ffmpeg.git
6 years agomov: Do not allow updating the time scale after it has been set
Martin Storsjö [Mon, 15 Jul 2013 14:13:54 +0000 (17:13 +0300)]
mov: Do not allow updating the time scale after it has been set

The time scale is set in mdhd, and later validated in the
enclosing trak atom once all of its children have been parsed.

A loose mdhd atom outside of a trak atom could update the time
scale of the last stream without any validation.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 31931520df35a6f9606fe8293c8a39e2d1fabedf)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agomov: Seek back if overreading an individual atom
Martin Storsjö [Mon, 15 Jul 2013 12:59:50 +0000 (15:59 +0300)]
mov: Seek back if overreading an individual atom

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5b4eb243bce10a3e8345401a353749e0414c54ca)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoac3dec: Don't consume more data than the actual input packet size
Martin Storsjö [Mon, 15 Jul 2013 08:28:46 +0000 (11:28 +0300)]
ac3dec: Don't consume more data than the actual input packet size

This was handled properly in the normal return case at the end
of the function, but not in this special case.

Returning a value larger than the input packet size can cause
problems for certain library users.

Returning the actual input buffer size unconditionally, since
it is not guaranteed that frame_size is set to a sensible
value at this point.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f24c12be7a3b3ea105e67bba9a867fe210a2333)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Reject impossible FRAMETYPE_NULL
Luca Barbato [Sun, 14 Jul 2013 16:16:56 +0000 (18:16 +0200)]
indeo: Reject impossible FRAMETYPE_NULL

A frame marked FRAMETYPE_NULL cannot be scalable and requires a
previous frame successfully decoded.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5b2a29552ca09edd4646b6aa1828b32912b7ab36)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Do not reference mismatched tiles
Luca Barbato [Sun, 14 Jul 2013 14:49:43 +0000 (16:49 +0200)]
indeo: Do not reference mismatched tiles

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f9e5261cab067be7278f73d515bc9b601eb56202)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Sanitize ff_ivi_init_planes fail paths
Luca Barbato [Sun, 14 Jul 2013 13:48:17 +0000 (15:48 +0200)]
indeo: Sanitize ff_ivi_init_planes fail paths

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 28dda8a691f1c723a4a9365ab85f9625f1330096)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo5: return proper error codes
Luca Barbato [Sun, 14 Jul 2013 12:41:56 +0000 (14:41 +0200)]
indeo5: return proper error codes

(cherry picked from commit b0eeb9d442e4b7e82f6797d74245434ea33110a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Bound-check before applying motion compensation
Luca Barbato [Sun, 14 Jul 2013 12:06:16 +0000 (14:06 +0200)]
indeo: Bound-check before applying motion compensation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 25a6666f6c07c6ac8449a63d7fbce0dfd29c54cd)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Bound-check before applying transform
Luca Barbato [Fri, 12 Jul 2013 12:33:24 +0000 (14:33 +0200)]
indeo: Bound-check before applying transform

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dc79685195a45c9b8b17d7b93d118e0aefa45462)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo4: Validate scantable dimension
Luca Barbato [Fri, 12 Jul 2013 16:10:05 +0000 (18:10 +0200)]
indeo4: Validate scantable dimension

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd78e934c246d1b2510f8fba0abfe40bb75795f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo4: Check the quantization matrix index
Luca Barbato [Fri, 12 Jul 2013 13:02:33 +0000 (15:02 +0200)]
indeo4: Check the quantization matrix index

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6255ccf7d51c82ab79bf0cd47a921f572dda4489)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo4: Do not access missing reference MV
Luca Barbato [Fri, 12 Jul 2013 12:32:03 +0000 (14:32 +0200)]
indeo4: Do not access missing reference MV

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8435bca087c0e79385763c51de009fd89390b6a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoac3dec: Increment channel pointers only once per channel
Martin Storsjö [Thu, 11 Jul 2013 13:30:18 +0000 (16:30 +0300)]
ac3dec: Increment channel pointers only once per channel

If the channel mapping map multiple output channels to one
input channel, we should only increment the actual pointer once.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 68e57cde68f3da4c557ca15491fda74d1ea6321e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agodca: Respect the current limits in the downmixing capabilities
Luca Barbato [Wed, 10 Jul 2013 17:00:15 +0000 (19:00 +0200)]
dca: Respect the current limits in the downmixing capabilities

