ffmpeg.git
5 years agoupdate for 0.10.13 n0.10.13
Michael Niedermayer [Mon, 9 Jun 2014 00:00:04 +0000 (02:00 +0200)]
update for 0.10.13

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/mjpegdec: Fix undefined shift
Michael Niedermayer [Sun, 27 Apr 2014 03:32:56 +0000 (05:32 +0200)]
avcodec/mjpegdec: Fix undefined shift

Fixes CID1194388

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b4329605289e25bb071ec1c1182bf25fc83b09aa)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/h263dec: Fix h263 probe
Michael Niedermayer [Wed, 23 Apr 2014 19:47:48 +0000 (21:47 +0200)]
avformat/h263dec: Fix h263 probe

The code was missing 1 bit in the src format

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc145e576a443bfc89efdf35b91fd3c9ca0d8388)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavfilter/vf_deshake: fix loss of precission with odd resolutions
Michael Niedermayer [Wed, 16 Apr 2014 00:06:37 +0000 (02:06 +0200)]
avfilter/vf_deshake: fix loss of precission with odd resolutions

Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 73734282e0e4df92269984ee1671424e39249481)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/diracdec: fix undefined behavior with shifts
Michael Niedermayer [Wed, 16 Apr 2014 00:06:37 +0000 (02:06 +0200)]
avcodec/diracdec: fix undefined behavior with shifts

Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b8598f6ce61ccda3f2ff0c730b009fb650e42986)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/mpegts: Remove redundant check
Michael Niedermayer [Wed, 16 Apr 2014 00:06:37 +0000 (02:06 +0200)]
avformat/mpegts: Remove redundant check

Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ff6fa0b4b980fc5b9f7653d7b159ae02c3d95210)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoswscale/x86/swscale_template: loose hardcoded dstw_offset
Michael Niedermayer [Tue, 8 Apr 2014 16:12:12 +0000 (18:12 +0200)]
swscale/x86/swscale_template: loose hardcoded dstw_offset

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f6759d9ad4a8b71e6f212ca4f1e7da9fa56d3298)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/wma: use av_freep(), do not leave stale pointers in memory
Michael Niedermayer [Sat, 5 Apr 2014 19:34:03 +0000 (21:34 +0200)]
avcodec/wma: use av_freep(), do not leave stale pointers in memory

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d167faafe9dfa0b82bebb267c3c4e5fa5286bd67)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/h264_mp4toannexb_bsf: prepend global headers before any in stream parameter...
Michael Niedermayer [Wed, 26 Mar 2014 17:09:23 +0000 (18:09 +0100)]
avcodec/h264_mp4toannexb_bsf: prepend global headers before any in stream parameter sets

Fixes h264_mp4toannexb_bsf_failure.mkv

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 289b149cecb381522cc9ccdf382825330169c655)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agomatroska: Fix use after free
Dale Curtis [Thu, 10 Jan 2013 19:05:29 +0000 (11:05 -0800)]
matroska: Fix use after free

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ae3d41636942cbc0236bad21ad06c65f4eb0f096)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/alsdec: Clear MPEG4AudioConfig so that no use of uninitialized memory is...
Michael Niedermayer [Sun, 8 Jun 2014 12:30:30 +0000 (14:30 +0200)]
avcodec/alsdec: Clear MPEG4AudioConfig so that no use of uninitialized memory is possible

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e6bd5481cf42a9765c492c77754d4633092cece)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '9552b37e2604552d5ff210175d6baf28ccc2bb80' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:50:29 +0000 (02:50 +0200)]
Merge commit '9552b37e2604552d5ff210175d6baf28ccc2bb80' into release/0.10

* commit '9552b37e2604552d5ff210175d6baf28ccc2bb80':
  Add some bug references
  Update Changelog for 0.8.12
  Prepare for 0.8.12 Release

Conflicts:
Changelog
RELEASE

Not merged, as these changes are not correct for FFmpeg

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '6f4404b24bcf59ab29cd4b57995d374a578f51a7' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:45:10 +0000 (02:45 +0200)]
Merge commit '6f4404b24bcf59ab29cd4b57995d374a578f51a7' into release/0.10

* commit '6f4404b24bcf59ab29cd4b57995d374a578f51a7':
  h264: set parameters from SPS whenever it changes
  alac: Limit max_samples_per_frame

Conflicts:
libavcodec/h264.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '7fa72700298107fe756311ecb4dee5270ff12d35' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:41:16 +0000 (02:41 +0200)]
Merge commit '7fa72700298107fe756311ecb4dee5270ff12d35' into release/0.10

* commit '7fa72700298107fe756311ecb4dee5270ff12d35':
  swscale: Fix an undefined behaviour
  apedec: do not buffer decoded samples over AVPackets
  isom: lpcm in mov default to big endian

