FFmpeg 0.8.15 release
* tag 'n0.8.15': (49 commits)
update for 0.8.15
avcodec/ffv1enc: update buffer check for 16bps
avcodec/dsputil: fix signedness in sizeof() comparissions
avcodec/pngdsp: fix (un)signed type in end comparission
matroska_read_seek: Fix used streams for subtitle index compensation
jpeg2000: check log2_cblk dimensions
avcodec/rpza: Perform pointer advance and checks before using the pointers
update all trac links to use the trac subdomain
doc/APIchanges: List merge commit hashes and version numbers
apichanges: fix 2 wrong hashes
avcodec/parser: reset indexes on realloc failure
mpeg12dec: avoid reinitialization on PS changes when possible.
mpegts: only reopen pmt_cb filter if its different from the previous.
Autodetect idcin only if audio properties allow decoding.
alacenc: Fix missing sign_extend()
h264_cavlc: fix reading skip run
Update changelog for 0.7.8 release
aac: check the maximum number of channels
oggdec: fix faulty cleanup prototype
qdm2: check that the FFT size is a power of 2
...
Conflicts:
Doxyfile
RELEASE
VERSION
libavformat/matroskadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
Update changelog for 0.7.8 release
aac: check the maximum number of channels
oggdec: fix faulty cleanup prototype
qdm2: check that the FFT size is a power of 2
rv10: check that extradata is large enough
lavf: make sure stream probe data gets freed.
dfa: check for invalid access in decode_wdlt().
avfiltergraph: check for sws opts being non-NULL before using them.
Conflicts:
Changelog
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The values compared here can be more than INT64_MAX apart. Since the
difference is always positive, converting to uint64_t before subtracting
gives the correct result without overflows.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 91ac403b13)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* release/0.8: (92 commits)
Update for 0.8.13
pngdec/filter: dont access out of array elements at the end
aacdec: check channel count
vqavideo: check chunk sizes before reading chunks
eamad: fix out of array accesses
roqvideodec: check dimensions validity
qdm2: check array index before use, fix out of array accesses
alsdec: check block length
huffyuvdec: Skip len==0 cases
huffyuvdec: Check init_vlc() return codes.
Update changelog for 0.7.7 release
mpeg12: do not decode extradata more than once.
indeo4/5: check empty tile size in decode_mb_info().
dfa: improve boundary checks in decode_dds1()
indeo5dec: Make sure we have had a valid gop header.
rv34: error out on size changes with frame threading
rtmp: fix buffer overflows in ff_amf_tag_contents()
rtmp: fix multiple broken overflow checks
Revert "h264: allow cropping to AVCodecContext.width/height"
h264: check ref_count validity for num_ref_idx_active_override_flag
...
Conflicts:
Doxyfile
RELEASE
VERSION
libavcodec/rv34.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
h264: check ref_count validity for num_ref_idx_active_override_flag
h264: check context state before decoding slice data partitions
oggdec: free the ogg streams on read_header failure
oggdec: check memory allocation
Fix uninitialized reads on malformed ogg files.
rtsp: Recheck the reordering queue if getting a new packet
alacdec: do not be too strict about the extradata size
h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
h264: check sps.log2_max_frame_num for validity
ppc: always use pic for shared libraries
h264: enable low delay only if no delayed frames were seen
lavf: avoid integer overflow in ff_compute_frame_duration()
Conflicts:
libavformat/oggdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Scaling the denominator instead of the numerator if it is too large
loses precision. Fixes an assert caused by a negative frame duration in
the fuzzed sample nasa-8s2.ts_s202310.