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3802833bc1f79775a1547c5e427fed6e92b77e53)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agodca: Error out on missing DSYNC
Luca Barbato [Wed, 10 Jul 2013 16:07:45 +0000 (18:07 +0200)]
dca: Error out on missing DSYNC

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f261e508459e28beca59868a878e1519a44bb678)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agopcm: always use codec->id instead of codec_id
Luca Barbato [Wed, 10 Jul 2013 02:54:49 +0000 (04:54 +0200)]
pcm: always use codec->id instead of codec_id

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c82da343e635663605bd81c59d872bee3182da73)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agomlpdec: Do not set invalid context in read_restart_header
Luca Barbato [Wed, 10 Jul 2013 02:35:34 +0000 (04:35 +0200)]
mlpdec: Do not set invalid context in read_restart_header

The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e9d394f3fad7e8fd8fc80e3b33cb045bbaceb446)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/mlpdec.c

6 years agopcx: Do not overread source buffer in pcx_rle_decode
Luca Barbato [Sat, 29 Jun 2013 04:37:32 +0000 (06:37 +0200)]
pcx: Do not overread source buffer in pcx_rle_decode

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3abde1a3b49cf299f2aae4eaae6b6cb5270bdc22)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agowmavoice: conceal clearly corrupted blocks
Luca Barbato [Sat, 29 Jun 2013 03:29:54 +0000 (05:29 +0200)]
wmavoice: conceal clearly corrupted blocks

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d14a26edb7c4487df581f11e5c6911dc0e623d08)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoiff: Do not read over the source buffer
Luca Barbato [Sat, 29 Jun 2013 05:26:48 +0000 (07:26 +0200)]
iff: Do not read over the source buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7d65e960c72f36b73ae7fe84f8e427d758e61da9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: Conceal broken samples
Luca Barbato [Tue, 9 Jul 2013 12:59:33 +0000 (14:59 +0200)]
qdm2: Conceal broken samples

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4ecdb5ed44591aba8a0ddb7d443cace836f761f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: refactor joined stereo support
Luca Barbato [Tue, 9 Jul 2013 12:44:02 +0000 (14:44 +0200)]
qdm2: refactor joined stereo support

qdm2 does support only two channels. Loop over the run once.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit adadc3f2443d25b375e21e801516ccfd78e0b080)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoadpcm: Write the correct number of samples for ima-dk4
Luca Barbato [Sun, 7 Jul 2013 10:56:12 +0000 (12:56 +0200)]
adpcm: Write the correct number of samples for ima-dk4

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 12576afe206d35231ccd61f9033c5fdab6a11e80)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoimc: Catch a division by zero
Luca Barbato [Tue, 9 Jul 2013 07:18:16 +0000 (09:18 +0200)]
imc: Catch a division by zero

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bbf6a4aa20bfe3d7869b2218e66063602dfb8aa7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoatrac3: Error on impossible encoding/channel combinations
Luca Barbato [Tue, 9 Jul 2013 02:44:26 +0000 (04:44 +0200)]
atrac3: Error on impossible encoding/channel combinations

Joint stereo encoded mono is impossible.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoatrac3: set the getbits context the right buffer_end
Luca Barbato [Tue, 9 Jul 2013 02:20:23 +0000 (04:20 +0200)]
atrac3: set the getbits context the right buffer_end

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 22e76ec635bafdd1d1ec35581a7ac09e69e3c43e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoatrac3: fix error handling
Luca Barbato [Mon, 8 Jul 2013 23:03:13 +0000 (01:03 +0200)]
atrac3: fix error handling

decode_tonal_components returns a proper AVERROR.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 874c8a17ac9b04fb7ac23d003e54e3662dd23b4e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: check and reset dithering index per channel
Luca Barbato [Thu, 27 Jun 2013 00:50:52 +0000 (02:50 +0200)]
qdm2: check and reset dithering index per channel

Checking per subband would have the index exceed the
dithering noise table size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996641888d477a3981d609e79eeb69ea9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: formatting cosmetics
Luca Barbato [Thu, 27 Jun 2013 00:49:15 +0000 (02:49 +0200)]
qdm2: formatting cosmetics

Apply the usual style plus drop few unnecessary return at the end
of void functions.

