ffmpeg.git
5 years agoupdate for 2.1.4 n2.1.4
Michael Niedermayer [Sun, 23 Feb 2014 16:48:16 +0000 (17:48 +0100)]
update for 2.1.4

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: Simplify get_qPy_pred()
Michael Niedermayer [Fri, 7 Feb 2014 22:28:22 +0000 (23:28 +0100)]
avcodec/hevc: Simplify get_qPy_pred()

Fixes use of uninitialized memory
Fixes: 93728afd9aa074ba14a09bfd93a632fd-asan_static-oob_124a17d_1445_cov_1021181966_DBLK_D_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 64278039e55ffc88d231a8d760ecc257a120760a)

Conflicts:

libavcodec/hevc_filter.c

5 years agoMerge commit 'e22ebd04bcab7f86548794556c28ecca46d9c2ac'
Michael Niedermayer [Tue, 21 Jan 2014 14:42:51 +0000 (15:42 +0100)]
Merge commit 'e22ebd04bcab7f86548794556c28ecca46d9c2ac'

* commit 'e22ebd04bcab7f86548794556c28ecca46d9c2ac':
  hevc: Bound check cu_qp_delta

Conflicts:
libavcodec/hevc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a69dd1163b1a91978e596af551c9561d121aeedf)

Conflicts:

libavcodec/hevc.c

5 years agoavcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()
Michael Niedermayer [Thu, 20 Feb 2014 04:48:54 +0000 (05:48 +0100)]
avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header()

Fixes out of array read
Fixes: 08e48e9daae7d8f8ab6dbe3919e797e5-asan_heap-oob_157461c_5295_cov_1266798650_firefing.mpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3edc3b159503d512c919b3d5902f7026e961823a)

Conflicts:

libavcodec/mpeg4videodec.c

5 years agoavcodec/h264: use subsample factors of the used pixel format
Michael Niedermayer [Fri, 21 Feb 2014 22:51:33 +0000 (23:51 +0100)]
avcodec/h264: use subsample factors of the used pixel format

Fixes out of array read
Fixes: 1cb91c36c4e55463f14aacb9bdf55b38-asan_heap-oob_106cbce_5617_cov_11212800_h264_mmx_chroma_intra_lf.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8c55ff393340998faae887dfac19e7ef128e1e58)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/bink: Check return value of av_add_index_entry()
Michael Niedermayer [Mon, 17 Feb 2014 22:44:49 +0000 (23:44 +0100)]
avformat/bink: Check return value of av_add_index_entry()

Fixes null pointer dereference
Fixes: cdbf15cbd0a27cee958dd0b8800e452e-signal_sigsegv_737991_2083_cov_317652874_LBSTART.BIK
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c57fc97e956a52edc94a38ff0ecd3058b44c15b7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/h264: more completely check the loop filter parameters
Michael Niedermayer [Sun, 16 Feb 2014 23:24:20 +0000 (00:24 +0100)]
avcodec/h264: more completely check the loop filter parameters

Fixes out of array read
Fixes: caa65cc01655505705129b677189f036-signal_sigsegv_fdcc43_2681_cov_3043376737_PPH422I5_Panasonic_A.264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 91253839e14cce9793ee93f184cef609ca8195d5)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/alsdec: check predictor order against block length
Michael Niedermayer [Sun, 16 Feb 2014 12:12:39 +0000 (13:12 +0100)]
avcodec/alsdec: check predictor order against block length

Fixes out of array access
Fixes: abd3c041acbcb816be113455d138166b-asan_heap-oob_b11634_3707_cov_1707137151_als_05_2ch48k16b.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 18f94df8af04f2c02a25a7dec512289feff6517f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc_ps: Use get_bits_long() in decode_vui()
Michael Niedermayer [Sat, 15 Feb 2014 21:29:17 +0000 (22:29 +0100)]
avcodec/hevc_ps: Use get_bits_long() in decode_vui()

Fix assertion failure
Fixes: a225222ef88a0f5b1e93e1d0432debc3-asan_static-oob_124a17d_1448_cov_77608227_DBLK_E_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b818637b84948e917d11c987f2270cea5b3fcfea)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: make check for previous slice segment tighter
Michael Niedermayer [Fri, 7 Feb 2014 15:31:11 +0000 (16:31 +0100)]
avcodec/hevc: make check for previous slice segment tighter

This ensures the previous one is matching the curent and not just any

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1a3ed056c523b4670e192301be15dbc521ec8353)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: clear tab_slice_address of ctb on error.
Michael Niedermayer [Fri, 7 Feb 2014 03:30:31 +0000 (04:30 +0100)]
avcodec/hevc: clear tab_slice_address of ctb on error.

