ffmpeg.git
6 years agoUpdate for 0.10.6 n0.10.6
Michael Niedermayer [Thu, 25 Oct 2012 19:43:19 +0000 (21:43 +0200)]
Update for 0.10.6

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agonoise_bsf: fix division by 0
Michael Niedermayer [Sun, 14 Oct 2012 19:45:42 +0000 (21:45 +0200)]
noise_bsf: fix division by 0

Fixes CID733737
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 93ef29b6f47eda7d73eb9e71628f1f1abb64266d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoalsdec: fix clipping of weightings for MCC decoding
Thilo Borgmann [Sat, 13 Oct 2012 20:58:55 +0000 (22:58 +0200)]
alsdec: fix clipping of weightings for MCC decoding

Fixes CID717905
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit feaff427c0df015146f660199453bd8c0314e677)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agompegvideo: fix motion_val checks
Michael Niedermayer [Sat, 13 Oct 2012 21:52:55 +0000 (23:52 +0200)]
mpegvideo: fix motion_val checks

Fixes CID604124
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 20ec0d2a750a804f50c090cf6e6509db8ff9cadd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoflashsv: check deflateInit() return value
Michael Niedermayer [Sat, 13 Oct 2012 20:48:32 +0000 (22:48 +0200)]
flashsv: check deflateInit() return value

Fixes CID703620
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b3eb4f54c0d091ed518b38a5b90183d0d55fa729)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agodnxhddata_ Fix mixup of sizeof() and array elements in ff_dnxhd_find_cid()
Michael Niedermayer [Sat, 13 Oct 2012 20:36:15 +0000 (22:36 +0200)]
dnxhddata_ Fix mixup of sizeof() and array elements in ff_dnxhd_find_cid()

Fixes CID717910
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1037e484f0f1c45ab0a398c78985d3b91daa410c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoffv1: make sure gob_count is not 0
Michael Niedermayer [Sat, 13 Oct 2012 20:33:40 +0000 (22:33 +0200)]
ffv1: make sure gob_count is not 0

Fixes division by 0
Fixes CID733736

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 670b927aa22125a20b7915014ae41335cbf20ec4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agopp: avoid overflow in w*h
Michael Niedermayer [Sat, 13 Oct 2012 19:09:42 +0000 (21:09 +0200)]
pp: avoid overflow in w*h

Fixes CID700580
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3689ec3d28d76b7a67a5d3838870dfd25cd2daad)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoffeval: avoid folding EOF onto a valid char
Michael Niedermayer [Sat, 13 Oct 2012 18:10:29 +0000 (20:10 +0200)]
ffeval: avoid folding EOF onto a valid char

Fixes CID733704
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 225d3cc1ccd85bcda77e378f28aea6ab17ee4ba1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agotrasher: check seek return value.
Michael Niedermayer [Sat, 13 Oct 2012 17:46:53 +0000 (19:46 +0200)]
trasher: check seek return value.

Fixes CID733726
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8ab0b9cabacad57cad7c26144baa544fab9c2ba7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agojpegls: increase run_index to 4
Michael Niedermayer [Sat, 13 Oct 2012 01:49:11 +0000 (03:49 +0200)]
jpegls: increase run_index to 4

Fixes part of CID717913
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8dc89944270aa223a960218e62e88164f8eda359)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agojpegls: fix off limit
Michael Niedermayer [Sat, 13 Oct 2012 01:49:11 +0000 (03:49 +0200)]
jpegls: fix off limit

Fixes part of CID717913
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4acfe3d193c741126bd7f5c1a32a911e00595ecc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agowtvdec: fix memleak on error
Michael Niedermayer [Sat, 13 Oct 2012 00:37:47 +0000 (02:37 +0200)]
wtvdec: fix memleak on error

Fixes CID718002
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e47024d72f326f7a76c9df90da861663fc5d5fc2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoffv1: avoid checking a double for equality
Michael Niedermayer [Fri, 12 Oct 2012 23:47:31 +0000 (01:47 +0200)]
ffv1: avoid checking a double for equality

if 0.0 != 0.0 a out of array read would occur, equal checks
with floating point may behave in such odd ways, though
this is very unlikely in a real implementation of a compiler

Fixes: CID718936
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 54b2d317ed99622efa07b10aca217e1a083105d9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agovf_fade: fix memleaks of args
Michael Niedermayer [Fri, 12 Oct 2012 23:08:08 +0000 (01:08 +0200)]
vf_fade: fix memleaks of args

Fixes: CID718989
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f374e9989be2478d276ed9e1c330a5726a26509c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoffserver: prevent nb_streams from becoming too large
Michael Niedermayer [Fri, 12 Oct 2012 22:30:42 +0000 (00:30 +0200)]
ffserver: prevent nb_streams from becoming too large

Fixes CID732249

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0f46825d9833b70cec671d825b0065850c485196)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoaacsbr: change order of operation to prevent out of array read
Michael Niedermayer [Fri, 12 Oct 2012 22:10:23 +0000 (00:10 +0200)]
aacsbr: change order of operation to prevent out of array read

