ffmpeg.git
6 years agolavc/bink: Chech for malloc failure n0.10.7
James Almer [Wed, 6 Feb 2013 01:34:29 +0000 (22:34 -0300)]
lavc/bink: Chech for malloc failure

Based on commit 8ab2173ed141aa2c3336be7f9880340dfb8dcf5e

6 years agoUpdate for 0.10.7
Michael Niedermayer [Sun, 7 Apr 2013 14:29:00 +0000 (16:29 +0200)]
Update for 0.10.7

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agormdec: flush audio packet on seeking
Michael Niedermayer [Sun, 17 Mar 2013 23:00:02 +0000 (00:00 +0100)]
rmdec: flush audio packet on seeking

Fixes Ticket1605

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 519ebb5ee5b89b8ecc80b4a4540fcbeb65cda172)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agodoc/APIchanges: List merge commit hashes and version numbers
Michael Niedermayer [Wed, 13 Feb 2013 02:32:23 +0000 (03:32 +0100)]
doc/APIchanges: List merge commit hashes and version numbers

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoconfigure: Make warnings from -Wreturn-type fatal errors
Diego Biurrun [Mon, 14 Jan 2013 19:38:33 +0000 (20:38 +0100)]
configure: Make warnings from -Wreturn-type fatal errors

These warnings have no false positives and point to serious bugs.
(cherry picked from commit 99853cb8d4237b810b2fffb4a34f66fd0064ef72)

Conflicts:

configure

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agooggparsevorbis: fix vorbis_cleanup return type
Michael Niedermayer [Mon, 7 Jan 2013 13:14:41 +0000 (14:14 +0100)]
oggparsevorbis: fix vorbis_cleanup return type

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7a6beedd3fcd1ff0fc3f314cb5ec58db116d19ee)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoffserver: fix return value of add_codec()
Michael Niedermayer [Sat, 13 Oct 2012 03:36:41 +0000 (05:36 +0200)]
ffserver: fix return value of add_codec()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ff814c75a3f52d264e6c6092736f6db2fb72a61c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoapichanges: fix 2 wrong hashes
Michael Niedermayer [Thu, 14 Feb 2013 20:13:32 +0000 (21:13 +0100)]
apichanges: fix 2 wrong hashes

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f3bc5122822687dc388f7352c92cf6db456cf7c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoapichanges: fix date
Michael Niedermayer [Thu, 14 Feb 2013 19:32:24 +0000 (20:32 +0100)]
apichanges: fix date

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ad6802f975a91bf6757fe3729ef8c6f10e6796b7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Sun, 7 Apr 2013 13:57:13 +0000 (15:57 +0200)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8:
  update Changelog
  fate: fetch samples that match the release series
  dxva2: include dxva.h if found
  iff: validate CMAP palette size
  Changelog: document msrle bugfix
  Changelog: cosmetics, remove trailing periods and sort
  msrledec: check bounds before constructing a possibly invalid pointer,

Conflicts:
Changelog
configure
libavformat/iff.c
tests/Makefile

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit '327ff82bac3081d918dceb4931c77e25d0a1480d' into release/0.10
Michael Niedermayer [Sun, 7 Apr 2013 13:42:45 +0000 (15:42 +0200)]
Merge commit '327ff82bac3081d918dceb4931c77e25d0a1480d' into release/0.10

* commit '327ff82bac3081d918dceb4931c77e25d0a1480d':
  msrle: convert MS RLE decoding function to bytestream2.
  Update Changelog for the 0.8.6 Release
  wmaprodec: require block_align to be set.
  ivi_common: do not call MC for intra frames when dc_transform is unset
  roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
  Revert "libmp3lame: use the correct remaining buffer size when flushing"
  lzo: fix overflow checking in copy_backptr()
  flacdec: simplify bounds checking in flac_probe()
  atrac3: avoid oversized shifting in decode_bytes()
  avconv: skip attached files when selecting streams to read from.
  lavf: fix arithmetic overflows in avformat_seek_file()

Conflicts:
Changelog
avconv.c
libavcodec/libmp3lame.c
libavcodec/msrledec.c
libavformat/utils.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit 'f82e127dd9c7c0d54bf6400f83c7825e571f9a9e' into release/0.10
Michael Niedermayer [Sun, 7 Apr 2013 13:30:40 +0000 (15:30 +0200)]
Merge commit 'f82e127dd9c7c0d54bf6400f83c7825e571f9a9e' into release/0.10

* commit 'f82e127dd9c7c0d54bf6400f83c7825e571f9a9e':
  parser: fix large overreads
  dsputil: fix invalid array indexing
  shorten: use the unsigned type where needed
  shorten: report meaningful errors
  shorten: K&R formatting cosmetics
  shorten: set invalid channels count to 0
  matroskadec: request a read buffer for the wav header
  h264: check for luma and chroma bit depth being equal
  vc1: Move init code shared between decoder and parser to common code file.
  libmp3lame: use the correct remaining buffer size when flushing
  xxan: fix invalid memory access in xan_decode_frame_type0()
  wmadec: require block_align to be set.