This allows us to detect which areas have failed to decode

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a18f11158216c22f4a69e44f8cbb59b300a7f10c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: hls_decode_entry: check that the previous slice segment is available...
Michael Niedermayer [Fri, 7 Feb 2014 03:32:28 +0000 (04:32 +0100)]
avcodec/hevc: hls_decode_entry: check that the previous slice segment is available before decoding the next

Fixes use of uninitialized memory
Fixes out of array read
Fixes assertion failure
Fixes part of cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ef57f4d9a0920c82237facb0d1f3856b17da9dc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: clear tab_slice_address in hevc_frame_start()
Michael Niedermayer [Fri, 7 Feb 2014 01:37:18 +0000 (02:37 +0100)]
avcodec/hevc: clear tab_slice_address in hevc_frame_start()

Fixes inconsistencies
Fixes use of uninitilaized memory
Fixes part of  cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 56985d26d7054079cbe8865532c4a2cff123f596)

Conflicts:

libavcodec/hevc.c

5 years agoavcodec/h264: update current_sps & sps->new only after the whole slice header decoder...
Michael Niedermayer [Tue, 4 Feb 2014 01:20:59 +0000 (02:20 +0100)]
avcodec/h264: update current_sps & sps->new only after the whole slice header decoder and init code finished

This avoids them being cleared before the full initialization finished

Fixes out of array read
Fixes: asan_heap-oob_f0c5e6_7071_cov_1605985132_mov_h264_aac__Demo_FlagOfOurFathers.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/h264: Disallow pps_id changing between slices
Michael Niedermayer [Mon, 3 Feb 2014 22:52:38 +0000 (23:52 +0100)]
avcodec/h264: Disallow pps_id changing between slices

Such changes are forbidden in H.264 and lead to race conditions

Fixes out of array read
Fixes: signal_sigsegv_f9796a_1613_cov_3114610371_FM1_BT_B.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e708424b70bef8641e8a090ec4d9e8c4490db87e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/aacdec: Fix pulse position checks in decode_pulses()
Michael Niedermayer [Mon, 3 Feb 2014 04:04:42 +0000 (05:04 +0100)]
avcodec/aacdec: Fix pulse position checks in decode_pulses()

Fixes out of array read
Fixes: asan_static-oob_1efed25_1887_cov_2013541199_HeyYa_RA10_AAC_192K_30s.rm
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e42ccb9dbc13836cd52cda594f819d17af9afa2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: propagate error code from hls_coding_quadtree()
Michael Niedermayer [Sun, 2 Feb 2014 01:33:16 +0000 (02:33 +0100)]
avcodec/hevc: propagate error code from hls_coding_quadtree()

Fixes use of uninitialized memory
Fixes out of array read
Fixes: asan_static-oob_123cee5_2630_cov_1869071233_PICSIZE_A_Bossen_1.bin
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 96c4ba2392b9cd55a5e84cb28db5c0c7e53cd390)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/tiff: reset geotag_count in free_geotags()
Michael Niedermayer [Sun, 2 Feb 2014 00:47:36 +0000 (01:47 +0100)]
avcodec/tiff: reset geotag_count in free_geotags()

Fixes null pointer dereference
Fixes: signal_sigsegv_19d922e_3688_cov_1577641655_aletrek_tiff.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a744064c4155bde063b9e8a47699542be3b8e5eb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/vc1: Check bfraction_lut_index
Michael Niedermayer [Sat, 1 Feb 2014 16:07:40 +0000 (17:07 +0100)]
avcodec/vc1: Check bfraction_lut_index

Fixes: out of array read
Fixes: asan_static-oob_1b40507_2849_SA10143.vc1
Fixes: asan_static-oob_1b40a15_2849_cov_1182297305_SA10143.vc1
Fixes: asan_static-oob_1b40f15_2849_cov_2159513432_SA10143.vc1
Fixes: asan_static-oob_1b40f15_2849_cov_3230311510_SA10143.vc1
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dcf5bfbdb6137ffdca66e0b7c2929ced42732951)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/vc1: factor read_bfraction() out
Michael Niedermayer [Sat, 1 Feb 2014 16:06:24 +0000 (17:06 +0100)]
avcodec/vc1: factor read_bfraction() out

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 388b4cf86ed5ec27d35eb5069769db12a4e31af0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/vc1dec: field pictures with direct mode MBs, followed by frame pictures are...
Michael Niedermayer [Sat, 1 Feb 2014 04:34:25 +0000 (05:34 +0100)]
avcodec/vc1dec: field pictures with direct mode MBs, followed by frame pictures are not supported

This case could occur when cuting and concatenating bitstreams

Fixes out of array read
Fixes: asan_heap-oob_1b33fdd_2849_cov_478905890_SA10143.vc1
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 85d51d8e327c666ac963acf25cf6a6763e6c6671)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/mjpegdec: pass into ff_mjpeg_decode_sos() and check bitmask size
Michael Niedermayer [Fri, 31 Jan 2014 16:57:17 +0000 (17:57 +0100)]
avcodec/mjpegdec: pass into ff_mjpeg_decode_sos() and check bitmask size

