ffmpeg.git
4 years agoavfilter/af_asyncts: use llabs for int64_t
Ganesh Ajjanagadde [Sun, 6 Sep 2015 03:42:02 +0000 (20:42 -0700)]
avfilter/af_asyncts: use llabs for int64_t

long may not be 64 bit on all platforms; so labs on int64_t is unsafe.
This fixes a warning reported in:
http://fate.ffmpeg.org/log.cgi?time=20150905071512&log=compile&slot=i386-darwin-clang-polly-3.7

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d74123d03eb1047b844bc39fbde26f199c72cbcb)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/g2meet: Also clear tile dimensions on header_fail
Michael Niedermayer [Fri, 4 Sep 2015 10:11:46 +0000 (12:11 +0200)]
avcodec/g2meet: Also clear tile dimensions on header_fail

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fb0466699575724923aeddc4490302180dfdf4af)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/g2meet: Fix potential overflow in tile dimensions check
Michael Niedermayer [Fri, 4 Sep 2015 10:10:02 +0000 (12:10 +0200)]
avcodec/g2meet: Fix potential overflow in tile dimensions check

Fixes CID1322351

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71ec8e1ed6cf4947e204e3e4b5929a44c054f5fb)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/svq1dec: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:18:13 +0000 (01:18 +0200)]
avcodec/svq1dec: Check init_get_bits8() for failure

Fixes: CID1322313

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a51d4246d8ac96acee735e7e5dedb9d9ef27a594)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/tta: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:18:13 +0000 (01:18 +0200)]
avcodec/tta: Check init_get_bits8() for failure

Fixes: CID1322319

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f1593e4ca564cdb7f3194a9eee1dea16df41142d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoswresample/swresample: Fix integer overflow in seed calculation
Michael Niedermayer [Thu, 3 Sep 2015 07:22:31 +0000 (09:22 +0200)]
swresample/swresample: Fix integer overflow in seed calculation

Fixes CID1322333

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 32f53958b8f6ed4c3c2a7447c1e47d012796fae2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/mov: Fix integer overflow in FFABS
Michael Niedermayer [Thu, 3 Sep 2015 07:20:23 +0000 (09:20 +0200)]
avformat/mov: Fix integer overflow in FFABS

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 053e80f6eaf8d87521fe58ea96886b6ee0bbe59d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/common: Add FFNABS()
Michael Niedermayer [Thu, 3 Sep 2015 00:17:24 +0000 (02:17 +0200)]
avutil/common: Add FFNABS()

This macro avoids the undefined corner case with the *_MIN values

Previous version Reviewed-by: Ganesh Ajjanagadde <gajjanag@mit.edu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6cd614dac579850076ae312c29c4188f8659e46)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/common: Document FFABS() corner case
Michael Niedermayer [Thu, 3 Sep 2015 00:00:05 +0000 (02:00 +0200)]
avutil/common: Document FFABS() corner case

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 733511fb53fedd3adaaeabc5db9d0b29e71ea1d3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/dump: Fix integer overflow in aspect ratio calculation
Michael Niedermayer [Thu, 3 Sep 2015 00:49:44 +0000 (02:49 +0200)]
avformat/dump: Fix integer overflow in aspect ratio calculation

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d1bdaf3fb2c45020f72a378bb64eab1bf136581c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/truemotion1: Check for even width
Michael Niedermayer [Tue, 1 Sep 2015 02:57:22 +0000 (04:57 +0200)]
avcodec/truemotion1: Check for even width

Fixes out of array access
Fixes: 87196d8bbc633629fc9dd851fce73e70/asan_heap-oob_26f6853_862_cov_585961513_sonic3dblast_intro-partial.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63fb5a6aefb4223334001fd2c0d82a5e22e3b528)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/libopusenc: Fix infinite loop on flushing after 0 input
Michael Niedermayer [Thu, 27 Aug 2015 10:44:31 +0000 (12:44 +0200)]
avcodec/libopusenc: Fix infinite loop on flushing after 0 input

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6701c92fa4269872856c70c3170a9b3291b46247)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agodoc/filters/drawtext: fix centering example
Andrey Utkin [Tue, 1 Dec 2015 19:15:53 +0000 (21:15 +0200)]
doc/filters/drawtext: fix centering example

Signed-off-by: Andrey Utkin <andrey.od.utkin@gmail.com>
Signed-off-by: Lou Logan <lou@lrcd.com>
(cherry picked from commit 648b26acc5e25ab40c43fddc54b50e9f0b13ebd8)
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
4 years agoavcodec: avoid division by zero in avcodec_string
Andreas Cadhalpun [Thu, 26 Nov 2015 00:15:28 +0000 (01:15 +0100)]
avcodec: avoid division by zero in avcodec_string

Actually time_base should not be 0/0, but the proper fix is part of
commit 7ea1b34, which can't be backported, as it changes API.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agompegvideo: clear overread in clear_context
Andreas Cadhalpun [Sat, 14 Nov 2015 21:46:46 +0000 (22:46 +0100)]
mpegvideo: clear overread in clear_context

