ffmpeg.git
6 years agoindeo: Bound-check before applying motion compensation
Luca Barbato [Sun, 14 Jul 2013 12:06:16 +0000 (14:06 +0200)]
indeo: Bound-check before applying motion compensation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 25a6666f6c07c6ac8449a63d7fbce0dfd29c54cd)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Bound-check before applying transform
Luca Barbato [Fri, 12 Jul 2013 12:33:24 +0000 (14:33 +0200)]
indeo: Bound-check before applying transform

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dc79685195a45c9b8b17d7b93d118e0aefa45462)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo4: Validate scantable dimension
Luca Barbato [Fri, 12 Jul 2013 16:10:05 +0000 (18:10 +0200)]
indeo4: Validate scantable dimension

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd78e934c246d1b2510f8fba0abfe40bb75795f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo4: Check the quantization matrix index
Luca Barbato [Fri, 12 Jul 2013 13:02:33 +0000 (15:02 +0200)]
indeo4: Check the quantization matrix index

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6255ccf7d51c82ab79bf0cd47a921f572dda4489)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo4: Do not access missing reference MV
Luca Barbato [Fri, 12 Jul 2013 12:32:03 +0000 (14:32 +0200)]
indeo4: Do not access missing reference MV

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8435bca087c0e79385763c51de009fd89390b6a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoac3dec: Increment channel pointers only once per channel
Martin Storsjö [Thu, 11 Jul 2013 13:30:18 +0000 (16:30 +0300)]
ac3dec: Increment channel pointers only once per channel

If the channel mapping map multiple output channels to one
input channel, we should only increment the actual pointer once.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 68e57cde68f3da4c557ca15491fda74d1ea6321e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agodca: Respect the current limits in the downmixing capabilities
Luca Barbato [Wed, 10 Jul 2013 17:00:15 +0000 (19:00 +0200)]
dca: Respect the current limits in the downmixing capabilities

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3802833bc1f79775a1547c5e427fed6e92b77e53)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agodca: Error out on missing DSYNC
Luca Barbato [Wed, 10 Jul 2013 16:07:45 +0000 (18:07 +0200)]
dca: Error out on missing DSYNC

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f261e508459e28beca59868a878e1519a44bb678)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agopcm: always use codec->id instead of codec_id
Luca Barbato [Wed, 10 Jul 2013 02:54:49 +0000 (04:54 +0200)]
pcm: always use codec->id instead of codec_id

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c82da343e635663605bd81c59d872bee3182da73)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agomlpdec: Do not set invalid context in read_restart_header
Luca Barbato [Wed, 10 Jul 2013 02:35:34 +0000 (04:35 +0200)]
mlpdec: Do not set invalid context in read_restart_header

The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e9d394f3fad7e8fd8fc80e3b33cb045bbaceb446)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/mlpdec.c

6 years agopcx: Do not overread source buffer in pcx_rle_decode
Luca Barbato [Sat, 29 Jun 2013 04:37:32 +0000 (06:37 +0200)]
pcx: Do not overread source buffer in pcx_rle_decode

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3abde1a3b49cf299f2aae4eaae6b6cb5270bdc22)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agowmavoice: conceal clearly corrupted blocks
Luca Barbato [Sat, 29 Jun 2013 03:29:54 +0000 (05:29 +0200)]
wmavoice: conceal clearly corrupted blocks

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d14a26edb7c4487df581f11e5c6911dc0e623d08)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoiff: Do not read over the source buffer
Luca Barbato [Sat, 29 Jun 2013 05:26:48 +0000 (07:26 +0200)]
iff: Do not read over the source buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7d65e960c72f36b73ae7fe84f8e427d758e61da9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: Conceal broken samples
Luca Barbato [Tue, 9 Jul 2013 12:59:33 +0000 (14:59 +0200)]
qdm2: Conceal broken samples

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4ecdb5ed44591aba8a0ddb7d443cace836f761f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: refactor joined stereo support
Luca Barbato [Tue, 9 Jul 2013 12:44:02 +0000 (14:44 +0200)]
qdm2: refactor joined stereo support

qdm2 does support only two channels. Loop over the run once.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit adadc3f2443d25b375e21e801516ccfd78e0b080)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoadpcm: Write the correct number of samples for ima-dk4
Luca Barbato [Sun, 7 Jul 2013 10:56:12 +0000 (12:56 +0200)]
adpcm: Write the correct number of samples for ima-dk4