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '5463a2b0566b34b9e3847db9ceb1ef1d2a6004fc' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:34:10 +0000 (02:34 +0200)]
Merge commit '5463a2b0566b34b9e3847db9ceb1ef1d2a6004fc' into release/0.10

* commit '5463a2b0566b34b9e3847db9ceb1ef1d2a6004fc':
  movdec: handle 0x7fff langcode as macintosh per the specs
  avi: Improve non-interleaved detection

Conflicts:
libavformat/avidec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '079758e49a4d6b3e7cf2e22bed71d34c46712242' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:32:51 +0000 (02:32 +0200)]
Merge commit '079758e49a4d6b3e7cf2e22bed71d34c46712242' into release/0.10

* commit '079758e49a4d6b3e7cf2e22bed71d34c46712242':
  h264: reset next_output_pic earlier in start_frame()

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'a0a90b1a1116250a2494021da810cc5da89ea36f' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:27:34 +0000 (02:27 +0200)]
Merge commit 'a0a90b1a1116250a2494021da810cc5da89ea36f' into release/0.10

* commit 'a0a90b1a1116250a2494021da810cc5da89ea36f':
  tiffdec: use bytestream2 to simplify overread/overwrite protection

Conflicts:
libavcodec/tiff.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'fa60904ebd58da33abf10b05e9933d24619cf096' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:22:58 +0000 (02:22 +0200)]
Merge commit 'fa60904ebd58da33abf10b05e9933d24619cf096' into release/0.10

* commit 'fa60904ebd58da33abf10b05e9933d24619cf096':
  bytestream: add bytestream2_copy_buffer() functions
  bytestream: add functions for accessing size of buffer
  movenc: allow override of "writing application" tag

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '330c18032464a4e1f3da907e54db2e69a6fbfcda' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:18:16 +0000 (02:18 +0200)]
Merge commit '330c18032464a4e1f3da907e54db2e69a6fbfcda' into release/0.10

* commit '330c18032464a4e1f3da907e54db2e69a6fbfcda':
  matroskaenc: allow override of "writing application" tag
  avfilter: Add missing emms_c when needed
  mpeg12: check scantable indices in all decode_block functions

Conflicts:
libavformat/matroskaenc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '71b8c8430cf3f7056849257324fc39b423075ba1' into release/0.10
Michael Niedermayer [Tue, 3 Jun 2014 00:14:02 +0000 (02:14 +0200)]
Merge commit '71b8c8430cf3f7056849257324fc39b423075ba1' into release/0.10

* commit '71b8c8430cf3f7056849257324fc39b423075ba1':
  sgidec: fix buffer size check in expand_rle_row()
  adx: check that the offset is not negative
  mpegvideo: set reference/pict_type on generated reference frames

Conflicts:
libavcodec/mpegvideo.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '27ac9585c97d35b809382be5634c8e5f7211243a' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:47:50 +0000 (01:47 +0200)]
Merge commit '27ac9585c97d35b809382be5634c8e5f7211243a' into release/0.10

* commit '27ac9585c97d35b809382be5634c8e5f7211243a':
  h264: reset data partitioning at the beginning of each decode call

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '35ba079fbf281a066f3ac1e1271f3caa402dcd74' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:47:30 +0000 (01:47 +0200)]
Merge commit '35ba079fbf281a066f3ac1e1271f3caa402dcd74' into release/0.10

* commit '35ba079fbf281a066f3ac1e1271f3caa402dcd74':
  h264: reset ref count if decoding the slice header fails

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'a7cce9ebf3ae3b9678970236c964900393603a73' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:47:12 +0000 (01:47 +0200)]
Merge commit 'a7cce9ebf3ae3b9678970236c964900393603a73' into release/0.10

* commit 'a7cce9ebf3ae3b9678970236c964900393603a73':
  h264: reset first_field if frame_start() fails for missing refs

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '51ae8e26af8f5b26efb41edc0fe4812368d16ae9' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:46:55 +0000 (01:46 +0200)]
Merge commit '51ae8e26af8f5b26efb41edc0fe4812368d16ae9' into release/0.10

* commit '51ae8e26af8f5b26efb41edc0fe4812368d16ae9':
  h264: limit allowed pred modes in ff_h264_check_intra_pred_mode() to 3

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'c4033cd4eb921a9cc8deb513efc6d6a6ba3b2163' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:39:49 +0000 (01:39 +0200)]
Merge commit 'c4033cd4eb921a9cc8deb513efc6d6a6ba3b2163' into release/0.10

* commit 'c4033cd4eb921a9cc8deb513efc6d6a6ba3b2163':
  h264: reject mismatching luma/chroma bit depths during sps parsing

Conflicts:
libavcodec/h264.c
libavcodec/h264_ps.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '7f33a24e824c6d20cb941e6b20c5382becfbc923' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:37:59 +0000 (01:37 +0200)]
Merge commit '7f33a24e824c6d20cb941e6b20c5382becfbc923' into release/0.10

