ffmpeg.git
3 years agodoc/utils: fix typo for min() description release/2.2
Paul B Mahol [Wed, 2 Mar 2016 10:20:07 +0000 (11:20 +0100)]
doc/utils: fix typo for min() description

Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit bdf474bcff29f5b40fe14f6fa1dbe10e69c73ab7)
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
3 years agoswscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the alignment...
Michael Niedermayer [Tue, 15 Dec 2015 01:50:20 +0000 (02:50 +0100)]
swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the alignment is insufficient for SSE*

This also as a sideeffect fixes the non aligned case

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a066ff89bcbae6033c2ffda9271cad84f6c1b807)

3 years agoswscale/x86/rgb2rgb_template: Do not crash on misaligend stride
Michael Niedermayer [Tue, 15 Dec 2015 01:06:04 +0000 (02:06 +0100)]
swscale/x86/rgb2rgb_template: Do not crash on misaligend stride

Fixes Ticket5013

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 80bfce35ccd11458e97f68f417fc094c5347070c)

3 years agoavcodec/ffv1dec: Clear quant_table_count if its invalid
Michael Niedermayer [Sat, 14 Nov 2015 12:21:58 +0000 (13:21 +0100)]
avcodec/ffv1dec: Clear quant_table_count if its invalid

Fixes deallocation of corrupted pointer
Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi
No releases affected

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e04126072e984f8db5db9da9303c89ae01f7d6bb)

Fixes ticket #5052.

3 years agoavcodec/ffv1dec: Print an error if the quant table count is invalid
Michael Niedermayer [Thu, 5 Nov 2015 00:25:50 +0000 (01:25 +0100)]
avcodec/ffv1dec: Print an error if the quant table count is invalid

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8b254e436dce2f5c8c6459108dab4b02cc6b79b)

3 years agoavcodec/ffv1dec: Check for 0 quant tables
Michael Niedermayer [Wed, 4 Nov 2015 23:36:59 +0000 (00:36 +0100)]
avcodec/ffv1dec: Check for 0 quant tables

Fixes assertion failure
Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5745cf799a4389bc5d14f2b4daf32fe4631c50bc)

3 years agodoc/filters/drawtext: fix centering example
Andrey Utkin [Tue, 1 Dec 2015 19:15:53 +0000 (21:15 +0200)]
doc/filters/drawtext: fix centering example

Signed-off-by: Andrey Utkin <andrey.od.utkin@gmail.com>
Signed-off-by: Lou Logan <lou@lrcd.com>
(cherry picked from commit 648b26acc5e25ab40c43fddc54b50e9f0b13ebd8)
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
3 years agovideodsp: don't overread edges in vfix3 emu_edge.
Ronald S. Bultje [Fri, 23 Oct 2015 15:11:53 +0000 (11:11 -0400)]
videodsp: don't overread edges in vfix3 emu_edge.

Fixes trac ticket 3226. Also see Andreas' analysis in
https://bugs.debian.org/801745, which was very helpful.
(cherry picked from commit 52f84d82bdf1851ecfcc412c1719e5f6f3396209)

3 years agoavcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check
Michael Niedermayer [Fri, 21 Aug 2015 00:49:21 +0000 (02:49 +0200)]
avcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check

Fixes Ticket4778

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bb54b82b5094fd906aa28c0443be08c95662a31)

3 years agoavformat/oggenc: Check segments_count for headers too
Michael Niedermayer [Thu, 27 Aug 2015 02:08:42 +0000 (04:08 +0200)]
avformat/oggenc: Check segments_count for headers too

Fixes infinite loop and segfault in ogg_buffer_data()
Fixes Ticket4806

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 81a8701eb52d2b6469ae16ef442ce425388141b7)

3 years agoavformat/avidec: Workaround broken initial frame
Michael Niedermayer [Tue, 15 Sep 2015 02:01:27 +0000 (04:01 +0200)]
avformat/avidec: Workaround broken initial frame

Fixes Ticket4851

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e2ef00394b8079e93835d47c993868229f07502)

3 years agohevc: fix wpp threading deadlock.
Ronald S. Bultje [Sun, 20 Sep 2015 10:39:14 +0000 (12:39 +0200)]
hevc: fix wpp threading deadlock.

