Update for 2.4.13

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
mov: Add an option to toggle dref opening
2016-02-01 02:28:54 +01:00 · 2016-02-01 02:13:24 +01:00 · 2016-02-01 02:12:22 +01:00 · 2016-02-01 02:12:22 +01:00 · 2016-02-01 02:12:22 +01:00 · 2016-02-01 02:12:22 +01:00
439 changed files with 6021 additions and 1909 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
 *.pnm -diff -text
--- a/660
+++ b/660
@ -1,7 +1,665 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
-version <next>:
+version 2.4.13:
 - mov: Add an option to toggle dref opening
 - MAINTAINERS: remove unmaintained releases
 - avcodec/jpeg2000dec: More completely check cdef
 - avutil/opt: check for and handle errors in av_opt_set_dict2()
 - avcodec/flacenc: fix calculation of bits required in case of custom sample rate
 - avformat: Document urls a bit
 - avformat/concat: Check protocol prefix
 - doc/demuxers: Document enable_drefs and use_absolute_path
 - avcodec/mjpegdec: Check for end for both bytes in unescaping
 - avformat/avformat: Replace some references to filenames by urls
 - avcodec/wmaenc: Check ff_wma_init() for failure
 - avcodec/mpeg12enc: Move high resolution thread check to before initializing threads
 - avformat/avio: Limit url option parsing to the documented cases
 - avcodec/ass_split: Fix null pointer dereference in ff_ass_style_get()
 - avcodec/gif: Fix lzw buffer size
 - avcodec/put_bits: Assert buf_ptr in flush_put_bits()
 - avcodec/tiff: Check subsample & rps values more completely
 - swscale/swscale: Add some sanity checks for srcSlice* parameters
 - swscale/x86/rgb2rgb_template: Fix planar2x() for short width
 - swscale/swscale_unscaled: Fix odd height inputs for bayer_to_yv12_wrapper()
 - swscale/swscale_unscaled: Fix odd height inputs for bayer_to_rgb24_wrapper()
 - avcodec/wavpackenc: print channel count in av_log call
 - configure: bump copyright year to 2016
 - avformat/hls: Even stricter URL checks
 - avformat/hls: More strict url checks
 - swscale/yuv2rgb: Increase YUV2RGB table headroom
 - swscale/yuv2rgb: Factor YUVRGB_TABLE_LUMA_HEADROOM out
 - avformat/hls: forbid all protocols except http(s) & file
 - avformat/aviobuf: Fix end check in put_str16()
 - avformat/asfenc: Check pts
 - avcodec/mpeg4video: Check time_incr
 - avcodec/wavpackenc: Check the number of channels
 - avcodec/wavpackenc: Headers are per channel
 - avcodec/dvdec: Fix "left shift of negative value -254"
 - avcodec/mjpegdec: Fix negative shift
 - avcodec/mss2: Check for repeat overflow
 - avformat: Add integer fps from 31 to 60 to get_std_framerate()
 - avcodec/mpegvideo_enc: Clip bits_per_raw_sample within valid range
 - avcodec/motion_est: Fix mv_penalty table size
 - avcodec/h264_slice: Fix integer overflow in implicit weight computation
 - swscale/utils: Use normal bilinear scaler if fast cannot be used due to tiny dimensions
 - avcodec/put_bits: Always check buffer end before writing
 - swscale/utils: Fix intermediate format for cascaded alpha downscaling
 - avcodec/h264_refs: Fix long_idx check
 - avfilter/vf_mpdecimate: Add missing emms_c()
 - avformat/mxfenc: Do not crash if there is no packet in the first stream
 - swscale/swscale-test: Fix slice height in random reference data creation.
 - dca: fix misaligned access in avpriv_dca_convert_bitstream
 - brstm: fix missing closing brace
 - brstm: also allocate b->table in read_packet
 - brstm: make sure an ADPC chunk was read for adpcm_thp
 - vorbisdec: reject rangebits 0 with non-0 partitions
 - vorbisdec: reject channel mapping with less than two channels
 - ffmdec: reset packet_end in case of failure
 - mjpegdec: extend check for incompatible values of s->rgb and s->ls
 - avformat/ipmovie: put video decoding_map_size into packet and use it in decoder
 - avcodec/samidec: make sure to properly restore parsing context after a tag
 - x86/float_dsp: zero extend offset from ff_scalarproduct_float_sse
 - avcodec/mpeg4videodec: also for empty partitioned slices
 - nuv: sanitize negative fps rate
 - rawdec: only exempt BIT0 with need_copy from buffer sanity check
 - mlvdec: check that index_entries exist
 - nutdec: reject negative value_len in read_sm_data
 - xwddec: prevent overflow of lsize * avctx->height
 - nutdec: only copy the header if it exists
 - exr: fix out of bounds read in get_code
 - on2avc: limit number of bits to 30 in get_egolomb
 - sonic: make sure num_taps * channels is not larger than frame_size
 - opus_silk: fix typo causing overflow in silk_stabilize_lsf
 - ffm: reject invalid codec_id and codec_type
 - aaccoder: prevent crash of anmr coder
 - swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the alignment is insufficient for SSE*
 - swscale/x86/rgb2rgb_template: Do not crash on misaligend stride
 version 2.4.12:
 - avcodec/ffv1dec: Clear quant_table_count if its invalid
 - avcodec/ffv1dec: Print an error if the quant table count is invalid
 - avcodec/hevc: Check max ctb addresses for WPP
 - avcodec/vp3: ensure header is parsed successfully before tables
 - avcodec/jpeg2000dec: Check bpno in decode_cblk()
 - avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented in type int
 - swscale/utils: Fix for runtime error: left shift of negative value -1
 - avcodec/hevc: Fix integer overflow of entry_point_offset
 - avcodec/dirac_parser: Check that there is a previous PU before accessing it
 - avcodec/dirac_parser: Add basic validity checks for next_pu_offset and prev_pu_offset
 - avcodec/dirac_parser: Fix potential overflows in pointer checks
 - avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows
 - avcodec/wmaprodec: Fix overflow of cutoff
 - avformat/smacker: fix integer overflow with pts_inc
 - avcodec/vp3: Fix "runtime error: left shift of negative value"
 - mpegencts: Fix overflow in cbr mode period calculations
 - avutil/timecode: Fix fps check
 - avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for overflows
 - avcodec/apedec: Check length in long_filter_high_3800()
 - avcodec/vp3: always set pix_fmt in theora_decode_header()
 - avcodec/mpeg4videodec: Check available data before reading custom matrix
 - avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
 - avutil/integer: Fix av_mod_i() with negative dividend
 - avformat/dump: Fix integer overflow in av_dump_format()
 - avcodec/utils: Clear dimensions in ff_get_buffer() on failure
 - avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
 - avcodec/vp3: Clear context on reinitialization failure
 - avcodec/hevc: allocate entries unconditionally
 - avcodec/hevc_cabac: Fix multiple integer overflows
 - avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
 - avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
 - avcodec/hevc: Check entry_point_offsets
 - avcodec/cabac: Check initial cabac decoder state
 - avcodec/cabac_functions: Fix "left shift of negative value -31767"
 - avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized
 - avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup
 - rtmpcrypt: Do the xtea decryption in little endian mode
 - avformat/matroskadec: Check subtitle stream before dereferencing
 - avformat/utils: Do not init parser if probing is unfinished
 - avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensions
 - avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range
 - avcodec/jpeg2000: Check comp coords to be within the supported size
 - avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()
 - avcodec/wmaprodec: Check for overread in decode_packet()
 - avcodec/smacker: Check that the data size is a multiple of a sample vector
 - avcodec/takdec: Skip last p2 sample (which is unused)
 - avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()
 - avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()
 - avcodec/error_resilience: avoid accessing previous or next frames tables beyond height
 - avcodec/dpx: Move need_align to act per line
 - avcodec/flashsv: Check size before updating it
 - avcodec/ivi: Check image dimensions
 - avcodec/utils: Better check for channels in av_get_audio_frame_duration()
 - avcodec/jpeg2000dec: Check for duplicate SIZ marker
 - avcodec/jpeg2000dec: Clip all tile coordinates
 - avcodec/microdvddec: Check for string end in 'P' case
 - avcodec/dirac_parser: Fix undefined memcpy() use
 - avformat/xmv: Discard remainder of packet on error
 - avformat/xmv: factor return check out of if/else
 - libavutil/channel_layout: Check strtol*() for failure
 - avcodec/ffv1dec: Check for 0 quant tables
 - avcodec/mjpegdec: Reinitialize IDCT on BPP changes
 - avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it
 - avutil/file_open: avoid file handle inheritance on Windows
 - avcodec/ffv1: Initialize vlc_state on allocation
 - avcodec/ffv1dec: update progress in case of broken pointer chains
 - avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons
 - avformat/httpauth: Add space after commas in HTTP/RTSP auth header
 - avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise
 - avcodec/ffv1dec: Fix off by 1 error in quant_table_count check
 - avcodec/ffv1dec: Explicitly check read_quant_table() return value
 - avcodec/rangecoder: Check e
 - lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.
 - avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
 - avfilter/af_asyncts: use llabs for int64_t
 - avcodec/g2meet: Also clear tile dimensions on header_fail
 - avcodec/g2meet: Fix potential overflow in tile dimensions check
 - avcodec/svq1dec: Check init_get_bits8() for failure
 - avcodec/tta: Check init_get_bits8() for failure
 - swresample/swresample: Fix integer overflow in seed calculation
 - avformat/mov: Fix integer overflow in FFABS
 - avutil/common: Add FFNABS()
 - avutil/common: Document FFABS() corner case
 - avformat/dump: Fix integer overflow in aspect ratio calculation
 - avcodec/truemotion1: Check for even width
 - avcodec/libopusenc: Fix infinite loop on flushing after 0 input
 - doc/filters/drawtext: fix centering example
 - avcodec: avoid division by zero in avcodec_string
 - mpegvideo: clear overread in clear_context
 - dvdsubdec: validate offset2 similar to offset1
 - avcodec/takdec: Use memove, avoid undefined memcpy() use
 - jvdec: avoid unsigned overflow in comparison
 - avcodec/mpeg12dec: Do not call show_bits() with invalid bits
 - opusdec: Don't run vector_fmul_scalar on zero length arrays
 - avcodec/opusdec: Fix extra samples read index
 - riffdec: prevent negative bit rate
 - Merge commit 'd80811c94e068085aab797f9ba35790529126f85'
 - imc: use correct position for flcoeffs2 calculation
 - snow: remove an obsolete av_assert2
 - wavpack: limit extra_bits to 32 and use get_bits_long
 - huffyuvdec: validate image size
 - wavpack: use get_bits_long to read up to 32 bits
 - nutdec: check maxpos in read_sm_data before returning success
 - s302m: fix arithmetic exception
 - mpegaudiodec: copy AVFloatDSPContext from first context to all contexts
 - vc1dec: use get_bits_long and limit the read bits to 32
 - avcodec/s302m: Only set the sample rate when some data is output
 - avidec: check for valid bit_rate range
 - vp9: add support for resolution changes in inter frames.
 - vp9: avoid infinite loop with broken files
 - videodsp: don't overread edges in vfix3 emu_edge.
 - avformat/oggenc: Check segments_count for headers too
 - avformat/avidec: Workaround broken initial frame
 - hevc: properly handle no_rasl_output_flag when removing pictures from the DPB
 - hevc: fix wpp threading deadlock.
 - avcodec/ffv1: seperate slice_count from max_slice_count
 - lavf/img2dec: Fix memory leak
 - avcodec/mp3: fix skipping zeros
 - doc: mention libavcodec can decode Opus natively
 version 2.4.11:
 - avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops
 - avformat/hevc: Fix parsing errors
 - ffmpeg: Use correct codec_id for av_parser_change() check
 - ffmpeg: Check av_parser_change() for failure
 - avcodec/h264_mp4toannexb_bsf: Reorder operations in nal_size check
 - ffmpeg: Check for RAWVIDEO and do not relay only on AVFMT_RAWPICTURE
 - ffmpeg: check avpicture_fill() return value
 - avformat/mux: Update sidedata in ff_write_chained()
 - avcodec/flashsvenc: Correct max dimension in error message
 - avcodec/svq1enc: Check dimensions
 - avcodec/dcaenc: clear bitstream end
 - libavcodec/aacdec_template: Use init_get_bits8() in aac_decode_frame()
 - rawdec: fix mjpeg probing buffer size check
 - rawdec: fix mjpeg probing
 - avcodec/vp8: Check buffer size in vp8_decode_frame_header()
 - avcodec/vp8: Fix null pointer dereference in ff_vp8_decode_free()
 - avcodec/diracdec: Check for hpel_base allocation failure
 - avcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy()
 - avfilter/af_aresample: Check ff_all_* for allocation failures
 - avcodec/pthread_frame: clear priv_data, avoid stale pointer in error case
 - swscale/utils: Clear pix buffers
 - avutil/fifo: Fix the case where func() returns less bytes than requested in av_fifo_generic_write()
 - avformat/mov: Fix deallocation when MOVStreamContext failed to allocate
 - ffmpeg: Fix cleanup with ost = NULL
 - avcodec/pthread_frame: check avctx on deallocation
 - avcodec/sanm: Reset sizes in destroy_buffers()
 - avcodec/alac: Clear pointers in allocate_buffers()
 - bytestream2: set the reader to the end when reading more than available
 - avcodec/utils: use a minimum 32pixel width in  avcodec_align_dimensions2() for H.264
 - avcodec/mpegvideo: Clear pointers in ff_mpv_common_init()
 - oggparsedirac: check return value of init_get_bits
 - wmalosslessdec: reset frame->nb_samples on packet loss
 - wmalosslessdec: avoid reading 0 bits with get_bits
 - avcodec/rawenc: Use ff_alloc_packet() instead of ff_alloc_packet2()
 - avcodec/aacsbr: Assert that bs_num_env is positive
 - avcodec/aacsbr: check that the element type matches before applying SBR
 - avcodec/h264_slice: Use w/h from the AVFrame instead of mb_w/h
 - vp9/update_prob: prevent out of bounds table read
 - avfilter/vf_transpose: Fix rounding error
 - avcodec/pngdec: Only allow one IHDR chunk
 - wmavoice: limit wmavoice_decode_packet return value to packet size
 - swscale/swscale_unscaled: Fix rounding difference with RGBA output between little and big endian
 - ffmpeg: Do not use the data/size of a bitstream filter after failure
 - swscale/x86/rgb2rgb_template: fix signedness of v in shuffle_bytes_2103_{mmx,mmxext}
 - swscale/x86/rgb2rgb_template: add missing xmm clobbers
 - vda: unlock the pixel buffer base address.
 - swscale/rgb2rgb_template: Fix signedness of v in shuffle_bytes_2103_c()
 - swscale/rgb2rgb_template: Implement shuffle_bytes_0321_c and fix shuffle_bytes_2103_c on BE
 - swscale/rgb2rgb_template: Disable shuffle_bytes_2103_c on big endian
 - swr: Remember previously set int_sample_format from user
 - matroskadec: check audio sample rate
 - matroskadec: validate audio channels and bitdepth
 - avcodec/dpxenc: implement write16/32 as functions
 - postproc: fix unaligned access
 - avio: fix potential crashes when combining ffio_ensure_seekback + crc
 - h264: er: Copy from the previous reference only if compatible
 - sonic: set avctx->channels in sonic_decode_init
 - vp8: change mv_{min,max}.{x,y} type to int
 - vp9: change type of tile_size from unsigned to int64_t
 - arm: only enable setend on ARMv6
 - libopenjpegdec: check existence of image component data
 - mov: abort on EOF in ff_mov_read_chan
 - ffmpeg_opt: Check for localtime() failure
 - avformat: Fix bug in parse_rps for HEVC.
 - takdec: ensure chan2 is a valid channel index
 - avcodec/h264_slice: Use AVFrame diemensions for grayscale handling
 - avdevice/lavfi: do not rescale AV_NOPTS_VALUE in lavfi_read_packet()
 - libavutil/channel_layout: Correctly return layout when channel specification ends with a trailing 'c'.
 - avcodec/jpeg2000dec: Check that coords match before applying ICT
 - avformat/ffmdec: Check ffio_set_buf_size() return value
 - avcodec/adpcm: Check for overreads
 - avcodec/alsdec: Check for overread
 - avcodec/atrac3plusdec: consume only as many bytes as available
 - swresample/swresample: Cleanup on init failure.