Fixes: heap array overread
Fixes: asan_heap-oob_149b2bc_6577_m1.mxg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2884688bd51a808ccda3c0e13367619cd79e0579)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/flac_picture: clear padding area
Michael Niedermayer [Fri, 31 Jan 2014 16:31:21 +0000 (17:31 +0100)]
avformat/flac_picture: clear padding area

aviod use of uninitialized memory

Fixes: asan_heap-oob_1487fa4_4706_cov_364534849_cover_art.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 13aa82bbbb71c04bdcecf1341be4a23aee271bec)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/flac_picture: allocate buffer padding for picture
Michael Niedermayer [Fri, 31 Jan 2014 16:21:32 +0000 (17:21 +0100)]
avformat/flac_picture: allocate buffer padding for picture

Fixes: heap array overread
Fixes: asan_heap-oob_14876d9_4706_cov_815472558_cover_art.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fff2953163ff466d5391b2f862bd2216fbe728b2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/snow: split block clipping checks
Michael Niedermayer [Tue, 18 Feb 2014 01:53:14 +0000 (02:53 +0100)]
avcodec/snow: split block clipping checks

Fixes out of array read
Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/ansi: fix integer overflow
Michael Niedermayer [Mon, 17 Feb 2014 19:49:42 +0000 (20:49 +0100)]
avcodec/ansi: fix integer overflow

Fixes out of array read
Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d42ec8433c687fcbccefa51a7716d81920218e4f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/msrle: use av_image_get_linesize() to calculate the linesize
Michael Niedermayer [Sun, 16 Feb 2014 22:08:52 +0000 (23:08 +0100)]
avcodec/msrle: use av_image_get_linesize() to calculate the linesize

Fixes out of array access
Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c919e1ca2ecfc47d796382973ba0e48b8f6f92a2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/utils: set AVFrame format unconditional
Michael Niedermayer [Sun, 16 Feb 2014 00:28:26 +0000 (01:28 +0100)]
avcodec/utils: set AVFrame format unconditional

Fixes inconsistency and out of array accesses
Fixes: 10cdd7e63e7f66e3e66273939e0863dd-asan_heap-oob_1a4ff32_7078_cov_4056274555_mov_h264_aac__mp4box_frag.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e5c7229999182ad1cef13b9eca050dba7a5a08da)

Conflicts:

libavcodec/utils.c

5 years agoavcodec/hevc: make *ps_id unsigned
Michael Niedermayer [Sat, 15 Feb 2014 22:26:19 +0000 (23:26 +0100)]
avcodec/hevc: make *ps_id unsigned

Fixes integer overflow
Fixes out of array accesses
Fixes 2f65e7dbd02a12f426a423bd7bf880b4-signal_sigsegv_127c952_2793_cov_2517424539_RPLM_A_qualcomm_4.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d1e6602665d5ec1b7e211ab27b298c26139f82cc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/mpegtsenc: Check data array size in mpegts_write_pmt()
Michael Niedermayer [Thu, 13 Feb 2014 12:59:51 +0000 (13:59 +0100)]
avformat/mpegtsenc: Check data array size in mpegts_write_pmt()

Prevents out of array writes

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad)

Conflicts:

libavformat/mpegtsenc.c

5 years agoavcodec/wmalosslessdec: fix mclms_coeffs* array size
Michael Niedermayer [Fri, 7 Feb 2014 14:07:23 +0000 (15:07 +0100)]
avcodec/wmalosslessdec: fix mclms_coeffs* array size

Fixes corruption of context
Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agosamplefmt: avoid integer overflow in av_samples_get_buffer_size()
Justin Ruggles [Thu, 30 Jan 2014 19:08:38 +0000 (14:08 -0500)]
samplefmt: avoid integer overflow in av_samples_get_buffer_size()

CC:libav-stable@libav.org
(cherry picked from commit 0e830094ad0dc251613a0aa3234d9c5c397e02e6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/vc1: reset fcm/field_mode in non advanced header parsing
Michael Niedermayer [Sat, 1 Feb 2014 18:04:37 +0000 (19:04 +0100)]
avcodec/vc1: reset fcm/field_mode in non advanced header parsing

Fixes NULL pointer dereference
Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/takdec: always check bits_per_raw_sample
Michael Niedermayer [Fri, 31 Jan 2014 18:16:02 +0000 (19:16 +0100)]
avcodec/takdec: always check bits_per_raw_sample

Fixes out of array access
Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoAdd decoder dependency to the HEVC parser.
Carl Eugen Hoyos [Mon, 18 Nov 2013 16:48:17 +0000 (17:48 +0100)]
Add decoder dependency to the HEVC parser.

Fixes compilation with --disable-everything --enable-parser=hevc
(cherry picked from commit d4a6133ab8ca1538d1d01fc187284fc99c6f6c90)

5 years agortpdec_asf: Copy the need_parsing field from the chained demuxer
Martin Storsjö [Thu, 23 Jan 2014 12:07:46 +0000 (14:07 +0200)]
rtpdec_asf: Copy the need_parsing field from the chained demuxer

This fixes playback of mp3 streams in rtp/asf. This used to work
until 950482bf, but mostly by coincidence.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2aec9e228cb317cca8cda9e03986c8482ea54404)

Fixes ticket #3223

5 years agoavformat/matroskadec: Fix start_time
Alex Sukhanov [Mon, 23 Dec 2013 09:41:35 +0000 (01:41 -0800)]
avformat/matroskadec: Fix start_time

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 251c96a70b0d8cc729ded8c09c7b8bfe03f1a138)

Fixes ticket #3337.

