libav.git
2 years agoUpdate changelog for v11.9 v11.9
Sean McGovern [Mon, 10 Apr 2017 00:57:58 +0000 (20:57 -0400)]
Update changelog for v11.9

2 years agompeg4videodec: raise an error if sprite_trajectory.table is NULL
Sean McGovern [Thu, 30 Mar 2017 20:21:38 +0000 (16:21 -0400)]
mpeg4videodec: raise an error if sprite_trajectory.table is NULL

CC: libav-stable@libav.org
Bug-Id: 1012
(cherry picked from commit 6ac0e7818399a57e4684202bac79f35b3561ad1e)

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agovf_fade: Make sure to not miss the last lines of a frame
Martin Storsjö [Thu, 16 Feb 2017 10:23:20 +0000 (12:23 +0200)]
vf_fade: Make sure to not miss the last lines of a frame

When slice_h is rounded up due to chroma subsampling, there's
a risk that jobnr * slice_h exceeds frame->height.

Prior to a638e9184d63, this wasn't an issue for the last slice
of a frame, since slice_end was set to frame->height for the last
slice.

a638e9184d63 tried to fix the case where other slices than the
last one would exceed frame->height (which can happen where the
number of slices/threads is very large compared to the frame
height).

However, the fix in a638e9184d63 instead broke other cases,
where slice_h * nb_threads < frame->height. Therefore, make
sure the last slice always ends at frame->height.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f5de34c8fb18fa1416e77d2cb998773a49ddb3d)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agomatroskadec: make sure not to leave EbmlBin in an inconsistent state
Anton Khirnov [Wed, 28 Dec 2016 12:15:14 +0000 (13:15 +0100)]
matroskadec: make sure not to leave EbmlBin in an inconsistent state

If a read fails, the current code will free the data but leave the size
non-zero. Make sure the size is zeroed in such a case.

CC: libav-stable@libav.org
Bug-Id: 1001
Found-By: Kamil Frankowicz
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
(cherry picked from commit 9026ec8aaf5fa19cb4fb266c16f608af0d863b2b)

2 years agocmdutils: update copyright year to 2017
Sean McGovern [Sun, 1 Jan 2017 21:31:15 +0000 (16:31 -0500)]
cmdutils: update copyright year to 2017

CC: libav-stable@libav.org
(cherry picked from commit d31f46e1999fab31be46f0cbce0546a5aa49fe48)

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agohttp: Check for negative chunk sizes
Martin Storsjö [Thu, 15 Dec 2016 08:24:20 +0000 (10:24 +0200)]
http: Check for negative chunk sizes

A negative chunk size is illegal and would end up used as
length for memcpy, where it would lead to memory accesses
out of bounds.

Found-by: Paul Cher <paulcher@icloud.com>
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 131644677970a3c4a0096270ea2a5b5d437c2e63)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agompeg12dec: move setting first_field to mpeg_field_start()
Anton Khirnov [Sat, 17 Dec 2016 16:04:55 +0000 (17:04 +0100)]
mpeg12dec: move setting first_field to mpeg_field_start()

For field picture, the first_field is set based on its previous value.
Before this commit, first_field is set when reading the picture
coding extension. However, in corrupted files there may be multiple
picture coding extension headers, so the final value of first_field that
is actually used during decoding can be wrong. That can lead to various
undefined behaviour, like predicting from a non-existing field.

Fix this problem, by setting first_field in mpeg_field_start(), which
should be called exactly once per field.

CC: libav-stable@libav.org
Bug-ID: 999
(cherry picked from commit c2fa6bb0e8703a7a6aa10e11f9ab36094416d83f)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agompeg12dec: avoid signed overflow in bitrate calculation
Anton Khirnov [Sat, 17 Dec 2016 14:07:51 +0000 (15:07 +0100)]
mpeg12dec: avoid signed overflow in bitrate calculation

CC: libav-stable@libav.org
Bug-Id: 981
Found-By: Agostino Sarubbo
(cherry picked from commit e807491fc6a336e4becc0cbc981274a8fde18aba)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agompegvideo_parser: avoid signed overflow in bitrate calculation
Anton Khirnov [Sat, 17 Dec 2016 14:07:51 +0000 (15:07 +0100)]
mpegvideo_parser: avoid signed overflow in bitrate calculation

CC: libav-stable@libav.org
Bug-Id: 981
Found-By: Agostino Sarubbo
(cherry picked from commit 58405de0951a843765625159402870c1eea3c3b1)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agoh264_slice: Wait for refs to be available before we use them in error concealment
Derek Buitenhuis [Mon, 12 Dec 2016 14:33:27 +0000 (14:33 +0000)]
h264_slice: Wait for refs to be available before we use them in error concealment

This could happen when there was a frame number gap and frame threading was used.

