ffmpeg.git
3 years agoavcodec/mpeg12dec: Do not call show_bits() with invalid bits
Michael Niedermayer [Thu, 5 Nov 2015 23:56:04 +0000 (00:56 +0100)]
avcodec/mpeg12dec: Do not call show_bits() with invalid bits

Fixes assertion failure
Fixes: 63e50545709a6440d3d59f6426d58db9/signal_sigabrt_7ffff6ae7cc9_8189_3272a3010fd98ddf947c662bbde1ac13.ts

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 973c3dba27d0b1a88c70f6661b6a90d2f2e50665)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolibavutil/channel_layout: Check strtol*() for failure
Michael Niedermayer [Thu, 5 Nov 2015 18:24:33 +0000 (19:24 +0100)]
libavutil/channel_layout: Check strtol*() for failure

Fixes assertion failure
Fixes: 4f5814bb15d2dda6fc18ef9791b13816/signal_sigabrt_7ffff6ae7cc9_65_7209d160d168b76f311be6cd64a548eb.wv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9bfd6a8c35a2102e730aca12f6e09d1627f76b3)

Conflicts:

libavutil/channel_layout.c

3 years agoavcodec/ffv1dec: Check for 0 quant tables
Michael Niedermayer [Wed, 4 Nov 2015 23:36:59 +0000 (00:36 +0100)]
avcodec/ffv1dec: Check for 0 quant tables

Fixes assertion failure
Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5745cf799a4389bc5d14f2b4daf32fe4631c50bc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mjpegdec: Reinitialize IDCT on BPP changes
Michael Niedermayer [Wed, 4 Nov 2015 20:27:04 +0000 (21:27 +0100)]
avcodec/mjpegdec: Reinitialize IDCT on BPP changes

Fixes misaligned access
Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cc35f6f4768ffe57cc4fcfa56ecb89aee409e3d5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
Michael Niedermayer [Wed, 4 Nov 2015 17:08:52 +0000 (18:08 +0100)]
avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it

Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg
Fixes out of array access

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d24888ef19ba38b787b11d1ee091a3d94920c76a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/file_open: avoid file handle inheritance on Windows
Tobias Rapp [Thu, 29 Oct 2015 08:11:37 +0000 (09:11 +0100)]
avutil/file_open: avoid file handle inheritance on Windows

Avoids inheritance of file handles on Windows systems similar to the
O_CLOEXEC/FD_CLOEXEC flag on Linux.

Fixes file lock issues in Windows applications when a child process
is started with handle inheritance enabled (standard input/output
redirection) while a FFmpeg transcoding is running in the parent
process.

Links relevant to the subject:

https://msdn.microsoft.com/en-us/library/w7sa2b22.aspx

Describes the _wsopen() function and the O_NOINHERIT flag. File handles
opened by _wsopen() are inheritable by default.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx

Describes handle inheritance when creating new processes. Handle
inheritance must be enabled (bInheritHandles = TRUE) e.g. when you want
to pass handles for stdin/stdout via lpStartupInfo.

Signed-off-by: Tobias Rapp <t.rapp@noa-audio.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 474665346616e446ecd1407002fdf5f88201bf72)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoopusdec: Don't run vector_fmul_scalar on zero length arrays
Kieran Kunhya [Mon, 26 Oct 2015 23:09:44 +0000 (23:09 +0000)]
opusdec: Don't run vector_fmul_scalar on zero length arrays

Fixes crashes on fuzzed files
Fixes Ticket4969 part2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3e5f15b95f04a35821f63f6fd89ddd60f666a59)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1: Initialize vlc_state on allocation
Michael Niedermayer [Sat, 17 Oct 2015 00:13:42 +0000 (02:13 +0200)]
avcodec/ffv1: Initialize vlc_state on allocation

This ensures that they are always set to valid values
Fixes Ticket4939

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a878dfa4f57d068eb69fb6614f7a4a20f769ee7b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1dec: update progress in case of broken pointer chains
Michael Niedermayer [Fri, 16 Oct 2015 20:25:20 +0000 (22:25 +0200)]
avcodec/ffv1dec: update progress in case of broken pointer chains

Fixes deadlock
Fixes Ticket4932

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5063a18f5635008b2a45ada1f8c1e21e20450029)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding...
Michael Niedermayer [Fri, 16 Oct 2015 18:15:48 +0000 (20:15 +0200)]
avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons

Fixes Ticket4931

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c2d4e8700cd3db59bc11ab196c0002215cf601f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/httpauth: Add space after commas in HTTP/RTSP auth header
Andrey Utkin [Thu, 1 Oct 2015 10:56:31 +0000 (13:56 +0300)]
avformat/httpauth: Add space after commas in HTTP/RTSP auth header

This fixes access to Grandstream cameras, which return 401 to ffmpeg
otherwise.
VLC sends Authorization: header with spaces between parameters, and it
is known to work with Grandstream devices and broad range of other HTTP
and RTSP servers, so author considers switching to such behaviour safe.
Just for record - RFC 2617 (HTTP Auth) does not specify the need in
spaces, so this is not a bug of FFmpeg.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fdb32838723effb4560a345013387ea37b85ff20)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise
Michael Niedermayer [Tue, 29 Sep 2015 11:08:48 +0000 (13:08 +0200)]
avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise

Fixes crash
Fixes: flicker-1.scout3d21443372922.28.m4a

Found-by: Dale Curtis <dalecurtis@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b82b934a166e60f64e966eaa97512ba9dcb615b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1dec: Fix off by 1 error in quant_table_count check
Michael Niedermayer [Sat, 26 Sep 2015 11:20:59 +0000 (13:20 +0200)]
avcodec/ffv1dec: Fix off by 1 error in quant_table_count check

Fixes: invalid_read.nut
Found-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d221d9e069e6269cb41f3678f2734800171d87b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/ffv1dec: Explicitly check read_quant_table() return value
Michael Niedermayer [Sat, 26 Sep 2015 11:09:59 +0000 (13:09 +0200)]
avcodec/ffv1dec: Explicitly check read_quant_table() return value

Forwards the error code, avoids potential integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 10bbf6cf622f8a954c6cc694ca07c24f989c99af)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/rangecoder: Check e
Michael Niedermayer [Fri, 25 Sep 2015 12:26:14 +0000 (14:26 +0200)]
avcodec/rangecoder: Check e

Fixes hang.nut

Found-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2955b6c5aed11026ec5c7164462899a10cdb937)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.
Simon Thelen [Fri, 11 Sep 2015 19:49:07 +0000 (21:49 +0200)]
lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.

Not requiring this can end up producing hilariously broken files
together with -c:s copy (e.g. a webvtt file containing binary subtitle data).

Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b84232694ef0c6897e82b52326c9ea4027c69ec4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
Michael Niedermayer [Fri, 11 Sep 2015 11:28:51 +0000 (13:28 +0200)]
avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 055e56e9f76da3298f1b59bf5ea46f570e844600)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavfilter/af_asyncts: use llabs for int64_t
Ganesh Ajjanagadde [Sun, 6 Sep 2015 03:42:02 +0000 (20:42 -0700)]
avfilter/af_asyncts: use llabs for int64_t

long may not be 64 bit on all platforms; so labs on int64_t is unsafe.
This fixes a warning reported in:
http://fate.ffmpeg.org/log.cgi?time=20150905071512&log=compile&slot=i386-darwin-clang-polly-3.7

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d74123d03eb1047b844bc39fbde26f199c72cbcb)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/g2meet: Also clear tile dimensions on header_fail
Michael Niedermayer [Fri, 4 Sep 2015 10:11:46 +0000 (12:11 +0200)]
avcodec/g2meet: Also clear tile dimensions on header_fail

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fb0466699575724923aeddc4490302180dfdf4af)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/g2meet: Fix potential overflow in tile dimensions check
Michael Niedermayer [Fri, 4 Sep 2015 10:10:02 +0000 (12:10 +0200)]
avcodec/g2meet: Fix potential overflow in tile dimensions check

Fixes CID1322351

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71ec8e1ed6cf4947e204e3e4b5929a44c054f5fb)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/svq1dec: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:18:13 +0000 (01:18 +0200)]
avcodec/svq1dec: Check init_get_bits8() for failure

Fixes: CID1322313

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a51d4246d8ac96acee735e7e5dedb9d9ef27a594)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/tta: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:18:13 +0000 (01:18 +0200)]
avcodec/tta: Check init_get_bits8() for failure

Fixes: CID1322319

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f1593e4ca564cdb7f3194a9eee1dea16df41142d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/vp3: Check init_get_bits8() for failure
Michael Niedermayer [Thu, 3 Sep 2015 23:13:05 +0000 (01:13 +0200)]
avcodec/vp3: Check init_get_bits8() for failure

Fixes CID1322316

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cbd3cd8eb2de2280d83da5ee875c35581b46a3a3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoswresample/swresample: Fix integer overflow in seed calculation
Michael Niedermayer [Thu, 3 Sep 2015 07:22:31 +0000 (09:22 +0200)]
swresample/swresample: Fix integer overflow in seed calculation

Fixes CID1322333

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 32f53958b8f6ed4c3c2a7447c1e47d012796fae2)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/mov: Fix integer overflow in FFABS
Michael Niedermayer [Thu, 3 Sep 2015 07:20:23 +0000 (09:20 +0200)]
avformat/mov: Fix integer overflow in FFABS

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 053e80f6eaf8d87521fe58ea96886b6ee0bbe59d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/common: Add FFNABS()
Michael Niedermayer [Thu, 3 Sep 2015 00:17:24 +0000 (02:17 +0200)]
avutil/common: Add FFNABS()

This macro avoids the undefined corner case with the *_MIN values

Previous version Reviewed-by: Ganesh Ajjanagadde <gajjanag@mit.edu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6cd614dac579850076ae312c29c4188f8659e46)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavutil/common: Document FFABS() corner case
Michael Niedermayer [Thu, 3 Sep 2015 00:00:05 +0000 (02:00 +0200)]
avutil/common: Document FFABS() corner case

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 733511fb53fedd3adaaeabc5db9d0b29e71ea1d3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/dump: Fix integer overflow in aspect ratio calculation
Michael Niedermayer [Thu, 3 Sep 2015 00:49:44 +0000 (02:49 +0200)]
avformat/dump: Fix integer overflow in aspect ratio calculation

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d1bdaf3fb2c45020f72a378bb64eab1bf136581c)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/truemotion1: Check for even width
Michael Niedermayer [Tue, 1 Sep 2015 02:57:22 +0000 (04:57 +0200)]
avcodec/truemotion1: Check for even width

Fixes out of array access
Fixes: 87196d8bbc633629fc9dd851fce73e70/asan_heap-oob_26f6853_862_cov_585961513_sonic3dblast_intro-partial.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63fb5a6aefb4223334001fd2c0d82a5e22e3b528)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/mpeg12dec: Set dimensions in mpeg1_decode_sequence() only in absence of errors
Michael Niedermayer [Tue, 1 Sep 2015 00:45:10 +0000 (02:45 +0200)]
avcodec/mpeg12dec: Set dimensions in mpeg1_decode_sequence() only in absence of errors

Fixes assertion failure
Fixes: 56dcafde14a8397161bb61a16c511179/signal_sigabrt_7ffff6ac8cc9_686_cov_1897408623_microsoft_new_way_to_shove_mpeg2_in_asf.dvr_ms

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b54e03c9dc2a05324c08b503bfe7535c49c0f281)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/libopusenc: Fix infinite loop on flushing after 0 input
Michael Niedermayer [Thu, 27 Aug 2015 10:44:31 +0000 (12:44 +0200)]
avcodec/libopusenc: Fix infinite loop on flushing after 0 input

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6701c92fa4269872856c70c3170a9b3291b46247)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops
Michael Niedermayer [Mon, 24 Aug 2015 11:04:38 +0000 (13:04 +0200)]
avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee155c18a2c50b339ba5f6f223fbb6dc343fd471)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/hevc: Fix parsing errors
Arthur Grant [Mon, 24 Aug 2015 10:19:03 +0000 (12:19 +0200)]
avformat/hevc: Fix parsing errors

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 781efd07415cdf6f676cca5b22147e5d6be0a4c4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoffmpeg: Use correct codec_id for av_parser_change() check
Michael Niedermayer [Fri, 21 Aug 2015 01:04:41 +0000 (03:04 +0200)]
ffmpeg: Use correct codec_id for av_parser_change() check

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 45f3d4e63e7807ff3d281f269625ed83f11e4cdc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoffmpeg: Check av_parser_change() for failure
Michael Niedermayer [Fri, 21 Aug 2015 01:02:55 +0000 (03:02 +0200)]
ffmpeg: Check av_parser_change() for failure

No testcase known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ac0ba6f233698f02ebb75b03242e94333dbe13d4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE
Michael Niedermayer [Fri, 21 Aug 2015 00:16:31 +0000 (02:16 +0200)]
ffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE

The null muxer has AVFMT_RAWPICTURE set but can be fed with non-raw material

related to Ticket4778

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c8890941d63df786bb7a8cab92677416499bb7c3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoffmpeg: check avpicture_fill() return value
Michael Niedermayer [Fri, 21 Aug 2015 00:02:05 +0000 (02:02 +0200)]
ffmpeg: check avpicture_fill() return value

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15ff3f3fdfc788c0e4e584badd7ec300abfbd716)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavformat/mux: Update sidedata in ff_write_chained()
Michael Niedermayer [Thu, 20 Aug 2015 01:35:10 +0000 (03:35 +0200)]
avformat/mux: Update sidedata in ff_write_chained()

Fixes Ticket4777

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db91e0edb63afc682ae709f73e3732a4c832944d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/flashsvenc: Correct max dimension in error message
Michael Niedermayer [Sat, 15 Aug 2015 13:21:04 +0000 (15:21 +0200)]
avcodec/flashsvenc: Correct max dimension in error message

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1f59bb6606721ef5eeade4ada541630d51510fe)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/svq1enc: Check dimensions
Michael Niedermayer [Sat, 15 Aug 2015 12:54:36 +0000 (14:54 +0200)]
avcodec/svq1enc: Check dimensions

Fixes assertion failure

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 88fe45e0fe379d7ea86c8ac1e1e8cf2c3f62389f)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agoavcodec/dcaenc: clear bitstream end
Michael Niedermayer [Tue, 4 Aug 2015 01:11:15 +0000 (03:11 +0200)]
avcodec/dcaenc: clear bitstream end

This avoids leaving uninitialized bits in the output

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e322b7061f873e8fd33b9e518caa19b87616a528)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agolibavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()
Emanuel Czirai [Sun, 2 Aug 2015 22:58:46 +0000 (00:58 +0200)]
libavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()

related to ticket4749

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ab1c57a64b629455805d7fa74a8a20c689fc1f6)

Conflicts:

libavcodec/aacdec_template.c
(cherry picked from commit dabb6dd98af52a22a922bca4a9196acf68b084dd)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agorawdec: fix mjpeg probing buffer size check
wm4 [Wed, 29 Jul 2015 20:33:44 +0000 (22:33 +0200)]
rawdec: fix mjpeg probing buffer size check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c6beaed9210f01290e5a5a4e377f93f145172cc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agorawdec: fix mjpeg probing
wm4 [Wed, 29 Jul 2015 20:11:18 +0000 (22:11 +0200)]
rawdec: fix mjpeg probing

There can be other headers than "Content-Type:" (in this case, a
"Content-Length:" header was following), so checking for a trailing
newline is wrong.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf51fcd304d5594a4d8eed2bedf0ef0f68fa65f8)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
3 years agovideodsp: don't overread edges in vfix3 emu_edge.
Ronald S. Bultje [Fri, 23 Oct 2015 15:11:53 +0000 (11:11 -0400)]
videodsp: don't overread edges in vfix3 emu_edge.

Fixes trac ticket 3226. Also see Andreas' analysis in
https://bugs.debian.org/801745, which was very helpful.
(cherry picked from commit 52f84d82bdf1851ecfcc412c1719e5f6f3396209)

3 years agolavf/matroskadec: Fully parse and repack MP3 packets
Rodger Combs [Sun, 16 Aug 2015 08:06:04 +0000 (03:06 -0500)]
lavf/matroskadec: Fully parse and repack MP3 packets

Fixes https://trac.ffmpeg.org/ticket/4776

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b4b2717ffe89940999eeca7317190f729b27f472)

3 years agoavcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check
Michael Niedermayer [Fri, 21 Aug 2015 00:49:21 +0000 (02:49 +0200)]
avcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check

Fixes Ticket4778

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bb54b82b5094fd906aa28c0443be08c95662a31)

3 years agoavformat/oggenc: Check segments_count for headers too
Michael Niedermayer [Thu, 27 Aug 2015 02:08:42 +0000 (04:08 +0200)]
avformat/oggenc: Check segments_count for headers too

Fixes infinite loop and segfault in ogg_buffer_data()
Fixes Ticket4806

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 81a8701eb52d2b6469ae16ef442ce425388141b7)

3 years agoavformat/avidec: Workaround broken initial frame
Michael Niedermayer [Tue, 15 Sep 2015 02:01:27 +0000 (04:01 +0200)]
avformat/avidec: Workaround broken initial frame

Fixes Ticket4851

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e2ef00394b8079e93835d47c993868229f07502)

3 years agohevc: properly handle no_rasl_output_flag when removing pictures from the DPB
Hendrik Leppkes [Sat, 12 Sep 2015 19:50:24 +0000 (21:50 +0200)]
hevc: properly handle no_rasl_output_flag when removing pictures from the DPB

Fixes ticket #4185.

Reviewed-By: Mickael Raulet <Mickael.Raulet@insa-rennes.fr>
Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com>
(cherry picked from commit 0118158efa8e45761f9f65a3bb74f33907bd2aec)

3 years agohevc: fix wpp threading deadlock.
Ronald S. Bultje [Sun, 20 Sep 2015 10:39:14 +0000 (12:39 +0200)]
hevc: fix wpp threading deadlock.

Fixes ticket 4258.
(cherry picked from commit 74e4948235bc8f8946eeca20525258bbf383f75d)

3 years agoavcodec/ffv1: seperate slice_count from max_slice_count
Michael Niedermayer [Thu, 24 Sep 2015 21:49:30 +0000 (23:49 +0200)]
avcodec/ffv1: seperate slice_count from max_slice_count

Fix segfault with too large slice_count
Fixes Ticket4879

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa6c43f3fdec8a7518534b9dab20c9eb4be11568)

Conflicts:
libavcodec/ffv1enc.c
libavcodec/ffv1.c

3 years agolavf/img2dec: Fix memory leak
Przemysław Sobala [Tue, 29 Sep 2015 13:25:07 +0000 (15:25 +0200)]
lavf/img2dec: Fix memory leak

Fixes #4886

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01dd7e025c246d9001f1a30f4a5d8fa2936d1a5e)

3 years agoavcodec/mp3: fix skipping zeros
wm4 [Wed, 30 Sep 2015 12:53:35 +0000 (14:53 +0200)]
avcodec/mp3: fix skipping zeros

Commits 43bc5cf9 and c5371f77 add code for skipping initial zeros in mp3
packets. This code forgot to report to the user that data was skipped at
all.

Since audio codecs allow partial packet decoding, the user application
has to rely on the return value. It will remove the data reported as
consumed by the decoder, and feed it to the decoder again. This resulted
in the mp3 frame after the zero region to be decoded over and over
again, until the zero region was finally skipped by the application.

Fix this by including the amount of skipped bytes to the number of
consumed bytes returned by the decode call.

Fixes trac ticket #4890.
(cherry picked from commit cb1da9fb8d71bb611a7b0028914c97afc3f5711d)

3 years agoavformat/srtdec: make sure we probe a number
Clément Bœsch [Fri, 9 Oct 2015 08:52:58 +0000 (10:52 +0200)]
avformat/srtdec: make sure we probe a number

Fixes regression since 7218352e0228028dfa009a3799ec93fd041065f1: WebVTT
files were matching the SRT probing.
(cherry picked from commit 40d9d6de90c3652f4c468ab14976c7faf5e40c07)

3 years agoavformat/srtdec: more lenient first line probing
Clément Bœsch [Thu, 1 Oct 2015 09:48:45 +0000 (11:48 +0200)]
avformat/srtdec: more lenient first line probing

Fixes Ticket #4898
(cherry picked from commit 7218352e0228028dfa009a3799ec93fd041065f1)

4 years agodoc: mention libavcodec can decode Opus natively
James Almer [Mon, 21 Sep 2015 02:20:43 +0000 (23:20 -0300)]
doc: mention libavcodec can decode Opus natively

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit fd9ac48dc8aebcbd601af34336234d5102b36e21)

4 years agoMAINTAINERS: Remove myself as leader
Michael Niedermayer [Fri, 31 Jul 2015 13:54:38 +0000 (15:54 +0200)]
MAINTAINERS: Remove myself as leader

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2c58931e629343f7d68258cc2b2d62c5f501ba5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoupdate changelog n2.6.4
Michael Niedermayer [Thu, 23 Jul 2015 00:05:35 +0000 (02:05 +0200)]
update changelog

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoimc: use correct position for flcoeffs2 calculation
Andreas Cadhalpun [Fri, 10 Jul 2015 19:50:50 +0000 (21:50 +0200)]
imc: use correct position for flcoeffs2 calculation

flcoeffs2[pos] should be the log2 of flcoeffs1[pos].
flcoeffs1[0] can be 0 here, thus flcoeffs2[pos] gets set to -inf,
causing problems further down.

This seems to have been copied from imc_decode_level_coefficients in
commit 4eb4bb3 without updating the position.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 75fd5ce4c1c0b2d96d71c74b650cefaaef519d27)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 27816fb9ef26af1fa820c434079491f155e67471)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agohevc: check slice address length
Andreas Cadhalpun [Fri, 10 Jul 2015 17:41:43 +0000 (19:41 +0200)]
hevc: check slice address length

It is used as get_bits argument and reading 0 bits isn't supported.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 05cc8c8e4b7008ff3be8ec477c901b2ceca4b16b)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f06d9dced4c7267008beae45f28ce4e1848ef403)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agosnow: remove an obsolete av_assert2
Andreas Cadhalpun [Thu, 9 Jul 2015 17:50:34 +0000 (19:50 +0200)]
snow: remove an obsolete av_assert2

It asserts that the frame linesize is larger than 37, but it can be
smaller and decoding such frames works.

Before commit cc884a35 src_stride > 7*MB_SIZE was necessary, because the
blocks were interleaved in the tmp buffer and the last block was added
with an offset of 6*MB_SIZE.
It was changed for src_stride <= 7*MB_SIZE to write the blocks
sequentially, hence the larger tmp_step.
After that the assert was only necessary to make sure that the buffer
remained large enough.
Since commit bd2b6b33 s->scratchbuf is used as tmp buffer.
As part of commit 86e107a7 the minimal scratchbuf size was increased to
256*7*MB_SIZE, which is enough for any src_stride <= 7*MB_SIZE.

Also add a comment explaining the tmp_step calculation.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 3526a120f92929cb0a4009e403ee2f141030c487)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 26cb351452e76dc4a61028f277cf11b8d7abd74b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agowebp: fix infinite loop in webp_decode_frame
Andreas Cadhalpun [Thu, 2 Jul 2015 21:45:46 +0000 (23:45 +0200)]
webp: fix infinite loop in webp_decode_frame

The loop always needs at least 8 bytes for chunk_type and chunk_size.
If fewer are left, bytestream2_get_le32 just returns 0 without
reading any bytes, leading to an infinite loop.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0762152f7af6cd93bc8f504d5503723500c3f369)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 762a5878a6b0bef923ef97c15fdb8274a0351278)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agowavpack: limit extra_bits to 32 and use get_bits_long
Andreas Cadhalpun [Thu, 2 Jul 2015 21:05:05 +0000 (23:05 +0200)]
wavpack: limit extra_bits to 32 and use get_bits_long

More than 32 bits can't be stored in an integer and get_bits should not
be used with more than 25 bits.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit d0eff8857ceff2601f85037c930cbe61a88b611e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f0af6e705f3b30f7f5afa3c24db27433af6b1bfc)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: only count got_output/errors in decode_error_stat
Andreas Cadhalpun [Tue, 30 Jun 2015 19:09:50 +0000 (21:09 +0200)]
ffmpeg: only count got_output/errors in decode_error_stat