Conflicts:
libavcodec/h264.c
libavcodec/libmp3lame.c
libavcodec/shorten.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit '9b79a05289d91d1184455d12e6c4df457f0657c4' into release/0.10
Michael Niedermayer [Sun, 7 Apr 2013 12:47:49 +0000 (14:47 +0200)]
Merge commit '9b79a05289d91d1184455d12e6c4df457f0657c4' into release/0.10

* commit '9b79a05289d91d1184455d12e6c4df457f0657c4':
  wmaprodec: return an error, not 0, when the input is too small.
  vmdaudio: fix invalid reads when packet size is not a multiple of chunk size
  vorbisdec: Error on bark_map_size equal to 0.
  configure: clean up Altivec detection
  Update RELEASE file for 0.8.6
  update year to 2013
  oggdec: make sure the private parse data is cleaned up (cherry picked from commit d894f74762bc95310ba23f804b7ba8dffc8f6646)
  build: Fix CAF demuxer dependencies
  doc: developer: Allow tabs in the vim configuration for Automake files
  doc: filters: Correct BNF FILTER description

Conflicts:
RELEASE
cmdutils.c
libavcodec/vmdav.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit '60a1ee6e419e244dc2363fdc4ddf8350d506f2ae' into release/0.10
Michael Niedermayer [Sun, 7 Apr 2013 12:43:37 +0000 (14:43 +0200)]
Merge commit '60a1ee6e419e244dc2363fdc4ddf8350d506f2ae' into release/0.10

* commit '60a1ee6e419e244dc2363fdc4ddf8350d506f2ae':
  doc: Fix some obsolete references to av* tools as ff* tools

Conflicts:
doc/indevs.texi

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agosmacker: fix off by one error
Paul B Mahol [Wed, 3 Apr 2013 12:57:58 +0000 (12:57 +0000)]
smacker: fix off by one error

Regression since a93b572ae4f517ce0c35cf085167c318e9215908.

Fixes #2426.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit e3cc92a623a6ece42816c7a692c8815688a99ab0)

6 years agoWrite broken aac frames to mov files instead of skipping them.
Carl Eugen Hoyos [Sat, 30 Mar 2013 07:41:46 +0000 (08:41 +0100)]
Write broken aac frames to mov files instead of skipping them.

Fixes decoding with picky media players.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b448c0a68d0cc7dfef736267dfdaed0e213c020b)

Conflicts:
libavformat/movenc.c

6 years agoOnly test the first frame for missing aac_adtstoasc bistream filter.
Carl Eugen Hoyos [Tue, 26 Mar 2013 14:16:07 +0000 (15:16 +0100)]
Only test the first frame for missing aac_adtstoasc bistream filter.

Many players ignore broken aac frames, so don't abort mov or flv
muxing when encountering one, just print a warning instead.

Fixes ticket #2380.
(cherry picked from commit 1741fece7073f51efdd837a4f307ea2cdf3d1cfb)

Conflicts:
libavformat/flvenc.c

6 years agoupdate Changelog
Reinhard Tartler [Sat, 23 Mar 2013 13:48:40 +0000 (14:48 +0100)]
update Changelog

6 years agofate: fetch samples that match the release series
Reinhard Tartler [Sat, 23 Mar 2013 08:43:26 +0000 (09:43 +0100)]
fate: fetch samples that match the release series

The idea is to ensure that 'make fate' always fetches the fate samples
that work with this release.
(cherry picked from commit a89f68776b2771935a348ce07d0a094ae965acfc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agodxva2: include dxva.h if found
Ronald S. Bultje [Sun, 24 Jun 2012 10:17:13 +0000 (11:17 +0100)]
dxva2: include dxva.h if found

Apparently, some build environments require dxva.h even for dxva2,
while others lack this header entirely.  Including it conditionally
allows building in both cases.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit fa84506177f0246b30d4ea6a99ee5d419f3e4550)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoiff: validate CMAP palette size
Kostya Shishkov [Sun, 17 Mar 2013 19:22:19 +0000 (20:22 +0100)]
iff: validate CMAP palette size

Fixes CVE-2013-2495

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
CC: libav-stable@libav.org
(cherry picked from commit 50c449ac24fbb4c03c15d2e2026cef2204b80385)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 31a77177ff323ef83944c60a8654891213ab6691)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoDo not (re-)set libx264 parameter b_tff if interlaced encoding was not requested.
Carl Eugen Hoyos [Sat, 16 Mar 2013 19:13:44 +0000 (20:13 +0100)]
Do not (re-)set libx264 parameter b_tff if interlaced encoding was not requested.

Reconfiguring can break x264 lossless encoding.

Fixes ticket #2165.
(cherry picked from commit 75c7e4583f4fd727d236a12763a265502fe00988)

6 years agoChangelog: document msrle bugfix
Reinhard Tartler [Sun, 17 Mar 2013 07:25:46 +0000 (08:25 +0100)]
Changelog: document msrle bugfix

6 years agoChangelog: cosmetics, remove trailing periods and sort
Reinhard Tartler [Sun, 17 Mar 2013 07:23:42 +0000 (08:23 +0100)]
Changelog: cosmetics, remove trailing periods and sort

6 years agomsrledec: check bounds before constructing a possibly invalid pointer,
Anton Khirnov [Tue, 29 Jan 2013 11:24:09 +0000 (12:24 +0100)]
msrledec: check bounds before constructing a possibly invalid pointer,

CC:libav-stable@libav.org
(cherry picked from commit 9bd6375d5f16842306dcecde637ffe605acda26b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit b7765d00f911fe0f8fcda21b93a540f27d2ba2f5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agomsrle: convert MS RLE decoding function to bytestream2.
Ronald Bultje [Sat, 31 Mar 2012 17:10:54 +0000 (17:10 +0000)]
msrle: convert MS RLE decoding function to bytestream2.

Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 992f71e95dcf57c917531f126ba7499ef9ed87d3)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoUpdate Changelog for the 0.8.6 Release
Reinhard Tartler [Thu, 14 Mar 2013 17:06:41 +0000 (18:06 +0100)]
Update Changelog for the 0.8.6 Release

6 years agowmaprodec: require block_align to be set.
Anton Khirnov [Wed, 6 Mar 2013 08:58:00 +0000 (09:58 +0100)]
wmaprodec: require block_align to be set.

Avoids an infinite loop in the calling programs with decoder not
consuming any input and not returning output.

CC:libav-stable@libav.org
(cherry picked from commit cacad1c058f66558ec727faac3b277d2dee264d4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 20373a66ec68d958c266f643a7d0e5ec254c0fcc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoivi_common: do not call MC for intra frames when dc_transform is unset
Anton Khirnov [Wed, 6 Mar 2013 08:41:44 +0000 (09:41 +0100)]
ivi_common: do not call MC for intra frames when dc_transform is unset

CC:libav-stable@libav.org
(cherry picked from commit 3ba40ebb6cc58753dc3746c718203bb31760deba)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 74880e78d83031d612c941a383b810ff0c9d50c6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoroqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
Anton Khirnov [Wed, 6 Mar 2013 08:15:19 +0000 (09:15 +0100)]
roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().

When there is just 1 byte remanining in the buffer, nothing will be read
and the loop will continue forever. Check that there are at least 8
bytes, which are always read at the beginning.

CC:libav-stable@libav.org
(cherry picked from commit 3e2f200237af977b9253b0aff121eee27bcedb44)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 747fbe0c212b81952bb27ec7b99fa709081e2d63)

Conflicts:

libavcodec/roqvideodec.c

6 years agoRevert "libmp3lame: use the correct remaining buffer size when flushing"
Reinhard Tartler [Thu, 14 Mar 2013 16:55:01 +0000 (17:55 +0100)]
Revert "libmp3lame: use the correct remaining buffer size when flushing"

This reverts commit 5dbb3298b9c1d7beb41c7d3ab19f86d6e027e43d, which was
mistakenly backported.

6 years agolzo: fix overflow checking in copy_backptr()
Xi Wang [Fri, 15 Mar 2013 10:59:22 +0000 (06:59 -0400)]
lzo: fix overflow checking in copy_backptr()

The check `src > dst' in the form `&c->out[-back] > c->out' invokes
pointer overflow, which is undefined behavior in C.

Remove the check.  Also replace `&c->out[-back] < c->out_start' with
a safe form `c->out - c->out_start < back' to avoid overflow.

CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6)

Conflicts:
libavutil/lzo.c

6 years agoflacdec: simplify bounds checking in flac_probe()
Xi Wang [Fri, 15 Mar 2013 11:11:47 +0000 (07:11 -0400)]
flacdec: simplify bounds checking in flac_probe()

Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.

CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 8425d693eefbedbb41f91735614d41067695aa37)

6 years agoatrac3: avoid oversized shifting in decode_bytes()
Xi Wang [Fri, 15 Mar 2013 10:31:21 +0000 (06:31 -0400)]
atrac3: avoid oversized shifting in decode_bytes()

When `off' is 0, `0x537F6103 << 32' in the following expression invokes
undefined behavior, the result of which is not necessarily 0.

    (0x537F6103 >> (off * 8)) | (0x537F6103 << (32 - (off * 8)))

Avoid oversized shifting.

CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit eba1ff31304e407db3cefd7532108408f364367b)

Conflicts:
libavcodec/atrac3.c

6 years agoavconv: skip attached files when selecting streams to read from.
Anton Khirnov [Fri, 15 Mar 2013 07:54:27 +0000 (08:54 +0100)]
avconv: skip attached files when selecting streams to read from.

Fixes Bug 473 / invalid reads when using -attach.

6 years agolavf: fix arithmetic overflows in avformat_seek_file()
Mans Rullgard [Fri, 7 Dec 2012 13:53:56 +0000 (13:53 +0000)]
lavf: fix arithmetic overflows in avformat_seek_file()

The values compared here can be more than INT64_MAX apart.  Since the
difference is always positive, converting to uint64_t before subtracting
gives the correct result without overflows.

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 91ac403b1316d59b4f43c4ea0f237e24cec2819a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoparser: fix large overreads
Michael Niedermayer [Wed, 3 Oct 2012 14:06:23 +0000 (16:06 +0200)]
parser: fix large overreads

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 096abfa15052977eed93f0b5e01afd2d47c53c1f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agodsputil: fix invalid array indexing
Mans Rullgard [Thu, 26 Apr 2012 13:00:43 +0000 (14:00 +0100)]
dsputil: fix invalid array indexing

Indexing outside an array is invalid and causes errors with
gcc 4.8.

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 0a07f2b346433a9a2677c69c6b29a1a827e39109)

Signed-off-by: Diego Biurrun <diego@biurrun.de>
6 years agoshorten: use the unsigned type where needed
Luca Barbato [Tue, 5 Mar 2013 16:12:35 +0000 (17:12 +0100)]
shorten: use the unsigned type where needed

get_uint returns an unsigned value, use an unsigned to store
blocksize to make sure the comparison logic is correct and report
correctly the error for the channel count not supported.

