ffmpeg.git
3 years agoavcodec/wmaprodec: Check bits per sample to be within the range not causing integer...
Michael Niedermayer [Sat, 5 Dec 2015 12:48:06 +0000 (13:48 +0100)]
avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows

Fixes: 549d5aab1480d10f2a775ed90b0342f1/signal_sigabrt_7ffff6ae7cc9_5643_96bbb0cfe3e28be1dadfce1075016345.wma

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66e05f6ff5e5c105bdd7bf3a49234ddac1b592c5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/wmaprodec: Fix overflow of cutoff
Michael Niedermayer [Sat, 5 Dec 2015 12:11:23 +0000 (13:11 +0100)]
avcodec/wmaprodec: Fix overflow of cutoff

Fixes: 129ca3e28d73af7b1e24a9d4118e7a2d/signal_sigabrt_7ffff6ae7cc9_836_762b310fc3ef6087bd7771e5d8e90b9b.asf

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c56f8303e676556ea09bfac73d881c6c9057259)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/smacker: fix integer overflow with pts_inc
Michael Niedermayer [Sat, 5 Dec 2015 12:06:16 +0000 (13:06 +0100)]
avformat/smacker: fix integer overflow with pts_inc

Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ed47e97297fd5ef473d0cc93f0455adbadaac83)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/vp3: Fix "runtime error: left shift of negative value"
Michael Niedermayer [Fri, 4 Dec 2015 11:47:20 +0000 (12:47 +0100)]
avcodec/vp3: Fix "runtime error: left shift of negative value"

Fixes: 5c6129154b356b80bcab86f9e3ee5d29/signal_sigabrt_7ffff6ae7cc9_7322_d26ac6d7cb6567db1b8be0159b387d0b.ogg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18268f761bffb37552f59f87542fef3d5c80618c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/riffdec: Initialize bitrate
Michael Niedermayer [Thu, 3 Dec 2015 19:16:00 +0000 (20:16 +0100)]
avformat/riffdec: Initialize bitrate

Fixes CID1338334

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 32bf6550cb9cc9f487a6722fe2bfc272a93c1065)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agompegencts: Fix overflow in cbr mode period calculations
Timo Teräs [Sat, 28 Nov 2015 06:27:39 +0000 (08:27 +0200)]
mpegencts: Fix overflow in cbr mode period calculations

ts->mux_rate is int (signed 32-bit) type. The period calculations
will start to overflow when mux_rate > 5mbps. This fixes overflows
by converting first to 64-bit type.

Fixes #5044.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 64f7db554ee83846f207e82a08946a6a5a6acfe2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/timecode: Fix fps check
Michael Niedermayer [Thu, 3 Dec 2015 02:14:11 +0000 (03:14 +0100)]
avutil/timecode: Fix fps check

The fps variable is explicitly set to -1 in case of some errors, the check must
thus be signed or the code setting it needs to use 0 as error code
the type of the field could be changed as well but its in an installed header

Fixes: integer overflow
Fixes: 9982cc157b1ea90429435640a989122f/asan_generic_3ad004a_3799_22cf198d9cd09928e2d9ad250474fa58.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b46dcd5209a77254345ae098b83a872634c5591b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for...
Michael Niedermayer [Tue, 1 Dec 2015 12:32:31 +0000 (13:32 +0100)]
avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for overflows

Fixes integer overflow
Fixes: mozilla bug 1229167

Found-by: Tyson Smith
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f03c2ceec174877e03bb302f5971fbe9ffbe4856)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/apedec: Check length in long_filter_high_3800()
Michael Niedermayer [Wed, 2 Dec 2015 20:16:27 +0000 (21:16 +0100)]
avcodec/apedec: Check length in long_filter_high_3800()

Fixes out of array read
Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd7524fdd13dc8d0cf22e2cfd8300a245542b13a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/vp3: always set pix_fmt in theora_decode_header()
Michael Niedermayer [Mon, 30 Nov 2015 02:32:36 +0000 (03:32 +0100)]
avcodec/vp3: always set pix_fmt in theora_decode_header()

Fixes assertion failure
Fixes: d0bb0662da342ec65f8f2a081222e6b9/signal_sigabrt_7ffff6ae7cc9_5471_82964f0a9ac2f4d3d59390c15473f6f7.ogg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a814f1d364ba912adf61adef158168c5f7604e93)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mpeg4videodec: Check available data before reading custom matrix
Michael Niedermayer [Sun, 29 Nov 2015 22:44:40 +0000 (23:44 +0100)]
avcodec/mpeg4videodec: Check available data before reading custom matrix

Fixes: out of array read
Fixes: 76c515fc3779d1b838667c61ea13ce92/asan_heap-oob_1fc0d07_8913_794a4629a264ebdb25b58d3a94ed1785.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 891dc8f87536ac2ec695c70d081345224524ad99)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
Michael Niedermayer [Tue, 1 Dec 2015 11:44:23 +0000 (12:44 +0100)]
avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd

The code expects actual positive numbers and gives completely wrong
results if INT64_MIN is treated as positive
Instead clip it into the valid range that is add 1 and treat it as
negative

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25e37f5ea92d4201976a59ae306ce848d257a7e6)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/integer: Fix av_mod_i() with negative dividend
Michael Niedermayer [Tue, 1 Dec 2015 11:41:43 +0000 (12:41 +0100)]
avutil/integer: Fix av_mod_i() with negative dividend

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a9cb18855d29c96a5d9d2f5ad30448cae3a2ddf)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/dump: Fix integer overflow in av_dump_format()
Michael Niedermayer [Tue, 1 Dec 2015 11:40:32 +0000 (12:40 +0100)]
avformat/dump: Fix integer overflow in av_dump_format()

Fixes part of mozilla bug 1229167

Found-by: Tyson Smith
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e7f4520226d2d9ad6a58ad6c32d1455a8b244b2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/h264_refs: Check that long references match before use
Michael Niedermayer [Sun, 29 Nov 2015 02:25:41 +0000 (03:25 +0100)]
avcodec/h264_refs: Check that long references match before use

Fixes out of array read
Fixes: 59bb925e90201fa0f87f0a31945d43b5/asan_heap-oob_4a52e5_3388_66027f11e3d072f1e02401ecc6193361.jvt

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa427537b529cd584cd73222980286d36a00fe28)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/utils: Clear dimensions in ff_get_buffer() on failure
Michael Niedermayer [Sat, 28 Nov 2015 19:08:46 +0000 (20:08 +0100)]
avcodec/utils: Clear dimensions in ff_get_buffer() on failure

Fixes out of array access
Fixes: 482d8f2fd17c9f532b586458a33f267c/asan_heap-oob_4a52b6_7417_1d08d477736d66cdadd833d146bb8bae.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit abee0a1c60612e8638640a8a3738fffb65e16dbf)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
Michael Niedermayer [Sat, 28 Nov 2015 16:26:05 +0000 (17:26 +0100)]
avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()

Fixes integer overflow
Fixes: 3a45b2ae02f2cf12b7bd99543cdcdae5/asan_heap-oob_1dff502_8022_899f75e1e81046ebd7b6c2394a1419f4.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f03bebc79f76df3a3e5bb9e1bc32baabfb7797c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/hevc: Check max ctb addresses for WPP
Michael Niedermayer [Sat, 28 Nov 2015 12:42:05 +0000 (13:42 +0100)]
avcodec/hevc: Check max ctb addresses for WPP

Fixes out of array read
Fixes: 2f95ddd996db8a6281d2e18c184595a7/asan_heap-oob_192fe91_3330_58e4441181e30a66c19f743dcb392347.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dad354f38ddc9bfc834bc21358a1d0ad41532ca0)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/vp3: Clear context on reinitialization failure
Michael Niedermayer [Fri, 27 Nov 2015 23:23:54 +0000 (00:23 +0100)]
avcodec/vp3: Clear context on reinitialization failure

Fixes null pointer dereference
Fixes: 1536b9b096a8f95b742bae9d3d761cc6/signal_sigsegv_294aaed_2039_8d1797aeb823ea43858d0fa45c9eb899.ogv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6105b7219a90438deae71b0dc5a034c71ee30fc0)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/hevc: allocate entries unconditionally
Michael Niedermayer [Fri, 27 Nov 2015 22:33:03 +0000 (23:33 +0100)]
avcodec/hevc: allocate entries unconditionally

Fixes out of array access
Fixes: 08664a2a7921ef48172f26495c7455be/asan_heap-oob_23036c6_3301_523388ef84285a0270caf67a43247b59.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d85aa76115214183e7e3b7d65e950da61474959a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/hevc_cabac: Fix multiple integer overflows
Michael Niedermayer [Fri, 27 Nov 2015 21:45:46 +0000 (22:45 +0100)]
avcodec/hevc_cabac: Fix multiple integer overflows

Fixes: 04ec80eefa77aecd7a49a442cc02baea/asan_heap-oob_19544fa_3303_1905796cd9d8e15f86d664332caabc00.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d5028f61e44b7607b6a547f218f7d85217490a5b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
Michael Niedermayer [Fri, 27 Nov 2015 20:02:13 +0000 (21:02 +0100)]
avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit feb3f39614b88c113211a98dda1bc2fe5c3c6957)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
Michael Niedermayer [Fri, 27 Nov 2015 19:52:39 +0000 (20:52 +0100)]
avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()

Fixes out of array access
Fixes: 01859c9a9ac6cd60a008274123275574/asan_heap-oob_1dff571_8250_50d3d1611e294c3519fd1fa82198b69b.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75422280fbcdfbe9dc56bde5525b4d8b280f1bc5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/hevc: Check entry_point_offsets
Michael Niedermayer [Fri, 27 Nov 2015 17:30:05 +0000 (18:30 +0100)]
avcodec/hevc: Check entry_point_offsets