Otherwise the h263p decoder can try to copy overread bytes, even though
buffer is NULL.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 6a69a175e7b5c5393528ed0f5753e41573fa0df2)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agodvdsubdec: validate offset2 similar to offset1
Andreas Cadhalpun [Tue, 10 Nov 2015 21:14:39 +0000 (22:14 +0100)]
dvdsubdec: validate offset2 similar to offset1

If it is negative, it causes segmentation faults in decode_rle.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f621749d1181987b3f815c6766ea66d6c5d55198)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoavcodec/takdec: Use memove, avoid undefined memcpy() use
Michael Niedermayer [Sat, 7 Nov 2015 19:05:27 +0000 (20:05 +0100)]
avcodec/takdec: Use memove, avoid undefined memcpy() use

Fixes: e214333cbd94c91228e624ff39329ce6/asan_generic_4a5159_6412_96cda2530e80607210ab41ccae3d456d.tak

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cea3430a56fb0ff6ef60f08620fd3875e7bfeb6)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agojvdec: avoid unsigned overflow in comparison
Andreas Cadhalpun [Fri, 6 Nov 2015 20:04:34 +0000 (21:04 +0100)]
jvdec: avoid unsigned overflow in comparison

The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit db374790c75fa4ef947abcb5019fcf21d0b2de85)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoavcodec/mpeg12dec: Do not call show_bits() with invalid bits
Michael Niedermayer [Thu, 5 Nov 2015 23:56:04 +0000 (00:56 +0100)]
avcodec/mpeg12dec: Do not call show_bits() with invalid bits

Fixes assertion failure
Fixes: 63e50545709a6440d3d59f6426d58db9/signal_sigabrt_7ffff6ae7cc9_8189_3272a3010fd98ddf947c662bbde1ac13.ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 973c3dba27d0b1a88c70f6661b6a90d2f2e50665)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoopusdec: Don't run vector_fmul_scalar on zero length arrays
Kieran Kunhya [Mon, 26 Oct 2015 23:09:44 +0000 (23:09 +0000)]
opusdec: Don't run vector_fmul_scalar on zero length arrays

Fixes crashes on fuzzed files
Fixes Ticket4969 part2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3e5f15b95f04a35821f63f6fd89ddd60f666a59)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoavcodec/opusdec: Fix extra samples read index
Michael Niedermayer [Tue, 27 Oct 2015 00:18:22 +0000 (01:18 +0100)]
avcodec/opusdec: Fix extra samples read index

Fixes crash
Fixes Ticket4969 part 1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07225fa74f2cdb29d6d85fd33675539bfdfe9ea5)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoriffdec: prevent negative bit rate
Andreas Cadhalpun [Fri, 10 Jul 2015 22:09:46 +0000 (00:09 +0200)]
riffdec: prevent negative bit rate

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 189420cb561929e05f5cc4224cdca83740a24a32)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoMerge commit 'd80811c94e068085aab797f9ba35790529126f85'
Michael Niedermayer [Sun, 12 Jul 2015 13:21:15 +0000 (15:21 +0200)]
Merge commit 'd80811c94e068085aab797f9ba35790529126f85'

* commit 'd80811c94e068085aab797f9ba35790529126f85':
  riff: Use the correct logging context

Conflicts:
libavformat/asfdec_o.c
libavformat/avidec.c
libavformat/dxa.c
libavformat/matroskadec.c
libavformat/mov.c
libavformat/riff.h
libavformat/riffdec.c
libavformat/wavdec.c
libavformat/wtvdec.c
libavformat/xwma.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba77fb61f741d9ab3bd12935527556055b2ffb2e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoimc: use correct position for flcoeffs2 calculation
Andreas Cadhalpun [Fri, 10 Jul 2015 19:50:50 +0000 (21:50 +0200)]
imc: use correct position for flcoeffs2 calculation

flcoeffs2[pos] should be the log2 of flcoeffs1[pos].
flcoeffs1[0] can be 0 here, thus flcoeffs2[pos] gets set to -inf,
causing problems further down.

This seems to have been copied from imc_decode_level_coefficients in
commit 4eb4bb3 without updating the position.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 75fd5ce4c1c0b2d96d71c74b650cefaaef519d27)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agosnow: remove an obsolete av_assert2
Andreas Cadhalpun [Thu, 9 Jul 2015 17:50:34 +0000 (19:50 +0200)]
snow: remove an obsolete av_assert2

It asserts that the frame linesize is larger than 37, but it can be
smaller and decoding such frames works.