* commit '7f33a24e824c6d20cb941e6b20c5382becfbc923':
  h264: check that execute_decode_slices() is not called too many times

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '0f71a5df4bc913f17a53c7ac66d4957914fa1d3d' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:37:12 +0000 (01:37 +0200)]
Merge commit '0f71a5df4bc913f17a53c7ac66d4957914fa1d3d' into release/0.10

* commit '0f71a5df4bc913f17a53c7ac66d4957914fa1d3d':
  h264: do not use 422 functions for monochrome

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '3ee26080d6b3e777992b4b4124e62e1bf0ac0a65' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:27:23 +0000 (01:27 +0200)]
Merge commit '3ee26080d6b3e777992b4b4124e62e1bf0ac0a65' into release/0.10

* commit '3ee26080d6b3e777992b4b4124e62e1bf0ac0a65':
  h264: reset data_partitioning if decoding the slice header for NAL_DPA fails

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'e0d8a17402b934b8fba7b86c6c990abf1257901b' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:27:08 +0000 (01:27 +0200)]
Merge commit 'e0d8a17402b934b8fba7b86c6c990abf1257901b' into release/0.10

* commit 'e0d8a17402b934b8fba7b86c6c990abf1257901b':
  h264_refs: make sure not to write over the bounds of the default ref list

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '2cbc8dfeddcbe00ef5f112162912bb49c1dd6623' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:26:46 +0000 (01:26 +0200)]
Merge commit '2cbc8dfeddcbe00ef5f112162912bb49c1dd6623' into release/0.10

* commit '2cbc8dfeddcbe00ef5f112162912bb49c1dd6623':
  h264: check buffer size before accessing it
  configure: use utilities from /usr/xpg4/bin if it exists

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'ecf21ab0ec798eea96f862333568336098b4610c' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:17:01 +0000 (01:17 +0200)]
Merge commit 'ecf21ab0ec798eea96f862333568336098b4610c' into release/0.10

* commit 'ecf21ab0ec798eea96f862333568336098b4610c':
  cmdutils: update copyright year to 2014.
  ituh263: reject b-frame with pp_time = 0

Conflicts:
cmdutils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agodoc: switch github urls to https
Michael Niedermayer [Wed, 12 Mar 2014 22:03:11 +0000 (23:03 +0100)]
doc: switch github urls to https

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 675a66a93bf8138d629573fbdadd05bd7771012e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'f1a8885ae9e7f281b597d1f9188fc16fb2ab7832' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 23:03:19 +0000 (01:03 +0200)]
Merge commit 'f1a8885ae9e7f281b597d1f9188fc16fb2ab7832' into release/0.10

* commit 'f1a8885ae9e7f281b597d1f9188fc16fb2ab7832':
  doc: Point to the correct, actually maintained gas-preprocessor repo

Conflicts:
doc/platform.texi

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'aedf1a2996e70d322220d2704d5a615c4f7b1b23' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 22:57:09 +0000 (00:57 +0200)]
Merge commit 'aedf1a2996e70d322220d2704d5a615c4f7b1b23' into release/0.10

* commit 'aedf1a2996e70d322220d2704d5a615c4f7b1b23':
  Update Changelog for 0.8.11
  configure: Update freetype check to follow upstream

Conflicts:
Changelog

Changelog not merged as it does not match for FFmpeg

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'ec772cca60423b9994fe00c7cef239f93eae6112' into release/0.10
Michael Niedermayer [Mon, 2 Jun 2014 22:54:33 +0000 (00:54 +0200)]
Merge commit 'ec772cca60423b9994fe00c7cef239f93eae6112' into release/0.10

* commit 'ec772cca60423b9994fe00c7cef239f93eae6112':
  drawtext: Drop pointless header
  configure: Support preprocessor macros as header names

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoAdd some bug references
Reinhard Tartler [Sun, 1 Jun 2014 20:12:58 +0000 (16:12 -0400)]
Add some bug references

5 years agoUpdate Changelog for 0.8.12
Sean McGovern [Sun, 1 Jun 2014 18:20:46 +0000 (14:20 -0400)]
Update Changelog for 0.8.12

5 years agoPrepare for 0.8.12 Release
Reinhard Tartler [Sun, 1 Jun 2014 00:09:10 +0000 (20:09 -0400)]
Prepare for 0.8.12 Release

5 years agoh264: set parameters from SPS whenever it changes
Janne Grunau [Fri, 16 Nov 2012 00:12:40 +0000 (01:12 +0100)]
h264: set parameters from SPS whenever it changes

Fixes a crash in the fuzzed sample sample_varPAR.avi_s26638 with
alternating bit depths.

5 years agoswscale: Fix an undefined behaviour
Luca Barbato [Thu, 1 May 2014 22:21:23 +0000 (00:21 +0200)]
swscale: Fix an undefined behaviour

Prevent a division by zero down the codepath.

