libav.git
2 years agoPrepare for the 0.8.20 release v0.8.20
Diego Biurrun [Mon, 16 Jan 2017 18:06:20 +0000 (19:06 +0100)]
Prepare for the 0.8.20 release

2 years agompegvideo: Fix undefined negative shifts in mpeg_motion_internal
Luca Barbato [Fri, 4 Mar 2016 15:57:29 +0000 (16:57 +0100)]
mpegvideo: Fix undefined negative shifts in mpeg_motion_internal

Bug-Id: 980
Bug-Id: CVE-2016-9820

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 0242351390643d176b10600c2eb854414f9559e6)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
(cherry picked from commit e17bcfbecc268ba00cb55025095d70b1025e6c7d)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2 years agompegvideo: Fix undefined negative shifts in ff_init_block_index
Luca Barbato [Wed, 2 Mar 2016 23:52:23 +0000 (18:52 -0500)]
mpegvideo: Fix undefined negative shifts in ff_init_block_index

Bug-Id: 980
Bug-Id: CVE-2016-9819
Found-by: gcc5-ubsan.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 7d4a1ff344cbf969ac648642a0fd8484fd5b8637)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
(cherry picked from commit f106f74206e69e9056130da8bddffc39f3878ac3)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2 years agompeg12dec: move setting first_field to mpeg_field_start()
Anton Khirnov [Sat, 17 Dec 2016 16:04:55 +0000 (17:04 +0100)]
mpeg12dec: move setting first_field to mpeg_field_start()

For field picture, the first_field is set based on its previous value.
Before this commit, first_field is set when reading the picture
coding extension. However, in corrupted files there may be multiple
picture coding extension headers, so the final value of first_field that
is actually used during decoding can be wrong. That can lead to various
undefined behaviour, like predicting from a non-existing field.

Fix this problem, by setting first_field in mpeg_field_start(), which
should be called exactly once per field.

CC: libav-stable@libav.org
Bug-ID: 999
(cherry picked from commit c2fa6bb0e8703a7a6aa10e11f9ab36094416d83f)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2 years agompeg12dec: avoid signed overflow in bitrate calculation
Anton Khirnov [Sat, 17 Dec 2016 14:07:51 +0000 (15:07 +0100)]
mpeg12dec: avoid signed overflow in bitrate calculation

CC: libav-stable@libav.org
Bug-Id: 981
Bug-Id: CVE-2016-9822
Found-By: Agostino Sarubbo
(cherry picked from commit e807491fc6a336e4becc0cbc981274a8fde18aba)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2 years agompegvideo_parser: avoid signed overflow in bitrate calculation
Anton Khirnov [Sat, 17 Dec 2016 14:07:51 +0000 (15:07 +0100)]
mpegvideo_parser: avoid signed overflow in bitrate calculation

Bug-Id: 981
Bug-Id: CVE-2016-9821
Found-By: Agostino Sarubbo
(cherry picked from commit 58405de0951a843765625159402870c1eea3c3b1)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2 years agoh264: Use the right H264Context for struct member comparison
Diego Biurrun [Mon, 9 Jan 2017 16:22:08 +0000 (17:22 +0100)]
h264: Use the right H264Context for struct member comparison

Fixes crashes with slice threading.

2 years agoPrepare for the 0.8.19 release
Diego Biurrun [Mon, 9 Jan 2017 09:22:57 +0000 (10:22 +0100)]
Prepare for the 0.8.19 release

2 years agoh264: Reinit the context on pixel format changes
Diego Biurrun [Thu, 17 Nov 2016 16:24:13 +0000 (17:24 +0100)]
h264: Reinit the context on pixel format changes

Fixes all kinds of undefined behavior in such cases.

Bug-Id: 939

2 years agompegvideo_motion: Handle edge emulation even without unrestricted_mv
Michael Niedermayer [Tue, 12 Nov 2013 15:11:42 +0000 (16:11 +0100)]
mpegvideo_motion: Handle edge emulation even without unrestricted_mv

Fix out of bounds read.

Bug-Id: 959
Found by: F4B3CD@STARLAB and Agostino Sarubbo
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 136f55207521f0b03194ef5b55ba70f1635d6aee)
(cherry picked from commit 7a1e60a834f75cc6c7cba02bb2a85edc355f50c0)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoasfenc: Check pts
Michael Niedermayer [Tue, 12 Jan 2016 17:49:20 +0000 (18:49 +0100)]
asfenc: Check pts

Fixes integer overflow
Fixes: 0063df8be3aaa30dd6d76f59c8f818c8/signal_sigsegv_7b7b59_3634_bf418b6822bbfa68734411d96b667be3.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7c0b84d89911b2035161f5ef51aafbfcc84aa9e2)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agomov: Check the entries value when parsing dref boxes
Luca Barbato [Tue, 8 Mar 2016 10:57:16 +0000 (11:57 +0100)]
mov: Check the entries value when parsing dref boxes

And properly reset the entries count when resetting the entries.