 - Revert "avformat/rtpenc: check av_packet_get_side_data() return, fix null ptr dereference"
 - avformat/mxfenc: Accept MXF D-10 with 49.999840 Mbit/sec
 - swresample/dither: check memory allocation
 - opusdec: properly handle mismatching configurations in multichannel streams
 - MAINTAINERS: Remove myself as leader
 - h263: Always check both dimensions
 - avformat/swfdec: Do not error out on pixel format changes
 - avcodec/exr: fix crash caused by merge
 - avcodec/x86/h264_weight: handle weight1=128
 - avcodec/hevc_ps: Only discard overread VPS if a previous is available
 - avformat/mov: Mark avio context of decompressed atoms as seekable
 _ avfilter/x86/vf_hqdn3d: Fix register types
 version 2.4.10:
 - diracdec: check if reference could not be allocated
 - diracdec: avoid overflow of bytes*8 in decode_lowdelay
 - diracdec: prevent overflow in data_unit_size check
 - avformat/matroskadec: Use tracks[k]->stream instead of s->streams[k]
 - matroskadec: check s->streams[k] before using it
 - avcodec/ffv1dec: Check chroma shift parameters
 - matroskadec: use uint64_t instead of int for index_scale
 - avcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and undefined behavior in fate
 - nutdec: fix illegal count check in decode_main_header
 - nutdec: check for negative frame rate in decode_info_header
 - ffmpeg: remove incorrect network deinit
 - OpenCL: Avoid potential buffer overflow in cmdutils_opencl.c
 - apedec: set s->samples only when init_frame_decoder succeeded
 - OS/2:Makedef.cmd cleanup
 - avcodec/golomb: get_ur_golomb_jpegls: Fix reading huge k values
 - avformat/mov: Fix parsing short loci
 - avformat/mov: Print reason of loci parsing failure
 - avcodec/hevc: Fix typo in num_entry_point_offsets check
 - avcodec/libtheoraenc: Check for av_malloc failure
 - avcodec/dcadec: Check active_bands
 - avcodec/dcadec: Check scale table index
 - avcodec/sonic: More completely check sample_rate_index and channels
 - avcodec/sonic: check memory allocations
 - avcodec/smvjpegdec: check avcodec_decode_video2() return code
 - avcodec/shorten: More complete pred_order check
 - avcodec/shorten: Check skip_bytes()
 - png: Set the color range as full range
 - mpegts: Update the PSI/SI table only if the version change
 - rtsp: Make sure we don't write too many transport entries into a fixed-size array
 - rtpenc_jpeg: Handle case of picture dimensions not dividing by 8
 - libvpx: Fix mixed use of av_malloc() and av_reallocp()
 - aacpsy: correct calculation of minath in psy_3gpp_init
 - avcodec/shorten: Fix code depending on signed overflow behavior
 - avcodec/proresdec2: Reset slice_count on deallocation
 - ffmpeg_opt: Fix -timestamp parsing
 - avcodec/dcadec: Check subsubframes
 - avcodec/dcadec: Check nchans
 - hevc: make avcodec_decode_video2() fail if get_format() fails
 - avcodec/cavsdec: Check esc_code
 - avcodec/on2avc: Check run more carefully
 - avcodec/mpeg4audio: add some padding/alignment to MAX_PCE_SIZE
 - swr: fix alignment issue caused by 8ch sse functions
 - avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()
 - avcodec/jpeg2000dec: fix boolean operator
 - avcodec/hevc_ps: Explicitly check num_tile_* for negative values
 - avcodec/hevc_ps: Check vps_num_hrd_parameters
 - avcodec/hevc_ps: More completely check vps_num_layer_sets
 - avcodec/hevc: Check num_entry_point_offsets
 - avcodec/hevc: Check offset_len
 - libswscale/x86/hscale_fast_bilinear_simd.c: Include BX in the clobber list on x86_64, because it isn't implicitly included when PIC is on.
 - avcodec/hevc_sei: Check num_sps_ids_minus1 value
 - avcodec/vqavideo: Check chunk size
 - aacdec: don't return frames without data
 - avformat/hevc: Check num_negative_pics and num_positive_pics
 - avformat/hevc: Check cpb_cnt_minus1
 - avformat/matroskadec: Cleanup error handling for bz2 & zlib
 - avformat/nutdec: Fix use of uinitialized value
 - avformat/rtpenc_jpeg: Check remaining buffer size for SOS
 - avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet()
 - tools/graph2dot: use larger data types than int for array/string sizes
 - avformat/matroskaenc: Check ff_vorbiscomment_length in put_flac_codecpriv()
 - avformat/oggenc: Check ff_vorbiscomment_length in ogg_write_vorbiscomment()
 - avformat/flacenc: Check length in flac_write_block_comment()
 - avformat/subtitles: Use size_t for len
 - avformat/url: Use size_t for len from strlen()
 - avutil/avstring: Use size_t in av_strlcatf()
 - avformat/vorbiscomment: Check entry length in ff_vorbiscomment_write()
 - avutil/dict: Use size_t for appending strings
 - libavutil/mem: use size_t for the length in av_strdup()
 - aacsbr: break infinite loop in sbr_hf_calc_npatches
 - diracdec: check that block length is valid
 - ffmpeg_opt: Set the video VBV parameters only for the video stream from -target
 - avcodec/bitstream: Assert that there is enough space left in avpriv_copy_bits()
 - avcodec/put_bits: Assert that there is enough space left in skip_put_bytes()
 - avcodec/mpegvideo_enc: Update the buffer size as more slices are merged
 - avcodec/put_bits: Update size_in_bits in set_put_bits_buffer_size()
 - avformat/wavdec: Increase dts packet threshold to fix more misdetections
 - avformat/wavdec: Increase probe_packets limit
 - nutdec: abort if EOF is reached in decode_info_header/read_sm_data
 - nutdec: stop skipping bytes at EOF
 - nutdec: fix infinite resync loops
 - avformat/nutdec: Check X in 2nd branch of index reading
 - avformat/nutdec: Fix recovery when immedeately after seeking a failure happens
 - avformat/nutdec: Return error on EOF from get_str()
 - avcodec/x86/cavsdsp: remove unneeded tmp
 - nutdec: fix memleaks on error in nut_read_header
 - avformat/avidec: print a warning for negative sample_size
 - avidec: avoid infinite loop due to negative ast->sample_size
 - nutdec: check chapter creation in decode_info_header
 - apedec: prevent out of array writes in decode_array_0000
 - avformat/mpegts: Detect changes in packet through CRC instead of just the 5bit version
 - avformat/mpegts: reset last_ver on corrupted packets
 - avformat/mpegts: Factorize version checking code out
 - avformat/mpegts: Also parse the FMC descriptor if the codec has not been identified yet
 - avformat/mpegts: reset last_version on seeking
 - avformat/mp3dec: Check for avcodec_alloc_context3() failure
 - avformat/mp3dec: properly allocate dummy AVCodecContext
 - lavfi/fade: Do not overread input buffer.
 - tests: drop bc dependency
 - alsdec: limit avctx->bits_per_raw_sample to 32
 version 2.4.9:
 - alac: reject rice_limit 0 if compression is used
 - lavf: Reset global flag on deinit
 - bink: check vst->index_entries before using it
 - mpeg4videodec: only allow a positive length
 - alsdec: check sample pointer range in revert_channel_correlation
 - avcodec/h264_refs: Do not set reference to things which do not exist
 - avcodec/h264: Fail for invalid mixed IDR / non IDR frames in slice threading mode
 - h264: avoid unnecessary calls to get_format
 - avutil/pca: Check for av_malloc* failures
 - alsdec: validate time diff index
 - avcodec/alsdec: Use av_mallocz_array() for chan_data to ensure the arrays never contain random data
 - alsdec: ensure channel reordering is reversible
 - avcodec/atrac3plusdsp: fix on stack alignment
 - ac3: validate end in ff_ac3_bit_alloc_calc_mask
 - aacpsy: avoid psy_band->threshold becoming NaN
 - aasc: return correct buffer size from aasc_decode_frame
 - aacdec: consistently use avctx for logging in decode_eld_specific_config
 - msrledec: use signed pixel_ptr in msrle_decode_pal4
 - swresample/swresample-test: Randomly wipe out channel counts
 - swresample: Check channel layouts and channels against each other and print human readable error messages
 - swresample: Allow reinitialization without ever setting channel layouts
 - swresample: Allow reinitialization without ever setting channel counts
 - avcodec/h264: Do not fail with randomly truncated VUIs
 - avcodec/h264_ps: Move truncation check from VUI to SPS
 - avcodec/h264: Be more tolerant to changing pps id between slices
 - avcodec/aacdec: Fix storing state before PCE decode
 - avcodec/h264: reset the counts in the correct context
 - avcodec/h264_slice: Do not reset mb_aff_frame per slice
 - tests: Fix test name for pixfmts tests
 - avcodec/h264: finish previous slices before switching to single thread mode
 - avcodec/h264: Fix race between slices where one overwrites data from the next
 - avformat/utils: avoid discarded streams in av_find_default_stream_index()
 - avformat/utils: Ensure that AVFMT_FLAG_CUSTOM_IO is set before use
 - avformat/img2dec: do not rewind custom io buffers
 - fate: Include branch information in the payload header
 version 2.4.8:
 - avutil/cpu: add missing check for mmxext to av_force_cpu_flags
 - avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
 - avcodec/hevc_ps: Check cropping parameters more correctly
 - avcodec/dnxhddec: Check that the frame is interlaced before using cur_field
 - avformat/mov: Disallow ".." in dref unless use_absolute_path is set
 - avformat/mov: Check for string truncation in mov_open_dref()
 - ac3_fixed: fix out-of-bound read
 - avcodec/012v: redesign main loop
 - avcodec/012v: Check dimensions more completely
 - asfenc: fix leaking asf->index_ptr on error
 - avcodec/options_table: remove extradata_size from the AVOptions table
 - ffmdec: limit the backward seek to the last resync position
 - ffmdec: make sure the time base is valid
 - ffmdec: fix infinite loop at EOF
 - avcodec/tiff: move bpp check to after "end:"
 - avcodec/opusdec: Fix delayed sample value
 - avcodec/utils: Align YUV411 by as much as the other YUV variants
 - vp9: fix segmentation map retention with threading enabled.
 - doc/protocols/tcp: fix units of listen_timeout option value, from microseconds to milliseconds
 - fix VP9 packet decoder returning 0 instead of the used data size
 - avformat/bit: only accept the g729 codec and 1 channel
 - avformat/adxdec: check avctx->channels for invalid values
 - Fix buffer_size argument to init_put_bits() in multiple encoders.
 - mips/acelp_filters: fix incorrect register constraint
 - avcodec/hevc_ps: Sanity checks for some log2_* values
 - avcodec/zmbv: Check len before reading in decode_frame()
 - avcodec/snowdec: Fix ref value check
 - swscale/utils: More carefully merge and clear coefficients outside the input
 - avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop
 - avcodec/a64multienc: don't set incorrect packet size
 - webp: ensure that each transform is only used once
 - avcodec/hevc_ps: More complete window reset
 - vp9: make above buffer pointer 32-byte aligned.
 - avformat/rm: limit packet size
 - avcodec/webp: validate the distance prefix code
 - avcodec/gif: fix off by one in column offsetting finding
 version 2.4.7:
 - avcodec/flac_parser: fix handling EOF if no headers are found
 - avfilter/vf_framepack: Check and update frame_rate
 - avcodec/hevc: Fix handling of skipped_bytes() reallocation failures
 - qpeg: avoid pointless invalid memcpy()
 - avcodec/arm/videodsp_armv5te: Fix linking failure with "g++ -shared -D__STDC_CONSTANT_MACROS -o test.so ... libavcodec.a"
 - avcodec/mjpegdec: Skip blocks which are outside the visible area
 - lavc/aarch64: Do not use the neon horizontal chroma loop filter for H.264 4:2:2. (cherry picked from commit 4faea46bd906b3897018736208123aa36c3f45d5)
 - avcodec/h264_slice: assert that reinit does not occur after the first slice
 - avcodec/h264_slice: ignore SAR changes in slices after the first
 - avcodec/h264_slice: Check picture structure before setting the related fields
 - avcodec/h264_slice: Do not change frame_num after the first slice
 - avutil/opt: Fix type used to access AV_OPT_TYPE_SAMPLE_FMT
 - avutil/opt: Fix types used to access AV_OPT_TYPE_PIXEL_FMT
 - avcodec/h264: Be more strict on rejecting pps/sps changes
 - avcodec/h264: Be more strict on rejecting pps_id changes
 - avcodec/h264_ps: More completely check the bit depths
 - avformat/thp: Check av_get_packet() for failure not only for partial output
 - swscale/utils: Limit filter shifting so as not to read from prior the array
 - avcodec/mpegvideo_motion: Fix gmc chroma dimensions
 - avcodec/mjpegdec: Check number of components for JPEG-LS
 - avcodec/mjpegdec: Check escape sequence validity
 - avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior
 - avformat/mpc8: fix broken pointer math
 - avformat/mpc8: fix hang with fuzzed file
 - avformat/tta: fix crash with corrupted files
 version 2.4.6:
 - doc/examples: fix lib math dep for decoding_encoding
 - avformat/movenc: workaround bug in "PathScale EKOPath(tm) Compiler Suite Version 4.0.12.1"
 - vp9: fix parser return values in error case
 - ffmpeg: Clear error message array at init.
 - avcodec/dvdsubdec: fix accessing dangling pointers
 - avcodec/dvdsubdec: error on bitmaps with size 0
 - avformat/mov: Fix mixed declaration and statement warning
 - cmdutils: Use 64bit for file size/offset related variable in cmdutils_read_file()
 - avformat/utils: Clear pointer in ff_alloc_extradata() to avoid leaving a stale pointer in memory
 - avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory
 - lavfi: check av_strdup() return value
 - mov: Fix negative size calculation in mov_read_default().
 - avformat/mov: fix integer overflow in mov_read_udta_string()
 - mov: Avoid overflow with mov_metadata_raw()
 - avcodec/dvdsubdec: fix out of bounds accesses
 - avfilter/vf_sab: fix filtering tiny images
 - avformat/flvdec: Increase string array size
 - avformat/flvdec: do not inject dts=0 metadata packets which failed to be parsed into a new data stream
 - avformat/cdxl: Fix integer overflow of image_size
 - avformat/segment: Use av_freep() avoid leaving stale pointers in memory
 - avformat/mov: Fix memleaks for duplicate STCO/CO64/STSC atoms
 - mov: avoid a memleak when multiple stss boxes are presen
 version 2.4.5:
 - lavu/frame: fix malloc error path in av_frame_copy_props()
 - avformat/utils: Do not update programs streams from program-less streams in update_wrap_reference()
 - avformat/aviobuf: Check that avio_seek() target is non negative
 - swresample/soxr_resample: fix error handling
 - avformat/flvdec: fix potential use of uninitialized variables
 - avformat/matroskadec: fix handling of recursive SeekHead elements
 - doc/examples/transcoding: check encoder before using it
 - swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output
 - avformat/rmdec: Check codec_data_size
 - avformat/aviobuf: Fix infinite loop in ff_get_line()
 - vc1: Do not assume seek happens after decoding
 - mmvideo: check frame dimensions
 - jvdec: check frame dimensions
 - avcodec/indeo3: ensure offsets are non negative
 - avcodec/h264: Check *log2_weight_denom
 - avcodec/hevc_ps: Check diff_cu_qp_delta_depth
 - avcodec/h264: Clear delayed_pic on deallocation
 - avcodec/hevc: clear filter_slice_edges() on allocation
 - avcodec/dcadec: Check that the added xch channel isnt already there
 - avcodec/indeo3: use signed variables to avoid underflow
 - swscale: increase yuv2rgb table headroom
 - avformat/mov: fix integer overflow of size
 - avformat/mov: check atom nesting depth
 - avcodec/utvideodec: Fix handling of slice_height=0
 - avcodec/vmdvideo: Check len before using it in method 3
 - avformat/flvdec: Use av_freep() avoid leaving stale pointers in memory
 - avformat/hdsenc: Use av_freep() avoid leaving stale pointers in memory
 - configure: create the tests directory like the doc directory
 - v4l2: Make use of the VIDIOC_ENUM_FRAMESIZES ioctl on OpenBSD
 - avcodec/motion_est: use 2x8x8 for interlaced qpel
 - Treat all '*.pnm' files as non-text file
 version 2.4.4:
 - avformat: replace some odd 30-60 rates by higher less odd ones in  get_std_framerate()
 - swscale: fix yuv2yuvX_8 assembly on x86
 - avcodec/hevc_ps: Check num_long_term_ref_pics_sps
 - avcodec/mjpegdec: Fix integer overflow in shift
 - avcodec/hevc_ps: Check return code from pps_range_extensions()
 - avcodec/rawdec: Check the return code of avpicture_get_size()
 - avcodec/pngdec: Check IHDR/IDAT order
 - avcodec/flacdec: Call ff_flacdsp_init() unconditionally
 - avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata()
 - avcodec/mjpegdec: Fix context fields becoming inconsistent
 - avcodec/mjpegdec: Check for pixfmtid 0x42111100 || 0x24111100 with more than 8 bits
 - swscale/x86/rgb2rgb_template: handle the first 2 lines with C in rgb24toyv12_*()
 - doc/APIchanges: Fix some wrong versions
 - avformat/hlsenc: Free context after hls_append_segment
 - avcodec/mpeg4video_parser: fix spurious extradata parse warnings
 - lavu/opt: fix av_opt_get function
 - avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization
 - avcodec/utvideodec: fix assumtation that slice_height >= 1
 - avcodec/options_table fix min of audio channels and sample rate
 - libavutil/thread.h: Support OS/2 threads
 - fix Makefile objects for pulseaudio support
 - opusdec: make sure all substreams have the same number of coded samples
 - lavu: add wrappers for the pthreads mutex API
 - avformat/avidec: fix handling dv in avi
 - avfilter/vf_lut: gammaval709()
 - cinedec: report white balance gain coefficients using metadata
 - swscale/utils: support bayer input + scaling, and bayer input + any supported output
 - swscale: support internal scaler cascades
 - avformat/dtsdec: dts_probe: check reserved bit, check lfe, check sr_code similarity
 - avformat/segment: export inner muxer timebase
 - Remove fminf() emulation, fix build issues
 - avcodec/mpegaudio_parser: fix off by 1 error in bitrate calculation
 - Use -fno-optimize-sibling-calls on parisc also for gcc 4.9.
 - ffmpeg_opt: store canvas size in decoder context
 - avcodec/mpeg12dec: do not trust AVCodecContext input dimensions
 version 2.4.3:
 - avcodec/svq1dec: zero terminate embedded message before printing
 - avcodec/cook: check that the subpacket sizes fit in block_align
 - avcodec/g2meet: check tile dimensions to avoid integer overflow
 - avcodec/utils: Align dimensions by at least their chroma sub-sampling factors.
 - avcodec/dnxhddec: treat pix_fmt like width/height
 - avcodec/dxa: check dimensions
 - avcodec/dirac_arith: fix integer overflow
 - avcodec/diracdec: Tighter checks on CODEBLOCKS_X/Y
 - avcodec/diracdec: Use 64bit in calculation of codeblock coordinates
 - avcodec/sgidec: fix count check
 - avcodec/sgidec: fix linesize for 16bit
 - avcodec/hevc_ps: Check default display window bitstream and skip if invalid
 - avcodec/tiffenc: properly compute packet size
 - lavd: export all symbols with av_ prefix
 - avformat/mxfdec: Fix termination of mxf_data_essence_container_uls
 - postproc: fix qp count
 - postproc/postprocess: fix quant store for fq mode
 - vf_drawtext: add missing clear of pointers after av_expr_free()
 - utvideoenc: properly set slice height/last line
 - swresample: fix sample drop loop end condition
 - resample: Avoid off-by-1 errors in PTS calcs.