Fixes CID732250
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2340831b8e9032716acb0aab4893d3cc500213a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agomotion_est: more complete SAB diamond size check
Michael Niedermayer [Fri, 12 Oct 2012 17:33:39 +0000 (19:33 +0200)]
motion_est: more complete SAB diamond size check

This makes no difference with the current #defines

Fixes CID732255
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3a48e38ad0e37d89065843548414d367e70593bf)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoyop: check return value of avformat_new_stream()
Paul B Mahol [Fri, 12 Oct 2012 14:23:01 +0000 (14:23 +0000)]
yop: check return value of avformat_new_stream()

Fixes null pointer dereference, fixes CID703729.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 3d179edf6d2a987e7eb134eea541954338a19add)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agotruemotion2: remove unreachable code
Paul B Mahol [Fri, 12 Oct 2012 11:53:07 +0000 (11:53 +0000)]
truemotion2: remove unreachable code

Fixes CID610345.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit caa7e24eb1d47a0dfeb9783909bce7df6d3f5482)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agobmp: unbreak non BMP_RGB compression for v4 and v5
Paul B Mahol [Thu, 11 Oct 2012 17:56:04 +0000 (17:56 +0000)]
bmp: unbreak non BMP_RGB compression for v4 and v5

Fixes CID733728 & CID733729.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 313b40efbd63a2c6b9933519ba2b208f1031a9d0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agolibvpxenc: fix memleak on error path
Michael Niedermayer [Thu, 11 Oct 2012 15:41:36 +0000 (17:41 +0200)]
libvpxenc: fix memleak on error path

Fixes CID733795
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 104b1d9e103f90485e894b20dd5bb3f1964fe5f3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoav_tempfile: fix leak in error case
Michael Niedermayer [Thu, 11 Oct 2012 15:09:57 +0000 (17:09 +0200)]
av_tempfile: fix leak in error case

Fixes CID733796 Part2
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c9454cb643f5404ca8f4f02e1384c863136f7a9e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoffprobe: fix use of uninitialized pointer in av_strtok()
Michael Niedermayer [Thu, 11 Oct 2012 01:33:34 +0000 (03:33 +0200)]
ffprobe: fix use of uninitialized pointer in av_strtok()

Fixes CID733837
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4334ba043e9601717af3a7ca46addfaf154d5fb6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoasrc_aevalsrc: Fix use of uninitialized pointer inside av_strtok()
Michael Niedermayer [Thu, 11 Oct 2012 01:00:34 +0000 (03:00 +0200)]
asrc_aevalsrc: Fix use of uninitialized pointer inside av_strtok()

Fixes CID733842
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 989c91b5042c19c9914a3b205b1ca6e1598c66ba)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoswscale-test: fix freeing of uninitialized variable
Michael Niedermayer [Thu, 11 Oct 2012 00:16:52 +0000 (02:16 +0200)]
swscale-test: fix freeing of uninitialized variable

Fixes: CID733844
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fac1ccbda1bb8441c7329a3ac18fbf04886da983)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoflashsv: propagate inflateReset() errors
Janne Grunau [Wed, 10 Oct 2012 17:47:05 +0000 (19:47 +0200)]
flashsv: propagate inflateReset() errors

Fixes CID717493.
(cherry picked from commit c466eb174699bd912b9cf601e5b1a5da87e83a33)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agog722enc: fix size argument in memset
Janne Grunau [Tue, 9 Oct 2012 18:56:58 +0000 (20:56 +0200)]
g722enc: fix size argument in memset

Fixes CID700725.
(cherry picked from commit f1de23faaa61ecf3706055f2da97f5b92aa07d9c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Thu, 25 Oct 2012 15:18:59 +0000 (17:18 +0200)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8:
  svq3: replace unsafe pointer casting with intreadwrite macros
  Update Changelog for the 0.8.4 Release
  lavc: remove stats_out from the options table.
  Prepare for 0.8.4 Release
  tiffenc: Check av_malloc() results.
  mpegaudiodec: fix short_start calculation
  h264: avoid stuck buffer pointer in decode_nal_units
  vf_pad/scale: use double precision for aspect ratios.
  yuv4mpeg: return proper error codes.
  smacker audio: sign-extend the initial 16-bit predicted value

Conflicts:
Changelog
RELEASE
libavfilter/vf_pad.c
libavfilter/vf_scale.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit 'be209bdabb11c59de17220bdbf0bf9c9f7cc16f5' into release/0.10
Michael Niedermayer [Thu, 25 Oct 2012 14:51:26 +0000 (16:51 +0200)]
Merge commit 'be209bdabb11c59de17220bdbf0bf9c9f7cc16f5' into release/0.10

* commit 'be209bdabb11c59de17220bdbf0bf9c9f7cc16f5':
  vf_pad: don't give up its own reference to the output buffer.
  libvorbis: use VBR by default, with default quality of 3
  libvorbis: fix use of minrate/maxrate AVOptions
  h264: fix deadlocks on incomplete reference frame decoding.
  cmdutils: avoid setting data pointers to invalid values in alloc_buffer()
  avidec: return 0, not packet size from read_packet().
  wmapro: prevent division by zero when sample rate is unspecified
  vc1dec: check that coded slice positions and interlacing match.
  alsdec: fix number of decoded samples in first sub-block in BGMC mode.
  alsdec: remove dead assignments
  alsdec: Fix out of ltp_gain_values read.
  alsdec: Check that quantized parcor coeffs are within range.
  alsdec: Check k used for rice decoder.