Before commit cc884a35 src_stride > 7*MB_SIZE was necessary, because the
blocks were interleaved in the tmp buffer and the last block was added
with an offset of 6*MB_SIZE.
It was changed for src_stride <= 7*MB_SIZE to write the blocks
sequentially, hence the larger tmp_step.
After that the assert was only necessary to make sure that the buffer
remained large enough.
Since commit bd2b6b33 s->scratchbuf is used as tmp buffer.
As part of commit 86e107a7 the minimal scratchbuf size was increased to
256*7*MB_SIZE, which is enough for any src_stride <= 7*MB_SIZE.

Also add a comment explaining the tmp_step calculation.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 3526a120f92929cb0a4009e403ee2f141030c487)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agowavpack: limit extra_bits to 32 and use get_bits_long
Andreas Cadhalpun [Thu, 2 Jul 2015 21:05:05 +0000 (23:05 +0200)]
wavpack: limit extra_bits to 32 and use get_bits_long

More than 32 bits can't be stored in an integer and get_bits should not
be used with more than 25 bits.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit d0eff8857ceff2601f85037c930cbe61a88b611e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agohuffyuvdec: validate image size
Andreas Cadhalpun [Sun, 28 Jun 2015 09:21:54 +0000 (11:21 +0200)]
huffyuvdec: validate image size

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 9a345802edf7f430b3335f486aecdd8552f8367b)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agowavpack: use get_bits_long to read up to 32 bits
Andreas Cadhalpun [Sat, 27 Jun 2015 18:16:12 +0000 (20:16 +0200)]
wavpack: use get_bits_long to read up to 32 bits

get_bits should not be used for more than 25 bits.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f9883a669c3df05a5c453428e080298c6511a17e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agonutdec: check maxpos in read_sm_data before returning success
Andreas Cadhalpun [Sat, 27 Jun 2015 15:50:56 +0000 (17:50 +0200)]
nutdec: check maxpos in read_sm_data before returning success

Otherwise sm_size can be larger than size, which results in a negative
packet size.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 6b9fdf7f4f07926557048070cc2af3cfd0e3fe50)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agos302m: fix arithmetic exception
Andreas Cadhalpun [Fri, 26 Jun 2015 17:31:03 +0000 (19:31 +0200)]
s302m: fix arithmetic exception

If nb_samples is zero, the bit_rate calculation results in a division by
zero.

Since ff_get_buffer fails if frame->nb_samples is zero, this can be
fixed by moving the bit_rate calculation after that function call.

That also makes it possible to reuse the already calculated
frame->nb_samples value.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 04dfbc9441beed93984568c1547f1ed588122627)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agompegaudiodec: copy AVFloatDSPContext from first context to all contexts
Andreas Cadhalpun [Thu, 25 Jun 2015 22:27:54 +0000 (00:27 +0200)]
mpegaudiodec: copy AVFloatDSPContext from first context to all contexts

This fixes a segfault when decoding multi-channel MP3onMP4 files.

This is similar to commit cb72230d for MPADSPContext.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 151dbe4579601a81662b4b366d0e10df3c00027a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agovc1dec: use get_bits_long and limit the read bits to 32
Andreas Cadhalpun [Thu, 25 Jun 2015 20:47:38 +0000 (22:47 +0200)]
vc1dec: use get_bits_long and limit the read bits to 32

get_bits should not be used with more than 25 bits.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 1f1e0a2971b2a01f275bb5088c2e36166514be64)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoavcodec/s302m: Only set the sample rate when some data is output
Michael Niedermayer [Fri, 5 Jun 2015 22:59:16 +0000 (00:59 +0200)]
avcodec/s302m: Only set the sample rate when some data is output

This way ffplay chooses the mp2 stream for Ticket3890

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 802cca5905abe1fe8392e85a812462b959889aaa)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agoavidec: check for valid bit_rate range
Andreas Cadhalpun [Mon, 4 May 2015 19:07:52 +0000 (21:07 +0200)]
avidec: check for valid bit_rate range

If bit_rate is negative, it can trigger an av_assert2 in av_rescale_rnd.

Since av_rescale returns int64_t, but st->codec_bit_rate is int, it can
also overflow into a negative value.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0eec40b713eee84e2aec8af35ccce059817cad2a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agovp9: add support for resolution changes in inter frames.
Ronald S. Bultje [Wed, 22 Apr 2015 00:54:51 +0000 (20:54 -0400)]
vp9: add support for resolution changes in inter frames.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e8b4f6d6befc5062db74916ea8a4d830e83022a8)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agovp9: avoid infinite loop with broken files
wm4 [Sat, 10 Jan 2015 17:00:08 +0000 (18:00 +0100)]
vp9: avoid infinite loop with broken files

With a certain fuzzed file, the parser will always return 0 consumed
bytes, which makes calling code call the parser infinitely. Return the
full packet size on error instead. (Here it would be nice if parsers
could return errors at all.)

Additionally, _if_ there's some data left, return that too, which might
help with somewhat broken but still somehow playable files.

Fixes ticket #4242.

Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 09b4ad15681be197fff8c57ce7c988a4718d6e03)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
4 years agovideodsp: don't overread edges in vfix3 emu_edge.
Ronald S. Bultje [Fri, 23 Oct 2015 15:11:53 +0000 (11:11 -0400)]
videodsp: don't overread edges in vfix3 emu_edge.

Fixes trac ticket 3226. Also see Andreas' analysis in
https://bugs.debian.org/801745, which was very helpful.
(cherry picked from commit 52f84d82bdf1851ecfcc412c1719e5f6f3396209)

4 years agoavformat/oggenc: Check segments_count for headers too
Michael Niedermayer [Thu, 27 Aug 2015 02:08:42 +0000 (04:08 +0200)]
avformat/oggenc: Check segments_count for headers too

Fixes infinite loop and segfault in ogg_buffer_data()
Fixes Ticket4806

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 81a8701eb52d2b6469ae16ef442ce425388141b7)

4 years agoavformat/avidec: Workaround broken initial frame
Michael Niedermayer [Tue, 15 Sep 2015 02:01:27 +0000 (04:01 +0200)]
avformat/avidec: Workaround broken initial frame

Fixes Ticket4851

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e2ef00394b8079e93835d47c993868229f07502)

4 years agohevc: properly handle no_rasl_output_flag when removing pictures from the DPB
Hendrik Leppkes [Sat, 12 Sep 2015 19:50:24 +0000 (21:50 +0200)]
hevc: properly handle no_rasl_output_flag when removing pictures from the DPB

Fixes ticket #4185.

Reviewed-By: Mickael Raulet <Mickael.Raulet@insa-rennes.fr>
Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com>
(cherry picked from commit 0118158efa8e45761f9f65a3bb74f33907bd2aec)

4 years agohevc: fix wpp threading deadlock.
Ronald S. Bultje [Sun, 20 Sep 2015 10:39:14 +0000 (12:39 +0200)]
hevc: fix wpp threading deadlock.

Fixes ticket 4258.
(cherry picked from commit 74e4948235bc8f8946eeca20525258bbf383f75d)

4 years agoavcodec/ffv1: seperate slice_count from max_slice_count
Michael Niedermayer [Thu, 24 Sep 2015 21:49:30 +0000 (23:49 +0200)]
avcodec/ffv1: seperate slice_count from max_slice_count

Fix segfault with too large slice_count
Fixes Ticket4879

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa6c43f3fdec8a7518534b9dab20c9eb4be11568)

Conflicts:
libavcodec/ffv1enc.c
libavcodec/ffv1.c

4 years agolavf/img2dec: Fix memory leak
Przemysław Sobala [Tue, 29 Sep 2015 13:25:07 +0000 (15:25 +0200)]
lavf/img2dec: Fix memory leak

Fixes #4886

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01dd7e025c246d9001f1a30f4a5d8fa2936d1a5e)

4 years agoavcodec/mp3: fix skipping zeros
wm4 [Wed, 30 Sep 2015 12:53:35 +0000 (14:53 +0200)]
avcodec/mp3: fix skipping zeros

Commits 43bc5cf9 and c5371f77 add code for skipping initial zeros in mp3
packets. This code forgot to report to the user that data was skipped at
all.

Since audio codecs allow partial packet decoding, the user application
has to rely on the return value. It will remove the data reported as
consumed by the decoder, and feed it to the decoder again. This resulted
in the mp3 frame after the zero region to be decoded over and over
again, until the zero region was finally skipped by the application.

Fix this by including the amount of skipped bytes to the number of
consumed bytes returned by the decode call.

Fixes trac ticket #4890.
(cherry picked from commit cb1da9fb8d71bb611a7b0028914c97afc3f5711d)

4 years agodoc: mention libavcodec can decode Opus natively
James Almer [Mon, 21 Sep 2015 02:20:43 +0000 (23:20 -0300)]
doc: mention libavcodec can decode Opus natively

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit fd9ac48dc8aebcbd601af34336234d5102b36e21)

4 years agoUpdate Changelog n2.4.11
Michael Niedermayer [Tue, 25 Aug 2015 00:40:41 +0000 (02:40 +0200)]
Update Changelog

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops
Michael Niedermayer [Mon, 24 Aug 2015 11:04:38 +0000 (13:04 +0200)]
avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee155c18a2c50b339ba5f6f223fbb6dc343fd471)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/hevc: Fix parsing errors
Arthur Grant [Mon, 24 Aug 2015 10:19:03 +0000 (12:19 +0200)]
avformat/hevc: Fix parsing errors

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 781efd07415cdf6f676cca5b22147e5d6be0a4c4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Use correct codec_id for av_parser_change() check
Michael Niedermayer [Fri, 21 Aug 2015 01:04:41 +0000 (03:04 +0200)]
ffmpeg: Use correct codec_id for av_parser_change() check

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 45f3d4e63e7807ff3d281f269625ed83f11e4cdc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Check av_parser_change() for failure
Michael Niedermayer [Fri, 21 Aug 2015 01:02:55 +0000 (03:02 +0200)]
ffmpeg: Check av_parser_change() for failure