(cherry picked from commit 76efedeadb1f6bf79020c44a71dd0cee13d932ad)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: use init_static_data
Luca Barbato [Thu, 27 Jun 2013 00:20:59 +0000 (02:20 +0200)]
qdm2: use init_static_data

(cherry picked from commit f054e309c58894450a5d18cce9799ef58aab9f14)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agowestwood_vqa: do not free extradata on error in read_header
Luca Barbato [Thu, 27 Jun 2013 02:30:20 +0000 (04:30 +0200)]
westwood_vqa: do not free extradata on error in read_header

The extradata is already freed by avformat_open_input on
failure.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 76f5dfbfd902178df4a38221a68dc8540189345a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agovqavideo: check the version
Luca Barbato [Thu, 27 Jun 2013 01:19:05 +0000 (03:19 +0200)]
vqavideo: check the version

Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c4abc9098cacb227dba39bac6aea16b2bceba0d0)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agormdec: Use the AVIOContext given as parameter in rm_read_metadata()
Michael Niedermayer [Mon, 1 Jul 2013 21:38:08 +0000 (23:38 +0200)]
rmdec: Use the AVIOContext given as parameter in rm_read_metadata()

This fixes crashes when playing back certain RealRTSP streams.

When invoked from the RTP depacketizer, the full realmedia
demuxer isn't invoked, but only certain functions from it, where
a separate AVIOContext is passed in as parameter (for the buffer
containing the data to parse). The functions called from within
those entry points should only be using that parameter, not
s->pb. In the depacketizer case, s is the RTSP context, where ->pb
is null.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d35b6cd3775456a23b63e73316e244b671caa02f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoavio: Handle AVERROR_EOF in the same way as the return value 0
Michael Niedermayer [Mon, 24 Jun 2013 12:23:44 +0000 (14:23 +0200)]
avio: Handle AVERROR_EOF in the same way as the return value 0

This makes sure the ffurl_read_complete function actually
returns the number of bytes read, as the documentation of the
function says, even if the underlying protocol uses AVERROR_EOF
instead of 0.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5d876be87a115b93dd2e644049e3ada2cfb5ccb7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agowtv: Mark attachment with a negative stream id
Luca Barbato [Mon, 24 Jun 2013 16:12:24 +0000 (18:12 +0200)]
wtv: Mark attachment with a negative stream id

A sid 0 would be mismatched to the attachment.

Prevent NULL pointer dereference.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f5e646a00ac21e500dae4bcceded790a0fbc5246)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoavconv: do not use lavfi direct rendering with -deinterlace
Anton Khirnov [Sun, 4 Aug 2013 16:57:39 +0000 (18:57 +0200)]
avconv: do not use lavfi direct rendering with -deinterlace

-deinterlace allocates a temporary buffer that is freed immediately
after the frame is sent to lavfi, which results in use after free.

Disable direct rendering when -deinterlace is used.

CC:libav-stable@libav.org
Bug-id: 479

6 years agoavidec: Let the inner dv demuxer take care of discarding
Luca Barbato [Sat, 27 Jul 2013 13:48:41 +0000 (15:48 +0200)]
avidec: Let the inner dv demuxer take care of discarding

(cherry picked from commit c8f0b20b4a6bb6691928789d83e4b)

CC: libav-stable@libav.org
6 years agoUpdate Changelog
Reinhard Tartler [Sat, 6 Jul 2013 11:20:57 +0000 (13:20 +0200)]
Update Changelog

6 years agokmvc: Clip pixel position to valid range
Luca Barbato [Mon, 1 Jul 2013 01:05:41 +0000 (03:05 +0200)]
kmvc: Clip pixel position to valid range

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4e7f0b082d8c4b360312216b9241bec65ff63b35)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agokmvc: use fixed sized arrays in the context
Luca Barbato [Mon, 1 Jul 2013 01:04:15 +0000 (03:04 +0200)]
kmvc: use fixed sized arrays in the context

Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit 8f689770548c86151071ef976cf9b6998ba21c2a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/kmvc.c

6 years agoindeo: reject negative array indexes
Luca Barbato [Wed, 3 Jul 2013 12:55:50 +0000 (14:55 +0200)]
indeo: reject negative array indexes

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6a10142faa1cca8ba2bfe51b970754f62d60f320)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Cosmetic formatting
Luca Barbato [Wed, 3 Jul 2013 12:01:32 +0000 (14:01 +0200)]
indeo: Cosmetic formatting

Trim some overly long lines.

