ffmpeg.git
3 years agoavcodec/cabac: Check initial cabac decoder state
Michael Niedermayer [Fri, 27 Nov 2015 12:37:50 +0000 (13:37 +0100)]
avcodec/cabac: Check initial cabac decoder state

Fixes integer overflows
Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Found-by: xiedingbao (Ticket4727)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8000d484b83aafa752d84fbdbfb352ffe0dc64f8)

Conflicts:

libavcodec/cabac.h

3 years agoavcodec/cabac_functions: Fix "left shift of negative value -31767"
Michael Niedermayer [Fri, 27 Nov 2015 11:11:29 +0000 (12:11 +0100)]
avcodec/cabac_functions: Fix "left shift of negative value -31767"

Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Found-by: xiedingbao (Ticket4727)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1f6b05f5228979dab0e149deca7a30d22e98af5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/h264_slice: Limit max_contexts when slice_context_count is initialized
Michael Niedermayer [Tue, 24 Nov 2015 21:12:37 +0000 (22:12 +0100)]
avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized

Fixes out of array access
Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2049_f2192b6829ab6e0eefcb035329c03c60.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4ea4d2f438c9a7eba37980c9a87be4b34943e4d5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
Michael Niedermayer [Wed, 30 Sep 2015 11:10:48 +0000 (13:10 +0200)]
avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup

The variable is not a constant and can lead to race conditions

Fixes: repro.webm (not reproducable with FFmpeg alone)

Found-by: Dale Curtis <dalecurtis@google.com>
Tested-by: Dale Curtis <dalecurtis@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dabea74d0e82ea80cd344f630497cafcb3ef872c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1dec: Clear quant_table_count if its invalid
Michael Niedermayer [Sat, 14 Nov 2015 12:21:58 +0000 (13:21 +0100)]
avcodec/ffv1dec: Clear quant_table_count if its invalid

Fixes deallocation of corrupted pointer
Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi
No releases affected

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e04126072e984f8db5db9da9303c89ae01f7d6bb)

Fixes ticket #5052.

3 years agoavcodec/ffv1dec: Print an error if the quant table count is invalid
Michael Niedermayer [Thu, 5 Nov 2015 00:25:50 +0000 (01:25 +0100)]
avcodec/ffv1dec: Print an error if the quant table count is invalid

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8b254e436dce2f5c8c6459108dab4b02cc6b79b)

3 years agodoc/filters/drawtext: fix centering example
Andrey Utkin [Tue, 1 Dec 2015 19:15:53 +0000 (21:15 +0200)]
doc/filters/drawtext: fix centering example

Signed-off-by: Andrey Utkin <andrey.od.utkin@gmail.com>
Signed-off-by: Lou Logan <lou@lrcd.com>
(cherry picked from commit 648b26acc5e25ab40c43fddc54b50e9f0b13ebd8)
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
3 years agohqx: correct type and size check of info_offset
Andreas Cadhalpun [Sun, 15 Nov 2015 09:33:40 +0000 (10:33 +0100)]
hqx: correct type and size check of info_offset

It is used as size argument of ff_canopus_parse_info_tag, which uses it
as size argument to bytestream2_init, which only supports sizes up to
INT_MAX.
Changing it's type to unsigned simplifies the check.

Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 1ed7fcd42af956979abf4e32cd3c9ee17622bbcb)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agomxfdec: check edit_rate also for physical_track
Andreas Cadhalpun [Sun, 15 Nov 2015 16:46:08 +0000 (17:46 +0100)]
mxfdec: check edit_rate also for physical_track

Previously only the edit_rate of material_track was checked.
If it's negative, it causes assertion failures in av_rescale_rnd.

Reviewed-by: Tim Nicholson <nichot20-at-yahoo.com@ffmpeg.org>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 047bf82c181c1220b3087b37f28445f8b87a7a23)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agompegvideo: clear overread in clear_context
Andreas Cadhalpun [Sat, 14 Nov 2015 21:46:46 +0000 (22:46 +0100)]
mpegvideo: clear overread in clear_context

Otherwise the h263p decoder can try to copy overread bytes, even though
buffer is NULL.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 6a69a175e7b5c5393528ed0f5753e41573fa0df2)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agodvdsubdec: validate offset2 similar to offset1
Andreas Cadhalpun [Tue, 10 Nov 2015 21:14:39 +0000 (22:14 +0100)]
dvdsubdec: validate offset2 similar to offset1

If it is negative, it causes segmentation faults in decode_rle.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f621749d1181987b3f815c6766ea66d6c5d55198)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoaacdec: don't return frames without data from aac_decode_er_frame
Andreas Cadhalpun [Mon, 9 Nov 2015 21:16:01 +0000 (22:16 +0100)]
aacdec: don't return frames without data from aac_decode_er_frame

This is similar to commit ec38a1b for aac_decode_frame_int.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d7f29bfa6985e3eea2033dba0449e47b41b85928)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoavcodec/takdec: Use memove, avoid undefined memcpy() use
Michael Niedermayer [Sat, 7 Nov 2015 19:05:27 +0000 (20:05 +0100)]
avcodec/takdec: Use memove, avoid undefined memcpy() use