Sample-Id: 00001721-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
5 years agoalac: Limit max_samples_per_frame
Martin Storsjö [Tue, 3 Sep 2013 08:54:03 +0000 (11:54 +0300)]
alac: Limit max_samples_per_frame

Otherwise buffer size calculations in allocate_buffers could
overflow later, making the code think a large enough buffer
actually was allocated.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
5 years agoapedec: do not buffer decoded samples over AVPackets
Rafaël Carré [Tue, 27 Aug 2013 15:35:49 +0000 (17:35 +0200)]
apedec: do not buffer decoded samples over AVPackets

Only consume an AVPacket when all the samples have been read.

When the rate of samples output is limited (by the default value
of max_samples), consuming the first packet immediately will cause
timing problems:

- The first packet with PTS 0 will output 4608 samples and be
consumed entirely
- The second packet with PTS 64 will output the remaining samples
(typically, a lot, that's why max_samples exist) until the decoded
samples of the first packet have been exhausted, at which point the
samples of the second packet will be decoded and output when
av_decode_frame is called with the next packet).

That means there's a PTS jump since the first packet is 'decoded'
immediately, which can be seen with avplay or mplayer: the timing
jumps immediately to 6.2s (which is the size of a packet).

Sample: http://streams.videolan.org/issues/6348/Goldwave-MAClib.ape

Bug-Debian: http://bugs.debian.org/744901
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 91d4cfb8127f1de6c4ad173a30fffe584700046d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
5 years agoisom: lpcm in mov default to big endian
Mark Himsley [Fri, 1 Nov 2013 11:22:53 +0000 (11:22 +0000)]
isom: lpcm in mov default to big endian

It is my understanding that "Unless otherwise stated, all data in a
QuickTime movie is stored in big-endian byte ordering" [1] in MOV files.

I have a couple of thousand files, which technically are invalid because
their sound sample description element 4CC is 'lpcm' but its version is
0 - and "Version 0 supports only uncompressed audio in raw ('raw ') or
twos-complement ('twos') format" [2]

Because isom.c only contains a mapping for 4CC 'lpcm' to
AV_CODEC_ID_PCM_S16LE, these files have their audio decoded as LE when
it is actually BE.

This commit adds AV_CODEC_ID_PCM_S16BE as the first match for 4CC 'lpcm'.

[1]
https://developer.apple.com/library/mac/documentation/quicktime/QTFF/qtff.pdf
page 21
[2]
https://developer.apple.com/library/mac/documentation/quicktime/QTFF/qtff.pdf
page 178

Reviewed-by: Yusuke Nakamura <muken.the.vfrmaniac@gmail.com>
5 years agomovdec: handle 0x7fff langcode as macintosh per the specs
Baptiste Coudurier [Wed, 21 Mar 2012 21:18:16 +0000 (14:18 -0700)]
movdec: handle 0x7fff langcode as macintosh per the specs

The correct point that seperates ISO and MAC language codes is 0x400
according to the current QT spec. Old QT specs did not list where this
seperation is but apparently only defined the meaning of the first 137.

(cherry picked from commit 9e71cc81f3655cacf0f91860fba3043f13b64059)
(cherry picked from commit 7940306a47df602be4f57a62175706265bbfd0aa)

5 years agoh264: reset next_output_pic earlier in start_frame()
Anton Khirnov [Wed, 23 Apr 2014 20:26:40 +0000 (22:26 +0200)]
h264: reset next_output_pic earlier in start_frame()

In case start_frame() fails, this potentially invalid frame can still be
output to the caller.

Bug-Id: 672
Bug-Id: debian/741240
Bug-Id: ubuntu/1288206

5 years agoavi: Improve non-interleaved detection
Michael Niedermayer [Wed, 2 Apr 2014 07:11:10 +0000 (09:11 +0200)]
avi: Improve non-interleaved detection

Additional fixes by Nigel Touati-Evans <nigel.touatievans@gmail.com>.

Check the index for streams with a time drift of 2s or a buffer drift
of 64MB.

Bug-Id: 666
CC: libav-stable@libav.org
Sample-Id: yet-another-broken-interleaved-avi.avi

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agotiffdec: use bytestream2 to simplify overread/overwrite protection
Justin Ruggles [Sun, 29 Sep 2013 23:47:55 +0000 (19:47 -0400)]
tiffdec: use bytestream2 to simplify overread/overwrite protection

Based on a patch by Paul B Mahol <onemda@gmail.com>

CC:libav-stable@libav.org

5 years agobytestream: add bytestream2_copy_buffer() functions
Justin Ruggles [Sun, 29 Sep 2013 23:45:57 +0000 (19:45 -0400)]
bytestream: add bytestream2_copy_buffer() functions

This is basically an overread/overwrite-safe memcpy between a
GetByteContext and a PutByteContext.

