* release/0.8: (154 commits)
vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
Check for huffman tree building error in vp6 decoder.
Release old pictures after a resolution change in vp5/6 decoder
Check for missing reference in vp5/6 decoder.
Check for invalid slices offsets in RV30/40 decoder.
Check output buffer size in nellymoser decoder.
Hack around gcc 4.6 breaking asm using call.
Fix dxva2 decoding for some H264 samples.
mp3demux: pass on error code on packet read.
Check for invalid slice offsets in real decoder.
rmdec: Reject invalid deinterleaving parameters
Use deinterleavers for demangling audio packets in RealMedia.
rv10: Reject slices that does not have the same type as the first one
rmdec: use the deinterleaving mode and not the codec when creating audio packets.
MAINTAINERS: add my GPG fingerprint. (cherry picked from commit 7882dc10f871bf25a848fe62a152f63814f9c7d1)
Support 3IVD in isom, produced by 3ivx DivX Doctor.
mpegpsdec: fix reading first mpegps packet (cherry picked from commit b2f230e23dd61112ac090b0c059d87b5f6bcb307)
Avoid NULL dereference on corrupted bitstream with real decoder.
Reject slices that does not have the same type than the first one in RV10/RV20 decoder.
check all svq3_get_ue_golomb() returns.
...
Conflicts:
Doxyfile
RELEASE
VERSION
libavcodec/rv34.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* khirnov/release/0.7: (64 commits)
rv34: Check for invalid slice offsets
rv34: Fix potential overreads
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
oggdec: fix out of bound write in the ogg demuxer
Fixed size given to init_get_bits().
smacker: fix a few off by 1 errors
Check for invalid VLC value in smacker decoder.
Check and propagate errors when VLC trees cannot be built in smacker decoder.
Fixed off by one packet size allocation in the smacker demuxer.
Check for invalid packet size in the smacker demuxer.
ape demuxer: fix segfault on memory allocation failure.
xan: Add some buffer checks (cherry picked from commit 0872bb23b4bd2d94a8ba91070f706d1bc1c3ced8)
Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6aaaf8c2dda4eb5d676974c349fae85)
smacker demuxer: handle possible av_realloc() failure.
Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9b97c4cc3684ba91a040e90bfc760d2)
indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055)
indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd479111db9cb7649d7530ad59f04cc8)
...
Conflicts:
ffmpeg.c
libavdevice/alsa-audio.h
libavformat/gxf.c
libswscale/x86/swscale_template.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Unlike other containers RealMedia stores its audio packets in scrambled form,
with interleaver ID preceeding audio codec ID. Currently deinterleaving
decision is tied to the codec while it's possible to have non-default
deinterleaver with audio codec (like Int0 deinterleaver instead of specific
one for Sipro).
Signed-off-by: Anton Khirnov <anton@khirnov.net>
It prevents crashes due to non initialized fields.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 3e033da84782e12ed529e6a88dd53b6a72199e8e)
The fields "Number of Bytes" and "Number of Frames" are mixed up. "Bytes"
come first, "Frames" behind.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d305c9398c043f9ae3bbc6d64a3e1dc468c1e63)
The move of avio_seek in avi_read_seek is to avoiding modifying
state if the seek would fail.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f9e083a156f19094cb6fcd134c1ca4ca899a1a6d)
This reduces problems when underlying protocol is not
seekable even if marked as such or if the file has been
cut short.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ac1d489320f476c18d6a8125f73389aecb73f3d3)
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bc851a2946c64eefb96145b70e2190ff7d5a4827)
init_get_bits() takes a number of bits and not a number of bytes as
its size argument.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e5e0580b93a5bda34f62a5df50c1b15e610d4ad1)
If there is only 1 stream in an flv avformat_find_stream_info will continually
read until probesize is reached. This should stop it reading if the metadata
also claims there to be 1 stream.
(cherry picked from commit bcc531f04a0590732d42da133c11c138e8d08b59)
currently libavformat only allows seeking if a request with "Range:
0-" results in a 206 reply from the HTTP server which includes a
Content-Range header. But according to RFC 2616, the server may also
reply with a normal 200 reply (which is more efficient for a request
for the whole file). In fact Apache HTTPD 2.2.20 has changed the
behaviour in this way and it looks like this change will be kept in
future versions. The fix for libavformat is easy: Also look at the
Accept-Ranges header.