Fixes: e214333cbd94c91228e624ff39329ce6/asan_generic_4a5159_6412_96cda2530e80607210ab41ccae3d456d.tak

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7cea3430a56fb0ff6ef60f08620fd3875e7bfeb6)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoriffdec: prevent negative bit rate
Andreas Cadhalpun [Fri, 10 Jul 2015 22:09:46 +0000 (00:09 +0200)]
riffdec: prevent negative bit rate

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 189420cb561929e05f5cc4224cdca83740a24a32)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoMerge commit 'd80811c94e068085aab797f9ba35790529126f85'
Michael Niedermayer [Sun, 12 Jul 2015 13:21:15 +0000 (15:21 +0200)]
Merge commit 'd80811c94e068085aab797f9ba35790529126f85'

* commit 'd80811c94e068085aab797f9ba35790529126f85':
  riff: Use the correct logging context

Conflicts:
libavformat/asfdec_o.c
libavformat/avidec.c
libavformat/dxa.c
libavformat/matroskadec.c
libavformat/mov.c
libavformat/riff.h
libavformat/riffdec.c
libavformat/wavdec.c
libavformat/wtvdec.c
libavformat/xwma.c

Merged-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ba77fb61f741d9ab3bd12935527556055b2ffb2e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
3 years agoChangelog: update for 2.7.3 n2.7.3
Michael Niedermayer [Wed, 18 Nov 2015 18:37:58 +0000 (19:37 +0100)]
Changelog: update for 2.7.3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agortmpcrypt: Do the xtea decryption in little endian mode
Martin Storsjö [Wed, 11 Nov 2015 19:42:02 +0000 (21:42 +0200)]
rtmpcrypt: Do the xtea decryption in little endian mode

The XTEA algorithm operates on 32 bit numbers, not on byte sequences.
The XTEA implementation in libavutil is written assuming big endian
numbers, while the rtmpe signature encryption assumes little endian.

This fixes rtmpe communication with rtmpe servers that use signature
type 8 (XTEA), e.g. crunchyroll.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e7728319b92dbb4fb949155e33de7ff5358ddff3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoUpdate versions for 2.7.3
Michael Niedermayer [Wed, 18 Nov 2015 11:41:05 +0000 (12:41 +0100)]
Update versions for 2.7.3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/matroskadec: Check subtitle stream before dereferencing
Michael Niedermayer [Tue, 17 Nov 2015 17:19:01 +0000 (18:19 +0100)]
avformat/matroskadec: Check subtitle stream before dereferencing

Unrecognized streams are not allocated
Fixes: flicker-1.color1.vp91447030769.08.webm

Found-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5034b324cad4c29d47ef285a30b0705e6eb0384)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/utils: Do not init parser if probing is unfinished
Michael Niedermayer [Sun, 15 Nov 2015 22:41:14 +0000 (23:41 +0100)]
avformat/utils: Do not init parser if probing is unfinished

Fixes assertion failure
Fixes: 136f8b8d47af7892306625e597dee655/signal_sigabrt_7ffff6ae7cc9_8941_ab11bea57c84796418f481f873dc31ba.dvr_ms

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1ef336e912a7a3a13a9933825a56c421f891e44b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions
Michael Niedermayer [Sun, 15 Nov 2015 20:17:05 +0000 (21:17 +0100)]
avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65d3359fb366ea265a8468d76a111cb7352f0b55)

Conflicts:

libavcodec/jpeg2000dec.c

3 years agoavcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
Michael Niedermayer [Sun, 15 Nov 2015 20:12:50 +0000 (21:12 +0100)]
avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range

Fixes potential integer overflows
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi

This fix is choosen to be simple to backport, better solution
for master is planed

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000: Check comp coords to be within the supported size
Michael Niedermayer [Sun, 15 Nov 2015 19:49:17 +0000 (20:49 +0100)]
avcodec/jpeg2000: Check comp coords to be within the supported size

Fixes assertion failure
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi

This fix is choosen to be simple to backport, better solution
for master is planed

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1a8cbcb35ef2759a66b4f0875785e4b3f277057)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()
Michael Niedermayer [Sun, 15 Nov 2015 19:03:39 +0000 (20:03 +0100)]
avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 016fd413f9168816924f21c0c1ffb578f7226221)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/wmaprodec: Check for overread in decode_packet()
Michael Niedermayer [Sun, 15 Nov 2015 17:18:40 +0000 (18:18 +0100)]
avcodec/wmaprodec: Check for overread in decode_packet()

Fixes assertion failure
Fixes: 0256e92df2df7e933b43a2c70e4c8040/signal_sigabrt_7ffff6ae7cc9_1358_999ac18684788221490757582ce9af84.wma

