Merge branch 'release/0.8' into release/0.7

* release/0.8:
  cook: check js_subband_start for validity
  avcodec_align_dimensions2: Ensure cinepak has large enough buffers.
  Update for 0.8.14
  qdm2: increase noise_table size
  wma: check byte_offset_bits
  tiff: check bppcount
  vqavideo: fix return type

Conflicts:
	Doxyfile
	RELEASE
	VERSION

Merged-by: Michael Niedermayer <michaelni@gmx.at>

libavcodec/cook.c

@@ -1086,6 +1086,11 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
         if (extradata_size >= 8){
             bytestream_get_be32(&edata_ptr);    //Unknown unused
             q->subpacket[s].js_subband_start = bytestream_get_be16(&edata_ptr);
+            if (q->subpacket[s].js_subband_start >= 51) {
+                av_log(avctx, AV_LOG_ERROR, "js_subband_start %d is too large\n", q->subpacket[s].js_subband_start);
+                return AVERROR_INVALIDDATA;
+            }
+
             q->subpacket[s].js_vlc_bits = bytestream_get_be16(&edata_ptr);
             extradata_size -= 8;
         }

libavcodec/qdm2_tablegen.h

@@ -37,7 +37,7 @@
 #include "libavcodec/qdm2_tables.h"
 #else
 static uint16_t softclip_table[HARDCLIP_THRESHOLD - SOFTCLIP_THRESHOLD + 1];
-static float noise_table[4096];
+static float noise_table[4096 + 20];
 static uint8_t random_dequant_index[256][5];
 static uint8_t random_dequant_type24[128][3];
 static float noise_samples[128];

libavcodec/tiff.c

@@ -360,6 +360,11 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t *start, const uint8_t *
                    "Samples per pixel requires a single value, many provided\n");
             return AVERROR_INVALIDDATA;
         }
+        if (value > 4U) {
+            av_log(s->avctx, AV_LOG_ERROR,
+                   "Samples per pixel %d is too large\n", value);
+            return AVERROR_INVALIDDATA;
+        }
         if (s->bppcount == 1)
             s->bpp *= value;
         s->bppcount = value;

libavcodec/utils.c

@@ -177,9 +177,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int l
     case PIX_FMT_PAL8:
     case PIX_FMT_BGR8:
     case PIX_FMT_RGB8:
-        if(s->codec_id == CODEC_ID_SMC){
-            w_align=4;
-            h_align=4;
+        if (s->codec_id == CODEC_ID_SMC ||
+            s->codec_id == CODEC_ID_CINEPAK) {
+            w_align = 4;
+            h_align = 4;
         }
         break;
     case PIX_FMT_BGR24:
@@ -188,6 +189,12 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height, int l
             h_align=4;
         }
         break;
+    case PIX_FMT_RGB24:
+        if (s->codec_id == CODEC_ID_CINEPAK) {
+            w_align = 4;
+            h_align = 4;
+        }
+        break;
     default:
         w_align= 1;
         h_align= 1;

libavcodec/vqavideo.c

@@ -529,7 +529,7 @@ static void vqa_decode_chunk(VqaContext *s)
 
         if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) {
             av_log(s->avctx, AV_LOG_ERROR, "cbp0 chunk too large (0x%X bytes)\n", chunk_size);
-            return AVERROR_INVALIDDATA;
+            return;
         }
 
         /* accumulate partial codebook */
@@ -557,7 +557,7 @@ static void vqa_decode_chunk(VqaContext *s)
 
         if (chunk_size > MAX_CODEBOOK_SIZE - s->next_codebook_buffer_index) {
             av_log(s->avctx, AV_LOG_ERROR, "cbpz chunk too large (0x%X bytes)\n", chunk_size);
-            return AVERROR_INVALIDDATA;
+            return;
         }
 
         /* accumulate partial codebook */

libavcodec/wma.c

@@ -177,6 +177,10 @@ int ff_wma_init(AVCodecContext *avctx, int flags2)
 
     bps = (float)s->bit_rate / (float)(s->nb_channels * s->sample_rate);
     s->byte_offset_bits = av_log2((int)(bps * s->frame_len / 8.0 + 0.5)) + 2;
+    if (s->byte_offset_bits + 3 > MIN_CACHE_BITS) {
+        av_log(avctx, AV_LOG_ERROR, "byte_offset_bits %d is too large\n", s->byte_offset_bits);
+        return AVERROR_PATCHWELCOME;
+    }
 
     /* compute high frequency value and choose if noise coding should
        be activated */