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 12576afe206d35231ccd61f9033c5fdab6a11e80)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoimc: Catch a division by zero
Luca Barbato [Tue, 9 Jul 2013 07:18:16 +0000 (09:18 +0200)]
imc: Catch a division by zero

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bbf6a4aa20bfe3d7869b2218e66063602dfb8aa7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoatrac3: Error on impossible encoding/channel combinations
Luca Barbato [Tue, 9 Jul 2013 02:44:26 +0000 (04:44 +0200)]
atrac3: Error on impossible encoding/channel combinations

Joint stereo encoded mono is impossible.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoatrac3: set the getbits context the right buffer_end
Luca Barbato [Tue, 9 Jul 2013 02:20:23 +0000 (04:20 +0200)]
atrac3: set the getbits context the right buffer_end

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 22e76ec635bafdd1d1ec35581a7ac09e69e3c43e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoatrac3: fix error handling
Luca Barbato [Mon, 8 Jul 2013 23:03:13 +0000 (01:03 +0200)]
atrac3: fix error handling

decode_tonal_components returns a proper AVERROR.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 874c8a17ac9b04fb7ac23d003e54e3662dd23b4e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: check and reset dithering index per channel
Luca Barbato [Thu, 27 Jun 2013 00:50:52 +0000 (02:50 +0200)]
qdm2: check and reset dithering index per channel

Checking per subband would have the index exceed the
dithering noise table size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996641888d477a3981d609e79eeb69ea9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: formatting cosmetics
Luca Barbato [Thu, 27 Jun 2013 00:49:15 +0000 (02:49 +0200)]
qdm2: formatting cosmetics

Apply the usual style plus drop few unnecessary return at the end
of void functions.

(cherry picked from commit 76efedeadb1f6bf79020c44a71dd0cee13d932ad)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoqdm2: use init_static_data
Luca Barbato [Thu, 27 Jun 2013 00:20:59 +0000 (02:20 +0200)]
qdm2: use init_static_data

(cherry picked from commit f054e309c58894450a5d18cce9799ef58aab9f14)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agowestwood_vqa: do not free extradata on error in read_header
Luca Barbato [Thu, 27 Jun 2013 02:30:20 +0000 (04:30 +0200)]
westwood_vqa: do not free extradata on error in read_header

The extradata is already freed by avformat_open_input on
failure.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 76f5dfbfd902178df4a38221a68dc8540189345a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agovqavideo: check the version
Luca Barbato [Thu, 27 Jun 2013 01:19:05 +0000 (03:19 +0200)]
vqavideo: check the version

Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c4abc9098cacb227dba39bac6aea16b2bceba0d0)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agormdec: Use the AVIOContext given as parameter in rm_read_metadata()
Michael Niedermayer [Mon, 1 Jul 2013 21:38:08 +0000 (23:38 +0200)]
rmdec: Use the AVIOContext given as parameter in rm_read_metadata()

This fixes crashes when playing back certain RealRTSP streams.

When invoked from the RTP depacketizer, the full realmedia
demuxer isn't invoked, but only certain functions from it, where
a separate AVIOContext is passed in as parameter (for the buffer
containing the data to parse). The functions called from within
those entry points should only be using that parameter, not
s->pb. In the depacketizer case, s is the RTSP context, where ->pb
is null.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d35b6cd3775456a23b63e73316e244b671caa02f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoavio: Handle AVERROR_EOF in the same way as the return value 0
Michael Niedermayer [Mon, 24 Jun 2013 12:23:44 +0000 (14:23 +0200)]
avio: Handle AVERROR_EOF in the same way as the return value 0

This makes sure the ffurl_read_complete function actually
returns the number of bytes read, as the documentation of the
function says, even if the underlying protocol uses AVERROR_EOF
instead of 0.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5d876be87a115b93dd2e644049e3ada2cfb5ccb7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agowtv: Mark attachment with a negative stream id
Luca Barbato [Mon, 24 Jun 2013 16:12:24 +0000 (18:12 +0200)]
wtv: Mark attachment with a negative stream id

A sid 0 would be mismatched to the attachment.