5 years agolavf/libssh: fix seek with whence==SEEK_CUR
Lukasz Marek [Tue, 21 Jan 2014 00:18:15 +0000 (01:18 +0100)]
lavf/libssh: fix seek with whence==SEEK_CUR

Signed-off-by: Lukasz Marek <lukasz.m.luki@gmail.com>
(cherry picked from commit e0d124a9209f44a34e812fb26ba581552b55a731)

Conflicts:

libavformat/libssh.c

5 years agoavcodec/jpeg2000dec: fix error detection in pix_fmt_match()
Michael Niedermayer [Mon, 20 Jan 2014 17:40:37 +0000 (18:40 +0100)]
avcodec/jpeg2000dec: fix error detection in pix_fmt_match()

Fixes out of array accesses with CODEC_FLAG_EMU_EDGE

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8001e9f7d17e90b4b0898ba64e3b8bbd716c513c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/vmnc: Check that rectangles are within the picture
Michael Niedermayer [Mon, 20 Jan 2014 17:08:18 +0000 (18:08 +0100)]
avcodec/vmnc: Check  that rectangles are within the picture

Prevents out of array accesses with CODEC_FLAG_EMU_EDGE

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/apedec: more checks for k
Michael Niedermayer [Mon, 23 Dec 2013 17:09:58 +0000 (18:09 +0100)]
avcodec/apedec: more checks for k

Fixes assertion failure
Fixes part of msan_uninit-mem_7fa0d8c8bd58_8417_sh3.ape
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d5128fce38646d3f64c55feda42084888ba0e87e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/rmdec: move packet allocation down
Michael Niedermayer [Mon, 23 Dec 2013 17:09:58 +0000 (18:09 +0100)]
avformat/rmdec: move packet allocation down

Fixes memleak
Fixes: msan_uninit-mem_7fc5d73327d4_6192_kuerti.ra
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 165f96cd2d687122748f862a0bc6e9908fe3d5d2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/mpegts: check sl.timestamp_len
Michael Niedermayer [Fri, 27 Dec 2013 10:45:55 +0000 (11:45 +0100)]
avformat/mpegts: check sl.timestamp_len

Fixes: msan_uninit-mem_7ff4404547ba_4883_dmbts.ts
Fixes assertion failure
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e630ca5111077fa8adc972fe8a3d7e2b3e8dc91f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/ape: free packet on avio_read() failure
Michael Niedermayer [Mon, 23 Dec 2013 17:09:58 +0000 (18:09 +0100)]
avformat/ape: free packet on avio_read() failure

Fixes memleak
Fixes: msan_uninit-mem_7fcc198b365b_8417_sh3.ape
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 459db51271807ba26162db7b67ac1ff444cc0fa9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agodnxhdenc: fix mb_rc size
Michael Niedermayer [Fri, 17 Jan 2014 19:09:48 +0000 (20:09 +0100)]
dnxhdenc: fix mb_rc size

Fixes out of array access with RC_VARIANCE set to 0

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf'
Michael Niedermayer [Mon, 6 Jan 2014 15:39:38 +0000 (16:39 +0100)]
Merge commit '9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf'

* commit '9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf':
  h264: check that execute_decode_slices() is not called too many times

Conflicts:
libavcodec/h264.c

The check is replaced by an assert() as the mb index should not ever go out
of bounds.

Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 64591f8f86f2dfeac13ee6b4e971d069675ca814)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '6892d145a0c80249bd61ee7dd31ec851c5076bcd'
Michael Niedermayer [Mon, 6 Jan 2014 16:12:15 +0000 (17:12 +0100)]
Merge commit '6892d145a0c80249bd61ee7dd31ec851c5076bcd'

* commit '6892d145a0c80249bd61ee7dd31ec851c5076bcd':
  segafilm: fix leaks if reading the header fails

Conflicts:
libavformat/segafilm.c

See: ca5456db7fa62a81d8effa20fb7547c16dd1d796
Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2a58d5fc0e842ebc9a47523a8c3418580b40b4be)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agocmdutils: update year
Michael Niedermayer [Thu, 16 Jan 2014 01:53:32 +0000 (02:53 +0100)]
cmdutils: update year

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoAllow decoding of slightly broken Nikon avi files.
Carl Eugen Hoyos [Mon, 20 Jan 2014 21:37:18 +0000 (22:37 +0100)]
Allow decoding of slightly broken Nikon avi files.

Fixes ticket #3330.
(cherry picked from commit f9c2d4d17e3b18becb046d71811f9e8aa5946cf9)

5 years agolavfi/dualinput: fix shortest option.
Nicolas George [Fri, 17 Jan 2014 23:34:17 +0000 (00:34 +0100)]
lavfi/dualinput: fix shortest option.