CC:libav-stable@libav.org
(cherry picked from commit 5748faf291fec297ef25d81962b52b3438f54278)

5 years agomatroskaenc: allow override of "writing application" tag
John Stebbins [Mon, 3 Mar 2014 20:20:14 +0000 (20:20 +0000)]
matroskaenc: allow override of "writing application" tag

Signed-off-by: Tim Walker <tdskywalker@gmail.com>
CC: libav-stable@libav.org
(cherry picked from commit 0092c1dd8dac2d9e185b58503b447a0d3fb5230d)

5 years agosgidec: fix buffer size check in expand_rle_row()
Anton Khirnov [Thu, 2 Jan 2014 08:34:20 +0000 (09:34 +0100)]
sgidec: fix buffer size check in expand_rle_row()

Right now it will spuriously fail if the linesize is exactly equal to
the data width.

CC:libav-stable@libav.org

5 years agoh264: reset data partitioning at the beginning of each decode call
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: reset data partitioning at the beginning of each decode call

Prevents using GetBitContexts with data from previous calls.

Fixes access to freed memory.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: reset ref count if decoding the slice header fails
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: reset ref count if decoding the slice header fails

Otherwise the ER code might try to use some already freed references.

Fixes possible access to freed memory.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: reset first_field if frame_start() fails for missing refs
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: reset first_field if frame_start() fails for missing refs

In this case we may not have a current frame, while first_field being
set implies we do.

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: limit allowed pred modes in ff_h264_check_intra_pred_mode() to 3
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: limit allowed pred modes in ff_h264_check_intra_pred_mode() to 3

Higher modes are not allowed for 16x16/chroma, which is what this
function is used for. Otherwise this function would return 0 (vertical
prediction) for invalid higher modes, which could result in invalid
reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: reject mismatching luma/chroma bit depths during sps parsing
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: reject mismatching luma/chroma bit depths during sps parsing

There is no point in delaying the check and it avoids bugs with a
half-initialized context.

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agobytestream: add functions for accessing size of buffer
Paul B Mahol [Wed, 21 Mar 2012 00:10:18 +0000 (00:10 +0000)]
bytestream: add functions for accessing size of buffer

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
CC:libav-stable@libav.org
(cherry picked from commit de9d2705f61ef569487ec5f8974a9c7ce34ec783)

5 years agoavfilter: Add missing emms_c when needed
Luca Barbato [Wed, 5 Mar 2014 09:41:33 +0000 (10:41 +0100)]
avfilter: Add missing emms_c when needed

Arch specific calls should have an emms_c following to keep the cpu
state consistent.

Reported-By: wm4
CC: libav-stable@libav.org
5 years agoadx: check that the offset is not negative
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
adx: check that the offset is not negative

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 5569146d48f06564e8fa393424782cceed510916)

5 years agomovenc: allow override of "writing application" tag
John Stebbins [Mon, 3 Mar 2014 20:20:15 +0000 (20:20 +0000)]
movenc: allow override of "writing application" tag

Signed-off-by: Tim Walker <tdskywalker@gmail.com>
CC: libav-stable@libav.org
(cherry picked from commit 565e0c6d866ce08d4b06427456d3d1f4fd856e9c)

5 years agompeg12: check scantable indices in all decode_block functions
Janne Grunau [Fri, 24 Jan 2014 15:22:44 +0000 (16:22 +0100)]
mpeg12: check scantable indices in all decode_block functions

Add checks to the fast functions used with CODEC_FLAGS2_FAST and move
the check for all other functions to before the invalid memory is
accessed. Fixes https://trac.videolan.org/vlc/ticket/9713 with
CODEC_FLAGS2_FAST.

CC: libav-stable@libav.org
5 years agompegvideo: set reference/pict_type on generated reference frames
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
mpegvideo: set reference/pict_type on generated reference frames

Otherwise the generic code will unref them, which can then result in
last_picture_ptr == current_picture_ptr, which causes deadlocks at least
in rv40.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: check that execute_decode_slices() is not called too many times
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: check that execute_decode_slices() is not called too many times

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: do not use 422 functions for monochrome
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: do not use 422 functions for monochrome

Fixes invalid memory access.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: reset data_partitioning if decoding the slice header for NAL_DPA fails
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
h264: reset data_partitioning if decoding the slice header for NAL_DPA fails

If it was set before then we can end up trying to decode a slice without
a valid slice header, which can lead to invalid memory access.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264_refs: make sure not to write over the bounds of the default ref list
Anton Khirnov [Fri, 15 Nov 2013 18:06:23 +0000 (19:06 +0100)]
h264_refs: make sure not to write over the bounds of the default ref list

Fixes invalid writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agoh264: check buffer size before accessing it
Anton Khirnov [Fri, 15 Nov 2013 09:15:24 +0000 (10:15 +0100)]
h264: check buffer size before accessing it

Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

5 years agocmdutils: update copyright year to 2014.
Johan Andersson [Sat, 4 Jan 2014 19:47:32 +0000 (20:47 +0100)]
cmdutils: update copyright year to 2014.