CC: libav-stable@libav.org
Bug-Id: 929
Bug-Id: CVE-2016-3062
(cherry picked from commit 7e01d48cfd168c3dfc663f03a3b6a98e0ecba328)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoavformat/output-example: Declare link dependency on libswscale in the Makefile
Diego Biurrun [Tue, 1 Oct 2013 11:34:02 +0000 (13:34 +0200)]
avformat/output-example: Declare link dependency on libswscale in the Makefile

(cherry picked from commit 47b6cfc2a0333fb24f074d27830bf35ae5007050)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit b5cacdb3e12927c63084d26d4c7d9d43ed00dd66)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agobuild: output-example: Add avutil to ELIBS in link command
Diego Biurrun [Sat, 27 Apr 2013 12:51:27 +0000 (14:51 +0200)]
build: output-example: Add avutil to ELIBS in link command

output-example links against swscale, which depends on avutil.  In standard
configurations, by pure good luck, the libs before swscale pull in all of
swscale's dependencies and linking succeeds.  However, in some configurations
like --disable-asm this is not the case and linking fails.

Hardcode the dependency to avoid a more general Makefile refactoring.

(cherry picked from commit 4d7ed3e73541983459a7913c2034eba69ebc113d)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 0f8b3f17114f75cde68b6848c8f1437f7fdce44e)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoPrepare for the 0.8.18 release v0.8.18
Diego Biurrun [Thu, 29 Sep 2016 16:46:00 +0000 (18:46 +0200)]
Prepare for the 0.8.18 release

3 years agoac3_parser: add required padding for GetBitContext buffer
Janne Grunau [Mon, 8 Jun 2015 12:48:26 +0000 (14:48 +0200)]
ac3_parser: add required padding for GetBitContext buffer

Fixes stack buffer overflow errors detected by address sanitizer in
various fate tests.

Bug-Id: CVE-2016-7393
CC: libav-stable@libav.org
(cherry picked from commit a9f108bd78e842a47ade2f7c8b22a1764d01d4e6)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoaac_parser: add required padding for GetBitContext buffer
Janne Grunau [Mon, 8 Jun 2015 12:45:12 +0000 (14:45 +0200)]
aac_parser: add required padding for GetBitContext buffer

Fixes stack buffer overflow errors detected by address sanitizer in
various fate tests.

CC: libav-stable@libav.org
(cherry picked from commit 02477323b92aacdabe0a2d129eeb0c15fbd1ec9e)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agomjpegdec: Check number of components for JPEG-LS
Michael Niedermayer [Wed, 4 Feb 2015 19:48:30 +0000 (20:48 +0100)]
mjpegdec: Check number of components for JPEG-LS

Fixes out of array accesses.
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Bug-Id: CVE-2015-1872
(cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoh263: Always check both dimensions
Luca Barbato [Fri, 26 Jun 2015 13:57:16 +0000 (15:57 +0200)]
h263: Always check both dimensions

CC: libav-stable@libav.org
Found-By: ago@gentoo.org
Bug-Id: CVE-2015-5479
(cherry picked from commit 0a49a62f998747cfa564d98d36a459fe70d3299b)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agosegment: Fix the failure paths
Luca Barbato [Mon, 5 Jan 2015 09:40:41 +0000 (10:40 +0100)]
segment: Fix the failure paths

A failure in segment_end() or segment_start() would lead to freeing
a dangling pointer and in general further calls to seg_write_packet()
or to seg_write_trailer() would have the same faulty behaviour.

CC: libav-stable@libav.org
Reported-By: luodalongde@gmail.com
(cherry picked from commit b3f04657368a32a9903406395f865e230b1de348)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agotls: Use the right return value for breaking out due to the interrupt callback
Martin Storsjö [Thu, 24 Mar 2016 09:27:49 +0000 (11:27 +0200)]
tls: Use the right return value for breaking out due to the interrupt callback

The retry_transfer_wrapper function higher up in the call chain
ignores AVERROR(EINTR), which only means "interrupted by system call".

This makes sure that returning due to the interrupt callback
works as intended.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
4 years agodoc: More changelog updates for v0.8.17 gitorious/release/0.8 v0.8.17
Reinhard Tartler [Tue, 10 Mar 2015 02:11:14 +0000 (22:11 -0400)]
doc: More changelog updates for v0.8.17

4 years agoutvideodec: Handle slice_height being zero
Michael Niedermayer [Wed, 4 Mar 2015 17:36:14 +0000 (17:36 +0000)]
utvideodec: Handle slice_height being zero

Fixes out of array accesses.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-9604
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d)
(cherry picked from commit 3a417a86b330b7c1acf9db4f729be7d619caaded)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit e032e647dd79e7748145792dfee0358eccb1982e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 789f433bc6376e6e45d41ae491007d482fa1df85)