Fixes out of array read
Fixes: 007c4a36608ebdf27ee260ad60a81184/asan_heap-oob_32076b4_2243_116b1cb29d91cc4974d6680e3d10bd91.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ef9f7bbfa47317f9d46bf46982a394d2be78503c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolavf/rtpenc_jpeg: Less strict check for standard Huffman tables.
Carl Eugen Hoyos [Wed, 2 Dec 2015 13:56:53 +0000 (14:56 +0100)]
lavf/rtpenc_jpeg: Less strict check for standard Huffman tables.

There can be one or more Huffman table segments DHT.

Reported-by: Andrey Utkin
3 years agoavcodec/ffv1dec: Clear quant_table_count if its invalid
Michael Niedermayer [Sat, 14 Nov 2015 12:21:58 +0000 (13:21 +0100)]
avcodec/ffv1dec: Clear quant_table_count if its invalid

Fixes deallocation of corrupted pointer
Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi
No releases affected

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e04126072e984f8db5db9da9303c89ae01f7d6bb)

Fixes ticket #5052.

3 years agoavcodec/ffv1dec: Print an error if the quant table count is invalid
Michael Niedermayer [Thu, 5 Nov 2015 00:25:50 +0000 (01:25 +0100)]
avcodec/ffv1dec: Print an error if the quant table count is invalid

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8b254e436dce2f5c8c6459108dab4b02cc6b79b)

3 years agodoc/filters/drawtext: fix centering example
Andrey Utkin [Tue, 1 Dec 2015 19:15:53 +0000 (21:15 +0200)]
doc/filters/drawtext: fix centering example

Signed-off-by: Andrey Utkin <andrey.od.utkin@gmail.com>
Signed-off-by: Lou Logan <lou@lrcd.com>
(cherry picked from commit 648b26acc5e25ab40c43fddc54b50e9f0b13ebd8)
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
3 years agoavutil/softfloat: use abort() instead of av_assert0(0) n2.8.3
James Almer [Tue, 10 Nov 2015 02:16:17 +0000 (23:16 -0300)]
avutil/softfloat: use abort() instead of av_assert0(0)

Fixes compilation of host tool aacps_fixed_tablegen.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9f4a41bf991916e105be9d78ed38612d3ffa4881)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoUpdate for 2.8.3
Michael Niedermayer [Fri, 27 Nov 2015 13:29:04 +0000 (14:29 +0100)]
Update for 2.8.3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/cabac: Check initial cabac decoder state
Michael Niedermayer [Fri, 27 Nov 2015 12:37:50 +0000 (13:37 +0100)]
avcodec/cabac: Check initial cabac decoder state

Fixes integer overflows
Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Found-by: xiedingbao (Ticket4727)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8000d484b83aafa752d84fbdbfb352ffe0dc64f8)

Conflicts:

libavcodec/cabac.h

3 years agoavcodec/cabac_functions: Fix "left shift of negative value -31767"
Michael Niedermayer [Fri, 27 Nov 2015 11:11:29 +0000 (12:11 +0100)]
avcodec/cabac_functions: Fix "left shift of negative value -31767"

Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Found-by: xiedingbao (Ticket4727)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1f6b05f5228979dab0e149deca7a30d22e98af5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/h264_slice: Limit max_contexts when slice_context_count is initialized
Michael Niedermayer [Tue, 24 Nov 2015 21:12:37 +0000 (22:12 +0100)]
avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized

Fixes out of array access
Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2049_f2192b6829ab6e0eefcb035329c03c60.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4ea4d2f438c9a7eba37980c9a87be4b34943e4d5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agortmpcrypt: Do the xtea decryption in little endian mode
Martin Storsjö [Wed, 11 Nov 2015 19:42:02 +0000 (21:42 +0200)]
rtmpcrypt: Do the xtea decryption in little endian mode

The XTEA algorithm operates on 32 bit numbers, not on byte sequences.
The XTEA implementation in libavutil is written assuming big endian
numbers, while the rtmpe signature encryption assumes little endian.