Fix trac ticket #3315.
(cherry picked from commit 2dc5980d61493e05ccb04271a685fe804d87b155)

5 years agoavcodec/mjpegdec: Dont skip picture allocation if theres no picture allocated
Michael Niedermayer [Sun, 19 Jan 2014 15:44:58 +0000 (16:44 +0100)]
avcodec/mjpegdec: Dont skip picture allocation if theres no picture allocated

Fixes Ticket 3245
(cherry picked from commit ad8d063f230c05f8b5efbd05cc5a9f51a2549dcf)

5 years agoavcodec/aacdec: Dont fail if channels arent known yet
Michael Niedermayer [Sun, 19 Jan 2014 05:20:46 +0000 (06:20 +0100)]
avcodec/aacdec: Dont fail if channels arent known yet

Fixes Ticket3312

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 676a395ab903cac623c5d6ddd0928c789e08a59e)

5 years agoavcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the...
Michael Niedermayer [Sun, 19 Jan 2014 03:02:11 +0000 (04:02 +0100)]
avcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the bitstream

Fixes Ticket3303

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 31e703e899bee74c50efd8eb62c3d012ef5ab26d)

5 years agoavcodec/mjpegdec: only run EOI emulation code when there was a scan
Michael Niedermayer [Sun, 19 Jan 2014 03:56:13 +0000 (04:56 +0100)]
avcodec/mjpegdec: only run EOI emulation code when there was a scan

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 361e27a3d8096baacc45d2551a1ebfcbfdaa6a67)

5 years agoavcodec/mjpegdec: update cur_scan also for non-LS jpeg
Michael Niedermayer [Sun, 19 Jan 2014 03:55:01 +0000 (04:55 +0100)]
avcodec/mjpegdec: update cur_scan also for non-LS jpeg

This should make no difference but the variable will be used in a subsequent commit

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d)

5 years agoFix libxvid crash on failing initialisation.
Carl Eugen Hoyos [Fri, 17 Jan 2014 12:09:57 +0000 (13:09 +0100)]
Fix libxvid crash on failing initialisation.

Fixes ticket #3297.
(cherry picked from commit ee3fc8aa864f6d95356a7d9d03536e2b12b891c5)

5 years agoDo not read mkv audio bit_depth if bits_per_coded_sample is already set.
Carl Eugen Hoyos [Wed, 15 Jan 2014 22:37:47 +0000 (23:37 +0100)]
Do not read mkv audio bit_depth if bits_per_coded_sample is already set.

This allows decoding broken mkv files containing G.726 audio.
(cherry picked from commit 11329370770e5c982deece7d4eb4f2e95e725332)

5 years agoDo not set mkv bit_depth to av_get_bytes_per_sample() for G.726.
Carl Eugen Hoyos [Wed, 15 Jan 2014 22:35:22 +0000 (23:35 +0100)]
Do not set mkv bit_depth to av_get_bytes_per_sample() for G.726.

The value is wrong and leads to broken files.
(cherry picked from commit 565102dcac4959da60e6b1528dc31315d21194ca)

5 years agoUpdate for 2.1.3 n2.1.3
Michael Niedermayer [Wed, 15 Jan 2014 17:29:16 +0000 (18:29 +0100)]
Update for 2.1.3

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agolibrary.mak: only run asm strip if ASMSTRIP flags are set
Michael Niedermayer [Thu, 28 Nov 2013 20:52:46 +0000 (21:52 +0100)]
library.mak: only run asm strip if ASMSTRIP flags are set

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e975c147e18010a9f96f56b21d0cd0f026eaae0e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoconfigure: remove code that disables striping in the absence of some flags
Michael Niedermayer [Thu, 28 Nov 2013 20:35:12 +0000 (21:35 +0100)]
configure: remove code that disables striping in the absence of some flags

This prevents breaking (non asm) striping in that case

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 191454f26e5a2f5026fef9a25df6d61c2a06615c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agobuild sys: rename STRIPFLAGS to ASMSTRIPFLAGS
Michael Niedermayer [Thu, 28 Nov 2013 20:29:13 +0000 (21:29 +0100)]
build sys: rename STRIPFLAGS to ASMSTRIPFLAGS

This more closely matches the actual use, also we use plain
strip without these flags for striping

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e283c26c35c4f18c8eb2e79183037a883b12d1e5)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '0673ede985a6560e7efb86dab1c58fb7f95ce587'
Michael Niedermayer [Thu, 28 Nov 2013 20:27:05 +0000 (21:27 +0100)]
Merge commit '0673ede985a6560e7efb86dab1c58fb7f95ce587'

* commit '0673ede985a6560e7efb86dab1c58fb7f95ce587':
  configure: add strip flags checks

Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 71b95f2ab603ea607bc1b930fcfc3974b40ba484)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/utils/av_probe_input_buffer2: fix buffer passed to ffio_rewind_with_probe_data()
Michael Niedermayer [Mon, 13 Jan 2014 21:17:12 +0000 (22:17 +0100)]
avformat/utils/av_probe_input_buffer2: fix buffer passed to ffio_rewind_with_probe_data()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 05886c9d4edddb07a4cdc6afee8b30cd9c80b4db)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/utils/av_probe_input_buffer2: fix offset check
Michael Niedermayer [Mon, 13 Jan 2014 21:17:12 +0000 (22:17 +0100)]
avformat/utils/av_probe_input_buffer2: fix offset check