(cherry picked from commit 31dfc4959816aa4637e50c7f79660c75205ef84c)
Signed-off-by: David Goldwich <david.goldwich@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 63d64228a7f31d534e3bcae87cbd37f4a0ae2dd6)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
init_get_bits() takes a number of bits and not a number of bytes as
its size argument.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit b59efc94347ccf0cbc2ff14a5a9e99819c5bdc4d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 47a8589f7bc69d1a29da1dfdfbd0dfa78a9e31fd)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Metadata currently is written only at the start of the file in normal
cases, when transcoding from a rtmp source metadata could be
written later and the offset recorded can exceed 32bit.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7f5bf4fbaf1f2142547321a16358f9871fabdcc6)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents out of bounds reads when extradata is being decoded.
(cherry picked from commit 1f6f58d5855288492fc2640a9f1035c01c75d356)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
According to MPEG-TS specs, the continuity_counter shall not be
incremented when the adaptation_field_control of the packet
equals '00' or '10'.
Signed-off-by: Jindrich Makovicka <jindrich.makovicka@nangu.tv>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 8923cfa328e8eb565aebcfe8672b276fd1c19bf7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Set DV packet durations using fields_per_frame.
This requires turning gxf_stream_info into the demuxer's context for access to the value in gxf_packet().
Since MPEG-2 seems to work fine this done only for DV.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 99fecc64b064a013559d3d61f7d9790e3c95c80e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Parse the extension flag bit when reading the MPEG4 AudioSpecificConfig.
This has nothing to do with SBR/PS contradictory to what was noted when it was removed.
(cherry picked from commit 7f01a4192cdf4565eadee457f76e6b5196e35e0b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 4d5e7ab5c48451404038706ef3113c9925a83087)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Based on a suggestion by Ronald S. Bultje
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a2b66a366d7d9d7dacc217601b5e4406624f91ea)
Based on a suggestion by Ronald S. Bultje
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a2b66a366d7d9d7dacc217601b5e4406624f91ea)
* release/0.8: (21 commits)
rtp: Fix integer underflow that could allow remote code execution.
cavsdec: avoid possible crash with crafted input
vf_scale: apply the same transform to the aspect during init that is applied per frame
Fix memory corruption in case of memory allocation failure in av_probe_input_buffer()
Make all option parsing functions match the function pointer type through which they are called.
mjpegdec; even better RSTn skiping Fixes Ticket426
jpegdec: better rst skiping Fixes Ticket426
mpeg4: fix another packed divx issue. Fixes getting_stuck.avi
mpeg4: adjust dummy frame threashold for packed divx. Fixes Ticket427
configure: add missing CFLAGS to fix building on the HURD
cavs: fix some crashes with invalid bitstreams
jpegdec: actually search for and parse RSTn
Fix compilation with --disable-avfilter. (cherry picked from commit 67a8251690a17f05630eb6f45a73db0f0e806c72)
libavfilter: fix --enable-small
0.8.2
cavs: fix oCERT #2011-002 FFmpeg/libavcodec insufficient boundary check
Fix possible crash when decoding mpeg streams.
Bink: clip AC coefficients during dequantization.
ffmpeg: fix passlogfile regression
Fix several security issues in matroskadec.c (MSVR-11-0080).
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes MSVR-11-0088
Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba9a7e0d71bd34f8b89ae99322b62a310be163a6)
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)
* release/0.8: (82 commits)
Fix version numbers
rtp: disable udp fifos, the rtp code cannot work with the fifos in its current form as rtp bypasses the public API.
udp: allow fifo size to be tuned seperately
riff: Add mpgv MPEG-2 fourcc
Update Changelog
matroskadec: fix integer underflow if header length < probe length.
ffmpeg: fix operation with --disable-avfilter
vf_libopencv: replace opencv/cxtypes.h #include by opencv/cxcore.h
build: Create mlib optimization directories during out-of-tree builds.
changelog: misc typo and wording fixes (cherry picked from commit b047941d7da470ba0dcedb1fd0aa828075265ffc)
doc: Remove outdated comments about gcc 2.95 and gcc 3.3 support. (cherry picked from commit 5ccbf80963c1cc54aed97b1c81b1657ab91baf6a)
matroskadec: matroska_read_seek after after EBML_STOP leads to failure.
Update RELEASE file
update Changelog
mt: proper locking around release_buffer calls.
vp8/mt: flush worker thread, not application thread context, on seek.
docs: Mention the upstream bugzilla url about the dlltool vs MSVC issue
docs: Use proper markup for a literal command line option
docs: Don't recommend adding --enable-memalign-hack
docs: Remove needless configure options
...
Conflicts:
VERSION
libavcodec/opt.h
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