This fixes rtmpe communication with rtmpe servers that use signature
type 8 (XTEA), e.g. crunchyroll.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e7728319b92dbb4fb949155e33de7ff5358ddff3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/matroskadec: Check subtitle stream before dereferencing
Michael Niedermayer [Tue, 17 Nov 2015 17:19:01 +0000 (18:19 +0100)]
avformat/matroskadec: Check subtitle stream before dereferencing

Unrecognized streams are not allocated
Fixes: flicker-1.color1.vp91447030769.08.webm

Found-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5034b324cad4c29d47ef285a30b0705e6eb0384)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/pngdec: Replace assert by request for sample for unsupported TRNS cases
Michael Niedermayer [Mon, 16 Nov 2015 17:34:44 +0000 (18:34 +0100)]
avcodec/pngdec: Replace assert by request for sample for unsupported TRNS cases

Fixes assertion failure
Fixes: 7f646252a30ee28b583aac1f82e7985e/signal_sigabrt_7ffff6ae7cc9_7353_62fc077bf2f454d39e188c69807193a6.png

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a62178be80dd6a643973f62002fc0ed42495c358)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/utils: Do not init parser if probing is unfinished
Michael Niedermayer [Sun, 15 Nov 2015 22:41:14 +0000 (23:41 +0100)]
avformat/utils: Do not init parser if probing is unfinished

Fixes assertion failure
Fixes: 136f8b8d47af7892306625e597dee655/signal_sigabrt_7ffff6ae7cc9_8941_ab11bea57c84796418f481f873dc31ba.dvr_ms

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1ef336e912a7a3a13a9933825a56c421f891e44b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions
Michael Niedermayer [Sun, 15 Nov 2015 20:17:05 +0000 (21:17 +0100)]
avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65d3359fb366ea265a8468d76a111cb7352f0b55)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()
Michael Niedermayer [Sun, 15 Nov 2015 19:03:39 +0000 (20:03 +0100)]
avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 016fd413f9168816924f21c0c1ffb578f7226221)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/wmaprodec: Check for overread in decode_packet()
Michael Niedermayer [Sun, 15 Nov 2015 17:18:40 +0000 (18:18 +0100)]
avcodec/wmaprodec: Check for overread in decode_packet()

Fixes assertion failure
Fixes: 0256e92df2df7e933b43a2c70e4c8040/signal_sigabrt_7ffff6ae7cc9_1358_999ac18684788221490757582ce9af84.wma

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ad698e24e6b9dde57c4e01c145bcddfe9d6e4a3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/smacker: Check that the data size is a multiple of a sample vector
Michael Niedermayer [Sun, 15 Nov 2015 13:52:08 +0000 (14:52 +0100)]
avcodec/smacker: Check that the data size is a multiple of a sample vector

Fixes out of array access
Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a9af07a49295e014b059c1ab624c40345af5892)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/takdec: Skip last p2 sample (which is unused)
Michael Niedermayer [Sun, 15 Nov 2015 00:22:31 +0000 (01:22 +0100)]
avcodec/takdec: Skip last p2 sample (which is unused)

Fixes out of array read
Fixes: cb3f38b08b4541523974667c7d1eee9e/asan_heap-oob_2659e18_9838_021fd5cd635bf76cede6398cd9ecbcdd.tak

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 08b520636e96ba6888b669b9b3f4c414631ea1d2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dxtory: Fix input size check in dxtory_decode_v1_410()
Michael Niedermayer [Sat, 14 Nov 2015 23:25:11 +0000 (00:25 +0100)]
avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()

Fixes potential out of array read

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76b6f4b7d91901929177cc61d9810dcca0bb40c1)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dxtory: Fix input size check in dxtory_decode_v1_420()
Michael Niedermayer [Sat, 14 Nov 2015 23:25:11 +0000 (00:25 +0100)]
avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()

Fixes out of array read
Fixes: c50c4aa6cefda71b19a31ea12302980c/asan_heap-oob_12be5fd_7011_33ebd015a74976215934add72b9c8352.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9caa9414ccf2dcf8aee2695377dee830a5024c82)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/error_resilience: avoid accessing previous or next frames tables beyond height
Michael Niedermayer [Sat, 14 Nov 2015 20:11:52 +0000 (21:11 +0100)]
avcodec/error_resilience: avoid accessing previous or next frames tables beyond height

The height of tables can be rounded up for MBAFF but this does not imply that is also true
for the previous frames

Fixes out of array reads
Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a105f52855d08e4ab1ed7306da8e32fc90d6d647)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dpx: Move need_align to act per line
Michael Niedermayer [Sat, 14 Nov 2015 13:29:02 +0000 (14:29 +0100)]
avcodec/dpx: Move need_align to act per line

Fixes out of array read
Fixes: 61cf123c081ee2bb774d307c75bdb99e/asan_heap-oob_1224f76_5546_bee833ffae73f752b489b9eeaac52db7.dpx

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8aaae8e0f1519bc99bd717ea3067c9cfdb68def)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/flashsv: Check size before updating it
Michael Niedermayer [Sat, 14 Nov 2015 12:34:02 +0000 (13:34 +0100)]
avcodec/flashsv: Check size before updating it

Fixes out of array read
Fixes: 3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ivi: Check image dimensions
Michael Niedermayer [Sat, 14 Nov 2015 01:36:22 +0000 (02:36 +0100)]
avcodec/ivi: Check image dimensions

