This fixes race conditions that ultimately lead to memory corruption.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If the dummy frame are not created from a reference frame they could
be deleted untimely resulting in multithreaded decoder waiting on
the current frame to finish.
Noticed by Ronald S. Bultje in the RV34 decoder with a broken file.
The DC coefficient should be included, too.
This probably was missed because DC quantizer is always
even for MPEG-1/2 but this function is also used for MPEG-4.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
When either video dimension is only one macroblock, subtractions
based on v_edge_pos and the macroblock size may be negative. In
that situation, an unsigned comparison isn't sufficent to test for
MV overruns, because a limit of (unsigned)-1 will let any other
value pass.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Under certain conditions pictures could be released before they were
returned with frame-threading. Broken mv computation in the upcoming
rv34 frame-threading patch was caused by this.
To prevent contexts from running out of available pictures the loop
releasing "unused" pictures has to be run for B frames too.
Adds a new member to MpegEncContext to hold the number of used slice
contexts. Fixes segfaults with '-threads 17 -thread_type slice' and
fate-vsynth{1,2}-mpeg{2,4}thread{,_ilace} with --disable-pthreads.
This was intended as an optimisation for skipped blocks in MPEG2
P-frames and never used elsewhere. Removing this "optimisation"
speeds up MPEG2 decoding by 1-2% (ARM Cortex-A9).
Signed-off-by: Mans Rullgard <mans@mansr.com>
This reverts commit 4f820131fa.
It is better to abort() than to have remotly exploitable arbitrary code
execution bugs. Even more so that this abort has never been triggered
by any input people threw at it.
If after more extensive testing its removial is found safe we can remove
the abort() later.
Add AV_NUM_DATA_POINTERS to simplify the bump transition.
This will allow for supporting more planar audio channels without having to
allocate separate pointer arrays.
A new field, AVCodecContext.internal is used to hold a new struct
AVCodecInternal, which has private fields that are not codec-specific and are
used by general libavcodec functions.
Moved internal_buffer, internal_buffer_count, and is_copy.
This reverts commit 3fc0830432.
The revert is done because the reasoning behind the commit was
flawed, closed_gop is not mpeg1/2 specific.
Conflicts:
libavcodec/mpeg12.c
libavcodec/mpeg12.h
Replace our incomplete w32threads implementation with x264's pthreads
w32threads wrapper.
Relicensed to LGPL with kind permission by Pegasys Inc.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
The functions and tables initialised in this function rely on an
initialised DSPContext. Make sure they always have one.
Signed-off-by: Mans Rullgard <mans@mansr.com>