Conflicts:
libavcodec/utvideodec.c

4 years agodoc: More changelog updates for v0.8.17
Reinhard Tartler [Mon, 9 Mar 2015 02:34:43 +0000 (22:34 -0400)]
doc: More changelog updates for v0.8.17

4 years agotiff: Check that there is no aliasing in pixel format selection
Anton Khirnov [Sat, 7 Mar 2015 21:06:59 +0000 (22:06 +0100)]
tiff: Check that there is no aliasing in pixel format selection

Fixes possible issues with unexpected bpp/bppcount values.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
(cherry picked from commit ae5e1f3d663a8c9a532d89e588cbc61f171c9186)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit eb9041403d820634c45ed4ee98570246a252507a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 62b0462e5fa78901380ca229ddb6a7625efd61a2)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
4 years agormenc: limit packet size
Andreas Cadhalpun [Mon, 2 Mar 2015 15:52:26 +0000 (16:52 +0100)]
rmenc: limit packet size

The chunk size is limited to UINT16_MAX (written by avio_wb16), so make
sure that the packet size is not too large.

Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
4 years agoeamad: check for out of bounds read
Federico Tomassetti [Wed, 18 Feb 2015 12:11:44 +0000 (12:11 +0000)]
eamad: check for out of bounds read

Bug-Id: CID 1257500
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
4 years agoUpdate Changelog for 0.8.17 Release
Reinhard Tartler [Sun, 8 Mar 2015 15:32:09 +0000 (11:32 -0400)]
Update Changelog for 0.8.17 Release

4 years agoPrepare for 0.8.17 Release
Reinhard Tartler [Sun, 8 Mar 2015 15:29:56 +0000 (11:29 -0400)]
Prepare for 0.8.17 Release

4 years agoh264_cabac: Break infinite loops
Michael Niedermayer [Thu, 31 Jan 2013 03:20:24 +0000 (04:20 +0100)]
h264_cabac: Break infinite loops

This fixes out of array reads and/or infinite loops.

30 is the maximum number of bits that can be read into
coeff_abs below.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Martin Storsjö <martin@martin.st>
4 years agomatroskadec: Fix read-after-free in matroska_read_seek()
Xiaohan Wang [Thu, 6 Nov 2014 20:59:54 +0000 (12:59 -0800)]
matroskadec: Fix read-after-free in matroska_read_seek()

In matroska_read_seek(), |tracks| is assigned at the begining of the
function. However, functions like matroska_parse_cues() could reallocate
the tracks and invalidate |tracks|.

This assigns |tracks| only before using it, so that it will not get
invalidated elsewhere.

Bug-Id: chromium/427266

4 years agogifdec: refactor interleave end handling
Michael Niedermayer [Fri, 3 Oct 2014 18:15:52 +0000 (20:15 +0200)]
gifdec: refactor interleave end handling

Fixes invalid writes with very small image heights.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0b39ac6f54505a538c21fe49a626de94c518c903)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit eac49477aa95cf727d87d2741ee8e60be59d394b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 92888e9ed4ea4e761ae953bbe28c85cc658abc8f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 02de44073a8e116ea177b53081219d32ef135ad8)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agosmc: fix the bounds check
Michael Niedermayer [Fri, 3 Oct 2014 20:50:45 +0000 (22:50 +0200)]
smc: fix the bounds check

Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit d423dd72be451462c6fb1cbbe313bed0194001ab)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 58dc526ebf722d33bf09275c1241674e0e6b9ef1)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit f249e9889155599ee3ad0172832d38f68b0c625d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 306ee95088243fefa2dfcb5c355d439db75e2d2a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agommvideo: check frame dimensions
Anton Khirnov [Sun, 14 Dec 2014 20:01:59 +0000 (21:01 +0100)]
mmvideo: check frame dimensions

The frame size must be set by the caller and each dimension must be a
multiple of 2.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8543
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 17ba719d9ba30c970f65747f42d5fbb1e447ca28)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 69a930b988ff4f88ae27e4fc24ff6ed116840b5e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 3f10a779b465fd22d3aec1b744ca8544bc2da970)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/mmvideo.c

(cherry picked from commit 03dba25a4001495226651068232b4c6b1e75fd02)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agojvdec: check frame dimensions
Anton Khirnov [Sun, 14 Dec 2014 20:01:59 +0000 (21:01 +0100)]
jvdec: check frame dimensions

The frame size must be set by the caller and each dimension must be a
multiple of 8.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8542
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 88626e5af8d006e67189bf10b96b982502a7e8ad)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 55788572ea7b89cdd77bab1cf4bf06d14ead34f5)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 8f238dd9bdd9eba569fcaa564a07fbdd89412a14)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/jvdec.c

(cherry picked from commit 50cb695bf124b0bd4d9e2b3c1bfdd08b35b14438)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/jvdec.c

