Kostya Shishkov
23ba1503f2
indeo: clear allocated band buffers
13 years ago
Kostya Shishkov
a6e4ac40a6
indeo: track tile macroblock size
13 years ago
Kostya Shishkov
fe7a37c36f
indeo: check custom Huffman tables for errors
13 years ago
Kostya Shishkov
aa372cf470
factor out common decoding code for Indeo 4 and Indeo 5
13 years ago
Diego Biurrun
b1563d0cf9
ivi_common: Initialize a variable at declaration in ff_ivi_decode_blocks().
...
This simplifies the code a bit and avoids an uninitialized variable warning.
13 years ago
Michael Niedermayer
e531e73a6f
indeo: Make sure the to be used vlc table has been initilaized.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Michael Niedermayer
93927eb334
ff_ivi_decode_blocks: fix negative scan_pos case.
...
Fixes out of global array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
Michael Niedermayer
f0bf9e9c2a
indeo: Check allocated tile size in ff_ivi_process_empty_tile()
...
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago