ffmpeg.git
4 years agoUpdate for 2.4.8 n2.4.8
Michael Niedermayer [Sun, 29 Mar 2015 23:28:28 +0000 (01:28 +0200)]
Update for 2.4.8

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavutil/cpu: add missing check for mmxext to av_force_cpu_flags
James Almer [Thu, 26 Mar 2015 05:11:55 +0000 (02:11 -0300)]
avutil/cpu: add missing check for mmxext to av_force_cpu_flags

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1f5d1eed78fad63f1c80a3766d3dc2421b99104d)

4 years agoavcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead...
Michael Niedermayer [Tue, 24 Mar 2015 14:50:12 +0000 (15:50 +0100)]
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer

Fixes out of array access
Fixes: da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f7e1367f58263593e6cee3c282f7277d7ee9d553)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc_ps: Check cropping parameters more correctly
Michael Niedermayer [Sat, 21 Mar 2015 11:54:16 +0000 (12:54 +0100)]
avcodec/hevc_ps: Check cropping parameters more correctly

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 06c70d45373dedc600f28e345685b130b60203c1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/dnxhddec: Check that the frame is interlaced before using cur_field
Michael Niedermayer [Thu, 19 Mar 2015 22:28:39 +0000 (23:28 +0100)]
avcodec/dnxhddec: Check that the frame is interlaced before using cur_field

Fixes Ticket4227

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2c660e34cf3c2b77cd2bef6f292920334dfd9192)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/mov: Disallow ".." in dref unless use_absolute_path is set
Michael Niedermayer [Sat, 14 Mar 2015 20:32:35 +0000 (21:32 +0100)]
avformat/mov: Disallow ".." in dref unless use_absolute_path is set

as this kind of allows to circumvent it to some extend.
We also could add a separate parameter or value to choose this

Found-by: ramiro
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e4d0498df6621143da1a550006ddc3526ad51cb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/mov: Check for string truncation in mov_open_dref()
Michael Niedermayer [Sat, 14 Mar 2015 20:24:54 +0000 (21:24 +0100)]
avformat/mov: Check for string truncation in mov_open_dref()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8003816e1619e77d8de051883264aa090e0d78cc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/mov: Use sizeof(filename) instead of a literal number
Michael Niedermayer [Sat, 14 Mar 2015 20:23:32 +0000 (21:23 +0100)]
avformat/mov: Use sizeof(filename) instead of a literal number

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 21a53dd08dce7cc5b3fdf9c4826b4b74d8300ea0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoeac3dec: fix scaling
Christophe Gisquet [Sat, 14 Mar 2015 11:48:59 +0000 (11:48 +0000)]
eac3dec: fix scaling

This is the remaining error, the output on the SPX samples,
respectively csi_miami_stereo_128_spx.eac3 and
csi_miami_5.1_256_spx.eac3, goes from:
stddev:    8.71 PSNR: 77.52 MAXDIFF:  235
stddev:24270.51 PSNR: 22.17 MAXDIFF:47166
to:
stddev:    0.12 PSNR:114.12 MAXDIFF:    1
stddev:    0.12 PSNR:114.73 MAXDIFF:    1

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0c3339f4bd7aceebfd74deb437ba2e5c04ef3d0e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoac3_fixed: fix computation of spx_noise_blend
Christophe Gisquet [Sat, 14 Mar 2015 11:48:58 +0000 (11:48 +0000)]
ac3_fixed: fix computation of spx_noise_blend

It was set to 1 instead of sqrt(3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c4bf3833f4663fd484441907f73c5bc4700021a4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoac3_fixed: fix out-of-bound read
Christophe Gisquet [Sat, 14 Mar 2015 11:48:57 +0000 (11:48 +0000)]
ac3_fixed: fix out-of-bound read

Should also improve decoding, but actually doesn't...

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b0834400608b3980c06bf6d2cf747116e60d10c7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoac3dec_fixed: always use the USE_FIXED=1 variant of the AC3DecodeContext
Andreas Cadhalpun [Fri, 13 Mar 2015 21:28:42 +0000 (22:28 +0100)]
ac3dec_fixed: always use the USE_FIXED=1 variant of the AC3DecodeContext

The AC3DecodeContext has a float (USE_FIXED=0) and an integer
(USE_FIXED=1) variant, both of which can be present in the same binary.
This is not only very confusing, but it also breaks horribly, when one
variant is used by code expecting the other.

This currently happens, because eac3dec.c is only compiled for the float
variant, but also used from ac3dec_fixed.c, which uses the integer
variant.

The result is memory corruption, leading to crashes.

So compile eac3dec.c once for each variant and adapt it, so that it
works with the integer variant.

A loss of precission and scaling bug has been fixed by the committer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7b05b5093ea67a3397b0c37cf398bab471e1ce2b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/012v: redesign main loop
Michael Niedermayer [Tue, 10 Mar 2015 18:18:34 +0000 (19:18 +0100)]
avcodec/012v: redesign main loop

Fixes out of array accesses
Fixes: ffmpeg_012v_crash.ts

Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Reviewed-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 48df30d36c3ca360c407d84f96749888d1fbe853)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/012v: Check dimensions more completely
Michael Niedermayer [Tue, 10 Mar 2015 19:21:14 +0000 (20:21 +0100)]
avcodec/012v: Check dimensions more completely

Fixes division by 0

Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d3b25383daffac154846daeb4e4fb46569e728db)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoasfenc: fix leaking asf->index_ptr on error
Andreas Cadhalpun [Mon, 9 Mar 2015 18:31:39 +0000 (19:31 +0100)]
asfenc: fix leaking asf->index_ptr on error

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2c8cff2be4a044c66e4904efa156dafd0d332d25)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoroqvideoenc: set enc->avctx in roq_encode_init
Andreas Cadhalpun [Mon, 9 Mar 2015 18:24:09 +0000 (19:24 +0100)]
roqvideoenc: set enc->avctx in roq_encode_init

So far it is only set in roq_encode_frame, but it is used in
roq_encode_end to free the coded_frame. This currently segfaults if
roq_encode_frame is not called between roq_encode_init and
roq_encode_end.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cf82c426fadf90105e1fb9d5ecd267cc3aa2b288)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/options_table: remove extradata_size from the AVOptions table
Michael Niedermayer [Mon, 9 Mar 2015 02:42:00 +0000 (03:42 +0100)]
avcodec/options_table: remove extradata_size from the AVOptions table

allowing access to the size but not the extradata itself is not useful
and could lead to potential problems if writing happens through this field

Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Reviewed-by: Lukasz Marek <lukasz.m.luki2@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1f4088b28540080ce1d42345c5614be3e1a6a197)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoffmdec: limit the backward seek to the last resync position
Andreas Cadhalpun [Mon, 9 Mar 2015 13:59:44 +0000 (14:59 +0100)]
ffmdec: limit the backward seek to the last resync position

If resyncing leads to the same position as previously, it will again
lead to a resync attempt, resulting in an infinite loop.

Thus don't seek back beyond the last syncpoint.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6b8263b03ab3d16d70525ae1893cb106be7852f1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoffmdec: make sure the time base is valid
Andreas Cadhalpun [Sun, 8 Mar 2015 22:12:59 +0000 (23:12 +0100)]
ffmdec: make sure the time base is valid

A negative time base can trigger assertions.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4c91d81be23ffacfa3897b2bcfa77445bb0c2f89)

Conflicts:

libavformat/ffmdec.c

4 years agoffmdec: fix infinite loop at EOF
Andreas Cadhalpun [Sun, 8 Mar 2015 22:31:48 +0000 (23:31 +0100)]
ffmdec: fix infinite loop at EOF

If EOF is reached, while skipping bytes, avio_tell(pb) won't change
anymore, resulting in an infinite loop.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6fa98822eba501a4898fdec5b75acd3026201005)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/tiff: move bpp check to after "end:"
Michael Niedermayer [Sun, 8 Mar 2015 22:27:43 +0000 (23:27 +0100)]
avcodec/tiff: move bpp check to after "end:"

This ensures that all current and future code-pathes get bpp checked

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d5e9fc782150d4596c72440a0aa02b7f4f1254b1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agodoc: avoid the incorrect phrase 'allow to'
Andreas Cadhalpun [Sat, 7 Mar 2015 18:36:07 +0000 (19:36 +0100)]
doc: avoid the incorrect phrase 'allow to'

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 10fd7ff814f2a35b5b49a9c3b0d426ead6c7e83f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/opusdec: Fix delayed sample value
Michael Niedermayer [Sat, 7 Mar 2015 14:34:19 +0000 (15:34 +0100)]
avcodec/opusdec: Fix delayed sample value

Fixes out of array access
Fixes: ffmpeg_opus_crash1.ogg

This solution is likely not optimal in terms of error concealment but
its simple and fixes the out of array access.

Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6c583e9048fe9db2ed4d7bbc75f4f1d76e82761a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/opusdec: Clear out pointers per packet
Michael Niedermayer [Sat, 7 Mar 2015 14:11:39 +0000 (15:11 +0100)]
avcodec/opusdec: Clear out pointers per packet

This is safer than to assume that all error pathes cleared them and
nothing will use uncleared pointers.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1ae092587fc196da5098dea346d7ece81ec35153)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/utils: Align YUV411 by as much as the other YUV variants
Michael Niedermayer [Sat, 7 Mar 2015 13:30:34 +0000 (14:30 +0100)]
avcodec/utils: Align YUV411 by as much as the other YUV variants

Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash2.avi

Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e3201c38d53d2b8b24d0bc95d726b2cb1752dc12)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agovp9: fix segmentation map retention with threading enabled.
Ronald S. Bultje [Sat, 7 Mar 2015 02:07:54 +0000 (21:07 -0500)]
vp9: fix segmentation map retention with threading enabled.

Fixes ticket 4359.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit efff3854f05d171f5ad3e4f4206533b255a6d267)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agodoc/protocols/tcp: fix units of listen_timeout option value, from microseconds to...
Stefano Sabatini [Thu, 5 Mar 2015 11:05:17 +0000 (12:05 +0100)]
doc/protocols/tcp: fix units of listen_timeout option value, from microseconds to milliseconds

s->listen_timeout is passed to ff_listen_bind(), which accepts a timeout
value expressed in milliseconds.

The unit was incorrectly set in 1b4da43ce02452843a1e9bb976da1a39e18a945c.
(cherry picked from commit 6db20926c32ea297418f1f819585007c6b7b6160)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agofix VP9 packet decoder returning 0 instead of the used data size
Steve Lhomme [Tue, 3 Mar 2015 11:06:40 +0000 (12:06 +0100)]
fix VP9 packet decoder returning 0 instead of the used data size

See https://trac.videolan.org/vlc/ticket/14022#comment:6

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4851db80a4f80ddade1d50d2ec741375c763f001)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/flvenc: check that the codec_tag fits in the available bits
Andreas Cadhalpun [Sat, 28 Feb 2015 19:58:31 +0000 (20:58 +0100)]
avformat/flvenc: check that the codec_tag fits in the available bits

flags is later written with avio_w8 and if it doesn't fit in one byte it
triggers an av_assert2.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e8565d21c276ab9ac5ce785549420321fbd0b093)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/utils: use correct printf specifier in ff_set_sar
Andreas Cadhalpun [Sat, 28 Feb 2015 19:11:36 +0000 (20:11 +0100)]
avcodec/utils: use correct printf specifier in ff_set_sar

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 732c3ebffaff5005367d7f947fa903f3b6e92f68)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavutil/imgutils: correctly check for negative SAR components
Michael Niedermayer [Sat, 28 Feb 2015 20:57:11 +0000 (21:57 +0100)]
avutil/imgutils: correctly check for negative SAR components

These could trigger assert failures previously

Found-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5705dc527687fd84d94c934169b6bd753459744f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/utils: clear formatConvBuffer on allocation
Michael Niedermayer [Fri, 27 Feb 2015 02:12:23 +0000 (03:12 +0100)]
swscale/utils: clear formatConvBuffer on allocation

Fixes use of uninitialized memory
Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 007498fc1a639ecee2cda1892cbcff66c7c8c951)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/bit: only accept the g729 codec and 1 channel
Andreas Cadhalpun [Thu, 26 Feb 2015 20:42:02 +0000 (21:42 +0100)]
avformat/bit: only accept the g729 codec and 1 channel

Other codecs/channel numbers are not supported by this muxer.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d0b8640f75ff7569c98d6fdb03d83451104e088c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/bit: check that pkt->size is 10 in write_packet
Andreas Cadhalpun [Thu, 26 Feb 2015 20:38:50 +0000 (21:38 +0100)]
avformat/bit: check that pkt->size is 10 in write_packet

Ohter packet sizes are not supported by this muxer.

This avoids a null pointer dereference of pkt->data.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eeda2c3de8a8484d9e7d1e47ac836bec850b31fc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/adxdec: check avctx->channels for invalid values
Andreas Cadhalpun [Wed, 25 Feb 2015 21:55:44 +0000 (22:55 +0100)]
avformat/adxdec: check avctx->channels for invalid values

This avoids a null pointer dereference of pkt->data.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7faa40af982960608b117e20fec999b48011e5e0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoFix buffer_size argument to init_put_bits() in multiple encoders.
Dyami Caliri [Thu, 26 Feb 2015 18:17:01 +0000 (10:17 -0800)]
Fix buffer_size argument to init_put_bits() in multiple encoders.

Several encoders were multiplying the buffer size by 8, in order to get
a bit size. However, the buffer_size argument is for the byte size of
the buffer. We had experienced crashes encoding prores (Anatoliy) at
size 4096x4096.
(cherry picked from commit 50833c9f7b4e1922197a8955669f8ab3589c8cef)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agomips/acelp_filters: fix incorrect register constraint
James Cowgill [Thu, 26 Feb 2015 13:42:52 +0000 (13:42 +0000)]
mips/acelp_filters: fix incorrect register constraint

Change register constraint on the v variable from = to +. This was causing GCC
to think that the v variable was never read and therefore not initialize it.

This fixes about 20 fate failures on mips64el.

Signed-off-by: James Cowgill <james410@cowgill.org.uk>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b9de1303a6414174ab2f3bccefa801bfabcf0f88)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc_ps: Sanity checks for some log2_* values
Michael Niedermayer [Wed, 25 Feb 2015 14:51:28 +0000 (15:51 +0100)]
avcodec/hevc_ps: Sanity checks for some log2_* values

log2 values which imply numeric overflow are not supported

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 205b2ba3d677330e023aac2f4bd3f624039256b9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/zmbv: Check len before reading in decode_frame()
Michael Niedermayer [Wed, 25 Feb 2015 11:29:10 +0000 (12:29 +0100)]
avcodec/zmbv: Check len before reading in decode_frame()

Fixes out of array read
Fixes: asan_heap-oob_4d4eb0_3994_cov_3169972261_zmbv_15bit.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1f5c7781e63d6519192ada59c1e36bcecc92791d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/h264: Only reinit quant tables if a new PPS is allowed
Michael Niedermayer [Tue, 24 Feb 2015 19:49:07 +0000 (20:49 +0100)]
avcodec/h264: Only reinit quant tables if a new PPS is allowed

Fixes null pointer dereference
Fixes: signal_sigsegv_3042097_3007_cov_1741463594_non_monotone_timestamps1.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c23a0e77dd492d6c794f89dbff3a438c95745e70)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/snowdec: Fix ref value check
Michael Niedermayer [Tue, 24 Feb 2015 02:12:22 +0000 (03:12 +0100)]
avcodec/snowdec: Fix ref value check

Fixes integer overflow and out of array read.
Fixes: signal_sigsegv_24169e6_3445_cov_3778346427_snow_chroma_bug.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8f4cbf940212079a34753c7f4d6c6b5a43586d30)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoswscale/utils: More carefully merge and clear coefficients outside the input
Michael Niedermayer [Mon, 23 Feb 2015 23:32:39 +0000 (00:32 +0100)]
swscale/utils: More carefully merge and clear coefficients outside the input

Fixes out of array read
Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1895d414aaacece3b57d7bf19502305e9a064fae)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/a64multienc: Assert that the Packet size does not grow
Michael Niedermayer [Mon, 23 Feb 2015 00:58:11 +0000 (01:58 +0100)]
avcodec/a64multienc: Assert that the Packet size does not grow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 29bbc1be488ea4fc591d3e0ef12f0fc7c8812afb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/a64multienc: simplify frame handling code
Michael Niedermayer [Sun, 22 Feb 2015 23:55:13 +0000 (00:55 +0100)]
avcodec/a64multienc: simplify frame handling code

This also fixes a memleak

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4da351ff0cff460db2110cf22f2e3eded8733a58)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop
Andreas Cadhalpun [Sun, 22 Feb 2015 19:48:38 +0000 (20:48 +0100)]
avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop

Averaging over 2 pixels doesn't work correctly for the last pixel, because the
rest of the buffer is not initialized.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 87513d654546a99f8ddb045ca4fa5d33778a617e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/a64multienc: initialize mc_meta_charset to zero
Andreas Cadhalpun [Sun, 22 Feb 2015 19:47:50 +0000 (20:47 +0100)]
avcodec/a64multienc: initialize mc_meta_charset to zero

This fixes the use of uninitialized values in avpriv_do_elbg.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ab759f8f4a3f7178361e32ab719e6bc49d8afecb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/a64multienc: don't set incorrect packet size
Michael Niedermayer [Mon, 23 Feb 2015 00:21:30 +0000 (01:21 +0100)]
avcodec/a64multienc: don't set incorrect packet size

This fixes invalid reads of the packet buffer in av_dup_packet

Based on patch by Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d96142e9af92ded84f2580620c571ab96c4bb657)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/a64multienc: use av_frame_ref instead of copying the frame
Andreas Cadhalpun [Sun, 22 Feb 2015 19:43:30 +0000 (20:43 +0100)]
avcodec/a64multienc: use av_frame_ref instead of copying the frame

This fixes freeing the frame buffer twice on cleanup leading to a crash.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 39e4ed7c1d8d840be47f6d604704d47a59a9ae5d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86()
Michael Niedermayer [Thu, 19 Feb 2015 15:25:29 +0000 (16:25 +0100)]
avcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86()

Based on patch by Francisco Blas Izquierdo Riera
Commit message partly taken from carl

fixes a compilation
error in mlpdsp_init.c with -fstack-check and some gcc compilers (I
reproduced the issue with gcc 4.7.3) by simplifying the code.

See also https://bugs.gentoo.org/show_bug.cgi?id=471756

$ make libavcodec/x86/mlpdsp_init.o
libavcodec/x86/mlpdsp_init.c: In function ‘mlp_filter_channel_x86’:
libavcodec/x86/mlpdsp_init.c:142:5: error: can’t find a register in
class ‘GENERAL_REGS’ while reloading ‘asm’
libavcodec/x86/mlpdsp_init.c:142:5: error: ‘asm’ operand has impossible
constraints

4551 -> 4509 dezicycles

Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 03f39fbb2a558153a3c464edec1378d637a755fe)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/omadec: Use 64bit for ret to avoid overflow
Michael Niedermayer [Fri, 20 Feb 2015 20:01:54 +0000 (21:01 +0100)]
avformat/omadec: Use 64bit for ret to avoid overflow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0f55bc29d41585d110b126cb4ed4b395fd46d7ac)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/vqf: Use 64bit for ret to avoid overflow
Michael Niedermayer [Fri, 20 Feb 2015 20:00:57 +0000 (21:00 +0100)]
avformat/vqf: Use 64bit for ret to avoid overflow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cb08687180683a755d0fe9d425280d0e4d1e6db2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/wtvdec: Use 64bit for ret to avoid overflow
Michael Niedermayer [Fri, 20 Feb 2015 19:57:31 +0000 (20:57 +0100)]
avformat/wtvdec: Use 64bit for ret to avoid overflow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d44e0d8b930732a4a247b4884d75cf62b4ad3664)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/mvdec: Use 64bit for ret to avoid overflow
Michael Niedermayer [Fri, 20 Feb 2015 19:41:35 +0000 (20:41 +0100)]
avformat/mvdec: Use 64bit for ret to avoid overflow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 26c0cc154e06cb0064b3a3da49447ac44d82444f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/gxf: Use 64bit for res to avoid overflow
Michael Niedermayer [Fri, 20 Feb 2015 19:14:56 +0000 (20:14 +0100)]
avformat/gxf: Use 64bit for res to avoid overflow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 12987f89007ee82b9d3a6090085dfaef8461ab8b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/idcin: Use 64bit for ret to avoid overflow
Michael Niedermayer [Fri, 20 Feb 2015 19:13:06 +0000 (20:13 +0100)]
avformat/idcin: Use 64bit for ret to avoid overflow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d1923d15a3544cbb94563a59e7169291db76b312)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'b7c8a1fbbd0b6ac0b096ef0402dee440ff27ecb7' into release/2.4
Michael Niedermayer [Sun, 29 Mar 2015 01:28:56 +0000 (03:28 +0200)]
Merge commit 'b7c8a1fbbd0b6ac0b096ef0402dee440ff27ecb7' into release/2.4

* commit 'b7c8a1fbbd0b6ac0b096ef0402dee440ff27ecb7':
  webp: ensure that each transform is only used once

See: c089e720c1b753790c746a13053636d7facf6bf0
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agowebp: ensure that each transform is only used once
Andreas Cadhalpun [Thu, 5 Mar 2015 21:48:28 +0000 (22:48 +0100)]
webp: ensure that each transform is only used once

According to the WebP Lossless Bitstream Specification
"each transform is allowed to be used only once".

If a transform is more than once this can lead to memory
corruption.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c089e720c1b753790c746a13053636d7facf6bf0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '9cef65434e5e5ffbd4a856ce7ae9c067dec039b7' into release/2.4
Michael Niedermayer [Sun, 29 Mar 2015 01:26:42 +0000 (03:26 +0200)]
Merge commit '9cef65434e5e5ffbd4a856ce7ae9c067dec039b7' into release/2.4

* commit '9cef65434e5e5ffbd4a856ce7ae9c067dec039b7':
  h264_ps: properly check cropping parameters against overflow

Conflicts:
libavcodec/h264_ps.c

See: c3bd306e78f9e3ca2f136f5b30cbe49fa0884f82
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'a529f6648ed450f7e846a0e704a0a3260aaa4b62' into release/2.4
Michael Niedermayer [Sun, 29 Mar 2015 01:16:54 +0000 (03:16 +0200)]
Merge commit 'a529f6648ed450f7e846a0e704a0a3260aaa4b62' into release/2.4

* commit 'a529f6648ed450f7e846a0e704a0a3260aaa4b62':
  hevc: zero the correct variables on invalid crop parameters

Conflicts:
libavcodec/hevc_ps.c

See: 7bce99216f744f76bf9e8cb449cd11a5e301ef68
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/hevc_ps: More complete window reset
Michael Niedermayer [Thu, 27 Nov 2014 14:03:35 +0000 (15:03 +0100)]
avcodec/hevc_ps: More complete window reset

Fixes out of array read
Fixes: signal_sigsegv_35bcf26_471_cov_2806540268_CAINIT_A_SHARP_4.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 57e5812198aada016e9ba4149123c541f8c8a7ec)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'a219add4e8e2d3192d99d6c6efe97ec7c429c5ad' into release/2.4
Michael Niedermayer [Sun, 29 Mar 2015 01:13:23 +0000 (03:13 +0200)]
Merge commit 'a219add4e8e2d3192d99d6c6efe97ec7c429c5ad' into release/2.4

* commit 'a219add4e8e2d3192d99d6c6efe97ec7c429c5ad':
  hevc: make the crop sizes unsigned

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agovp9: make above buffer pointer 32-byte aligned.
Ronald S. Bultje [Sat, 21 Mar 2015 20:12:48 +0000 (17:12 -0300)]
vp9: make above buffer pointer 32-byte aligned.

Fixes ticket #4383

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1fd1f58bd6a58f2067a8d6b4919e1a0f34eb1f22)

4 years agowebp: ensure that each transform is only used once
Andreas Cadhalpun [Thu, 5 Mar 2015 21:48:28 +0000 (22:48 +0100)]
webp: ensure that each transform is only used once

According to the WebP Lossless Bitstream Specification
"each transform is allowed to be used only once".

If a transform is more than once this can lead to memory
corruption.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 30e6abd1a8cc4fd5daf2e23ad2e768862c39e975)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agoh264_ps: properly check cropping parameters against overflow
Anton Khirnov [Fri, 20 Mar 2015 20:49:23 +0000 (21:49 +0100)]
h264_ps: properly check cropping parameters against overflow

CC: libav-stable@libav.org
(cherry picked from commit d8a45d2d49f54fde042b195f9d5859251252493d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agohevc: zero the correct variables on invalid crop parameters
Anton Khirnov [Fri, 20 Mar 2015 20:30:29 +0000 (21:30 +0100)]
hevc: zero the correct variables on invalid crop parameters

It's the output_window that is applied to the output frame, not
pic_conf_win

(cherry picked from commit 5127c00b971b674f72609369b39a9c0f7c36977d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agohevc: make the crop sizes unsigned
Anton Khirnov [Fri, 20 Mar 2015 20:28:34 +0000 (21:28 +0100)]
hevc: make the crop sizes unsigned

(cherry picked from commit c929659bdd7d2d5848ea52e685a3164c7b901bb0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agoRevert "avutil/opencl: is_compiled flag not being cleared in av_opencl_uninit"
Michael Niedermayer [Sat, 7 Mar 2015 08:59:27 +0000 (09:59 +0100)]
Revert "avutil/opencl: is_compiled flag not being cleared in av_opencl_uninit"

Fixed build with opencl enabled
Found-by: WJ Liu
This reverts commit 0f2359b86926ed33da4bd64ca76d84d03d5ad380.

(cherry picked from commit ebd59d271c24601e08c3569681b129cd27bf4070)

4 years agoMerge commit '00abc0080d2f5f179f18534713659ce79b22e647' into release/2.4
Michael Niedermayer [Mon, 9 Mar 2015 10:41:49 +0000 (11:41 +0100)]
Merge commit '00abc0080d2f5f179f18534713659ce79b22e647' into release/2.4

* commit '00abc0080d2f5f179f18534713659ce79b22e647':
  doc: More changelog updates for v11.3

Conflicts:
Changelog

not merged

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agodoc: More changelog updates for v11.3
Reinhard Tartler [Mon, 9 Mar 2015 01:51:11 +0000 (21:51 -0400)]
doc: More changelog updates for v11.3

4 years agoMerge commit '3a417a86b330b7c1acf9db4f729be7d619caaded' into release/2.4
Michael Niedermayer [Mon, 9 Mar 2015 00:51:48 +0000 (01:51 +0100)]
Merge commit '3a417a86b330b7c1acf9db4f729be7d619caaded' into release/2.4

* commit '3a417a86b330b7c1acf9db4f729be7d619caaded':
  utvideodec: Handle slice_height being zero

See: 3881606240953b9275a247a1c98a567f3c44890f
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'a73b2c288e3dace6e054a5b48640978be1d5df84' into release/2.4
Michael Niedermayer [Mon, 9 Mar 2015 00:38:30 +0000 (01:38 +0100)]
Merge commit 'a73b2c288e3dace6e054a5b48640978be1d5df84' into release/2.4

* commit 'a73b2c288e3dace6e054a5b48640978be1d5df84':
  adxdec: set avctx->channels in adx_read_header

See: 72f83ad277ca93b29c0a76504735e88ab7d7e647
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/adxdec: set avctx->channels in adx_read_header
Andreas Cadhalpun [Thu, 26 Feb 2015 00:06:57 +0000 (01:06 +0100)]
avformat/adxdec: set avctx->channels in adx_read_header

It is used in adx_read_packet, which currently depends on the decoder/parser setting this value between reading the file header and demuxing the first packet.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 64ea4a0598e7ca61b95cf6c93fd409151a448001)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '2ef2f60b4f0308d1c871091c9c1a9641d14ec585' into release/2.4
Michael Niedermayer [Mon, 9 Mar 2015 00:35:28 +0000 (01:35 +0100)]
Merge commit '2ef2f60b4f0308d1c871091c9c1a9641d14ec585' into release/2.4

* commit '2ef2f60b4f0308d1c871091c9c1a9641d14ec585':
  rmenc: limit packet size

Conflicts:
libavformat/rmenc.c

See: 73ca672fb6e6661a5e1b5d1ec3ad06bfbe144fd4
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavformat/rm: limit packet size
Andreas Cadhalpun [Mon, 2 Mar 2015 14:46:44 +0000 (15:46 +0100)]
avformat/rm: limit packet size

The chunk size is limited to 0xFFFF (written by avio_wb16), so make
sure that the packet size is not too large.

Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
See Ticket244

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08728f400b8367dc8c983036cb2eff3a2891322b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '905172d75c9cfd93c757b09fa4b8afa0e926a13c' into release/2.4
Michael Niedermayer [Mon, 9 Mar 2015 00:25:50 +0000 (01:25 +0100)]
Merge commit '905172d75c9cfd93c757b09fa4b8afa0e926a13c' into release/2.4

* commit '905172d75c9cfd93c757b09fa4b8afa0e926a13c':
  webp: validate the distance prefix code

See: 897a51f47b38ed3391d49590788e45fb6ba5c310
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/webp: validate the distance prefix code
Andreas Cadhalpun [Mon, 2 Mar 2015 19:47:57 +0000 (20:47 +0100)]
avcodec/webp: validate the distance prefix code

According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.

If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5de2dab12b951b2fe121eb18503accfc91cd1565)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '8aee35acb1b40e51a4fc8d7f7c561088e25d6d2e' into release/2.4
Michael Niedermayer [Mon, 9 Mar 2015 00:23:06 +0000 (01:23 +0100)]
Merge commit '8aee35acb1b40e51a4fc8d7f7c561088e25d6d2e' into release/2.4

* commit '8aee35acb1b40e51a4fc8d7f7c561088e25d6d2e':
  rv10: check size of s->mb_width * s->mb_height

Conflicts:
libavcodec/rv10enc.c

See: d08db138e2109725ba2963f152b0a2b1fffded1b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/rv10: check size of s->mb_width * s->mb_height
Andreas Cadhalpun [Mon, 2 Mar 2015 19:27:26 +0000 (20:27 +0100)]
avcodec/rv10: check size of s->mb_width * s->mb_height

If it doesn't fit into 12 bits it triggers an assertion.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2578a546183da09d49d5bba8ab5e982dece1dede)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'e818da77240146b36d6669b1c4e0565239dc55d3' into release/2.4
Michael Niedermayer [Mon, 9 Mar 2015 00:18:06 +0000 (01:18 +0100)]
Merge commit 'e818da77240146b36d6669b1c4e0565239dc55d3' into release/2.4

* commit 'e818da77240146b36d6669b1c4e0565239dc55d3':
  eamad: check for out of bounds read

Conflicts:
libavcodec/eamad.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoutvideodec: Handle slice_height being zero
Michael Niedermayer [Wed, 4 Mar 2015 17:36:14 +0000 (17:36 +0000)]
utvideodec: Handle slice_height being zero

Fixes out of array accesses.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-9604
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d)

4 years agoMerge commit '2c63081b48d98f3a0d0bed7b0ec3c0347b99144c' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:44:49 +0000 (00:44 +0100)]
Merge commit '2c63081b48d98f3a0d0bed7b0ec3c0347b99144c' into release/2.4

* commit '2c63081b48d98f3a0d0bed7b0ec3c0347b99144c':
  mdec: check for out of bounds read

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '4070e02dfcf8c7d871b4a41d8b591ec0c130c70a' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:44:07 +0000 (00:44 +0100)]
Merge commit '4070e02dfcf8c7d871b4a41d8b591ec0c130c70a' into release/2.4

* commit '4070e02dfcf8c7d871b4a41d8b591ec0c130c70a':
  configure: Properly fail when libcdio/cdparanoia is not found

Conflicts:
configure

See: f514b5dff769a331ea2153c23594d9b29b667141
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '77eb3d9a60a9c2bb6d87c960ac186af242bbcc9e' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:43:06 +0000 (00:43 +0100)]
Merge commit '77eb3d9a60a9c2bb6d87c960ac186af242bbcc9e' into release/2.4

* commit '77eb3d9a60a9c2bb6d87c960ac186af242bbcc9e':
  tiff: Check that there is no aliasing in pixel format selection

Conflicts:
libavcodec/tiff.c

See: e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'f3dafb63d05896aacf84caf0e4c81c216476d60e' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:31:23 +0000 (00:31 +0100)]
Merge commit 'f3dafb63d05896aacf84caf0e4c81c216476d60e' into release/2.4

* commit 'f3dafb63d05896aacf84caf0e4c81c216476d60e':
  aic: Fix decoding files with odd dimensions

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '7136a0bf88f31bb8d40a3bbd251963706fb14578' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:27:34 +0000 (00:27 +0100)]
Merge commit '7136a0bf88f31bb8d40a3bbd251963706fb14578' into release/2.4

* commit '7136a0bf88f31bb8d40a3bbd251963706fb14578':
  vorbis: Check the vlc value in setup_classifs

Conflicts:
libavcodec/vorbisdec.c

See: ae038c0914460646503be083e30e3971093239a1
See: 709cae2bcbc0ea2c5d46c932b3d8301cf8f98e6b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '450b02307cb631f501793b52b98b610c3a54378b' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:26:52 +0000 (00:26 +0100)]
Merge commit '450b02307cb631f501793b52b98b610c3a54378b' into release/2.4

* commit '450b02307cb631f501793b52b98b610c3a54378b':
  arm: Suppress tags about used cpu arch and extensions

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'fc3c1156e361202ab97ad63ffb4dacc416906d33' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:16:15 +0000 (00:16 +0100)]
Merge commit 'fc3c1156e361202ab97ad63ffb4dacc416906d33' into release/2.4