4 years agomov: avoid a memleak when multiple stss boxes are present
Anton Khirnov [Tue, 12 Aug 2014 14:39:10 +0000 (14:39 +0000)]
mov: avoid a memleak when multiple stss boxes are present

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 64f7575fbd64e5b65d5c644347408588c776f1fe)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 577f1feb3fd1e51fd14af7ce6d79d468faa3b929)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 931f5b235112f1c2a09dead36f0a228061d23942)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 93f919d0b4c4341ccee366c98ac9af813f8fe622)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agoAdd some bug references to the changelog
Diego Biurrun [Tue, 16 Sep 2014 10:28:45 +0000 (03:28 -0700)]
Add some bug references to the changelog

5 years agoapetag: Fix APE tag size check
Katerina Barone-Adesi [Mon, 15 Sep 2014 23:40:24 +0000 (01:40 +0200)]
apetag: Fix APE tag size check

The size variable is (correctly) unsigned, but is passed to several functions
which take signed parameters, such as avio_read, sometimes after having
numbers added to it. So ensure that size remains within the bounds that
these functions can handle.

(cherry picked from commit 56ac2cbd0464e0146e62c91843e2b1f5e0908504)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavformat/apetag.c

5 years agox86: Only use optimizations with cmov if the CPU supports the instruction
Diego Biurrun [Tue, 19 Jun 2012 10:55:10 +0000 (12:55 +0200)]
x86: Only use optimizations with cmov if the CPU supports the instruction

Also fill in missing hash for AV_CPU_FLAG_CMOV addition in APIChanges.

(cherry picked from commit fe07c9c6b5a870b8f2ffcfac649228b4d76e9505)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavcodec/x86/dsputil_mmx.c

5 years agox86: Add CPU flag for the i686 cmov instruction
Diego Biurrun [Tue, 19 Jun 2012 20:55:26 +0000 (22:55 +0200)]
x86: Add CPU flag for the i686 cmov instruction

(cherry picked from commit 65345a5a30a0e866b6944c0e6184be3feca04335)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavutil/cpu.c
libavutil/cpu.h

5 years agoUpdate Changelog for v0.8.16 v0.8.16
Diego Biurrun [Wed, 10 Sep 2014 19:46:05 +0000 (12:46 -0700)]
Update Changelog for v0.8.16

5 years agoPrepare for 0.8.16 release
Diego Biurrun [Wed, 10 Sep 2014 19:43:08 +0000 (12:43 -0700)]
Prepare for 0.8.16 release

5 years agoUpdate Changelog for v0.8.15
Diego Biurrun [Wed, 10 Sep 2014 19:42:12 +0000 (12:42 -0700)]
Update Changelog for v0.8.15

5 years agodoc: Fix syntax and logical errors in avconv stream combination example
Diego Biurrun [Wed, 10 Sep 2014 16:38:15 +0000 (18:38 +0200)]
doc: Fix syntax and logical errors in avconv stream combination example

Bug-Id: 661
CC: libav-stable@libav.org
(cherry picked from commit 775a0b04f0cf8102fe322b2ee03fe1a0633dea04)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoffmpeg: Clarify wording of ffmpeg --> avconv deprecation message
Diego Biurrun [Wed, 20 Aug 2014 17:50:33 +0000 (10:50 -0700)]
ffmpeg: Clarify wording of ffmpeg --> avconv deprecation message

5 years agoadpcmenc: Calculate the IMA_QT predictor without overflow
Michael Niedermayer [Tue, 4 Sep 2012 11:02:30 +0000 (14:02 +0300)]
adpcmenc: Calculate the IMA_QT predictor without overflow

Previously, the value given to put_bits was 10 bits long for positive
predictors, even though 9 bits were to be written. The extra bit could
in some cases overwrite existing bits in the bitstream writer cache.

This fixes a failed assert in put_bits.h, when running a version
built with -DDEBUG.

The fate test result gets slightly improved, thanks to getting rid
of the overwritten bits in the bitstream writer cache.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit aa264da5bf6a3d82a47abba4cfcfa629dd1f3daa)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
tests/ref/fate/acodec-adpcm-ima_qt

5 years agosvq1enc: Set picture_structure correctly
Michael Niedermayer [Mon, 6 Aug 2012 14:28:13 +0000 (16:28 +0200)]
svq1enc: Set picture_structure correctly

This fixes assert failures when running in debug mode.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2d7d91f06d6a1d243dc74c96d3389ee237a3b906)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoh264: Remove an assert on current_picture_ptr being null
Michael Niedermayer [Mon, 6 Aug 2012 22:18:59 +0000 (00:18 +0200)]
h264: Remove an assert on current_picture_ptr being null

It is possible in various error paths as well as gap handling
that this has already been allocated. It is not clear why that
would be a problem with the current code, thus disable the
assert to avoid a common assert failure when asserts are enabled.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5e997688f8801bb89c773f368237627d957fa520)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoparser: Don't use pc as context for av_dlog
Martin Storsjö [Tue, 4 Sep 2012 11:45:00 +0000 (14:45 +0300)]
parser: Don't use pc as context for av_dlog

The ParserContext class doesn't have an AVClass, required for
using it as a logging class.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6d65496990dcac551f60668c2418a50a3111c86c)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agompegvideo: remove last_picture_ptr / h264 assert.
Michael Niedermayer [Mon, 6 Aug 2012 14:49:49 +0000 (16:49 +0200)]
mpegvideo: remove last_picture_ptr / h264 assert.