If threading is used, the first (thread_count - 1) packets are read
before any frame/error is returned. Counting this as successful decoding
is wrong, because it also happens when no single frame could be decoded.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit bd0f14123fd8c7ff1c27b726d143f84c67f3a522)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 70b97a89d2d7ba837c830b1da5924314d68fc3e7)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: exit_on_error if decoding a packet failed
Andreas Cadhalpun [Tue, 30 Jun 2015 19:06:40 +0000 (21:06 +0200)]
ffmpeg: exit_on_error if decoding a packet failed

This is the second part of the fix for ticket #4370.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit cd64ead8d96b2d2c300e0ac620fb82b17d6051bf)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Conflicts:
ffmpeg.c
(cherry picked from commit 1d1adf5ff42041810d4069ce03303706fbf13d8a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agopthread_frame: forward error codes when flushing
Andreas Cadhalpun [Tue, 30 Jun 2015 19:01:29 +0000 (21:01 +0200)]
pthread_frame: forward error codes when flushing

This is the first part of the fix for ticket #4370.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 32a5b631267e1f8bf279e407039b9a99d012d033)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit acfad331adde5b4ae247bf5748211e8fdb6b4ef5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agohuffyuvdec: validate image size
Andreas Cadhalpun [Sun, 28 Jun 2015 09:21:54 +0000 (11:21 +0200)]
huffyuvdec: validate image size

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 9a345802edf7f430b3335f486aecdd8552f8367b)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 43f8a422b34302d94ba76eb9a5be75ffffbc9881)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agowavpack: use get_bits_long to read up to 32 bits
Andreas Cadhalpun [Sat, 27 Jun 2015 18:16:12 +0000 (20:16 +0200)]
wavpack: use get_bits_long to read up to 32 bits

get_bits should not be used for more than 25 bits.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f9883a669c3df05a5c453428e080298c6511a17e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 95bd0f3a4b65e1641079f8bbdf391d0a2bfcd27a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agonutdec: check maxpos in read_sm_data before returning success
Andreas Cadhalpun [Sat, 27 Jun 2015 15:50:56 +0000 (17:50 +0200)]
nutdec: check maxpos in read_sm_data before returning success

Otherwise sm_size can be larger than size, which results in a negative
packet size.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 6b9fdf7f4f07926557048070cc2af3cfd0e3fe50)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit eddf146ada12b394a7796af12bff2121505dc4a1)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agovc1dec: use get_bits_long and limit the read bits to 32
Andreas Cadhalpun [Thu, 25 Jun 2015 20:47:38 +0000 (22:47 +0200)]
vc1dec: use get_bits_long and limit the read bits to 32

get_bits should not be used with more than 25 bits.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 1f1e0a2971b2a01f275bb5088c2e36166514be64)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 2e1226a695dd2faada939e0bdc3ee166b05c3579)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agompegaudiodec: copy AVFloatDSPContext from first context to all contexts
Andreas Cadhalpun [Thu, 25 Jun 2015 22:27:54 +0000 (00:27 +0200)]
mpegaudiodec: copy AVFloatDSPContext from first context to all contexts

This fixes a segfault when decoding multi-channel MP3onMP4 files.

This is similar to commit cb72230d for MPADSPContext.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 151dbe4579601a81662b4b366d0e10df3c00027a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f66d2bf94909904109f6b0609516c10f9f3f3db4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoUpdate for 2.6.4
Michael Niedermayer [Mon, 20 Jul 2015 09:10:34 +0000 (11:10 +0200)]
Update for 2.6.4

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/vp8: Check buffer size in vp8_decode_frame_header()
Michael Niedermayer [Sat, 18 Jul 2015 17:18:24 +0000 (19:18 +0200)]
avcodec/vp8: Check buffer size in vp8_decode_frame_header()

avoids null pointer dereference
Fixes: signal_sigsegv_d5de40_964_vp80-00-comprehensive-010.ivf with memlimit of 1048576

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 599d746e07319dc792ed2e511b666fe482f1ff88)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free()
Michael Niedermayer [Sat, 18 Jul 2015 17:02:26 +0000 (19:02 +0200)]
avcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free()

Fixes: signal_sigsegv_d5de23_967_vp80_00_comprehensive_010.ivf with memlimit 524288

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a84f0e8d8f293df3c535f9b893730a835bed6520)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/diracdec: Check for hpel_base allocation failure
Michael Niedermayer [Sat, 18 Jul 2015 15:55:19 +0000 (17:55 +0200)]
avcodec/diracdec: Check for hpel_base allocation failure

Fixes null pointer dereference
Fixes: signal_sigsegv_b02a96_280_RL_420p_ffdirac.drc with memlimit of 67108864

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c5b712c0a643a039d6f34269b4102de313a050a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy()
Michael Niedermayer [Sat, 18 Jul 2015 09:24:45 +0000 (11:24 +0200)]
avcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy()

Avoids leaving stale pointers
Fixes: signal_sigabrt_7ffff70eccc9_819_sabtriple.rm with memlimit 536870912