Conflicts:
avconv.c
libavcodec/h264.c
libavcodec/libvorbis.c
libavformat/avidec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit '15c2e8027f4827018608badb1bff1294af1810e4' into release/0.10
Michael Niedermayer [Thu, 25 Oct 2012 14:29:54 +0000 (16:29 +0200)]
Merge commit '15c2e8027f4827018608badb1bff1294af1810e4' into release/0.10

* commit '15c2e8027f4827018608badb1bff1294af1810e4':
  wav: do not fail on empty INFO tags
  cavsdec: check for changing w/h.
  indeo4: update AVCodecContext width/height on size change
  avidec: use actually read size instead of requested size
  wmaprodec: check num_vec_coeffs for validity
  lagarith: check count before writing zeros.
  indeo3: fix out of cell write.
  indeo5: check tile size in decode_mb_info().
  indeo5: prevent null pointer dereference on broken files
  indeo5dec: Make sure we have had a valid gop header.
  indeo4/5: check empty tile size in decode_mb_info().
  ivi_common: make ff_ivi_process_empty_tile() static.

Conflicts:
libavcodec/indeo5.c
libavformat/wav.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit 'c5ec1908597824e93bbe20137ac9662f84f3cb07' into release/0.10
Michael Niedermayer [Thu, 25 Oct 2012 14:17:41 +0000 (16:17 +0200)]
Merge commit 'c5ec1908597824e93bbe20137ac9662f84f3cb07' into release/0.10

* commit 'c5ec1908597824e93bbe20137ac9662f84f3cb07':
  indeo: check for invalid motion vectors
  indeo: clear allocated band buffers
  indeo: track tile macroblock size
  factor out common decoding code for Indeo 4 and Indeo 5
  indeo: check custom Huffman tables for errors
  dfa: improve boundary checks in decode_dds1()
  dfa: use more meaningful return codes
  dfa: add some checks to ensure that decoder won't write past frame end
  dfa: convert to bytestream2 API
  dfa: check that the caller set width/height properly.
  avsdec: Set dimensions instead of relying on the demuxer.
  ac3dec: ensure get_buffer() gets a buffer for the correct number of channels

Conflicts:
libavcodec/avs.c
libavcodec/dfa.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agosvq3: replace unsafe pointer casting with intreadwrite macros
Mans Rullgard [Thu, 11 Oct 2012 15:08:22 +0000 (16:08 +0100)]
svq3: replace unsafe pointer casting with intreadwrite macros

Signed-off-by: Mans Rullgard <mans@mansr.com>
6 years agoUpdate Changelog for the 0.8.4 Release
Reinhard Tartler [Wed, 17 Oct 2012 22:08:30 +0000 (00:08 +0200)]
Update Changelog for the 0.8.4 Release

6 years agolavc: remove stats_out from the options table.
Anton Khirnov [Fri, 19 Oct 2012 18:39:27 +0000 (20:39 +0200)]
lavc: remove stats_out from the options table.

Since it is declared as a string AVOption, the generic freeing code
attempts to free it on codec close. Some codecs might have already freed
it elsewhere (or didn't even allocate it with av_malloc() in the first
place), so this might lead to an invalid free.

There is no point in having this field accessible as an AVOption, so
remove it from the options table.

Fixes Bug 380.

CC: libav-stable@libav.org
(cherry picked from commit b691135d0c6a2b1cca91adadaf457c2989c6a55d)

Conflicts:

libavcodec/options_table.h

6 years agoPrepare for 0.8.4 Release
Reinhard Tartler [Wed, 17 Oct 2012 21:55:27 +0000 (23:55 +0200)]
Prepare for 0.8.4 Release

6 years agotiffenc: Check av_malloc() results.
Alex Converse [Wed, 19 Sep 2012 18:12:58 +0000 (11:12 -0700)]
tiffenc: Check av_malloc() results.

(cherry picked from commit b92dfb56d4582633571db18c3d904f8602eaa2a6)

Conflicts:

libavcodec/tiffenc.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agompegaudiodec: fix short_start calculation
Luca Barbato [Fri, 28 Sep 2012 12:38:13 +0000 (14:38 +0200)]
mpegaudiodec: fix short_start calculation

The value should be always 3, as it follows from the specification.

Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
(cherry picked from commit 97cfa55eea39cef30abe14682c56c1e4e7f6f10d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoh264: avoid stuck buffer pointer in decode_nal_units
Jindřich Makovička [Sat, 29 Sep 2012 09:16:45 +0000 (11:16 +0200)]
h264: avoid stuck buffer pointer in decode_nal_units

When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.

This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.

With this change, the remaining bytes are skipped so the whole packet gets
consumed.

CC:libav-stable@libav.org

Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 1a8c6917f68f7378465e18f7615762bfd22704c2)

Conflicts:

libavcodec/h264.c

6 years agovf_pad/scale: use double precision for aspect ratios.
Anton Khirnov [Fri, 5 Oct 2012 12:45:30 +0000 (14:45 +0200)]
vf_pad/scale: use double precision for aspect ratios.

Fixes Bug 203.

CC:libav-stable@libav.org
(cherry picked from commit ba04177eeb690ba4e93ec30fc8eb02f5319f844b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoyuv4mpeg: return proper error codes.
Anton Khirnov [Fri, 5 Oct 2012 13:53:32 +0000 (15:53 +0200)]
yuv4mpeg: return proper error codes.

Fixes Bug 373.

CC:libav-stable@libav.org
(cherry picked from commit d3a72becc6371563185a509b94f5daf32ddbb485)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agosmacker audio: sign-extend the initial 16-bit predicted value
Franz Brauße [Fri, 30 Mar 2012 18:40:14 +0000 (14:40 -0400)]
smacker audio: sign-extend the initial 16-bit predicted value

Fixes Bug #265

Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 12cbbbb4abda2de0ea123282ccf7ebee61517f7d)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agovf_pad: don't give up its own reference to the output buffer.
Anton Khirnov [Sun, 8 Jul 2012 15:01:17 +0000 (17:01 +0200)]
vf_pad: don't give up its own reference to the output buffer.

Conflicts:
libavfilter/vf_pad.c

Fixes Bug 245

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agolibvorbis: use VBR by default, with default quality of 3
Justin Ruggles [Wed, 29 Feb 2012 00:33:07 +0000 (19:33 -0500)]
libvorbis: use VBR by default, with default quality of 3

(cherry picked from commit 147ff24a0e8d819615a0f596df3ea47dddd79fdc)

Conflicts:
libavcodec/libvorbis.c

Fixes a part of Bug 277

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agolibvorbis: fix use of minrate/maxrate AVOptions
Justin Ruggles [Tue, 28 Feb 2012 23:52:30 +0000 (18:52 -0500)]
libvorbis: fix use of minrate/maxrate AVOptions

- enable the options for audio encoding
- properly check for user-set maxrate
- use correct calling order in vorbis_encode_setup_managed()
(cherry picked from commit 182d4f1f3855460ee8634ea052f33332cf9d174e)

Conflicts:
libavcodec/libvorbis.c

Fixes a part of Bug 277

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoh264: fix deadlocks on incomplete reference frame decoding.
Ronald S. Bultje [Fri, 16 Mar 2012 22:24:08 +0000 (15:24 -0700)]
h264: fix deadlocks on incomplete reference frame decoding.

If decoding a second complementary field, and the first was
decoded in our thread, mark decoding of that field as complete.
If decoding fails, mark the decoded field/frame as complete.
Do not allow switching between field modes or field/frame mode
between slices within the same field/frame. Ensure that two
subsequent fields cover top/bottom (rather than top/frame,
bottom/frame or such nonsense situations).

Fixes various deadlocks when decoding samples with errors in
reference frames.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 1e26a48fa23ef8e1cbc424667d387184d8155f15)

Fixes Bug 118

Conflicts:
libavcodec/h264.c

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agocmdutils: avoid setting data pointers to invalid values in alloc_buffer()
Anton Khirnov [Tue, 11 Sep 2012 09:03:52 +0000 (11:03 +0200)]
cmdutils: avoid setting data pointers to invalid values in alloc_buffer()

Fixes bug 352.
(cherry picked from commit 990450c5bf17afc31a81d6225afaac86d0dca5dd)

Conflicts:
cmdutils.c

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoavidec: return 0, not packet size from read_packet().
Anton Khirnov [Fri, 28 Sep 2012 13:26:48 +0000 (15:26 +0200)]
avidec: return 0, not packet size from read_packet().

(cherry picked from commit eeade678f0a2bac127aeed2fb68d8717a6463420)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agowmapro: prevent division by zero when sample rate is unspecified
Sean McGovern [Thu, 2 Aug 2012 19:37:28 +0000 (15:37 -0400)]
wmapro: prevent division by zero when sample rate is unspecified

This fixes Bugzilla #327:

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
(cherry picked from commit 3680b2435101a5de56821718a71c828320d535a0)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agovc1dec: check that coded slice positions and interlacing match.
Michael Niedermayer [Sat, 28 Jul 2012 11:14:50 +0000 (17:14 +0600)]
vc1dec: check that coded slice positions and interlacing match.