CC: libav-stable@libav.org
(cherry picked from commit 5cf7c72757779a740e897a97710aac044fe5258c)
(cherry picked from commit 88089eecfd7e604d40d078b4f4206c647cb2e2b4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/shorten.c

6 years agoshorten: report meaningful errors
Luca Barbato [Tue, 5 Mar 2013 15:34:16 +0000 (16:34 +0100)]
shorten: report meaningful errors

(cherry picked from commit 4c364eb2b856fc33cf7b42f7c7b979e69fde5f3a)
(cherry picked from commit 0daf1428e82926dc5a8c72a0ff4c93aaa8a84ed9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoshorten: K&R formatting cosmetics
Luca Barbato [Tue, 5 Mar 2013 15:11:28 +0000 (16:11 +0100)]
shorten: K&R formatting cosmetics

(cherry picked from commit a2ad554def214d2d03b7c16f68dc081a8622f9ca)
(cherry picked from commit 97cc2f286f9e3eed1a00034367ebca58cc05ee39)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/shorten.c

6 years agoshorten: set invalid channels count to 0
Michael Niedermayer [Tue, 5 Mar 2013 14:13:04 +0000 (15:13 +0100)]
shorten: set invalid channels count to 0

Prevent the loop shorten_decode_close from writing and freeing out of
the array boundary.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
CC: libav-stable@libav.org
(cherry picked from commit c10da30d8426a1f681d99a780b6e311f7fb4e5c5)
(cherry picked from commit 21d568be179c54a1596d1377b4da7fbe755bfe7f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agomatroskadec: request a read buffer for the wav header
Luca Barbato [Tue, 12 Mar 2013 17:56:28 +0000 (18:56 +0100)]
matroskadec: request a read buffer for the wav header

Solve an infiniloop.

CC: libav-stable@libav.org
(cherry picked from commit 37cb3b180a1dc3d6f123f68e0806585ebc2578b6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
6 years agoh264: check for luma and chroma bit depth being equal
Luca Barbato [Sun, 10 Mar 2013 01:50:52 +0000 (02:50 +0100)]
h264: check for luma and chroma bit depth being equal

The decoder assumes a single bit depth for all the planes while
the specification allows different bit depths for luma and chroma.

Avoid the possible problems described in CVE-2013-2277

6 years agovc1: Move init code shared between decoder and parser to common code file.
Diego Biurrun [Tue, 6 Mar 2012 17:59:03 +0000 (18:59 +0100)]
vc1: Move init code shared between decoder and parser to common code file.

This fixes standalone compilation of the VC-1 parser.
(cherry picked from commit 3c715383ea7012ac69507e6b9189c98675c77461)

Conflicts:

libavcodec/vc1data.h

Signed-off-by: Diego Biurrun <diego@biurrun.de>
6 years agowmaprodec: return an error, not 0, when the input is too small.
Anton Khirnov [Wed, 6 Mar 2013 09:02:50 +0000 (10:02 +0100)]
wmaprodec: return an error, not 0, when the input is too small.

Returning 0 may result in an infinite loop in valid calling programs. A
decoder should never return 0 without producing any output.

CC:libav-stable@libav.org
(cherry picked from commit 4c0080b7e7d501e2720d2a61f5186a18377f9d63)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 60dd8b5733f9ec4919fbc732ace1be8184dde880)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolibmp3lame: use the correct remaining buffer size when flushing
Justin Ruggles [Wed, 16 Jan 2013 22:52:55 +0000 (17:52 -0500)]
libmp3lame: use the correct remaining buffer size when flushing

CC:libav-stable@libav.org
(cherry picked from commit e984f47873258b600fd88423f40e3cdaad179190)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit b77d9cbbd5050eda75030c8926241af3dbe1a8df)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agovmdaudio: fix invalid reads when packet size is not a multiple of chunk size
Anton Khirnov [Wed, 6 Mar 2013 09:42:51 +0000 (10:42 +0100)]
vmdaudio: fix invalid reads when packet size is not a multiple of chunk size

CC:libav-stable@libav.org
(cherry picked from commit f86d66bcfa48998b0727aa0d1089a30cbeae0933)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77cf052e395b1fac8dd181d4f76b0101d1acd625)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoxxan: fix invalid memory access in xan_decode_frame_type0()
Anton Khirnov [Wed, 6 Mar 2013 08:06:16 +0000 (09:06 +0100)]
xxan: fix invalid memory access in xan_decode_frame_type0()

The loop a few lines below the xan_unpack() call accesses up to
dec_size * 2 bytes into y_buffer, so dec_size must be limited to
buffer_size / 2.

CC:libav-stable@libav.org
(cherry picked from commit 8a49d2bcbe7573bb4b765728b2578fac0d19763f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 62a657de168cf501acb23d48cc1aa00793dc83f3)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agovorbisdec: Error on bark_map_size equal to 0.
Michael Niedermayer [Thu, 10 Jan 2013 23:54:12 +0000 (00:54 +0100)]
vorbisdec: Error on bark_map_size equal to 0.

The value is used to calculate output LSP curve and a division by zero
and out of array accesses would occur.

CVE-2013-0894

CC: libav-stable@libav.org
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 11dcecfcca0eca1a571792c4fa3c21fb2cfddddc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 494ddd377ada76ed555f7a3f49391455daa099c9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agowmadec: require block_align to be set.
Anton Khirnov [Wed, 6 Mar 2013 08:58:00 +0000 (09:58 +0100)]
wmadec: require block_align to be set.

Avoids an infinite loop in the calling programs with decoder not
consuming any input and not returning output.

CC:libav-stable@libav.org
(cherry picked from commit ea1136baafb1fe271cb56c3f4d7bff0267e3c70f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit c1f479e8df24284237c80ad959619fc85e29a26d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoconfigure: clean up Altivec detection
Mans Rullgard [Wed, 15 Aug 2012 23:10:33 +0000 (00:10 +0100)]
configure: clean up Altivec detection

There used to be one test for Altivec intrinsics support and a
separate test to determine which of two possible syntaxes to use
for vector literals.  Since 2008, we only support the more common
of these so the split test no longer makes sense.