Prevent NULL pointer dereference.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f5e646a00ac21e500dae4bcceded790a0fbc5246)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoavconv: do not use lavfi direct rendering with -deinterlace
Anton Khirnov [Sun, 4 Aug 2013 16:57:39 +0000 (18:57 +0200)]
avconv: do not use lavfi direct rendering with -deinterlace

-deinterlace allocates a temporary buffer that is freed immediately
after the frame is sent to lavfi, which results in use after free.

Disable direct rendering when -deinterlace is used.

CC:libav-stable@libav.org
Bug-id: 479

6 years agoavidec: Let the inner dv demuxer take care of discarding
Luca Barbato [Sat, 27 Jul 2013 13:48:41 +0000 (15:48 +0200)]
avidec: Let the inner dv demuxer take care of discarding

(cherry picked from commit c8f0b20b4a6bb6691928789d83e4b)

CC: libav-stable@libav.org
6 years agoUpdate Changelog
Reinhard Tartler [Sat, 6 Jul 2013 11:20:57 +0000 (13:20 +0200)]
Update Changelog

6 years agokmvc: Clip pixel position to valid range
Luca Barbato [Mon, 1 Jul 2013 01:05:41 +0000 (03:05 +0200)]
kmvc: Clip pixel position to valid range

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4e7f0b082d8c4b360312216b9241bec65ff63b35)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agokmvc: use fixed sized arrays in the context
Luca Barbato [Mon, 1 Jul 2013 01:04:15 +0000 (03:04 +0200)]
kmvc: use fixed sized arrays in the context

Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit 8f689770548c86151071ef976cf9b6998ba21c2a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/kmvc.c

6 years agoindeo: reject negative array indexes
Luca Barbato [Wed, 3 Jul 2013 12:55:50 +0000 (14:55 +0200)]
indeo: reject negative array indexes

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6a10142faa1cca8ba2bfe51b970754f62d60f320)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Cosmetic formatting
Luca Barbato [Wed, 3 Jul 2013 12:01:32 +0000 (14:01 +0200)]
indeo: Cosmetic formatting

Trim some overly long lines.

(cherry picked from commit 6dfacd7ab126aea1392949d1aa10fdc3d3eeb911)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
Luca Barbato [Wed, 3 Jul 2013 11:59:16 +0000 (13:59 +0200)]
indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks

Spin large and mostly self contained blocks into stand alone
functions.

(cherry picked from commit 62256010e9bc8879e2bf7f3b94af8ff85e239082)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: Refactor ff_ivi_dec_huff_desc
Luca Barbato [Wed, 3 Jul 2013 10:58:40 +0000 (12:58 +0200)]
indeo: Refactor ff_ivi_dec_huff_desc

Spare an indentation level.

(cherry picked from commit f6f36ca8ca1b2526d3abff7d7c627322d3bce912)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: use a typedef for the mc function pointer
Luca Barbato [Wed, 3 Jul 2013 09:18:30 +0000 (11:18 +0200)]
indeo: use a typedef for the mc function pointer

(cherry picked from commit e6d8acf6a8fba4743eb56eabe72a741d1bbee3cb)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoindeo: use proper error code
Luca Barbato [Sun, 30 Jun 2013 08:11:05 +0000 (10:11 +0200)]
indeo: use proper error code

(cherry picked from commit dd3754a48854cd570d38db72394491aab0f36570)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoUpdate Changelog
Reinhard Tartler [Sat, 6 Jul 2013 11:20:57 +0000 (13:20 +0200)]
Update Changelog

6 years agoindeo: check for reference when inheriting mvs
Luca Barbato [Sun, 30 Jun 2013 08:40:37 +0000 (10:40 +0200)]
indeo: check for reference when inheriting mvs

The same is done already for qdelta.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b36e1893ef3430f039c1eaddeedcbb378f9c4444)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: use proper error code
Luca Barbato [Sun, 30 Jun 2013 08:11:05 +0000 (10:11 +0200)]
indeo: use proper error code

(cherry picked from commit dd3754a48854cd570d38db72394491aab0f36570)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: Properly forward the error codes
Luca Barbato [Sun, 30 Jun 2013 07:57:56 +0000 (09:57 +0200)]
indeo: Properly forward the error codes

If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpeg: Check the unescaped size for overflows
Luca Barbato [Sat, 29 Jun 2013 04:07:57 +0000 (06:07 +0200)]
mjpeg: Check the unescaped size for overflows