Fixes ticket 4258.
(cherry picked from commit 74e4948235bc8f8946eeca20525258bbf383f75d)

3 years agoavcodec/ffv1: seperate slice_count from max_slice_count
Michael Niedermayer [Thu, 24 Sep 2015 21:49:30 +0000 (23:49 +0200)]
avcodec/ffv1: seperate slice_count from max_slice_count

Fix segfault with too large slice_count
Fixes Ticket4879

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa6c43f3fdec8a7518534b9dab20c9eb4be11568)

Conflicts:
libavcodec/ffv1enc.c
libavcodec/ffv1.c
(cherry picked from commit ef6d6f89067d17d1187fc1d82b418c63b88cbba6)

3 years agoavcodec/mp3: fix skipping zeros
wm4 [Wed, 30 Sep 2015 12:53:35 +0000 (14:53 +0200)]
avcodec/mp3: fix skipping zeros

Commits 43bc5cf9 and c5371f77 add code for skipping initial zeros in mp3
packets. This code forgot to report to the user that data was skipped at
all.

Since audio codecs allow partial packet decoding, the user application
has to rely on the return value. It will remove the data reported as
consumed by the decoder, and feed it to the decoder again. This resulted
in the mp3 frame after the zero region to be decoded over and over
again, until the zero region was finally skipped by the application.

Fix this by including the amount of skipped bytes to the number of
consumed bytes returned by the decode call.

Fixes trac ticket #4890.
(cherry picked from commit cb1da9fb8d71bb611a7b0028914c97afc3f5711d)

4 years agoMAINTAINERS: Remove myself as leader
Michael Niedermayer [Fri, 31 Jul 2015 13:54:38 +0000 (15:54 +0200)]
MAINTAINERS: Remove myself as leader

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2c58931e629343f7d68258cc2b2d62c5f501ba5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/swfdec: Do not error out on pixel format changes
Michael Niedermayer [Wed, 8 Jul 2015 00:43:02 +0000 (02:43 +0200)]
avformat/swfdec: Do not error out on pixel format changes

Instead print an error and continue

Fixes Ticket4702

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6a1204a1a46674084b1e6b92562f81aaab7aac69)

4 years agoavformat/mov: Mark avio context of decompressed atoms as seekable
Michael Niedermayer [Sun, 24 May 2015 23:26:55 +0000 (01:26 +0200)]
avformat/mov: Mark avio context of decompressed atoms as seekable

Fixes Ticket4329

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8ce564ea280b61d21eebf8a2fd741f792ce81638)

4 years agoavfilter/x86/vf_hqdn3d: Fix register types
Michael Niedermayer [Wed, 27 May 2015 02:31:30 +0000 (04:31 +0200)]
avfilter/x86/vf_hqdn3d: Fix register types

Fixes Ticket4301

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 52fc3e372f8ed4de5735abed1f7f7569fe37b023)

4 years agoUpdate for 2.2.16 n2.2.16
Michael Niedermayer [Wed, 17 Jun 2015 20:10:52 +0000 (22:10 +0200)]
Update for 2.2.16

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/h264_slice: More complete cleanup in h264_slice_header_init()
Michael Niedermayer [Thu, 21 Aug 2014 14:33:03 +0000 (16:33 +0200)]
avcodec/h264_slice: More complete cleanup in h264_slice_header_init()

Fixes null pointer dereference
Fixes Ticket3873

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1fa35e4352cc39894987e14de464e3d72b55739f)

Conflicts:

libavcodec/h264_slice.c

4 years agodiracdec: check if reference could not be allocated
Andreas Cadhalpun [Tue, 5 May 2015 21:51:48 +0000 (23:51 +0200)]
diracdec: check if reference could not be allocated

s->ref_pics[i] is later used as ref argument of interpolate_refplane,
where it is dereferenced.

If it is NULL, it causes a segmentation fault.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d93181ef3eacdb862d93448f31c97765a523d1db)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agodiracdec: avoid overflow of bytes*8 in decode_lowdelay
Andreas Cadhalpun [Tue, 5 May 2015 20:10:44 +0000 (22:10 +0200)]
diracdec: avoid overflow of bytes*8 in decode_lowdelay

If bytes is large enough, bytes*8 can overflow and become negative.

In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.

This leads to a segmentation fault.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e66b39aa87eb653a6e5d15f70b792ccbf719de7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agodiracdec: prevent overflow in data_unit_size check
Andreas Cadhalpun [Tue, 5 May 2015 19:33:08 +0000 (21:33 +0200)]
diracdec: prevent overflow in data_unit_size check

buf_idx + data_unit_size can overflow, causing the '> buf_size' check to
wrongly fail.