This fixes out of array writes.

Addresses: CVE-2012-2796

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
(cherry picked from commit 1100acbab26883007898c53efeb289f562c6e514)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoalsdec: fix number of decoded samples in first sub-block in BGMC mode.
Thilo Borgmann [Sun, 15 Apr 2012 16:07:12 +0000 (18:07 +0200)]
alsdec: fix number of decoded samples in first sub-block in BGMC mode.

Fixes CVE-2012-2790

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 66197988b1ee914825afbc3084e6da63f862068a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoalsdec: remove dead assignments
Mans Rullgard [Sun, 1 Jul 2012 12:36:30 +0000 (13:36 +0100)]
alsdec: remove dead assignments

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 4ca6d206d1b5beea42c4290d2ee801aaf5cd31f0)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoalsdec: Fix out of ltp_gain_values read.
Thilo Borgmann [Sun, 11 Mar 2012 15:56:23 +0000 (16:56 +0100)]
alsdec: Fix out of ltp_gain_values read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 97f0efbfb86d24f081b2caa39f6249e05c95c2ef)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoalsdec: Check that quantized parcor coeffs are within range.
Michael Niedermayer [Wed, 29 Feb 2012 05:10:17 +0000 (06:10 +0100)]
alsdec: Check that quantized parcor coeffs are within range.

ALS spec:
11.6.3.1.1 Quantization and encoding of parcor coefficients
...
In all cases the resulting quantized values ak are restricted to the range [-64,63].

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 5b051ec3bdc78f3d89e8d1425674cde8fd6c9ccc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoalsdec: Check k used for rice decoder.
Michael Niedermayer [Sat, 7 Apr 2012 15:25:47 +0000 (17:25 +0200)]
alsdec: Check k used for rice decoder.

Values that fail this check will cause failure of decode_rice()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 23aae62c2cb4504a09ceb8cd0cabc1c8b260f521)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowav: do not fail on empty INFO tags
Anton Khirnov [Tue, 16 Oct 2012 08:33:52 +0000 (10:33 +0200)]
wav: do not fail on empty INFO tags

Fixes Bug 379

CC: libav-stable@libav.org
6 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Sun, 14 Oct 2012 02:45:42 +0000 (04:45 +0200)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8: (23 commits)
  snow: Check mallocs at init
  vorbis: Validate that the floor 1 X values contain no duplicates.
  vorbisenc: check all allocations for failure
  indeo3: validate new frame size before resetting decoder
  lavfi: avfilter_merge_formats: handle case where inputs are same
  rv34: error out on size changes with frame threading
  rv34: Handle only complete frames in frame-mt.
  rv34: use AVERROR return values in ff_rv34_decode_frame()
  vlc/rl: Add ff_ prefix to the nonstatic symbols
  h263: Add ff_ prefix to nonstatic symbols
  alsdec: check opt_order.
  golomb: check remaining bits during unary decoding in get_ur_golomb_jpegls()
  lavf: don't segfault when a NULL filename is passed to avformat_open_input()
  mpegvideo: Don't use ff_mspel_motion() for vc1
  imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
  eval: fix swapping of lt() and lte()
  nuv: check RTjpeg header for validity
  Revert "nuv: check per-frame header for validity."
  bmpdec: only initialize palette for pal8.
  sipr: fall back to setting mode based on bit_rate.
  ...

Conflicts:
avconv.c
libavcodec/dnxhddec.c
libavcodec/golomb.h
libavcodec/h263.h
libavcodec/imgconvert.c
libavcodec/mpegvideo_common.h
libavcodec/mpegvideo_enc.c
libavcodec/nuv.c
libavcodec/rv34.c
libavcodec/sipr.c
libavcodec/vorbisdec.c
libavcodec/vorbisenc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agocavsdec: check for changing w/h.
Michael Niedermayer [Sat, 24 Mar 2012 01:40:24 +0000 (02:40 +0100)]
cavsdec: check for changing w/h.

Our decoder does not support changing w/h.

Fixes CVE-2012-2777 and CVE-2012-2784.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit c20a69630619d14ae92c5541d52c579d7c8f3e94)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo4: update AVCodecContext width/height on size change
Michael Niedermayer [Sat, 14 Apr 2012 18:04:05 +0000 (20:04 +0200)]
indeo4: update AVCodecContext width/height on size change

Fixes CVE-2012-2787

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit b146d74730ab9ec5abede9066f770ad851e45fbc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoavidec: use actually read size instead of requested size
Anton Khirnov [Fri, 28 Sep 2012 13:42:29 +0000 (15:42 +0200)]
avidec: use actually read size instead of requested size

Fixes CVE-2012-2788
(cherry picked from commit 0af49a63c7f87876486ab09482d5b26b95abce60)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmaprodec: check num_vec_coeffs for validity
Michael Niedermayer [Sat, 14 Apr 2012 09:07:11 +0000 (11:07 +0200)]
wmaprodec: check num_vec_coeffs for validity

Fixes CVE-2012-2789

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 99f392a584dd10b553facc8e819f2c7e982e176d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolagarith: check count before writing zeros.
Michael Niedermayer [Sat, 14 Apr 2012 16:28:31 +0000 (18:28 +0200)]
lagarith: check count before writing zeros.