This combines the tests into one and also changes the hard error on
failure to a warning.  The test can reasonably fail if no --cpu flag
is provided (or is provided with an unknown CPU) and the compiler
default target does not support Altivec.  Aborting in this case is
probably over-reacting.

Fixes: #464, http://bugs.debian.org/701710

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 20bcce507aa6b9c866e34eee75d80305109767a8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoUpdate RELEASE file for 0.8.6
Reinhard Tartler [Sun, 17 Feb 2013 08:12:20 +0000 (09:12 +0100)]
Update RELEASE file for 0.8.6

6 years agoupdate year to 2013
Reinhard Tartler [Sun, 17 Feb 2013 08:11:57 +0000 (09:11 +0100)]
update year to 2013

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agooggdec: make sure the private parse data is cleaned up
Luca Barbato [Fri, 4 Jan 2013 15:05:51 +0000 (16:05 +0100)]
oggdec: make sure the private parse data is cleaned up
(cherry picked from commit d894f74762bc95310ba23f804b7ba8dffc8f6646)

Related to CVE-2012-2882

Conflicts:

libavformat/oggdec.h
libavformat/oggparsevorbis.c

6 years agoRequire at least three frames to autodetect loas.
Carl Eugen Hoyos [Sat, 2 Feb 2013 21:36:25 +0000 (22:36 +0100)]
Require at least three frames to autodetect loas.
(cherry picked from commit a60530e3ee1d9532c026a52b03661f88e163d647)

6 years agolavf/avio: check for : in filenames for protocols.
Nicolas George [Wed, 27 Feb 2013 18:19:15 +0000 (19:19 +0100)]
lavf/avio: check for : in filenames for protocols.

If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.

Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b447db1e436dcf3fc4a57e604616e6c)

6 years agobuild: Fix CAF demuxer dependencies
Diego Biurrun [Tue, 10 Jul 2012 16:42:13 +0000 (18:42 +0200)]
build: Fix CAF demuxer dependencies

(cherry picked from commit a519463366238a7ec05d2bb76c4a67f42cf60ece)

Conflicts:

libavcodec/Makefile

6 years agodoc: Fix some obsolete references to av* tools as ff* tools
Vicente Jimenez Aguilar [Sat, 16 Feb 2013 02:08:36 +0000 (03:08 +0100)]
doc: Fix some obsolete references to av* tools as ff* tools

Signed-off-by: Diego Biurrun <diego@biurrun.de>
CC: libav-stable@libav.org
(cherry picked from commit 202b5f6deb65e405b07b9b5c20f97c8cb925cf49)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agodoc: developer: Allow tabs in the vim configuration for Automake files
Diego Biurrun [Fri, 22 Feb 2013 21:06:37 +0000 (22:06 +0100)]
doc: developer: Allow tabs in the vim configuration for Automake files

While we do not use Automake in libav, this allows our config to be
used more globally without introducing unwanted breakage.
(cherry picked from commit 040c565e51985477a8fa5e42d2ddfb26ebde6608)

Conflicts:

doc/developer.texi

6 years agodoc: filters: Correct BNF FILTER description
Vicente Jimenez Aguilar [Wed, 20 Feb 2013 01:35:00 +0000 (02:35 +0100)]
doc: filters: Correct BNF FILTER description

Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit b5ad422bf4e671a8b30ce73ad236cd6b49940af9)

6 years agoWrite the fiel atom to mov files independently of the used video coded.
Carl Eugen Hoyos [Thu, 14 Feb 2013 14:08:37 +0000 (15:08 +0100)]
Write the fiel atom to mov files independently of the used video coded.

The QuickTime specification does not contain any hint that the atom
must not be written in some cases and both the QuickTime and the
AVID decoders do not fail if the atom is present.

This change allows to signal (visually) interlaced streams with
a codec different from uncompressed video.

As a side-effect, this fixes ticket #2202
(cherry picked from commit 7d0e3b197c817b307d599a23704a44763ed0bbdd)

Conflicts:
libavformat/movenc.c
tests/ref/lavf/mov
tests/ref/seek/lavf_mov
tests/ref/vsynth/vsynth1-avui
tests/ref/vsynth/vsynth1-dnxhd-1080i
tests/ref/vsynth/vsynth1-mpeg4
tests/ref/vsynth/vsynth2-avui
tests/ref/vsynth/vsynth2-dnxhd-1080i
tests/ref/vsynth/vsynth2-mpeg4

6 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Thu, 14 Feb 2013 14:18:47 +0000 (15:18 +0100)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8:
  pthread: set the frame properties from the thread context, not user.
  mp3: exit on parsing error in mp_decode_frame
  indeo3: initialise pixel planes on allocation

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agohuffyuvdec: Skip len==0 cases
Michael Niedermayer [Tue, 29 Jan 2013 18:22:33 +0000 (19:22 +0100)]
huffyuvdec: Skip len==0 cases

Fixes vlc decoding for hypothetical files that would contain such cases.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f)

Conflicts:

libavcodec/huffyuv.c
(cherry picked from commit 9bc70fe1ae50fd2faa0b9429d47cfbda01a92ebc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agohuffyuvdec: Check init_vlc() return codes.
Michael Niedermayer [Tue, 29 Jan 2013 17:29:41 +0000 (18:29 +0100)]
huffyuvdec: Check init_vlc() return codes.