The check could fail if avio_read() read less than requested

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8c3b026a0eeb49464d957b61b0c01cceecc416fd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/utils/av_probe_input_buffer2: Fix pd.buf_size
Michael Niedermayer [Mon, 13 Jan 2014 21:14:02 +0000 (22:14 +0100)]
avformat/utils/av_probe_input_buffer2: Fix pd.buf_size

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6a2064820b52568c05a9ec8f418f18840e7c43cc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/libxavs: 2nd attempt to fix compilation after b18c7c8d.
Clément Bœsch [Mon, 18 Nov 2013 07:08:41 +0000 (08:08 +0100)]
avcodec/libxavs: 2nd attempt to fix compilation after b18c7c8d.
(cherry picked from commit 260fc0d95b025b03b2a15116526e4c83b1ca1a31)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/libxavs: attempt to fix compilation after b18c7c8d.
Clément Bœsch [Mon, 18 Nov 2013 06:53:08 +0000 (07:53 +0100)]
avcodec/libxavs: attempt to fix compilation after b18c7c8d.
(cherry picked from commit 71cd83e34cf7ba88d766434e3d2b4d99c14bf0f2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoUpdate for 2.1.2 n2.1.2
Michael Niedermayer [Mon, 13 Jan 2014 16:21:42 +0000 (17:21 +0100)]
Update for 2.1.2

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoFix a crash on oom when decoding hevc.
Carl Eugen Hoyos [Thu, 31 Oct 2013 19:17:18 +0000 (20:17 +0100)]
Fix a crash on oom when decoding hevc.
(cherry picked from commit 5ab1efb9d0dc65e748a0291b67915e35578b302e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: Check entry point arrays for malloc failure
Michael Niedermayer [Mon, 13 Jan 2014 02:51:39 +0000 (03:51 +0100)]
avcodec/hevc: Check entry point arrays for malloc failure

Fixes null pointer dereference
Fixes: signal_sigsegv_e1d3b6_2192_DBLK_F_VIXS_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 22bfb4be284c12f33b9dac010713fe3ca6d974bf)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agohevc: Bound check slice_qp
Luca Barbato [Sun, 12 Jan 2014 00:14:12 +0000 (01:14 +0100)]
hevc: Bound check slice_qp

The T-REC-H.265-2013044 page 79 states they have to be into the range
[-s->sps->qp_bd_offset, 51].

Fixes: asan_stack-oob_eae8e3_9522_WP_MAIN10_B_Toshiba_3.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit aead772b5814142b0e530804486ff7970ecd9eef)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agohevc: Reject impossible dependent tile
Luca Barbato [Sat, 11 Jan 2014 15:52:43 +0000 (16:52 +0100)]
hevc: Reject impossible dependent tile

The tile 0 cannot depend on a previous one.
Prevent an out of array bound load in ff_hevc_cabac_init().

Fixes: asan_heap-oob_e3a924_1630_DBLK_A_MAIN10_VIXS_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Guillaume Martres <smarter@ubuntu.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 48a5b155433ed7af20fb0a5c20ca131958727727)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agohevc: remove useless clip in FUNC(sao_band_filter)()
Guillaume Martres [Sat, 11 Jan 2014 21:46:25 +0000 (22:46 +0100)]
hevc: remove useless clip in FUNC(sao_band_filter)()

The src buffer should only contain values in the interval
[0, (1 << BIT_DEPTH) - 1]. Since shift = (BIT_DEPTH - 5), src[x] >> shift
must be in the interval [0, 31], so no clip is needed.

This removes the code that was changed in 5856bca360c5bc3e340a357d91b1f993c80a7bea
as the clip that was repositioned in that commit is removed

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b00a8b4d194f1bf23343f3f42138affa1fe26641)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agohevc: clip pixels when transquant bypass is used
Guillaume Martres [Sat, 11 Jan 2014 21:46:24 +0000 (22:46 +0100)]
hevc: clip pixels when transquant bypass is used

Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This is a more proper fix than 5856bca360c5bc3e340a357d91b1f993c80a7bea

The reconstructed picture should always be clipped (see section 8.6.5),
previously we did not clip coding units where
cu_transquant_bypass_flag == 1

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c9fe0caf7a1abde7ca0b1a359f551103064867b1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agohevc: Clip the pixel before shifting
Luca Barbato [Sat, 11 Jan 2014 15:52:41 +0000 (16:52 +0100)]
hevc: Clip the pixel before shifting

Prevent an out of array bound read.

Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5856bca360c5bc3e340a357d91b1f993c80a7bea)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: use av_mallocz() for allocating tab_ipm
Michael Niedermayer [Sat, 11 Jan 2014 19:23:51 +0000 (20:23 +0100)]
avcodec/hevc: use av_mallocz() for allocating tab_ipm

Fixes use of uninitialized memory and out of stack array read
Fixes: signal_sigsegv_ecc526_7846_WPP_C_ericsson_MAIN_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0999f1613bc48ed9d6578a3ad7bcd17610e07fbf)

Conflicts:

libavcodec/hevc.c

5 years agoavcodec/alac: only set *got_frame_ptr when all channels have been decoded
Michael Niedermayer [Sat, 11 Jan 2014 03:36:15 +0000 (04:36 +0100)]
avcodec/alac: only set *got_frame_ptr when all channels have been decoded

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f8b64436530_7895_quicktime_newcodec_applelosslessaudiocodec.m4a
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e11983bda073f8c63f60509ee753da9fba20ed10)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/pjsdec: dont increase pointer when its already at the end in read_ts()
Clément Bœsch [Fri, 10 Jan 2014 00:51:22 +0000 (01:51 +0100)]
avformat/pjsdec: dont increase pointer when its already at the end in read_ts()

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f91f2de7764_2649_PJS_capability_tester.pjs
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b84a7330af41cec93384bf59ed68c67b09d105cd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/wmalosslessdec: shrink output on error so no uninitialized data is returned
Michael Niedermayer [Sat, 11 Jan 2014 01:04:01 +0000 (02:04 +0100)]
avcodec/wmalosslessdec: shrink output on error so no uninitialized data is returned

Fixes use of uninitialized memory
partly fixes: msan_uninit-mem_7f7834b6a530_6473_luckynight-partial.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6b18a6839b43ea78e70cd3e35f781d1c955bda73)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/wmalosslessdec: deallocate uninitialized frame on decode_tilehdr() failure
Michael Niedermayer [Sat, 11 Jan 2014 00:59:20 +0000 (01:59 +0100)]
avcodec/wmalosslessdec: deallocate uninitialized frame on decode_tilehdr() failure

Fixes use of uninitialized memory
partly fixes: msan_uninit-mem_7f7834b6a530_6473_luckynight-partial.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ae3856dcaf9c5ef339969c95a72bcaf7c4bba9ec)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/wmalosslessdec: Pass on error code from decode_tilehdr()
Michael Niedermayer [Sat, 11 Jan 2014 00:58:36 +0000 (01:58 +0100)]
avcodec/wmalosslessdec: Pass on error code from decode_tilehdr()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 03fff09b32171e0c76d104c02ebf578c7f4fe21d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/matroskadec: check generic audio deinterleaver sub_packet_size against frame...
Michael Niedermayer [Fri, 10 Jan 2014 22:10:47 +0000 (23:10 +0100)]
avformat/matroskadec: check generic audio deinterleaver sub_packet_size against frame_size

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f67d052a530_7517_nosound.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a1ed1c2193483849df689b105bec0d26c2497999)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/flvdec: initialize context before reading from it
Michael Niedermayer [Fri, 10 Jan 2014 19:58:19 +0000 (20:58 +0100)]
avformat/flvdec: initialize context before reading from it

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f9b8387069e_5377_flv_with_pcm_s16be_audio_track.flv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 396ddcf22d55fa7e735d69eed22a4a4b1649b73c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/mxfdec: check avio_read(UID) result
Michael Niedermayer [Fri, 10 Jan 2014 01:11:20 +0000 (02:11 +0100)]
avformat/mxfdec: check avio_read(UID) result

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fc9ba2fd98e_82_02785736.mxf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4162ceea93684f3cd656dc21d30903e102a44e73)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/rmdec: when reading audio blocks, dont leave holes when reading fails
Michael Niedermayer [Thu, 9 Jan 2014 21:59:51 +0000 (22:59 +0100)]
avformat/rmdec: when reading audio blocks, dont leave holes when reading fails

The fate test is changed because the reference file depends on the use of
non cleared data at the very
end. Alternatively we could upload a new reference file, though that would
then have to be changed every time the handling of a truncated frame changes
or theres a change to error concealment, each time adding a new file ...

Fixes use of uninitialized memory
Fixed: msan_uninit-mem_7f3c02b81363_2787_RLG2_19.rm
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 77d2a1ca595ebe082d35c4b624ac9a9145991494)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/h264: fix code that blindly dereferences NULL DPB
Michael Niedermayer [Tue, 10 Dec 2013 22:41:50 +0000 (23:41 +0100)]
avcodec/h264: fix code that blindly dereferences NULL DPB

Fixes mixed flushing and decoding NULL packets
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d9339ab55373b12f078a3e3f1e294d8ff78652dd)

Conflicts:

libavcodec/h264.c

5 years agovdpau: restore compatibility with deprecated fields in AVVDPAUContext
Hendrik Leppkes [Fri, 10 Jan 2014 19:18:08 +0000 (20:18 +0100)]
vdpau: restore compatibility with deprecated fields in AVVDPAUContext

Fixes ticket #3133.

Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com>
Tested-by: EricV
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 23bc1351ad7db698da9348e23ee63ec7300a881d)

5 years agoFix libopenjpeg colour range adjust for 8<bpp<16.
Carl Eugen Hoyos [Fri, 10 Jan 2014 09:57:43 +0000 (10:57 +0100)]
Fix libopenjpeg colour range adjust for 8<bpp<16.