 - imc: fix order of operations in coefficients read
 - hevc_mvs: make sure to always initialize the temporal MV fully
 - hevc_mvs: initialize the temporal MV in case of missing reference
 version 2.4.2:
 - avcodec/on2avc: Check number of channels
 - avcodec/hevc: fix chroma transform_add size
 - avcodec/h264: Check mode before considering mixed mode intra prediction
 - avformat/mpegts: use a padded buffer in read_sl_header()
 - avformat/mpegts: Check desc_len / get8() return code
 - avcodec/vorbisdec: Fix off by 1 error in ptns_to_read
 - sdp: add support for H.261
 - avcodec/svq3: Do not memcpy AVFrame
 - avcodec/smc: fix off by 1 error
 - avcodec/qpeg: fix off by 1 error in MV bounds check
 - avcodec/gifdec: factorize interleave end handling out
 - avcodec/cinepak: fix integer underflow
 - avcodec/pngdec: Check bits per pixel before setting monoblack pixel format
 - avcodec/pngdec: Calculate MPNG bytewidth more defensively
 - avcodec/tiff: more completely check bpp/bppcount
 - avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks
 - avcodec/h263dec: Fix decoding messenger.h263
 - avcodec/utils: Add case for jv to avcodec_align_dimensions2()
 - avcodec/mjpegdec: check bits per pixel for changes similar to dimensions
 - avcodec/jpeglsdec: Check run value more completely in ls_decode_line()
 - avformat/hlsenc: export inner muxer timebase
 - configure: add noexecstack to linker options if supported.
 - avcodec/ac3enc_template: fix out of array read
 - avutil/x86/cpu: fix cpuid sub-leaf selection
 - avformat/img2dec: enable generic seeking for image pipes
 - avformat/img2dec: initialize pkt->pos for image pipes
 - avformat/img2dec: pass error code and signal EOF
 - avformat/img2dec: fix error code at EOF for pipes
 - libavutil/opt: fix av_opt_set_channel_layout() to access correct memory address
 - tests/fate-run.sh: Cat .err file in case of error with V>0
 - avformat/riffenc: Filter out "BottomUp" in ff_put_bmp_header()
 - avcodec/webp: fix default palette color 0xff000000 -> 0x00000000
 - avcodec/asvenc: fix AAN scaling
 - Fix compile error on arm4/arm5 platform
 version 2.4.1:
 - swscale: Allow chroma samples to be above and to the left of luma samples
 - avcodec/libilbc: support for latest git of libilbc
 - avcodec/webp: treat out-of-bound palette index as translucent black
 - vf_deshake: rename Transform.vector to Transform.vec to avoid compiler confusion
 - apetag: Fix APE tag size check
 - tools/crypto_bench: fix build when AV_READ_TIME is unavailable
 version 2.4:
 - Icecast protocol
 - ported lenscorrection filter from frei0r filter
 - large optimizations in dctdnoiz to make it usable
--- a/5
+++ b/5
@ -14,7 +14,6 @@ patches and related discussions.
 Project Leader
 ==============
 Michael Niedermayer
  final design decisions
@ -534,10 +533,6 @@ x86                                     Michael Niedermayer
 Releases
 ========
 2.3                                     Michael Niedermayer
 2.2                                     Michael Niedermayer
 1.2                                     Michael Niedermayer
 If you want to maintain an older release, please contact us
--- a/2
+++ b/2
@ -111,7 +111,7 @@ endef
 $(foreach P,$(PROGS),$(eval $(call DOPROG,$(P:$(PROGSSUF)$(EXESUF)=))))
-ffprobe.o cmdutils.o : libavutil/ffversion.h
+ffprobe.o cmdutils.o libavcodec/utils.o libavformat/utils.o libavdevice/avdevice.o libavfilter/avfilter.o libavutil/utils.o libpostproc/postprocess.o libswresample/swresample.o libswscale/utils.o : libavutil/ffversion.h
 $(PROGS): %$(PROGSSUF)$(EXESUF): %$(PROGSSUF)_g$(EXESUF)
 	$(CP) $< $@
--- a/2
+++ b/2
@ -1 +1 @@
-2.3.git
+2.4.13
--- a/2
+++ b/2
@ -53,6 +53,8 @@
    • API for live metadata updates through event flags.
    • UTF-16 support in text subtitles formats.
    • The ASS muxer now reorders the Dialogue events properly.
    • support for H.261 RTP payload format (RFC 4587)
    • HEVC/H.265 RTP payload format (draft v6) depacketizer
   ┌────────────────────────────┐
   │ libavfilter                │
--- a/cmdutils.c
+++ b/cmdutils.c
@ -444,7 +444,7 @@ int locate_option(int argc, char **argv, const OptionDef *options,
             (po->name && !strcmp(optname, po->name)))
            return i;
-        if (po->flags & HAS_ARG)
+        if (!po->name || po->flags & HAS_ARG)
            i++;
    }
    return 0;
@ -1857,7 +1857,7 @@ int read_yesno(void)
 int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
 {
-    int ret;
+    int64_t ret;
    FILE *f = av_fopen_utf8(filename, "rb");
    if (!f) {
@ -1865,19 +1865,31 @@ int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
               strerror(errno));
        return AVERROR(errno);
    }
-    fseek(f, 0, SEEK_END);
+
-    *size = ftell(f);
+    ret = fseek(f, 0, SEEK_END);
-    fseek(f, 0, SEEK_SET);
+    if (ret == -1) {
-    if (*size == (size_t)-1) {
+        ret = AVERROR(errno);
-        av_log(NULL, AV_LOG_ERROR, "IO error: %s\n", strerror(errno));
+        goto out;
        fclose(f);
        return AVERROR(errno);
    }
    ret = ftell(f);
    if (ret < 0) {
        ret = AVERROR(errno);
        goto out;
    }
    *size = ret;
    ret = fseek(f, 0, SEEK_SET);
    if (ret == -1) {
        ret = AVERROR(errno);
        goto out;
    }
    *bufptr = av_malloc(*size + 1);
    if (!*bufptr) {
        av_log(NULL, AV_LOG_ERROR, "Could not allocate file buffer\n");
-        fclose(f);
+        ret = AVERROR(ENOMEM);
-        return AVERROR(ENOMEM);
+        goto out;
    }
    ret = fread(*bufptr, 1, *size, f);
    if (ret < *size) {
@ -1893,6 +1905,8 @@ int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
        (*bufptr)[(*size)++] = '\0';
    }
 out:
    av_log(NULL, AV_LOG_ERROR, "IO error: %s\n", av_err2str(ret));
    fclose(f);
    return ret;
 }
--- a/cmdutils_opencl.c
+++ b/cmdutils_opencl.c
@ -22,6 +22,7 @@
 #include "libavutil/time.h"
 #include "libavutil/log.h"
 #include "libavutil/opencl.h"
 #include "libavutil/avstring.h"
 #include "cmdutils.h"
 typedef struct {
@ -238,7 +239,8 @@ int opt_opencl_bench(void *optctx, const char *opt, const char *arg)
                devices[count].platform_idx = i;
                devices[count].device_idx = j;
                devices[count].runtime = score;
-                strcpy(devices[count].device_name, device_node->device_name);
+                av_strlcpy(devices[count].device_name, device_node->device_name,
                           sizeof(devices[count].device_name));
                count++;
            }
        }
--- a/25
+++ b/25
@ -1620,7 +1620,6 @@ HEADERS_LIST="
    asm_types_h
    cdio_paranoia_h
    cdio_paranoia_paranoia_h
    CL_cl_h
    dev_bktr_ioctl_bt848_h
    dev_bktr_ioctl_meteor_h
    dev_ic_bt8xx_h
@ -1668,7 +1667,6 @@ MATH_FUNCS="
    exp2
    exp2f
    expf
    fminf
    isinf
    isnan
    ldexpf
@ -1744,6 +1742,7 @@ SYSTEM_FUNCS="
 TOOLCHAIN_FEATURES="
    as_dn_directive
    as_func
    as_object_arch
    asm_mod_q
    attribute_may_alias
    attribute_packed
@ -3934,6 +3933,9 @@ case "$arch" in
    ;;
    x86)
        check_64bit x86_32 x86_64 'sizeof(void *) > 4'
        # Treat x32 as x64 for now. Note it also needs spic=$shared
        test "$subarch" = "x86_32" && check_cpp_condition stddef.h 'defined(__x86_64__)' &&
            subarch=x86_64
        if test "$subarch" = "x86_64"; then
            spic=$shared
        fi
@ -4121,11 +4123,10 @@ case $target_os in
        SLIBNAME_WITH_VERSION='$(SLIBPREF)$(NAME)-$(LIBVERSION)$(SLIBSUF)'
        SLIBNAME_WITH_MAJOR='$(SLIBPREF)$(shell echo $(NAME) | cut -c1-6)$(LIBMAJOR)$(SLIBSUF)'
        SLIB_CREATE_DEF_CMD='echo LIBRARY $(SLIBNAME_WITH_MAJOR) INITINSTANCE TERMINSTANCE > $(SUBDIR)$(NAME).def; \
            echo PROTMODE >> $(SUBDIR)$(NAME).def; \
            echo CODE PRELOAD MOVEABLE DISCARDABLE >> $(SUBDIR)$(NAME).def; \
            echo DATA PRELOAD MOVEABLE MULTIPLE NONSHARED >> $(SUBDIR)$(NAME).def; \
            echo EXPORTS >> $(SUBDIR)$(NAME).def; \
-            emxexp -o $(OBJS) >> $(SUBDIR)$(NAME).def'
+            emxexp $(OBJS) >> $(SUBDIR)$(NAME).def'
        SLIB_EXTRA_CMD='emximp -o $(SUBDIR)$(LIBPREF)$(NAME)_dll.a $(SUBDIR)$(NAME).def; \
            emximp -o $(SUBDIR)$(LIBPREF)$(NAME)_dll.lib $(SUBDIR)$(NAME).def;'
        SLIB_INSTALL_EXTRA_LIB='$(LIBPREF)$(NAME)_dll.a $(LIBPREF)$(NAME)_dll.lib'
@ -4423,6 +4424,11 @@ if enabled_any arm aarch64 || enabled_all ppc altivec && enabled asm; then
    check_as <<EOF && enable as_func
 .func test
 .endfunc
 EOF
    # llvm's integrated assembler supports .object_arch from llvm 3.5
    enabled arm && test "$objformat" = elf && check_as <<EOF && enable as_object_arch
 .object_arch armv4
 EOF
 fi
@ -4500,7 +4506,7 @@ elif enabled parisc; then
    if enabled gcc; then
        case $($cc -dumpversion) in
-            4.[3-8].*) check_cflags -fno-optimize-sibling-calls ;;
+            4.[3-9].*) check_cflags -fno-optimize-sibling-calls ;;
        esac
    fi
@ -4608,6 +4614,7 @@ fi
 check_code cc arm_neon.h "int16x8_t test = vdupq_n_s16(0)" && enable intrinsics_neon
 check_ldflags -Wl,--as-needed
 check_ldflags -Wl,-z,noexecstack
 if check_func dlopen; then
    ldl=
@ -4707,7 +4714,6 @@ check_func_headers glob.h glob
 enabled xlib &&
    check_func_headers "X11/Xlib.h X11/extensions/Xvlib.h" XvGetPortAttribute -lXv -lX11 -lXext
 check_header cl/cl.h
 check_header direct.h
 check_header dlfcn.h
 check_header dxva.h
@ -4781,7 +4787,6 @@ disabled crystalhd || check_lib libcrystalhd/libcrystalhd_if.h DtsCrystalHDVersi
 atan2f_args=2
 ldexpf_args=2
 powf_args=2
 fminf_args=2
 for func in $MATH_FUNCS; do
    eval check_mathfunc $func \${${func}_args:-1}
@ -4942,6 +4947,7 @@ check_header linux/videodev2.h
 check_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_safe struct_v4l2_frmivalenum_discrete
 check_header sys/videoio.h
 check_code cc sys/videoio.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_safe struct_v4l2_frmivalenum_discrete
 check_func_headers "windows.h vfw.h" capCreateCaptureWindow "$vfwcap_indev_extralibs"
 # check that WM_CAP_DRIVER_CONNECT is defined to the proper value
@ -4981,7 +4987,7 @@ enabled_any sndio_indev sndio_outdev && check_lib2 sndio.h sio_open -lsndio
 if enabled libcdio; then
    check_lib2 "cdio/cdda.h cdio/paranoia.h" cdio_cddap_open -lcdio_paranoia -lcdio_cdda -lcdio ||
    check_lib2 "cdio/paranoia/cdda.h cdio/paranoia/paranoia.h" cdio_cddap_open -lcdio_paranoia -lcdio_cdda -lcdio ||
-    die "ERROR: libcdio-paranoia not found"
+    die "ERROR: No usable libcdio/cdparanoia found"
 fi
 enabled xlib &&
@ -5597,7 +5603,7 @@ cat > $TMPH <<EOF
 #define FFMPEG_CONFIG_H
 #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
 #define FFMPEG_LICENSE "$(c_escape $license)"
-#define CONFIG_THIS_YEAR 2014
+#define CONFIG_THIS_YEAR 2016
 #define FFMPEG_DATADIR "$(eval c_escape $datadir)"
 #define AVCONV_DATADIR "$(eval c_escape $datadir)"
 #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"
@ -5625,6 +5631,7 @@ enabled getenv || echo "#define getenv(x) NULL" >> $TMPH
 mkdir -p doc
 mkdir -p tests
 echo "@c auto-generated by configure" > doc/config.texi
 print_config ARCH_   "$config_files" $ARCH_LIST
--- a/doc/APIchanges
+++ b/doc/APIchanges
@ -148,7 +148,7 @@ API changes, most recent first:
  Increase FF_INPUT_BUFFER_PADDING_SIZE to 32 due to some corner cases needing
  it
-2014-06-10 - xxxxxxx - lavf 55.43.100 - avformat.h
+2014-06-10 - 5482780 - lavf 55.43.100 - avformat.h
  New field int64_t max_analyze_duration2 instead of deprecated
  int max_analyze_duration.
@ -172,7 +172,7 @@ API changes, most recent first:
  Add strict_std_compliance and related AVOptions to support experimental
  muxing.
-2014-05-26 - xxxxxxx - lavu 52.87.100 - threadmessage.h
+2014-05-26 - 55cc60c - lavu 52.87.100 - threadmessage.h
  Add thread message queue API.
 2014-05-26 - c37d179 - lavf 55.41.100 - avformat.h
@ -182,7 +182,7 @@ API changes, most recent first:
  Add av_stream_get_side_data() to access stream-level side data
  in the same way as av_packet_get_side_data().
-2014-05-xx - xxxxxxx - lavu 52.86.100 - fifo.h
+2014-05-20 - 7336e39 - lavu 52.86.100 - fifo.h
  Add av_fifo_alloc_array() function.
 2014-05-19 - ef1d4ee / bddd8cb - lavu 52.85.100 / 53.15.0 - frame.h, display.h
@ -214,10 +214,10 @@ API changes, most recent first:
 2014-05-11 - 14aef38 / 66e6c8a - lavu 52.83.100 / 53.14.0 - pixfmt.h
  Add AV_PIX_FMT_VDA for new-style VDA acceleration.
-2014-05-xx - xxxxxxx - lavu 52.82.0 - fifo.h
+2014-05-07 - 351f611 - lavu 52.82.100 - fifo.h
  Add av_fifo_freep() function.
-2014-05-02 - ba52fb11 - lavu 52.81.0 - opt.h
+2014-05-02 - ba52fb11 - lavu 52.81.100 - opt.h
  Add av_opt_set_dict2() function.
 2014-05-01 - e77b985 / a2941c8 - lavc 55.60.103 / 55.50.3 - avcodec.h
@ -236,10 +236,14 @@ API changes, most recent first:
  Deprecate CODEC_FLAG_INPUT_PRESERVED. Its functionality is replaced by passing
  reference-counted frames to encoders.
 2014-04-30 - 617e866 - lavu 52.81.100 - pixdesc.h
  Add av_find_best_pix_fmt_of_2(), av_get_pix_fmt_loss()
  Deprecate avcodec_get_pix_fmt_loss(), avcodec_find_best_pix_fmt_of_2()
 2014-04-29 - 1bf6396 - lavc 55.60.100 - avcodec.h
  Add AVCodecDescriptor.mime_types field.
-2014-04-29 - xxxxxxx - lavu 52.80.0 - hash.h
+2014-04-29 - b804eb4 - lavu 52.80.100 - hash.h
  Add av_hash_final_bin(), av_hash_final_hex() and av_hash_final_b64().
 2014-03-07 - 8b2a130 - lavc 55.50.0 / 55.53.100 - dxva2.h
@ -251,7 +255,7 @@ API changes, most recent first:
 2014-04-17 - a8d01a7 / 0983d48 - lavu 53.12.0 / 52.77.100 - crc.h
  Add AV_CRC_16_ANSI_LE crc variant.
-2014-04-XX - xxxxxxx - lavf xx.xx.1xx - avformat.h
+2014-04-15 - ef818d8 - lavf 55.37.101 - avformat.h
  Add av_format_inject_global_side_data()
 2014-04-12 - 4f698be - lavu 52.76.100 - log.h
@ -331,7 +335,7 @@ API changes, most recent first:
 2014-02-19 - f4c8d00 / 6bb8720 - lavu 52.64.101 / 53.3.1 - opt.h
  Deprecate unused AV_OPT_FLAG_METADATA.
-2014-02-xx - xxxxxxx - lavd 55.10.100 - avdevice.h
+2014-02-16 - 81c3f81 - lavd 55.10.100 - avdevice.h
  Add avdevice_list_devices() and avdevice_free_list_devices()
 2014-02-16 - db3c970 - lavf 55.33.100 - avio.h
@ -372,7 +376,7 @@ API changes, most recent first:
 2014-01-19 - 1a193c4 - lavf 55.25.100 - avformat.h
  Add avformat_get_mov_video_tags() and avformat_get_mov_audio_tags().
-2014-01-19 - xxxxxxx - lavu 52.63.100 - rational.h
+2014-01-19 - 3532dd5 - lavu 52.63.100 - rational.h
  Add av_make_q() function.