Prevents out of array writes

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f67a0d115254461649470452058fa3c28c0df294)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc)

Conflicts:

libavcodec/huffyuv.c
(cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agortmp: fix buffer overflows in ff_amf_tag_contents()
Xi Wang [Wed, 23 Jan 2013 02:40:05 +0000 (21:40 -0500)]
rtmp: fix buffer overflows in ff_amf_tag_contents()

A negative `size' will bypass FFMIN().  In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.

Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7962ea358c329de38c380103f8991b6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agortmp: fix multiple broken overflow checks
Xi Wang [Tue, 22 Jan 2013 22:49:29 +0000 (17:49 -0500)]
rtmp: fix multiple broken overflow checks

Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C.  Many compilers such as gcc/clang optimize such
checks away.

Use `size < 0 || size >= data_end - data' instead.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74d777a7dc20ac68f2393b9f84b790c1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agortpenc: fix overflow checking in avc_mp4_find_startcode()
Xi Wang [Wed, 23 Jan 2013 01:58:07 +0000 (20:58 -0500)]
rtpenc: fix overflow checking in avc_mp4_find_startcode()

The check `start + res < start' is broken since pointer overflow is
undefined behavior in C.  Many compilers such as gcc/clang optimize
away this check.

Use `res > end - start' instead.  Also change `res' to unsigned int
to avoid signed left-shift overflow.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f014567cfd63e58156f60666f1a61ba147276ab)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
6 years agosws: dont write out of array on bigendian
Carl Eugen Hoyos [Thu, 14 Feb 2013 13:42:41 +0000 (14:42 +0100)]
sws: dont write out of array on bigendian

Fixes Ticket2229

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e2c63685e031e28d2296cff76473b963ee62ba1)

6 years agoffmpeg: dont allow -flags to override -pass
Michael Niedermayer [Wed, 6 Feb 2013 00:25:52 +0000 (01:25 +0100)]
ffmpeg: dont allow -flags to override -pass

Fixes Ticket2154

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ccf9dd00da055e94117b56cead4af80ff331b00e)

Conflicts:
ffmpeg_opt.c

6 years agopthread: set the frame properties from the thread context, not user.
Anton Khirnov [Thu, 24 Jan 2013 10:45:27 +0000 (11:45 +0100)]
pthread: set the frame properties from the thread context, not user.

Right now, the frame properties are set from the user-facing
AVCodecContext before it is updated from the thread context, which is
wrong since they may be invalid or obsolete.

6 years agomatroskaenc: add codec_tag lists back.
Carl Eugen Hoyos [Thu, 24 Jan 2013 01:30:40 +0000 (02:30 +0100)]
matroskaenc: add codec_tag lists back.

This reverts 312645e :
"Do not set codec_tag property for matroska muxers."

Also adds dummy codec_tag lists with codecs
supported in mkv but not in wav / avi.

Fixes ticket #2169.
(cherry picked from commit df39c3ce385c02cbd8046298578ea7454c0a0f81)

Conflicts:
libavformat/matroskaenc.c

6 years agomp3: exit on parsing error in mp_decode_frame
Luca Barbato [Mon, 22 Oct 2012 16:50:32 +0000 (18:50 +0200)]
mp3: exit on parsing error in mp_decode_frame

Properly forward mp_decode_layer3 errors, mp_decode_layer1 and
mp_decode_layer2 do not return errors.

Based on a patch by Michael Niedermayer.
(cherry picked from commit 0c03cc68386443f1e96ab6fb358220faf67cd5ff)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoindeo3: initialise pixel planes on allocation
Kostya Shishkov [Mon, 14 May 2012 17:33:03 +0000 (19:33 +0200)]
indeo3: initialise pixel planes on allocation

This prevents decoder from reading garbage from it in case of errors later.
(cherry picked from commit 81064a8045028838fd32d18490034c207c8ecc06)

Fixes an invalid read on sample from CVE-2012-2804

Signed-off-by: Anton Khirnov <anton@khirnov.net>
6 years agoFix detection of struct v4l2_frmsize_discrete.
Carl Eugen Hoyos [Thu, 17 Jan 2013 01:42:17 +0000 (02:42 +0100)]
Fix detection of struct v4l2_frmsize_discrete.

It was always detected successfully.
(cherry picked from commit 91e016865cccc192f86d40ea93eb06cf0e7ba4a0)

6 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Thu, 17 Jan 2013 01:33:07 +0000 (02:33 +0100)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8:
  Update Changelog
  h264: check ref_count validity for num_ref_idx_active_override_flag
  h264: check context state before decoding slice data partitions
  oggdec: free the ogg streams on read_header failure
  oggdec: check memory allocation
  Fix uninitialized reads on malformed ogg files.
  rtsp: Recheck the reordering queue if getting a new packet
  opt: avoid segfault in av_opt_next() if the class does not have an option list
  alacdec: do not be too strict about the extradata size

Conflicts:
Changelog

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit 'a335ffd7f4cdaaa6a8fe4187f6f06b0418eea19a' into release/0.10
Michael Niedermayer [Thu, 17 Jan 2013 01:08:10 +0000 (02:08 +0100)]
Merge commit 'a335ffd7f4cdaaa6a8fe4187f6f06b0418eea19a' into release/0.10

* commit 'a335ffd7f4cdaaa6a8fe4187f6f06b0418eea19a':
  h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
  h264: check sps.log2_max_frame_num for validity
  h264: slice-mt: get last_pic_dropable from master context
  ppc: always use pic for shared libraries
  h264: error out on unset current_picture_ptr for h->current_slice > 0
  flashsv: make sure data for zlib priming is available
  h264: enable low delay only if no delayed frames were seen
  flashsv: check for keyframe before using differential coding
  lavf: avoid integer overflow in ff_compute_frame_duration()
  aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
  APIchanges: Fill in missing commit hashes