Debugging-by: Ronald S. Bultje <rsbultje@gmail.com>
Debugging-by: Justin Ruggles <justin.ruggles@gmail.com>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2 years agoh264: er: Copy from the previous reference only if compatible
Andreas Cadhalpun [Sun, 14 Jun 2015 10:40:18 +0000 (12:40 +0200)]
h264: er: Copy from the previous reference only if compatible

Also use the frame pixel format instead of the one from the codec
context, which is more robust.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a4fbd55d6e03eabdbecc3b7892ec09eb8062d066)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/h264_slice.c

2 years agompegvideo: Fix undefined negative shifts in mpeg_motion_internal
Luca Barbato [Fri, 4 Mar 2016 15:57:29 +0000 (16:57 +0100)]
mpegvideo: Fix undefined negative shifts in mpeg_motion_internal

Bug-Id: 980

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 0242351390643d176b10600c2eb854414f9559e6)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agompegvideo: Fix undefined negative shifts in ff_init_block_index
Luca Barbato [Wed, 2 Mar 2016 23:52:23 +0000 (18:52 -0500)]
mpegvideo: Fix undefined negative shifts in ff_init_block_index

Bug-Id: 980
Found-by: gcc5-ubsan.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 7d4a1ff344cbf969ac648642a0fd8484fd5b8637)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agom4vdec: Check for non-startcode 00 00 00 sequences in probe
Michael Niedermayer [Sun, 7 Sep 2014 14:39:39 +0000 (16:39 +0200)]
m4vdec: Check for non-startcode 00 00 00 sequences in probe

This makes the m4v detection less trigger-happy.

Bug-Id: 962
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit e5b019725f53b79159931d3a7317107cbbfd0860)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agom4vdec: K&R formatting cosmetics
Gabriel Dume [Tue, 23 Sep 2014 14:29:59 +0000 (10:29 -0400)]
m4vdec: K&R formatting cosmetics

Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 4620affa24eedb167482198aa04126bcedd05620)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agoavconv: Fix the audio next dts computation
Luca Barbato [Mon, 28 Nov 2016 19:52:47 +0000 (20:52 +0100)]
avconv: Fix the audio next dts computation

Use the correct timebase.

CC: libav-stable@libav.org
(cherry picked from commit d0c84c41d33ffd270d5f9fe0290e08341397fdee)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
Conflicts:
avconv.c

2 years agortsp: Fix a crash with the RTSP muxer
Martin Storsjö [Thu, 15 Sep 2016 11:21:38 +0000 (14:21 +0300)]
rtsp: Fix a crash with the RTSP muxer

This was introduced in bc2a32969e.

The whole block that the statement was added to is only
relevant when used as a demuxer, but the other statements
there have had other if statements guarding them. Make
sure to only run this whole block if being used as a
demuxer.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit df3795025337479a639cb3cd26c93a4e82ccd4db)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
Conflicts:
libavformat/rtsp.c

2 years agortsp: move the CONFIG_ macros to the beginning of the check
Vittorio Giovara [Sat, 29 Nov 2014 16:39:41 +0000 (17:39 +0100)]
rtsp: move the CONFIG_ macros to the beginning of the check

With --disable-optimizations, the DCE of some compilers does not remove
such unused code, causing linking failure.

(cherry picked from commit 604c9b1196c70d79bbbc1f23e75f6a8253a74da3)
Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
2 years agoaacsbr: Check that sample_rate is not 0 before division
Diego Biurrun [Wed, 2 Nov 2016 14:41:47 +0000 (15:41 +0100)]
aacsbr: Check that sample_rate is not 0 before division

Bug-Id: 957

3 years agortmpproto: Send chunk size on the network channel
Martin Storsjö [Thu, 13 Oct 2016 13:17:11 +0000 (16:17 +0300)]
rtmpproto: Send chunk size on the network channel

This makes sure that e.g. Adobe FME actually reacts to it. As long
as the value we've been sending is the default one (128), the bug
hasn't been noticed.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8b5e0d17e70400eaf5dc3845b5c1df8b2b88d830)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 3155e05f6b69ad0100b6f858429fb3bf5370e480)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agortmpproto: Lengthen the filename buffer when receiving streams
Martin Storsjö [Thu, 13 Oct 2016 12:25:33 +0000 (15:25 +0300)]
rtmpproto: Lengthen the filename buffer when receiving streams

Some applications such as Adobe FME append lots of parameters
here, making it easily overflow the current limit.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d6ded94036e43a04889f4ff2813a7f7dd60b82fe)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit b4f65c050c881b4e5aa90222f995500b0ca92fd1)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agortmpproto: Check the return from ff_amf_read_string
Martin Storsjö [Thu, 13 Oct 2016 12:24:54 +0000 (15:24 +0300)]
rtmpproto: Check the return from ff_amf_read_string

If this failed, we used to continue with an uninitialized
filename buffer.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 7395784ba72742b6daa62d35db4028e09f3fdf06)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 25da35dadade75526157dddf8637d43e34834b1e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agofile protocol: handle the file: protocol string in file_check
Anton Khirnov [Thu, 13 Oct 2016 08:03:18 +0000 (10:03 +0200)]
file protocol: handle the file: protocol string in file_check

This is consistent with what file_open() does.

CC: libav-stable@libav.org
(cherry picked from commit 20b75970e43a030f959b17ff2dfd561174b6f24e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0464c3c706c88c71dbaa5c8a3d07bcb69ab05abd)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agompegvideo_motion: Handle edge emulation even without unrestricted_mv
Michael Niedermayer [Tue, 12 Nov 2013 15:11:42 +0000 (16:11 +0100)]
mpegvideo_motion: Handle edge emulation even without unrestricted_mv

Fix out of bounds read.

Bug-Id: 959
Found by: F4B3CD@STARLAB and Agostino Sarubbo
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 136f55207521f0b03194ef5b55ba70f1635d6aee)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoaudiodsp/x86: clear the high bits of the order parameter on 64bit
Anton Khirnov [Tue, 9 Aug 2016 12:17:15 +0000 (14:17 +0200)]
audiodsp/x86: clear the high bits of the order parameter on 64bit

Also change shl to add, since it can be faster on some CPUs.

CC: libav-stable@libav.org
(cherry picked from commit 75d98e30afab61542faab3c0f11880834653bd6b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agoaudiodsp/x86: fix ff_vector_clip_int32_sse2
Anton Khirnov [Tue, 9 Aug 2016 12:17:15 +0000 (14:17 +0200)]
audiodsp/x86: fix ff_vector_clip_int32_sse2

This version, which is the only one doing two processing cycles per loop
iteration, computes the load/store indices incorrectly for the second
cycle.

CC: libav-stable@libav.org
(cherry picked from commit 1d6c76e11febb58738c9647c47079d02b5e10094)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agolibvpxenc: remove some unused ctrl id mappings
James Zern [Tue, 20 Oct 2015 05:44:11 +0000 (22:44 -0700)]
libvpxenc: remove some unused ctrl id mappings

VP8E_UPD_ENTROPY, VP8E_UPD_REFERENCE, VP8E_USE_REFERENCE were removed
from libvpx and the remaining values were never used here

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Zern <jzern@google.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 4d05e9392f84702e3c833efa86e84c7f1cf5f612)

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
3 years agoUpdate changelog for v11.8 v11.8
Sean McGovern [Tue, 30 Aug 2016 02:56:15 +0000 (22:56 -0400)]
Update changelog for v11.8

3 years agoavprobe: Fix memory leak
Vittorio Giovara [Thu, 21 Jul 2016 13:47:47 +0000 (15:47 +0200)]
avprobe: Fix memory leak

After init_opts() there needs to be an uninit_opts() call
to free the swscale context and other buffers.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoavprobe: do not call avio_close() on a custom context
Anton Khirnov [Fri, 19 Feb 2016 13:18:15 +0000 (14:18 +0100)]
avprobe: do not call avio_close() on a custom context

avio_close() can only be called on AVIOContexts created by avio_open(2).

3 years agomov: Remove old b-frame/video delay heuristic
Derek Buitenhuis [Fri, 26 Aug 2016 13:30:07 +0000 (14:30 +0100)]
mov: Remove old b-frame/video delay heuristic

This was added before edts support existed, and is no longer
valid.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agomov: Remove ancient heuristic hack
Derek Buitenhuis [Fri, 26 Aug 2016 13:30:06 +0000 (14:30 +0100)]
mov: Remove ancient heuristic hack

This breaks files with legitimate single-entry edit lists,
and the hack, introduced in f03a081df09f9c4798a17d7e24446ed47924b11b,
has no link to any known sample in its commit message.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agomss12: validate display dimensions
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
mss12: validate display dimensions

The code currently reads the coded dimensions from the extradata, but
expects the display dimensions to be set by the caller, and does not
check that they are compatible (i.e. that the displayed size is smaller
than the coded size).

Make sure that when the display dimensions are set, they are also valid.
Fixes possible invalid memory access.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 6755eb5b212384e0599f7f2c5de42df49fff57de)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agovc1: check that slices have a positive height
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
vc1: check that slices have a positive height

Fixes possible invalid reads.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 33f10546ec012ad4e1054b57317885cded7e953e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agopcx: use the bytestream2 API for reading from input
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
pcx: use the bytestream2 API for reading from input

Fixes possible invalid reads.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 09b23786b3986502ee88d4907356979127169bdd)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/pcx.c

3 years agopcx: check that the packet is large enough before reading the header
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
pcx: check that the packet is large enough before reading the header

Fixes possible invalid reads.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 221402c1c88b9d12130c6f5834029b535ee0e0c5)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agopcx: properly pad the scanline
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
pcx: properly pad the scanline

It is passed to the get_bits API, which requires buffers to be padded.