 2014-01-05 - 4cf4da9 / 5b4797a - lavu 52.62.100 / 53.2.0 - frame.h
--- a/doc/Doxyfile
+++ b/doc/Doxyfile
@ -31,7 +31,7 @@ PROJECT_NAME           = FFmpeg
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
-PROJECT_NUMBER         =
+PROJECT_NUMBER         = 2.4.13
 # With the PROJECT_LOGO tag one can specify a logo or icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55
--- a/doc/demuxers.texi
+++ b/doc/demuxers.texi
@ -339,6 +339,23 @@ ffmpeg -framerate 10 -pattern_type glob -i "*.png" out.mkv
@end example
@end itemize
@section mov/mp4/3gp/Quicktme
 Quicktime / MP4 demuxer.
 This demuxer accepts the following options:
@table @option
@item enable_drefs
 Enable loading of external tracks, disabled by default.
 Enabling this can theoretically leak information in some use cases.
@item use_absolute_path
 Allows loading of external tracks via absolute paths, disabled by default.
 Enabling this poses a security risk. It should only be enabled if the source
 is known to be non malicious.
@end table
@section mpegts
 MPEG-2 transport stream demuxer.
--- a/doc/examples/Makefile
+++ b/doc/examples/Makefile
@ -29,6 +29,7 @@ OBJS=$(addsuffix .o,$(EXAMPLES))
 # the following examples make explicit use of the math library
 avcodec:           LDLIBS += -lm
 decoding_encoding: LDLIBS += -lm
 muxing:            LDLIBS += -lm
 resampling_audio:  LDLIBS += -lm
--- a/doc/examples/resampling_audio.c
+++ b/doc/examples/resampling_audio.c
@ -199,8 +199,7 @@ int main(int argc, char **argv)
            fmt, dst_ch_layout, dst_nb_channels, dst_rate, dst_filename);
 end:
-    if (dst_file)
+    fclose(dst_file);
        fclose(dst_file);
    if (src_data)
        av_freep(&src_data[0]);
--- a/doc/examples/scaling_video.c
+++ b/doc/examples/scaling_video.c
@ -132,8 +132,7 @@ int main(int argc, char **argv)
           av_get_pix_fmt_name(dst_pix_fmt), dst_w, dst_h, dst_filename);
 end:
-    if (dst_file)
+    fclose(dst_file);
        fclose(dst_file);
    av_freep(&src_data[0]);
    av_freep(&dst_data[0]);
    sws_freeContext(sws_ctx);
--- a/doc/examples/transcoding.c
+++ b/doc/examples/transcoding.c
@ -116,6 +116,10 @@ static int open_output_file(const char *filename)
                || dec_ctx->codec_type == AVMEDIA_TYPE_AUDIO) {
            /* in this example, we choose transcoding to same codec */
            encoder = avcodec_find_encoder(dec_ctx->codec_id);
            if (!encoder) {
                av_log(NULL, AV_LOG_FATAL, "Neccessary encoder not found\n");
                return AVERROR_INVALIDDATA;
            }
            /* In this example, we transcode to same properties (picture size,
             * sample rate etc.). These properties can be changed for output
--- a/doc/faq.texi
+++ b/doc/faq.texi
@ -298,7 +298,7 @@ FFmpeg has a @url{http://ffmpeg.org/ffmpeg-protocols.html#concat,
@code{concat}} protocol designed specifically for that, with examples in the
 documentation.
-A few multimedia containers (MPEG-1, MPEG-2 PS, DV) allow to concatenate
+A few multimedia containers (MPEG-1, MPEG-2 PS, DV) allow one to concatenate
 video by merely concatenating the files containing them.
 Hence you may concatenate your multimedia files by first transcoding them to
--- a/doc/ffserver.texi
+++ b/doc/ffserver.texi
@ -71,7 +71,7 @@ the HTTP server (configured through the @option{HTTPPort} option), and
 configuration file.
 Each feed is associated to a file which is stored on disk. This stored
-file is used to allow to send pre-recorded data to a player as fast as
+file is used to send pre-recorded data to a player as fast as
 possible when new content is added in real-time to the stream.
 A "live-stream" or "stream" is a resource published by
--- a/doc/fftools-common-opts.texi
+++ b/doc/fftools-common-opts.texi
@ -234,10 +234,14 @@ Possible flags for this option are:
@item sse4.1
@item sse4.2
@item avx
@item avx2
@item xop
@item fma3
@item fma4
@item 3dnow
@item 3dnowext
@item bmi1
@item bmi2
@item cmov
@end table
@item ARM
@ -248,6 +252,13 @@ Possible flags for this option are:
@item vfp
@item vfpv3
@item neon
@item setend
@end table
@item AArch64
@table @samp
@item armv8
@item vfp
@item neon
@end table
@item PowerPC
@table @samp
--- a/doc/filters.texi
+++ b/doc/filters.texi
@ -3389,7 +3389,7 @@ Set number overlapping pixels for each block. Since the filter can be slow, you
 may want to reduce this value, at the cost of a less effective filter and the
 risk of various artefacts.
-If the overlapping value doesn't allow to process the whole input width or
+If the overlapping value doesn't permit processing the whole input width or
 height, a warning will be displayed and according borders won't be denoised.
 Default value is @var{blocksize}-1, which is the best possible setting.
@ -4146,7 +4146,7 @@ within the parameter list.
@item
 Show the text at the center of the video frame:
@example
-drawtext="fontsize=30:fontfile=FreeSerif.ttf:text='hello world':x=(w-text_w)/2:y=(h-text_h-line_h)/2"
+drawtext="fontsize=30:fontfile=FreeSerif.ttf:text='hello world':x=(w-text_w)/2:y=(h-text_h)/2"
@end example
@item
--- a/doc/formats.texi
+++ b/doc/formats.texi
@ -23,7 +23,7 @@ Reduce buffering.
@item probesize @var{integer} (@emph{input})
 Set probing size in bytes, i.e. the size of the data to analyze to get
-stream information. A higher value will allow to detect more
+stream information. A higher value will enable detecting more
 information in case it is dispersed into the stream, but will increase
 latency. Must be an integer not lesser than 32. It is 5000000 by default.
@ -63,7 +63,7 @@ Default is 0.
@item analyzeduration @var{integer} (@emph{input})
 Specify how many microseconds are analyzed to probe the input. A
-higher value will allow to detect more accurate information, but will
+higher value will enable detecting more accurate information, but will
 increase latency. It defaults to 5,000,000 microseconds = 5 seconds.
@item cryptokey @var{hexadecimal string} (@emph{input})
--- a/doc/general.texi
+++ b/doc/general.texi
@ -935,8 +935,8 @@ following image formats are supported:
@item Musepack SV8           @tab     @tab  X
@item Nellymoser Asao        @tab  X  @tab  X
@item On2 AVC (Audio for Video Codec) @tab     @tab  X
-@item Opus                   @tab  E  @tab  E
+@item Opus                   @tab  E  @tab  X
-    @tab supported through external library libopus
+    @tab encoding supported through external library libopus
@item PCM A-law              @tab  X  @tab  X
@item PCM mu-law             @tab  X  @tab  X
@item PCM signed 8-bit planar  @tab  X  @tab  X
--- a/doc/indevs.texi
+++ b/doc/indevs.texi
@ -1,7 +1,7 @@
@chapter Input Devices
@c man begin INPUT DEVICES
-Input devices are configured elements in FFmpeg which allow to access
+Input devices are configured elements in FFmpeg which enable accessing
 the data coming from a multimedia device attached to your system.
 When you configure your FFmpeg build, all the supported input devices
--- a/doc/platform.texi
+++ b/doc/platform.texi
@ -135,8 +135,6 @@ You will need the following prerequisites:
 (if using MSVC 2012 or earlier)
@item @uref{http://www.mingw.org/, MSYS}
@item @uref{http://yasm.tortall.net/, YASM}
@item @uref{http://gnuwin32.sourceforge.net/packages/bc.htm, bc for Windows} if
 you want to run @uref{fate.html, FATE}.
@end itemize
 To set up a proper environment in MSYS, you need to run @code{msys.bat} from
@ -283,7 +281,7 @@ binutils, gcc4-core, make, git, mingw-runtime, texinfo
 In order to run FATE you will also need the following "Utils" packages:
@example
-bc, diffutils
+diffutils
@end example
 If you want to build FFmpeg with additional libraries, download Cygwin
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@ -1081,8 +1081,8 @@ Set raise error timeout, expressed in microseconds.
 This option is only relevant in read mode: if no data arrived in more
 than this time interval, raise error.
-@item listen_timeout=@var{microseconds}
+@item listen_timeout=@var{milliseconds}
-Set listen timeout, expressed in microseconds.
+Set listen timeout, expressed in milliseconds.
@end table
 The following example shows how to setup a listening TCP connection
--- a/doc/t2h.pm
+++ b/doc/t2h.pm
@ -14,9 +14,9 @@
 # FFmpeg is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
+# General Public License for more details.
 #
-# You should have received a copy of the GNU Lesser General Public
+# You should have received a copy of the GNU General Public
 # License along with FFmpeg; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
--- a/doc/utils.texi
+++ b/doc/utils.texi
@ -844,7 +844,7 @@ Return 1.0 if @var{x} is +/-INFINITY, 0.0 otherwise.
 Return 1.0 if @var{x} is NAN, 0.0 otherwise.
@item ld(var)
-Allow to load the value of the internal variable with number
+Load the value of the internal variable with number
@var{var}, which was previously stored with st(@var{var}, @var{expr}).
 The function returns the loaded value.
@ -912,7 +912,7 @@ Compute the square root of @var{expr}. This is equivalent to
 Compute expression @code{1/(1 + exp(4*x))}.
@item st(var, expr)
-Allow to store the value of the expression @var{expr} in an internal
+Store the value of the expression @var{expr} in an internal
 variable. @var{var} specifies the number of the variable where to
 store the value, and it is a value ranging from 0 to 9. The function
 returns the value stored in the internal variable.
--- a/ffmpeg.c
+++ b/ffmpeg.c
@ -352,7 +352,6 @@ void term_init(void)
        signal(SIGQUIT, sigterm_handler); /* Quit (POSIX).  */
    }
 #endif
    avformat_network_deinit();
    signal(SIGINT , sigterm_handler); /* Interrupt (ANSI).    */
    signal(SIGTERM, sigterm_handler); /* Termination (ANSI).  */
@ -467,7 +466,12 @@ static void ffmpeg_cleanup(int ret)
    }
    for (i = 0; i < nb_output_streams; i++) {
        OutputStream *ost = output_streams[i];
-        AVBitStreamFilterContext *bsfc = ost->bitstream_filters;
+        AVBitStreamFilterContext *bsfc;
        if (!ost)
            continue;
        bsfc = ost->bitstream_filters;
        while (bsfc) {
            AVBitStreamFilterContext *next = bsfc->next;
            av_bitstream_filter_close(bsfc);
@ -587,7 +591,7 @@ static void close_all_output_streams(OutputStream *ost, OSTFinished this_stream,
 static void write_frame(AVFormatContext *s, AVPacket *pkt, OutputStream *ost)
 {
    AVBitStreamFilterContext *bsfc = ost->bitstream_filters;
-    AVCodecContext          *avctx = ost->st->codec;
+    AVCodecContext          *avctx = ost->encoding_needed ? ost->enc_ctx : ost->st->codec;
    int ret;
    if (!ost->st->codec->extradata_size && ost->enc_ctx->extradata_size) {
@ -646,6 +650,7 @@ static void write_frame(AVFormatContext *s, AVPacket *pkt, OutputStream *ost)
            if (!new_pkt.buf)
                exit_program(1);
        } else if (a < 0) {
            new_pkt = *pkt;
            av_log(NULL, AV_LOG_ERROR, "Failed to open bitstream filter %s for stream %d with codec %s",
                   bsfc->filter->name, pkt->stream_index,
                   avctx->codec ? avctx->codec->name : "copy");
@ -978,10 +983,8 @@ static void do_video_out(AVFormatContext *s,
        /* raw pictures are written as AVPicture structure to
           avoid any copies. We support temporarily the older
           method. */
-        mux_enc->coded_frame->interlaced_frame = in_picture->interlaced_frame;
+        if (in_picture->interlaced_frame)
-        mux_enc->coded_frame->top_field_first  = in_picture->top_field_first;
+            mux_enc->field_order = in_picture->top_field_first ? AV_FIELD_TB:AV_FIELD_BT;
        if (mux_enc->coded_frame->interlaced_frame)
            mux_enc->field_order = mux_enc->coded_frame->top_field_first ? AV_FIELD_TB:AV_FIELD_BT;
        else
            mux_enc->field_order = AV_FIELD_PROGRESSIVE;
        pkt.data   = (uint8_t *)in_picture;
@ -1684,17 +1687,21 @@ static void do_streamcopy(InputStream *ist, OutputStream *ost, const AVPacket *p
    opkt.duration = av_rescale_q(pkt->duration, ist->st->time_base, ost->st->time_base);
    opkt.flags    = pkt->flags;
    // FIXME remove the following 2 lines they shall be replaced by the bitstream filters
-    if (  ost->enc_ctx->codec_id != AV_CODEC_ID_H264
+    if (  ost->st->codec->codec_id != AV_CODEC_ID_H264
-       && ost->enc_ctx->codec_id != AV_CODEC_ID_MPEG1VIDEO
+       && ost->st->codec->codec_id != AV_CODEC_ID_MPEG1VIDEO
-       && ost->enc_ctx->codec_id != AV_CODEC_ID_MPEG2VIDEO
+       && ost->st->codec->codec_id != AV_CODEC_ID_MPEG2VIDEO
-       && ost->enc_ctx->codec_id != AV_CODEC_ID_VC1
+       && ost->st->codec->codec_id != AV_CODEC_ID_VC1
       ) {
-        if (av_parser_change(ost->parser, ost->st->codec,
+        int ret = av_parser_change(ost->parser, ost->st->codec,
                             &opkt.data, &opkt.size,
                             pkt->data, pkt->size,
-                             pkt->flags & AV_PKT_FLAG_KEY)) {
+                             pkt->flags & AV_PKT_FLAG_KEY);
        if (ret < 0) {
            av_log(NULL, AV_LOG_FATAL, "av_parser_change failed\n");
            exit_program(1);
        }
        if (ret) {
            opkt.buf = av_buffer_create(opkt.data, opkt.size, av_buffer_default_free, NULL, 0);
            if (!opkt.buf)
                exit_program(1);
@ -1705,9 +1712,15 @@ static void do_streamcopy(InputStream *ist, OutputStream *ost, const AVPacket *p
    }
    av_copy_packet_side_data(&opkt, pkt);
-    if (ost->st->codec->codec_type == AVMEDIA_TYPE_VIDEO && (of->ctx->oformat->flags & AVFMT_RAWPICTURE)) {
+    if (ost->st->codec->codec_type == AVMEDIA_TYPE_VIDEO &&
        ost->st->codec->codec_id == AV_CODEC_ID_RAWVIDEO &&
        (of->ctx->oformat->flags & AVFMT_RAWPICTURE)) {
        /* store AVPicture in AVPacket, as expected by the output format */
-        avpicture_fill(&pict, opkt.data, ost->st->codec->pix_fmt, ost->st->codec->width, ost->st->codec->height);
+        int ret = avpicture_fill(&pict, opkt.data, ost->st->codec->pix_fmt, ost->st->codec->width, ost->st->codec->height);
        if (ret < 0) {
            av_log(NULL, AV_LOG_FATAL, "avpicture_fill failed\n");
            exit_program(1);
        }
        opkt.data = (uint8_t *)&pict;
        opkt.size = sizeof(AVPicture);
        opkt.flags |= AV_PKT_FLAG_KEY;
@ -2463,7 +2476,7 @@ static int transcode_init(void)
    AVFormatContext *oc;
    OutputStream *ost;
    InputStream *ist;
-    char error[1024];
+    char error[1024] = {0};
    int want_sdp = 1;
    for (i = 0; i < nb_filtergraphs; i++) {
@ -2515,7 +2528,7 @@ static int transcode_init(void)
        if (ost->attachment_filename)
            continue;
-        enc_ctx = ost->enc_ctx;
+        enc_ctx = ost->stream_copy ? ost->st->codec : ost->enc_ctx;
        if (ist) {
            dec_ctx = ist->dec_ctx;
@ -2562,11 +2575,13 @@ static int transcode_init(void)
            enc_ctx->rc_max_rate    = dec_ctx->rc_max_rate;
            enc_ctx->rc_buffer_size = dec_ctx->rc_buffer_size;
            enc_ctx->field_order    = dec_ctx->field_order;
-            enc_ctx->extradata      = av_mallocz(extra_size);
+            if (dec_ctx->extradata_size) {
-            if (!enc_ctx->extradata) {
+                enc_ctx->extradata      = av_mallocz(extra_size);
-                return AVERROR(ENOMEM);
+                if (!enc_ctx->extradata) {
                    return AVERROR(ENOMEM);
                }
                memcpy(enc_ctx->extradata, dec_ctx->extradata, dec_ctx->extradata_size);
            }
            memcpy(enc_ctx->extradata, dec_ctx->extradata, dec_ctx->extradata_size);
            enc_ctx->extradata_size= dec_ctx->extradata_size;
            enc_ctx->bits_per_coded_sample  = dec_ctx->bits_per_coded_sample;
@ -2881,24 +2896,26 @@ static int transcode_init(void)
            if (ost->enc_ctx->bit_rate && ost->enc_ctx->bit_rate < 1000)
                av_log(NULL, AV_LOG_WARNING, "The bitrate parameter is set too low."
                                             " It takes bits/s as argument, not kbits/s\n");
            ret = avcodec_copy_context(ost->st->codec, ost->enc_ctx);
            if (ret < 0) {
                av_log(NULL, AV_LOG_FATAL,
                       "Error initializing the output stream codec context.\n");
                exit_program(1);
            }
            // copy timebase while removing common factors
            ost->st->time_base = av_add_q(ost->enc_ctx->time_base, (AVRational){0, 1});
            ost->st->codec->codec= ost->enc_ctx->codec;
        } else {
            if (av_opt_set_dict(ost->enc_ctx, &ost->encoder_opts) < 0) {
                av_log(NULL, AV_LOG_FATAL,
                    "Error setting up codec context options.\n");
                exit_program(1);
            }
            // copy timebase while removing common factors
            ost->st->time_base = av_add_q(ost->st->codec->time_base, (AVRational){0, 1});
        }
        ret = avcodec_copy_context(ost->st->codec, ost->enc_ctx);
        if (ret < 0) {
            av_log(NULL, AV_LOG_FATAL,
                   "Error initializing the output stream codec context.\n");
            exit_program(1);
        }
        ost->st->codec->codec= ost->enc_ctx->codec;
        // copy timebase while removing common factors
        ost->st->time_base = av_add_q(ost->enc_ctx->time_base, (AVRational){0, 1});
    }
    /* init input streams */
--- a/ffmpeg_opt.c
+++ b/ffmpeg_opt.c
@ -702,7 +702,7 @@ static void add_input_streams(OptionsContext *o, AVFormatContext *ic)
            MATCH_PER_STREAM_OPT(fix_sub_duration, i, ist->fix_sub_duration, ic, st);
            MATCH_PER_STREAM_OPT(canvas_sizes, str, canvas_size, ic, st);
            if (canvas_size &&
-                av_parse_video_size(&dec->width, &dec->height, canvas_size) < 0) {
+                av_parse_video_size(&ist->dec_ctx->width, &ist->dec_ctx->height, canvas_size) < 0) {
                av_log(NULL, AV_LOG_FATAL, "Invalid canvas size: %s.\n", canvas_size);
                exit_program(1);
            }
@ -1977,8 +1977,8 @@ loop_end:
        ost->stream_copy               = 0;
        ost->attachment_filename       = o->attachments[i];
        ost->finished                  = 1;
-        ost->enc_ctx->extradata      = attachment;
+        ost->st->codec->extradata      = attachment;
-        ost->enc_ctx->extradata_size = len;
+        ost->st->codec->extradata_size = len;
        p = strrchr(o->attachments[i], '/');
        av_dict_set(&ost->st->metadata, "filename", (p && *p) ? p + 1 : o->attachments[i], AV_DICT_DONT_OVERWRITE);
@ -2224,9 +2224,9 @@ static int opt_target(void *optctx, const char *opt, const char *arg)
        opt_default(NULL, "g", norm == PAL ? "15" : "18");
        opt_default(NULL, "b:v", "1150000");
-        opt_default(NULL, "maxrate", "1150000");
+        opt_default(NULL, "maxrate:v", "1150000");
-        opt_default(NULL, "minrate", "1150000");
+        opt_default(NULL, "minrate:v", "1150000");
-        opt_default(NULL, "bufsize", "327680"); // 40*1024*8;
+        opt_default(NULL, "bufsize:v", "327680"); // 40*1024*8;
        opt_default(NULL, "b:a", "224000");
        parse_option(o, "ar", "44100", options);
@ -2253,9 +2253,9 @@ static int opt_target(void *optctx, const char *opt, const char *arg)
        opt_default(NULL, "g", norm == PAL ? "15" : "18");
        opt_default(NULL, "b:v", "2040000");
-        opt_default(NULL, "maxrate", "2516000");
+        opt_default(NULL, "maxrate:v", "2516000");
-        opt_default(NULL, "minrate", "0"); // 1145000;
+        opt_default(NULL, "minrate:v", "0"); // 1145000;
-        opt_default(NULL, "bufsize", "1835008"); // 224*1024*8;
+        opt_default(NULL, "bufsize:v", "1835008"); // 224*1024*8;
        opt_default(NULL, "scan_offset", "1");
        opt_default(NULL, "b:a", "224000");
@ -2275,9 +2275,9 @@ static int opt_target(void *optctx, const char *opt, const char *arg)
        opt_default(NULL, "g", norm == PAL ? "15" : "18");
        opt_default(NULL, "b:v", "6000000");
-        opt_default(NULL, "maxrate", "9000000");
+        opt_default(NULL, "maxrate:v", "9000000");
-        opt_default(NULL, "minrate", "0"); // 1500000;
+        opt_default(NULL, "minrate:v", "0"); // 1500000;
-        opt_default(NULL, "bufsize", "1835008"); // 224*1024*8;
+        opt_default(NULL, "bufsize:v", "1835008"); // 224*1024*8;
        opt_default(NULL, "packetsize", "2048");  // from www.mpucoder.com: DVD sectors contain 2048 bytes of data, this is also the size of one pack.
        opt_default(NULL, "muxrate", "10080000"); // from mplex project: data_rate = 1260000. mux_rate = data_rate * 8
@ -2321,6 +2321,9 @@ static int opt_vstats(void *optctx, const char *opt, const char *arg)
    time_t today2 = time(NULL);
    struct tm *today = localtime(&today2);
    if (!today)
        return AVERROR(errno);
    snprintf(filename, sizeof(filename), "vstats_%02d%02d%02d.log", today->tm_hour, today->tm_min,
             today->tm_sec);
    return opt_vstats_file(NULL, opt, filename);
@ -2801,7 +2804,7 @@ const OptionDef options[] = {
    { "itsscale",       HAS_ARG | OPT_DOUBLE | OPT_SPEC |
                        OPT_EXPERT | OPT_INPUT,                      { .off = OFFSET(ts_scale) },
        "set the input ts scale", "scale" },
-    { "timestamp",      HAS_ARG | OPT_PERFILE,                       { .func_arg = opt_recording_timestamp },
+    { "timestamp",      HAS_ARG | OPT_PERFILE | OPT_OUTPUT,          { .func_arg = opt_recording_timestamp },
        "set the recording timestamp ('now' to set the current time)", "time" },
    { "metadata",       HAS_ARG | OPT_STRING | OPT_SPEC | OPT_OUTPUT, { .off = OFFSET(metadata) },
        "add metadata", "string=string" },
--- a/ffmpeg_vda.c
+++ b/ffmpeg_vda.c
@ -77,6 +77,8 @@ static int vda_retrieve_data(AVCodecContext *s, AVFrame *frame)
                  frame->width, frame->height);
    ret = av_frame_copy_props(vda->tmp_frame, frame);
    CVPixelBufferUnlockBaseAddress(pixbuf, kCVPixelBufferLock_ReadOnly);
    if (ret < 0)
        return ret;
--- a/libavcodec/012v.c
+++ b/libavcodec/012v.c
@ -38,15 +38,15 @@ static av_cold int zero12v_decode_init(AVCodecContext *avctx)
 static int zero12v_decode_frame(AVCodecContext *avctx, void *data,
                                int *got_frame, AVPacket *avpkt)
 {
-    int line = 0, ret;
+    int line, ret;
    const int width = avctx->width;
    AVFrame *pic = data;
    uint16_t *y, *u, *v;
    const uint8_t *line_end, *src = avpkt->data;
    int stride = avctx->width * 8 / 3;
-    if (width == 1) {
+    if (width <= 1 || avctx->height <= 0) {
-        av_log(avctx, AV_LOG_ERROR, "Width 1 not supported.\n");
+        av_log(avctx, AV_LOG_ERROR, "Dimensions %dx%d not supported.\n", width, avctx->height);
        return AVERROR_INVALIDDATA;
    }
@ -67,45 +67,45 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data,
    pic->pict_type = AV_PICTURE_TYPE_I;
    pic->key_frame = 1;
    y = (uint16_t *)pic->data[0];
    u = (uint16_t *)pic->data[1];
    v = (uint16_t *)pic->data[2];
    line_end = avpkt->data + stride;
    for (line = 0; line < avctx->height; line++) {
        uint16_t y_temp[6] = {0x8000, 0x8000, 0x8000, 0x8000, 0x8000, 0x8000};
        uint16_t u_temp[3] = {0x8000, 0x8000, 0x8000};
        uint16_t v_temp[3] = {0x8000, 0x8000, 0x8000};
        int x;
        y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]);
        u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
        v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
-    while (line++ < avctx->height) {
+        for (x = 0; x < width; x += 6) {
-        while (1) {
+            uint32_t t;
-            uint32_t t = AV_RL32(src);
+
            if (width - x < 6 || line_end - src < 16) {
                y = y_temp;
                u = u_temp;
                v = v_temp;
            }
            if (line_end - src < 4)
                break;
            t = AV_RL32(src);
            src += 4;
            *u++ = t <<  6 & 0xFFC0;
            *y++ = t >>  4 & 0xFFC0;
            *v++ = t >> 14 & 0xFFC0;
-            if (src >= line_end - 1) {
+            if (line_end - src < 4)
                *y = 0x80;
                src++;
                line_end += stride;
                y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]);
                u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
                v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
                break;
            }
            t = AV_RL32(src);
            src += 4;
            *y++ = t <<  6 & 0xFFC0;
            *u++ = t >>  4 & 0xFFC0;
            *y++ = t >> 14 & 0xFFC0;
-            if (src >= line_end - 2) {
+
-                if (!(width & 1)) {
+            if (line_end - src < 4)
                    *y = 0x80;
                    src += 2;
                }
                line_end += stride;
                y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]);
                u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
                v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
                break;
            }
            t = AV_RL32(src);
            src += 4;
@ -113,15 +113,8 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data,
            *y++ = t >>  4 & 0xFFC0;
            *u++ = t >> 14 & 0xFFC0;
-            if (src >= line_end - 1) {
+            if (line_end - src < 4)
                *y = 0x80;
                src++;
                line_end += stride;
                y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]);
                u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
                v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
                break;
            }
            t = AV_RL32(src);
            src += 4;
@ -129,18 +122,21 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data,
            *v++ = t >>  4 & 0xFFC0;
            *y++ = t >> 14 & 0xFFC0;
-            if (src >= line_end - 2) {
+            if (width - x < 6)
                if (width & 1) {
                    *y = 0x80;
                    src += 2;
                }
                line_end += stride;
                y = (uint16_t *)(pic->data[0] + line * pic->linesize[0]);
                u = (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
                v = (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
                break;
            }
        }
        if (x < width) {
            y = x   + (uint16_t *)(pic->data[0] + line * pic->linesize[0]);
            u = x/2 + (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
            v = x/2 + (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
            memcpy(y, y_temp, sizeof(*y) * (width - x));
            memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2);
            memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2);
        }
        line_end += stride;
        src = line_end - stride;
    }
    *got_frame = 1;
--- a/libavcodec/Makefile
+++ b/libavcodec/Makefile
@ -206,7 +206,7 @@ OBJS-$(CONFIG_DVVIDEO_DECODER)         += dvdec.o dv.o dvdata.o
 OBJS-$(CONFIG_DVVIDEO_ENCODER)         += dvenc.o dv.o dvdata.o
 OBJS-$(CONFIG_DXA_DECODER)             += dxa.o
 OBJS-$(CONFIG_DXTORY_DECODER)          += dxtory.o
-OBJS-$(CONFIG_EAC3_DECODER)            += eac3dec.o eac3_data.o
+OBJS-$(CONFIG_EAC3_DECODER)            += eac3_data.o
 OBJS-$(CONFIG_EAC3_ENCODER)            += eac3enc.o eac3_data.o
 OBJS-$(CONFIG_EACMV_DECODER)           += eacmv.o
 OBJS-$(CONFIG_EAMAD_DECODER)           += eamad.o eaidct.o mpeg12.o \
@ -651,7 +651,7 @@ OBJS-$(CONFIG_VAAPI)                      += vaapi.o
 OBJS-$(CONFIG_VDA)                        += vda.o
 OBJS-$(CONFIG_VDPAU)                      += vdpau.o
-OBJS-$(CONFIG_H263_VAAPI_HWACCEL)         += vaapi_mpeg4.o vaapi_mpeg.o
+OBJS-$(CONFIG_H263_VAAPI_HWACCEL)         += vaapi_mpeg4.o
 OBJS-$(CONFIG_H263_VDPAU_HWACCEL)         += vdpau_mpeg4.o
 OBJS-$(CONFIG_H264_DXVA2_HWACCEL)         += dxva2_h264.o
 OBJS-$(CONFIG_H264_VAAPI_HWACCEL)         += vaapi_h264.o
@ -660,13 +660,13 @@ OBJS-$(CONFIG_H264_VDPAU_HWACCEL)         += vdpau_h264.o
 OBJS-$(CONFIG_MPEG1_VDPAU_HWACCEL)        += vdpau_mpeg12.o
 OBJS-$(CONFIG_MPEG1_XVMC_HWACCEL)         += mpegvideo_xvmc.o
 OBJS-$(CONFIG_MPEG2_DXVA2_HWACCEL)        += dxva2_mpeg2.o
-OBJS-$(CONFIG_MPEG2_VAAPI_HWACCEL)        += vaapi_mpeg2.o vaapi_mpeg.o
+OBJS-$(CONFIG_MPEG2_VAAPI_HWACCEL)        += vaapi_mpeg2.o
 OBJS-$(CONFIG_MPEG2_VDPAU_HWACCEL)        += vdpau_mpeg12.o
 OBJS-$(CONFIG_MPEG2_XVMC_HWACCEL)         += mpegvideo_xvmc.o
-OBJS-$(CONFIG_MPEG4_VAAPI_HWACCEL)        += vaapi_mpeg4.o vaapi_mpeg.o
+OBJS-$(CONFIG_MPEG4_VAAPI_HWACCEL)        += vaapi_mpeg4.o
 OBJS-$(CONFIG_MPEG4_VDPAU_HWACCEL)        += vdpau_mpeg4.o
 OBJS-$(CONFIG_VC1_DXVA2_HWACCEL)          += dxva2_vc1.o
-OBJS-$(CONFIG_VC1_VAAPI_HWACCEL)          += vaapi_vc1.o vaapi_mpeg.o
+OBJS-$(CONFIG_VC1_VAAPI_HWACCEL)          += vaapi_vc1.o
 OBJS-$(CONFIG_VC1_VDPAU_HWACCEL)          += vdpau_vc1.o
 # libavformat dependencies
--- a/libavcodec/a64multienc.c
+++ b/libavcodec/a64multienc.c
@ -28,6 +28,7 @@
 #include "a64tables.h"
 #include "elbg.h"
 #include "internal.h"
 #include "libavutil/avassert.h"
 #include "libavutil/common.h"
 #include "libavutil/intreadwrite.h"
@ -65,7 +66,7 @@ static const int mc_colors[5]={0x0,0xb,0xc,0xf,0x1};
 //static const int mc_colors[5]={0x0,0x8,0xa,0xf,0x7};
 //static const int mc_colors[5]={0x0,0x9,0x8,0xa,0x3};
-static void to_meta_with_crop(AVCodecContext *avctx, AVFrame *p, int *dest)
+static void to_meta_with_crop(AVCodecContext *avctx, const AVFrame *p, int *dest)
 {
    int blockx, blocky, x, y;
    int luma = 0;
@ -78,9 +79,13 @@ static void to_meta_with_crop(AVCodecContext *avctx, AVFrame *p, int *dest)
            for (y = blocky; y < blocky + 8 && y < C64YRES; y++) {
                for (x = blockx; x < blockx + 8 && x < C64XRES; x += 2) {
                    if(x < width && y < height) {
-                        /* build average over 2 pixels */
+                        if (x + 1 < width) {
-                        luma = (src[(x + 0 + y * p->linesize[0])] +
+                            /* build average over 2 pixels */
-                                src[(x + 1 + y * p->linesize[0])]) / 2;
+                            luma = (src[(x + 0 + y * p->linesize[0])] +
                                    src[(x + 1 + y * p->linesize[0])]) / 2;
                        } else {
                            luma = src[(x + y * p->linesize[0])];
                        }
                        /* write blocks as linear data now so they are suitable for elbg */
                        dest[0] = luma;
                    }
@ -186,7 +191,6 @@ static void render_charset(AVCodecContext *avctx, uint8_t *charset,
 static av_cold int a64multi_close_encoder(AVCodecContext *avctx)
 {
    A64Context *c = avctx->priv_data;
    av_frame_free(&avctx->coded_frame);
    av_freep(&c->mc_meta_charset);
    av_freep(&c->mc_best_cb);
    av_freep(&c->mc_charset);
@ -220,7 +224,7 @@ static av_cold int a64multi_encode_init(AVCodecContext *avctx)
                           a64_palette[mc_colors[a]][2] * 0.11;
    }
-    if (!(c->mc_meta_charset = av_malloc_array(c->mc_lifetime, 32000 * sizeof(int))) ||
+    if (!(c->mc_meta_charset = av_mallocz_array(c->mc_lifetime, 32000 * sizeof(int))) ||
       !(c->mc_best_cb       = av_malloc(CHARSET_CHARS * 32 * sizeof(int)))     ||
       !(c->mc_charmap       = av_mallocz_array(c->mc_lifetime, 1000 * sizeof(int))) ||
       !(c->mc_colram        = av_mallocz(CHARSET_CHARS * sizeof(uint8_t)))     ||
@ -238,14 +242,6 @@ static av_cold int a64multi_encode_init(AVCodecContext *avctx)
    AV_WB32(avctx->extradata, c->mc_lifetime);
    AV_WB32(avctx->extradata + 16, INTERLACED);
    avctx->coded_frame = av_frame_alloc();
    if (!avctx->coded_frame) {
        a64multi_close_encoder(avctx);
        return AVERROR(ENOMEM);
    }
    avctx->coded_frame->pict_type = AV_PICTURE_TYPE_I;
    avctx->coded_frame->key_frame = 1;
    if (!avctx->codec_tag)
         avctx->codec_tag = AV_RL32("a64m");
@ -270,10 +266,9 @@ static void a64_compress_colram(unsigned char *buf, int *charmap, uint8_t *colra
 }
 static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
-                                 const AVFrame *pict, int *got_packet)
+                                 const AVFrame *p, int *got_packet)
 {
    A64Context *c = avctx->priv_data;
    AVFrame *const p = avctx->coded_frame;
    int frame;
    int x, y;
@ -304,7 +299,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
    }
    /* no data, means end encoding asap */
-    if (!pict) {
+    if (!p) {
        /* all done, end encoding */
        if (!c->mc_lifetime) return 0;
        /* no more frames in queue, prepare to flush remaining frames */
@ -317,13 +312,10 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
    } else {
        /* fill up mc_meta_charset with data until lifetime exceeds */
        if (c->mc_frame_counter < c->mc_lifetime) {
            *p = *pict;
            p->pict_type = AV_PICTURE_TYPE_I;
            p->key_frame = 1;
            to_meta_with_crop(avctx, p, meta + 32000 * c->mc_frame_counter);
            c->mc_frame_counter++;
            if (c->next_pts == AV_NOPTS_VALUE)
-                c->next_pts = pict->pts;
+                c->next_pts = p->pts;
            /* lifetime is not reached so wait for next frame first */
            return 0;
        }
@ -334,8 +326,8 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
        req_size = 0;
        /* any frames to encode? */
        if (c->mc_lifetime) {
-            req_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
+            int alloc_size = charset_size + c->mc_lifetime*(screen_size + colram_size);
-            if ((ret = ff_alloc_packet2(avctx, pkt, req_size)) < 0)
+            if ((ret = ff_alloc_packet2(avctx, pkt, alloc_size)) < 0)
                return ret;
            buf = pkt->data;
@ -351,6 +343,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
            /* advance pointers */
            buf      += charset_size;
            req_size += charset_size;
        }
        /* write x frames to buf */
@ -387,6 +380,7 @@ static int a64multi_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
        pkt->pts = pkt->dts = c->next_pts;
        c->next_pts         = AV_NOPTS_VALUE;
        av_assert0(pkt->size >= req_size);
        pkt->size   = req_size;
        pkt->flags |= AV_PKT_FLAG_KEY;
        *got_packet = !!req_size;
--- a/libavcodec/aaccoder.c
+++ b/libavcodec/aaccoder.c
@ -691,7 +691,7 @@ static void search_for_quantizers_anmr(AVCodecContext *avctx, AACEncContext *s,
    }
    while (idx) {
        sce->sf_idx[bandaddr[idx]] = minq + q0;
-        minq = paths[idx][minq].prev;
+        minq = FFMAX(paths[idx][minq].prev, 0);
        idx--;
    }
    //set the same quantizers inside window groups
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@ -425,7 +425,7 @@ static uint64_t sniff_channel_order(uint8_t (*layout_map)[3], int tags)
 * Save current output configuration if and only if it has been locked.