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ac0ba6f233698f02ebb75b03242e94333dbe13d4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check
Michael Niedermayer [Fri, 21 Aug 2015 00:49:21 +0000 (02:49 +0200)]
avcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check

Fixes Ticket4778

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bb54b82b5094fd906aa28c0443be08c95662a31)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE
Michael Niedermayer [Fri, 21 Aug 2015 00:16:31 +0000 (02:16 +0200)]
ffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE

The null muxer has AVFMT_RAWPICTURE set but can be fed with non-raw material

related to Ticket4778

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8890941d63df786bb7a8cab92677416499bb7c3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: check avpicture_fill() return value
Michael Niedermayer [Fri, 21 Aug 2015 00:02:05 +0000 (02:02 +0200)]
ffmpeg: check avpicture_fill() return value

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15ff3f3fdfc788c0e4e584badd7ec300abfbd716)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoUpdate for 2.4.11
Michael Niedermayer [Thu, 20 Aug 2015 13:06:19 +0000 (15:06 +0200)]
Update for 2.4.11

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/mux: Update sidedata in ff_write_chained()
Michael Niedermayer [Thu, 20 Aug 2015 01:35:10 +0000 (03:35 +0200)]
avformat/mux: Update sidedata in ff_write_chained()

Fixes Ticket4777

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db91e0edb63afc682ae709f73e3732a4c832944d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/flashsvenc: Correct max dimension in error message
Michael Niedermayer [Sat, 15 Aug 2015 13:21:04 +0000 (15:21 +0200)]
avcodec/flashsvenc: Correct max dimension in error message

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1f59bb6606721ef5eeade4ada541630d51510fe)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/svq1enc: Check dimensions
Michael Niedermayer [Sat, 15 Aug 2015 12:54:36 +0000 (14:54 +0200)]
avcodec/svq1enc: Check dimensions

Fixes assertion failure

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 88fe45e0fe379d7ea86c8ac1e1e8cf2c3f62389f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/dcaenc: clear bitstream end
Michael Niedermayer [Tue, 4 Aug 2015 01:11:15 +0000 (03:11 +0200)]
avcodec/dcaenc: clear bitstream end

This avoids leaving uninitialized bits in the output

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e322b7061f873e8fd33b9e518caa19b87616a528)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agolibavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()
Emanuel Czirai [Sun, 2 Aug 2015 22:58:46 +0000 (00:58 +0200)]
libavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()

related to ticket4749

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ab1c57a64b629455805d7fa74a8a20c689fc1f6)

Conflicts:

libavcodec/aacdec_template.c
(cherry picked from commit dabb6dd98af52a22a922bca4a9196acf68b084dd)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agorawdec: fix mjpeg probing buffer size check
wm4 [Wed, 29 Jul 2015 20:33:44 +0000 (22:33 +0200)]
rawdec: fix mjpeg probing buffer size check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c6beaed9210f01290e5a5a4e377f93f145172cc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agorawdec: fix mjpeg probing
wm4 [Wed, 29 Jul 2015 20:11:18 +0000 (22:11 +0200)]
rawdec: fix mjpeg probing

There can be other headers than "Content-Type:" (in this case, a
"Content-Length:" header was following), so checking for a trailing
newline is wrong.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf51fcd304d5594a4d8eed2bedf0ef0f68fa65f8)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/vp8: Check buffer size in vp8_decode_frame_header()
Michael Niedermayer [Sat, 18 Jul 2015 17:18:24 +0000 (19:18 +0200)]
avcodec/vp8: Check buffer size in vp8_decode_frame_header()

avoids null pointer dereference
Fixes: signal_sigsegv_d5de40_964_vp80-00-comprehensive-010.ivf with memlimit of 1048576

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 599d746e07319dc792ed2e511b666fe482f1ff88)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free()
Michael Niedermayer [Sat, 18 Jul 2015 17:02:26 +0000 (19:02 +0200)]
avcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free()

Fixes: signal_sigsegv_d5de23_967_vp80_00_comprehensive_010.ivf with memlimit 524288

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a84f0e8d8f293df3c535f9b893730a835bed6520)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/diracdec: Check for hpel_base allocation failure
Michael Niedermayer [Sat, 18 Jul 2015 15:55:19 +0000 (17:55 +0200)]
avcodec/diracdec: Check for hpel_base allocation failure

Fixes null pointer dereference
Fixes: signal_sigsegv_b02a96_280_RL_420p_ffdirac.drc with memlimit of 67108864

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c5b712c0a643a039d6f34269b4102de313a050a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy()
Michael Niedermayer [Sat, 18 Jul 2015 09:24:45 +0000 (11:24 +0200)]
avcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy()

Avoids leaving stale pointers
Fixes: signal_sigabrt_7ffff70eccc9_819_sabtriple.rm with memlimit 536870912