CC: libav-stable@libav.org
(cherry picked from commit 7709ce029a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* qatar/release/0.7:
vorbis: Validate that the floor 1 X values contain no duplicates.
vorbisenc: check all allocations for failure
lavfi: avfilter_merge_formats: handle case where inputs are same
alsdec: check opt_order.
lavf: don't segfault when a NULL filename is passed to avformat_open_input()
mpegvideo: Don't use ff_mspel_motion() for vc1
imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
nuv: check RTjpeg header for validity
vc1dec: add flush function for WMV9 and VC-1 decoders
ffmpeg: fix -force_key_frames
mov: set AVCodecContext.width/height for h264
h264: allow cropping to AVCodecContext.width/height
Conflicts:
libavcodec/mpegvideo_common.h
libavcodec/nuv.c
libavcodec/vorbisenc.c
libavfilter/formats.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This can easily happen when the caller is using a custom AVIOContext.
Behave as if the filename was an empty string in this case.
CC: libav-stable@libav.org
(cherry picked from commit a5db8e4a1a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7124fa5d36)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit a31e9f68a4)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
On OS X, av_malloc(0) returns pointers that cause crashes when
freed.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e81e5e8ad2)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* release/0.8: (31 commits)
svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148
vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145
qdm2dec: fix buffer overflow. Fixes NGS00144
h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312
mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655
imgutils: Fix illegal read.
ac3probe: Detect Sonic Foundry Soft Encode AC3 as raw AC3. Our ac3 code chain can handle it fine. More ideal would be to write a demuxer that actually extracts what can be from the additional headers and uses it for whatever it can be used for.
mjpeg: support mpo Fixes stereoscopic_photo.mpo
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
rawdec: use a default sample rate if none is specified. Fixes "ffmpeg -f s16le -i /dev/zero"
rawdec: add check on sample_rate
qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads.
cinepak: check strip_size
wma: Check channel number before init. Fixes Ticket240
Do not try to read 16bit gray png files with alpha channel.
...
Conflicts:
libavcodec/version.h
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
Conflicts:
doc/APIchanges
libavcodec/utils.c
libavcodec/version.h
libavformat/avformat.h
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Converting to double before the multiplication rather than after
avoids an integer overflow in some cases.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 52767d891c)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
It supports passing options to codecs.
(cherry picked from commit a67c061e0f)
Conflicts:
libavformat/utils.c
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* release/0.8: (96 commits)
Version numbers for 0.8.6
snow: emu edge support Fixes Ticket592
imc: validate channel count
imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d67)
libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b130)
configure: fix arch x86_32
mp3enc: avoid truncating id3v1 tags by one byte
asfdec: Check packet_replic_size earlier
cin audio: validate the channel count
binkaudio: add some buffer overread checks.
atrac1: validate number of channels (cherry picked from commit bff5b2c1ca)
atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12)
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e4)
apedec: set s->currentframeblocks after validating nblocks
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d74)
apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313)
mpegaudiodec: check output data size based on avctx->frame_size
resample: Fix array size
resample2: fix potential overflow
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit a31e9f68a4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* release/0.8: (185 commits)
h264: fix intra 16x16 mode check when using mbaff and constrained_intra_pred.
h264: check for invalid bit depth value.
h264: add entries for 11 and 12 bits in ff_h264_chroma_qp[][]
h264: fix the check for invalid SPS:num_ref_frames.
h264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reordering() errors.
Reject video with non multiple of 16 width/height in the 4xm decoder.
4xm decoder: fix data size for i2 frames.
4xm decoder: print some error messages in case of errors.
Check for out of bound accesses in the 4xm decoder.
Prevent block size from inreasing in the shorten decoder.
Check for out of bound reads in PTX decoder.
Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffers used in 4xm decoder.
Fix the check for missing references in ff_er_frame_end() for H264.
Prevent NULL dereference when the huffman table is invalid in the 4xm decoder.
Fix use of uninitialized memory in 4X Technologies demuxer.
h264: increase ref_poc size to 32 as it can be per field.
h264: set unused ref_counts to 0 as a precautionary meassure.
Remove Chnagelog it has nothing to do with reality
fate: fix motion pixels checksum change caused by backported bugfix
avienc: Add a limit on the number of skiped frames muxed in a row.
...
