From a224b2cb30759264147abda4aeb59de21966265c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 6 Sep 2012 14:44:07 +0300 Subject: [PATCH 1/7] configure: Set the right cc_e flags for msvc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The default ones work, but outputs the preprocessed file on stdout (into config.log). Signed-off-by: Martin Storsjö --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 25a56e7043..1fe505c3f3 100755 --- a/configure +++ b/configure @@ -2317,6 +2317,7 @@ probe_cc(){ _ld_o='-Fe$@' fi _cc_o='-Fo $@' + _cc_e='-P -Fi $@' _flags_filter=msvc_flags _ld_lib='lib%.a' _ld_path='-libpath:' From 59383d574046616ede75e51eeb404c9eb8b56d40 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Wed, 5 Sep 2012 20:25:48 +0200 Subject: [PATCH 2/7] mpegvideo: set AVFrame fields to NULL after freeing the base memory Prevents dangling pointers and makes access after free more obvious. Setting AVFrame.qscale_table to NULL is required for successfully allocating a previously freed Picture with ff_alloc_picture(). --- libavcodec/mpegvideo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c index 718df8b63f..f51184f9f6 100644 --- a/libavcodec/mpegvideo.c +++ b/libavcodec/mpegvideo.c @@ -393,13 +393,16 @@ static void free_picture(MpegEncContext *s, Picture *pic) av_freep(&pic->mb_mean); av_freep(&pic->f.mbskip_table); av_freep(&pic->qscale_table_base); + pic->f.qscale_table = NULL; av_freep(&pic->mb_type_base); + pic->f.mb_type = NULL; av_freep(&pic->f.dct_coeff); av_freep(&pic->f.pan_scan); pic->f.mb_type = NULL; for (i = 0; i < 2; i++) { av_freep(&pic->motion_val_base[i]); av_freep(&pic->f.ref_index[i]); + pic->f.motion_val[i] = NULL; } if (pic->f.type == FF_BUFFER_TYPE_SHARED) { From 6ceef07b21a6b828d98f25edefb66e322a628667 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Delm=C3=A1s?= Date: Mon, 3 Sep 2012 17:28:01 +0200 Subject: [PATCH 3/7] mss2: do not try to read too many palette entries Reported by Michael Niedermayer Signed-off-by: Kostya Shishkov --- libavcodec/mss2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mss2.c b/libavcodec/mss2.c index ce3cfb8a7a..9914562da6 100644 --- a/libavcodec/mss2.c +++ b/libavcodec/mss2.c @@ -161,7 +161,7 @@ static int decode_pal_v2(MSS12Context *ctx, const uint8_t *buf, int buf_size) return 0; ncol = *buf++; - if (buf_size < 2 + ncol * 3) + if (ncol > ctx->free_colours || buf_size < 2 + ncol * 3) return -1; for (i = 0; i < ncol; i++) *pal++ = AV_RB24(buf + 3 * i); From 9699b3a2d7ebc62ae58c4e70997190f5f7b45d27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Delm=C3=A1s?= Date: Mon, 3 Sep 2012 17:32:01 +0200 Subject: [PATCH 4/7] mss12: avoid unnecessary division in arith*_get_bit() That division can be replaced with a comparison: ((c->value - c->low) << 1) + 1 >= range By expanding 'range' definition and simplifying this inequation we obtain the final expression. Suggested by Michael Niedermayer Signed-off-by: Kostya Shishkov --- libavcodec/mss12.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mss12.h b/libavcodec/mss12.h index 678a0c0dfb..f5d03662b8 100644 --- a/libavcodec/mss12.h +++ b/libavcodec/mss12.h @@ -103,7 +103,7 @@ av_cold int ff_mss12_decode_end(MSS12Context *ctx); static int arith ## VERSION ## _get_bit(ArithCoder *c) \ { \ int range = c->high - c->low + 1; \ - int bit = (((c->value - c->low) << 1) + 1) / range; \ + int bit = 2 * c->value - c->low >= c->high; \ \ if (bit) \ c->low += range >> 1; \ From 290d1022b2d90503735728d7feed35a53a69f631 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alberto=20Delm=C3=A1s?