(cherry picked from commit 6dfacd7ab126aea1392949d1aa10fdc3d3eeb911)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
Luca Barbato [Wed, 3 Jul 2013 11:59:16 +0000 (13:59 +0200)]
indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks

Spin large and mostly self contained blocks into stand alone
functions.

(cherry picked from commit 62256010e9bc8879e2bf7f3b94af8ff85e239082)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Refactor ff_ivi_dec_huff_desc
Luca Barbato [Wed, 3 Jul 2013 10:58:40 +0000 (12:58 +0200)]
indeo: Refactor ff_ivi_dec_huff_desc

Spare an indentation level.

(cherry picked from commit f6f36ca8ca1b2526d3abff7d7c627322d3bce912)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: use a typedef for the mc function pointer
Luca Barbato [Wed, 3 Jul 2013 09:18:30 +0000 (11:18 +0200)]
indeo: use a typedef for the mc function pointer

(cherry picked from commit e6d8acf6a8fba4743eb56eabe72a741d1bbee3cb)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: use proper error code
Luca Barbato [Sun, 30 Jun 2013 08:11:05 +0000 (10:11 +0200)]
indeo: use proper error code

(cherry picked from commit dd3754a48854cd570d38db72394491aab0f36570)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoUpdate Changelog
Reinhard Tartler [Sat, 6 Jul 2013 11:20:57 +0000 (13:20 +0200)]
Update Changelog

6 years agoindeo: check for reference when inheriting mvs
Luca Barbato [Sun, 30 Jun 2013 08:40:37 +0000 (10:40 +0200)]
indeo: check for reference when inheriting mvs

The same is done already for qdelta.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b36e1893ef3430f039c1eaddeedcbb378f9c4444)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: use proper error code
Luca Barbato [Sun, 30 Jun 2013 08:11:05 +0000 (10:11 +0200)]
indeo: use proper error code

(cherry picked from commit dd3754a48854cd570d38db72394491aab0f36570)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: Properly forward the error codes
Luca Barbato [Sun, 30 Jun 2013 07:57:56 +0000 (09:57 +0200)]
indeo: Properly forward the error codes

If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpeg: Check the unescaped size for overflows
Luca Barbato [Sat, 29 Jun 2013 04:07:57 +0000 (06:07 +0200)]
mjpeg: Check the unescaped size for overflows

And contextually check init_get_bits success and fix the reporting
message.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6765ee7b9cba46818a45b051438b2552f0a1b70a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/mjpegdec.c

6 years agowmapro: error out on impossible scale factor offsets
Luca Barbato [Sat, 29 Jun 2013 00:16:50 +0000 (02:16 +0200)]
wmapro: error out on impossible scale factor offsets

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 02ec656af72030eea4f3d63e30b25625cce6a3df)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmapro: check the min_samples_per_subframe
Luca Barbato [Fri, 28 Jun 2013 23:56:09 +0000 (01:56 +0200)]
wmapro: check the min_samples_per_subframe

Must be at least WMAPRO_BLOCK_MIN_SIZE.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408da4bd63acc02cd8f9ebe378a2ad65a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmapro: return early on unsupported condition
Luca Barbato [Fri, 28 Jun 2013 03:21:33 +0000 (05:21 +0200)]
wmapro: return early on unsupported condition

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6652338f43ef623045912d7f28b61adea05d27ae)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wmaprodec.c

6 years agowmapro: check num_vec_coeffs against the actual available buffer
Luca Barbato [Fri, 28 Jun 2013 03:23:21 +0000 (05:23 +0200)]
wmapro: check num_vec_coeffs against the actual available buffer

Prevent yet another buffer overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 38229362529ed1619d8ebcc81ecde85b23b45895)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmapro: make sure there is room to store the current packet
Luca Barbato [Fri, 28 Jun 2013 02:03:47 +0000 (04:03 +0200)]
wmapro: make sure there is room to store the current packet

Prevent horrid and hard to trace struct overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e30b068ef79f604ff439418da07f7e2efd01d4ea)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolavc: move put_bits_left in put_bits.h
Luca Barbato [Fri, 28 Jun 2013 01:40:35 +0000 (03:40 +0200)]
lavc: move put_bits_left in put_bits.h