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavfilter/af_aresample: Check ff_all_* for allocation failures
Michael Niedermayer [Fri, 17 Jul 2015 18:27:25 +0000 (20:27 +0200)]
avfilter/af_aresample: Check ff_all_* for allocation failures

Fixes: signal_sigabrt_7ffff70eccc9_498_divx502.avi with memlimit 1572864

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ea8a480832acad3095783bcb11d5f290bec56cf)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/pthread_frame: clear priv_data, avoid stale pointer in error case
Michael Niedermayer [Thu, 16 Jul 2015 09:52:33 +0000 (11:52 +0200)]
avcodec/pthread_frame: clear priv_data, avoid stale pointer in error case

Fixes: b4b47bc2b3fb7ca710bfffe5aa969e37_signal_sigabrt_7ffff70eccc9_744_nc_sample2.avi with memlimit of 4194304

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f1a38264f20382731cf2cc75fdd98f4c9a84a626)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoswscale/utils: Clear pix buffers
Michael Niedermayer [Wed, 15 Jul 2015 17:20:19 +0000 (19:20 +0200)]
swscale/utils: Clear pix buffers

Fixes use of uninitialized memory
Fixes: a96874b9466b6edc660a519c7ad47977_signal_sigsegv_7ffff713351a_744_nc_sample.avi with memlimit 2147483648

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5d44d5c220e12ca0cb7a4eceb0f74759cb13111)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/fifo: Fix the case where func() returns less bytes than requested in av_fifo_g...
Zhang Rui [Tue, 14 Jul 2015 06:47:26 +0000 (14:47 +0800)]
avutil/fifo: Fix the case where func() returns less bytes than requested in av_fifo_generic_write()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fcbea93cf8777bbef2a393d26942b5d3c70a448d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/mov: Fix deallocation when MOVStreamContext failed to allocate
Michael Niedermayer [Tue, 14 Jul 2015 12:14:16 +0000 (14:14 +0200)]
avformat/mov: Fix deallocation when MOVStreamContext failed to allocate

Fixes: 260813283176b57b3c9974fe284eebc3_signal_sigsegv_7ffff713351a_991_xtrem_e2_m64q15_a32sxx.3gp with memlimit of 262144

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15629129dde771446a005282ee33c4ea1199e696)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Fix cleanup with ost = NULL
Michael Niedermayer [Mon, 13 Jul 2015 21:33:18 +0000 (23:33 +0200)]
ffmpeg: Fix cleanup with ost = NULL

Fixes: 09e670595acbdafb226974b08dab66e3_signal_sigabrt_7ffff70eccc9_991_xtrem_e2_m64q15_a32sxx.3gp with memlimit of 1048576

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 503ec7139f887bf8ed8d57da07ce93c4e88447a6)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/pthread_frame: check avctx on deallocation
Michael Niedermayer [Mon, 13 Jul 2015 19:19:04 +0000 (21:19 +0200)]
avcodec/pthread_frame: check avctx on deallocation

Fixes null pointer dereferences
Fixes: af1a5a33e67e479f439239097bd0d4fd_signal_sigsegv_7ffff713351a_152_Dolby_Rain_Logo.pmp with memlimit of 8388608

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d346feafa817c4fbc30f7ed0b93b2dad6cef15b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/sanm: Reset sizes in destroy_buffers()
Michael Niedermayer [Mon, 13 Jul 2015 14:05:21 +0000 (16:05 +0200)]
avcodec/sanm: Reset sizes in destroy_buffers()

Fixes crash in 1288a2fe8e9ae6b00ca40e089d08ca65_signal_sigsegv_7ffff71426a7_354_accident.san with allocation limit 65536

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/alac: Clear pointers in allocate_buffers()
Michael Niedermayer [Mon, 13 Jul 2015 13:46:10 +0000 (15:46 +0200)]
avcodec/alac: Clear pointers in allocate_buffers()

Fixes: 06a4edb39ad8a9883175f9bd428334a2_signal_sigsegv_7ffff713351a_706_mov__alac__ALAC_6ch.mov

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7068bf277a37479aecde2832208d820682b35e6)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agobytestream2: set the reader to the end when reading more than available
Anton Khirnov [Fri, 10 Jul 2015 07:31:24 +0000 (09:31 +0200)]
bytestream2: set the reader to the end when reading more than available

This prevents possible infinite loops with the calling code along the
lines of while (bytestream2_get_bytes_left()) { ... }, where the reader
does not advance.