And contextually check init_get_bits success and fix the reporting
message.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6765ee7b9cba46818a45b051438b2552f0a1b70a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/mjpegdec.c

6 years agowmapro: error out on impossible scale factor offsets
Luca Barbato [Sat, 29 Jun 2013 00:16:50 +0000 (02:16 +0200)]
wmapro: error out on impossible scale factor offsets

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 02ec656af72030eea4f3d63e30b25625cce6a3df)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmapro: check the min_samples_per_subframe
Luca Barbato [Fri, 28 Jun 2013 23:56:09 +0000 (01:56 +0200)]
wmapro: check the min_samples_per_subframe

Must be at least WMAPRO_BLOCK_MIN_SIZE.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408da4bd63acc02cd8f9ebe378a2ad65a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmapro: return early on unsupported condition
Luca Barbato [Fri, 28 Jun 2013 03:21:33 +0000 (05:21 +0200)]
wmapro: return early on unsupported condition

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6652338f43ef623045912d7f28b61adea05d27ae)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wmaprodec.c

6 years agowmapro: check num_vec_coeffs against the actual available buffer
Luca Barbato [Fri, 28 Jun 2013 03:23:21 +0000 (05:23 +0200)]
wmapro: check num_vec_coeffs against the actual available buffer

Prevent yet another buffer overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 38229362529ed1619d8ebcc81ecde85b23b45895)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmapro: make sure there is room to store the current packet
Luca Barbato [Fri, 28 Jun 2013 02:03:47 +0000 (04:03 +0200)]
wmapro: make sure there is room to store the current packet

Prevent horrid and hard to trace struct overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e30b068ef79f604ff439418da07f7e2efd01d4ea)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolavc: move put_bits_left in put_bits.h
Luca Barbato [Fri, 28 Jun 2013 01:40:35 +0000 (03:40 +0200)]
lavc: move put_bits_left in put_bits.h

(cherry picked from commit afe03092dd693d025d43e1620283d8d285c92772)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years ago4xm: do not overread the source buffer in decode_p_block
Luca Barbato [Sun, 9 Jun 2013 16:27:05 +0000 (18:27 +0200)]
4xm: do not overread the source buffer in decode_p_block

Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 94aefb1932be882fd93f66cf790ceb19ff575c19)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years ago4xm: check bitstream_size boundary before using it
Luca Barbato [Mon, 10 Jun 2013 14:37:43 +0000 (16:37 +0200)]
4xm: check bitstream_size boundary before using it

Prevent buffer overread.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 59d7bb99b6a963b7e11c637228b2203adf535eee)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoPrepare for 9.8 RELEASE
Reinhard Tartler [Sun, 30 Jun 2013 14:03:11 +0000 (16:03 +0200)]
Prepare for 9.8 RELEASE

6 years agoupdate Changelog
Reinhard Tartler [Sun, 16 Jun 2013 17:31:58 +0000 (19:31 +0200)]
update Changelog

6 years agosmacker: check frame size validity
Kostya Shishkov [Wed, 12 Jun 2013 12:30:51 +0000 (14:30 +0200)]
smacker: check frame size validity

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 07423ad7836325e03894f2f87ba46a531a1cc0b3)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agosmacker: pad the extradata allocation
Kostya Shishkov [Wed, 12 Jun 2013 12:28:07 +0000 (14:28 +0200)]
smacker: pad the extradata allocation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 4c22baf65363433f8c20efd1022b4ba2d8cf2288)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agosmacker: check the return value of smacker_decode_tree
Kostya Shishkov [Wed, 12 Jun 2013 12:27:00 +0000 (14:27 +0200)]
smacker: check the return value of smacker_decode_tree

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a2f9937bb04b23a341b0ec0eb1d923bbeb420277)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agosmacker: fix an off by one in huff.length computation
Kostya Shishkov [Wed, 12 Jun 2013 12:22:24 +0000 (14:22 +0200)]
smacker: fix an off by one in huff.length computation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ee205588b250fe5cae0681be8eba51a5403c3272)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: do not overread the prestream buffer
Luca Barbato [Fri, 7 Jun 2013 14:18:22 +0000 (16:18 +0200)]
4xm: do not overread the prestream buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit be373cb50d3c411366fec7eef2eb3681abe48f96)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: validate the buffer size before parsing it
Luca Barbato [Fri, 7 Jun 2013 14:16:46 +0000 (16:16 +0200)]
4xm: validate the buffer size before parsing it