This causes a segmentation fault.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 984f50deb2d48f6844d65e10991b996a6d29e87c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/matroskadec: Use tracks[k]->stream instead of s->streams[k]
Michael Niedermayer [Mon, 4 May 2015 13:47:54 +0000 (15:47 +0200)]
avformat/matroskadec: Use tracks[k]->stream instead of s->streams[k]

The later is not correct

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d309d309108684f742bbf5fc2393f1c519cda72)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agomatroskadec: check s->streams[k] before using it
Andreas Cadhalpun [Sun, 3 May 2015 21:55:20 +0000 (23:55 +0200)]
matroskadec: check s->streams[k] before using it

This fixes a segmentation fault.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e54540655f229d06667dc7fa7005f2a20e101e80)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/ffv1dec: Check chroma shift parameters
Michael Niedermayer [Mon, 4 May 2015 11:37:26 +0000 (13:37 +0200)]
avcodec/ffv1dec: Check chroma shift parameters

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d43cd6b08ed555c303478e3133717fbb2236be6e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agomatroskadec: use uint64_t instead of int for index_scale
Andreas Cadhalpun [Sun, 3 May 2015 21:07:20 +0000 (23:07 +0200)]
matroskadec: use uint64_t instead of int for index_scale

index_scale is set to matroska->time_scale of type uint64_t.

When index_scale is int, the assignment can overflow and e.g. result
in index_scale = 0. This causes a floating point exception due to the
division by index_scale.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eb9fb508b0e09d85d234fe694333b2005e1d7a7e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and...
Michael Niedermayer [Sun, 3 May 2015 13:54:21 +0000 (15:54 +0200)]
avcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and undefined behavior in fate

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 042260cde4ecf716438c5fc92d15ad5f037ee2e1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agonutdec: fix illegal count check in decode_main_header
Andreas Cadhalpun [Tue, 28 Apr 2015 20:37:19 +0000 (22:37 +0200)]
nutdec: fix illegal count check in decode_main_header

The existing check has two problems:
 1) i + count can overflow, so that the check '< 256' returns true.
 2) In the (i == 'N') case occurs a j-- so that the loop runs once more.

This can trigger the assertion 'nut->header_len[0] == 0' or cause
segmentation faults or infinite hangs.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c24ca1bda2d4df1dc9b2b982941be532d60da21)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agonutdec: check for negative frame rate in decode_info_header
Andreas Cadhalpun [Tue, 28 Apr 2015 18:31:56 +0000 (20:31 +0200)]
nutdec: check for negative frame rate in decode_info_header

A negative frame rate triggers an av_assert2 in av_rescale_rnd.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6621105877ce0d65724a8ab60b3a50160adbe65d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoffmpeg: remove incorrect network deinit
Michael Niedermayer [Thu, 23 Apr 2015 12:29:47 +0000 (14:29 +0200)]
ffmpeg: remove incorrect network deinit

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e2877bdf3862325c2982c3237d9bf28f1bbf793f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoOpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
Maneesh Gupta [Tue, 28 Apr 2015 07:38:31 +0000 (13:08 +0530)]
OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c

The opt_opencl_bench function copied the device name using strcpy without checking if the source string was larger.
This patch fixes this by replacing the strcpy with av_strlcpy, with the string copy size capped to the destination buffer size.

Signed-off-by: Maneesh Gupta <maneesh.gupta@amd.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cf234552b83a9503ff96572de2658b921b8842eb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoapedec: set s->samples only when init_frame_decoder succeeded
Andreas Cadhalpun [Mon, 27 Apr 2015 22:30:51 +0000 (00:30 +0200)]
apedec: set s->samples only when init_frame_decoder succeeded

Otherwise range_start_decoding is not necessarily run and thus
ctx->rc.range still 0 in range_dec_normalize leading to an infinite
loop.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 464c49155ce7ffc88ed39eb2511e7a75565c24be)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agotests/fate-run: do not attempt to parse tiny_psnrs output if it failed
Michael Niedermayer [Thu, 23 Apr 2015 02:27:56 +0000 (04:27 +0200)]
tests/fate-run: do not attempt to parse tiny_psnrs output if it failed

This avoids confusing syntax errors with awk later

Likely fixes awk errors at:
http://buildd.debian-ports.org/status/fetch.php?pkg=ffmpeg&arch=sparc64&ver=7%3A2.6.2-1&stamp=1428928967

Reviewed-by: Timothy Gu <timothygu99@gmail.com>
Thanks-to: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> for the link
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c0d847e457c1ef72843a63853f1135d52b74131e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agolavf: Reset global flag on deinit
Vittorio Giovara [Wed, 22 Apr 2015 13:59:56 +0000 (14:59 +0100)]
lavf: Reset global flag on deinit

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 32da94fa7f73ac749e0a1e2f20499fad2f6f57fe)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agobink: check vst->index_entries before using it
Andreas Cadhalpun [Wed, 22 Apr 2015 15:08:51 +0000 (17:08 +0200)]
bink: check vst->index_entries before using it

This fixes a NULL pointer dereference if vst->duration is 0.

