Fixes out of array read
Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5dcb99033df16eccc4dbbc4a099ad64457f9f090)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c8fb5d0f383fcbb0da9bdef609c3a826df0064f7':
Update Changelog
indeo: check for reference when inheriting mvs
indeo: use proper error code
indeo: Properly forward the error codes
mjpeg: Check the unescaped size for overflows
wmapro: error out on impossible scale factor offsets
wmapro: check the min_samples_per_subframe
wmapro: return early on unsupported condition
wmapro: check num_vec_coeffs against the actual available buffer
wmapro: make sure there is room to store the current packet
lavc: move put_bits_left in put_bits.h
4xm: do not overread the source buffer in decode_p_block
4xm: check bitstream_size boundary before using it
Conflicts:
Changelog
libavcodec/4xm.c
libavcodec/mjpegdec.c
libavcodec/wmaprodec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Must be at least WMAPRO_BLOCK_MIN_SIZE.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408da4bd63acc02cd8f9ebe378a2ad65a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* qatar/release/9:
eamad: allocate a dummy reference frame when the real one is missing
libmp3lame: use the correct remaining buffer size when flushing
png: use av_mallocz_array() for the zlib zalloc function
wmaprodec: require block_align to be set.
ffv1: fix calculating slice dimensions for version 2
xxan: fix invalid memory access in xan_decode_frame_type0()
wmadec: require block_align to be set.
ivi_common: do not call MC for intra frames when dc_transform is unset
Conflicts:
libavcodec/ffv1dec.c
libavcodec/ivi_common.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '747fbe0c212b81952bb27ec7b99fa709081e2d63':
roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
mp3dec: Fix VBR bit rate parsing
wmaprodec: return an error, not 0, when the input is too small.
vmdaudio: fix invalid reads when packet size is not a multiple of chunk size
h264: check for luma and chroma bit dept being equal
Prepare for 9.4 Release
Conflicts:
RELEASE
libavcodec/vmdav.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Avoids an infinite loop in the calling programs with decoder not
consuming any input and not returning output.
CC:libav-stable@libav.org
(cherry picked from commit cacad1c058f66558ec727faac3b277d2dee264d4)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Returning 0 may result in an infinite loop in valid calling programs. A
decoder should never return 0 without producing any output.
CC:libav-stable@libav.org
(cherry picked from commit 4c0080b7e7d501e2720d2a61f5186a18377f9d63)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* commit '284ea790d89441fa1e6b2d72d3c1ed6d61972f0b':
dsputil: move vector_fmul_scalar() to AVFloatDSPContext in libavutil
aacenc: use the correct output buffer
aacdec: fix signed overflows in lcg_random()
base64: fix signed overflow in shift
Conflicts:
libavcodec/dsputil.c
libavutil/base64.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
dv1394: Swap the min and max values of the 'standard' option
rtpdec_vp8: Don't parse fields that aren't used
lavc: add some AVPacket doxy.
audiointerleave: deobfuscate a function call.
rtpdec: factorize identical code used in several handlers
a64: remove interleaved mode.
doc: Point to the new location of the c99-to-c89 tool
decode_audio3: initialize AVFrame
ws-snd1: set channel layout
wmavoice: set channel layout
wmapro: use AVCodecContext.channels instead of keeping a private copy
wma: do not keep private copies of some AVCodecContext fields
Conflicts:
libavcodec/wmadec.c
libavcodec/wmaenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
swscale: try to use mmap only if available
configure: check for mprotect
wmapro: use planar sample format
wmalossless: output in planar sample format
wmadec: use float planar sample format output
shorten: use planar sample format
lavc: update documentation for AVFrame.extended_data
Conflicts:
libavcodec/shorten.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0a7005bebd23ade7bb852bce0401af1a8fdbb723':
rtpdec_xiph: fix function return type
smjpeg: fix type of 'ret' variable in smjpeg_read_packet()
mpegvideo: remove write-only variable
Use proper return values in case of missing features
fate: add avstring test
rangecoder-test: Set error message log level to error, instead of debug
Conflicts:
libavcodec/aacdec.c
libavcodec/amrnbdec.c
libavcodec/mpegvideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
vc1dec: Remove separate scaling function for interlaced field MVs
vc1dec: Invoke edge_emulation regardless of MV precision
x86: Use consistent 3dnowext function and macro name suffixes
g723_1: scale output as supposed for the case with postfilter disabled
g723_1: increase excitation storage by 4
g723_1: fix upper bound parameter from inverse maximum autocorrelation
g723_1: make scale_vector() behave like the reference
g723_1: fix off-by-one error in normalize_bits()
g723_1: save/restore excitation with offset to store LPC history
wmapro: prevent division by zero when sample rate is unspecified
x86: proresdsp: improve SIGNEXTEND macro comments
x86: h264dsp: K&R formatting cosmetics
LICENSE: Document all GPL files
Conflicts:
libavcodec/g723_1.c
libavcodec/wmaprodec.c
libavcodec/x86/h264dsp_mmx.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec_asf: Set the no_resync_search option for the chained asf demuxer
asfdec: Add an option for not searching for the packet markers
cosmetics: Clean up the tiffenc pix_fmts declaration to match the style of others
cosmetics: Align codec declarations
cosmetics: Convert mimic.c to utf-8
avconv: remove an unused function parameter.