Conflicts:
doc/APIchanges

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoMerge commit '01a4e7f623a2e6dc95862f9a56c777f058d7bfaf' into release/0.10
Michael Niedermayer [Thu, 17 Jan 2013 00:58:54 +0000 (01:58 +0100)]
Merge commit '01a4e7f623a2e6dc95862f9a56c777f058d7bfaf' into release/0.10

* commit '01a4e7f623a2e6dc95862f9a56c777f058d7bfaf':
  lavf: Bump minor version to distinguish branch and master version numbers
  vp6: properly fail on unsupported feature
  mp3: properly forward mp_decode_frame errors
  mpeg12: do not decode extradata more than once.
  indeo3: when freeing buffers, set pointers referencing them to NULL as well
  indeo3: ensure that decoded cell data is in 7-bit range as presumed by decoder
  avconv: fix copying per-stream metadata.
  id3v2: fix reading unsynchronized frames.
  h264: Fix parameters to ff_er_add_slice() call
  build: fix 'clean' target

Conflicts:
avconv.c
libavcodec/mpeg12.h
libavformat/id3v2.c
libavformat/version.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoRevert "x86: Require an assembler able to cope with AVX instructions"
Carl Eugen Hoyos [Thu, 17 Jan 2013 00:51:28 +0000 (01:51 +0100)]
Revert "x86: Require an assembler able to cope with AVX instructions"

This reverts commit e287201c77dc7a7a9759d56d8f48ae719b7e69a9.

6 years agoMerge commit 'dcf8f259d107838ff3778343dcb762398130a1a3' into release/0.10
Michael Niedermayer [Thu, 17 Jan 2013 00:29:26 +0000 (01:29 +0100)]
Merge commit 'dcf8f259d107838ff3778343dcb762398130a1a3' into release/0.10

* commit 'dcf8f259d107838ff3778343dcb762398130a1a3':
  build: Add 'check' target to run all compile and test targets.
  Ignore generated aviocat tool.
  avconv: only apply presets when we have an encoder.
  flacenc: ensure the order is within the min/max range in LPC order search
  yuv4mpeg: reject unsupported codecs
  vp8: reset loopfilter delta values at keyframes.
  vp56: release frames on error
  vp56: make parse_header return standard error codes
  ivi_common: check that scan pattern is set before using it.
  Prepare for 0.8.5 Release
  x86: Require an assembler able to cope with AVX instructions

Conflicts:
RELEASE
avconv.c
doc/developer.texi
libavformat/yuv4mpeg.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
6 years agoUpdate Changelog
Reinhard Tartler [Sat, 12 Jan 2013 16:21:15 +0000 (17:21 +0100)]
Update Changelog

6 years agoh264: check ref_count validity for num_ref_idx_active_override_flag
Janne Grunau [Sat, 12 Jan 2013 16:22:50 +0000 (17:22 +0100)]
h264: check ref_count validity for num_ref_idx_active_override_flag

Fixes segfault in the fuzzed sample bipbop234.ts_s226407.
CC: libav-stable@libav.org
(cherry-picked from commit 6e5cdf26281945ddea3aaf5eca4d127791f23ca8)
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
6 years agoh264: check context state before decoding slice data partitions
Janne Grunau [Wed, 28 Nov 2012 21:17:14 +0000 (22:17 +0100)]
h264: check context state before decoding slice data partitions

Fixes mov_h264_aac__Demo_FlagOfOurFathers.mov.SIGSEGV.4e9.656.

Found-by: Mateusz "j00ru" Jurczyk
CC: libav-stable@libav.org
(cherry-picked from commit c1fcf563b13051f280db169ba41c6a1b21b25e08)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agooggdec: free the ogg streams on read_header failure
Luca Barbato [Fri, 4 Jan 2013 14:44:02 +0000 (15:44 +0100)]
oggdec: free the ogg streams on read_header failure

Plug an annoying memory leak on broken files.
(cherry picked from commit 89b51b570daa80e6e3790fcd449fe61fc5574e07)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 42bd6d9cf681306d14c92af97a40116fe4eb2522)

Conflicts:

libavformat/oggdec.c

6 years agooggdec: check memory allocation
Luca Barbato [Sat, 22 Dec 2012 16:58:24 +0000 (17:58 +0100)]
oggdec: check memory allocation

(cherry picked from commit ba064ebe48376e199f353ef0b335ed8a39c638c5)

Conflicts:

libavformat/oggdec.c

6 years agoh264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
Victor Lopez [Wed, 19 Dec 2012 08:12:24 +0000 (09:12 +0100)]
h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles

Fixes bug 396.

CC: libav-stable@libav.org
(cherry picked from commit 1c8bf3bfed5ff5c504c8e3de96188a977f67cce0)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoFix uninitialized reads on malformed ogg files.
Dale Curtis [Wed, 7 Mar 2012 22:26:58 +0000 (14:26 -0800)]
Fix uninitialized reads on malformed ogg files.

The ogg decoder wasn't padding the input buffer with the appropriate
FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in
various pieces of parsing code when they thought they had more data than
they actually did.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit ef0d779706c77ca9007527bd8d41e9400682f4e4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoh264: check sps.log2_max_frame_num for validity
Janne Grunau [Sun, 25 Nov 2012 11:56:04 +0000 (12:56 +0100)]
h264: check sps.log2_max_frame_num for validity

Fixes infinite or long taking loop in frame num gap code in
the fuzzed sample bipbop234.ts_s223302.