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavfilter/af_aresample: Check ff_all_* for allocation failures
Michael Niedermayer [Fri, 17 Jul 2015 18:27:25 +0000 (20:27 +0200)]
avfilter/af_aresample: Check ff_all_* for allocation failures

Fixes: signal_sigabrt_7ffff70eccc9_498_divx502.avi with memlimit 1572864

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ea8a480832acad3095783bcb11d5f290bec56cf)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/pthread_frame: clear priv_data, avoid stale pointer in error case
Michael Niedermayer [Thu, 16 Jul 2015 09:52:33 +0000 (11:52 +0200)]
avcodec/pthread_frame: clear priv_data, avoid stale pointer in error case

Fixes: b4b47bc2b3fb7ca710bfffe5aa969e37_signal_sigabrt_7ffff70eccc9_744_nc_sample2.avi with memlimit of 4194304

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f1a38264f20382731cf2cc75fdd98f4c9a84a626)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoswscale/utils: Clear pix buffers
Michael Niedermayer [Wed, 15 Jul 2015 17:20:19 +0000 (19:20 +0200)]
swscale/utils: Clear pix buffers

Fixes use of uninitialized memory
Fixes: a96874b9466b6edc660a519c7ad47977_signal_sigsegv_7ffff713351a_744_nc_sample.avi with memlimit 2147483648

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5d44d5c220e12ca0cb7a4eceb0f74759cb13111)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavutil/fifo: Fix the case where func() returns less bytes than requested in av_fifo_g...
Zhang Rui [Tue, 14 Jul 2015 06:47:26 +0000 (14:47 +0800)]
avutil/fifo: Fix the case where func() returns less bytes than requested in av_fifo_generic_write()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fcbea93cf8777bbef2a393d26942b5d3c70a448d)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Fix cleanup after failed allocation of output_files
Michael Niedermayer [Tue, 14 Jul 2015 13:49:41 +0000 (15:49 +0200)]
ffmpeg: Fix cleanup after failed allocation of output_files

Fixes: 39a25908b84604acdaa490138282d091_signal_sigsegv_7ffff713351a_331_WAWV.avi with memlimit of 262144

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e80fe1ecd984a59bb6c73cbb436cc06536b7728)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavformat/mov: Fix deallocation when MOVStreamContext failed to allocate
Michael Niedermayer [Tue, 14 Jul 2015 12:14:16 +0000 (14:14 +0200)]
avformat/mov: Fix deallocation when MOVStreamContext failed to allocate

Fixes: 260813283176b57b3c9974fe284eebc3_signal_sigsegv_7ffff713351a_991_xtrem_e2_m64q15_a32sxx.3gp with memlimit of 262144

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15629129dde771446a005282ee33c4ea1199e696)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Fix crash with ost->last_frame allocation failure
Michael Niedermayer [Tue, 14 Jul 2015 11:02:19 +0000 (13:02 +0200)]
ffmpeg: Fix crash with ost->last_frame allocation failure

Fixes: 1013dbde2c360d939cc2dfc33e4f275c_signal_sigsegv_a0500f_45_320vp3.nsv with memlimit of 536870912

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fd4c87fa3becaf8a6c480db915daf51e297b76c5)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoffmpeg: Fix cleanup with ost = NULL
Michael Niedermayer [Mon, 13 Jul 2015 21:33:18 +0000 (23:33 +0200)]
ffmpeg: Fix cleanup with ost = NULL

Fixes: 09e670595acbdafb226974b08dab66e3_signal_sigabrt_7ffff70eccc9_991_xtrem_e2_m64q15_a32sxx.3gp with memlimit of 1048576

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 503ec7139f887bf8ed8d57da07ce93c4e88447a6)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/pthread_frame: check avctx on deallocation
Michael Niedermayer [Mon, 13 Jul 2015 19:19:04 +0000 (21:19 +0200)]
avcodec/pthread_frame: check avctx on deallocation

Fixes null pointer dereferences
Fixes: af1a5a33e67e479f439239097bd0d4fd_signal_sigsegv_7ffff713351a_152_Dolby_Rain_Logo.pmp with memlimit of 8388608

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5d346feafa817c4fbc30f7ed0b93b2dad6cef15b)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/sanm: Reset sizes in destroy_buffers()
Michael Niedermayer [Mon, 13 Jul 2015 14:05:21 +0000 (16:05 +0200)]
avcodec/sanm: Reset sizes in destroy_buffers()

Fixes crash in 1288a2fe8e9ae6b00ca40e089d08ca65_signal_sigsegv_7ffff71426a7_354_accident.san with allocation limit 65536

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/alac: Clear pointers in allocate_buffers()
Michael Niedermayer [Mon, 13 Jul 2015 13:46:10 +0000 (15:46 +0200)]
avcodec/alac: Clear pointers in allocate_buffers()

Fixes: 06a4edb39ad8a9883175f9bd428334a2_signal_sigsegv_7ffff713351a_706_mov__alac__ALAC_6ch.mov

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f7068bf277a37479aecde2832208d820682b35e6)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agobytestream2: set the reader to the end when reading more than available
Anton Khirnov [Fri, 10 Jul 2015 07:31:24 +0000 (09:31 +0200)]
bytestream2: set the reader to the end when reading more than available

This prevents possible infinite loops with the calling code along the
lines of while (bytestream2_get_bytes_left()) { ... }, where the reader
does not advance.