(cherry picked from commit afe03092dd693d025d43e1620283d8d285c92772)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years ago4xm: do not overread the source buffer in decode_p_block
Luca Barbato [Sun, 9 Jun 2013 16:27:05 +0000 (18:27 +0200)]
4xm: do not overread the source buffer in decode_p_block

Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 94aefb1932be882fd93f66cf790ceb19ff575c19)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years ago4xm: check bitstream_size boundary before using it
Luca Barbato [Mon, 10 Jun 2013 14:37:43 +0000 (16:37 +0200)]
4xm: check bitstream_size boundary before using it

Prevent buffer overread.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 59d7bb99b6a963b7e11c637228b2203adf535eee)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoPrepare for 9.8 RELEASE
Reinhard Tartler [Sun, 30 Jun 2013 14:03:11 +0000 (16:03 +0200)]
Prepare for 9.8 RELEASE

6 years agoupdate Changelog
Reinhard Tartler [Sun, 16 Jun 2013 17:31:58 +0000 (19:31 +0200)]
update Changelog

6 years agosmacker: check frame size validity
Kostya Shishkov [Wed, 12 Jun 2013 12:30:51 +0000 (14:30 +0200)]
smacker: check frame size validity

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 07423ad7836325e03894f2f87ba46a531a1cc0b3)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agosmacker: pad the extradata allocation
Kostya Shishkov [Wed, 12 Jun 2013 12:28:07 +0000 (14:28 +0200)]
smacker: pad the extradata allocation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 4c22baf65363433f8c20efd1022b4ba2d8cf2288)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agosmacker: check the return value of smacker_decode_tree
Kostya Shishkov [Wed, 12 Jun 2013 12:27:00 +0000 (14:27 +0200)]
smacker: check the return value of smacker_decode_tree

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a2f9937bb04b23a341b0ec0eb1d923bbeb420277)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agosmacker: fix an off by one in huff.length computation
Kostya Shishkov [Wed, 12 Jun 2013 12:22:24 +0000 (14:22 +0200)]
smacker: fix an off by one in huff.length computation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ee205588b250fe5cae0681be8eba51a5403c3272)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: do not overread the prestream buffer
Luca Barbato [Fri, 7 Jun 2013 14:18:22 +0000 (16:18 +0200)]
4xm: do not overread the prestream buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit be373cb50d3c411366fec7eef2eb3681abe48f96)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: validate the buffer size before parsing it
Luca Barbato [Fri, 7 Jun 2013 14:16:46 +0000 (16:16 +0200)]
4xm: validate the buffer size before parsing it

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit de2e5777e225e75813daf2373c95e223651fd89a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: reject frames not compatible with the declared version
Luca Barbato [Thu, 6 Jun 2013 14:58:57 +0000 (16:58 +0200)]
4xm: reject frames not compatible with the declared version

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 145023f57262d21474e35b4a6069cf95136339d4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: drop pointless assert
Luca Barbato [Thu, 6 Jun 2013 12:21:19 +0000 (14:21 +0200)]
4xm: drop pointless assert

Make sure the value of wlog2 is always between 0 and 3.
(cherry picked from commit 1f0c6075604c271d5627480f1243d22795f9a315)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: forward errors from decode_p_block
Luca Barbato [Wed, 5 Jun 2013 20:33:34 +0000 (22:33 +0200)]
4xm: forward errors from decode_p_block

Partially mitigate out of memory writes.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b8b809908ec547b2609dbac24194f4fd2df61aea)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: fold last_picture lazy allocation in decode_p_frame
Luca Barbato [Wed, 5 Jun 2013 18:30:48 +0000 (20:30 +0200)]
4xm: fold last_picture lazy allocation in decode_p_frame

(cherry picked from commit 50ec1db62d977b6e864f315a53c1c580a6d7efa4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/4xm.c

6 years ago4xm: do not overread while parsing header
Luca Barbato [Wed, 5 Jun 2013 16:56:28 +0000 (18:56 +0200)]
4xm: do not overread while parsing header

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 42d73f7f6bea0ee0f64a3ad4882860ce5b923a11)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: refactor fourxm_read_header
Luca Barbato [Wed, 5 Jun 2013 16:45:45 +0000 (18:45 +0200)]
4xm: refactor fourxm_read_header

Split sound and video tag parsing in separate functions.
(cherry picked from commit e7a44f87d07655ec0cd31c315936931674434340)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/4xm.c