Fixes CVE-2012-2793

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit b631e4ed64f7d1b9ca8f897fda31140e8d1fad81)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo3: fix out of cell write.
Anton Khirnov [Sat, 29 Sep 2012 08:39:49 +0000 (10:39 +0200)]
indeo3: fix out of cell write.

Fixes CVE-2012-2776.

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit e4d4044339b9c3b0f45f7203cd026eda3c0414c0)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo5: check tile size in decode_mb_info().
Michael Niedermayer [Sun, 15 Apr 2012 12:11:50 +0000 (14:11 +0200)]
indeo5: check tile size in decode_mb_info().

This prevents writing into a too small array if some parameters changed
without the tile being reallocated.

Fixes CVE-2012-2794

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 2d09cdbaf2f449ba23d54e97e94bd97ca22208c6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo5: prevent null pointer dereference on broken files
Janne Grunau [Mon, 23 Jan 2012 20:33:34 +0000 (21:33 +0100)]
indeo5: prevent null pointer dereference on broken files

Found by John Villamil <johnv@matasano.com>
(cherry picked from commit 366ac22ea5a8bab63c7f46cdad2ddb2ff22cdbed)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo5dec: Make sure we have had a valid gop header.
Michael Niedermayer [Sat, 24 Mar 2012 16:43:55 +0000 (17:43 +0100)]
indeo5dec: Make sure we have had a valid gop header.

This prevents decoding happening on a half initialized context.

Fixes CVE-2012-2779

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 891918431db628db17885ed947ee387b29826a64)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo4/5: check empty tile size in decode_mb_info().
Anton Khirnov [Sat, 29 Sep 2012 09:07:58 +0000 (11:07 +0200)]
indeo4/5: check empty tile size in decode_mb_info().

This prevents writing into a too small array if some parameters changed
without the tile being reallocated.

Based on a patch by Michael Niedermayer <michaelni@gmx.at>

Fixes CVE-2012-2800

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit ae3da0ae5550053583a6f281ea7fd940497ea0d1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoivi_common: make ff_ivi_process_empty_tile() static.
Anton Khirnov [Sat, 29 Sep 2012 09:06:54 +0000 (11:06 +0200)]
ivi_common: make ff_ivi_process_empty_tile() static.

It's not used outside of ivi_common.c
(cherry picked from commit 5d2170c53bf4c2b0499f230c43764e4acf228f88)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: check for invalid motion vectors
Kostya Shishkov [Sat, 19 May 2012 14:07:42 +0000 (16:07 +0200)]
indeo: check for invalid motion vectors

(cherry picked from commit cf61aaaca16810b9b3a28395ed48fda8db0e87d9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: clear allocated band buffers
Kostya Shishkov [Sat, 19 May 2012 11:39:15 +0000 (13:39 +0200)]
indeo: clear allocated band buffers

(cherry picked from commit 23ba1503f2b11057c65052b4a07961236d8d69c7)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: track tile macroblock size
Kostya Shishkov [Sat, 19 May 2012 11:08:51 +0000 (13:08 +0200)]
indeo: track tile macroblock size

(cherry picked from commit a6e4ac40a62930d3c90f869990f96fedb9a5d654)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agofactor out common decoding code for Indeo 4 and Indeo 5
Kostya Shishkov [Sat, 19 May 2012 10:23:23 +0000 (12:23 +0200)]
factor out common decoding code for Indeo 4 and Indeo 5

(cherry picked from commit aa372cf4705343a9fff422ab9ead99cef7e0b415)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoindeo: check custom Huffman tables for errors
Kostya Shishkov [Sat, 19 May 2012 10:39:49 +0000 (12:39 +0200)]
indeo: check custom Huffman tables for errors

(cherry picked from commit fe7a37c36febd71576cbefc385d995a8d6e444e7)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agodfa: improve boundary checks in decode_dds1()
Anton Khirnov [Sat, 29 Sep 2012 11:25:28 +0000 (13:25 +0200)]
dfa: improve boundary checks in decode_dds1()

Fixes CVE-2012-2798

CC:libav-stable@libav.org
(cherry picked from commit d05f72c75445969cd7bdb1d860635c9880c67fb6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agodfa: use more meaningful return codes
Kostya Shishkov [Sun, 6 May 2012 07:46:19 +0000 (09:46 +0200)]
dfa: use more meaningful return codes