Fixes integer overflow
Fixes: 1e32c6c591d940337c20b197ec1c4d3d/asan_heap-oob_4a52e5_8946_0bb0d9e863def56005e49f1d89bdc94d.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df91aa034b82b77a3c4e01791f4a2b2ff6c82066)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/utils: Better check for channels in av_get_audio_frame_duration()
Michael Niedermayer [Sat, 14 Nov 2015 00:35:08 +0000 (01:35 +0100)]
avcodec/utils: Better check for channels in av_get_audio_frame_duration()

Fixes integer overflow
Fixes: 0c2625f236ced104d402b4a03c0d65c7/asan_generic_274e1ce_5990_9314e7a67c26aecf011b178ade9f217c.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4e16ad2868a1819de6680fc355a8eb20164adaea)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000dec: Check for duplicate SIZ marker
Michael Niedermayer [Fri, 13 Nov 2015 23:51:56 +0000 (00:51 +0100)]
avcodec/jpeg2000dec: Check for duplicate SIZ marker

Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44a7f17d0b20e6f8d836b2957e3e357b639f19a2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoaacsbr: don't call sbr_dequant twice without intermediate read_sbr_data
Andreas Cadhalpun [Fri, 20 Nov 2015 19:15:21 +0000 (20:15 +0100)]
aacsbr: don't call sbr_dequant twice without intermediate read_sbr_data

Doing that doesn't make sense, because the only purpose of sbr_dequant
is to process the data from read_sbr_data.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 1c3e43a6273822e1369818b80f34c8464e1009d5)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agohqx: correct type and size check of info_offset
Andreas Cadhalpun [Sun, 15 Nov 2015 09:33:40 +0000 (10:33 +0100)]
hqx: correct type and size check of info_offset

It is used as size argument of ff_canopus_parse_info_tag, which uses it
as size argument to bytestream2_init, which only supports sizes up to
INT_MAX.
Changing it's type to unsigned simplifies the check.

Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 1ed7fcd42af956979abf4e32cd3c9ee17622bbcb)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agomxfdec: check edit_rate also for physical_track
Andreas Cadhalpun [Sun, 15 Nov 2015 16:46:08 +0000 (17:46 +0100)]
mxfdec: check edit_rate also for physical_track

Previously only the edit_rate of material_track was checked.
If it's negative, it causes assertion failures in av_rescale_rnd.

Reviewed-by: Tim Nicholson <nichot20-at-yahoo.com@ffmpeg.org>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 047bf82c181c1220b3087b37f28445f8b87a7a23)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoavcodec/jpeg2000: Change coord to 32bit to support larger than 32k width or height
Michael Niedermayer [Sun, 15 Nov 2015 21:05:04 +0000 (22:05 +0100)]
avcodec/jpeg2000: Change coord to 32bit to support larger than 32k width or height

Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0eb7de19736891a9386ab66549f780e904a3b6a7)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoavcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
Michael Niedermayer [Sun, 15 Nov 2015 20:12:50 +0000 (21:12 +0100)]
avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range

Fixes potential integer overflows
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi

This fix is choosen to be simple to backport, better solution
for master is planed

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoavcodec/jpeg2000: Check comp coords to be within the supported size
Michael Niedermayer [Sun, 15 Nov 2015 19:49:17 +0000 (20:49 +0100)]
avcodec/jpeg2000: Check comp coords to be within the supported size

Fixes assertion failure
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi

This fix is choosen to be simple to backport, better solution
for master is planed

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1a8cbcb35ef2759a66b4f0875785e4b3f277057)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agompegvideo: clear overread in clear_context
Andreas Cadhalpun [Sat, 14 Nov 2015 21:46:46 +0000 (22:46 +0100)]
mpegvideo: clear overread in clear_context

Otherwise the h263p decoder can try to copy overread bytes, even though
buffer is NULL.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 6a69a175e7b5c5393528ed0f5753e41573fa0df2)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoavcodec/avrndec: Use the AVFrame format instead of the context
Michael Niedermayer [Sat, 14 Nov 2015 12:04:54 +0000 (13:04 +0100)]
avcodec/avrndec: Use the AVFrame format instead of the context

Fixes out of array read
Fixes: 20dd01398dee0f6d83d7e5410a2ae8eb/signal_sigsegv_39eeb1f_4001_62efbdf1c60748dabf1ec310b59525fd.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ccba8aaff2ef5649495ae48bc5c90bd8ff32e6f3)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agodds: disable palette flag for compressed images
Andreas Cadhalpun [Fri, 13 Nov 2015 20:48:27 +0000 (21:48 +0100)]
dds: disable palette flag for compressed images

Having both is not valid and can cause a NULL pointer dereference of
frame->data[1] later.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 0a8bff788b0a9f96b863f0e836a235cb1d223f55)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agodds: validate compressed source buffer size
Andreas Cadhalpun [Tue, 10 Nov 2015 23:20:18 +0000 (00:20 +0100)]
dds: validate compressed source buffer size

A too small buffer will cause segfaults somewhere below
decompress_texture_thread.

Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 9a37d476440d9edaa26e6ed946d79cedde9d9e93)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agodds: validate source buffer size before copying
Andreas Cadhalpun [Tue, 10 Nov 2015 23:05:02 +0000 (00:05 +0100)]
dds: validate source buffer size before copying

If it is too small av_image_copy_plane segfaults.

Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 1675809d2df76b1a185c78ca0a7a1c8ccb493167)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agodvdsubdec: validate offset2 similar to offset1
Andreas Cadhalpun [Tue, 10 Nov 2015 21:14:39 +0000 (22:14 +0100)]
dvdsubdec: validate offset2 similar to offset1

If it is negative, it causes segmentation faults in decode_rle.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f621749d1181987b3f815c6766ea66d6c5d55198)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agobrstm: reject negative sample rate
Andreas Cadhalpun [Tue, 10 Nov 2015 19:10:23 +0000 (20:10 +0100)]
brstm: reject negative sample rate

A negative sample rate causes assertion failures in av_rescale_rnd.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 7b67fe20f6c5ce21ed1cac01fdb1906e515bc87e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoaacps: avoid division by zero in stereo_processing
Andreas Cadhalpun [Sun, 8 Nov 2015 21:04:08 +0000 (22:04 +0100)]
aacps: avoid division by zero in stereo_processing

This fixes a SIGFPE crash in the aac_fixed decoder.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
(cherry picked from commit ef7fe9851e0913a2e8d27d55bcb84847a6efa7ca)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agosoftfloat: assert when the argument of av_sqrt_sf is negative
Andreas Cadhalpun [Sun, 8 Nov 2015 14:15:24 +0000 (15:15 +0100)]
softfloat: assert when the argument of av_sqrt_sf is negative

The correct result can't be expressed in SoftFloat.
Currently it returns a random value from an out of bounds read.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f3866a14c3c2949fad16267e9f2977ba9d7b5504)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoavcodec/takdec: Use memove, avoid undefined memcpy() use
Michael Niedermayer [Sat, 7 Nov 2015 19:05:27 +0000 (20:05 +0100)]
avcodec/takdec: Use memove, avoid undefined memcpy() use

Fixes: e214333cbd94c91228e624ff39329ce6/asan_generic_4a5159_6412_96cda2530e80607210ab41ccae3d456d.tak

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cea3430a56fb0ff6ef60f08620fd3875e7bfeb6)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoUpdate Changelog n2.8.2
Michael Niedermayer [Thu, 12 Nov 2015 00:04:05 +0000 (01:04 +0100)]
Update Changelog

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoaacsbr_fixed: check for envelope scalefactors overflowing
Andreas Cadhalpun [Mon, 9 Nov 2015 19:41:16 +0000 (20:41 +0100)]
aacsbr_fixed: check for envelope scalefactors overflowing

This prevents various values from getting an insanely huge exponent.
If someone knows a cleaner solution, thats welcome!

This is similar to commit 8978c74 for aacsbr.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 0e36a14a423b7cb32d54d1b621cc9136cccc3dc5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoaacdec: don't return frames without data from aac_decode_er_frame
Andreas Cadhalpun [Mon, 9 Nov 2015 21:16:01 +0000 (22:16 +0100)]
aacdec: don't return frames without data from aac_decode_er_frame

This is similar to commit ec38a1b for aac_decode_frame_int.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7f29bfa6985e3eea2033dba0449e47b41b85928)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/aacsbr_fixed: Try to initialize sum[0..1] differently to fix build with VS2012
Michael Niedermayer [Tue, 10 Nov 2015 12:33:38 +0000 (13:33 +0100)]
avcodec/aacsbr_fixed: Try to initialize sum[0..1] differently to fix build with VS2012

Found-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a024f6a43444a73a3cd8d70abedde426b4e1986)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/aacsbr: Use FLOAT_0
Michael Niedermayer [Sun, 8 Nov 2015 10:05:48 +0000 (11:05 +0100)]
avcodec/aacsbr: Use FLOAT_0

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dcf1cf5d24c85d848eabac90720d7f77d594a88c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agosoftfloat: handle INT_MIN correctly in av_int2sf
Andreas Cadhalpun [Sun, 8 Nov 2015 16:19:10 +0000 (17:19 +0100)]
softfloat: handle INT_MIN correctly in av_int2sf

Otherwise v=INT_MIN doesn't get normalized and thus triggers av_assert2
in other functions.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 9ac61e73d0843ec4b83f4e3d47eded73234e406e)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Include negative numbers in cmp/gt tests
Michael Niedermayer [Sun, 8 Nov 2015 14:04:05 +0000 (15:04 +0100)]
avutil/softfloat: Include negative numbers in cmp/gt tests