Conflicts:
Doxyfile
RELEASE
VERSION
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
On OS X, av_malloc(0) returns pointers that cause crashes when
freed.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e81e5e8ad2)
If the demuxer did not set a codec_tag, there is none and
inventing one makes no sense. This change stops the rawvideo
"decoder" over-writing user-supplied pixfmt with one derived
from the codec_tag. The pixfmt-codec_tag-pixfmt round-trip
is lossy since several pixfmts map to the same codec_tag.
This fixes fate-lavf-pixfmt with avfilter disabled.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit bb416bd68c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* release/0.8: (154 commits)
vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
Check for huffman tree building error in vp6 decoder.
Release old pictures after a resolution change in vp5/6 decoder
Check for missing reference in vp5/6 decoder.
Check for invalid slices offsets in RV30/40 decoder.
Check output buffer size in nellymoser decoder.
Hack around gcc 4.6 breaking asm using call.
Fix dxva2 decoding for some H264 samples.
mp3demux: pass on error code on packet read.
Check for invalid slice offsets in real decoder.
rmdec: Reject invalid deinterleaving parameters
Use deinterleavers for demangling audio packets in RealMedia.
rv10: Reject slices that does not have the same type as the first one
rmdec: use the deinterleaving mode and not the codec when creating audio packets.
MAINTAINERS: add my GPG fingerprint. (cherry picked from commit 7882dc10f8)
Support 3IVD in isom, produced by 3ivx DivX Doctor.
mpegpsdec: fix reading first mpegps packet (cherry picked from commit b2f230e23d)
Avoid NULL dereference on corrupted bitstream with real decoder.
Reject slices that does not have the same type than the first one in RV10/RV20 decoder.
check all svq3_get_ue_golomb() returns.
...
Conflicts:
Doxyfile
RELEASE
VERSION
libavcodec/rv34.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* khirnov/release/0.7: (64 commits)
rv34: Check for invalid slice offsets
rv34: Fix potential overreads
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
oggdec: fix out of bound write in the ogg demuxer
Fixed size given to init_get_bits().
smacker: fix a few off by 1 errors
Check for invalid VLC value in smacker decoder.
Check and propagate errors when VLC trees cannot be built in smacker decoder.
Fixed off by one packet size allocation in the smacker demuxer.
Check for invalid packet size in the smacker demuxer.
ape demuxer: fix segfault on memory allocation failure.
xan: Add some buffer checks (cherry picked from commit 0872bb23b4)
Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6)
smacker demuxer: handle possible av_realloc() failure.
Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9)
indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c)
indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd)
...
Conflicts:
ffmpeg.c
libavdevice/alsa-audio.h
libavformat/gxf.c
libswscale/x86/swscale_template.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* release/0.8: (21 commits)
rtp: Fix integer underflow that could allow remote code execution.
cavsdec: avoid possible crash with crafted input
vf_scale: apply the same transform to the aspect during init that is applied per frame
Fix memory corruption in case of memory allocation failure in av_probe_input_buffer()
Make all option parsing functions match the function pointer type through which they are called.
mjpegdec; even better RSTn skiping Fixes Ticket426
jpegdec: better rst skiping Fixes Ticket426
mpeg4: fix another packed divx issue. Fixes getting_stuck.avi
mpeg4: adjust dummy frame threashold for packed divx. Fixes Ticket427
configure: add missing CFLAGS to fix building on the HURD
cavs: fix some crashes with invalid bitstreams
jpegdec: actually search for and parse RSTn
Fix compilation with --disable-avfilter. (cherry picked from commit 67a8251690)
libavfilter: fix --enable-small
0.8.2
cavs: fix oCERT #2011-002 FFmpeg/libavcodec insufficient boundary check
Fix possible crash when decoding mpeg streams.
Bink: clip AC coefficients during dequantization.
ffmpeg: fix passlogfile regression
Fix several security issues in matroskadec.c (MSVR-11-0080).