Fixes possible invalid reads.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 15ee419b7abaf17f8c662c145fe93d3dbf43282b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agocook: use the bytestream2 API for reading extradata
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
cook: use the bytestream2 API for reading extradata

Fixes possible invalid reads in corrupted files.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 409d1cd2c955485798f8b0b0147c2b899b9144ec)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agoqpeg: fix an off by 1 error in the MV check
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
qpeg: fix an off by 1 error in the MV check

height - me_y is the line from which we read, so it must be strictly
smaller than the frame height. Fixes possible invalid reads in corrupted
files.

Also, use a proper context for logging the error.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit bba9d8bdfb208b0ec2ccf182530347151ee3528b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agoalac: do not return success if nothing was decoded
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
alac: do not return success if nothing was decoded

If we encounter an END element before anything is decoded, we would
return success even though the output frame has not been allocated,
which is invalid.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 796dca027be09334d7bbf4f2ac1200e06bb054cb)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agovmnc: check that subrectangles fit into their containing rectangles
Anton Khirnov [Sun, 14 Aug 2016 08:18:39 +0000 (10:18 +0200)]
vmnc: check that subrectangles fit into their containing rectangles

Fixes possible invalid writes with corrupted files.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit f5d46d332258dcd8ca623019ece1d5e5bb74142b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agoriff: don't overwrite bps from WAVEFORMATEX if EXTENSIBLE doesn't contain that data.
Hendrik Leppkes [Wed, 2 May 2012 14:34:45 +0000 (16:34 +0200)]
riff: don't overwrite bps from WAVEFORMATEX if EXTENSIBLE doesn't contain that data.

According to the specification on the MSDN [1], 0 is valid for that
particular field, and it should be ignored in that case.

[1]: http://msdn.microsoft.com/en-us/library/windows/desktop/dd757714(v=vs.85).aspx

Bug-Id: 950

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7f549b8338ed3775fec4bf10421ff5744e5866dd)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agovp9: make mv bounds 32bit.
Ronald S. Bultje [Tue, 7 Jan 2014 12:24:03 +0000 (07:24 -0500)]
vp9: make mv bounds 32bit.

The frame dimensions are 16bit, so the mv bounds can easily overflow
int16 for large videos.

Bug-Id: Handbrake/46
CC: libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0df4801105d84883071b0978cb3afc7cd5184ce8)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agobuffer: fix av_buffer_realloc() when the data is offset wrt buffer start
Anton Khirnov [Tue, 2 Aug 2016 19:16:44 +0000 (21:16 +0200)]
buffer: fix av_buffer_realloc() when the data is offset wrt buffer start

In such a case behave as if the buffer was not reallocatable -- allocate a
new one and copy the data (preserving just the part described by the
reference passed to av_buffer_realloc).

CC: libav-stable@libav.org
Reported-By: wm4 <nfxjfg@googlemail.com>
(cherry picked from commit 24a362569bff1d4161742fffaca80a4a4428be8a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agomimic: do not release the newly obsolete reference at the end of decoding
Anton Khirnov [Mon, 25 Jul 2016 11:52:59 +0000 (13:52 +0200)]
mimic: do not release the newly obsolete reference at the end of decoding

The reference frames are used in update_thread_context(), so modifying
them after finish_setup() is a race. The frame in question will be
released during the next decode call.

CC: libav-stable@libav.org
(cherry picked from commit a115eb9e750543f1d8bf951414d291069bf396c2)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agoh264: only allow starting a new picture in the first slice thread
Anton Khirnov [Wed, 20 Jul 2016 11:39:10 +0000 (13:39 +0200)]
h264: only allow starting a new picture in the first slice thread

Decoding different pictures in different slice threads simultaneously
leads to all kinds of UB.

Bug-Id: 690

3 years agolibrtmp: Avoid an infiniloop setting connection arguments
Luca Barbato [Wed, 22 Jun 2016 04:36:31 +0000 (06:36 +0200)]
librtmp: Avoid an infiniloop setting connection arguments

The exit condition was missing.

CC: libav-stable@libav.org
(cherry picked from commit 4dbfcd07570a9e45e9597561023adb6da26f27f6)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoac3: Check the array bound before dereferencing
Luca Barbato [Thu, 26 May 2016 00:41:25 +0000 (02:41 +0200)]
ac3: Check the array bound before dereferencing

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agofft: ppc: Place ff_fft_calc_interleave_altivec() under correct ifdefs
Diego Biurrun [Sat, 30 Jan 2016 13:39:00 +0000 (14:39 +0100)]
fft: ppc: Place ff_fft_calc_interleave_altivec() under correct ifdefs

Also fix #endif comments in the FFT init code.