6 years ago4xm: K&R formatting cosmetics
Luca Barbato [Wed, 5 Jun 2013 15:32:49 +0000 (17:32 +0200)]
4xm: K&R formatting cosmetics

(cherry picked from commit e6496ea7e7ea7355167a1ccbe67a7199d446a654)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: use the correct logging context
Luca Barbato [Wed, 5 Jun 2013 15:12:16 +0000 (17:12 +0200)]
4xm: use the correct logging context

(cherry picked from commit 08859d19b429c522d6494c186656f4a2d3ff8e21)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agotiff: do not overread the source buffer
Luca Barbato [Mon, 3 Jun 2013 02:53:02 +0000 (04:53 +0200)]
tiff: do not overread the source buffer

At least 2 bytes from the source are read every loop.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9c2216976907336dfae0e8e38a4d70ca2465a92c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/tiff.c

6 years agoapetag: use int64_t for filesize
Anton Khirnov [Wed, 29 May 2013 14:18:40 +0000 (16:18 +0200)]
apetag: use int64_t for filesize

CC: libav-stable@libav.org
(cherry picked from commit e816aaacd68201b67182f9c70dc680e89a0123e9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agovmd: refactor the inner decode loop
Luca Barbato [Tue, 28 May 2013 20:09:59 +0000 (22:09 +0200)]
vmd: refactor the inner decode loop

Simplify a little, assume empty frames are acceptable and
do not pointlessly reinit the bytestream2 contexts using
possibly wrong size values.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 676da248cad49debc40720baa13214f0b94dcc71)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/vmdav.c

6 years agovmd: use the PALETTE_COUNT constant uniformly
Luca Barbato [Tue, 28 May 2013 21:49:43 +0000 (23:49 +0200)]
vmd: use the PALETTE_COUNT constant uniformly

While at it drop useless parentheses.
(cherry picked from commit 91a6944e56236234f0a7ba162404665753cbcb51)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agovmd: drop incomplete chunks and spurious samples
Luca Barbato [Wed, 29 May 2013 14:59:13 +0000 (16:59 +0200)]
vmd: drop incomplete chunks and spurious samples

Odd chunk size makes no sense for stereo and incomplete chunks are
not supported.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 701966730ce10290fd49c5ccedd73f505680f764)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agovmd: return meaningful errors
Luca Barbato [Tue, 28 May 2013 20:00:12 +0000 (22:00 +0200)]
vmd: return meaningful errors

CC: libav-stable@libav.org
(cherry picked from commit c8f3cb9119c2183680d44a509a1b5a9817a3bee9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/vmdav.c

6 years agovmdav: convert to bytestream2
Alexandra Khirnova [Wed, 13 Mar 2013 12:54:27 +0000 (13:54 +0100)]
vmdav: convert to bytestream2

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0afcf97e1ece51d29bb791698b00cd1b7ba97dcf)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/vmdav.c

6 years agowavpack: use bytestream2 in wavpack_decode_block
Luca Barbato [Wed, 22 May 2013 10:27:04 +0000 (12:27 +0200)]
wavpack: use bytestream2 in wavpack_decode_block

Prevent most out of buffer reads.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3f0b6d7a6248a33df37b98cfcb37a1acce263f62)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c

6 years agowavpack: return meaningful errors
Luca Barbato [Fri, 17 May 2013 16:28:33 +0000 (18:28 +0200)]
wavpack: return meaningful errors

And forward those that were already meaningful.
(cherry picked from commit 8c34558131d846d2b10389564caadaa206372fd4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c

6 years agowavpack: check packet size early
Luca Barbato [Wed, 22 May 2013 10:51:42 +0000 (12:51 +0200)]
wavpack: check packet size early

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd06291239c1bb616bf303b5696cc432710b2530)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agopixdesc: mark gray8 as pseudopal
Anton Khirnov [Sat, 4 May 2013 11:57:32 +0000 (13:57 +0200)]
pixdesc: mark gray8 as pseudopal

Many functions treat it as such already.
Fixes Bug 499.