This assert is no longer true since h264 error concealment needs
last_picture_ptr to be set.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 91672504a403556f63492093b892574234f21dd7)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavcodec/mpegvideo.c

5 years agoelbg: Fix an assert
Michael Niedermayer [Sat, 18 Aug 2012 19:53:32 +0000 (21:53 +0200)]
elbg: Fix an assert

It seems the condition was flipped from what was intended.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2c340596cab981ac842aff7da89d298025c99304)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoswscale: Remove two bogus asserts
Diego Biurrun [Tue, 11 Sep 2012 20:11:25 +0000 (22:11 +0200)]
swscale: Remove two bogus asserts

(cherry picked from commit b9141aa346b736adffd27e1a98bd12aa7b628a8f)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libswscale/swscale.c

5 years agoh264_refs: Fix debug tprintf argument types
Diego Biurrun [Tue, 25 Sep 2012 17:05:26 +0000 (19:05 +0200)]
h264_refs: Fix debug tprintf argument types

(cherry picked from commit 6c5b0517e00fc22753c5cc0751cba186dd71ed36)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agonutdec: Remove unused and broken debug function stub
Diego Biurrun [Tue, 25 Sep 2012 17:01:10 +0000 (19:01 +0200)]
nutdec: Remove unused and broken debug function stub

(cherry picked from commit 83655442fa6dbf7578d108ce479f98a14ebb3e3c)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavformat/nutdec.c

5 years agovp8: avoid race condition on segment map.
Aaron Colwell [Mon, 19 Mar 2012 03:03:00 +0000 (20:03 -0700)]
vp8: avoid race condition on segment map.

This change avoids accessing the segment map of the previous frame if
segmentation is not enabled for the current frame. The caller of
decode_mb_mode() only calls ff_thread_await_progress() on the reference
segmentation index array if segmentation is enabled, so Chromium's TSAN
will report a race when accessing this data while segmentation is not
enabled.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 30011bf20109eef1a0f9ee949b19f9998ad88663)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoarm/neon: dsputil: use correct size specifiers on vld1/vst1
Mans Rullgard [Thu, 10 May 2012 16:40:30 +0000 (17:40 +0100)]
arm/neon: dsputil: use correct size specifiers on vld1/vst1

Change the size specifiers to match the actual element sizes
of the data.  This makes no practical difference with strict
alignment checking disabled (the default) other than somewhat
documenting the code.  With strict alignment checking on, it
avoids trapping the unaligned loads.

Signed-off-by: Mans Rullgard <mans@mansr.com>
5 years agoarm: dsputil: prettify some conditional instructions in put_pixels macros
Mans Rullgard [Thu, 10 May 2012 15:24:33 +0000 (16:24 +0100)]
arm: dsputil: prettify some conditional instructions in put_pixels macros

Signed-off-by: Mans Rullgard <mans@mansr.com>
5 years agoarm: dsputil: fix overreads in put/avg_pixels functions
Mans Rullgard [Wed, 9 May 2012 23:55:18 +0000 (00:55 +0100)]
arm: dsputil: fix overreads in put/avg_pixels functions

The vertically interpolating variants of these functions read
ahead one line to optimise the loop.  On the last line processed,
this might be outside the buffer.  Fix these invalid reads by
processing the last line outside the loop.

Signed-off-by: Mans Rullgard <mans@mansr.com>
5 years agoffv1dec: check that global parameters do not change in version 0/1
Michael Niedermayer [Fri, 30 Aug 2013 02:51:09 +0000 (04:51 +0200)]
ffv1dec: check that global parameters do not change in version 0/1

Such changes are neither allowed nor supported

Found-by: ami_stuff
Bug-Id: CVE-2013-7020
CC: libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit da7d839a0d3ec40423a665dc85e0cfaed3f92eb8)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/ffv1dec.c

5 years agoavcodec: Add more missing #includes for ff_get_buffer()
Reinhard Tartler [Sat, 9 Aug 2014 15:22:11 +0000 (08:22 -0700)]
avcodec: Add more missing #includes for ff_get_buffer()

5 years agoPrepare for 0.8.15 Release v0.8.15
Reinhard Tartler [Sat, 9 Aug 2014 13:09:24 +0000 (09:09 -0400)]
Prepare for 0.8.15 Release

5 years agolavf: Fix leftovers from the ff_get_buffer patch
Luca Barbato [Sat, 9 Aug 2014 12:14:34 +0000 (14:14 +0200)]
lavf: Fix leftovers from the ff_get_buffer patch

The automated script did not perfectly replace all the instances nor
added internal.h in all the files requiring it.