(cherry picked from commit 47570dbde8b33001d5ccac44e7ebaaeecbcb807c)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoppc: Restrict some Altivec implementations to Big Endian
Luca Barbato [Sun, 10 May 2015 21:22:17 +0000 (23:22 +0200)]
ppc: Restrict some Altivec implementations to Big Endian

In Little Endian the vec_ld/vec_st operations work as
expected only for byte-vectors.

(cherry picked from commit da60b99a8857d5ca236f32c1799a066e0135a866)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoppc: linux: Check altivec using the auxv
Luca Barbato [Fri, 3 Apr 2015 13:31:32 +0000 (15:31 +0200)]
ppc: linux: Check altivec using the auxv

Should prevent trying to use altivec when it is disabled by the kernel.

(cherry picked from commit baa94563fede8959a638b0fa132dd2124acd93e8)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoppc: avutil: Drop a potentially dangerous workaround
Luca Barbato [Sun, 10 May 2015 20:48:30 +0000 (22:48 +0200)]
ppc: avutil: Drop a potentially dangerous workaround

The compiler is free to optimize such expressions in any sort of way.

(cherry picked from commit 254eb5b6faebb7bcfc3cefc1edced6652fe9d5be)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoppc: Support little endian intreadwrite
Luca Barbato [Thu, 28 Aug 2014 17:40:45 +0000 (19:40 +0200)]
ppc: Support little endian intreadwrite

(cherry picked from commit c19a49e565bd06ea47947d50779ba236df9d4943)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agoUpdate changelog for v11.7 v11.7
Sean McGovern [Tue, 26 Apr 2016 23:15:44 +0000 (19:15 -0400)]
Update changelog for v11.7

3 years agomatroska: Support V_QUICKTIME as written in the specification
Luca Barbato [Sat, 12 Mar 2016 12:46:13 +0000 (13:46 +0100)]
matroska: Support V_QUICKTIME as written in the specification

Check if the size is written the first 4 bytes and read the next 4
as fourcc candidate, fallback checking the initial for 4 bytes.

"The CodecPrivate contains all additional data that is stored in the
'stsd' (sample description) atom in the QuickTime file after the
mandatory video descriptor structure (starting with the size and FourCC
fields)"

CC: libav-stable@libav.org
(cherry picked from commit 8b4b1c1eea9daa4e2003aa0935e73f56aab8102d)

Conflicts:

libavformat/matroskadec.c

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
3 years agomov: Check the entries value when parsing dref boxes
Luca Barbato [Tue, 8 Mar 2016 10:57:16 +0000 (11:57 +0100)]
mov: Check the entries value when parsing dref boxes

And properly reset the entries count when resetting the entries.

CC: libav-stable@libav.org
Bug-Id: 929
Bug-Id: CVE-2016-3062
(cherry picked from commit 7e01d48cfd168c3dfc663f03a3b6a98e0ecba328)

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
3 years agoindeo2: Fix banding artefacts
Luca Barbato [Tue, 23 Feb 2016 00:58:19 +0000 (19:58 -0500)]
indeo2: Fix banding artefacts

Rename luma table to delta table and change how it is used.

CC: libav-stable@libav.org
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit f8c34f4b8d62afad3f63cf3d9617d73735bef8c1)

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
3 years agoindeo2data: K&R formatting cosmetics
Luca Barbato [Tue, 23 Feb 2016 00:58:18 +0000 (19:58 -0500)]
indeo2data: K&R formatting cosmetics

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit d4066a702407352a0648af882c34ea81a404fa2b)

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
3 years agopgssub: Fix subpicture colorspace and range
Jan Ekström [Sun, 24 Apr 2016 18:33:45 +0000 (20:33 +0200)]
pgssub: Fix subpicture colorspace and range

Widen the values from limited to full range and use BT.709 where it
should be used according to the video resolution:

SD is BT.601, HD is BT.709

Default to BT.709 due to most observed HDMV content being HD.

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
3 years agocolorspace: Add support for BT709
Jan Ekström [Sun, 24 Apr 2016 18:30:06 +0000 (20:30 +0200)]
colorspace: Add support for BT709

BT.709 coefficients were gathered from the first two parts of BT.709
to BT.2020 conversion guide in ARIB STD-B62 (Pt. 1, Chapter 6.2.2).
They were additionally confirmed by manually calculating values.