CC: libav-stable@libav.org
(cherry picked from commit d7d6efe42b0d2057e67999b96b9a391f533d2333)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agortsp: Recheck the reordering queue if getting a new packet
Martin Storsjö [Mon, 7 Jan 2013 16:39:04 +0000 (18:39 +0200)]
rtsp: Recheck the reordering queue if getting a new packet

If we timed out and consumed a packet from the reordering queue,
but didn't return a packet to the caller, recheck the queue status.
Otherwise, we could end up in an infinite loop, trying to consume
a queued packet that has already been consumed.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8729698d50739524665090e083d1bfdf28235724)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoh264: slice-mt: get last_pic_dropable from master context
Janne Grunau [Wed, 5 Dec 2012 18:56:36 +0000 (19:56 +0100)]
h264: slice-mt: get last_pic_dropable from master context

Fixes fate-h264-conformance-cvnlfi2_sony_h and smllwebdl.mkv from
https://github.com/OpenELEC/OpenELEC.tv/issues/1557 .

CC: libav-stable@libav.org
(cherry picked from commit a8cb1746c5b6307b2e820f965a7da8d907893b38)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoopt: avoid segfault in av_opt_next() if the class does not have an option list
Justin Ruggles [Thu, 8 Nov 2012 23:35:49 +0000 (18:35 -0500)]
opt: avoid segfault in av_opt_next() if the class does not have an option list

CC: libav-stable@libav.org
(cherry picked from commit d02202e08a994c6c80f0256ae756698541b59902)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoppc: always use pic for shared libraries
Luca Barbato [Mon, 3 Dec 2012 21:53:30 +0000 (22:53 +0100)]
ppc: always use pic for shared libraries

CC: libav-stable@libav.org
(cherry picked from commit 1944d532a8a1c4b12222f0acfeb1153630dbc996)

Conflicts:

configure

6 years agoalacdec: do not be too strict about the extradata size
Justin Ruggles [Sat, 22 Dec 2012 06:21:09 +0000 (01:21 -0500)]
alacdec: do not be too strict about the extradata size

Sometimes the extradata has duplicate atoms, but that shouldn't prevent
decoding. Just ensure that it is at least 36 bytes as a sanity check.

CC: libav-stable@libav.org
(cherry picked from commit 68a04b0ccee66f57516e129dd3ec457fd50b4bec)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoh264: error out on unset current_picture_ptr for h->current_slice > 0
Janne Grunau [Wed, 21 Nov 2012 18:41:59 +0000 (19:41 +0100)]
h264: error out on unset current_picture_ptr for h->current_slice > 0

Fixes a segfault with fuzzed sample sample_varPAR_s11622_r001-02.avi.

CC: libav-stable@libav.org
(cherry picked from commit 0b300daad2f5cb59a7c06dde5ac701685e6edf16)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoflashsv: make sure data for zlib priming is available
Janne Grunau [Wed, 28 Nov 2012 16:31:35 +0000 (17:31 +0100)]
flashsv: make sure data for zlib priming is available

Fixes a segfault in the fuzzed sample resolutionchange.flv_s314809.

CC: libav-stable@libav.org
(cherry picked from commit 3ae69b91668e3d9b65af4007eb5871397cf0b0ab)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoh264: enable low delay only if no delayed frames were seen
Janne Grunau [Fri, 16 Nov 2012 13:31:09 +0000 (14:31 +0100)]
h264: enable low delay only if no delayed frames were seen

Dropping frames is undesirable but that is the only way by which the
decoder could return to low delay mode. Instead emit a warning and
continue with delayed frames.
Fixes a crash in fuzzed sample nasa-8s2.ts_s20033 caused by a larger
than expected has_b_frames value. Low delay keeps getting re-enabled
from a presumely broken SPS.

CC: libav-stable@libav.org
(cherry picked from commit 706acb558a38eba633056773280155d66c2f4b24)

Conflicts:

libavcodec/h264.c

6 years agoflashsv: check for keyframe before using differential coding
Janne Grunau [Sat, 24 Nov 2012 14:50:03 +0000 (15:50 +0100)]
flashsv: check for keyframe before using differential coding

Fixes a segfault in te fuzzed sample resolutionchange.flv_s211713.

CC: libav-stable@libav.org
(cherry picked from commit 5ae72f54532960cb9eae82a1c9e8d505106c022b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolavf: avoid integer overflow in ff_compute_frame_duration()
Janne Grunau [Fri, 23 Nov 2012 13:05:36 +0000 (14:05 +0100)]
lavf: avoid integer overflow in ff_compute_frame_duration()

Scaling the denominator instead of the numerator if it is too large
loses precision. Fixes an assert caused by a negative frame duration in
the fuzzed sample nasa-8s2.ts_s202310.

CC: libav-stable@libav.org
(cherry picked from commit 7709ce029a7bc101b9ac1ceee607cda10dcb89dc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agoaacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
Alex Converse [Wed, 12 Dec 2012 01:26:10 +0000 (17:26 -0800)]
aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.

Found-by: pawlkt
CC: libav-stable@libav.org
Fixes: CVE-2012-5144
(cherry picked from commit 6d5b0092678b2a95dfe209a207550bd2fe9ef646)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
6 years agolavf: Bump minor version to distinguish branch and master version numbers
Diego Biurrun [Mon, 7 Jan 2013 22:50:16 +0000 (23:50 +0100)]
lavf: Bump minor version to distinguish branch and master version numbers

This enables checking for an API version not present in master that
has avformat_get_riff_video_tags() and avformat_get_riff_audio_tags().