* release/0.8: (31 commits)
svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148
vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145
qdm2dec: fix buffer overflow. Fixes NGS00144
h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312
mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655
imgutils: Fix illegal read.
ac3probe: Detect Sonic Foundry Soft Encode AC3 as raw AC3. Our ac3 code chain can handle it fine. More ideal would be to write a demuxer that actually extracts what can be from the additional headers and uses it for whatever it can be used for.
mjpeg: support mpo Fixes stereoscopic_photo.mpo
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
rawdec: use a default sample rate if none is specified. Fixes "ffmpeg -f s16le -i /dev/zero"
rawdec: add check on sample_rate
qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads.
cinepak: check strip_size
wma: Check channel number before init. Fixes Ticket240
Do not try to read 16bit gray png files with alpha channel.
...
Conflicts:
libavcodec/version.h
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes NGS00144
This also adds a few lines of code from master that are needed for this fix.
Thanks to Phillip for suggestions to improve the patch.
Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket312
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 833a195905405fc9646c7544ce9d0f3279608977)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket655
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 50d6f8195658d529c57bb42dfd8d7a71d60a9f1d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with address sanitizer.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit c693aa6f71b4f539cf9df67ba42f4b1932981687)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Our ac3 code chain can handle it fine.
More ideal would be to write a demuxer that actually extracts what can be from the additional
headers and uses it for whatever it can be used for.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 30ca700ba17b9ba46f4648afa30559ad890f0221)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes stereoscopic_photo.mpo
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1d23e5246c67f765dd5d119c9f3197bdae07330c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
Conflicts:
doc/APIchanges
libavcodec/utils.c
libavcodec/version.h
libavformat/avformat.h
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Converting to double before the multiplication rather than after
avoids an integer overflow in some cases.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 52767d891c665ab1124fe4ce82d99b59673de7d2)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
It supports passing options to codecs.
(cherry picked from commit a67c061e0f3b55ffcc96f336fc0998e44b86c8e4)
Conflicts:
libavformat/utils.c
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 1d36fb13b088f55ece155153fb6ca8ea278fc837)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Adds support for decoder-private options and makes setting other options
simpler.
(cherry picked from commit 0b950fe240936fa48fd41204bcfd04f35bbf39c3)
Conflicts:
libavcodec/avcodec.h
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Prevent error condition in case sample_rate is unset or set to a negative
value. In particular, fix divide-by-zero error occurring in ffmpeg due to
sample_rate set to 0 in output_packet(), in code:
ist->next_pts += ((int64_t)AV_TIME_BASE * ist->st->codec->frame_size) /
ist->st->codec->sample_rate;
Fix trac ticket #324.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is neccessary but likely not sufficient to prevent out of array reads.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 14db3af4f26dad8e6ddf2147e96ccc710952ad4d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cea0c82d9b9771dfa2ac729c13c0d9e03ea352a7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket240
Based on patch by ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 20431a9982b9bd2c475042d919890a941ad70c71)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
FFmpeg does not support gray16a.
Fixes the crash in ticket #644.
(cherry picked from commit 0c5fd6372e6c257912d7ae64cbfc4d8541f0452f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 554caed2d397e137286f2cc71c6bac477b41fa96)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3fd0f6ed252e51ffaec7765a2637794366a513ba)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with Address Sanitizer
(cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with Address Sanitizer
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avfilter_draw_slice() is already called in the end_frame() callback,
this avoids multiple calls. This is done by adding a null draw_slice()
callback.
In particular fix crash occurring with -vf transpose=3,hflip, fix trac
issue #371.
(cherry picked from commit d9c23a0d5a56488b146eef17a19a9b47643be333)
avfilter_draw_slice() is already called in the end_frame() callback,
this avoids multiple calls. This is done by adding a null draw_slice()
callback.
In particular fix crash occurring with -vf transpose=3,hflip, fix trac
issue #371.
(cherry picked from commit d9c23a0d5a56488b146eef17a19a9b47643be333)
There were multiple issues, for example might we have to re-run
the decompression when the size of the buffer increased,
we should always use a decompression buffer large enough for
the header (so we do not get stuck when the size is too small).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896)
(cherry picked from commit 0411b1928965050a940155984a16ad82fe462fc1)
There were multiple issues, for example might we have to re-run
the decompression when the size of the buffer increased,
we should always use a decompression buffer large enough for
the header (so we do not get stuck when the size is too small).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896)
Seems to fix trac issue #569.
Sample is unfortunately not available, but it might be caused by
an index existing for non-existing audio stream (?).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f)
Seems to fix trac issue #569.
Sample is unfortunately not available, but it might be caused by
an index existing for non-existing audio stream (?).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f)
* release/0.8: (96 commits)
Version numbers for 0.8.6
snow: emu edge support Fixes Ticket592
imc: validate channel count
imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263)
libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf)
configure: fix arch x86_32
mp3enc: avoid truncating id3v1 tags by one byte
asfdec: Check packet_replic_size earlier
cin audio: validate the channel count
binkaudio: add some buffer overread checks.
atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872)
atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e)
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f)
apedec: set s->currentframeblocks after validating nblocks
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d7486e879926488404b3b79af774f0f2d)
apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313d11b37772c05a28da20fbc112db478)
mpegaudiodec: check output data size based on avctx->frame_size
resample: Fix array size
resample2: fix potential overflow
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket592
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4416931fc069332e267ab6df037a1227c051d7b1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
ask for a sample if not mono
(cherry picked from commit 7b7f47e73356d113cace74b922eee0b6ff5ffe0b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 078811d9e484892e3ad49819148fe6ae65a1954b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Avoid writing the trailing null-byte for id3v1 tags if length reaches max length.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0f39fa0279e12c7a174d1da9294bffd95cb15c4c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 60fcc19bff49e0b1972eae014afc087afd94a415)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This stops decoding before overreads instead of after.
(cherry picked from commit 101ef19ef4dc9f5c3d536aee8fcc10fff2af4d9e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