(cherry picked from commit fb5c1aaea60a714dab3d4e6e71228855fd816222)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agodfa: add some checks to ensure that decoder won't write past frame end
Kostya Shishkov [Thu, 3 May 2012 18:10:36 +0000 (20:10 +0200)]
dfa: add some checks to ensure that decoder won't write past frame end

(cherry picked from commit 8099187e897ddc90cb3902332c76fb2542dac308)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agodfa: convert to bytestream2 API
Paul B Mahol [Tue, 13 Mar 2012 01:58:12 +0000 (01:58 +0000)]
dfa: convert to bytestream2 API

Protects from overreads.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 29b0d94b43ac960cb442049a5d737a3386ff0337)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agodfa: check that the caller set width/height properly.
Anton Khirnov [Fri, 28 Sep 2012 12:47:56 +0000 (14:47 +0200)]
dfa: check that the caller set width/height properly.

Fixes CVE-2012-2786.
(cherry picked from commit ee715f49a06bf3898246d01b056284a9bb1bcbb9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoavsdec: Set dimensions instead of relying on the demuxer.
Michael Niedermayer [Fri, 20 Apr 2012 15:42:18 +0000 (17:42 +0200)]
avsdec: Set dimensions instead of relying on the demuxer.

The decode function assumes that the video will have those dimensions.

Fixes CVE-2012-2801

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 85f477935cd6b34e6ec2716b20e15ce748277a89)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoac3dec: ensure get_buffer() gets a buffer for the correct number of channels
Justin Ruggles [Sat, 29 Sep 2012 15:31:35 +0000 (11:31 -0400)]
ac3dec: ensure get_buffer() gets a buffer for the correct number of channels

If there is an error during frame parsing, but AVCodecContext.channels was
changed and AC3DecodeContext.out_channels was set previously, the two may not
match.

Fixes CVE-2012-2802
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 56b6a43056235fc110a018678da590595734203d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agosnow: Check mallocs at init
Martin Storsjö [Mon, 2 Jul 2012 07:39:25 +0000 (10:39 +0300)]
snow: Check mallocs at init

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4d8516fdb15d0177ad745228508254dee187dff9)

Conflicts:

libavcodec/snow.c

6 years agovorbis: Validate that the floor 1 X values contain no duplicates.
Alex Converse [Tue, 5 Jun 2012 01:27:03 +0000 (18:27 -0700)]
vorbis: Validate that the floor 1 X values contain no duplicates.

Duplicate values in this vector are explicitly banned by the Vorbis I spec
and cause divide-by-zero crashes later on.
(cherry picked from commit ecf79c4d3e8baaf2f303278ef81db6f8407656bc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agovorbisenc: check all allocations for failure
Justin Ruggles [Thu, 23 Feb 2012 00:23:18 +0000 (19:23 -0500)]
vorbisenc: check all allocations for failure

(cherry picked from commit be8d812c9635f31f69c30dff9ebf565a07a7dab7)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoindeo3: validate new frame size before resetting decoder
Kostya Shishkov [Mon, 14 May 2012 17:46:54 +0000 (19:46 +0200)]
indeo3: validate new frame size before resetting decoder

(cherry picked from commit 6de226a2b8b703abc823f18c3fd7f39a0787aeb5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolavfi: avfilter_merge_formats: handle case where inputs are same
Mina Nagy Zaki [Wed, 8 Jun 2011 16:24:25 +0000 (19:24 +0300)]
lavfi: avfilter_merge_formats: handle case where inputs are same

This fixes a double-free crash if lists are the same due to the two
merge_ref() calls at the end of the (useless) merging that happens.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 11b6a82412bcd372adf694a26d83b07d337e1325)

Conflicts:

libavfilter/formats.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agorv34: error out on size changes with frame threading
Janne Grunau [Fri, 23 Mar 2012 21:30:38 +0000 (22:30 +0100)]
rv34: error out on size changes with frame threading

Fixes CVE-2012-2772

(cherry picked from commit cb7190cd2c691fd93e4d3664f3fce6c19ee001dd)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agorv34: Handle only complete frames in frame-mt.
Janne Grunau [Fri, 28 Sep 2012 10:25:10 +0000 (12:25 +0200)]
rv34: Handle only complete frames in frame-mt.

Correct handling of errors to prevent hags or crashes is very complex
otherwise.

The frame initializing is also moved from decode_slice() to
decode_frame() for clarity.
(cherry picked from commit 73ad4471a48bd02b2c2a55de116161b87e061023)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agorv34: use AVERROR return values in ff_rv34_decode_frame()
Janne Grunau [Mon, 13 Feb 2012 20:14:19 +0000 (21:14 +0100)]
rv34: use AVERROR return values in ff_rv34_decode_frame()

Also adds an error message.
(cherry picked from commit 29330721b0e8514f9f8b4d54be75a662a2b79e44)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agovlc/rl: Add ff_ prefix to the nonstatic symbols
Martin Storsjö [Thu, 9 Feb 2012 09:37:58 +0000 (11:37 +0200)]
vlc/rl: Add ff_ prefix to the nonstatic symbols

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e96b4a53df101403c54e329abfadad2edddc47c4)

Conflicts:
libavcodec/4xm.c

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoh263: Add ff_ prefix to nonstatic symbols
Martin Storsjö [Thu, 9 Feb 2012 09:28:46 +0000 (11:28 +0200)]
h263: Add ff_ prefix to nonstatic symbols

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit ddce8953a5056800ec795df2dfd84fc17a11b5fc)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoalsdec: check opt_order.
Michael Niedermayer [Sat, 24 Mar 2012 00:39:13 +0000 (01:39 +0100)]
alsdec: check opt_order.

