* release/0.8: (96 commits)
Version numbers for 0.8.6
snow: emu edge support Fixes Ticket592
imc: validate channel count
imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263)
libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf)
configure: fix arch x86_32
mp3enc: avoid truncating id3v1 tags by one byte
asfdec: Check packet_replic_size earlier
cin audio: validate the channel count
binkaudio: add some buffer overread checks.
atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872)
atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e)
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f)
apedec: set s->currentframeblocks after validating nblocks
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d7486e879926488404b3b79af774f0f2d)
apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313d11b37772c05a28da20fbc112db478)
mpegaudiodec: check output data size based on avctx->frame_size
resample: Fix array size
resample2: fix potential overflow
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Avoid writing the trailing null-byte for id3v1 tags if length reaches max length.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0f39fa0279e12c7a174d1da9294bffd95cb15c4c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 60fcc19bff49e0b1972eae014afc087afd94a415)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It prevents leaving the AVPacket uninitialized.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bc38e83793be5f7a184c88be55e556453a25224b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 49ec0c818dc3c1c293a582b57fb58ba611a10b32)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 723229c11f1400e6a09c8a1c9c27193f376eb1d1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This allows skipping past unsupported RTCP packet types, as
RFC 3550 section 6.1 mandates.
Currently this only has any practical effect if a sender puts
an unrecognized type before RTCP_BYE in a compounded packet, or
(incorrectly) does not put RTCP_SR first.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 07b77fe3871f86b87e35876d38f1969da5ece4b2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
We actually read 20 bytes of these packets.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5d6ecf5345c0913e2b66427ea062e7989201a139)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e3123856c79c36507772ada1bcda6cfe36a1e297)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit a31e9f68a426f634e002282885c6c2eb1bfbea44)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* release/0.8: (185 commits)
h264: fix intra 16x16 mode check when using mbaff and constrained_intra_pred.
h264: check for invalid bit depth value.
h264: add entries for 11 and 12 bits in ff_h264_chroma_qp[][]
h264: fix the check for invalid SPS:num_ref_frames.
h264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reordering() errors.
Reject video with non multiple of 16 width/height in the 4xm decoder.
4xm decoder: fix data size for i2 frames.
4xm decoder: print some error messages in case of errors.
Check for out of bound accesses in the 4xm decoder.
Prevent block size from inreasing in the shorten decoder.
Check for out of bound reads in PTX decoder.
Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffers used in 4xm decoder.
Fix the check for missing references in ff_er_frame_end() for H264.
Prevent NULL dereference when the huffman table is invalid in the 4xm decoder.
Fix use of uninitialized memory in 4X Technologies demuxer.
h264: increase ref_poc size to 32 as it can be per field.
h264: set unused ref_counts to 0 as a precautionary meassure.
Remove Chnagelog it has nothing to do with reality
fate: fix motion pixels checksum change caused by backported bugfix
avienc: Add a limit on the number of skiped frames muxed in a row.
...
Conflicts:
Doxyfile
RELEASE
VERSION
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7: (73 commits)
Update Changelog for 0.7.2 release
Update RELEASE file for 0.7.2
lavf: do not set codec_tag for rawvideo
fate: allow testing with libavfilter disabled
fate: separate lavf-mxf_d10 test from lavf-mxf
Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.
movenc: fix NULL reference in mov_write_tkhd_tag
movenc: create an alternate group for each media type
flvdec: Check for overflow before allocating arrays
ppc: fix some pointer to integer casts
ppc: fix 32-bit PIC build
rv34: Check for invalid slice offsets
rv34: Fix potential overreads
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
oggdec: fix out of bound write in the ogg demuxer
Fixed size given to init_get_bits().
smacker: fix a few off by 1 errors
Check for invalid VLC value in smacker decoder.
...
Conflicts:
RELEASE
libavcodec/avs.c
libavcodec/ppc/asm.S
libavcodec/rv34.c
libavcodec/xan.c
libavdevice/alsa-audio.h
libavformat/flvdec.c
libavformat/gxf.c
libavformat/utils.c
libswscale/x86/swscale_template.c
tests/ref/lavf/mov
tests/ref/lavf/mxf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
On OS X, av_malloc(0) returns pointers that cause crashes when
freed.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e81e5e8ad2bb5746df0c343c396019aca165cf66)
Extradata should only be parsed from the avss, fiel, jp2h and alac atoms for
AVS, MJPEG, Motion JPEG 2000 and ALAC respectively.
This also fixes the mov demuxer coming up with bogus extradata for some
AVC-Intra samples due to the presence of fiel atoms.
(cherry picked from commit e571305a71494af195891e314b05936f040f89d3)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 194c2432eecd97c36914956f3bf7781ac4fc6f3d)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit af84d9bb9e8a69a715fc7596d6cbaa00ad00dc29)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 247a1dc84716cb033b538a5bd5ba8b33de0e8260)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e47cfe9e5c10eee3c8d0b6aff81792c0f10e66e1)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 71e23d39a396f45bbdf258735b02a4bd5e25fd49)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0cc44facf17153454727c26f2f40ee2f77b90df5)
The score of 50 can probably be raised if needed
Fixes Ticket490
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3f7dc480c1bf6abf4ac0f633a0c7e63d8eb29a55)
If the demuxer did not set a codec_tag, there is none and
inventing one makes no sense. This change stops the rawvideo
"decoder" over-writing user-supplied pixfmt with one derived
from the codec_tag. The pixfmt-codec_tag-pixfmt round-trip
is lossy since several pixfmts map to the same codec_tag.
This fixes fate-lavf-pixfmt with avfilter disabled.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit bb416bd68ca46b4a3f1901533064d56a6b8ac95e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)
Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77d2ef13a8fa630e5081f14bde3fd20f84c90aec)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
st may be NULL when there are more mov streams than AVStreams, e.g. when
chapters are present.
(cherry picked from commit c92a2a4eb8b883e82871c2415f757153d263b6b3)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
On allocation, the array length is multiplied by sizeof(int64_t),
this prevents the multiplication from overflowing.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a246cefa75aed2ade315d6d09068aacb6b0fe76b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: David Goldwich <david.goldwich@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 63d64228a7f31d534e3bcae87cbd37f4a0ae2dd6)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
init_get_bits() takes a number of bits and not a number of bytes as
its size argument.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit b59efc94347ccf0cbc2ff14a5a9e99819c5bdc4d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
