Since decode_slice_header() returns before the reference lists are
constructed, there are zero valid references.
CC:libav-stable@libav.org
(cherry picked from commit 668e16a0dd)
Conflicts:
libavcodec/h264.c
The callers of this function can't report errors sanely. If this
one malloc fails, don't write the extradata byte, make sure we
try to malloc it the next time we're called instead, and make sure
we still consume the input data byte.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c5a738ca4e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This header byte is only present when actually reading a VP6 frame,
not when reading the codec type field in the metadata. This
potential bug has been present since 5b54a90c.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c91c63b538)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.
Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b)
Two instances of non-ascii characters have crept into file
doc/filters.texi which causes pod2man to error out and
break the build.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The specification does not prevent an encoder to write the amplitude 0
as 0 amplitude_bits.
Our get_bits() implementation might not support a zero sized read
properly, thus the additional branch.
(cherry picked from commit 23bd9ef4b2)
Conflicts:
libavcodec/vorbisdec.c
Rate and order must not be 0 even if the specification does not say that
explicitly.
(cherry picked from commit 5b47c19bfd)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Damaged frames can lead to a mismatch, which can cause a segfault
due to using an incorrect channel mapping.
CC:libav-stable@libav.org
(cherry picked from commit d7c450436f)
Conflicts:
libavcodec/ac3dec.c
* qatar/release/9:
doc: developer: Allow tabs in the vim configuration for Automake files
doc: filters: Correct BNF FILTER description
Prepare for 9.3 Release
update Changelog
cavs: initialize various context tables to 0
4xm: check the return value of read_huffman_tables().
qtrle: add more checks against pixel_ptr being negative.
mlpdec: do not try to allocate a zero-sized output buffer.
av_memcpy_backptr: avoid an infinite loop for back = 0
flicvideo: avoid an infinite loop in byte run compression
lagarith: avoid infinite loop in lag_rac_refill()
mov: use the format context for logging.
loco: check that there is data left after decoding a plane.
update Changelog
x86: h264: Don't use redzone in AVX h264_deblock on Win64
Conflicts:
Changelog
RELEASE
libavcodec/4xm.c
libavcodec/loco.c
libavcodec/qtrle.c
libavutil/mem.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Write the packet unaltered if found.
Fixes ticket #1917
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b454c64e03)
While we do not use Automake in libav, this allows our config to be
used more globally without introducing unwanted breakage.
(cherry picked from commit 040c565e51)
Conflicts:
doc/developer.texi
Fixes out of array access
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bdeb61ccc6)
Conflicts:
libavcodec/h264_ps.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8a6449167a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes crashes in chromium on win64 on machines with AVX
(crashes that apparently aren't triggered by fate).
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 311443f6c7)
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/release/9:
doc: Fix some obsolete references to av* tools as ff* tools
vqavideo: check chunk sizes before reading chunks
roqvideodec: check dimensions validity
qdm2: check array index before use, fix out of array accesses
mpegvideo: Do REBASE_PICTURE with byte pointers
Conflicts:
libavcodec/qdm2.c
libavcodec/roqvideodec.c
libavcodec/vqavideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
REBASE_PICTURE (more specifically, this half of it) takes a Picture
pointer that points into one larger struct, finds the offset of
that Picture within the struct and finds the corresponding field
within another instance of a similar struct.
The pointer difference "pic - (Picture*)old_ctx" is a value given
in sizeof(Picture) units, and when applied back on
(Picture*)new_ctx gets multiplied back with sizeof(Picture). Many
compilers seem to optimize out this division/multiplication, but
not all do.
GCC 4.2 on OS X doesn't seem to remove the division/multiplication,
therefore the new pointer didn't turn out to point to exactly
the right place in the new struct since it only had sizeof(Picture)
granularity (and the Picture is not aligned on a sizeof(Picture)
boundary within the encompassing struct). This bug has been present
before 47318953d as well - with H264, pointers to h->ref_list[0][0]
pointed to 88 bytes before h->ref_list[0][0] after the rebase. After
shrinking Picture, the difference ended up even larger, making
writes via such a Picture pointer overwrite other fields at random
in H264Context, ending up in crashes later.
This fixes H264 multithreaded decoding on OS X with GCC 4.2.
Fixes Bug: #439
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a65f965c04)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
