* commit 'aa45b90804ab21175b8c116bd8e5eb4b4e85fbcb': (22 commits)
alsdec: Check k used for rice decoder.
cavsdec: check for changing w/h.
avidec: use actually read size instead of requested size
wmaprodec: check num_vec_coeffs for validity
lagarith: check count before writing zeros.
indeo5: check tile size in decode_mb_info().
indeo5: prevent null pointer dereference on broken files
indeo: check for invalid motion vectors
indeo: clear allocated band buffers
indeo: check custom Huffman tables for errors
dfa: add some checks to ensure that decoder won't write past frame end
dfa: check that the caller set width/height properly.
bytestream: add a new set of bytestream functions with overread checking
avsdec: Set dimensions instead of relying on the demuxer.
lavfi: avfilter_merge_formats: handle case where inputs are same
rv34: use AVERROR return values in ff_rv34_decode_frame()
h263: Add ff_ prefix to nonstatic symbols
eval: fix swapping of lt() and lte()
bmpdec: only initialize palette for pal8.
vc1dec: add flush function for WMV9 and VC-1 decoders
...
Conflicts:
libavcodec/avs.c
libavcodec/mpegvideo_enc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7: (96 commits)
intfloat_readwrite: fix signed addition overflows
smacker: validate channels and sample format.
smacker: check buffer size before reading output size
smacker: validate number of channels
sipr: fix get_bits(0) calls
motion_est: make MotionExtContext.map_generation unsigned
4xm: prevent NULL dereference with invalid huffman table
4xmdemux: prevent use of uninitialized memory
4xm: clear FF_INPUT_BUFFER_PADDING_SIZE bytes in temporary buffers
ptx: check for out of bound reads
tiffdec: fix out of bound reads/writes
eacmv: check for out of bound reads
eacmv: fix potential pointer arithmetic overflows
adpcm: fix out of bound reads due to integer overflow
anm: prevent infinite loop
avsdemux: check for out of bound writes
avs: check for out of bound reads
avsdemux: check for corrupted data
mxfdec: Fix some buffer overreads caused by the misuse of AVPacket related functions.
vaapi: Fix VC-1 decoding (reconstruct bitstream TTFRM correctly).
...
Conflicts:
libavcodec/adpcm.c
libavcodec/bink.c
libavcodec/h264.c
libavcodec/h264.h
libavcodec/h264_cabac.c
libavcodec/h264_cavlc.c
libavcodec/motion_est_template.c
libavcodec/mpegvideo.c
libavcodec/nellymoserdec.c
libavcodec/ptx.c
libavcodec/svq3.c
libavcodec/vaapi_vc1.c
libavcodec/xan.c
libavfilter/vf_scale.c
libavformat/4xm.c
libavformat/flvdec.c
libavformat/mpeg.c
tests/ref/fate/motionpixels
Merged-by: Michael Niedermayer <michaelni@gmx.at>
These additions might overflow the signed range for large
input values. Converting to unsigned before the addition
rather than after avoids such undefined behaviour. The
result under normal two's complement wraparound remains
unchanged.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 88d1e2b2b0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This fixes a signed overflow from i << 24 when i == 255 by
making i unsigned. The result of the shift is already
assigned to an variable of unsigned type.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 8b19ae0761)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Found with address sanitizer.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit c693aa6f71)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Found with address sanitizer.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit c693aa6f71)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f)
Note, the other arm asm code is likely affected too and should be changed as well.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 96bc6485bc929741827fc0f08ef06bea662a3eea)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes a signed overflow from i << 24 when i == 255 by
making i unsigned. The result of the shift is already
assigned to an variable of unsigned type.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 8b19ae0761)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
av_realloc_f helps avoiding memory-leaks in typical uses of realloc.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5cd754bca2)
av_size_mult helps checking for overflow when computing the size of a memory
area.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b2600509fe)
1<<31 overflows because 1 is signed, so force it to unsigned.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 5938e02185)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* khirnov/release/0.7: (64 commits)
rv34: Check for invalid slice offsets
rv34: Fix potential overreads
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
oggdec: fix out of bound write in the ogg demuxer
Fixed size given to init_get_bits().
smacker: fix a few off by 1 errors
Check for invalid VLC value in smacker decoder.
Check and propagate errors when VLC trees cannot be built in smacker decoder.
Fixed off by one packet size allocation in the smacker demuxer.
Check for invalid packet size in the smacker demuxer.
ape demuxer: fix segfault on memory allocation failure.
xan: Add some buffer checks (cherry picked from commit 0872bb23b4)
Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6)
smacker demuxer: handle possible av_realloc() failure.
Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9)
indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c)
indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd)
...
Conflicts:
ffmpeg.c
libavdevice/alsa-audio.h
libavformat/gxf.c
libswscale/x86/swscale_template.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
1<<31 overflows because 1 is signed, so force it to unsigned.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 5938e02185430ca711106aaec9b5622dbf588af3)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit e59d6b4d7255d6d3dc89580f534e18af1433fe25)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Before this, almost all module groups have been used for grouping functions
and fields in structures semantically. This causes them to not appear
properly in the file documentation and needlessly clutters up the "Modules"
index.