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ad698e24e6b9dde57c4e01c145bcddfe9d6e4a3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/smacker: Check that the data size is a multiple of a sample vector
Michael Niedermayer [Sun, 15 Nov 2015 13:52:08 +0000 (14:52 +0100)]
avcodec/smacker: Check that the data size is a multiple of a sample vector

Fixes out of array access
Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a9af07a49295e014b059c1ab624c40345af5892)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/takdec: Skip last p2 sample (which is unused)
Michael Niedermayer [Sun, 15 Nov 2015 00:22:31 +0000 (01:22 +0100)]
avcodec/takdec: Skip last p2 sample (which is unused)

Fixes out of array read
Fixes: cb3f38b08b4541523974667c7d1eee9e/asan_heap-oob_2659e18_9838_021fd5cd635bf76cede6398cd9ecbcdd.tak

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 08b520636e96ba6888b669b9b3f4c414631ea1d2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dxtory: Fix input size check in dxtory_decode_v1_410()
Michael Niedermayer [Sat, 14 Nov 2015 23:25:11 +0000 (00:25 +0100)]
avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()

Fixes potential out of array read

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76b6f4b7d91901929177cc61d9810dcca0bb40c1)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dxtory: Fix input size check in dxtory_decode_v1_420()
Michael Niedermayer [Sat, 14 Nov 2015 23:25:11 +0000 (00:25 +0100)]
avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()

Fixes out of array read
Fixes: c50c4aa6cefda71b19a31ea12302980c/asan_heap-oob_12be5fd_7011_33ebd015a74976215934add72b9c8352.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9caa9414ccf2dcf8aee2695377dee830a5024c82)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/error_resilience: avoid accessing previous or next frames tables beyond height
Michael Niedermayer [Sat, 14 Nov 2015 20:11:52 +0000 (21:11 +0100)]
avcodec/error_resilience: avoid accessing previous or next frames tables beyond height

The height of tables can be rounded up for MBAFF but this does not imply that is also true
for the previous frames

Fixes out of array reads
Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a105f52855d08e4ab1ed7306da8e32fc90d6d647)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dpx: Move need_align to act per line
Michael Niedermayer [Sat, 14 Nov 2015 13:29:02 +0000 (14:29 +0100)]
avcodec/dpx: Move need_align to act per line

Fixes out of array read
Fixes: 61cf123c081ee2bb774d307c75bdb99e/asan_heap-oob_1224f76_5546_bee833ffae73f752b489b9eeaac52db7.dpx

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8aaae8e0f1519bc99bd717ea3067c9cfdb68def)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/flashsv: Check size before updating it
Michael Niedermayer [Sat, 14 Nov 2015 12:34:02 +0000 (13:34 +0100)]
avcodec/flashsv: Check size before updating it

Fixes out of array read
Fixes: 3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ivi: Check image dimensions
Michael Niedermayer [Sat, 14 Nov 2015 01:36:22 +0000 (02:36 +0100)]
avcodec/ivi: Check image dimensions

Fixes integer overflow
Fixes: 1e32c6c591d940337c20b197ec1c4d3d/asan_heap-oob_4a52e5_8946_0bb0d9e863def56005e49f1d89bdc94d.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df91aa034b82b77a3c4e01791f4a2b2ff6c82066)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/utils: Better check for channels in av_get_audio_frame_duration()
Michael Niedermayer [Sat, 14 Nov 2015 00:35:08 +0000 (01:35 +0100)]
avcodec/utils: Better check for channels in av_get_audio_frame_duration()

Fixes integer overflow
Fixes: 0c2625f236ced104d402b4a03c0d65c7/asan_generic_274e1ce_5990_9314e7a67c26aecf011b178ade9f217c.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4e16ad2868a1819de6680fc355a8eb20164adaea)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/jpeg2000dec: Check for duplicate SIZ marker
Michael Niedermayer [Fri, 13 Nov 2015 23:51:56 +0000 (00:51 +0100)]
avcodec/jpeg2000dec: Check for duplicate SIZ marker

Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44a7f17d0b20e6f8d836b2957e3e357b639f19a2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agotests/fate/avformat: Fix fate-lavf
Michael Niedermayer [Tue, 10 Nov 2015 03:14:55 +0000 (04:14 +0100)]
tests/fate/avformat: Fix fate-lavf

The CMP variable seems to have been inherited from fate-api-seek which set it to null

the mxf reference needed a change due to c7e14a279fa7348db10ec824bb2d67858cb1c1ca

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b83c849e8797fbb972ebd7f2919e0f085061f37f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agodoc/ffmpeg: Clarify that the sdp_file option requires an rtp output.
Simon Thelen [Mon, 2 Nov 2015 14:57:50 +0000 (15:57 +0100)]
doc/ffmpeg: Clarify that the sdp_file option requires an rtp output.

Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b02201efb531348406e48f9252bd39a6acebd2b7)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.
Simon Thelen [Mon, 2 Nov 2015 15:36:16 +0000 (16:36 +0100)]
ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.

Fixes a segfault when trying to write nonexistent rtp information.

Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70fb5eadc580a82c4b977a1233d70ad0041faba0)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoapng: use correct size for output buffer
Andreas Cadhalpun [Fri, 6 Nov 2015 22:44:01 +0000 (23:44 +0100)]
apng: use correct size for output buffer

The buffer needs s->bpp bytes, at maximum currently 10.
Assert that s->bpp is not larger.

This fixes a stack buffer overflow.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 3e8e1a660ea182111057d56ec1cfad2c62250f4c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agojvdec: avoid unsigned overflow in comparison
Andreas Cadhalpun [Fri, 6 Nov 2015 20:04:34 +0000 (21:04 +0100)]
jvdec: avoid unsigned overflow in comparison

The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit db374790c75fa4ef947abcb5019fcf21d0b2de85)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/hevc_ps: Check chroma_format_idc
Michael Niedermayer [Thu, 5 Nov 2015 13:52:33 +0000 (14:52 +0100)]
avcodec/hevc_ps: Check chroma_format_idc

Fixes out of array access
Fixes: 24d05e8b84676799c735c9e27d97895e/asan_heap-oob_1b70f6a_2955_7c3652a7f370f9f3ef40642bc2c99bb2.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93f30f825c08477fe8f76be00539e96014cc83c8)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/jpeg2000dec: Clip all tile coordinates
Michael Niedermayer [Sat, 7 Nov 2015 01:16:11 +0000 (02:16 +0100)]
avcodec/jpeg2000dec: Clip all tile coordinates

Fixes out of array access
Fixes: b877a6b788a25c70e8b1d014f8628549/asan_heap-oob_1da2c3f_2324_5a1b329b0b3c4bb6b1d775660ac56717.r3d

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 43492ff3ab68a343c1264801baa1d5a02de10167)

Conflicts:

libavcodec/jpeg2000dec.c

4 years agoavcodec/microdvddec: Check for string end in 'P' case
Michael Niedermayer [Fri, 6 Nov 2015 21:24:23 +0000 (22:24 +0100)]
avcodec/microdvddec: Check for string end in 'P' case

Fixes out of array read
Fixes: a9502b60f4cecc19475382aee255f73c/asan_heap-oob_1e87fba_2548_a8ad47f6dde36644fe9cdc444d4632d0.sub

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c719cd6cf79ec21d974b81ba874580f4b8e9eb90)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/dirac_parser: Fix undefined memcpy() use
Michael Niedermayer [Fri, 6 Nov 2015 20:58:42 +0000 (21:58 +0100)]
avcodec/dirac_parser: Fix undefined memcpy() use

Fixes: 9d375e415486edd1a0c826f2307d89a4/asan_generic_4a5159_1577_faa333e83dacdd9e4dd322380aeed537.iss

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daefd8ab2f2aeb90cd53cb75445faffdc7a3cc79)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/xmv: Discard remainder of packet on error
Michael Niedermayer [Fri, 6 Nov 2015 01:13:36 +0000 (02:13 +0100)]
avformat/xmv: Discard remainder of packet on error

Fixes infinite loop
Fixes: 9c48ae2680c5f23bca3d20ff0f325fd8/asan_generic_4c254d_1374_993f1e5967dd6f844b8d72f978ce2a6c.pss

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79c4a338e4b2bf0bc6f81c9f455994f673a92f78)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/xmv: factor return check out of if/else
Michael Niedermayer [Fri, 6 Nov 2015 01:11:01 +0000 (02:11 +0100)]
avformat/xmv: factor return check out of if/else

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b6fac11da470274d4b93d46ef66527aa1824179)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/mpeg12dec: Do not call show_bits() with invalid bits
Michael Niedermayer [Thu, 5 Nov 2015 23:56:04 +0000 (00:56 +0100)]
avcodec/mpeg12dec: Do not call show_bits() with invalid bits

Fixes assertion failure
Fixes: 63e50545709a6440d3d59f6426d58db9/signal_sigabrt_7ffff6ae7cc9_8189_3272a3010fd98ddf947c662bbde1ac13.ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 973c3dba27d0b1a88c70f6661b6a90d2f2e50665)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agolibavutil/channel_layout: Check strtol*() for failure
Michael Niedermayer [Thu, 5 Nov 2015 18:24:33 +0000 (19:24 +0100)]
libavutil/channel_layout: Check strtol*() for failure

Fixes assertion failure
Fixes: 4f5814bb15d2dda6fc18ef9791b13816/signal_sigabrt_7ffff6ae7cc9_65_7209d160d168b76f311be6cd64a548eb.wv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9bfd6a8c35a2102e730aca12f6e09d1627f76b3)

Conflicts:

libavutil/channel_layout.c

4 years agoavcodec/ffv1dec: Check for 0 quant tables
Michael Niedermayer [Wed, 4 Nov 2015 23:36:59 +0000 (00:36 +0100)]
avcodec/ffv1dec: Check for 0 quant tables