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 955cdc43a35a850afe36537c2d8739c1991ac7ec)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Fix av_gt_sf() with large exponents try #2
Michael Niedermayer [Sun, 8 Nov 2015 14:03:28 +0000 (15:03 +0100)]
avutil/softfloat: Fix av_gt_sf() with large exponents try #2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 05b05a7a841c0c67cce319941104d6f11b9ecd84)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Add test for av_gt_sf()
Michael Niedermayer [Sun, 8 Nov 2015 14:02:05 +0000 (15:02 +0100)]
avutil/softfloat: Add test for av_gt_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 791ea23e57f134559ba66fd8f1664346abbc9314)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Extend the av_cmp_sf() test to cover a wider range of exponents
Michael Niedermayer [Sun, 8 Nov 2015 13:45:19 +0000 (14:45 +0100)]
avutil/softfloat: Extend the av_cmp_sf() test to cover a wider range of exponents

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ecfb076141d0243212143f0d7c9d4e47b56bec15)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Fix overflows in shifts in av_cmp_sf() and av_gt_sf()
Michael Niedermayer [Sun, 8 Nov 2015 13:13:42 +0000 (14:13 +0100)]
avutil/softfloat: Fix overflows in shifts in av_cmp_sf() and av_gt_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cee3c9d29aceec8cddd829acd6dfb56dc5f60322)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Add test for av_cmp_sf()
Michael Niedermayer [Sun, 8 Nov 2015 13:39:46 +0000 (14:39 +0100)]
avutil/softfloat: Add test for av_cmp_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df2a2117d280a1579500034a8a3c79dc64b90c78)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/common: add FFDIFFSIGN macro
Ganesh Ajjanagadde [Fri, 30 Oct 2015 18:21:15 +0000 (14:21 -0400)]
avutil/common: add FFDIFFSIGN macro

This is of use for defining comparator callbacks. Common approaches like
return x-y are not safe due to the risks of overflow.
Furthermore, the (x > y) - (x < y) trick is optimized to branchless
code.
This also documents this macro accordingly.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
(cherry picked from commit 265f83fd35977a80e93b3cc13ceb65f52f129a3c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Add tests for exponent underflows
Michael Niedermayer [Sun, 8 Nov 2015 13:07:22 +0000 (14:07 +0100)]
avutil/softfloat: Add tests for exponent underflows

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 596dfe7d6c6bf355aca4eca0a2386f9c5679887d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Fix exponent underflow in av_div_sf()
Michael Niedermayer [Sun, 8 Nov 2015 12:59:21 +0000 (13:59 +0100)]
avutil/softfloat: Fix exponent underflow in av_div_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 046218b212a076b92ed88a280457db871dafd377)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Fix exponent underflow in av_mul_sf()
Michael Niedermayer [Sun, 8 Nov 2015 12:57:19 +0000 (13:57 +0100)]
avutil/softfloat: Fix exponent underflow in av_mul_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1e3303fc01b95623d7a6963686c81b076690efd)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Fix typo in av_mul_sf() doxy
Michael Niedermayer [Sun, 8 Nov 2015 12:54:15 +0000 (13:54 +0100)]
avutil/softfloat: Fix typo in av_mul_sf() doxy

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4135a2bfd6d0a835f57031de57ae42363d455574)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: Correctly set the exponent for 0.0 in av_sqrt_sf()
Michael Niedermayer [Sun, 8 Nov 2015 12:25:21 +0000 (13:25 +0100)]
avutil/softfloat: Correctly set the exponent for 0.0 in av_sqrt_sf()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 107db5abf3211dc7579bbb67c1af5c25b0e280f6)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/softfloat: FLOAT_0 should use MIN_EXP
Michael Niedermayer [Sun, 8 Nov 2015 02:04:33 +0000 (03:04 +0100)]
avutil/softfloat: FLOAT_0 should use MIN_EXP

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a66b243d522344e12e3970e72e02183185a29ebe)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoswresample/resample: increase precision for compensation
Michael Niedermayer [Wed, 11 Nov 2015 15:49:21 +0000 (16:49 +0100)]
swresample/resample: increase precision for compensation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 351e625d60165be67c362af6e96ead6c9262623f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolavf/mov: add support for sidx fragment indexes
Rodger Combs [Mon, 20 Jul 2015 20:00:35 +0000 (15:00 -0500)]
lavf/mov: add support for sidx fragment indexes

Fixes trac #3842
(cherry picked from commit 4ab56667594842283dc5ae07f0daba2a2cb4d3af)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoupdate versions for 2.8.2
Michael Niedermayer [Wed, 11 Nov 2015 01:46:19 +0000 (02:46 +0100)]
update versions for 2.8.2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/mxfenc: Only store user comment related tags when needed
Michael Niedermayer [Mon, 9 Nov 2015 13:24:26 +0000 (14:24 +0100)]
avformat/mxfenc: Only store user comment related tags when needed