 */
 static void push_output_configuration(AACContext *ac) {
-    if (ac->oc[1].status == OC_LOCKED) {
+    if (ac->oc[1].status == OC_LOCKED || ac->oc[0].status == OC_NONE) {
        ac->oc[0] = ac->oc[1];
    }
    ac->oc[1].status = OC_NONE;
@ -881,7 +881,7 @@ static int decode_eld_specific_config(AACContext *ac, AVCodecContext *avctx,
        if (len == 15 + 255)
            len += get_bits(gb, 16);
        if (get_bits_left(gb) < len * 8 + 4) {
-            av_log(ac->avctx, AV_LOG_ERROR, overread_err);
+            av_log(avctx, AV_LOG_ERROR, overread_err);
            return AVERROR_INVALIDDATA;
        }
        skip_bits_long(gb, 8 * len);
@ -3021,6 +3021,12 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
            AV_WL32(side, 2*AV_RL32(side));
    }
    if (!ac->frame->data[0] && samples) {
        av_log(avctx, AV_LOG_ERROR, "no frame data found\n");
        err = AVERROR_INVALIDDATA;
        goto fail;
    }
    *got_frame_ptr = !!samples;
    if (samples) {
        ac->frame->nb_samples = samples;
@ -3090,7 +3096,7 @@ static int aac_decode_frame(AVCodecContext *avctx, void *data,
    if (INT_MAX / 8 <= buf_size)
        return AVERROR_INVALIDDATA;
-    if ((err = init_get_bits(&gb, buf, buf_size * 8)) < 0)
+    if ((err = init_get_bits8(&gb, buf, buf_size)) < 0)
        return err;
    switch (ac->oc[1].m4ac.object_type) {
--- a/libavcodec/aacenc.c
+++ b/libavcodec/aacenc.c
@ -165,7 +165,7 @@ static void put_audio_specific_config(AVCodecContext *avctx)
    PutBitContext pb;
    AACEncContext *s = avctx->priv_data;
-    init_put_bits(&pb, avctx->extradata, avctx->extradata_size*8);
+    init_put_bits(&pb, avctx->extradata, avctx->extradata_size);
    put_bits(&pb, 5, 2); //object type - AAC-LC
    put_bits(&pb, 4, s->samplerate_index); //sample rate index
    put_bits(&pb, 4, s->channels);
@ -746,10 +746,10 @@ static av_cold int aac_encode_init(AVCodecContext *avctx)
    s->chan_map = aac_chan_configs[s->channels-1];
-    if (ret = dsp_init(avctx, s))
+    if ((ret = dsp_init(avctx, s)) < 0)
        goto fail;
-    if (ret = alloc_buffers(avctx, s))
+    if ((ret = alloc_buffers(avctx, s)) < 0)
        goto fail;
    avctx->extradata_size = 5;
@ -761,7 +761,8 @@ static av_cold int aac_encode_init(AVCodecContext *avctx)
    lengths[1] = ff_aac_num_swb_128[i];
    for (i = 0; i < s->chan_map[0]; i++)
        grouping[i] = s->chan_map[i + 1] == TYPE_CPE;
-    if (ret = ff_psy_init(&s->psy, avctx, 2, sizes, lengths, s->chan_map[0], grouping))
+    if ((ret = ff_psy_init(&s->psy, avctx, 2, sizes, lengths,
                           s->chan_map[0], grouping)) < 0)
        goto fail;
    s->psypp = ff_psy_preprocess_init(avctx);
    s->coder = &ff_aac_coders[s->options.aac_coder];
--- a/libavcodec/aacpsy.c
+++ b/libavcodec/aacpsy.c
@ -313,7 +313,7 @@ static av_cold int psy_3gpp_init(FFPsyContext *ctx) {
    ctx->bitres.size   = 6144 - pctx->frame_bits;
    ctx->bitres.size  -= ctx->bitres.size % 8;
    pctx->fill_level   = ctx->bitres.size;
-    minath = ath(3410, ATH_ADD);
+    minath = ath(3410 - 0.733 * ATH_ADD, ATH_ADD);
    for (j = 0; j < 2; j++) {
        AacPsyCoeffs *coeffs = pctx->psy_coef[j];
        const uint8_t *band_sizes = ctx->bands[j];
@ -727,7 +727,10 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel,
                    if (active_lines > 0.0f)
                        band->thr = calc_reduced_thr_3gpp(band, coeffs[g].min_snr, reduction);
                    pe += calc_pe_3gpp(band);
-                    band->norm_fac = band->active_lines / band->thr;
+                    if (band->thr > 0.0f)
                        band->norm_fac = band->active_lines / band->thr;
                    else
                        band->norm_fac = 0.0f;
                    norm_fac += band->norm_fac;
                }
            }
--- a/libavcodec/aacsbr.c
+++ b/libavcodec/aacsbr.c
@ -514,7 +514,7 @@ static int sbr_make_f_master(AACContext *ac, SpectralBandReplication *sbr,
 /// High Frequency Generation - Patch Construction (14496-3 sp04 p216 fig. 4.46)
 static int sbr_hf_calc_npatches(AACContext *ac, SpectralBandReplication *sbr)
 {
-    int i, k, sb = 0;
+    int i, k, last_k = -1, last_msb = -1, sb = 0;
    int msb = sbr->k[0];
    int usb = sbr->kx[1];
    int goal_sb = ((1000 << 11) + (sbr->sample_rate >> 1)) / sbr->sample_rate;
@ -528,6 +528,12 @@ static int sbr_hf_calc_npatches(AACContext *ac, SpectralBandReplication *sbr)
    do {
        int odd = 0;
        if (k == last_k && msb == last_msb) {
            av_log(ac->avctx, AV_LOG_ERROR, "patch construction failed\n");
            return AVERROR_INVALIDDATA;
        }
        last_k = k;
        last_msb = msb;
        for (i = k; i == k || sb > (sbr->k[0] - 1 + msb - odd); i--) {
            sb = sbr->f_master[i];
            odd = (sb + sbr->k[0]) & 1;
@ -556,7 +562,8 @@ static int sbr_hf_calc_npatches(AACContext *ac, SpectralBandReplication *sbr)
            k = sbr->n_master;
    } while (sb != sbr->kx[1] + sbr->m[1]);
-    if (sbr->num_patches > 1 && sbr->patch_num_subbands[sbr->num_patches-1] < 3)
+    if (sbr->num_patches > 1 &&
        sbr->patch_num_subbands[sbr->num_patches - 1] < 3)
        sbr->num_patches--;
    return 0;
@ -1011,6 +1018,8 @@ static unsigned int read_sbr_data(AACContext *ac, SpectralBandReplication *sbr,
 {
    unsigned int cnt = get_bits_count(gb);
    sbr->id_aac = id_aac;
    if (id_aac == TYPE_SCE || id_aac == TYPE_CCE) {
        if (read_sbr_single_channel_element(ac, sbr, gb)) {
            sbr_turnoff(sbr);
@ -1681,6 +1690,12 @@ void ff_sbr_apply(AACContext *ac, SpectralBandReplication *sbr, int id_aac,
    int nch = (id_aac == TYPE_CPE) ? 2 : 1;
    int err;
    if (id_aac != sbr->id_aac) {
        av_log(ac->avctx, AV_LOG_ERROR,
            "element type mismatch %d != %d\n", id_aac, sbr->id_aac);
        sbr_turnoff(sbr);
    }
    if (!sbr->kx_and_m_pushed) {
        sbr->kx[0] = sbr->kx[1];
        sbr->m[0] = sbr->m[1];
@ -1704,6 +1719,7 @@ void ff_sbr_apply(AACContext *ac, SpectralBandReplication *sbr, int id_aac,
            sbr->c.sbr_hf_inverse_filter(&sbr->dsp, sbr->alpha0, sbr->alpha1,
                                         (const float (*)[40][2]) sbr->X_low, sbr->k[0]);
            sbr_chirp(sbr, &sbr->data[ch]);
            av_assert0(sbr->data[ch].bs_num_env > 0);
            sbr_hf_gen(ac, sbr, sbr->X_high,
                       (const float (*)[40][2]) sbr->X_low,
                       (const float (*)[2]) sbr->alpha0,
--- a/libavcodec/aarch64/h264dsp_init_aarch64.c
+++ b/libavcodec/aarch64/h264dsp_init_aarch64.c
@ -78,6 +78,7 @@ av_cold void ff_h264dsp_init_aarch64(H264DSPContext *c, const int bit_depth,
        c->h264_v_loop_filter_luma   = ff_h264_v_loop_filter_luma_neon;
        c->h264_h_loop_filter_luma   = ff_h264_h_loop_filter_luma_neon;
        c->h264_v_loop_filter_chroma = ff_h264_v_loop_filter_chroma_neon;
        if (chroma_format_idc <= 1)
        c->h264_h_loop_filter_chroma = ff_h264_h_loop_filter_chroma_neon;
        c->weight_h264_pixels_tab[0] = ff_weight_h264_pixels_16_neon;
--- a/libavcodec/aasc.c
+++ b/libavcodec/aasc.c
@ -137,7 +137,7 @@ static int aasc_decode_frame(AVCodecContext *avctx,
        return ret;
    /* report that the buffer was completely consumed */
-    return buf_size;
+    return avpkt->size;
 }
 static av_cold int aasc_decode_end(AVCodecContext *avctx)
--- a/libavcodec/ac3.c
+++ b/libavcodec/ac3.c
@ -131,6 +131,9 @@ int ff_ac3_bit_alloc_calc_mask(AC3BitAllocParameters *s, int16_t *band_psd,
    int band_start, band_end, begin, end1;
    int lowcomp, fastleak, slowleak;
    if (end <= 0)
        return AVERROR_INVALIDDATA;
    /* excitation function */
    band_start = ff_ac3_bin_to_band_tab[start];
    band_end   = ff_ac3_bin_to_band_tab[end-1] + 1;
--- a/libavcodec/ac3dec.c
+++ b/libavcodec/ac3dec.c
@ -872,7 +872,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
                start_subband += start_subband - 7;
            end_subband    = get_bits(gbc, 3) + 5;
 #if USE_FIXED
-            s->spx_dst_end_freq = end_freq_inv_tab[end_subband];
+            s->spx_dst_end_freq = end_freq_inv_tab[end_subband-5];
 #endif
            if (end_subband   > 7)
                end_subband   += end_subband   - 7;
@ -939,7 +939,7 @@ static int decode_audio_block(AC3DecodeContext *s, int blk)
                            nblend = 0;
                            sblend = 0x800000;
                        } else if (nratio > 0x7fffff) {
-                            nblend = 0x800000;
+                            nblend = 14529495; // sqrt(3) in FP.23
                            sblend = 0;
                        } else {
                            nblend = fixed_sqrt(nratio, 23);
--- a/libavcodec/ac3dec.h
+++ b/libavcodec/ac3dec.h
@ -243,19 +243,19 @@ typedef struct AC3DecodeContext {
 * Parse the E-AC-3 frame header.
 * This parses both the bit stream info and audio frame header.
 */
-int ff_eac3_parse_header(AC3DecodeContext *s);
+static int ff_eac3_parse_header(AC3DecodeContext *s);
 /**
 * Decode mantissas in a single channel for the entire frame.
 * This is used when AHT mode is enabled.
 */
-void ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch);
+static void ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch);
 /**
 * Apply spectral extension to each channel by copying lower frequency
 * coefficients to higher frequency bins and applying side information to
 * approximate the original high frequency signal.
 */
-void ff_eac3_apply_spectral_extension(AC3DecodeContext *s);
+static void ff_eac3_apply_spectral_extension(AC3DecodeContext *s);
 #endif /* AVCODEC_AC3DEC_H */
--- a/libavcodec/ac3dec_fixed.c
+++ b/libavcodec/ac3dec_fixed.c
@ -164,6 +164,7 @@ static void ac3_downmix_c_fixed16(int16_t **samples, int16_t (*matrix)[2],
    }
 }
 #include "eac3dec.c"
 #include "ac3dec.c"
 static const AVOption options[] = {
--- a/libavcodec/ac3dec_float.c
+++ b/libavcodec/ac3dec_float.c
@ -28,6 +28,7 @@
 * Upmix delay samples from stereo to original channel layout.
