Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 695af8eed642ff0104834495652d1ee784a4c14d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Without any correctly decoded slices, there can be no frame.
Fixes out of array reads
Found-by: Rafaël Carré
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 60af6c3138dc501a647bc69b374d5d33d5d86ab5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The existing checks are insufficient to detect a pixel format
changes in case of some damaged streams.
Fixes inconsistency and later out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 11c99c78bafa77f679a1a3ba06ad00984b9a4cae)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevent out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 96f452ac647dae33c53c242ef3266b65a9beafb6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ab6c9332bfa1e20127a16392a0b85a4aa4840889)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c10350358da58600884292c08a8690289b81de29)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This prevents a buffer overflow in rle_decode()
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7357ca900efcf829de4cce4cec6ddc286526d417)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes vlc decoding for hypothetical files that would contain such cases.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f67a0d115254461649470452058fa3c28c0df294)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/9:
arm: vp8: Fix the plain-armv6 version of vp8_luma_dc_wht
Prepare for 9.2 Release
lavr: call mix_function_init() in ff_audio_mix_set_matrix()
rtpenc_chain: Use the original AVFormatContext for getting payload type
rtp: Make sure the output format pointer is set
Conflicts:
RELEASE
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '62de693a17f9b107be7867d822d5accacd4be544':
rtp: Make sure priv_data is set before reading it
videodsp_armv5te: remove #if HAVE_ARMV5TE_EXTERNAL
get_bits: change the failure condition in init_get_bits
mpegvideo: fix loop condition in draw_line()
Conflicts:
libavcodec/get_bits.h
libavcodec/mpegvideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This makes the plain-armv6 version use the same registers as the
armv6t2 version above.
This fixes fate-vp8 on plain-armv6 devices.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2026eb1408a718c37835eb4b258c63714ab3205e)
Signed-off-by: Martin Storsjö <martin@martin.st>
Avoids integer overflows and out of array accesses.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 49b729d3af8464de431362e6c5b3027102bc2f88)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0c6b0409af070a3bfb02b55fde8ba18219edc76b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Karcher <ffmpeg@mkarcher.dialup.fu-berlin.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dcbb920f1587d1fce777aae947a49304665436b5)
libavutil/arm/asm.S sets '.arch' depending on HAVE_ARMV5TE so that
assembling armv5te code will always succeed even if the default -march
flag does not support it. HAVE_ARMV5TE_EXTERNAL tests assembling code
with the default arch.
Fixes the missing symbol ff_prefetch_arm with --cpu= not including
armv5te.
CC: libav-stable@libav.org
Too much code relies in having init_get_bits fed with a valid
buffer and set its dimension to 0.
Check for NULL buffer instead.
(cherry picked from commit 4603ec85ed620e585fc6e2e072c99858ed421855)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The loop condition `x = ex' is incorrect. It should be `x <= ex'.
This bug was introduced in commit c65dfac4 "mpegvideo.c: K&R formatting
and cosmetics."
CC:libav-stable@libav.org
(cherry picked from commit 992b03183819553a73b4f870a710ef500b4eb6d0)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7980cca05c7c72fc8b0be4268eea2e156e538228)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 153fad14e5a2f85637aa6c254ced0fc1c68974e2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ac73d3a12a33c5e4e6357d5f8824e19801663eb5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes state becoming inconsistent
Fixes a null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 23318a57358358e7a4dc551e830e4503f0638cfe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 25160236957647d81e8beecd6c8fb7f1949fc26e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 659546b42d6550e67fcdbb4937cd1982c60448aa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 37be1d802f2e2c21036a54bb15423a41d5aabefb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e2704381e5f13f54506f69b7a05a05dc27ce1d7d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 795d2dc23b16a678d60a681e906aa87c14478597)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bdd71abe5f34ca37612e17d912060f4dc9b94796)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0ccb31dcad5a1543fbb284d66b0410b91ebd171d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3b8d66d5317d91288751869206b3acbb84dc44c7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d6180aa29741334cf69f691b27ffceb33f49d36a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 871b6ec01d27a74702b7cf1d61446709de037948)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9302ad1ac89d5443505cf0418f9d62786513032e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 68a25c64cda16e12ef3a051ff8661c71ef574683)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 98fed59427cec17ce55ac137e7e250cff7db81cf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The mask `x && (1 << y)' is incorrect and always yields true.
The correct form should be `x & (1 << y)'.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
(cherry picked from commit 783e37f7ef3b3cdcfe7aa927a25b4184ae46cd53)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This fixes a regression since d9cf5f51/7a2ee770f5 with theora
over RTP (possibly with other variants of theora as well).
In theora over RTP, the second of the 3 headers turns out to be
0 bytes long, which prior to d9cf5f51 worked just fine. After
d9cf5f51, reading from the bitstream reader fails (since the reader
wasn't initialized but returned an error if initialized with 0 bits).
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e33db35b4a91ad543d9dde3a981a89118ba68937)
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/release/9:
libx264: use the library specific default rc_initial_buffer_occupancy
lavc: set the default rc_initial_buffer_occupancy
lavc: introduce the convenience function init_get_bits8
lavc: check for overflow in init_get_bits
APIchanges: Fill in missing hashes and dates; fix a version number typo.
configure: enable pic for shared libs on AArch64
zmbv: Reset the decoder on keyframe errors
vc1dec: prevent a crash due missing pred_flag parameter
matroska: Fix use after free
vp3: Fix double free in vp3_decode_end()
update Changelog
oggdec: make sure the private parse data is cleaned up
oggdec: free the ogg streams on read_header failure
update Changelog
x86: lavr: use the x86inc.asm automatic stack alignment in mixing functions
Prepare 9.1 Release
Conflicts:
Changelog
RELEASE
doc/APIchanges
libavcodec/utils.c
libavformat/oggdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
If the motion vector is at a subpixel position, we need 3 pixels below
the motion vector's wholepel position available, not 2, since the MC
filter is a sixtap filter for the hpel position, and then a bilin filter
for the qpel position.
This patch fixes highly irreproducible (0.1%) fate failures in frame 2
and 4 of h264-conformance-cama2_vtc_b (e.g. first P-frame, first field,
last line of MB x=40,y=2 and second field and last lines of MBs x=39-40,
y=3). These used pre-loopfilter instead of post-loopfilter data because
the await_progress() waited for one line too little in that field, and
the motion vector of these particular MBs happened to align exactly to a
position where that demonstrates the bug.
CC: libav-stable@libav.org
(cherry picked from commit fb845ffdd335a1efd6dfd43e8adeb530397b348e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
It's been returning an error value since
bad446e251405dc250c3cbee199072e083a1e4b9
Also check for the errors it returns.
(cherry picked from commit ea382767ad2191acbe97e90624059723e15f0e4b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