Signed-off-by: Sean McGovern <gseanmcg@gmail.com>
3 years agocmdutils: update copyright year to 2016
Sean McGovern [Sat, 12 Mar 2016 19:38:10 +0000 (14:38 -0500)]
cmdutils: update copyright year to 2016

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoavpacket: fix setting AVPacket.data in av_packet_ref()
Anton Khirnov [Thu, 12 May 2016 13:34:58 +0000 (15:34 +0200)]
avpacket: fix setting AVPacket.data in av_packet_ref()

The data field does not necessarily point to the beginning of the
underlying AVBuffer.

CC: libav-stable@libav.org
(cherry picked from commit 8996515b137f962e3a8691241c285c96437b6c53)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agoavpacket: Check buffer reference
Vittorio Giovara [Mon, 2 Feb 2015 19:53:51 +0000 (20:53 +0100)]
avpacket: Check buffer reference

CC: libav-stable@libav.org
Bug-Id: CID 1267889
(cherry picked from commit fe0f4e56577a2dbd373bb50b0ae2d49e69d822fc)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agotls: Use the right return value for breaking out due to the interrupt callback
Martin Storsjö [Thu, 24 Mar 2016 09:27:49 +0000 (11:27 +0200)]
tls: Use the right return value for breaking out due to the interrupt callback

The retry_transfer_wrapper function higher up in the call chain
ignores AVERROR(EINTR), which only means "interrupted by system call".

This makes sure that returning due to the interrupt callback
works as intended.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
3 years agovf_fade: make sure the slice end is always in the frame
Anton Khirnov [Thu, 24 Mar 2016 20:38:54 +0000 (21:38 +0100)]
vf_fade: make sure the slice end is always in the frame

CC: libav-stable@libav.org
(cherry picked from commit a638e9184d63e57e67901f34afe919fd56fd3ac4)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
3 years agoasfenc: fix some possible integer overflows
Anton Khirnov [Fri, 4 Mar 2016 15:32:07 +0000 (16:32 +0100)]
asfenc: fix some possible integer overflows

Store the file duration in the same timebase it arrives (i.e.
milliseconds) and only convert it to the file duration units (100ns)
when it's actually written, thus simplifying some calculations. Also,
store the duration as unsigned, since it cannot be negative.

CC: libav-stable@libav.org
Bug-ID: CVE-2016-2326
(cherry picked from commit ff3db937ef3aa30046a3936146f86ad48ee2ff90)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavformat/asfenc.c

3 years agoUpdate changelog for v11.5 and v11.6 v11.6
Sean McGovern [Fri, 26 Feb 2016 22:46:44 +0000 (17:46 -0500)]
Update changelog for v11.5 and v11.6

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
3 years agoconcat: disable by default
Sean McGovern [Thu, 18 Feb 2016 23:51:12 +0000 (18:51 -0500)]
concat: disable by default

It is a known security issue.

Also, issue a Big Fat Warning if the user explicity requests it.

Original patch by Luca Barbato <lu_zero@gentoo.org>

3 years agoconfigure: add --enable-rpath
Reinhard Tartler [Sat, 23 Aug 2014 14:04:26 +0000 (10:04 -0400)]
configure: add --enable-rpath

This option facilitates testing shared libarary builds: for instance
fate builders do no longer need to set LD_LIBRARY_PATH as the binaries will
get the right search paths hardcoded into their executable file.

This option is only meant to be used for testing purposes: The installed
libraries must not move around in the file system, and doing so will
cause a lot of subtle problems. For more information why using RPATH is
dangerous, please refer to

https://blog.flameeyes.eu/2010/06/the-why-and-how-of-rpath

(cherry picked from commit 749b1f1359b5af0a08221923b016551b18ab6171)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
3 years agomatroska: Always consider S_TEXT/UTF8 as SRT when demuxing v11.5
Luca Barbato [Fri, 19 Feb 2016 12:49:43 +0000 (13:49 +0100)]
matroska: Always consider S_TEXT/UTF8 as SRT when demuxing

Reported-By: Maxim Koitsov <maksbotan@gentoo.org>
3 years agomkv: Force the full parsing of mp3
Luca Barbato [Sat, 6 Feb 2016 12:15:37 +0000 (13:15 +0100)]
mkv: Force the full parsing of mp3

Some muxer might or might not fit incomplete mp3 frames in
their packets.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agomov: Force the full parsing of mp3
Luca Barbato [Sat, 6 Feb 2016 12:15:36 +0000 (13:15 +0100)]
mov: Force the full parsing of mp3

Some muxer might or might not fit incomplete mp3 frames in
their packets.

Bug-Id: 899

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoUpdate changelog for v11.5
Sean McGovern [Sun, 7 Feb 2016 21:43:42 +0000 (16:43 -0500)]
Update changelog for v11.5

3 years agomov: Use the correct type for size
Luca Barbato [Tue, 9 Feb 2016 22:07:18 +0000 (23:07 +0100)]
mov: Use the correct type for size

An AVIO offset is int64_t.