CC: libav-stable@libav.org
(cherry picked from commit 86eee85daddb682fa072c2e2657c90a514b855e3)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/utils: use a minimum 32pixel width in avcodec_align_dimensions2() for H.264
Michael Niedermayer [Fri, 10 Jul 2015 00:01:17 +0000 (02:01 +0200)]
avcodec/utils: use a minimum 32pixel width in  avcodec_align_dimensions2() for H.264

Fixes Assertion failure
Found-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7ef6656b1e5bfbc7499013d3b38b093b6b2f31ec)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 years agoavcodec/mpegvideo: Clear pointers in ff_mpv_common_init()
Michael Niedermayer [Thu, 9 Jul 2015 20:16:15 +0000 (22:16 +0200)]
avcodec/mpegvideo: Clear pointers in ff_mpv_common_init()

This ensures that no stale pointers leak through on any path

Fixes: signal_sigsegv_c3097a_991_xtrem_e2_m64q15_a32sxx.3gp

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b160fc290cf49b516c5b6ee0730fd9da7fc623b1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agooggparsedirac: check return value of init_get_bits
Chris Watkins [Tue, 7 Jul 2015 17:23:44 +0000 (10:23 -0700)]
oggparsedirac: check return value of init_get_bits

If init_get_bits fails the GetBitContext is invalid and must not be
used. Check the return value in dirac_header and propogate the error.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4f5c2e651a95b950f6a3fb36f2342cbc32515f17)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agowmalosslessdec: reset frame->nb_samples on packet loss
Andreas Cadhalpun [Thu, 2 Jul 2015 22:02:44 +0000 (00:02 +0200)]
wmalosslessdec: reset frame->nb_samples on packet loss

Otherwise a frame with non-zero nb_samples but without any data can be
returned.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 42e7a5b3c704985c2c18970cc94a837b413df9d9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agowmalosslessdec: avoid reading 0 bits with get_bits
Andreas Cadhalpun [Thu, 2 Jul 2015 22:01:56 +0000 (00:01 +0200)]
wmalosslessdec: avoid reading 0 bits with get_bits

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f9020d514e9ed5043496a710b36daba1ab182e97)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/rawenc: Use ff_alloc_packet() instead of ff_alloc_packet2()
Michael Niedermayer [Sun, 5 Jul 2015 18:00:15 +0000 (20:00 +0200)]
avcodec/rawenc: Use ff_alloc_packet() instead of ff_alloc_packet2()

the later is not optimal when the buffer size is well known at allocation time

This avoids a memcpy()
Overall 2.5% speedup with a random 1920x1080 video

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 47496eb97cff8130991313d1b7292613620d8592)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/aacsbr: Assert that bs_num_env is positive
Michael Niedermayer [Wed, 1 Jul 2015 00:08:25 +0000 (02:08 +0200)]
avcodec/aacsbr: Assert that bs_num_env is positive

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e13a45b1a9a69456631e582bbb06954d169eb55)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/aacsbr: check that the element type matches before applying SBR
Michael Niedermayer [Wed, 1 Jul 2015 00:05:43 +0000 (02:05 +0200)]
avcodec/aacsbr: check that the element type matches before applying SBR

Fixes out of array access
Fixes: signal_sigsegv_3670fc0_2818_cov_2307326154_moon.mux

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 79a98294da6cd85f8c86b34764c5e0c43b09eea3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h
Michael Niedermayer [Tue, 30 Jun 2015 17:37:12 +0000 (19:37 +0200)]
avcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h

Fixes out of array access
Fixes: asan_heap-oob_4d5bb0_682_cov_3124593265_Fraunhofer__a_driving_force_in_innovation__small.mp4

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 330863c9f19a23c500ba7901a23f1cc377b353bb)

Conflicts:

libavcodec/h264_slice.c

4 years agovp9/update_prob: prevent out of bounds table read
James Zern [Tue, 30 Jun 2015 06:03:14 +0000 (23:03 -0700)]
vp9/update_prob: prevent out of bounds table read

the max value of the lookup in expanded form is:
(((1 << 7) - 1) << 1) - 65 + 1 + 64 = 254

add one entry of padding to inv_map_table[] to prevent out of bounds
access with non-conforming / fuzzed bitstreams

Signed-off-by: James Zern <jzern@google.com>
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91f860ea74e11e9178500fe8794c47f57dbf48c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavfilter/vf_transpose: Fix rounding error
Michael Niedermayer [Tue, 30 Jun 2015 14:01:15 +0000 (16:01 +0200)]
avfilter/vf_transpose: Fix rounding error

Fixes out of array access
Fixes: asan_heap-oob_7f875d_3482_cov_1818465256_ssudec.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0083c16605aa5997534e87e68f97ef85a8c3b7b8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>