5 years agoconfigure: Check for -Werror parameters on clang
Martin Storsjö [Tue, 13 Nov 2012 17:01:51 +0000 (19:01 +0200)]
configure: Check for -Werror parameters on clang

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 9eded0fe412e610ee8944681d5c554b723463e96)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoavcodec: Introduce ff_get_buffer
Luca Barbato [Fri, 8 Aug 2014 16:07:43 +0000 (18:07 +0200)]
avcodec: Introduce ff_get_buffer

Validate the image size there as is done in the other release
branches.

Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
5 years agoUpdate Changelog for v0.8.14 v0.8.14
Reinhard Tartler [Sat, 9 Aug 2014 00:49:45 +0000 (20:49 -0400)]
Update Changelog for v0.8.14

5 years agovp3: Copy all 3 frames for thread updates
Michael Niedermayer [Mon, 4 Aug 2014 00:06:51 +0000 (01:06 +0100)]
vp3: Copy all 3 frames for thread updates

Fixes a double release of the current frame on deinit.

Bug-Id: CVE-2011-3934
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
5 years agompegts: Do not try to write a PMT larger than SECTION_SIZE
Luca Barbato [Thu, 7 Aug 2014 15:10:32 +0000 (17:10 +0200)]
mpegts: Do not try to write a PMT larger than SECTION_SIZE

Prevent out of array write.

Similar to what Michael Niedermayer did to address the same issue.

Bug-Id: CVE-2014-2263
CC: libav-stable@libav.org
(cherry picked from commit addbaf134836aea4e14f73add8c6d753a1373257)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agompegts: Define the section length with a constant
Luca Barbato [Sun, 3 Aug 2014 17:27:07 +0000 (19:27 +0200)]
mpegts: Define the section length with a constant

The specification says the value is expressed in 10 bits including
the 4-byte CRC.

(cherry picked from commit 694b7cd873f8b06af109036eff1ccd741afdd28e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/mpegtsenc.c

5 years agoUpdate Changelog for v0.8.14
Reinhard Tartler [Thu, 7 Aug 2014 00:24:20 +0000 (20:24 -0400)]
Update Changelog for v0.8.14

5 years agoPrepare for 0.8.14 Release
Reinhard Tartler [Thu, 7 Aug 2014 00:24:47 +0000 (20:24 -0400)]
Prepare for 0.8.14 Release

5 years agoerror_concealment: avoid using the picture if not fully setup
Michael Niedermayer [Wed, 6 Aug 2014 17:19:57 +0000 (18:19 +0100)]
error_concealment: avoid using the picture if not fully setup

Fixes state becoming inconsistent and a null pointer dereference.

CC: libav-stable@libav.org
Bug-Id: CVE-2013-0860
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agosvq1: do not modify the input packet
Anton Khirnov [Sun, 3 Aug 2014 08:14:48 +0000 (10:14 +0200)]
svq1: do not modify the input packet

The input data must remain constant, make a copy instead. This is in
theory a performance hit, but since I failed to find any samples
using this feature, this should not matter in practice.

Also, check the size of the header, avoiding invalid reads on truncated
data.

CC:libav-stable@libav.org
(cherry picked from commit 7b588bb691644e1b3c168b99accf74248a24e3cf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/svq1dec.c

5 years agocdgraphics: do not return 0 from the decode function
Anton Khirnov [Wed, 6 Aug 2014 10:56:34 +0000 (10:56 +0000)]
cdgraphics: do not return 0 from the decode function

0 means no data consumed, so it can trigger an infinite loop in the
caller.

CC:libav-stable@libav.org
(cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/cdgraphics.c

5 years agocdgraphics: switch to bytestream2
Anton Khirnov [Wed, 6 Aug 2014 10:46:50 +0000 (10:46 +0000)]
cdgraphics: switch to bytestream2

Fixes possible invalid memory accesses on corrupted data.

CC:libav-stable@libav.org
Bug-ID: CVE-2013-3674
(cherry picked from commit a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agohuffyuvdec: check width size for yuv422p
Michael Niedermayer [Sat, 2 Aug 2014 23:54:33 +0000 (00:54 +0100)]
huffyuvdec: check width size for yuv422p

Avoid out of array accesses.

CC: libav-stable@libav.org
Bug-Id: CVE-2013-0848
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit a7153444df9040bf6ae103e0bbf6104b66f974cb)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/huffyuvdec.c

5 years agommvideo: check horizontal coordinate too
Michael Niedermayer [Sun, 3 Aug 2014 18:24:18 +0000 (19:24 +0100)]
mmvideo: check horizontal coordinate too

Fixes out of array accesses.