The problem was introduced in commit 0588acaf.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 86d00ede4f9acb02690a0615490173648e1d933c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agompeg4videodec: only allow a positive length
Andreas Cadhalpun [Wed, 22 Apr 2015 14:32:42 +0000 (16:32 +0200)]
mpeg4videodec: only allow a positive length

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b3408ae4c64cb674b1d5f0f30171759113ce722a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/utils: Ensure that AVFMT_FLAG_CUSTOM_IO is set before use
Michael Niedermayer [Mon, 20 Apr 2015 20:22:31 +0000 (22:22 +0200)]
avformat/utils: Ensure that AVFMT_FLAG_CUSTOM_IO is set before use

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba631b791435c395361e2026fc7419b341e57813)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/bitstream: Assert that there is enough space left in avpriv_copy_bits()
Michael Niedermayer [Mon, 25 May 2015 01:48:45 +0000 (03:48 +0200)]
avcodec/bitstream: Assert that there is enough space left in avpriv_copy_bits()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 291ad5cc9cf815eb110b062487980fab2d107936)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/put_bits: Assert that there is enough space left in skip_put_bytes()
Michael Niedermayer [Mon, 25 May 2015 01:45:38 +0000 (03:45 +0200)]
avcodec/put_bits: Assert that there is enough space left in skip_put_bytes()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8f5ffed183e099128a732a00976f69fdc641d093)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/mpegvideo_enc: Update the buffer size as more slices are merged
Michael Niedermayer [Mon, 25 May 2015 02:54:41 +0000 (04:54 +0200)]
avcodec/mpegvideo_enc: Update the buffer size as more slices are merged

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 561d3a57aaa95c7e8e65e96b36dd069100603650)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/put_bits: Update size_in_bits in set_put_bits_buffer_size()
Michael Niedermayer [Mon, 25 May 2015 02:53:09 +0000 (04:53 +0200)]
avcodec/put_bits: Update size_in_bits in set_put_bits_buffer_size()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e4c2ec879b1121c02279cd60a54643da0d249e40)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agonutdec: abort if EOF is reached in decode_info_header/read_sm_data
Andreas Cadhalpun [Tue, 19 May 2015 22:34:42 +0000 (00:34 +0200)]
nutdec: abort if EOF is reached in decode_info_header/read_sm_data

These loops can take a lot of time if count is very large.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit bb23a15df507440deb0dcf25099d321d0f73dc28)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agonutdec: stop skipping bytes at EOF
Andreas Cadhalpun [Tue, 19 May 2015 22:31:24 +0000 (00:31 +0200)]
nutdec: stop skipping bytes at EOF

This can unnecessarily waste a lot of time.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit fa7dec8cb00d2d0dd96ff9863ccda38428610a21)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agonutdec: fix infinite resync loops
Andreas Cadhalpun [Tue, 19 May 2015 22:06:05 +0000 (00:06 +0200)]
nutdec: fix infinite resync loops

nut->last_syncpoint_pos doesn't necessarily change between resync
attempts, so find_any_startcode can return the same startcode again.

Thus remember where the last resync happened and don't try to resync
before that.

This can't be done locally in nut_read_packet, because this wouldn't
prevent infinite resync loops, where after the resync a packet is
returned and while reading a following packet the resync happens again.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 37e679881d364b6da817d829d35869d657218ab3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/nutdec: Check X in 2nd branch of index reading
Michael Niedermayer [Fri, 22 May 2015 22:23:05 +0000 (00:23 +0200)]
avformat/nutdec: Check X in 2nd branch of index reading

Prevents read of uninitialized variable

Based on patch by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ebb0ca3d70465ab6d369a66b2ef43bb059705db8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/nutdec: Fix recovery when immedeately after seeking a failure happens
Michael Niedermayer [Wed, 20 May 2015 15:32:48 +0000 (17:32 +0200)]
avformat/nutdec: Fix recovery when immedeately after seeking a failure happens

Found-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b3496b4a33e806b7afdcbbf6f468b0332b676d7c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/nutdec: Return error on EOF from get_str()
Michael Niedermayer [Wed, 20 May 2015 15:13:15 +0000 (17:13 +0200)]
avformat/nutdec: Return error on EOF from get_str()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6bbb2f8f4da67af374d62403742482cc5962aa21)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/golomb: get_ur_golomb_jpegls: Fix reading huge k values
Michael Niedermayer [Sun, 17 May 2015 17:07:17 +0000 (19:07 +0200)]
avcodec/golomb: get_ur_golomb_jpegls: Fix reading huge k values