Signed-off-by: Martin Storsjö <martin@martin.st>
5 years agoconfigure: use utilities from /usr/xpg4/bin if it exists
Mans Rullgard [Fri, 7 Sep 2012 11:50:43 +0000 (12:50 +0100)]
configure: use utilities from /usr/xpg4/bin if it exists

Solaris defaults to non-standard utilities (grep, sed, ...) with
proper ones being in /usr/xpg4/bin.  Prefixing PATH with this
directory when it exists ensures we get correct variants.

Signed-off-by: Mans Rullgard <mans@mansr.com>
5 years agoituh263: reject b-frame with pp_time = 0
Keiji Costantini [Sat, 1 Mar 2014 18:17:04 +0000 (18:17 +0000)]
ituh263: reject b-frame with pp_time = 0

Avoid a division by 0 in ff_mpeg4_set_one_direct_mv.

Sample-Id: 00000168-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 9514440337875e0c63b409abcd616b68c518283f)
(cherry picked from commit 5df52b0131d3d4d804ad6e221bc9a2cd8b201ef2)
(cherry picked from commit aa2a3ca27a3269e2b975686652204607fad8bc49)

5 years agodoc: Point to the correct, actually maintained gas-preprocessor repo
Martin Storsjö [Wed, 12 Mar 2014 11:46:04 +0000 (13:46 +0200)]
doc: Point to the correct, actually maintained gas-preprocessor repo

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d15c536123a44362ace6299c391a492c90b83fc7)
Signed-off-by: Martin Storsjö <martin@martin.st>
5 years agoUpdate Changelog for 0.8.11
Reinhard Tartler [Fri, 14 Mar 2014 00:59:00 +0000 (20:59 -0400)]
Update Changelog for 0.8.11

5 years agoconfigure: Update freetype check to follow upstream
Luca Barbato [Sat, 21 Dec 2013 16:59:59 +0000 (17:59 +0100)]
configure: Update freetype check to follow upstream

The freetype tutorial suggests to use #include FT_FREETYPE_H.

Bug-Id: 616
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit e61b8fa5605b16a02a2a0ea75afbfc31d7832bba)

Conflicts:
configure

5 years agodrawtext: Drop pointless header
Luca Barbato [Sun, 5 Jan 2014 11:30:45 +0000 (12:30 +0100)]
drawtext: Drop pointless header

It should be forward compatible with newer freetype.

(cherry picked from commit d68dc3c9446e38b4d686cc0f55433c9e8d7c128b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoconfigure: Support preprocessor macros as header names
Diego Biurrun [Mon, 23 Dec 2013 00:03:48 +0000 (01:03 +0100)]
configure: Support preprocessor macros as header names

New versions of FreeType have moved the location of their API
header(s) and hide the location behind a macro.

Since the location changes between versions and no other way
to know the location exists, this workaround becomes necessary.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 52ccc4a0ece88030e67254418317d72089a0ecc8)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
configure

5 years agoupdate for 0.10.12 n0.10.12
Michael Niedermayer [Mon, 10 Mar 2014 18:00:59 +0000 (19:00 +0100)]
update for 0.10.12

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/snow: split block clipping checks
Michael Niedermayer [Tue, 18 Feb 2014 01:53:14 +0000 (02:53 +0100)]
avcodec/snow: split block clipping checks

Fixes out of array read
Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/msrle: use av_image_get_linesize() to calculate the linesize
Michael Niedermayer [Sun, 16 Feb 2014 22:08:52 +0000 (23:08 +0100)]
avcodec/msrle: use av_image_get_linesize() to calculate the linesize

Fixes out of array access
Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c919e1ca2ecfc47d796382973ba0e48b8f6f92a2)

Conflicts:

libavcodec/msrle.c
(cherry picked from commit bc1c8ec5e65098fd2ccd8456f667151dfc9cda42)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/mpegtsenc: Check data array size in mpegts_write_pmt()
Michael Niedermayer [Thu, 13 Feb 2014 12:59:51 +0000 (13:59 +0100)]
avformat/mpegtsenc: Check data array size in mpegts_write_pmt()

Prevents out of array writes

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad)

Conflicts:

libavformat/mpegtsenc.c
(cherry picked from commit e87de3f50b765134588d0b048c32ed4b8acc16fb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/wmalosslessdec: fix mclms_coeffs* array size
Michael Niedermayer [Fri, 7 Feb 2014 14:07:23 +0000 (15:07 +0100)]
avcodec/wmalosslessdec: fix mclms_coeffs* array size

Fixes corruption of context
Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3)

Conflicts:

libavcodec/wmalosslessdec.c

5 years agowmalosslessdec: make mclms arrays big enough for whats written into them.
Michael Niedermayer [Sat, 14 Apr 2012 12:49:22 +0000 (14:49 +0200)]
wmalosslessdec: make mclms arrays big enough for whats written into them.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a0abefb0af64a311b15141062c77dd577ba590a3)