= Date: Mon, 3 Sep 2012 17:32:01 +0200 Subject: [PATCH 5/7] mss2: simplify loop in decode_rle() It calculates the sum of power of two series, which can be done in one step. Suggested by Michael Niedermayer Signed-off-by: Kostya Shishkov --- libavcodec/mss2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/mss2.c b/libavcodec/mss2.c index 9914562da6..fbdc72c5c7 100644 --- a/libavcodec/mss2.c +++ b/libavcodec/mss2.c @@ -335,8 +335,7 @@ static int decode_rle(GetBitContext *gb, uint8_t *pal_dst, int pal_stride, else repeat = get_bits(gb, b); - while (b--) - repeat += 1 << b; + repeat += (1 << b) - 1; if (last_symbol == -2) { int skip = FFMIN(repeat, pal_dst + w - pp); From 91a84a5247857d18b211f45129cf39b6788f0022 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Tue, 4 Sep 2012 22:01:38 +0200 Subject: [PATCH 6/7] af_asyncts: check return value from lavr when flushing. Fixes an infinite loop on flush when avresample_get_delay() still reports some samples but avresample_convert() doesn't return any data. --- libavfilter/af_asyncts.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavfilter/af_asyncts.c b/libavfilter/af_asyncts.c index f5d2798b30..0b8be8d557 100644 --- a/libavfilter/af_asyncts.c +++ b/libavfilter/af_asyncts.c @@ -133,8 +133,13 @@ static int request_frame(AVFilterLink *link) nb_samples); if (!buf) return AVERROR(ENOMEM); - avresample_convert(s->avr, (void**)buf->extended_data, buf->linesize[0], - nb_samples, NULL, 0, 0); + ret = avresample_convert(s->avr, (void**)buf->extended_data, + buf->linesize[0], nb_samples, NULL, 0, 0); + if (ret <= 0) { + avfilter_unref_bufferp(&buf); + return (ret < 0) ? ret : AVERROR_EOF; + } + buf->pts = s->pts; return ff_filter_samples(link, buf); } From 9afb7061f938831248942050cfdb449e014ed427 Mon Sep 17 00:00:00 2001 From: Samuel Pitoiset Date: Thu, 6 Sep 2012 12:46:37 +0200 Subject: [PATCH 7/7] mov_chan: Pass a separate AVIOContext for reading MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes crashes when called from rtpdec_qt, where AVFormatContext->pb is null, a crash present since 3bab7cd128. Signed-off-by: Martin Storsjö --- libavformat/cafdec.c | 2 +- libavformat/mov.c | 2 +- libavformat/mov_chan.c | 4 ++-- libavformat/mov_chan.h | 4 +++- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index 2b1744da03..b3cbb39a4c 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -268,7 +268,7 @@ static int read_header(AVFormatContext *s) break; case MKBETAG('c','h','a','n'): - if ((ret = ff_mov_read_chan(s, st, size)) < 0) + if ((ret = ff_mov_read_chan(s, s->pb, st, size)) < 0) return ret; break; diff --git a/libavformat/mov.c b/libavformat/mov.c index 99fd2af573..640377a134 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -583,7 +583,7 @@ static int mov_read_chan(MOVContext *c, AVIOContext *pb, MOVAtom atom) if (atom.size < 16) return 0; - ff_mov_read_chan(c->fc, st, atom.size - 4); + ff_mov_read_chan(c->fc, pb, st, atom.size - 4); return 0; } diff --git a/libavformat/mov_chan.c b/libavformat/mov_chan.c index 6daf7f1dbb..800bb102a0 100644 --- a/libavformat/mov_chan.c +++ b/libavformat/mov_chan.c @@ -543,9 +543,9 @@ uint32_t ff_mov_get_channel_layout_tag(enum AVCodecID codec_id, return tag; } -int ff_mov_read_chan(AVFormatContext *s, AVStream *st, int64_t size) +int ff_mov_read_chan(AVFormatContext *s, AVIOContext *pb, AVStream *st, + int64_t size) { - AVIOContext *pb = s->pb; uint32_t layout_tag, bitmap, num_descr, label_mask; int i; diff --git a/libavformat/mov_chan.h b/libavformat/mov_chan.h index 3972aa6178..3fae93961e 100644 --- a/libavformat/mov_chan.h +++ b/libavformat/mov_chan.h @@ -57,10 +57,12 @@ uint32_t ff_mov_get_channel_layout_tag(enum AVCodecID codec_id, * Read 'chan' tag from the input stream. * * @param s AVFormatContext + * @param pb AVIOContext * @param st The stream to set codec values for * @param size Remaining size in the 'chan' tag * @return 0 if ok, or negative AVERROR code on failure */ -int ff_mov_read_chan(AVFormatContext *s, AVStream *st, int64_t size); +int ff_mov_read_chan(AVFormatContext *s, AVIOContext *pb, AVStream *st, + int64_t size); #endif /* AVFORMAT_MOV_CHAN_H */