CC:libav-stable@libav.org
(cherry picked from commit f36d7831d96aeb072db5a2b78892a534d96e288e)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac
Luca Barbato [Wed, 15 May 2013 16:41:41 +0000 (18:41 +0200)]
mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac

Prevent out of buffer write when decoding broken samples.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cfbd98abe82cfcb9984a18d08697251b72b110c8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpeg: Validate sampling factors
Luca Barbato [Mon, 13 May 2013 17:32:04 +0000 (19:32 +0200)]
mjpeg: Validate sampling factors

They must be non-zero.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8aa3500905fec6c4e657bb291b861d43c34d3de9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoljpeg: use the correct number of components in yuv
Luca Barbato [Tue, 14 May 2013 14:20:14 +0000 (16:20 +0200)]
ljpeg: use the correct number of components in yuv

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit a030279a67ef883df8cf3707774656fa1be81078)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowavpack: validate samples size parsed in wavpack_decode_block
Luca Barbato [Fri, 17 May 2013 16:29:15 +0000 (18:29 +0200)]
wavpack: validate samples size parsed in wavpack_decode_block

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit ed50673066956d6f2201a57c3254569f2ab08d9d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c

6 years agojpegls: check the scan offset
Luca Barbato [Fri, 17 May 2013 11:08:55 +0000 (13:08 +0200)]
jpegls: check the scan offset

Prevent an out of array bound write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit abad374909e6416e941351094f4f1446a71f8d23)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/jpeglsdec.c

6 years agojpegls: factorize return paths
Reinhard Tartler [Fri, 31 May 2013 20:36:47 +0000 (22:36 +0200)]
jpegls: factorize return paths

Conflicts:
libavcodec/jpeglsdec.c

(cherry picked from commit 4a4107b48944397c914aa39ee16a82fe44db8c4c)

6 years agojpegls: return meaningful errors
Luca Barbato [Fri, 17 May 2013 10:36:06 +0000 (12:36 +0200)]
jpegls: return meaningful errors

(cherry picked from commit a5a0ef5e13a59ff53318a45d77c5624b23229c6f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/jpeglsdec.c

6 years agompegvideo: allocate sufficiently large scratch buffer for interlaced vid
Jindrich Makovicka [Thu, 16 May 2013 14:49:28 +0000 (16:49 +0200)]
mpegvideo: allocate sufficiently large scratch buffer for interlaced vid

MPV_decode_mb_internal needs 3 * 16 * linesize bytes of scratch buffer

For interlaced content, linesize is multiplied by two after the allocation
of the scratch buffer, and the dest_cr pointer ends past the buffer.

This patch makes ff_mpv_frame_size_alloc allocate a total of
(aligned line_size) * 2 * 16 * 3 bytes, which suffices even for the
interlaced case.

CC:libav-stable@libav.org

Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 259af1b92370b32f6d0b9a6de314db4b44c2481d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpegdec: properly report unsupported disabled features
Luca Barbato [Tue, 14 May 2013 13:27:26 +0000 (15:27 +0200)]
mjpegdec: properly report unsupported disabled features

When JPEG-LS support is disabled the decoder would feed the
data to the JPEG Lossless decode_*_scan function resulting in
faulty decoding.

CC: libav-stable@libav.org
(cherry picked from commit b25e49b187617c486ae3f50a5cbb356fc0e868bb)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoPrepare for 9.7 Release
Reinhard Tartler [Fri, 31 May 2013 21:00:19 +0000 (23:00 +0200)]
Prepare for 9.7 Release

6 years agoupdate Changelog
Reinhard Tartler [Sun, 12 May 2013 06:39:07 +0000 (08:39 +0200)]
update Changelog

6 years agoproresdec: support mixed interlaced/non-interlaced content
Michael Smith [Mon, 21 Jan 2013 18:40:35 +0000 (19:40 +0100)]
proresdec: support mixed interlaced/non-interlaced content

Set interlaced to false if we don't have an interlaced frame

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0881cbf314982cce8448bd12644ce2a6e0b8c576)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoupdate Changelog
Reinhard Tartler [Sat, 11 May 2013 09:51:47 +0000 (11:51 +0200)]
update Changelog

6 years agoaf_asyncts: fix offset calculation
Anton Khirnov [Wed, 8 May 2013 19:44:20 +0000 (21:44 +0200)]
af_asyncts: fix offset calculation

delta is in samples, not bytes. Also the sample format is not guaranteed
to be planar.

CC:libav-stable@libav.org
(cherry picked from commit 16a4a18db089af8c432f1cdec62155000585b72c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>