Fixes assertion failure
Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5745cf799a4389bc5d14f2b4daf32fe4631c50bc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/mjpegdec: Reinitialize IDCT on BPP changes
Michael Niedermayer [Wed, 4 Nov 2015 20:27:04 +0000 (21:27 +0100)]
avcodec/mjpegdec: Reinitialize IDCT on BPP changes

Fixes misaligned access
Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cc35f6f4768ffe57cc4fcfa56ecb89aee409e3d5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
Michael Niedermayer [Wed, 4 Nov 2015 17:08:52 +0000 (18:08 +0100)]
avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it

Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg
Fixes out of array access

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d24888ef19ba38b787b11d1ee091a3d94920c76a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/file_open: avoid file handle inheritance on Windows
Tobias Rapp [Thu, 29 Oct 2015 08:11:37 +0000 (09:11 +0100)]
avutil/file_open: avoid file handle inheritance on Windows

Avoids inheritance of file handles on Windows systems similar to the
O_CLOEXEC/FD_CLOEXEC flag on Linux.

Fixes file lock issues in Windows applications when a child process
is started with handle inheritance enabled (standard input/output
redirection) while a FFmpeg transcoding is running in the parent
process.

Links relevant to the subject:

https://msdn.microsoft.com/en-us/library/w7sa2b22.aspx

Describes the _wsopen() function and the O_NOINHERIT flag. File handles
opened by _wsopen() are inheritable by default.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx

Describes handle inheritance when creating new processes. Handle
inheritance must be enabled (bInheritHandles = TRUE) e.g. when you want
to pass handles for stdin/stdout via lpStartupInfo.

Signed-off-by: Tobias Rapp <t.rapp@noa-audio.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 474665346616e446ecd1407002fdf5f88201bf72)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/h264_slice: Disable slice threads if there are multiple access units in a...
Michael Niedermayer [Sat, 31 Oct 2015 20:36:00 +0000 (21:36 +0100)]
avcodec/h264_slice: Disable slice threads if there are multiple access units in a packet

Fixes null pointer dereference
Fixes part of Ticket4977

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9368d2da3d33cac845f2fdf663df500b53625c5e)

Conflicts:

libavcodec/h264_slice.c

4 years agoopusdec: Don't run vector_fmul_scalar on zero length arrays
Kieran Kunhya [Mon, 26 Oct 2015 23:09:44 +0000 (23:09 +0000)]
opusdec: Don't run vector_fmul_scalar on zero length arrays

Fixes crashes on fuzzed files
Fixes Ticket4969 part2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3e5f15b95f04a35821f63f6fd89ddd60f666a59)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/ffv1: Initialize vlc_state on allocation
Michael Niedermayer [Sat, 17 Oct 2015 00:13:42 +0000 (02:13 +0200)]
avcodec/ffv1: Initialize vlc_state on allocation

This ensures that they are always set to valid values
Fixes Ticket4939

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a878dfa4f57d068eb69fb6614f7a4a20f769ee7b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/ffv1dec: update progress in case of broken pointer chains
Michael Niedermayer [Fri, 16 Oct 2015 20:25:20 +0000 (22:25 +0200)]
avcodec/ffv1dec: update progress in case of broken pointer chains

Fixes deadlock
Fixes Ticket4932

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5063a18f5635008b2a45ada1f8c1e21e20450029)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding...
Michael Niedermayer [Fri, 16 Oct 2015 18:15:48 +0000 (20:15 +0200)]
avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons

Fixes Ticket4931

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c2d4e8700cd3db59bc11ab196c0002215cf601f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/httpauth: Add space after commas in HTTP/RTSP auth header
Andrey Utkin [Thu, 1 Oct 2015 10:56:31 +0000 (13:56 +0300)]
avformat/httpauth: Add space after commas in HTTP/RTSP auth header

This fixes access to Grandstream cameras, which return 401 to ffmpeg
otherwise.
VLC sends Authorization: header with spaces between parameters, and it
is known to work with Grandstream devices and broad range of other HTTP
and RTSP servers, so author considers switching to such behaviour safe.
Just for record - RFC 2617 (HTTP Auth) does not specify the need in
spaces, so this is not a bug of FFmpeg.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fdb32838723effb4560a345013387ea37b85ff20)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise
Michael Niedermayer [Tue, 29 Sep 2015 11:08:48 +0000 (13:08 +0200)]
avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise

Fixes crash
Fixes: flicker-1.scout3d21443372922.28.m4a

Found-by: Dale Curtis <dalecurtis@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b82b934a166e60f64e966eaa97512ba9dcb615b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/ffv1dec: Fix off by 1 error in quant_table_count check
Michael Niedermayer [Sat, 26 Sep 2015 11:20:59 +0000 (13:20 +0200)]
avcodec/ffv1dec: Fix off by 1 error in quant_table_count check

Fixes: invalid_read.nut
Found-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d221d9e069e6269cb41f3678f2734800171d87b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/ffv1dec: Explicitly check read_quant_table() return value
Michael Niedermayer [Sat, 26 Sep 2015 11:09:59 +0000 (13:09 +0200)]
avcodec/ffv1dec: Explicitly check read_quant_table() return value

