Up until now, av_aes_init() uses a->round_key[0].u8 + t
as dst of memcpy where it is intended for t to greater
than 16 (u8 is an uint8_t[16]); given that round_key itself
is an array, it is actually intended for the dst to be
in a latter round_key member. To do this properly,
just cast a->round_key to unsigned char*.
This fixes the srtp, aes, aes_ctr, mov-3elist-encrypted,
mov-frag-encrypted and mov-tenc-only-encrypted
FATE-tests with (Clang-)UBSan.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The AES code uses av_aes_block, a union consisting of
uint64_t[2], uint32_t[4], uint8_t[4][4] and uint8_t[16].
subshift() performs byte-wise manipulations of two av_aes_blocks,
but when encrypting, it does so with a shift of two bytes;
more precisely, it uses
"av_aes_block *s1 = (av_aes_block *) (s0[0].u8 - s)"
and lateron uses the uint8_t[16] member to access s0.
Yet av_aes_block requires to be suitably aligned for
the uint64_t[2] member, which s0[0].u8 - 2 is certainly
not. This is in violation of 6.3.2.3 (7) of C11. UBSan
reports this in the aes_ctr, mov-3elist-encrypted,
mov-frag-encrypted, mov-tenc-only-encrypted and srtp
tests.
Furthermore, there is another issue here: The pointer points
outside of s0; this works, because all the accesses lateron
use an index >= 3. (Clang-)UBSan reports this as
"runtime error: index -2 out of bounds for type 'uint8_t[16]'".
This commit fixes both of these issues: The latter issue
is fixed by applying an offset of "+ 3" during the cast
and subtracting this from the indices used lateron.
The former issue is solved by not casting to av_aes_block*
at all; instead simply cast to unsigned char*.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Some of these were made possible by moving several common macros to
libavutil/macros.h.
While just at it, also improve the other headers a bit.
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
* commit 'd12b5b2f135aade4099f4b26b0fe678656158c13':
build: Split test programs off into separate files
Some conversions done by: James Almer <jamrial@gmail.com>
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
These functions return an error typically when the key size is an
incorrect number. AVERROR(EINVAL) is more specific than -1.
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
This avoids a potential conflict with the equally named function from XOPEN
It also could reduce confusion in debugger backtraces
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
They are essential to be able to use the utils without av_malloc()
That is for example use with malloc(), memalign(), some other
private allocation function, on the stack or others.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e002e3291e6dc7953f843abf56fc14f08f238b21':
Use the new aes/md5/sha/tree allocation functions
avutil: Add functions for allocating opaque contexts for algorithms
svq3: fix pointer type warning
svq3: replace unsafe pointer casting with intreadwrite macros
parseutils-test: various cleanups
Conflicts:
doc/APIchanges
libavcodec/svq3.c
libavutil/parseutils.c
libavutil/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The current API where the plain size is exposed is not of much
use - in most cases it is allocated dynamically anyway.
If allocated e.g. on the stack via an uint8_t array, there's no
guarantee that the struct's members are aligned properly (unless
the array is overallocated and the opaque pointer within it
manually aligned to some unspecified alignment).
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master: (27 commits)
asfdec: add side data to ASFStream packet instead of output packet.
idroqdec: set AVFMTCTX_NOHEADER and create streams as they occur.
nellymoserdec: Indicate that the decoder can handle changed parameters
libavcodec: Apply parameter change side data when decoding audio
flvdec: Add param change side data if the sample rate or channels have changed
libavformat: Add a utility function for adding parameter change side data
libavcodec: Define a side data type for parameter changes
aacdec: Handle new extradata passed as side data
flvdec: Export new AAC/H.264 extradata as side data on the next packet
libavcodec: Define a side data type for new extradata
flacdec: skip all track indices at once instead of looping.
mxf: Add PictureEssenceCoding UL for V210.
mxfdec: consider QuantizationBits between 17 and 24 to be pcm_s24*
mxfenc: Add support for MPEG-2 MP@HL-14 in mxf container.
mxf: H.264/MPEG-4 AVC Intra support
configure: Show whether the safe bitstream reader is enabled
x86: Tighten register constraints for decode_significance*_x86.
Replace Subversion revisions in comments by Git hashes.
h264_cabac: synchronize decode_significance_*_x86 conditionals
w32threads: wait for the waked thread in pthread_cond_signal.
...