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit de2e5777e225e75813daf2373c95e223651fd89a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: reject frames not compatible with the declared version
Luca Barbato [Thu, 6 Jun 2013 14:58:57 +0000 (16:58 +0200)]
4xm: reject frames not compatible with the declared version

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 145023f57262d21474e35b4a6069cf95136339d4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: drop pointless assert
Luca Barbato [Thu, 6 Jun 2013 12:21:19 +0000 (14:21 +0200)]
4xm: drop pointless assert

Make sure the value of wlog2 is always between 0 and 3.
(cherry picked from commit 1f0c6075604c271d5627480f1243d22795f9a315)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: forward errors from decode_p_block
Luca Barbato [Wed, 5 Jun 2013 20:33:34 +0000 (22:33 +0200)]
4xm: forward errors from decode_p_block

Partially mitigate out of memory writes.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b8b809908ec547b2609dbac24194f4fd2df61aea)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: fold last_picture lazy allocation in decode_p_frame
Luca Barbato [Wed, 5 Jun 2013 18:30:48 +0000 (20:30 +0200)]
4xm: fold last_picture lazy allocation in decode_p_frame

(cherry picked from commit 50ec1db62d977b6e864f315a53c1c580a6d7efa4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/4xm.c

6 years ago4xm: do not overread while parsing header
Luca Barbato [Wed, 5 Jun 2013 16:56:28 +0000 (18:56 +0200)]
4xm: do not overread while parsing header

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 42d73f7f6bea0ee0f64a3ad4882860ce5b923a11)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: refactor fourxm_read_header
Luca Barbato [Wed, 5 Jun 2013 16:45:45 +0000 (18:45 +0200)]
4xm: refactor fourxm_read_header

Split sound and video tag parsing in separate functions.
(cherry picked from commit e7a44f87d07655ec0cd31c315936931674434340)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/4xm.c

6 years ago4xm: K&R formatting cosmetics
Luca Barbato [Wed, 5 Jun 2013 15:32:49 +0000 (17:32 +0200)]
4xm: K&R formatting cosmetics

(cherry picked from commit e6496ea7e7ea7355167a1ccbe67a7199d446a654)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years ago4xm: use the correct logging context
Luca Barbato [Wed, 5 Jun 2013 15:12:16 +0000 (17:12 +0200)]
4xm: use the correct logging context

(cherry picked from commit 08859d19b429c522d6494c186656f4a2d3ff8e21)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agotiff: do not overread the source buffer
Luca Barbato [Mon, 3 Jun 2013 02:53:02 +0000 (04:53 +0200)]
tiff: do not overread the source buffer

At least 2 bytes from the source are read every loop.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9c2216976907336dfae0e8e38a4d70ca2465a92c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/tiff.c

6 years agoapetag: use int64_t for filesize
Anton Khirnov [Wed, 29 May 2013 14:18:40 +0000 (16:18 +0200)]
apetag: use int64_t for filesize

CC: libav-stable@libav.org
(cherry picked from commit e816aaacd68201b67182f9c70dc680e89a0123e9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agovmd: refactor the inner decode loop
Luca Barbato [Tue, 28 May 2013 20:09:59 +0000 (22:09 +0200)]
vmd: refactor the inner decode loop

Simplify a little, assume empty frames are acceptable and
do not pointlessly reinit the bytestream2 contexts using
possibly wrong size values.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 676da248cad49debc40720baa13214f0b94dcc71)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/vmdav.c

6 years agovmd: use the PALETTE_COUNT constant uniformly
Luca Barbato [Tue, 28 May 2013 21:49:43 +0000 (23:49 +0200)]
vmd: use the PALETTE_COUNT constant uniformly

While at it drop useless parentheses.
(cherry picked from commit 91a6944e56236234f0a7ba162404665753cbcb51)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agovmd: drop incomplete chunks and spurious samples
Luca Barbato [Wed, 29 May 2013 14:59:13 +0000 (16:59 +0200)]
vmd: drop incomplete chunks and spurious samples

Odd chunk size makes no sense for stereo and incomplete chunks are
not supported.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 701966730ce10290fd49c5ccedd73f505680f764)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agovmd: return meaningful errors
Luca Barbato [Tue, 28 May 2013 20:00:12 +0000 (22:00 +0200)]
vmd: return meaningful errors