Bug-Id: CVE-2013-3672
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 70cd3b8e659c3522eea5c16a65d14b8658894a94)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agohuffyuv: Check and propagate function return values
Diego Biurrun [Sun, 3 Aug 2014 19:19:10 +0000 (12:19 -0700)]
huffyuv: Check and propagate function return values

Bug-Id: CVE-2013-0868

inspired by a patch from Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 744b406ff3474e77543bcf86125a2f7bc7deaa18)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavcodec/huffyuvdec.c

5 years agotwinvq: fix out of bounds array access
Mans Rullgard [Tue, 1 May 2012 17:27:19 +0000 (18:27 +0100)]
twinvq: fix out of bounds array access

ModeTab.fmode has only 3 elements, so indexing it with ftype
in the initialier for 'size' is invalid when ftype == FT_PPC.

This fixes crashes with gcc 4.8.

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 4bf2e7c5f1c0ad3997fd7c9859c16db8e4e16df6)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoh264: slice-mt: check master context for valid current_picture_ptr
Janne Grunau [Wed, 5 Dec 2012 19:08:01 +0000 (20:08 +0100)]
h264: slice-mt: check master context for valid current_picture_ptr

Fixes errors in slice based multithreading introduced in 0b300daad2f5.

CC: libav-stable@libav.org
(cherry picked from commit 5945c7b35d9169caf9ecef1c419eebdebb909e60)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoh264: prevent theoretical infinite loop in SEI parsing
Vittorio Giovara [Wed, 30 Jul 2014 18:33:36 +0000 (19:33 +0100)]
h264: prevent theoretical infinite loop in SEI parsing

Properly address CVE-2011-3946 and parse bitstream as described in the spec.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
5 years agoh264_sei: check SEI size
Michael Niedermayer [Thu, 19 Sep 2013 14:26:25 +0000 (16:26 +0200)]
h264_sei: check SEI size

Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
5 years agopgssubdec: Check RLE size before copying
Michael Niedermayer [Thu, 31 Jul 2014 01:31:19 +0000 (21:31 -0400)]
pgssubdec: Check RLE size before copying

Make sure the buffer size does not exceed the expected
RLE size.

Prevent an out of array bound write.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Bug-Id: CVE-2013-0852

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 00915d3cd2ce61db3d6dc11f63566630a9aff4ec)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agox86: Fix linking with some or all of yasm, mmx, optimizations disabled
Diego Biurrun [Wed, 29 Aug 2012 09:14:17 +0000 (11:14 +0200)]
x86: Fix linking with some or all of yasm, mmx, optimizations disabled

Some optimized template functions reference optimized symbols, so they
must be explicitly disabled when those symbols are unavailable.

(cherry picked from commit ec36aa69448f20a78d8c4588265022e0b2272ab5)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agocmdutils: Conditionally compile libswscale-related bits
Diego Biurrun [Mon, 29 Oct 2012 17:00:14 +0000 (18:00 +0100)]
cmdutils: Conditionally compile libswscale-related bits

This fixes compilation with libswscale disabled.

(cherry picked from commit ab799664755c8bc2c439c428ff5b538c105a5c38)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agovideo4linux2: Avoid a floating point exception
Bernhard Übelacker [Sun, 27 Jul 2014 15:38:59 +0000 (08:38 -0700)]
video4linux2: Avoid a floating point exception

This avoids a segfault in avconv_opt.c:opt_target when trying to
determine the norm.

(cherry picked from commit dc71f1958846bb1d96de43a4603983dc8450cfcc)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agovf_select: Drop a debug av_log with an unchecked double to enum conversion
Diego Biurrun [Tue, 29 Jul 2014 12:43:04 +0000 (05:43 -0700)]
vf_select: Drop a debug av_log with an unchecked double to enum conversion

CC: libav-stable@libav.org
(cherry picked from commit a8d803a320fb08b3ad5db4fffc79abd401206905)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoeamad: use the bytestream2 API instead of AV_RL
Anton Khirnov [Sun, 20 Jul 2014 12:06:47 +0000 (12:06 +0000)]
eamad: use the bytestream2 API instead of AV_RL

This is safer and possibly fixes invalid reads on truncated data.
(cherry-picked from commit 541427ab4d5b4b6f5a90a687a06decdb78e7bc3c)

CC:libav-stable@libav.org

Conflicts:
libavcodec/eamad.c

(cherry picked from commit f9204ec56a4cf73843d1e5b8563d3584c2c05b47)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoUpdate Changelog for 0.8.13 v0.8.13
Reinhard Tartler [Fri, 27 Jun 2014 01:34:03 +0000 (21:34 -0400)]
Update Changelog for 0.8.13

5 years agoPrepare for 0.8.13 Release
Reinhard Tartler [Fri, 27 Jun 2014 01:33:18 +0000 (21:33 -0400)]
Prepare for 0.8.13 Release

5 years agolzo: Handle integer overflow
Luca Barbato [Thu, 19 Jun 2014 21:26:58 +0000 (23:26 +0200)]
lzo: Handle integer overflow

get_len can overflow for specially crafted payload.