* commit 'fc3c1156e361202ab97ad63ffb4dacc416906d33':
  doc: Update changelog for v11.3

Conflicts:
Changelog

Not merged, the changelog is not correct for FFmpeg

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '7c1fe31617699ddefe6b0f39f16e7c3d79e998e2' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:14:42 +0000 (00:14 +0100)]
Merge commit '7c1fe31617699ddefe6b0f39f16e7c3d79e998e2' into release/2.4

* commit '7c1fe31617699ddefe6b0f39f16e7c3d79e998e2':
  Prepare for 11.3 Release

Conflicts:
RELEASE

Not merged

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'cf3523c6e7dde33a513e003639d5a8c0b7f3a49d' into release/2.4
Michael Niedermayer [Sun, 8 Mar 2015 23:10:43 +0000 (00:10 +0100)]
Merge commit 'cf3523c6e7dde33a513e003639d5a8c0b7f3a49d' into release/2.4

* commit 'cf3523c6e7dde33a513e003639d5a8c0b7f3a49d':
  prores: Extend the padding check to 16bit

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoadxdec: set avctx->channels in adx_read_header
Andreas Cadhalpun [Thu, 26 Feb 2015 00:06:57 +0000 (01:06 +0100)]
adxdec: set avctx->channels in adx_read_header

It is used in adx_read_packet, which currently depends on the
decoder/parser setting this value between reading the file header and
demuxing the first packet.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agormenc: limit packet size
Andreas Cadhalpun [Mon, 2 Mar 2015 15:52:26 +0000 (16:52 +0100)]
rmenc: limit packet size

The chunk size is limited to UINT16_MAX (written by avio_wb16), so make
sure that the packet size is not too large.

Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agowebp: validate the distance prefix code
Andreas Cadhalpun [Mon, 2 Mar 2015 19:47:57 +0000 (20:47 +0100)]
webp: validate the distance prefix code

According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.

If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agorv10: check size of s->mb_width * s->mb_height
Andreas Cadhalpun [Tue, 3 Mar 2015 20:31:15 +0000 (21:31 +0100)]
rv10: check size of s->mb_width * s->mb_height

If it doesn't fit into 12 bits it triggers an assertion.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agoeamad: check for out of bounds read
Federico Tomassetti [Wed, 18 Feb 2015 12:11:44 +0000 (12:11 +0000)]
eamad: check for out of bounds read

Bug-Id: CID 1257500
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
4 years agomdec: check for out of bounds read
Federico Tomassetti [Wed, 18 Feb 2015 12:11:43 +0000 (12:11 +0000)]
mdec: check for out of bounds read

Bug-Id: CID 1257501
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
4 years agoconfigure: Properly fail when libcdio/cdparanoia is not found
Vittorio Giovara [Sun, 22 Feb 2015 19:49:52 +0000 (19:49 +0000)]
configure: Properly fail when libcdio/cdparanoia is not found

4 years agotiff: Check that there is no aliasing in pixel format selection
Anton Khirnov [Sat, 7 Mar 2015 21:06:59 +0000 (22:06 +0100)]
tiff: Check that there is no aliasing in pixel format selection

Fixes possible issues with unexpected bpp/bppcount values.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
(cherry picked from commit ae5e1f3d663a8c9a532d89e588cbc61f171c9186)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
4 years agoaic: Fix decoding files with odd dimensions
Vittorio Giovara [Fri, 27 Feb 2015 19:00:25 +0000 (19:00 +0000)]
aic: Fix decoding files with odd dimensions

Normally the aic decoder finds the proper slice combination (multiple of
some number less than 32) but in case of odd width, it resorts to the
default values, which were actually swapped.
The number of slices is modified to account for such odd width cases.

CC: libav-stable@libav.org
(cherry picked from commit e878ec0d47cd6228c367b2f3128b76d7523f7255)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
4 years agovorbis: Check the vlc value in setup_classifs
Luca Barbato [Tue, 3 Mar 2015 10:05:15 +0000 (11:05 +0100)]
vorbis: Check the vlc value in setup_classifs

The valid returned values are always at most 11bit.
Remove the previous check that assumed larger values plausible and
use a signed integer to check get_vlc2 return values.

CC: libav-stable@libav.org
(cherry picked from commit 0025f7408a0fab2cab4a950064e4784a67463994)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
4 years agoarm: Suppress tags about used cpu arch and extensions
Martin Storsjö [Thu, 5 Mar 2015 21:38:00 +0000 (23:38 +0200)]
arm: Suppress tags about used cpu arch and extensions

When all the codepaths using manually set .arch/.fpu code is
behind runtime detection, the elf attributes should be suppressed.

This allows tools to know that the final built binary doesn't
strictly require these extensions.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit dcae2e32f7d8a1ca5fb8c1e4aa81313be854dd73
and b77e335e441040a40fc6156b8e4a134745d10233)
Signed-off-by: Martin Storsjö <martin@martin.st>