Fixes out of array write in quant_cof.
Also make sure no invalid opt_order stays in the context.

Fixes CVE-2012-2775

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 9853e41aa0a6cfff629ff7009685eb8bf8d64e7f)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agogolomb: check remaining bits during unary decoding in get_ur_golomb_jpegls()
Justin Ruggles [Mon, 11 Jun 2012 14:29:57 +0000 (10:29 -0400)]
golomb: check remaining bits during unary decoding in get_ur_golomb_jpegls()

Fixes infinite loop in FLAC decoding in case of a truncated bitstream due to
the safe bitstream reader returning 0's at the end.

Fixes Bug 310.

CC:libav-stable@libav.org
(cherry picked from commit 4795362660a526a38a7a60f06826bce97a092b59)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agolavf: don't segfault when a NULL filename is passed to avformat_open_input()
Anton Khirnov [Fri, 15 Jun 2012 17:58:11 +0000 (19:58 +0200)]
lavf: don't segfault when a NULL filename is passed to avformat_open_input()

This can easily happen when the caller is using a custom AVIOContext.

Behave as if the filename was an empty string in this case.

CC: libav-stable@libav.org
(cherry picked from commit a5db8e4a1a5449cc7a61e963c9fa698a4f22131b)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agompegvideo: Don't use ff_mspel_motion() for vc1
Michael Niedermayer [Sun, 20 Nov 2011 16:19:25 +0000 (17:19 +0100)]
mpegvideo: Don't use ff_mspel_motion() for vc1

Using ff_mspel_motion assumes that s (a MpegEncContext
poiinter) really is a Wmv2Context.

This fixes crashes in error resilience on vc1/wmv3 videos.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 18f2d5cb9c48d06895960f37467576725c9dc2d1)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoimgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
Janne Grunau [Mon, 2 Jul 2012 08:46:39 +0000 (10:46 +0200)]
imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt

CC: libav-stable@libav.org
(cherry picked from commit 39bb27bf79bc4c2d8beaed637a14176264cb1916)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoeval: fix swapping of lt() and lte()
Max Lazarov [Sat, 31 Mar 2012 06:56:56 +0000 (23:56 -0700)]
eval: fix swapping of lt() and lte()

CC: libav-stable@libav.org
(cherry picked from commit caac3ab6efde4fc9769e8a7472269356f262970a)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agonuv: check RTjpeg header for validity
Janne Grunau [Mon, 6 Aug 2012 11:59:04 +0000 (13:59 +0200)]
nuv: check RTjpeg header for validity

CC: libav-stable@libav.org
(cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoRevert "nuv: check per-frame header for validity."
Janne Grunau [Mon, 6 Aug 2012 11:50:51 +0000 (13:50 +0200)]
Revert "nuv: check per-frame header for validity."

The check is bogus since the nuv frameheader is already skipped
and the (decompressed) RTjpeg header is checked.

This reverts commit f6afacdb3b708720c9fb85984b4f7fdbca2b2036.

CC: libav-stable@libav.org
(cherry picked from commit 110d015ad450ea1b2fd40f0e9ce1c53507cdec5d)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agobmpdec: only initialize palette for pal8.
Anton Khirnov [Sun, 16 Sep 2012 06:33:09 +0000 (08:33 +0200)]
bmpdec: only initialize palette for pal8.

Gray8 is not considered to be paletted, so this would cause an invalid
write.

Fixes bug 367.

CC: libav-stable@libav.org
(cherry picked from commit 8b78c2969a5b7dca939d93bf525aa2bcd737b5d9)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agosipr: fall back to setting mode based on bit_rate.
Reimar Döffinger [Thu, 5 Jan 2012 20:01:56 +0000 (21:01 +0100)]
sipr: fall back to setting mode based on bit_rate.

Not all applications (e.g. MPlayer) set block_align, and
when using a different demuxer it might not even be
easily available.
So fall back to selecting mode based on bit rate as before
if block_align has not useful value.
It can't be worse than failing to decode completely.

(cherry picked from commit 1d0d63052b82c76e10c45cd38cdd27677de72e81)

CC: libav-stable@libav.org
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit c54e00610f20d2342fe9b17a5460abfbd411c8fb)

Signed-off-by: Anton Khirnov <anton@khirnov.net>