Bug-Id: 921

3 years agoavi: Validate the stream-id for DV as well
Michael Niedermayer [Sat, 28 Nov 2015 20:06:45 +0000 (21:06 +0100)]
avi: Validate the stream-id for DV as well

Avoid false positives while syncing.

Bug-Id: ffmpeg/4086
Bug-Id: 879

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agodvdsubdec: Validate the RLE offsets
Luca Barbato [Wed, 11 Nov 2015 19:08:29 +0000 (20:08 +0100)]
dvdsubdec: Validate the RLE offsets

CC: libav-stable@libav.org
3 years agorpza: Check the blocks left before processing one
Luca Barbato [Sun, 1 Nov 2015 03:07:42 +0000 (04:07 +0100)]
rpza: Check the blocks left before processing one

Bug-Id: 903
CC: libav-stable@libav.org
Reported-By: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agolagarith: Correctly compute hash_shift
Luca Barbato [Sun, 1 Nov 2015 13:46:17 +0000 (14:46 +0100)]
lagarith: Correctly compute hash_shift

All the values are unsigned.

Bug-Id: 907
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agomsnwc_tcp: Correctly report failure
Luca Barbato [Sun, 1 Nov 2015 03:07:43 +0000 (04:07 +0100)]
msnwc_tcp: Correctly report failure

And prevent a memory leak

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agomimic: Always return on failure
Luca Barbato [Sun, 1 Nov 2015 03:07:46 +0000 (04:07 +0100)]
mimic: Always return on failure

Bug-Id: 905
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoflashsv: Initialize the block array
Luca Barbato [Sun, 1 Nov 2015 03:07:48 +0000 (04:07 +0100)]
flashsv: Initialize the block array

Otherwise flashsv2_prime could be fed random data.

Bug-Id: 908
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agotruemotion2: Fix the buffer check
Luca Barbato [Sun, 1 Nov 2015 03:07:47 +0000 (04:07 +0100)]
truemotion2: Fix the buffer check

The variable skip contains the expected size in bytes.

Bug-Id: 906
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agonut: Use the correct codec_tag when multiple are available
Luca Barbato [Thu, 3 Sep 2015 15:31:14 +0000 (17:31 +0200)]
nut: Use the correct codec_tag when multiple are available

Some codecs use the codec_tag to signal specific information and
picking the first one would lead to a broken file.

Bug-Id: 883
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoopus: Buffer the samples from the correct offset
Michael Niedermayer [Tue, 27 Oct 2015 12:47:12 +0000 (13:47 +0100)]
opus: Buffer the samples from the correct offset

When not all the opus stream have the same amount of decoded samples
process the least amount and store what is left from the other streams.

Bug-Id: 909
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agommvideo: Make sure the rle does not write over the frame boundaries
Luca Barbato [Thu, 10 Sep 2015 12:46:05 +0000 (14:46 +0200)]
mmvideo: Make sure the rle does not write over the frame boundaries

Bug-Id: 887
CC: libav-stable@libav.org
3 years agofile: properly forward errors from file_read() and file_write()
Sean McGovern [Thu, 27 Aug 2015 04:04:15 +0000 (00:04 -0400)]
file: properly forward errors from file_read() and file_write()

Bug-Id: 881

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agomux: Make sure that the data is actually written
Sean McGovern [Thu, 27 Aug 2015 04:04:16 +0000 (00:04 -0400)]
mux: Make sure that the data is actually written

And forward the error if it is not.

Bug-Id: 881

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoimgutils: Fix a typo in avcodec_get_pix_fmt_loss
Luca Barbato [Tue, 18 Aug 2015 14:18:30 +0000 (16:18 +0200)]
imgutils: Fix a typo in avcodec_get_pix_fmt_loss

If the candidate does not have alpha and the source does have alpha
report the loss of alpha.

CC: libav-stable@libav.org
3 years agovp7: bound checking in vp7_decode_frame_header
Federico Tomassetti [Thu, 13 Aug 2015 13:35:53 +0000 (15:35 +0200)]
vp7: bound checking in vp7_decode_frame_header

CC: libav-stable@libav.org
3 years agoconfigure: arm: Assume softfp ABI on darwin
Martin Storsjö [Fri, 14 Aug 2015 06:47:21 +0000 (09:47 +0300)]
configure: arm: Assume softfp ABI on darwin

Don't try to detect the float ABI by checking at the toolchain
name or by trying to assemble and link files with eabi_attributes.

This fixes the float ABI detection when building using clang
with -fembed-bitcode, where the current eabi_attributes check
accidentally passes.