Conflicts:
libavcodec/avcodec.h
libavcodec/version.h
libavformat/flvdec.c
libavformat/utils.c
tests/ref/lavfi/pixdesc
tests/ref/lavfi/pixfmts_copy
tests/ref/lavfi/pixfmts_null
tests/ref/lavfi/pixfmts_scale
tests/ref/lavfi/pixfmts_vflip
Merged-by: Michael Niedermayer <michaelni@gmx.at>
For some of the code e.g. doing timing measurements there is no
real point in running regression testing on it, thus it should
not be counted against coverage.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* qatar/master: (29 commits)
doc: update libavfilter documentation
tls: Use the URLContext as logging context
aes: Avoid illegal read and don't generate more key than we use.
mpc7: Fix memset call in mpc7_decode_frame function
atrac1: use correct context for av_log()
apedec: consume the whole packet when copying to the decoder buffer.
apedec: do not needlessly copy s->samples to nblocks.
apedec: check output buffer size after calculating actual output size
apedec: remove unneeded entropy decoder normalization.
truespeech: use memmove() in truespeech_update_filters()
vorbisdec: remove AVCODEC_MAX_AUDIO_FRAME_SIZE check
vorbisdec: remove unneeded buf_size==0 check
vorbisdec: return proper error codes instead of made-up ones
http: Don't add a Range: bytes=0- header for POST
sunrast: Check for invalid/corrupted bitstream
http: Change the chunksize AVOption into chunked_post
http: Add encoding/decoding flags to the AVOptions
avconv: remove some codec-specific hacks
crypto: add decoding flag to options.
tls: use AVIO_FLAG_NONBLOCK instead of deprecated URL_FLAG_NONBLOCK
...
Conflicts:
doc/libavfilter.texi
libavcodec/atrac1.c
libavcodec/sunrast.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (36 commits)
ARM: allow unaligned buffer in fixed-point NEON FFT4
fate: test more FFT etc sizes
dca: set AVCodecContext frame_size for DTS audio
YASM: Shut up unused variable compiler warning with --disable-yasm.
x86_32: Fix build on x86_32 with --disable-yasm.
iirfilter: add fate test
doxygen: Add qmul docs.
ogg: propagate return values and return more meaningful error values
H.264: fix overreads of qscale_table
Remove unused static tables and static inline functions.
eval: clear Parser instances before using
dct-test: remove 'ref' function pointer from tables
build: Remove deleted 'check' target from .PHONY list.
oggdec: Abort Ogg header parsing when encountering a data packet.
Add LGPL license boilerplate to files lacking it.
mxfenc: small typo fix
doxygen: Fix documentation for some VP8 functions.
sha: use AV_RB32() instead of assuming buffer can be cast to uint32_t*
des: allow unaligned input and output buffers
aes: allow unaligned input and output buffers
...
Conflicts:
libavcodec/dct-test.c
libavcodec/libvpxenc.c
libavcodec/x86/dsputil_mmx.c
libavcodec/x86/h264_qpel_mmx.c
libavfilter/x86/gradfun.c
libavformat/oggdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (40 commits)
H.264: template left MB handling
H.264: faster fill_decode_caches
H.264: faster write_back_*
H.264: faster fill_filter_caches
H.264: make filter_mb_fast support the case of unavailable top mb
Do not include log.h in avutil.h
Do not include pixfmt.h in avutil.h
Do not include rational.h in avutil.h
Do not include mathematics.h in avutil.h
Do not include intfloat_readwrite.h in avutil.h
Remove return statements following infinite loops without break
RTSP: Doxygen comment cleanup
doxygen: Escape '\' in Doxygen documentation.
md5: cosmetics
md5: use AV_WL32 to write result
md5: add fate test
md5: include correct headers
md5: fix test program
doxygen: Drop array size declarations from Doxygen parameter names.
doxygen: Fix parameter names to match the function prototypes.
...
Conflicts:
libavcodec/x86/dsputil_mmx.c
libavformat/flvenc.c
libavformat/oggenc.c
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
cosmetics: fix some then/than typos
doxygen: Include libavcodec and libavformat examples into the documentation
avutil: elaborate documentation for av_get_random_seed
Add support for aac streams in mp4/mov without extradata.
aes: whitespace cosmetics
adler32: whitespace cosmetics
swscale: fix another yuv range conversion overflow in 16bit scaling.
Fix cpu flags test program
opt-test: Add missing braces to silence compiler warnings.
build: Eliminate obsolete test targets.
udp: Fix a compilation warning
swscale: Unbreak build with --enable-small
base64: add fate test
aes: improve test program and add fate test
adler32: make test program more useful and add fate test
swscale: fix yuv range correction when using 16-bit scaling.
aacenc: Make chan_map const correct
Conflicts:
Makefile
doc/examples/muxing-example.c
libavformat/udp.c
libavutil/random_seed.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Makes it give correct results with e.g. gcc 4.4.
For unknown reasons the generate asm code also changes
on e.g. gcc 4.3, making the code a bit larger but also
a bit faster.
Originally committed as revision 23896 to svn://svn.ffmpeg.org/ffmpeg/trunk
Andreas Rheinhardt
Derek Buitenhuis
Michael Niedermayer
Diego Biurrun
Rodger Combs
Ganesh Ajjanagadde
Vittorio Giovara
Michael Niedermayer
Janne Grunau
Martin Storsjö
Reimar Döffinger
Alex Converse
Mans Rullgard
Aurelien Jacobs