Forwards the error code, avoids potential integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10bbf6cf622f8a954c6cc694ca07c24f989c99af)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/rangecoder: Check e
Michael Niedermayer [Fri, 25 Sep 2015 12:26:14 +0000 (14:26 +0200)]
avcodec/rangecoder: Check e

Fixes hang.nut

Found-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2955b6c5aed11026ec5c7164462899a10cdb937)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/log: fix zero length gnu_printf format string warning
Ganesh Ajjanagadde [Thu, 17 Sep 2015 12:11:39 +0000 (08:11 -0400)]
avutil/log: fix zero length gnu_printf format string warning

This should fix warning reported by fate client:
http://fate.ffmpeg.org/report.cgi?time=20150917113121&slot=x86_32-linux-gnu-gcc-4.5.1-have_6regs.
Untested.

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63cdb6e4a59e296e27a78ac08f15500b42cd27fc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agolavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.
Simon Thelen [Fri, 11 Sep 2015 19:49:07 +0000 (21:49 +0200)]
lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.

Not requiring this can end up producing hilariously broken files
together with -c:s copy (e.g. a webvtt file containing binary subtitle data).

Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b84232694ef0c6897e82b52326c9ea4027c69ec4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
Michael Niedermayer [Fri, 11 Sep 2015 11:28:51 +0000 (13:28 +0200)]
avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 055e56e9f76da3298f1b59bf5ea46f570e844600)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavfilter/af_asyncts: use llabs for int64_t
Ganesh Ajjanagadde [Sun, 6 Sep 2015 03:42:02 +0000 (20:42 -0700)]
avfilter/af_asyncts: use llabs for int64_t

long may not be 64 bit on all platforms; so labs on int64_t is unsafe.
This fixes a warning reported in:
http://fate.ffmpeg.org/log.cgi?time=20150905071512&log=compile&slot=i386-darwin-clang-polly-3.7

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d74123d03eb1047b844bc39fbde26f199c72cbcb)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/g2meet: Also clear tile dimensions on header_fail
Michael Niedermayer [Fri, 4 Sep 2015 10:11:46 +0000 (12:11 +0200)]
avcodec/g2meet: Also clear tile dimensions on header_fail

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fb0466699575724923aeddc4490302180dfdf4af)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/g2meet: Fix potential overflow in tile dimensions check
Michael Niedermayer [Fri, 4 Sep 2015 10:10:02 +0000 (12:10 +0200)]
avcodec/g2meet: Fix potential overflow in tile dimensions check

Fixes CID1322351

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71ec8e1ed6cf4947e204e3e4b5929a44c054f5fb)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/svq1dec: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:18:13 +0000 (01:18 +0200)]
avcodec/svq1dec: Check init_get_bits8() for failure

Fixes: CID1322313

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a51d4246d8ac96acee735e7e5dedb9d9ef27a594)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/tta: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:18:13 +0000 (01:18 +0200)]
avcodec/tta: Check init_get_bits8() for failure

Fixes: CID1322319

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f1593e4ca564cdb7f3194a9eee1dea16df41142d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/vp3: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:13:05 +0000 (01:13 +0200)]
avcodec/vp3: Check init_get_bits8() for failure

Fixes CID1322316

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cbd3cd8eb2de2280d83da5ee875c35581b46a3a3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoswresample/swresample: Fix integer overflow in seed calculation
Michael Niedermayer [Thu, 3 Sep 2015 07:22:31 +0000 (09:22 +0200)]
swresample/swresample: Fix integer overflow in seed calculation

Fixes CID1322333

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 32f53958b8f6ed4c3c2a7447c1e47d012796fae2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/mov: Fix integer overflow in FFABS
Michael Niedermayer [Thu, 3 Sep 2015 07:20:23 +0000 (09:20 +0200)]
avformat/mov: Fix integer overflow in FFABS

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 053e80f6eaf8d87521fe58ea96886b6ee0bbe59d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/common: Add FFNABS()
Michael Niedermayer [Thu, 3 Sep 2015 00:17:24 +0000 (02:17 +0200)]
avutil/common: Add FFNABS()

This macro avoids the undefined corner case with the *_MIN values

Previous version Reviewed-by: Ganesh Ajjanagadde <gajjanag@mit.edu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6cd614dac579850076ae312c29c4188f8659e46)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/common: Document FFABS() corner case
Michael Niedermayer [Thu, 3 Sep 2015 00:00:05 +0000 (02:00 +0200)]
avutil/common: Document FFABS() corner case

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 733511fb53fedd3adaaeabc5db9d0b29e71ea1d3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/dump: Fix integer overflow in aspect ratio calculation
Michael Niedermayer [Thu, 3 Sep 2015 00:49:44 +0000 (02:49 +0200)]
avformat/dump: Fix integer overflow in aspect ratio calculation