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* release/0.8: (82 commits)
Fix version numbers
rtp: disable udp fifos, the rtp code cannot work with the fifos in its current form as rtp bypasses the public API.
udp: allow fifo size to be tuned seperately
riff: Add mpgv MPEG-2 fourcc
Update Changelog
matroskadec: fix integer underflow if header length < probe length.
ffmpeg: fix operation with --disable-avfilter
vf_libopencv: replace opencv/cxtypes.h #include by opencv/cxcore.h
build: Create mlib optimization directories during out-of-tree builds.
changelog: misc typo and wording fixes (cherry picked from commit b047941d7d)
doc: Remove outdated comments about gcc 2.95 and gcc 3.3 support. (cherry picked from commit 5ccbf80963)
matroskadec: matroska_read_seek after after EBML_STOP leads to failure.
Update RELEASE file
update Changelog
mt: proper locking around release_buffer calls.
vp8/mt: flush worker thread, not application thread context, on seek.
docs: Mention the upstream bugzilla url about the dlltool vs MSVC issue
docs: Use proper markup for a literal command line option
docs: Don't recommend adding --enable-memalign-hack
docs: Remove needless configure options
...
Conflicts:
VERSION
libavcodec/opt.h
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Code would allocate a new context but forget to assign it
to the pointer actually passed to avformat_open_input,
potentially causing a crash.
Even if it was initialized it would cause a memleak.
This caused crashes with e.g. mpd, see also
http://bugs.gentoo.org/show_bug.cgi?id=373423
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 4e59c8ecf1)
Code would allocate a new context but forget to assign it
to the pointer actually passed to avformat_open_input,
potentially causing a crash.
Even if it was initialized it would cause a memleak.
This caused crashes with e.g. mpd, see also
http://bugs.gentoo.org/show_bug.cgi?id=373423
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
av_open_input_stream used to allow this, even though it makes no sense.
Make it just print a warning instead of failing, thus restoring
compatibility.
Note that avformat_open_input() will still reject this combination.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 4f731c4429)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
When providing a custom AVIOContex for a AVFMT_NOFILE format
only print a warning instead of erroring out.
This allows the code to work with older MPlayer versions that
just always set pb out of laziness.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* master: (109 commits)
libx264: fix open gop default. Please use -x264opts to force open gop This fixes Ticket268
avfilter picture pool: double free hotfix
mpegaudio_parser: be less picky on the start position
ppc32: Fix movrel
Replace usages of av_get_bits_per_sample_fmt() with av_get_bytes_per_sample().
x86: cabac: fix register constraints for 32-bit mode
cabac: move x86 asm to libavcodec/x86/cabac.h
x86: h264: cast pointers to intptr_t rather than int
x86: h264: remove hardcoded edi in decode_significance_8x8_x86()
x86: h264: remove hardcoded esi in decode_significance[_8x8]_x86()
x86: h264: remove hardcoded edx in decode_significance[_8x8]_x86()
x86: h264: remove hardcoded eax in decode_significance[_8x8]_x86()
x86: cabac: change 'a' constraint to 'r' in get_cabac_inline()
x86: cabac: remove hardcoded esi in get_cabac_inline()
x86: cabac: remove hardcoded edx in get_cabac_inline()
x86: cabac: remove unused macro parameter
x86: cabac: remove hardcoded ebx in inline asm
x86: cabac: remove hardcoded struct offsets from inline asm
cabac: remove inline asm under #if 0
cabac: remove BRANCHLESS_CABAC_DECODER switch
...
Conflicts:
cmdutils.c
ffserver.c
libavfilter/avfilter.h
libavformat/avformat.h
libavformat/utils.c
libavformat/version.h
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
lavf: prevent crash in av_open_input_file() if ap == NULL.
more Changelog additions
lavf: add a forgotten NULL check in convert_format_parameters().
Fix build if yasm is not available.
H.264: Add x86 assembly for 10-bit MC Chroma H.264 functions.
Conflicts:
Changelog
Merged-by: Michael Niedermayer <michaelni@gmx.at>