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c720b9ce9850710e74a103d9626869e397a89faa)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc: Fix typo in num_entry_point_offsets check
Michael Niedermayer [Fri, 15 May 2015 20:12:08 +0000 (22:12 +0200)]
avcodec/hevc: Fix typo in num_entry_point_offsets check

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3051e7fa712dfe2136f19b7157211453895f2a3c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/libtheoraenc: Check for av_malloc failure
Michael Niedermayer [Fri, 15 May 2015 20:02:12 +0000 (22:02 +0200)]
avcodec/libtheoraenc: Check for av_malloc failure

Fixes CID1257799

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c64b2d480b4a35d4face9928b4265a0fda3f3dd9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/dcadec: Check active_bands
Michael Niedermayer [Fri, 15 May 2015 16:29:40 +0000 (18:29 +0200)]
avcodec/dcadec: Check active_bands

Fixes CID1297594 part2

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc624ec9ba7e5c4e8d905ac10f605a43d123f95a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/dcadec: Check scale table index
Michael Niedermayer [Fri, 15 May 2015 16:04:12 +0000 (18:04 +0200)]
avcodec/dcadec: Check scale table index

Fixes CID1297594 part 1

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0f3e6959bfa67d12cd5a173b86eb15abd7d9e4d5)

Conflicts:

libavcodec/dcadec.c

4 years agoavcodec/sonic: More completely check sample_rate_index and channels
Michael Niedermayer [Fri, 15 May 2015 15:31:58 +0000 (17:31 +0200)]
avcodec/sonic: More completely check sample_rate_index and channels

Fixes CID1271783

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ade8a46154cb45c88b1cb5c616eaa6320c941187)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/sonic: check memory allocations
Michael Niedermayer [Fri, 15 May 2015 15:26:25 +0000 (17:26 +0200)]
avcodec/sonic: check memory allocations

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c131a9fead5bf63215b6e1172b3c5c183cf90b85)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/smvjpegdec: check avcodec_decode_video2() return code
Michael Niedermayer [Fri, 15 May 2015 15:21:10 +0000 (17:21 +0200)]
avcodec/smvjpegdec: check avcodec_decode_video2() return code

Fixes CID1271810

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cdd25f9a3df3905543a5546cf6076d2eaf895736)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/shorten: More complete pred_order check
Michael Niedermayer [Fri, 15 May 2015 15:02:28 +0000 (17:02 +0200)]
avcodec/shorten: More complete pred_order check

Fixes CID1239055

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 294469416d8193a28710d802bb0c46e5fa09fad7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/shorten: Check skip_bytes()
Michael Niedermayer [Fri, 15 May 2015 14:48:31 +0000 (16:48 +0200)]
avcodec/shorten: Check skip_bytes()

Fixes CID1210526

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d201becfc0d89c6a5dfe44e96f1044fbc2aadb70)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/shorten: Fix code depending on signed overflow behavior
Michael Niedermayer [Fri, 15 May 2015 14:58:51 +0000 (16:58 +0200)]
avcodec/shorten: Fix code depending on signed overflow behavior

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2d15588124ab1d4c0612cab66f02a716f1509211)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/proresdec2: Reset slice_count on deallocation
Michael Niedermayer [Fri, 15 May 2015 13:23:32 +0000 (15:23 +0200)]
avcodec/proresdec2: Reset slice_count on deallocation

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c4c6aea397f62421bf8ef0449b2b465a53e4ab4d)

Conflicts:

libavcodec/proresdec2.c

4 years agoffmpeg_opt: Fix -timestamp parsing
Michael Niedermayer [Sat, 9 May 2015 11:07:00 +0000 (13:07 +0200)]
ffmpeg_opt: Fix -timestamp parsing

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 107e4da47644fe615ea821d6a19682d73789aca7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/dcadec: Check subsubframes
Michael Niedermayer [Thu, 14 May 2015 19:29:19 +0000 (21:29 +0200)]
avcodec/dcadec: Check subsubframes

Fixes: CID1239152

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a9bf628bfdad142763880a3d1ccb6058040dda57)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/dcadec: Check nchans
Michael Niedermayer [Thu, 14 May 2015 18:49:25 +0000 (20:49 +0200)]
avcodec/dcadec: Check nchans

Fixes CID1239110

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a6a45774d045007f8262cd7c614804390e53122e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agohevc: make avcodec_decode_video2() fail if get_format() fails
wm4 [Thu, 14 May 2015 16:27:31 +0000 (18:27 +0200)]
hevc: make avcodec_decode_video2() fail if get_format() fails

Personally, I need the decoder to back out if get_format() returns no
usable pixel format. This didn't work because the error code was not
propagated down the call chain. This in turn happened because the
variable declaration removed in this patch shadowed the variable, whose
value is returned at the end of the function. Consequently, failures of
decode_nal_unit() were ignored in this place.

Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cc5e4bb48476a89cc8ce0c41bc2bd2e8fda9b37c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/cavsdec: Check esc_code
Michael Niedermayer [Thu, 14 May 2015 15:54:40 +0000 (17:54 +0200)]
avcodec/cavsdec: Check esc_code

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 139e1c8009df7729a53eaaae7036ca01071aced5)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/mpeg4audio: add some padding/alignment to MAX_PCE_SIZE
Michael Niedermayer [Wed, 13 May 2015 22:09:56 +0000 (00:09 +0200)]
avcodec/mpeg4audio: add some padding/alignment to MAX_PCE_SIZE

This avoids potential accesses over the end

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 93cfa7d1692c25cff045f99ba1af2c9e5772c45e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswr: fix alignment issue caused by 8ch sse functions
Rainer Hochecker [Wed, 13 May 2015 16:31:27 +0000 (18:31 +0200)]
swr: fix alignment issue caused by 8ch sse functions

Fix crash when doing 8 ch conversion from apps compiled with MSVS
Thanks to Ronald for giving this hint:
https://ffmpeg.org/pipermail/ffmpeg-devel/2015-May/173049.html

Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit adb7372f7495927a226edf9b8e1d0ac9453985ea)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()
Michael Niedermayer [Wed, 13 May 2015 16:36:19 +0000 (18:36 +0200)]
avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 81cf9108563510dee24f73b2c5d94a7bd07ff747)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/jpeg2000dec: fix boolean operator
Michael Niedermayer [Wed, 13 May 2015 13:15:55 +0000 (15:15 +0200)]
avcodec/jpeg2000dec: fix boolean operator

Fixes CID1271791 #7-6

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f8f155a18ac454e7ff3312e0e0c3a70eb4359143)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc_ps: Explicitly check num_tile_* for negative values
Michael Niedermayer [Wed, 13 May 2015 11:53:33 +0000 (13:53 +0200)]
avcodec/hevc_ps: Explicitly check num_tile_* for negative values

This fixes nothing but maybe helps coverity which does not see that this is failing later

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 65e5032955cb5022f0f39160aa3839f0799456bd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc_ps: Check vps_num_hrd_parameters
Michael Niedermayer [Wed, 13 May 2015 11:35:57 +0000 (13:35 +0200)]
avcodec/hevc_ps: Check vps_num_hrd_parameters

Fix CID1239052 part2

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b195aa5d529040f43ab3acf0079cecbeb111bd57)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc: Check num_entry_point_offsets
Michael Niedermayer [Wed, 13 May 2015 11:21:52 +0000 (13:21 +0200)]
avcodec/hevc: Check num_entry_point_offsets

Fixes CID1239099 part 2

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c6ae98d4a9ff9ea607df87908393eda4ebdf4e8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc: Check offset_len
Michael Niedermayer [Wed, 13 May 2015 11:13:07 +0000 (13:13 +0200)]
avcodec/hevc: Check offset_len

Fixes CID1239099 part 1

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3e9d5e16ad9799f6b6faae4f21120d23146b84c9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc_sei: Check num_sps_ids_minus1 value
Michael Niedermayer [Tue, 12 May 2015 23:31:15 +0000 (01:31 +0200)]
avcodec/hevc_sei: Check num_sps_ids_minus1 value

Fixes CID1271794

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 93b0ee21a2f534f6d3b812686f3acde110e94f18)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/vqavideo: Check chunk size
Michael Niedermayer [Tue, 12 May 2015 22:41:38 +0000 (00:41 +0200)]
avcodec/vqavideo: Check chunk size

Fixes CID1239154

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8a62b80ce6c8e87e7937f9a5d68f83882c1c8da2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoaacdec: don't return frames without data
Andreas Cadhalpun [Tue, 12 May 2015 18:27:21 +0000 (20:27 +0200)]
aacdec: don't return frames without data

Since commit 676a395a aac->frame->data is not necessarily allocated at
the end of aac_decode_frame_int if avctx->channels is 0.

