* commit '1147d39bca135df8673031d16989ba486a52172a':
h264: reset data_partitioning if decoding the slice header for NAL_DPA fails
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '30e58e65e543d04d5e52bf188b31abf4dd41a104':
h264_refs: make sure not to write over the bounds of the default ref list
Conflicts:
libavcodec/h264_refs.c
See: 0a5ca63c24b8a07f94611637ba29e41b8b47ce24
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is basically an overread/overwrite-safe memcpy between a
GetByteContext and a PutByteContext.
CC:libav-stable@libav.org
(cherry picked from commit 5748faf291fec297ef25d81962b52b3438f54278)
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
CC:libav-stable@libav.org
(cherry picked from commit de9d2705f61ef569487ec5f8974a9c7ce34ec783)
avcodec_flush_buffers() must release all internally held references
according to its documentation, for which all the threads need to be
flushed.
CC:libav-stable@libav.org
Bug-Id: vlc/9665
Otherwise the generic code will unref them, which can then result in
last_picture_ptr == current_picture_ptr, which causes deadlocks at least
in rv40.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Prevents using GetBitContexts with data from previous calls.
Fixes access to freed memory.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Otherwise the ER code might try to use some already freed references.
Fixes possible access to freed memory.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
In this case we may not have a current frame, while first_field being
set implies we do.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
There is no point in delaying the check and it avoids bugs with a
half-initialized context.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
If it was set before then we can end up trying to decode a slice without
a valid slice header, which can lead to invalid memory access.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 58312b2472d3a44d7458865c459d59ef2e02bf1a)
Higher modes are not allowed for 16x16/chroma, which is what this
function is used for. Otherwise this function would return 0 (vertical
prediction) for invalid higher modes, which could result in invalid
reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
The overread avoidance fix in cbddee1cca0ebd01e8c5aa694d31228eb4de4b41
broke the computation for the last row since it prevented the safe
reading from the height+1-th row.
Fixes out of array read
Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d42ec8433c687fcbccefa51a7716d81920218e4f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c919e1ca2ecfc47d796382973ba0e48b8f6f92a2)
Conflicts:
libavcodec/msrle.c
(cherry picked from commit bc1c8ec5e65098fd2ccd8456f667151dfc9cda42)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
20 ms is used by libopus encoder.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 74906d3727ec3bd9b7b28dfa7a98ff6e8cf8b6d7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 240fd8c96f59ebe9dcfc4152a1086cd3f63400c0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e48318802b3caa493a40c0584afc30cc866d9d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '8883b5f85bfe35509633bc590d19b6a1b495690e':
h264: Fix a typo from the previous commit
h264: Lower bound check for slice offsets
Add missing header to fix compilation after d2a0654
Prepare for 9.12 RELEASE
configure: Add missing dependency of Snow decoder on videodsp
rpza: limit the number of blocks to the total remaining blocks in the frame
Conflicts:
RELEASE
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Avoid a division by 0 in ff_mpeg4_set_one_direct_mv.
Sample-Id: 00000168-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 9514440337875e0c63b409abcd616b68c518283f)
(cherry picked from commit 5df52b0131d3d4d804ad6e221bc9a2cd8b201ef2)
f777504f640260337974848c7d5d7a3f064bbb45 changed a - in +
CC: libav-stable@libav.org
(cherry picked from commit d922c5a5fbaf0b6c73bd8c81ae059bc6e406961c)
(cherry picked from commit 3ce77e04c2ca4b9e7fa6b94b51e8d7c5f188da86)
Fixes invalid writes on pixel format changes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 4c3e1956ee35fdcc5ffdb28782050164b4623c0b)
And use the value from the specification.
Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit f777504f640260337974848c7d5d7a3f064bbb45)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)
Conflicts:
libavcodec/h264.c
* qatar/release/9:
Update Changelog for 9.11
oggparseogm: check timing variables
mathematics: remove asserts from av_rescale_rnd()
vc1: Always reset numref when parsing a new frame header.
h264: reset num_reorder_frames if it is invalid
Conflicts:
Changelog
libavcodec/vc1.c
libavutil/mathematics.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '62ed6da016b789eee00e0fff517df4a254e12e5d':
h264: check that an IDR NAL only contains I slices
mov: Free an earlier allocated array if allocating a new one
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '44079902c49e526f464bb4eb855665e1af867e91':
mov: Free intermediate arrays in the normal cleanup function
segafilm: fix leaks if reading the header fails
h264_cavlc: check the size of the intra PCM data.
h263: Check init_get_bits return value
cavsdec: check ff_get_buffer() return value
Conflicts:
libavcodec/cavsdec.c
libavcodec/h263dec.c
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c85e5f13f6ac9c4c90125e7671d89009e57f9df9':
cavs: Check for negative cbp
avi: DV in AVI must be considered single stream
vmnc: Check the cursor dimensions
vmnc: Port to bytestream2
Conflicts:
libavcodec/cavsdec.c
libavcodec/vmnc.c
libavformat/avidec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
