The issue is that:
float en[2];
...
tns->n_filt[w] = is8 ? 1 : order != TNS_MAX_ORDER ? 2 : 3;
for (g = 0; g < tns->n_filt[w]; g++) {
tns->direction[w][g] = slant != 2 ? slant : en[g] < en[!g];
When using the AAC Main profile, n_filt = 3, and slant is by
default 2 (normal long frames), g can go above 1.
en is the evolution of energy in the frequency domain for every
band at the given window. E.g. whether the energy is concentrated
at the top of each band, or the bottom.
For 2-pole filters, its straightforward.
For 3-pole filters, we need more than 2 measurements.
This commit properly implements support for 3-pole filters, by measuring
the band energy across three areas.
Do note that even xHE-AAC caps n_filt to 2, and only AAC Main allows
n_filt == 3.
Fixes https://trac.ffmpeg.org/ticket/11418
Add check for the return value of av_malloc_array() and av_calloc()
to avoid potential NULL pointer dereference.
Fixes: dcfd24b10c ("avcodec/alsdec: Implement floating point sample data decoding")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Happens since 4fc874ef08
when this code is called via error resilience.
Also do the same for wmv2dec.c.
Fixes the vsynth_{1,2,3,_lena}-mpeg4-error and wmv2-drm-dec FATE-tests.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The parameters here are not only unused, but buf_size's value
is actually wrong when flushing (it comes from the subpacket
of the last packet sent and is therefore outdated).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It is unused. Furthermore, this automatically fixes the issue
that init_get_bits() failure would lead to NULL + 0 (when
setting buffer_end) which is UB before C23. This happened
in the fic-avi and fic-avi-skip_cursor FATE-tests.
This saved 7296B of .text here.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: index 107 out of bounds for type 'uint16_t const[63]'
Fixes: 421336912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-6436225806565376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 33632416 * 64 cannot be represented in type 'int'
Fixes: 421817631/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APV_fuzzer-4957386534354944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reduces allocations on random input
Fixes: 421650030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-6144441767493632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 30 + 2147483647 cannot be represented in type 'int'
Fixes: 418335931/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV60_fuzzer-6568264620900352
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
In sunrast_decode_frame(), we use av_malloc_array() allocates memory
to ptr and ptr2. However if buf_end - buf < 1, this function returns
error code without freeing this memory thus cause a leak. Add av_freep()
before return.
Signed-off-by: Lidong Yan <502024330056@smail.nju.edu.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Instead of setting these unconditionally (they are always zero
for H.261, MPEG-1/2, RV30/40, VC-1), add a variant of
ff_mpeg_er_frame_start() that sets them and remove setting them
from ff_mpeg_er_frame_start(). Also pass these values via parameters
instead of reading them from the MPVContext itself.
This will allow to move them from MPVContext.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
It used to be a tri-state encoding both whether to use FLV picture
headers and whether to use the FLV way of encoding escape values,
but the former is now unnecessary due to the switch to a function
pointer for reading the header. So binarize h263_flv.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Instead add the necessary blocks directly into Mpeg12SliceContext.
This allows to completely remove MPVContext.block.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
These files currently rely on implicit inclusions of avassert.h
and/or mathops.h via get_bits.h.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Add a GetBitContext to H263DecContext instead. This is in preparation
for removing MpegEncContext.gb.
Also move last_resync_gb to H263DecContext.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Instead add the necessary blocks directly to H263DecContext
(only six are needed, not 12 as ff_mpv_common_init()
currently allocates).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
With the exception of mpeg4_decode_studio_mb(), all decode_mb
functions implicitly presumed that the block provided as
argument coincides with MpegEncContext.block (they zeroed the latter
and then used the former to decode the block); mpeg4_decode_studio_mb()
meanwhile did not use the provided block at all (it uses blocks of
int32_t). So remove said parameter.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
