| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
It allows attaching other external, opaque data to the frame and passing it
through the reordering process, for cases when the caller wants other data
than just the plain packet pts. There is no way to cleanly achieve this
without the field.
|
| |
|
|
|
|
| |
Column and row frame packing arrangements were inverted.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The input data must remain constant, make a copy instead. This is in
theory a performance hit, but since I failed to find any samples
using this feature, this should not matter in practice.
Also, check the size of the header, avoiding invalid reads on truncated
data.
CC:libav-stable@libav.org
|
| |
|
|
|
|
|
| |
0 means no data consumed, so it can trigger an infinite loop in the
caller.
CC:libav-stable@libav.org
|
| |
|
|
|
|
|
| |
Fixes possible invalid memory accesses on corrupted data.
CC:libav-stable@libav.org
Bug-ID: CVE-2013-3674
|
| |
|
|
|
|
| |
Bug-Id: 721
CC: libav-stable@libav.org
Sample-Id: 31230.mov
|
| |
|
|
|
|
|
|
|
| |
Avoid out of array accesses.
CC: libav-stable@libav.org
Bug-Id: CVE-2013-0848
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
| |
|
|
|
|
|
|
|
| |
Fixes out of array accesses.
Bug-Id: CVE-2013-3672
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
| |
|
|
|
|
|
|
|
| |
Fixes corruption of context
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Bug-Id: CVE-2014-2098
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous implementation of the parser made four passes over each input
buffer (reduced to two if the container format already guaranteed the input
buffer corresponded to frames, such as with MKV). But these buffers are
often 200K in size, certainly enough to flush the data out of L1 cache, and
for many CPUs, all the way out to main memory. The passes were:
1) locate frame boundaries (not needed for MKV etc)
2) copy the data into a contiguous block (not needed for MKV etc)
3) locate the start codes within each frame
4) unescape the data between start codes
After this, the unescaped data was parsed to extract certain header fields,
but because the unescape operation was so large, this was usually also
effectively operating on uncached memory. Most of the unescaped data was
simply thrown away and never processed further. Only step 2 - because it
used memcpy - was using prefetch, making things even worse.
This patch reorganises these steps so that, aside from the copying, the
operations are performed in parallel, maximising cache utilisation. No more
than the worst-case number of bytes needed for header parsing is unescaped.
Most of the data is, in practice, only read in order to search for a start
code, for which optimised implementations already existed in the H264 codec
(notably the ARM version uses prefetch, so we end up doing both remaining
passes at maximum speed). For MKV files, we know when we've found the last
start code of interest in a given frame, so we are able to avoid doing even
that one remaining pass for most of the buffer.
In some use-cases (such as the Raspberry Pi) video decode is handled by the
GPU, but the entire elementary stream is still fed through the parser to
pick out certain elements of the header which are necessary to manage the
decode process. As you might expect, in these cases, the performance of the
parser is significant.
To measure parser performance, I used the same VC-1 elementary stream in
either an MPEG-2 transport stream or a MKV file, and fed it through avconv
with -c:v copy -c:a copy -f null. These are the gperftools counts for
those streams, both filtered to only include vc1_parse() and its callees,
and unfiltered (to include the whole binary). Lower numbers are better:
Before After
File Filtered Mean StdDev Mean StdDev Confidence Change
M2TS No 861.7 8.2 650.5 8.1 100.0% +32.5%
MKV No 868.9 7.4 731.7 9.0 100.0% +18.8%
M2TS Yes 250.0 11.2 27.2 3.4 100.0% +817.9%
MKV Yes 149.0 12.8 1.7 0.8 100.0% +8526.3%
Yes, that last case shows vc1_parse() running 86 times faster! The M2TS
case does show a larger absolute improvement though, since it was worse
to begin with.
This patch has been tested with the FATE suite (albeit on x86 for speed).
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
| |
|
|
|
|
|
| |
Initialise VC1DSPContext for parser as well as for decoder.
Note, the VC-1 code doesn't actually use the function pointer yet.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
| |
|
|
|
|
| |
This permits re-use with parsers for codecs which use similar start codes.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
| | |
|
| |
|
|
| |
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
The decoder was producing different results when ASM was disabled.
Based on a long debug session with Kostya.
|
| |
|
|
|
|
|
| |
The rationale is that you have a packed format in form
<greyscale sample> <alpha sample> <greyscale sample> <alpha sample>
and shortening greyscale to 'G' might make one thing about Greenscale instead.
An alias pixel format and color space name are provided for compatibility.
|
| |
|
|
| |
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
| |
|
|
|
|
|
|
|
|
| |
Bug-Id: CVE-2013-0868
inspired by a patch from Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Diego Biurrun <diego@biurrun.de>
CC: libav-stable@libav.org
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
| |
|
|
|
|
|
| |
llvm's integrated assembler does not accept spaces as macro argument
delimiter when targeting darwin. Using a explicit delimiter is a good
idea in principle since it makes case like 'macro 4 -2' vs 'macro 4 - 2'
clear.
|
| | |
|
| | |
|
| |
|
|
| |
This is cleaner and avoids a cast plus a related const qualifier warning.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Properly address CVE-2011-3946 and parse bitstream as described in the spec.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The Xvid IDCT is only required to decode some Xvid-encoded MPEG-4 files,
so there is no point in having it as an unconditional part of idctdsp.
|
| |
|
|
| |
This is how all the other init functions operate.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure the buffer size does not exceed the expected
RLE size.
Prevent an out of array bound write.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Bug-Id: CVE-2013-0852
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
| | |
|
| | |
|
| |
|
|
| |
Replace it by passing an additional parameter to transform_unit()
|
| |
|
|
|
| |
They are replaced by passing additional parameters to the transform
functions.
|
| |
|
|
| |
It does not need to be preserved.
|
| | |
|
| |
|
|
| |
We do not need to store the value of the split flag.
|
| |
|
|
| |
The rv20 typo spotted by Hendrik Leppkes <h.leppkes@gmail.com>
|
| | |
|
| |
|
|
|
|
| |
This is safer and possibly fixes invalid reads on truncated data.
CC:libav-stable@libav.org
|