CC: libav-stable@libav.org
(cherry picked from commit 86eee85daddb682fa072c2e2657c90a514b855e3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/utils: use a minimum 32pixel width in avcodec_align_dimensions2() for H.264
Michael Niedermayer [Fri, 10 Jul 2015 00:01:17 +0000 (02:01 +0200)]
avcodec/utils: use a minimum 32pixel width in  avcodec_align_dimensions2() for H.264

Fixes Assertion failure
Found-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7ef6656b1e5bfbc7499013d3b38b093b6b2f31ec)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/mpegvideo: Clear pointers in ff_mpv_common_init()
Michael Niedermayer [Thu, 9 Jul 2015 20:16:15 +0000 (22:16 +0200)]
avcodec/mpegvideo: Clear pointers in ff_mpv_common_init()

This ensures that no stale pointers leak through on any path

Fixes: signal_sigsegv_c3097a_991_xtrem_e2_m64q15_a32sxx.3gp

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b160fc290cf49b516c5b6ee0730fd9da7fc623b1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agooggparsedirac: check return value of init_get_bits
Chris Watkins [Tue, 7 Jul 2015 17:23:44 +0000 (10:23 -0700)]
oggparsedirac: check return value of init_get_bits

If init_get_bits fails the GetBitContext is invalid and must not be
used. Check the return value in dirac_header and propogate the error.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4f5c2e651a95b950f6a3fb36f2342cbc32515f17)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agowmalosslessdec: reset frame->nb_samples on packet loss
Andreas Cadhalpun [Thu, 2 Jul 2015 22:02:44 +0000 (00:02 +0200)]
wmalosslessdec: reset frame->nb_samples on packet loss

Otherwise a frame with non-zero nb_samples but without any data can be
returned.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 42e7a5b3c704985c2c18970cc94a837b413df9d9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agowmalosslessdec: avoid reading 0 bits with get_bits
Andreas Cadhalpun [Thu, 2 Jul 2015 22:01:56 +0000 (00:01 +0200)]
wmalosslessdec: avoid reading 0 bits with get_bits

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f9020d514e9ed5043496a710b36daba1ab182e97)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/rawenc: Use ff_alloc_packet() instead of ff_alloc_packet2()
Michael Niedermayer [Sun, 5 Jul 2015 18:00:15 +0000 (20:00 +0200)]
avcodec/rawenc: Use ff_alloc_packet() instead of ff_alloc_packet2()

the later is not optimal when the buffer size is well known at allocation time

This avoids a memcpy()
Overall 2.5% speedup with a random 1920x1080 video

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 47496eb97cff8130991313d1b7292613620d8592)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/aacsbr: Assert that bs_num_env is positive
Michael Niedermayer [Wed, 1 Jul 2015 00:08:25 +0000 (02:08 +0200)]
avcodec/aacsbr: Assert that bs_num_env is positive

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e13a45b1a9a69456631e582bbb06954d169eb55)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/aacsbr: check that the element type matches before applying SBR
Michael Niedermayer [Wed, 1 Jul 2015 00:05:43 +0000 (02:05 +0200)]
avcodec/aacsbr: check that the element type matches before applying SBR

Fixes out of array access
Fixes: signal_sigsegv_3670fc0_2818_cov_2307326154_moon.mux

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 79a98294da6cd85f8c86b34764c5e0c43b09eea3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h
Michael Niedermayer [Tue, 30 Jun 2015 17:37:12 +0000 (19:37 +0200)]
avcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h

Fixes out of array access
Fixes: asan_heap-oob_4d5bb0_682_cov_3124593265_Fraunhofer__a_driving_force_in_innovation__small.mp4

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 330863c9f19a23c500ba7901a23f1cc377b353bb)

Conflicts:

libavcodec/h264_slice.c

4 years agovp9/update_prob: prevent out of bounds table read
James Zern [Tue, 30 Jun 2015 06:03:14 +0000 (23:03 -0700)]
vp9/update_prob: prevent out of bounds table read

the max value of the lookup in expanded form is:
(((1 << 7) - 1) << 1) - 65 + 1 + 64 = 254

add one entry of padding to inv_map_table[] to prevent out of bounds
access with non-conforming / fuzzed bitstreams

Signed-off-by: James Zern <jzern@google.com>
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91f860ea74e11e9178500fe8794c47f57dbf48c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavfilter/vf_transpose: Fix rounding error
Michael Niedermayer [Tue, 30 Jun 2015 14:01:15 +0000 (16:01 +0200)]
avfilter/vf_transpose: Fix rounding error

Fixes out of array access
Fixes: asan_heap-oob_7f875d_3482_cov_1818465256_ssudec.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0083c16605aa5997534e87e68f97ef85a8c3b7b8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/pngdec: Only allow one IHDR chunk
Michael Niedermayer [Mon, 29 Jun 2015 19:08:05 +0000 (21:08 +0200)]
avcodec/pngdec: Only allow one IHDR chunk

Multiple IHDR chunks are forbidden in PNG
Fixes inconsistency and out of array accesses

Fixes: asan_heap-oob_4d5c5a_1738_cov_2638287726_c-m2-8f2b481b7fd9bd745e620b7c01a18df2.png

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 47f4e2d8960ca756ca153ab8e3e93d80449b8c91)