In this case a bogus frame without any data, but non-zero nb_samples is
returned.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec38a1ba404b8cb8d71ccee2b8dcd6f3fcbde273)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/hevc: Check num_negative_pics and num_positive_pics
Michael Niedermayer [Tue, 12 May 2015 17:28:15 +0000 (19:28 +0200)]
avformat/hevc: Check num_negative_pics and num_positive_pics

Fixes CID1238994

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b62b3292d8e25d3240e462c1b1cd8ac69195c46b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/hevc: Check cpb_cnt_minus1
Michael Niedermayer [Tue, 12 May 2015 17:09:06 +0000 (19:09 +0200)]
avformat/hevc: Check cpb_cnt_minus1

Fixes CID1239014

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2cddc0b19a20dd061dbf199bf88005b37c540d2f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/matroskadec: Cleanup error handling for bz2 & zlib
Michael Niedermayer [Tue, 12 May 2015 16:32:12 +0000 (18:32 +0200)]
avformat/matroskadec: Cleanup error handling for bz2 & zlib

Fixes CID703652

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 171af59d58fc67d82dce8ff7ed11fa671108baa5)

Conflicts:

libavformat/matroskadec.c

4 years agoavformat/nutdec: Fix use of uinitialized value
Michael Niedermayer [Tue, 12 May 2015 16:20:23 +0000 (18:20 +0200)]
avformat/nutdec: Fix use of uinitialized value

Fixes CID1041175

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 56abf35151c635caa3eb04bbb90454bae5463a09)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/rtpenc_jpeg: Check remaining buffer size for SOS
Michael Niedermayer [Tue, 12 May 2015 15:55:40 +0000 (17:55 +0200)]
avformat/rtpenc_jpeg: Check remaining buffer size for SOS

Fixes CID1238818

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 81198a68370e88f7d02f16de58db36713c2a50b6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet()
Michael Niedermayer [Tue, 12 May 2015 16:03:55 +0000 (18:03 +0200)]
avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet()

Larger packets are not supported and would cause problems later

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit aa5169935e160551fb1c290d1397da2f04325817)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agotools/graph2dot: use larger data types than int for array/string sizes
Michael Niedermayer [Tue, 12 May 2015 01:59:30 +0000 (03:59 +0200)]
tools/graph2dot: use larger data types than int for array/string sizes

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit acf4925f444636a828534ab47d0f86c21a7a9b4e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/subtitles: Use size_t for len
Michael Niedermayer [Sun, 10 May 2015 13:38:40 +0000 (15:38 +0200)]
avformat/subtitles: Use size_t for len

string length could theoretically be larger than int

Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a633928d47057426a9c328da594407d1c7da8a5c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/url: Use size_t for len from strlen()
Michael Niedermayer [Mon, 11 May 2015 01:50:01 +0000 (03:50 +0200)]
avformat/url: Use size_t for len from strlen()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95efc651294b3cf3e5ec4b3ed36e79d7261545ff)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavutil/avstring: Use size_t in av_strlcatf()
Michael Niedermayer [Mon, 11 May 2015 18:01:15 +0000 (20:01 +0200)]
avutil/avstring: Use size_t in av_strlcatf()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ae4eea8be45a0b212fd57ceaac1f11089ab81d98)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/vorbiscomment: Check entry length in ff_vorbiscomment_write()
Michael Niedermayer [Mon, 11 May 2015 13:23:51 +0000 (15:23 +0200)]
avformat/vorbiscomment: Check entry length in ff_vorbiscomment_write()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eca38864a6ce5053e463b8d3fc22b22bc9a49578)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavutil/dict: Use size_t for appending strings
Michael Niedermayer [Sun, 10 May 2015 14:09:07 +0000 (16:09 +0200)]
avutil/dict: Use size_t for appending strings

the string length is not constrained to INT_MAX

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4c128ea1629116fc4936edc5f96bbd18f3ef1647)

Conflicts:

libavutil/dict.c

4 years agolibavutil/mem: use size_t for the length in av_strdup()
Michael Niedermayer [Sun, 10 May 2015 14:06:50 +0000 (16:06 +0200)]
libavutil/mem: use size_t for the length in av_strdup()

the string length is not constrained to INT_MAX

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4950bd4ebedbb6289734234bb2a719820f565c41)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoaacsbr: break infinite loop in sbr_hf_calc_npatches
Andreas Cadhalpun [Wed, 22 Apr 2015 13:23:24 +0000 (15:23 +0200)]
aacsbr: break infinite loop in sbr_hf_calc_npatches

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 584cc1ade10a3297ef9c107ef3a2081c04024156)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agodiracdec: check that block length is valid
Andreas Cadhalpun [Wed, 6 May 2015 13:34:53 +0000 (15:34 +0200)]
diracdec: check that block length is valid

In init_planes p->xblen and p->yblen are set to:
            p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
            p->yblen = s->plane[0].yblen >> s->chroma_y_shift;

These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
    av_assert2(start_x < end_x && block_w > 0);
    av_assert2(start_y < end_y && block_h > 0);

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 75fc81c8318505aa7946e05a9bee08d47241fc66)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavio: fix potential crashes when combining ffio_ensure_seekback + crc
wm4 [Tue, 16 Jun 2015 22:21:02 +0000 (00:21 +0200)]
avio: fix potential crashes when combining ffio_ensure_seekback + crc

Calling ffio_ensure_seekback() if ffio_init_checksum() has been called
on the same context can lead to out of bounds memory accesses and
crashes. The reason is that ffio_ensure_seekback() does not update
checksum_ptr after reallocating the buffer, resulting in a dangling
pointer.