avconv: remove now pointless variables.
avconv: drop support for building without libavfilter.
nellymoserenc: fix crash due to memsetting the wrong area.
libavformat: Only require first packet to be known for audio/video streams
avplay: Don't try to scale timestamps if the tb isn't set
Conflicts:
Changelog
configure
ffmpeg.c
libavcodec/aacenc.c
libavcodec/bmpenc.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/ffv1.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/libopenjpegdec.c
libavcodec/mpeg12enc.c
libavcodec/mpeg4videodec.c
libavcodec/pamenc.c
libavcodec/pgssubdec.c
libavcodec/pngenc.c
libavcodec/qtrleenc.c
libavcodec/rawdec.c
libavcodec/sgienc.c
libavcodec/tiffenc.c
libavcodec/v210dec.c
libavcodec/wmv2dec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
asf: only set index_read if the index contained entries.
cabac: add overread protection to BRANCHLESS_GET_CABAC().
cabac: increment jump locations by one in callers of BRANCHLESS_GET_CABAC().
cabac: remove unused argument from BRANCHLESS_GET_CABAC_UPDATE().
cabac: use struct+offset instead of memory operand in BRANCHLESS_GET_CABAC().
h264: add overread protection to get_cabac_bypass_sign_x86().
h264: reindent get_cabac_bypass_sign_x86().
h264: use struct offsets in get_cabac_bypass_sign_x86().
h264: fix overreads in cabac reader.
wmall: fix seeking.
lagarith: fix buffer overreads.
dvdec: drop unnecessary dv_tablegen.h #include
build: fix doc generation errors in parallel builds
Replace memset(0) by zero initializations.
faandct: Remove FAAN_POSTSCALE define and related code.
dvenc: print allowed profiles if the video doesn't conform to any of them.
avcodec_encode_{audio,video}: only reallocate output packet when it has non-zero size.
FATE: add a test for vp8 with changing frame size.
fate: add kgv1 fate test.
oggdec: calculate correct timestamps in Ogg/FLAC
Conflicts:
libavcodec/4xm.c
libavcodec/cook.c
libavcodec/dvdata.c
libavcodec/dvdsubdec.c
libavcodec/lagarith.c
libavcodec/lagarithrac.c
libavcodec/utils.c
tests/fate/video.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
sbrdsp.asm: convert all instructions to float/SSE ones.
dv: cosmetics.
dv: check buffer size before reading profile.
Revert "AAC SBR: group some writes."
udp: Print an error message if bind fails
cook: extend channel uncoupling tables so the full bit range is covered.
roqvideo: cosmetics.
roqvideo: convert to bytestream2 API.
dca: don't use av_clip_uintp2().
wmall: fix build with -DDEBUG enabled.
smc: port to bytestream2 API.
AAC SBR: group some writes.
dsputil: remove shift parameter from scalarproduct_int16
SBR DSP: unroll sum_square
rv34: remove dead code in intra availability check
rv34: clean a bit availability checks.
v4l2: update documentation
tgq: convert to bytestream2 API.
parser: remove forward declaration of MpegEncContext
dca: prevent accessing static arrays with invalid indexes.
...
Conflicts:
doc/indevs.texi
libavcodec/Makefile
libavcodec/dca.c
libavcodec/dvdata.c
libavcodec/eatgq.c
libavcodec/mmvideo.c
libavcodec/roqvideodec.c
libavcodec/smc.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
adpcm: Clip step_index values read from the bitstream at the beginning of each frame.
oma: don't read beyond end of leaf_table.
doxygen: Remove documentation for non-existing parameters; misc small fixes.
Indeo3: fix crashes on corrupt bitstreams.
msmpeg4: Replace forward declaration by proper #include.
segment: implement wrap around
avf: reorder AVStream and AVFormatContext
aacdec: Remove erroneous reference to global gain from the out of bounds scalefactor error message.
Conflicts:
libavcodec/indeo3.c
libavformat/avformat.h
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (22 commits)
als: prevent infinite loop in zero_remaining().
cook: prevent div-by-zero if channels is zero.
pamenc: switch to encode2().
svq1enc: switch to encode2().
dvenc: switch to encode2().
dpxenc: switch to encode2().
pngenc: switch to encode2().
v210enc: switch to encode2().
xwdenc: switch to encode2().
ttadec: use branchless unsigned-to-signed unfolding
avcodec: add a Sun Rasterfile encoder
sunrast: Move common defines to a new header file.
cdxl: fix video decoding for some files
cdxl: fix audio for some samples
apetag: add proper support for binary tags
ttadec: remove dead code
swscale: make access to filter data conditional on filter type.
swscale: update context offsets after removal of AlpMmxFilter.
prores: initialise encoder and decoder parts only when needed
swscale: make monowhite/black RGB-independent.
...
Conflicts:
Changelog
libavcodec/alsdec.c
libavcodec/dpxenc.c
libavcodec/golomb.h
libavcodec/pamenc.c
libavcodec/pngenc.c
libavformat/img2.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
WMApro actually support 13-bits block sizes (potentially even up to 14),
and thus we should support that also. If we get block sizes beyond what
the decoder can handle (14 is possible depending on s->decode_flags),
error out instead of crashing.