 */
 #include "ac3dec.h"
 #include "eac3dec.c"
 #include "ac3dec.c"
 static const AVOption options[] = {
--- a/libavcodec/ac3enc_template.c
+++ b/libavcodec/ac3enc_template.c
@ -263,7 +263,7 @@ static void apply_channel_coupling(AC3EncodeContext *s)
                energy_cpl = energy[blk][CPL_CH][bnd];
                energy_ch = energy[blk][ch][bnd];
                blk1 = blk+1;
-                while (!s->blocks[blk1].new_cpl_coords[ch] && blk1 < s->num_blocks) {
+                while (blk1 < s->num_blocks && !s->blocks[blk1].new_cpl_coords[ch]) {
                    if (s->blocks[blk1].cpl_in_use) {
                        energy_cpl += energy[blk1][CPL_CH][bnd];
                        energy_ch += energy[blk1][ch][bnd];
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@ -574,6 +574,8 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb,
    case AV_CODEC_ID_ADPCM_IMA_DK4:
        if (avctx->block_align > 0)
            buf_size = FFMIN(buf_size, avctx->block_align);
        if (buf_size < 4 * ch)
            return AVERROR_INVALIDDATA;
        nb_samples = 1 + (buf_size - 4 * ch) * 2 / ch;
        break;
    case AV_CODEC_ID_ADPCM_IMA_RAD:
@ -587,13 +589,15 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb,
        int bsamples = ff_adpcm_ima_block_samples[avctx->bits_per_coded_sample - 2];
        if (avctx->block_align > 0)
            buf_size = FFMIN(buf_size, avctx->block_align);
        if (buf_size < 4 * ch)
            return AVERROR_INVALIDDATA;
        nb_samples = 1 + (buf_size - 4 * ch) / (bsize * ch) * bsamples;
        break;
    }
    case AV_CODEC_ID_ADPCM_MS:
        if (avctx->block_align > 0)
            buf_size = FFMIN(buf_size, avctx->block_align);
-        nb_samples = 2 + (buf_size - 7 * ch) * 2 / ch;
+        nb_samples = (buf_size - 6 * ch) * 2 / ch;
        break;
    case AV_CODEC_ID_ADPCM_SBPRO_2:
    case AV_CODEC_ID_ADPCM_SBPRO_3:
@ -606,6 +610,8 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb,
        case AV_CODEC_ID_ADPCM_SBPRO_4: samples_per_byte = 2; break;
        }
        if (!s->status[0].step_index) {
            if (buf_size < ch)
                return AVERROR_INVALIDDATA;
            nb_samples++;
            buf_size -= ch;
        }
@ -1524,6 +1530,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
    *got_frame_ptr = 1;
    if (avpkt->size < bytestream2_tell(&gb)) {
        av_log(avctx, AV_LOG_ERROR, "Overread of %d < %d\n", avpkt->size, bytestream2_tell(&gb));
        return avpkt->size;
    }
    return bytestream2_tell(&gb);
 }
--- a/libavcodec/adpcmenc.c
+++ b/libavcodec/adpcmenc.c
@ -541,7 +541,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
    case AV_CODEC_ID_ADPCM_IMA_QT:
    {
        PutBitContext pb;
-        init_put_bits(&pb, dst, pkt_size * 8);
+        init_put_bits(&pb, dst, pkt_size);
        for (ch = 0; ch < avctx->channels; ch++) {
            ADPCMChannelStatus *status = &c->status[ch];
@ -571,7 +571,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
    case AV_CODEC_ID_ADPCM_SWF:
    {
        PutBitContext pb;
-        init_put_bits(&pb, dst, pkt_size * 8);
+        init_put_bits(&pb, dst, pkt_size);
        n = frame->nb_samples - 1;
--- a/libavcodec/aic.c
+++ b/libavcodec/aic.c
@ -438,8 +438,8 @@ static av_cold int aic_decode_init(AVCodecContext *avctx)
    ctx->mb_width  = FFALIGN(avctx->width,  16) >> 4;
    ctx->mb_height = FFALIGN(avctx->height, 16) >> 4;
-    ctx->num_x_slices = 16;
+    ctx->num_x_slices = (ctx->mb_width + 15) >> 4;
-    ctx->slice_width  = ctx->mb_width / 16;
+    ctx->slice_width  = 16;
    for (i = 1; i < 32; i++) {
        if (!(ctx->mb_width % i) && (ctx->mb_width / i < 32)) {
            ctx->slice_width  = ctx->mb_width / i;
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@ -316,6 +316,12 @@ static int decode_element(AVCodecContext *avctx, AVFrame *frame, int ch_index,
        int lpc_quant[2];
        int rice_history_mult[2];
        if (!alac->rice_limit) {
            avpriv_request_sample(alac->avctx,
                                  "Compression with rice limit 0");
            return AVERROR(ENOSYS);
        }
        decorr_shift       = get_bits(&alac->gb, 8);
        decorr_left_weight = get_bits(&alac->gb, 8);
@ -528,6 +534,12 @@ static int allocate_buffers(ALACContext *alac)
    int ch;
    int buf_size = alac->max_samples_per_frame * sizeof(int32_t);
    for (ch = 0; ch < 2; ch++) {
        alac->predict_error_buffer[ch]  = NULL;
        alac->output_samples_buffer[ch] = NULL;
        alac->extra_bits_buffer[ch]     = NULL;
    }
    for (ch = 0; ch < FFMIN(alac->channels, 2); ch++) {
        FF_ALLOC_OR_GOTO(alac->avctx, alac->predict_error_buffer[ch],
                         buf_size, buf_alloc_fail);
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@ -357,11 +357,15 @@ static av_cold int read_specific_config(ALSDecContext *ctx)
        ctx->cs_switch = 1;
        for (i = 0; i < avctx->channels; i++) {
            sconf->chan_pos[i] = -1;
        }
        for (i = 0; i < avctx->channels; i++) {
            int idx;
            idx = get_bits(&gb, chan_pos_bits);
-            if (idx >= avctx->channels) {
+            if (idx >= avctx->channels || sconf->chan_pos[idx] != -1) {
                av_log(avctx, AV_LOG_WARNING, "Invalid channel reordering.\n");
                ctx->cs_switch = 0;
                break;
@ -678,7 +682,7 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
    if (!sconf->rlslms) {
-        if (sconf->adapt_order) {
+        if (sconf->adapt_order && sconf->max_order) {
            int opt_order_length = av_ceil_log2(av_clip((bd->block_length >> 3) - 1,
                                                2, sconf->max_order + 1));
            *bd->opt_order       = get_bits(gb, opt_order_length);
@ -1242,6 +1246,7 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
    ALSChannelData *ch = cd[c];
    unsigned int   dep = 0;
    unsigned int channels = ctx->avctx->channels;
    unsigned int channel_size = ctx->sconf.frame_length + ctx->sconf.max_order;
    if (reverted[c])
        return 0;
@ -1272,9 +1277,9 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
    bd->raw_samples = ctx->raw_samples[c] + offset;
    for (dep = 0; !ch[dep].stop_flag; dep++) {
-        unsigned int smp;
+        ptrdiff_t smp;
-        unsigned int begin = 1;
+        ptrdiff_t begin = 1;
-        unsigned int end   = bd->block_length - 1;
+        ptrdiff_t end   = bd->block_length - 1;
        int64_t y;
        int32_t *master = ctx->raw_samples[ch[dep].master_channel] + offset;
@ -1286,11 +1291,28 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
            if (ch[dep].time_diff_sign) {
                t      = -t;
                if (begin < t) {
                    av_log(ctx->avctx, AV_LOG_ERROR, "begin %td smaller than time diff index %d.\n", begin, t);
                    return AVERROR_INVALIDDATA;
                }
                begin -= t;
            } else {
                if (end < t) {
                    av_log(ctx->avctx, AV_LOG_ERROR, "end %td smaller than time diff index %d.\n", end, t);
                    return AVERROR_INVALIDDATA;
                }
                end   -= t;
            }
            if (FFMIN(begin - 1, begin - 1 + t) < ctx->raw_buffer - master ||
                FFMAX(end   + 1,   end + 1 + t) > ctx->raw_buffer + channels * channel_size - master) {
                av_log(ctx->avctx, AV_LOG_ERROR,
                       "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n",
                       master + FFMIN(begin - 1, begin - 1 + t), master + FFMAX(end + 1,   end + 1 + t),
                       ctx->raw_buffer, ctx->raw_buffer + channels * channel_size);
                return AVERROR_INVALIDDATA;
            }
            for (smp = begin; smp < end; smp++) {
                y  = (1 << 6) +
                     MUL64(ch[dep].weighting[0], master[smp - 1    ]) +
@ -1303,6 +1325,16 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
                bd->raw_samples[smp] += y >> 7;
            }
        } else {
            if (begin - 1 < ctx->raw_buffer - master ||
                end   + 1 > ctx->raw_buffer + channels * channel_size - master) {
                av_log(ctx->avctx, AV_LOG_ERROR,
                       "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n",
                       master + begin - 1, master + end + 1,
                       ctx->raw_buffer, ctx->raw_buffer + channels * channel_size);
                return AVERROR_INVALIDDATA;
            }
            for (smp = begin; smp < end; smp++) {
                y  = (1 << 6) +
                     MUL64(ch[dep].weighting[0], master[smp - 1]) +
@ -1461,6 +1493,11 @@ static int read_frame_data(ALSDecContext *ctx, unsigned int ra_frame)
    // TODO: read_diff_float_data
    if (get_bits_left(gb) < 0) {
        av_log(ctx->avctx, AV_LOG_ERROR, "Overread %d\n", -get_bits_left(gb));
        return AVERROR_INVALIDDATA;
    }
    return 0;
 }
@ -1665,6 +1702,12 @@ static av_cold int decode_init(AVCodecContext *avctx)
        avctx->sample_fmt          = sconf->resolution > 1
                                     ? AV_SAMPLE_FMT_S32 : AV_SAMPLE_FMT_S16;
        avctx->bits_per_raw_sample = (sconf->resolution + 1) * 8;
        if (avctx->bits_per_raw_sample > 32) {
            av_log(avctx, AV_LOG_ERROR, "Bits per raw sample %d larger than 32.\n",
                   avctx->bits_per_raw_sample);
            ret = AVERROR_INVALIDDATA;
            goto fail;
        }
    }
    // set maximum Rice parameter for progressive decoding based on resolution
@ -1727,9 +1770,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
    // allocate and assign channel data buffer for mcc mode
    if (sconf->mc_coding) {
-        ctx->chan_data_buffer  = av_malloc(sizeof(*ctx->chan_data_buffer) *
+        ctx->chan_data_buffer  = av_mallocz(sizeof(*ctx->chan_data_buffer) *
                                           num_buffers * num_buffers);
-        ctx->chan_data         = av_malloc(sizeof(*ctx->chan_data) *
+        ctx->chan_data         = av_mallocz(sizeof(*ctx->chan_data) *
                                           num_buffers);
        ctx->reverted_channels = av_malloc(sizeof(*ctx->reverted_channels) *
                                           num_buffers);
--- a/libavcodec/ansi.c
+++ b/libavcodec/ansi.c
@ -90,9 +90,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
    s->fg          = DEFAULT_FG_COLOR;
    s->bg          = DEFAULT_BG_COLOR;
-    if (!avctx->width || !avctx->height)
+    if (!avctx->width || !avctx->height) {
-        ff_set_dimensions(avctx, 80 << 3, 25 << 4);
+        int ret = ff_set_dimensions(avctx, 80 << 3, 25 << 4);
-
+        if (ret < 0)
            return ret;
    }
    return 0;
 }
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@ -601,14 +601,14 @@ static void decode_array_0000(APEContext *ctx, GetBitContext *gb,
    int ksummax, ksummin;
    rice->ksum = 0;
-    for (i = 0; i < 5; i++) {
+    for (i = 0; i < FFMIN(blockstodecode, 5); i++) {
        out[i] = get_rice_ook(&ctx->gb, 10);
        rice->ksum += out[i];
    }
    rice->k = av_log2(rice->ksum / 10) + 1;
    if (rice->k >= 24)
        return;
-    for (; i < 64; i++) {
+    for (; i < FFMIN(blockstodecode, 64); i++) {
        out[i] = get_rice_ook(&ctx->gb, rice->k);
        rice->ksum += out[i];
        rice->k = av_log2(rice->ksum / ((i + 1) * 2)) + 1;
@ -905,6 +905,9 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift,
    int i, j;
    int32_t dotprod, sign;
    if (order >= length)
        return;
    memset(coeffs, 0, order * sizeof(*coeffs));
    for (i = 0; i < order; i++)
        delay[i] = buffer[i];
@ -1476,13 +1479,13 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data,
                   nblocks);
            return AVERROR_INVALIDDATA;
        }
        s->samples = nblocks;
        /* Initialize the frame decoder */
        if (init_frame_decoder(s) < 0) {
            av_log(avctx, AV_LOG_ERROR, "Error reading frame header\n");
            return AVERROR_INVALIDDATA;
        }
        s->samples = nblocks;
    }
    if (!s->data) {
--- a/libavcodec/arm/h264dsp_init_arm.c
+++ b/libavcodec/arm/h264dsp_init_arm.c
@ -107,8 +107,10 @@ av_cold void ff_h264dsp_init_arm(H264DSPContext *c, const int bit_depth,
 {
    int cpu_flags = av_get_cpu_flags();
 #if HAVE_ARMV6
    if (have_setend(cpu_flags))
        c->startcode_find_candidate = ff_startcode_find_candidate_armv6;
 #endif
    if (have_neon(cpu_flags))
        h264dsp_init_neon(c, bit_depth, chroma_format_idc);
 }
--- a/libavcodec/arm/vc1dsp_init_arm.c
+++ b/libavcodec/arm/vc1dsp_init_arm.c
@ -28,8 +28,10 @@ av_cold void ff_vc1dsp_init_arm(VC1DSPContext *dsp)
 {
    int cpu_flags = av_get_cpu_flags();
 #if HAVE_ARMV6
    if (have_setend(cpu_flags))
        dsp->startcode_find_candidate = ff_startcode_find_candidate_armv6;
 #endif
    if (have_neon(cpu_flags))
        ff_vc1dsp_init_neon(dsp);
 }
--- a/libavcodec/arm/videodsp_armv5te.S
+++ b/libavcodec/arm/videodsp_armv5te.S
@ -23,9 +23,10 @@
 #include "libavutil/arm/asm.S"
 function ff_prefetch_arm, export=1
 1:
        subs            r2,  r2,  #1
        pld             [r0]
        add             r0,  r0,  r1
-        bne             X(ff_prefetch_arm)
+        bne             1b
        bx              lr
 endfunc
--- a/libavcodec/ass_split.c
+++ b/libavcodec/ass_split.c
@ -470,7 +470,7 @@ ASSStyle *ff_ass_style_get(ASSSplitContext *ctx, const char *style)
    if (!style || !*style)
        style = "Default";
    for (i=0; i<ass->styles_count; i++)
-        if (!strcmp(ass->styles[i].name, style))
+        if (ass->styles[i].name && !strcmp(ass->styles[i].name, style))
            return ass->styles + i;
    return NULL;
 }
--- a/libavcodec/asvenc.c
+++ b/libavcodec/asvenc.c
@ -26,8 +26,10 @@
 #include "libavutil/attributes.h"
 #include "libavutil/mem.h"
 #include "aandcttab.h"
 #include "asv.h"
 #include "avcodec.h"
 #include "dct.h"
 #include "fdctdsp.h"
 #include "internal.h"
 #include "mathops.h"
@ -331,8 +333,13 @@ static av_cold int encode_init(AVCodecContext *avctx)
    ((uint32_t *) avctx->extradata)[1] = av_le2ne32(AV_RL32("ASUS"));
    for (i = 0; i < 64; i++) {
-        int q = 32 * scale * ff_mpeg1_default_intra_matrix[i];
+        if (a->fdsp.fdct == ff_fdct_ifast) {
-        a->q_intra_matrix[i] = ((a->inv_qscale << 16) + q / 2) / q;
+            int q = 32LL * scale * ff_mpeg1_default_intra_matrix[i] * ff_aanscales[i];
            a->q_intra_matrix[i] = (((int64_t)a->inv_qscale << 30) + q / 2) / q;
        } else {
            int q = 32 * scale * ff_mpeg1_default_intra_matrix[i];
            a->q_intra_matrix[i] = ((a->inv_qscale << 16) + q / 2) / q;
        }
    }
    return 0;
--- a/libavcodec/atrac3plusdec.c
+++ b/libavcodec/atrac3plusdec.c
@ -381,7 +381,7 @@ static int atrac3p_decode_frame(AVCodecContext *avctx, void *data,
    *got_frame_ptr = 1;
-    return avctx->block_align;
+    return FFMIN(avctx->block_align, avpkt->size);
 }
 AVCodec ff_atrac3p_decoder = {
--- a/libavcodec/atrac3plusdsp.c
+++ b/libavcodec/atrac3plusdsp.c
@ -599,8 +599,8 @@ void ff_atrac3p_ipqf(FFTContext *dct_ctx, Atrac3pIPQFChannelCtx *hist,
                     const float *in, float *out)
 {
    int i, s, sb, t, pos_now, pos_next;
-    DECLARE_ALIGNED(32, float, idct_in)[ATRAC3P_SUBBANDS];
+    LOCAL_ALIGNED(32, float, idct_in, [ATRAC3P_SUBBANDS]);
-    DECLARE_ALIGNED(32, float, idct_out)[ATRAC3P_SUBBANDS];
+    LOCAL_ALIGNED(32, float, idct_out, [ATRAC3P_SUBBANDS]);
    memset(out, 0, ATRAC3P_FRAME_SAMPLES * sizeof(*out));
--- a/libavcodec/avs.c
+++ b/libavcodec/avs.c
@ -165,9 +165,8 @@ static av_cold int avs_decode_init(AVCodecContext * avctx)
        return AVERROR(ENOMEM);
    avctx->pix_fmt = AV_PIX_FMT_PAL8;
    ff_set_dimensions(avctx, 318, 198);
-    return 0;
+    return ff_set_dimensions(avctx, 318, 198);
 }
 static av_cold int avs_decode_end(AVCodecContext *avctx)
--- a/libavcodec/bitstream.c
+++ b/libavcodec/bitstream.c
@ -69,6 +69,8 @@ void avpriv_copy_bits(PutBitContext *pb, const uint8_t *src, int length)
    if (length == 0)
        return;
    av_assert0(length <= put_bits_left(pb));
    if (CONFIG_SMALL || words < 16 || put_bits_count(pb) & 7) {
        for (i = 0; i < words; i++)
            put_bits(pb, 16, AV_RB16(src + 2 * i));
--- a/libavcodec/bytestream.h
+++ b/libavcodec/bytestream.h
@ -71,8 +71,10 @@ static av_always_inline type bytestream2_get_ ## name ## u(GetByteContext *g)  \
 }                                                                              \
 static av_always_inline type bytestream2_get_ ## name(GetByteContext *g)       \
 {                                                                              \
-    if (g->buffer_end - g->buffer < bytes)                                     \
+    if (g->buffer_end - g->buffer < bytes) {                                   \
        g->buffer = g->buffer_end;                                             \
        return 0;                                                              \
    }                                                                          \
    return bytestream2_get_ ## name ## u(g);                                   \
 }                                                                              \
 static av_always_inline type bytestream2_peek_ ## name(GetByteContext *g)      \
--- a/libavcodec/cabac.c
+++ b/libavcodec/cabac.c
@ -51,7 +51,7 @@ void ff_init_cabac_encoder(CABACContext *c, uint8_t *buf, int buf_size){
 *
 * @param buf_size size of buf in bits
 */
-void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){
+int ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){
    c->bytestream_start=
    c->bytestream= buf;
    c->bytestream_end= buf + buf_size;
@ -64,6 +64,9 @@ void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size){
 #endif
    c->low+= ((*c->bytestream++)<<2) + 2;
    c->range= 0x1FE;
    if ((c->range<<(CABAC_BITS+1)) < c->low)
        return AVERROR_INVALIDDATA;
    return 0;
 }
 void ff_init_cabac_states(void)
--- a/libavcodec/cabac.h
+++ b/libavcodec/cabac.h
@ -56,7 +56,7 @@ typedef struct CABACContext{
 }CABACContext;
 void ff_init_cabac_encoder(CABACContext *c, uint8_t *buf, int buf_size);