Also support disabling them as they seem to cause problems to some
Users. They are also not allowed in IRT D-10 thus the default for
mxf_d10 is not to write them

This also decreases the filesize when no user comment are stored

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9726893f311b7bbbc9887db2c3ffbefaad78ca3)

Conflicts:

libavformat/mxfenc.c

3 years agotests/fate/avformat: Fix fate-lavf
Michael Niedermayer [Tue, 10 Nov 2015 03:14:55 +0000 (04:14 +0100)]
tests/fate/avformat: Fix fate-lavf

The CMP variable seems to have been inherited from fate-api-seek which set it to null

the mxf reference needed a change due to c7e14a279fa7348db10ec824bb2d67858cb1c1ca

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b83c849e8797fbb972ebd7f2919e0f085061f37f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agodoc/ffmpeg: Clarify that the sdp_file option requires an rtp output.
Simon Thelen [Mon, 2 Nov 2015 14:57:50 +0000 (15:57 +0100)]
doc/ffmpeg: Clarify that the sdp_file option requires an rtp output.

Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b02201efb531348406e48f9252bd39a6acebd2b7)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.
Simon Thelen [Mon, 2 Nov 2015 15:36:16 +0000 (16:36 +0100)]
ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.

Fixes a segfault when trying to write nonexistent rtp information.

Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70fb5eadc580a82c4b977a1233d70ad0041faba0)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoapng: use correct size for output buffer
Andreas Cadhalpun [Fri, 6 Nov 2015 22:44:01 +0000 (23:44 +0100)]
apng: use correct size for output buffer

The buffer needs s->bpp bytes, at maximum currently 10.
Assert that s->bpp is not larger.

This fixes a stack buffer overflow.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 3e8e1a660ea182111057d56ec1cfad2c62250f4c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agojvdec: avoid unsigned overflow in comparison
Andreas Cadhalpun [Fri, 6 Nov 2015 20:04:34 +0000 (21:04 +0100)]
jvdec: avoid unsigned overflow in comparison

The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit db374790c75fa4ef947abcb5019fcf21d0b2de85)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000dec: Clip all tile coordinates
Michael Niedermayer [Sat, 7 Nov 2015 01:16:11 +0000 (02:16 +0100)]
avcodec/jpeg2000dec: Clip all tile coordinates

Fixes out of array access
Fixes: b877a6b788a25c70e8b1d014f8628549/asan_heap-oob_1da2c3f_2324_5a1b329b0b3c4bb6b1d775660ac56717.r3d

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 43492ff3ab68a343c1264801baa1d5a02de10167)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/microdvddec: Check for string end in 'P' case
Michael Niedermayer [Fri, 6 Nov 2015 21:24:23 +0000 (22:24 +0100)]
avcodec/microdvddec: Check for string end in 'P' case

Fixes out of array read
Fixes: a9502b60f4cecc19475382aee255f73c/asan_heap-oob_1e87fba_2548_a8ad47f6dde36644fe9cdc444d4632d0.sub

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c719cd6cf79ec21d974b81ba874580f4b8e9eb90)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dirac_parser: Fix undefined memcpy() use
Michael Niedermayer [Fri, 6 Nov 2015 20:58:42 +0000 (21:58 +0100)]
avcodec/dirac_parser: Fix undefined memcpy() use

Fixes: 9d375e415486edd1a0c826f2307d89a4/asan_generic_4a5159_1577_faa333e83dacdd9e4dd322380aeed537.iss

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daefd8ab2f2aeb90cd53cb75445faffdc7a3cc79)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/xmv: Discard remainder of packet on error
Michael Niedermayer [Fri, 6 Nov 2015 01:13:36 +0000 (02:13 +0100)]
avformat/xmv: Discard remainder of packet on error

Fixes infinite loop
Fixes: 9c48ae2680c5f23bca3d20ff0f325fd8/asan_generic_4c254d_1374_993f1e5967dd6f844b8d72f978ce2a6c.pss

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79c4a338e4b2bf0bc6f81c9f455994f673a92f78)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/xmv: factor return check out of if/else
Michael Niedermayer [Fri, 6 Nov 2015 01:11:01 +0000 (02:11 +0100)]
avformat/xmv: factor return check out of if/else

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b6fac11da470274d4b93d46ef66527aa1824179)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mpeg12dec: Do not call show_bits() with invalid bits
Michael Niedermayer [Thu, 5 Nov 2015 23:56:04 +0000 (00:56 +0100)]
avcodec/mpeg12dec: Do not call show_bits() with invalid bits

Fixes assertion failure
Fixes: 63e50545709a6440d3d59f6426d58db9/signal_sigabrt_7ffff6ae7cc9_8189_3272a3010fd98ddf947c662bbde1ac13.ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 973c3dba27d0b1a88c70f6661b6a90d2f2e50665)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>