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d1bdaf3fb2c45020f72a378bb64eab1bf136581c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/mxg: Use memmove()
Michael Niedermayer [Tue, 1 Sep 2015 20:45:07 +0000 (22:45 +0200)]
avformat/mxg: Use memmove()

Fixes undefined behavior
Fixes: 1700002963a49da13542e0726b7bb758/unknown_unknown_292_658_cov_2141972066_m1.mxg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c7c207aecde0773afc974ce4b7e25dca659bc5b5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/truemotion1: Check for even width
Michael Niedermayer [Tue, 1 Sep 2015 02:57:22 +0000 (04:57 +0200)]
avcodec/truemotion1: Check for even width

Fixes out of array access
Fixes: 87196d8bbc633629fc9dd851fce73e70/asan_heap-oob_26f6853_862_cov_585961513_sonic3dblast_intro-partial.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63fb5a6aefb4223334001fd2c0d82a5e22e3b528)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/mpeg12dec: Set dimensions in mpeg1_decode_sequence() only in absence of errors
Michael Niedermayer [Tue, 1 Sep 2015 00:45:10 +0000 (02:45 +0200)]
avcodec/mpeg12dec: Set dimensions in mpeg1_decode_sequence() only in absence of errors

Fixes assertion failure
Fixes: 56dcafde14a8397161bb61a16c511179/signal_sigabrt_7ffff6ac8cc9_686_cov_1897408623_microsoft_new_way_to_shove_mpeg2_in_asf.dvr_ms

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b54e03c9dc2a05324c08b503bfe7535c49c0f281)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/libopusenc: Fix infinite loop on flushing after 0 input
Michael Niedermayer [Thu, 27 Aug 2015 10:44:31 +0000 (12:44 +0200)]
avcodec/libopusenc: Fix infinite loop on flushing after 0 input

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6701c92fa4269872856c70c3170a9b3291b46247)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops
Michael Niedermayer [Mon, 24 Aug 2015 11:04:38 +0000 (13:04 +0200)]
avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee155c18a2c50b339ba5f6f223fbb6dc343fd471)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/hevc: Fix parsing errors
Arthur Grant [Mon, 24 Aug 2015 10:19:03 +0000 (12:19 +0200)]
avformat/hevc: Fix parsing errors

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 781efd07415cdf6f676cca5b22147e5d6be0a4c4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Use correct codec_id for av_parser_change() check
Michael Niedermayer [Fri, 21 Aug 2015 01:04:41 +0000 (03:04 +0200)]
ffmpeg: Use correct codec_id for av_parser_change() check

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 45f3d4e63e7807ff3d281f269625ed83f11e4cdc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Check av_parser_change() for failure
Michael Niedermayer [Fri, 21 Aug 2015 01:02:55 +0000 (03:02 +0200)]
ffmpeg: Check av_parser_change() for failure

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ac0ba6f233698f02ebb75b03242e94333dbe13d4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE
Michael Niedermayer [Fri, 21 Aug 2015 00:16:31 +0000 (02:16 +0200)]
ffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE

The null muxer has AVFMT_RAWPICTURE set but can be fed with non-raw material

related to Ticket4778

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8890941d63df786bb7a8cab92677416499bb7c3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: check avpicture_fill() return value
Michael Niedermayer [Fri, 21 Aug 2015 00:02:05 +0000 (02:02 +0200)]
ffmpeg: check avpicture_fill() return value

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15ff3f3fdfc788c0e4e584badd7ec300abfbd716)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/mux: Update sidedata in ff_write_chained()
Michael Niedermayer [Thu, 20 Aug 2015 01:35:10 +0000 (03:35 +0200)]
avformat/mux: Update sidedata in ff_write_chained()

Fixes Ticket4777

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db91e0edb63afc682ae709f73e3732a4c832944d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/flashsvenc: Correct max dimension in error message
Michael Niedermayer [Sat, 15 Aug 2015 13:21:04 +0000 (15:21 +0200)]
avcodec/flashsvenc: Correct max dimension in error message

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1f59bb6606721ef5eeade4ada541630d51510fe)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/svq1enc: Check dimensions
Michael Niedermayer [Sat, 15 Aug 2015 12:54:36 +0000 (14:54 +0200)]
avcodec/svq1enc: Check dimensions

Fixes assertion failure

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 88fe45e0fe379d7ea86c8ac1e1e8cf2c3f62389f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/dcaenc: clear bitstream end
Michael Niedermayer [Tue, 4 Aug 2015 01:11:15 +0000 (03:11 +0200)]
avcodec/dcaenc: clear bitstream end

This avoids leaving uninitialized bits in the output

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e322b7061f873e8fd33b9e518caa19b87616a528)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agolibavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()
Emanuel Czirai [Sun, 2 Aug 2015 22:58:46 +0000 (00:58 +0200)]
libavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()

related to ticket4749

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ab1c57a64b629455805d7fa74a8a20c689fc1f6)