CC: libav-stable@libav.org
(cherry picked from commit c8f3cb9119c2183680d44a509a1b5a9817a3bee9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/vmdav.c

6 years agovmdav: convert to bytestream2
Alexandra Khirnova [Wed, 13 Mar 2013 12:54:27 +0000 (13:54 +0100)]
vmdav: convert to bytestream2

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0afcf97e1ece51d29bb791698b00cd1b7ba97dcf)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/vmdav.c

6 years agowavpack: use bytestream2 in wavpack_decode_block
Luca Barbato [Wed, 22 May 2013 10:27:04 +0000 (12:27 +0200)]
wavpack: use bytestream2 in wavpack_decode_block

Prevent most out of buffer reads.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3f0b6d7a6248a33df37b98cfcb37a1acce263f62)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c

6 years agowavpack: return meaningful errors
Luca Barbato [Fri, 17 May 2013 16:28:33 +0000 (18:28 +0200)]
wavpack: return meaningful errors

And forward those that were already meaningful.
(cherry picked from commit 8c34558131d846d2b10389564caadaa206372fd4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c

6 years agowavpack: check packet size early
Luca Barbato [Wed, 22 May 2013 10:51:42 +0000 (12:51 +0200)]
wavpack: check packet size early

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd06291239c1bb616bf303b5696cc432710b2530)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agopixdesc: mark gray8 as pseudopal
Anton Khirnov [Sat, 4 May 2013 11:57:32 +0000 (13:57 +0200)]
pixdesc: mark gray8 as pseudopal

Many functions treat it as such already.
Fixes Bug 499.

CC:libav-stable@libav.org
(cherry picked from commit f36d7831d96aeb072db5a2b78892a534d96e288e)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac
Luca Barbato [Wed, 15 May 2013 16:41:41 +0000 (18:41 +0200)]
mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac

Prevent out of buffer write when decoding broken samples.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cfbd98abe82cfcb9984a18d08697251b72b110c8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpeg: Validate sampling factors
Luca Barbato [Mon, 13 May 2013 17:32:04 +0000 (19:32 +0200)]
mjpeg: Validate sampling factors

They must be non-zero.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8aa3500905fec6c4e657bb291b861d43c34d3de9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoljpeg: use the correct number of components in yuv
Luca Barbato [Tue, 14 May 2013 14:20:14 +0000 (16:20 +0200)]
ljpeg: use the correct number of components in yuv

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit a030279a67ef883df8cf3707774656fa1be81078)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowavpack: validate samples size parsed in wavpack_decode_block
Luca Barbato [Fri, 17 May 2013 16:29:15 +0000 (18:29 +0200)]
wavpack: validate samples size parsed in wavpack_decode_block

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit ed50673066956d6f2201a57c3254569f2ab08d9d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c

6 years agojpegls: check the scan offset
Luca Barbato [Fri, 17 May 2013 11:08:55 +0000 (13:08 +0200)]
jpegls: check the scan offset

Prevent an out of array bound write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit abad374909e6416e941351094f4f1446a71f8d23)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/jpeglsdec.c

6 years agojpegls: factorize return paths
Reinhard Tartler [Fri, 31 May 2013 20:36:47 +0000 (22:36 +0200)]
jpegls: factorize return paths

Conflicts:
libavcodec/jpeglsdec.c

(cherry picked from commit 4a4107b48944397c914aa39ee16a82fe44db8c4c)

6 years agojpegls: return meaningful errors
Luca Barbato [Fri, 17 May 2013 10:36:06 +0000 (12:36 +0200)]
jpegls: return meaningful errors

(cherry picked from commit a5a0ef5e13a59ff53318a45d77c5624b23229c6f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/jpeglsdec.c

6 years agompegvideo: allocate sufficiently large scratch buffer for interlaced vid
Jindrich Makovicka [Thu, 16 May 2013 14:49:28 +0000 (16:49 +0200)]
mpegvideo: allocate sufficiently large scratch buffer for interlaced vid

MPV_decode_mb_internal needs 3 * 16 * linesize bytes of scratch buffer

For interlaced content, linesize is multiplied by two after the allocation
of the scratch buffer, and the dest_cr pointer ends past the buffer.

This patch makes ff_mpv_frame_size_alloc allocate a total of
(aligned line_size) * 2 * 16 * 3 bytes, which suffices even for the
interlaced case.