Conflicts:

libavcodec/pngdec.c

4 years agowmavoice: limit wmavoice_decode_packet return value to packet size
Andreas Cadhalpun [Sun, 28 Jun 2015 10:40:12 +0000 (12:40 +0200)]
wmavoice: limit wmavoice_decode_packet return value to packet size

Claiming to have decoded more bytes than the packet size is wrong.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 2a4700a4f03280fa8ba4fc0f8a9987bb550f0d1e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/swscale_unscaled: Fix rounding difference with RGBA output between little...
Michael Niedermayer [Mon, 29 Jun 2015 11:51:43 +0000 (13:51 +0200)]
swscale/swscale_unscaled: Fix rounding difference with RGBA output between little and big endian

Fixes fate/dds-rgb16 on big endian

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f6ab967eae497733f6adc12b30075980fd6eea98)

Conflicts:

tests/ref/fate/dds-rgb16

4 years agoffmpeg: Do not use the data/size of a bitstream filter after failure
Michael Niedermayer [Wed, 24 Jun 2015 11:27:39 +0000 (13:27 +0200)]
ffmpeg: Do not use the data/size of a bitstream filter after failure

Found-by: Rodger Combs
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8f0f678f090d9939b0014ba85641e2cb83d39cb8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/x86/rgb2rgb_template: fix signedness of v in shuffle_bytes_2103_{mmx,mmxext}
James Almer [Tue, 23 Jun 2015 04:15:07 +0000 (01:15 -0300)]
swscale/x86/rgb2rgb_template: fix signedness of v in shuffle_bytes_2103_{mmx,mmxext}

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e22edbfd413242dda720dc5191fc00a51c24d74c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/x86/rgb2rgb_template: add missing xmm clobbers
James Almer [Tue, 23 Jun 2015 04:14:16 +0000 (01:14 -0300)]
swscale/x86/rgb2rgb_template: add missing xmm clobbers

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 910eeab48026060b5f7780b2560445c069eb4d6b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agovda: unlock the pixel buffer base address.
Sebastien Zwickert [Sat, 20 Jun 2015 11:19:29 +0000 (13:19 +0200)]
vda: unlock the pixel buffer base address.

The pixel buffer base address is never unlocked this causes
a bug with some pixel format types that are produced natively
by the hardware decoder: the first buffer was always used.
Unlock the pixel buffer base address fixes the issue.
(cherry picked from commit c06fdacc3dc706e70d953917fea845532d3703ca)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/rgb2rgb_template: Fix signedness of v in shuffle_bytes_2103_c()
Michael Niedermayer [Tue, 23 Jun 2015 03:09:11 +0000 (05:09 +0200)]
swscale/rgb2rgb_template: Fix signedness of v in shuffle_bytes_2103_c()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7604358018229f345dfdf88b16c8930a67984435)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/rgb2rgb_template: Implement shuffle_bytes_0321_c and fix shuffle_bytes_2103_c...
Michael Niedermayer [Tue, 23 Jun 2015 02:36:02 +0000 (04:36 +0200)]
swscale/rgb2rgb_template: Implement shuffle_bytes_0321_c and fix shuffle_bytes_2103_c on BE

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit abb833c5681b84d7025c083e2191140eaa30dca7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/rgb2rgb_template: Disable shuffle_bytes_2103_c on big endian
Michael Niedermayer [Mon, 22 Jun 2015 20:23:22 +0000 (22:23 +0200)]
swscale/rgb2rgb_template: Disable shuffle_bytes_2103_c on big endian

The function is specific to little endian

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4df3cf90bf7a54793e90304bd1b6c7599673f36a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswr: Remember previously set int_sample_format from user
Michael Niedermayer [Mon, 22 Jun 2015 16:27:27 +0000 (18:27 +0200)]
swr: Remember previously set int_sample_format from user

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d4325b2fea9e2f4f4a17d0b929f12425e9c39964)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agomatroskadec: check audio sample rate
Andreas Cadhalpun [Mon, 15 Jun 2015 18:59:22 +0000 (20:59 +0200)]
matroskadec: check audio sample rate

And default to 8000 if it is invalid.

An invalid sample rate can trigger av_assert2 in av_rescale_rnd.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 5b76c82fd7a5f4f36bb901b8c43d7f7319599599)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agomatroskadec: validate audio channels and bitdepth
Andreas Cadhalpun [Mon, 15 Jun 2015 19:06:51 +0000 (21:06 +0200)]
matroskadec: validate audio channels and bitdepth

In the TTA extradata re-construction the values are written with
avio_wl16 and if they don't fit into uint16_t, this triggers an
av_assert2 in avio_w8.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 92e79a2f7bf2f8bb0cb2d1a3e4d76737557071c4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/dpxenc: implement write16/32 as functions
Michael Niedermayer [Fri, 19 Jun 2015 14:46:06 +0000 (16:46 +0200)]
avcodec/dpxenc: implement write16/32 as functions

Fixes undefined behavior and segfault

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8edc17b639c4ac47913c467107ffb43c67c64890)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>