Fixes ticket #3284.

Reviewed-by: Michael Bradshaw
(cherry picked from commit 8298b54179c92fc3293ea312c4fcf153917bca0a)

5 years agoavcodec/msvideo1enc: fix SKIPS_MAX
Michael Niedermayer [Thu, 9 Jan 2014 03:02:58 +0000 (04:02 +0100)]
avcodec/msvideo1enc: fix SKIPS_MAX

Fixes Ticket3270

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fb8f5d0510619cea2204246631f1c0dcd994ee25)

5 years agoUse the h264 parser when decoding VSSH in avi.
Carl Eugen Hoyos [Tue, 7 Jan 2014 21:49:05 +0000 (22:49 +0100)]
Use the h264 parser when decoding VSSH in avi.

Fixes ticket #3261 visually.

Analyzed-by: Michael Doilnitsyn
(cherry picked from commit 94cf4f8bac12c58e30ce3b5d72cf5898baafe9a8)

5 years agoavformat/mxfdec: detect loops during header parsing
Michael Niedermayer [Wed, 8 Jan 2014 03:49:50 +0000 (04:49 +0100)]
avformat/mxfdec: detect loops during header parsing

The header parser uses forward and backward parsing, making the
bulletproof prevention of loops difficult, thus this simple
detection code.
If someone improves the forward/backward parsing so it cannot loop
then this commit should be reverted

Fixes Ticket3278

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c010fd035c1a14dc73827b84f21f593e969a5d6)

5 years agoavformat/mov: Check that we have a stream before accessing it in mov_read_ares()
Michael Niedermayer [Fri, 22 Nov 2013 19:09:03 +0000 (20:09 +0100)]
avformat/mov: Check that we have a stream before accessing it in mov_read_ares()

Fixes out of array read
Fixes: signal_sigsegv_6f1855_3910_avid_test_alpha.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a7f27453f64d9020b92b01687baeb5909c6cdad0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/ipmovie: check OPCODE_INIT_VIDEO_BUFFERS size more completely
Michael Niedermayer [Fri, 22 Nov 2013 18:47:34 +0000 (19:47 +0100)]
avformat/ipmovie: check OPCODE_INIT_VIDEO_BUFFERS size more completely

Fixes use of uninitialized data

Fixes: signal_sigsegv_1571228_5930_ipmovie_interplayvideo_interplay_dpcm__bislogo.mve

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e97e244097c309571b383dd107252404ebb3326)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/mjpegdec: check len in mjpeg_decode_app() more completely
Michael Niedermayer [Fri, 22 Nov 2013 15:51:07 +0000 (16:51 +0100)]
avcodec/mjpegdec: check len in mjpeg_decode_app() more completely

Avoids len from becoming negative and causing assertion failure

Fixes: signal_sigabrt_7ffff7126425_5140_fd44dc63fa7bdd12ee34fc602231ef02.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6060234d43dcf0b5200cdd7dbd2f1542146827eb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/avidec: Dont assert the existence of an index for video streams.
Michael Niedermayer [Fri, 22 Nov 2013 14:08:04 +0000 (15:08 +0100)]
avformat/avidec: Dont assert the existence of an index for video streams.

Its possible in various rare cases that an index cannot be created or allocated.
Fixes assertion failure
Fixes: signal_sigabrt_7ffff7126425_7712_pokem.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7865759409b27089b444bc029b2b76b06161b2cf)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/hevc: clear HEVClc when its deallocated in hevc_decode_free()
Michael Niedermayer [Tue, 31 Dec 2013 14:18:47 +0000 (15:18 +0100)]
avcodec/hevc: clear HEVClc when its deallocated in hevc_decode_free()

Fixes reading freed memory
Fixes: asan_heap-uaf_1abf8ef_3987_NUT_A_ericsson_4.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 21a2fb7e0579703fdea96f659498ef8b1f243289)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavutil/log: check that len is within the buffer before reading it
Michael Niedermayer [Wed, 27 Nov 2013 16:04:05 +0000 (17:04 +0100)]
avutil/log: check that len is within the buffer before reading it

Fixes out of array read
Fixes: asan_heap-oob_19d6979_6857_mmw_deadzy.ogg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 808c10e728db2d92ccbb0f8b3bcd4a2f4305a2cf)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/g2meet: check available space before copying palette
Michael Niedermayer [Tue, 26 Nov 2013 20:53:47 +0000 (21:53 +0100)]
avcodec/g2meet: check available space before copying palette

Fixes out of array read
Fixes: asan_heap-uaf_ae6067_5415_g2m4.wmv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6d9dad6a7cb5d544d540abf941fedbd34c14d2bd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/ac3dec: check bap before use.
Michael Niedermayer [Mon, 25 Nov 2013 22:16:17 +0000 (23:16 +0100)]
avcodec/ac3dec: check bap before use.

Fixes out of array read
Fixes assertion failure
Fixes asan_static-oob_16431c0_8036_rio_bravo_mono_64_spx.ac3

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4782c4284fa3856a9b6910fe5ff6e4fb1c65b58c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>