CC:libav-stable@libav.org

Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 259af1b92370b32f6d0b9a6de314db4b44c2481d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomjpegdec: properly report unsupported disabled features
Luca Barbato [Tue, 14 May 2013 13:27:26 +0000 (15:27 +0200)]
mjpegdec: properly report unsupported disabled features

When JPEG-LS support is disabled the decoder would feed the
data to the JPEG Lossless decode_*_scan function resulting in
faulty decoding.

CC: libav-stable@libav.org
(cherry picked from commit b25e49b187617c486ae3f50a5cbb356fc0e868bb)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoPrepare for 9.7 Release
Reinhard Tartler [Fri, 31 May 2013 21:00:19 +0000 (23:00 +0200)]
Prepare for 9.7 Release

6 years agoupdate Changelog
Reinhard Tartler [Sun, 12 May 2013 06:39:07 +0000 (08:39 +0200)]
update Changelog

6 years agoproresdec: support mixed interlaced/non-interlaced content
Michael Smith [Mon, 21 Jan 2013 18:40:35 +0000 (19:40 +0100)]
proresdec: support mixed interlaced/non-interlaced content

Set interlaced to false if we don't have an interlaced frame

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0881cbf314982cce8448bd12644ce2a6e0b8c576)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoupdate Changelog
Reinhard Tartler [Sat, 11 May 2013 09:51:47 +0000 (11:51 +0200)]
update Changelog

6 years agoaf_asyncts: fix offset calculation
Anton Khirnov [Wed, 8 May 2013 19:44:20 +0000 (21:44 +0200)]
af_asyncts: fix offset calculation

delta is in samples, not bytes. Also the sample format is not guaranteed
to be planar.

CC:libav-stable@libav.org
(cherry picked from commit 16a4a18db089af8c432f1cdec62155000585b72c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agooma: properly forward errors in oma_read_packet
Luca Barbato [Tue, 7 May 2013 07:39:10 +0000 (09:39 +0200)]
oma: properly forward errors in oma_read_packet

Prevent spurios EIO on EOF.

CC:libav-stable@libav.org
(cherry picked from commit db9aee6ccf183508835acc325f5ad87d595eacc4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo3: use unaligned reads on reference blocks.
Anton Khirnov [Sat, 4 May 2013 07:51:17 +0000 (09:51 +0200)]
indeo3: use unaligned reads on reference blocks.

They are not guaranteed to be aligned.
Fixes Bug 503.

CC:libav-stable@libav.org
(cherry picked from commit a97d8cc16e0da30c9ffefa1ede2a0adf3db5f3f8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolavc: Fix assignments in if() when calling ff_af_queue_add
Michael Niedermayer [Sun, 13 Jan 2013 23:02:50 +0000 (00:02 +0100)]
lavc: Fix assignments in if() when calling ff_af_queue_add

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 1d7ffd06e41e44d8932d0dd62caa2da17947d8c4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agowav: Always seek to an even offset
Luca Barbato [Sat, 4 May 2013 10:18:57 +0000 (12:18 +0200)]
wav: Always seek to an even offset

RIFF chunks are aligned to 16bit according to the specification.

Bug-Id:500
CC:libav-stable@libav.org
(cherry picked from commit ac87eaf856e0fb51917266b899bb15d19b907baf)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoswscale: Use alpha from the right row in yuva2rgba_c
Martin Storsjö [Mon, 6 May 2013 11:48:25 +0000 (14:48 +0300)]
swscale: Use alpha from the right row in yuva2rgba_c

Every other pixel had the alpha channel taken from the wrong
row.

This fixes bug 504.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6e293d111fcad27d52a2ef5ad77b1009f1743396)

Signed-off-by: Martin Storsjö <martin@martin.st>
6 years agoPrepare for 9.6 Release
Reinhard Tartler [Sat, 4 May 2013 08:54:20 +0000 (10:54 +0200)]
Prepare for 9.6 Release

6 years agohls, segment: fix splitting for audio-only streams.
Anton Khirnov [Fri, 26 Apr 2013 07:54:59 +0000 (09:54 +0200)]
hls, segment: fix splitting for audio-only streams.

CC:libav-stable@libav.org
(cherry picked from commit cf679b9476727a237c8006c685ace18acba149ab)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>