Conflicts:

libavcodec/wmalosslessdec.c

5 years agoavcodec/vc1: reset fcm/field_mode in non advanced header parsing
Michael Niedermayer [Sat, 1 Feb 2014 18:04:37 +0000 (19:04 +0100)]
avcodec/vc1: reset fcm/field_mode in non advanced header parsing

Fixes NULL pointer dereference
Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/vmnc: Check that rectangles are within the picture
Michael Niedermayer [Mon, 20 Jan 2014 17:08:18 +0000 (18:08 +0100)]
avcodec/vmnc: Check  that rectangles are within the picture

Prevents out of array accesses with CODEC_FLAG_EMU_EDGE

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d)

Conflicts:

libavcodec/vmnc.c

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agodnxhdenc: fix mb_rc size
Michael Niedermayer [Fri, 17 Jan 2014 19:09:48 +0000 (20:09 +0100)]
dnxhdenc: fix mb_rc size

Fixes out of array access with RC_VARIANCE set to 0

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Mon, 10 Mar 2014 17:48:51 +0000 (18:48 +0100)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8:
  arm: hpeldsp: fix put_pixels8_y2_{,no_rnd_}armv6
  arm: hpeldsp: prevent overreads in armv6 asm
  lagarith: reallocate rgb_planes when needed
  lagarith: avoid infinite loop in lag_rac_refill()

Conflicts:
libavcodec/lagarith.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '2c1d84499bfe06d75e9160b824eeffd9f5587337' into release/0.10
Michael Niedermayer [Mon, 10 Mar 2014 17:39:02 +0000 (18:39 +0100)]
Merge commit '2c1d84499bfe06d75e9160b824eeffd9f5587337' into release/0.10

* commit '2c1d84499bfe06d75e9160b824eeffd9f5587337':
  lagarith: pad RGB buffer by 1 byte.
  truemotion1: check the header size
  shorten: pad the internal bitstream buffer
  samplefmt: avoid integer overflow in av_samples_get_buffer_size()
  h264: Fix a typo from the previous commit
  h264: Lower bound check for slice offsets
  rpza: limit the number of blocks to the total remaining blocks in the frame

Conflicts:
libavcodec/lagarith.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '36017d49e2f797f7371dc24848a2285ca63e39ab' into release/0.10
Michael Niedermayer [Mon, 10 Mar 2014 17:29:50 +0000 (18:29 +0100)]
Merge commit '36017d49e2f797f7371dc24848a2285ca63e39ab' into release/0.10

* commit '36017d49e2f797f7371dc24848a2285ca63e39ab':
  Prepare for 0.8.11 Release
  lavf: make av_probe_input_buffer more robust
  Updated Changelog for 0.8.10
  oggparseogm: check timing variables
  mathematics: remove asserts from av_rescale_rnd()
  vc1: Always reset numref when parsing a new frame header.
  h264: reset num_reorder_frames if it is invalid

Conflicts:
RELEASE
libavcodec/vc1.c
libavformat/utils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '979f77b0dc40571761999633a38d97be9a1670c8' into release/0.10
Michael Niedermayer [Mon, 10 Mar 2014 17:14:20 +0000 (18:14 +0100)]
Merge commit '979f77b0dc40571761999633a38d97be9a1670c8' into release/0.10

* commit '979f77b0dc40571761999633a38d97be9a1670c8':
  h264: check that an IDR NAL only contains I slices
  mov: Free an earlier allocated array if allocating a new one
  segafilm: fix leaks if reading the header fails
  h264_cavlc: check the size of the intra PCM data.
  cavs: Check for negative cbp
  avi: DV in AVI must be considered single stream
  avutil: use align == 0 for default alignment in audio sample buffer functions

Conflicts:
libavcodec/cavsdec.c
libavutil/avutil.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'cb5d0ea0bec119ecbe327bd7d3834987ab42ec1a' into release/0.10
Michael Niedermayer [Mon, 10 Mar 2014 17:06:35 +0000 (18:06 +0100)]
Merge commit 'cb5d0ea0bec119ecbe327bd7d3834987ab42ec1a' into release/0.10

* commit 'cb5d0ea0bec119ecbe327bd7d3834987ab42ec1a':
  flashsv: Check diff_start diff_height values
  dsputil/pngdsp: fix signed/unsigned type in end comparison
  vqavideo: check chunk sizes before reading chunks
  avi: directly resync on DV in AVI read failure
  get_bits: change the failure condition in init_get_bits
  twinvq: Cope with gcc-4.8.2 miscompilation

Conflicts:
libavcodec/dsputil.c
libavcodec/flashsv.c
libavcodec/get_bits.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoarm: hpeldsp: fix put_pixels8_y2_{,no_rnd_}armv6
Janne Grunau [Sat, 8 Mar 2014 10:52:14 +0000 (11:52 +0100)]
arm: hpeldsp: fix put_pixels8_y2_{,no_rnd_}armv6

The overread avoidance fix in cbddee1cca0ebd01e8c5aa694d31228eb4de4b41
broke the computation for the last row since it prevented the safe
reading from the height+1-th row.