This effectively fixes potential crashes when opening mp3 files.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc87758775e2ce8be84e4fe598e12416e83d2845)

Conflicts:

libavformat/aviobuf.c

4 years agosonic: set avctx->channels in sonic_decode_init
Andreas Cadhalpun [Tue, 9 Jun 2015 20:41:24 +0000 (22:41 +0200)]
sonic: set avctx->channels in sonic_decode_init

Otherwise it can be 0 in sonic_decode_frame, causing SIGFPE crashes.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 58995f647b5fa2e1efa33ae4f8b8a76a81ec99df)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agovp8: change mv_{min,max}.{x,y} type to int
Andreas Cadhalpun [Mon, 8 Jun 2015 20:38:29 +0000 (22:38 +0200)]
vp8: change mv_{min,max}.{x,y} type to int

If one of the dimensions is larger than 8176, s->mb_width or
s->mb_height is larger than 511, leading to an int16_t overflow of
s->mv_max.{x,y}. This then causes av_clip to be called with amin > amax.

Changing the type to int avoids the overflow and has no negative
effect, because s->mv_max is only used in clamp_mv for clipping.
Since mv_max.{x,y} is positive and mv_min.{x,y} negative, av_clip can't
increase the absolute value. The input to av_clip is an int16_t, and
thus the output fits into int16_t as well.

For additional safety, s->mv_{min,max}.{x,y} are clipped to int16_t range
before use.

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 6fdbaa2b7fb56623ab2163f861952bc1408c39b3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agovp9: change type of tile_size from unsigned to int64_t
Andreas Cadhalpun [Sun, 7 Jun 2015 16:50:43 +0000 (18:50 +0200)]
vp9: change type of tile_size from unsigned to int64_t

Otherwise the check 'tile_size < size' treats a negative size as
unsigned, causing the check to pass. This subsequently leads to
segmentation faults.

This was originally fixed as part of Libav commit 72ca83, so the
original author is one of the following developers:
        Anton Khirnov <anton@khirnov.net>
        Diego Biurrun <diego@biurrun.de>
        Luca Barbato <lu_zero@gentoo.org>
        Martin Storsjö <martin@martin.st>

Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit b18eac7ff22332c9344769af15f7b245dd13cc64)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agomov: abort on EOF in ff_mov_read_chan
Andreas Cadhalpun [Sat, 23 May 2015 21:32:12 +0000 (23:32 +0200)]
mov: abort on EOF in ff_mov_read_chan

Otherwise the loop can take a lot of time if num_descr is very large.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit a5718863da99b54b6c853d45c84871c4a96a57c0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoffmpeg_opt: Check for localtime() failure
Michael Niedermayer [Fri, 12 Jun 2015 13:36:20 +0000 (15:36 +0200)]
ffmpeg_opt: Check for localtime() failure

Found-by: Daemon404
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8e91d9652ea5048d9014e7636e12c6ed4732d7b7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat: Fix bug in parse_rps for HEVC.
Deliang Fu [Wed, 10 Jun 2015 04:30:46 +0000 (12:30 +0800)]
avformat: Fix bug in parse_rps for HEVC.

Make the logic in libavformat/hevc.c parse_rps align with libavcodec/hevc_ps.c ff_hevc_decode_short_term_rps

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e1f8780c833ef55815111d4771b95ff78567cdb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agotakdec: ensure chan2 is a valid channel index
Andreas Cadhalpun [Tue, 9 Jun 2015 22:12:38 +0000 (00:12 +0200)]
takdec: ensure chan2 is a valid channel index

If chan2 is not smaller than the number of channels, it can cause
segmentation faults due to dereferencing a NULL pointer.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 05c57ba2f42324da2fdc93d83d65bb68dd637613)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavdevice/lavfi: do not rescale AV_NOPTS_VALUE in lavfi_read_packet()
Michael Niedermayer [Tue, 9 Jun 2015 22:47:43 +0000 (00:47 +0200)]
avdevice/lavfi: do not rescale AV_NOPTS_VALUE in lavfi_read_packet()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 913685f55208efd78bfc34d82b261bd449e69774)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>