This issue was pointed out by James Howe <james.howe@hp.com>.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
3 years agortsp: Allow $ as interleaved packet indicator before a complete response header
Martin Storsjö [Wed, 21 Oct 2015 08:56:36 +0000 (11:56 +0300)]
rtsp: Allow $ as interleaved packet indicator before a complete response header

Some RTSP servers ("HiIpcam/V100R003 VodServer/1.0.0") respond to
our keepalive GET_PARAMETER request by a truncated RTSP header
(lacking the final empty line to indicate a complete response
header). Prior to 764ec70149, this worked just fine since we
reacted to the $ as interleaved packet indicator anywhere.

Since $ is a valid character within the response header lines,
764ec70149 changed it to be ignored there. But to keep
compatibility with such broken servers, we need to at least
allow reacting to it at the start of lines.

Signed-off-by: Martin Storsjö <martin@martin.st>
3 years agortsp: Only interpret $ as interleaved packet indicator at the start of replies
Martin Storsjö [Wed, 21 Jan 2015 12:05:43 +0000 (13:05 +0100)]
rtsp: Only interpret $ as interleaved packet indicator at the start of replies

Allow $ as character anywhere within normal RTSP replies - both
within the lines, and as the first character of RTSP header lines.
(The existing old comment indicated that an inline packet could
start at any line within a RTSP reply header, but that doesn't
sound valid to me, and I'm not sure if the existing code
handled that correctly either.)

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
3 years agoaf_channelmap: properly set the supported output channel layouts
Anton Khirnov [Wed, 22 Jul 2015 09:30:37 +0000 (11:30 +0200)]
af_channelmap: properly set the supported output channel layouts

The current code expects query_formats() to be called exactly once, it
will leak if it's not called at all (filter initialized, but never
configured or used) or try to read freed memory if it's called more than
once.

Found-by: James Almer <jamrial@gmail.com>
CC: libav-stable@libav.org
3 years agoarm: use a local label instead of the function symbol in ff_prefetch_arm
Janne Grunau [Mon, 20 Jul 2015 08:46:15 +0000 (10:46 +0200)]
arm: use a local label instead of the function symbol in ff_prefetch_arm

Avoids a relocation which might end out of range for thumb2.

Reported-By: Ludovic Fauvet <etix@videolan.org>
Bug-Id: https://bugs.webkit.org/show_bug.cgi?id=137022
CC: libav-stable@libav.org
3 years agobytestream2: set the reader to the end when reading more than available
Anton Khirnov [Fri, 10 Jul 2015 07:31:24 +0000 (09:31 +0200)]
bytestream2: set the reader to the end when reading more than available

This prevents possible infinite loops with the calling code along the
lines of while (bytestream2_get_bytes_left()) { ... }, where the reader
does not advance.

CC: libav-stable@libav.org
3 years agog726: Do not crash on user mistake
Luca Barbato [Sat, 11 Jul 2015 09:47:13 +0000 (11:47 +0200)]
g726: Do not crash on user mistake

Properly report the sample rate as invalid

CC: libav-stable@libav.org
3 years agoavconv: vda: Unlock the pixel buffer once it is accessed
Sebastien Zwickert [Wed, 8 Jul 2015 18:23:37 +0000 (20:23 +0200)]
avconv: vda: Unlock the pixel buffer once it is accessed

Avoid possible issues with memmapped hardware buffers in
case VDA is not doing a conversion on behalf of the user
and make the code more proper as working example.

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoh261: Signal freeze picture release for intra frames
Stian Selnes [Tue, 2 Dec 2014 17:55:13 +0000 (18:55 +0100)]
h261: Signal freeze picture release for intra frames

Freeze picture release should be set to 1 when we're responding to a
fast update request. For simplicity we set it for all intra frames,
including those that starts a GOP.

Fixes issue where Tandberg MXP1700 does not recover from packet loss
state since it's waiting for the freeze picture relase indication.

Bug-Id: 873
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agoh261: Set 'still image mode off' in picture header
Stian Selnes [Fri, 12 Dec 2014 15:08:19 +0000 (16:08 +0100)]
h261: Set 'still image mode off' in picture header

Ref H.261 recommendation section 4.2.1.3, setting the still image flag
to 1 disables still image mode. Some decoders require this in order to
decode the bitstream as normal video.

Fixes H.261 calls to Cisco E20.

Also, reserved (aka spare) bits should be set to 1 unless specified
otherwise.

Bug-Id: 872
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
3 years agowebp: Make sure enough bytes are available
Andreas Cadhalpun [Thu, 2 Jul 2015 23:14:51 +0000 (01:14 +0200)]
webp: Make sure enough bytes are available

Every chunk needs at least 8 bytes for chunk_type and chunk_size.
Prevent a possible infinite loop.

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>