Reported-By: Don A. Baley <donb@securitymouse.com>
CC: libav-stable@libav.org
(cherry picked from commit ccda51b14c0fcae2fad73a24872dce75a7964996)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavutil/lzo.c

5 years agosgidec: fix an incorrect backport
Sean McGovern [Mon, 2 Jun 2014 22:35:25 +0000 (18:35 -0400)]
sgidec: fix an incorrect backport

Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agoAdd some bug references v0.8.12
Reinhard Tartler [Sun, 1 Jun 2014 20:12:58 +0000 (16:12 -0400)]
Add some bug references

5 years agoUpdate Changelog for 0.8.12
Sean McGovern [Sun, 1 Jun 2014 18:20:46 +0000 (14:20 -0400)]
Update Changelog for 0.8.12

5 years agoPrepare for 0.8.12 Release
Reinhard Tartler [Sun, 1 Jun 2014 00:09:10 +0000 (20:09 -0400)]
Prepare for 0.8.12 Release

5 years agoh264: set parameters from SPS whenever it changes
Janne Grunau [Fri, 16 Nov 2012 00:12:40 +0000 (01:12 +0100)]
h264: set parameters from SPS whenever it changes

Fixes a crash in the fuzzed sample sample_varPAR.avi_s26638 with
alternating bit depths.

5 years agoalac: Limit max_samples_per_frame
Martin Storsjö [Tue, 3 Sep 2013 08:54:03 +0000 (11:54 +0300)]
alac: Limit max_samples_per_frame

Otherwise buffer size calculations in allocate_buffers could
overflow later, making the code think a large enough buffer
actually was allocated.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
5 years agoswscale: Fix an undefined behaviour
Luca Barbato [Thu, 1 May 2014 22:21:23 +0000 (00:21 +0200)]
swscale: Fix an undefined behaviour

Prevent a division by zero down the codepath.

Sample-Id: 00001721-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
5 years agoapedec: do not buffer decoded samples over AVPackets
Rafaël Carré [Tue, 27 Aug 2013 15:35:49 +0000 (17:35 +0200)]
apedec: do not buffer decoded samples over AVPackets

Only consume an AVPacket when all the samples have been read.

When the rate of samples output is limited (by the default value
of max_samples), consuming the first packet immediately will cause
timing problems:

- The first packet with PTS 0 will output 4608 samples and be
consumed entirely
- The second packet with PTS 64 will output the remaining samples
(typically, a lot, that's why max_samples exist) until the decoded
samples of the first packet have been exhausted, at which point the
samples of the second packet will be decoded and output when
av_decode_frame is called with the next packet).

That means there's a PTS jump since the first packet is 'decoded'
immediately, which can be seen with avplay or mplayer: the timing
jumps immediately to 6.2s (which is the size of a packet).

Sample: http://streams.videolan.org/issues/6348/Goldwave-MAClib.ape

Bug-Debian: http://bugs.debian.org/744901
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 91d4cfb8127f1de6c4ad173a30fffe584700046d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
5 years agoisom: lpcm in mov default to big endian
Mark Himsley [Fri, 1 Nov 2013 11:22:53 +0000 (11:22 +0000)]
isom: lpcm in mov default to big endian

It is my understanding that "Unless otherwise stated, all data in a
QuickTime movie is stored in big-endian byte ordering" [1] in MOV files.

I have a couple of thousand files, which technically are invalid because
their sound sample description element 4CC is 'lpcm' but its version is
0 - and "Version 0 supports only uncompressed audio in raw ('raw ') or
twos-complement ('twos') format" [2]

Because isom.c only contains a mapping for 4CC 'lpcm' to
AV_CODEC_ID_PCM_S16LE, these files have their audio decoded as LE when
it is actually BE.

This commit adds AV_CODEC_ID_PCM_S16BE as the first match for 4CC 'lpcm'.

[1]
https://developer.apple.com/library/mac/documentation/quicktime/QTFF/qtff.pdf
page 21
[2]
https://developer.apple.com/library/mac/documentation/quicktime/QTFF/qtff.pdf
page 178

Reviewed-by: Yusuke Nakamura <muken.the.vfrmaniac@gmail.com>
5 years agomovdec: handle 0x7fff langcode as macintosh per the specs
Baptiste Coudurier [Wed, 21 Mar 2012 21:18:16 +0000 (14:18 -0700)]
movdec: handle 0x7fff langcode as macintosh per the specs

The correct point that seperates ISO and MAC language codes is 0x400
according to the current QT spec. Old QT specs did not list where this
seperation is but apparently only defined the meaning of the first 137.

(cherry picked from commit 9e71cc81f3655cacf0f91860fba3043f13b64059)
(cherry picked from commit 7940306a47df602be4f57a62175706265bbfd0aa)