Additionally, this commit streamlines some spelling and appearances.
(cherry picked from commit 21a19b7912fe0622f3d1748ff102fcc7bc7a974a)
In commit bebe72f4a05d338e04ae9ca1e9c6b72749b488aa, the enum AV_PICTURE_TYPE_* was introduced. There are still places in the code where pict_type is used as an integer and there is a case where "pict_type = 0" with the explanation "let ffmpeg decide what to do". The new enum does not know a value of 0 and C++ will fail if compiling such programs anyway as it is refered as an int (and you cannot patch them properly).
(cherry picked from commit 512933671409f9f88cc9fdfc8f29525d32240bab)
* qatar/master:
lavc: add opt_find to AVCodecContext class.
h264: Complexify frame num gap shortening code
intreadwrite.h: fix AV_RL32/AV_RB32 signedness.
Fix decoding of mpegts streams with h264 video that does *NOT* have b frames
Add minor bumps and APIChanges entries for lavf private options.
ffmpeg: deprecate -vc and -tvstd
ffmpeg: use new avformat_open_* API.
ffserver: use new avformat_open_* API.
ffprobe: use new avformat_open_* API.
ffplay: use new avformat_open_* API.
cmdutils: add opt_default2().
dict: add AV_DICT_APPEND flag.
lavf: add avformat_write_header() as a replacement for av_write_header().
Deprecate av_open_input_* and remove their uses.
lavf: add avformat_open_input() as a replacement for av_open_input_*
AVOptions: add av_opt_find() as a replacement for av_find_opt.
AVOptions: add av_opt_set_dict() mapping a dictionary struct to a context.
ffmpeg: don't abuse a global for passing frame size from input to output
ffmpeg: don't abuse a global for passing pixel format from input to output
ffmpeg: initialise encoders earlier.
Conflicts:
cmdutils.c
doc/APIchanges
ffmpeg.c
ffplay.c
ffprobe.c
libavcodec/h264.c
libavformat/avformat.h
libavformat/utils.c
libavformat/version.h
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The output type of the AV_RL32/AV_RB32 macros was signed int. The
resulting overflow broke at least some ASF streams with large
timestamps. Fix by adding a cast to uint32_t.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/master:
bitstream: Properly promote av_reverse values before shifting.
libavutil/swscale: YUV444P10/YUV444P9 support.
H.264: Fix high bit depth explicit biweight
h264: Fix 10-bit H.264 x86 chroma v loopfilter asm.
Replace DEBUG_SEEK/DEBUG_SI + av_log combinations by av_dlog.
Update copyright year for ac3enc_opts_template.c.
adts: Adjust frame size mask to follow the specification.
movenc: Add RTP muxer/hinter options
movenc: Pass the RTP AVFormatContext to the SDP generation
rtspenc: Add RTP muxer options
rtspenc: Add an AVClass for setting muxer specific options
rtpenc_chain: Pass the rtpflags options through to the chained muxer
rtpenc: Declare the rtp flags private AVOptions in rtpenc.h
sdp: Reindent after the previous commit
rtpenc: MP4A-LATM payload support
avoptions: Add an av_opt_flag_is_set function for inspecting flag fields
sdp: Allow passing an AVFormatContext to the SDP generation
mov: Fix wrong timestamp generation for fragmented movies that have time offset caused by the first edit list entry.
mpeg12: more advanced ffmpeg mpeg2 aspect guessing code.
swscale: split YUYV output out of yuv2packed[12X]_c().
Conflicts:
doc/APIchanges
libavcodec/Makefile
libavcodec/h264dsp_template.c
libavcodec/mpeg12.c
libavformat/aacdec.c
libavformat/avidec.c
libavformat/internal.h
libavformat/movenc.c
libavformat/rtpenc.c
libavformat/rtpenc_latm.c
libavformat/sdp.c
libavformat/version.h
libavutil/avutil.h
libavutil/pixfmt.h
libswscale/swscale.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
crypto: Use av_freep instead of av_free
lavf: don't try to free private options if priv_data is NULL.
swscale: fix types of assembly arguments.
swscale: move two macros that are only used once into caller.
swscale: remove unused function.
options: Add missing braces around struct initializer.
mov: Remove leftover crufty debug statement with references to a local file.
dvbsubdec: Fix compilation of debug code.
Remove all uses of now deprecated metadata functions.
Move metadata API from lavf to lavu.
Conflicts:
doc/APIchanges
libavformat/aiffdec.c
libavformat/asfdec.c
libavformat/avformat.h
libavformat/avidec.c
libavformat/cafdec.c
libavformat/matroskaenc.c
libavformat/mov.c
libavformat/mp3enc.c
libavformat/wtv.c
libavutil/avutil.h
libavutil/internal.h
libswscale/swscale.c
libswscale/x86/swscale_template.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Deprecate av_get_bits_per_sample_fmt(), which was a misnamed function.
For the moment we don't have sample formats with a non-integer number
of bytes, in that case we may need to create a new
av_get_bits_per_sample() function. In the meanwhile we prefer to adopt
this variant, since avoids divisions by 8 all over the place.