Conflicts:

libavcodec/aacdec_template.c

4 years agorawdec: fix mjpeg probing buffer size check
wm4 [Wed, 29 Jul 2015 20:33:44 +0000 (22:33 +0200)]
rawdec: fix mjpeg probing buffer size check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c6beaed9210f01290e5a5a4e377f93f145172cc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agorawdec: fix mjpeg probing
wm4 [Wed, 29 Jul 2015 20:11:18 +0000 (22:11 +0200)]
rawdec: fix mjpeg probing

There can be other headers than "Content-Type:" (in this case, a
"Content-Length:" header was following), so checking for a trailing
newline is wrong.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf51fcd304d5594a4d8eed2bedf0ef0f68fa65f8)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoconfigure: loongson disable expensive optimizations in gcc O3 optimization
周晓勇 [Wed, 15 Jul 2015 09:28:31 +0000 (17:28 +0800)]
configure: loongson disable expensive optimizations in gcc O3 optimization

With gcc-4.9.2 loongson faild in test fate-dca, this is caused by option
-fexpensive-optimizations in -O3 optimization. We disable it temporarily
before the bug been fixed up.

Signed-off-by: ZhouXiaoyong <zhouxiaoyong@loongson.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c34389551b6ba3d90f8783806c337e387e603cd)

Conflicts:

configure

4 years agovideodsp: don't overread edges in vfix3 emu_edge.
Ronald S. Bultje [Fri, 23 Oct 2015 15:11:53 +0000 (11:11 -0400)]
videodsp: don't overread edges in vfix3 emu_edge.

Fixes trac ticket 3226. Also see Andreas' analysis in
https://bugs.debian.org/801745, which was very helpful.
(cherry picked from commit 52f84d82bdf1851ecfcc412c1719e5f6f3396209)

4 years agoavformat/mp3dec: improve junk skipping heuristic
wm4 [Tue, 20 Oct 2015 10:17:21 +0000 (12:17 +0200)]
avformat/mp3dec: improve junk skipping heuristic

Commit 2b3e9bbfb529e6bde238aeb511b55ebe461664c8 caused problems for a
certain API user:

https://code.google.com/p/chromium/issues/detail?id=537725
https://code.google.com/p/chromium/issues/detail?id=542032

The problem seems rather arbitrary, because if there's junk, anything
can happen. In this case, the imperfect junk skipping just caused it to
read different junk, from what I can see.

We can improve the accuracy of junk detection by a lot by checking if 2
consecutive frames use the same configuration. While in theory it might
be completely fine for the 1st frame to have a different format than the
2nd frame, it's exceedingly unlikely, and I can't think of a legitimate
use-case.

This is approximately the same mpg123 does for junk skipping. The
set of compared header bits is the same as the libavcodec mp3 parser
uses for similar purposes.
(cherry picked from commit de1b1a7da9e6ddf42447271e519099a88b389e4a)

Conflicts:
libavformat/mp3dec.c

4 years agoavformat/hls: add support for EXT-X-MAP
Anssi Hannula [Thu, 15 Oct 2015 11:23:00 +0000 (14:23 +0300)]
avformat/hls: add support for EXT-X-MAP

Without EXT-X-MAP support we miss the first bytes of some streams.

These streams worked by luck before byte-ranged segment support was added in
da7759b3579de3e98deb1ac58e642b861280ba54

Fixes ticket #4797.
(cherry picked from commit 909907948846dedf57a730a4d115d04d1117f9e5)

Conflicts:
libavformat/hls.c

4 years agoavformat/hls: fix segment selection regression on track changes of live streams
Anssi Hannula [Thu, 15 Oct 2015 10:42:38 +0000 (13:42 +0300)]
avformat/hls: fix segment selection regression on track changes of live streams

Commit ad701326b43078b90 ("avformat/hls: open playlists immediately when
AVDISCARD_ALL is dropped") inadvertently caused first_packet to never be
cleared, causing select_cur_seq_no() to not use the specific code for
live streams.

In practice this means that when the user selects a different audio
track during live stream (i.e. non-VOD) playback, there may be some
additional delay as the code might select an incorrect segment at first,
and we have to wait for video to catch audio (if too late segment was
selected) or to download more following audio segments (if too early
segment was selected).

Fix that by restoring the zeroing of first_packet.
(cherry picked from commit fd74d45d5158812675105a3b4aeb29c67b82f7e8)

4 years agolavf/matroskadec: Fully parse and repack MP3 packets
Rodger Combs [Sun, 16 Aug 2015 08:06:04 +0000 (03:06 -0500)]
lavf/matroskadec: Fully parse and repack MP3 packets

Fixes https://trac.ffmpeg.org/ticket/4776

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b4b2717ffe89940999eeca7317190f729b27f472)

4 years agoavcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check
Michael Niedermayer [Fri, 21 Aug 2015 00:49:21 +0000 (02:49 +0200)]
avcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check

Fixes Ticket4778

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bb54b82b5094fd906aa28c0443be08c95662a31)