5 years agoarm: hpeldsp: prevent overreads in armv6 asm
Janne Grunau [Wed, 5 Mar 2014 11:44:57 +0000 (12:44 +0100)]
arm: hpeldsp: prevent overreads in armv6 asm

Based on a patch by Russel King <rmk+libav@arm.linux.org.uk>

Bug-Id: 646
CC: libav-stable@libav.org
5 years agolagarith: reallocate rgb_planes when needed
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
lagarith: reallocate rgb_planes when needed

Fixes invalid writes on pixel format changes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 4c3e1956ee35fdcc5ffdb28782050164b4623c0b)
(cherry picked from commit bd57e783437f990c3ac4747eeebe20332e103980)

5 years agolagarith: pad RGB buffer by 1 byte.
Ronald S. Bultje [Fri, 3 Aug 2012 03:46:09 +0000 (20:46 -0700)]
lagarith: pad RGB buffer by 1 byte.

For left HFYU prediction, we predict from the buffer buf+1 using 8- or
16-byte reads. This means that aligning the buffer by 16 bytes is in
itself not sufficient, because if the width itself is 16- or 8-byte
aligned, the buffer will not be padded, and thus a read of size 16 at
buf+1 will overflow boundaries at the right edge. Padding the buffer by
1 byte is sufficient to not overflow its boundaries.

Fixes bug 342.

(cherry picked from commit 98d0d19208959766a58f13dd6a678d1f765a26ac)

5 years agolagarith: avoid infinite loop in lag_rac_refill()
Anton Khirnov [Thu, 14 Feb 2013 07:47:17 +0000 (08:47 +0100)]
lagarith: avoid infinite loop in lag_rac_refill()

range == 0 happens with corrupted files

CC:libav-stable@libav.org
(cherry picked from commit de6dfa2bb82df916a67e5036b0ef96a944781ed3)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 8bce2c60b8ebc31899d576dde3bbe6205faae97d)

5 years agotruemotion1: check the header size
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
truemotion1: check the header size

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 2240e2078d53d3cfce8ff1dda64e58fa72038602)
(cherry picked from commit 76b40a9bf93e387d98aa7dc02ec7a8d13f51722f)

5 years agoshorten: pad the internal bitstream buffer
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
shorten: pad the internal bitstream buffer

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 1713eec29add37b654ec6bf262b843d139c1ffc6)
(cherry picked from commit 5881ec0ea58a95403bd375b63f22d49905cdd8e5)

5 years agosamplefmt: avoid integer overflow in av_samples_get_buffer_size()
Justin Ruggles [Thu, 30 Jan 2014 19:08:38 +0000 (14:08 -0500)]
samplefmt: avoid integer overflow in av_samples_get_buffer_size()

CC:libav-stable@libav.org
(cherry picked from commit 0e830094ad0dc251613a0aa3234d9c5c397e02e6)
(cherry picked from commit e9b3abd49890e958c745ea46a9f4f91b6b4baa58)

Conflicts:
libavutil/samplefmt.c

5 years agoh264: Fix a typo from the previous commit
Luca Barbato [Sat, 22 Feb 2014 10:19:03 +0000 (11:19 +0100)]
h264: Fix a typo from the previous commit

f777504f640260337974848c7d5d7a3f064bbb45 changed a - in +

CC: libav-stable@libav.org
(cherry picked from commit d922c5a5fbaf0b6c73bd8c81ae059bc6e406961c)
(cherry picked from commit 3ce77e04c2ca4b9e7fa6b94b51e8d7c5f188da86)
(cherry picked from commit 8cba6f58c8acaa0ca6749110a2746bbe60ff2dab)

5 years agoh264: Lower bound check for slice offsets
Vittorio Giovara [Thu, 20 Feb 2014 01:38:32 +0000 (02:38 +0100)]
h264: Lower bound check for slice offsets

And use the value from the specification.

Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit f777504f640260337974848c7d5d7a3f064bbb45)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)

Conflicts:
libavcodec/h264.c

(cherry picked from commit 41380e017afcca3119acb560c08a60a97d416c3c)

Conflicts:
libavcodec/h264.c

5 years agorpza: limit the number of blocks to the total remaining blocks in the frame
Anton Khirnov [Thu, 28 Nov 2013 09:54:35 +0000 (10:54 +0100)]
rpza: limit the number of blocks to the total remaining blocks in the frame

Fixes invalid writes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 77bb0004bbe18f1498cfecdc68db5f10808b6599)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoPrepare for 0.8.11 Release
Reinhard Tartler [Fri, 7 Feb 2014 04:26:33 +0000 (23:26 -0500)]
Prepare for 0.8.11 Release