-void ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size);
+int ff_init_cabac_decoder(CABACContext *c, const uint8_t *buf, int buf_size);
 void ff_init_cabac_states(void);
 #endif /* AVCODEC_CABAC_H */
--- a/libavcodec/cabac_functions.h
+++ b/libavcodec/cabac_functions.h
@ -74,7 +74,8 @@ static inline void renorm_cabac_decoder_once(CABACContext *c){
 #ifndef get_cabac_inline
 static void refill2(CABACContext *c){
-    int i, x;
+    int i;
    unsigned x;
    x= c->low ^ (c->low-1);
    i= 7 - ff_h264_norm_shift[x>>(CABAC_BITS-1)];
@ -190,7 +191,8 @@ static av_unused const uint8_t* skip_bytes(CABACContext *c, int n) {
 #endif
    if ((int) (c->bytestream_end - ptr) < n)
        return NULL;
-    ff_init_cabac_decoder(c, ptr + n, c->bytestream_end - ptr - n);
+    if (ff_init_cabac_decoder(c, ptr + n, c->bytestream_end - ptr - n) < 0)
        return NULL;
    return ptr;
 }
--- a/libavcodec/cavs.c
+++ b/libavcodec/cavs.c
@ -30,6 +30,7 @@
 #include "golomb.h"
 #include "h264chroma.h"
 #include "idctdsp.h"
 #include "internal.h"
 #include "mathops.h"
 #include "qpeldsp.h"
 #include "cavs.h"
@ -539,8 +540,8 @@ static inline void scale_mv(AVSContext *h, int *d_x, int *d_y,
 {
    int den = h->scale_den[FFMAX(src->ref, 0)];
-    *d_x = (src->x * distp * den + 256 + (src->x >> 31)) >> 9;
+    *d_x = (src->x * distp * den + 256 + FF_SIGNBIT(src->x)) >> 9;
-    *d_y = (src->y * distp * den + 256 + (src->y >> 31)) >> 9;
+    *d_y = (src->y * distp * den + 256 + FF_SIGNBIT(src->y)) >> 9;
 }
 static inline void mv_pred_median(AVSContext *h,
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@ -467,7 +467,7 @@ static inline void mv_pred_direct(AVSContext *h, cavs_vector *pmv_fw,
 {
    cavs_vector *pmv_bw = pmv_fw + MV_BWD_OFFS;
    int den = h->direct_den[col_mv->ref];
-    int m = col_mv->x >> 31;
+    int m = FF_SIGNBIT(col_mv->x);
    pmv_fw->dist = h->dist[1];
    pmv_bw->dist = h->dist[0];
@ -476,7 +476,7 @@ static inline void mv_pred_direct(AVSContext *h, cavs_vector *pmv_fw,
    /* scale the co-located motion vector according to its temporal span */
    pmv_fw->x =     (((den + (den * col_mv->x * pmv_fw->dist ^ m) - m - 1) >> 14) ^ m) - m;
    pmv_bw->x = m - (((den + (den * col_mv->x * pmv_bw->dist ^ m) - m - 1) >> 14) ^ m);
-    m = col_mv->y >> 31;
+    m = FF_SIGNBIT(col_mv->y);
    pmv_fw->y =     (((den + (den * col_mv->y * pmv_fw->dist ^ m) - m - 1) >> 14) ^ m) - m;
    pmv_bw->y = m - (((den + (den * col_mv->y * pmv_bw->dist ^ m) - m - 1) >> 14) ^ m);
 }
@ -563,6 +563,11 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb,
                return AVERROR_INVALIDDATA;
            }
            esc_code = get_ue_code(gb, esc_golomb_order);
            if (esc_code < 0 || esc_code > 32767) {
                av_log(h->avctx, AV_LOG_ERROR, "esc_code invalid\n");
                return AVERROR_INVALIDDATA;
            }
            level    = esc_code + (run > r->max_run ? 1 : r->level_add[run]);
            while (level > r->inc_limit)
                r++;
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@ -135,7 +135,7 @@ static int cinepak_decode_vectors (CinepakContext *s, cvid_strip *strip,
    const uint8_t   *eod = (data + size);
    uint32_t         flag, mask;
    uint8_t         *cb0, *cb1, *cb2, *cb3;
-    unsigned int     x, y;
+    int             x, y;
    char            *ip0, *ip1, *ip2, *ip3;
    flag = 0;
--- a/libavcodec/cook.c
+++ b/libavcodec/cook.c
@ -1058,7 +1058,7 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
    q->avctx = avctx;
    /* Take care of the codec specific extradata. */
-    if (extradata_size <= 0) {
+    if (extradata_size < 8) {
        av_log(avctx, AV_LOG_ERROR, "Necessary extradata missing!\n");
        return AVERROR_INVALIDDATA;
    }
@ -1215,8 +1215,8 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
        q->num_subpackets++;
        s++;
-        if (s > MAX_SUBPACKETS) {
+        if (s > FFMIN(MAX_SUBPACKETS, avctx->block_align)) {
-            avpriv_request_sample(avctx, "subpackets > %d", MAX_SUBPACKETS);
+            avpriv_request_sample(avctx, "subpackets > %d", FFMIN(MAX_SUBPACKETS, avctx->block_align));
            return AVERROR_PATCHWELCOME;
        }
    }
--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@ -41,8 +41,6 @@ int avpriv_dca_convert_bitstream(const uint8_t *src, int src_size, uint8_t *dst,
 {
    uint32_t mrk;
    int i, tmp;
    const uint16_t *ssrc = (const uint16_t *) src;
    uint16_t *sdst = (uint16_t *) dst;
    PutBitContext pb;
    if ((unsigned) src_size > (unsigned) max_size)
@ -54,8 +52,11 @@ int avpriv_dca_convert_bitstream(const uint8_t *src, int src_size, uint8_t *dst,
        memcpy(dst, src, src_size);
        return src_size;
    case DCA_MARKER_RAW_LE:
-        for (i = 0; i < (src_size + 1) >> 1; i++)
+        for (i = 0; i < (src_size + 1) >> 1; i++) {
-            *sdst++ = av_bswap16(*ssrc++);
+            AV_WB16(dst, AV_RL16(src));
            src += 2;
            dst += 2;
        }
        return src_size;
    case DCA_MARKER_14B_BE:
    case DCA_MARKER_14B_LE:
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@ -583,6 +583,14 @@ static int dca_parse_audio_coding_header(DCAContext *s, int base_channel,
    }
    nchans = get_bits(&s->gb, 3) + 1;
    if (xxch && nchans >= 3) {
        av_log(s->avctx, AV_LOG_ERROR, "nchans %d is too large\n", nchans);
        return AVERROR_INVALIDDATA;
    } else if (nchans + base_channel > DCA_PRIM_CHANNELS_MAX) {
        av_log(s->avctx, AV_LOG_ERROR, "channel sum %d + %d is too large\n", nchans, base_channel);
        return AVERROR_INVALIDDATA;
    }
    s->total_channels = nchans + base_channel;
    s->prim_channels  = s->total_channels;
@ -849,6 +857,10 @@ static int dca_subframe_header(DCAContext *s, int base_channel, int block_index)
    if (!base_channel) {
        s->subsubframes[s->current_subframe]    = get_bits(&s->gb, 2) + 1;
        if (block_index + s->subsubframes[s->current_subframe] > s->sample_blocks/8) {
            s->subsubframes[s->current_subframe] = 1;
            return AVERROR_INVALIDDATA;
        }
        s->partial_samples[s->current_subframe] = get_bits(&s->gb, 3);
    }
@ -1810,8 +1822,13 @@ static int dca_xbr_parse_frame(DCAContext *s)
    for(i = 0; i < num_chsets; i++) {
        n_xbr_ch[i] = get_bits(&s->gb, 3) + 1;
        k = get_bits(&s->gb, 2) + 5;
-        for(j = 0; j < n_xbr_ch[i]; j++)
+        for(j = 0; j < n_xbr_ch[i]; j++) {
            active_bands[i][j] = get_bits(&s->gb, k) + 1;
            if (active_bands[i][j] > DCA_SUBBANDS) {
                av_log(s->avctx, AV_LOG_ERROR, "too many active subbands (%d)\n", active_bands[i][j]);
                return AVERROR_INVALIDDATA;
            }
        }
    }
    /* skip to the end of the header */
@ -1853,23 +1870,34 @@ static int dca_xbr_parse_frame(DCAContext *s)
                for(i = 0; i < n_xbr_ch[chset]; i++) {
                    const uint32_t *scale_table;
                    int nbits;
                    int scale_table_size;
                    if (s->scalefactor_huffman[chan_base+i] == 6) {
                        scale_table = scale_factor_quant7;
                        scale_table_size = FF_ARRAY_ELEMS(scale_factor_quant7);
                    } else {
                        scale_table = scale_factor_quant6;
                        scale_table_size = FF_ARRAY_ELEMS(scale_factor_quant6);
                    }
                    nbits = anctemp[i];
                    for(j = 0; j < active_bands[chset][i]; j++) {
                        if(abits_high[i][j] > 0) {
-                            scale_table_high[i][j][0] =
+                            int index = get_bits(&s->gb, nbits);
-                                scale_table[get_bits(&s->gb, nbits)];
+                            if (index >= scale_table_size) {
                                av_log(s->avctx, AV_LOG_ERROR, "scale table index %d invalid\n", index);
                                return AVERROR_INVALIDDATA;
                            }
                            scale_table_high[i][j][0] = scale_table[index];
                            if(xbr_tmode && s->transition_mode[i][j]) {
-                                scale_table_high[i][j][1] =
+                                int index = get_bits(&s->gb, nbits);
-                                    scale_table[get_bits(&s->gb, nbits)];
+                                if (index >= scale_table_size) {
                                    av_log(s->avctx, AV_LOG_ERROR, "scale table index %d invalid\n", index);
                                    return AVERROR_INVALIDDATA;
                                }
                                scale_table_high[i][j][1] = scale_table[index];
                            }
                        }
                    }
@ -2359,6 +2387,10 @@ FF_ENABLE_DEPRECATION_WARNINGS
 #else
            if (s->xch_present && !s->xch_disable) {
 #endif
                if (avctx->channel_layout & AV_CH_BACK_CENTER) {
                    avpriv_request_sample(avctx, "XCh with Back center channel");
                    return AVERROR_INVALIDDATA;
                }
                avctx->channel_layout |= AV_CH_BACK_CENTER;
                if (s->lfe) {
                    avctx->channel_layout |= AV_CH_LOW_FREQUENCY;
--- a/libavcodec/dcaenc.c
+++ b/libavcodec/dcaenc.c
@ -939,6 +939,10 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
    for (i = 0; i < SUBFRAMES; i++)
        put_subframe(c, i);
    for (i = put_bits_count(&c->pb); i < 8*c->frame_size; i++)
        put_bits(&c->pb, 1, 0);
    flush_put_bits(&c->pb);
    avpkt->pts      = frame->pts;
--- a/libavcodec/dirac_arith.h
+++ b/libavcodec/dirac_arith.h
@ -171,6 +171,10 @@ static inline int dirac_get_arith_uint(DiracArith *c, int follow_ctx, int data_c
 {
    int ret = 1;
    while (!dirac_get_arith_bit(c, follow_ctx)) {
        if (ret >= 0x40000000) {
            av_log(NULL, AV_LOG_ERROR, "dirac_get_arith_uint overflow\n");
            return -1;
        }
        ret <<= 1;
        ret += dirac_get_arith_bit(c, data_ctx);
        follow_ctx = ff_dirac_next_ctx[follow_ctx];
--- a/libavcodec/dirac_parser.c
+++ b/libavcodec/dirac_parser.c
@ -100,10 +100,12 @@ typedef struct DiracParseUnit {
 static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
                             int offset)
 {
-    uint8_t *start = pc->buffer + offset;
+    int8_t *start;
-    uint8_t *end   = pc->buffer + pc->index;
+
-    if (start < pc->buffer || (start + 13 > end))
+    if (offset < 0 || pc->index - 13 < offset)
        return 0;
    start = pc->buffer + offset;
    pu->pu_type = start[4];
    pu->next_pu_offset = AV_RB32(start + 5);
@ -112,6 +114,15 @@ static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
    if (pu->pu_type == 0x10 && pu->next_pu_offset == 0)
        pu->next_pu_offset = 13;
    if (pu->next_pu_offset && pu->next_pu_offset < 13) {
        av_log(NULL, AV_LOG_ERROR, "next_pu_offset %d is invalid\n", pu->next_pu_offset);
        return 0;
    }
    if (pu->prev_pu_offset && pu->prev_pu_offset < 13) {
        av_log(NULL, AV_LOG_ERROR, "prev_pu_offset %d is invalid\n", pu->prev_pu_offset);
        return 0;
    }
    return 1;
 }
@ -123,7 +134,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx,
    DiracParseContext *pc = s->priv_data;
    if (pc->overread_index) {
-        memcpy(pc->buffer, pc->buffer + pc->overread_index,
+        memmove(pc->buffer, pc->buffer + pc->overread_index,
               pc->index - pc->overread_index);
        pc->index         -= pc->overread_index;
        pc->overread_index = 0;
@ -186,7 +197,7 @@ static int dirac_combine_frame(AVCodecParserContext *s, AVCodecContext *avctx,
        }
        /* Get the picture number to set the pts and dts*/
-        if (parse_timing_info) {
+        if (parse_timing_info && pu1.prev_pu_offset >= 13) {
            uint8_t *cur_pu = pc->buffer +
                              pc->index - 13 - pu1.prev_pu_offset;
            int pts = AV_RB32(cur_pu + 13);
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@ -612,10 +612,10 @@ static av_always_inline void decode_subband_internal(DiracContext *s, SubBand *b
    top = 0;
    for (cb_y = 0; cb_y < cb_height; cb_y++) {
-        bottom = (b->height * (cb_y+1)) / cb_height;
+        bottom = (b->height * (cb_y+1LL)) / cb_height;
        left = 0;
        for (cb_x = 0; cb_x < cb_width; cb_x++) {
-            right = (b->width * (cb_x+1)) / cb_width;
+            right = (b->width * (cb_x+1LL)) / cb_width;
            codeblock(s, b, &gb, &c, left, right, top, bottom, blockcnt_one, is_arith);
            left = right;
        }
@ -799,7 +799,10 @@ static void decode_lowdelay(DiracContext *s)
            slice_num++;
            buf     += bytes;
-            bufsize -= bytes*8;
+            if (bufsize/8 >= bytes)
                bufsize -= bytes*8;
            else
                bufsize = 0;
        }
    avctx->execute(avctx, decode_lowdelay_slice, slices, NULL, slice_num,
@ -896,6 +899,14 @@ static int dirac_unpack_prediction_parameters(DiracContext *s)
    /*[DIRAC_STD] 11.2.4 motion_data_dimensions()
      Calculated in function dirac_unpack_block_motion_data */
    if (s->plane[0].xblen % (1 << s->chroma_x_shift) != 0 ||
        s->plane[0].yblen % (1 << s->chroma_y_shift) != 0 ||
        !s->plane[0].xblen || !s->plane[0].yblen) {
        av_log(s->avctx, AV_LOG_ERROR,
               "invalid x/y block length (%d/%d) for x/y chroma shift (%d/%d)\n",
               s->plane[0].xblen, s->plane[0].yblen, s->chroma_x_shift, s->chroma_y_shift);
        return AVERROR_INVALIDDATA;
    }
    if (!s->plane[0].xbsep || !s->plane[0].ybsep || s->plane[0].xbsep < s->plane[0].xblen/2 || s->plane[0].ybsep < s->plane[0].yblen/2) {
        av_log(s->avctx, AV_LOG_ERROR, "Block separation too small\n");
        return -1;
@ -1004,8 +1015,8 @@ static int dirac_unpack_idwt_params(DiracContext *s)
        /* Codeblock parameters (core syntax only) */
        if (get_bits1(gb)) {
            for (i = 0; i <= s->wavelet_depth; i++) {
-                CHECKEDREAD(s->codeblock[i].width , tmp < 1, "codeblock width invalid\n")
+                CHECKEDREAD(s->codeblock[i].width , tmp < 1 || tmp > (s->avctx->width >>s->wavelet_depth-i), "codeblock width invalid\n")
-                CHECKEDREAD(s->codeblock[i].height, tmp < 1, "codeblock height invalid\n")
+                CHECKEDREAD(s->codeblock[i].height, tmp < 1 || tmp > (s->avctx->height>>s->wavelet_depth-i), "codeblock height invalid\n")
            }
            CHECKEDREAD(s->codeblock_mode, tmp > 1, "unknown codeblock mode\n")
@ -1550,7 +1561,7 @@ static void select_dsp_funcs(DiracContext *s, int width, int height, int xblen,
    }
 }
-static void interpolate_refplane(DiracContext *s, DiracFrame *ref, int plane, int width, int height)
+static int interpolate_refplane(DiracContext *s, DiracFrame *ref, int plane, int width, int height)
 {
    /* chroma allocates an edge of 8 when subsampled
       which for 4:2:2 means an h edge of 16 and v edge of 8
@ -1562,11 +1573,14 @@ static void interpolate_refplane(DiracContext *s, DiracFrame *ref, int plane, in
    /* no need for hpel if we only have fpel vectors */
    if (!s->mv_precision)
-        return;
+        return 0;
    for (i = 1; i < 4; i++) {
        if (!ref->hpel_base[plane][i])
            ref->hpel_base[plane][i] = av_malloc((height+2*edge) * ref->avframe->linesize[plane] + 32);
        if (!ref->hpel_base[plane][i]) {
            return AVERROR(ENOMEM);
        }
        /* we need to be 16-byte aligned even for chroma */
        ref->hpel[plane][i] = ref->hpel_base[plane][i] + edge*ref->avframe->linesize[plane] + 16;
    }
@ -1580,6 +1594,8 @@ static void interpolate_refplane(DiracContext *s, DiracFrame *ref, int plane, in
        s->mpvencdsp.draw_edges(ref->hpel[plane][3], ref->avframe->linesize[plane], width, height, edge, edge, EDGE_TOP | EDGE_BOTTOM);
    }
    ref->interpolated[plane] = 1;
    return 0;
 }
 /**
@ -1629,8 +1645,11 @@ static int dirac_decode_frame_internal(DiracContext *s)
            select_dsp_funcs(s, p->width, p->height, p->xblen, p->yblen);
-            for (i = 0; i < s->num_refs; i++)
+            for (i = 0; i < s->num_refs; i++) {
-                interpolate_refplane(s, s->ref_pics[i], comp, p->width, p->height);
+                int ret = interpolate_refplane(s, s->ref_pics[i], comp, p->width, p->height);
                if (ret < 0)
                    return ret;
            }
            memset(s->mctmp, 0, 4*p->yoffset*p->stride);
@ -1736,6 +1755,12 @@ static int dirac_decode_picture_header(DiracContext *s)
                    get_buffer_with_edge(s->avctx, s->ref_pics[i]->avframe, AV_GET_BUFFER_FLAG_REF);
                    break;
                }
        if (!s->ref_pics[i]) {
            av_log(s->avctx, AV_LOG_ERROR, "Reference could not be allocated\n");
            return -1;
        }
    }
    /* retire the reference frames that are not used anymore */
@ -1931,8 +1956,8 @@ static int dirac_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
            break;
        data_unit_size = AV_RB32(buf+buf_idx+5);
-        if (buf_idx + data_unit_size > buf_size || !data_unit_size) {
+        if (data_unit_size > buf_size - buf_idx || !data_unit_size) {
-            if(buf_idx + data_unit_size > buf_size)
+            if(data_unit_size > buf_size - buf_idx)
            av_log(s->avctx, AV_LOG_ERROR,
                   "Data unit with size %d is larger than input buffer, discarding\n",
                   data_unit_size);
--- a/libavcodec/dnxhddec.c
+++ b/libavcodec/dnxhddec.c
@ -38,6 +38,7 @@ typedef struct DNXHDContext {
    BlockDSPContext bdsp;
    int64_t cid;                        ///< compression id
    unsigned int width, height;
    enum AVPixelFormat pix_fmt;
    unsigned int mb_width, mb_height;
    uint32_t mb_scan_index[68];         /* max for 1080p */
    int cur_field;                      ///< current interlaced field
@ -141,7 +142,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame,
    ctx->is_444 = 0;
    if (buf[0x4] == 0x2) {
-        ctx->avctx->pix_fmt = AV_PIX_FMT_YUV444P10;
+        ctx->pix_fmt = AV_PIX_FMT_YUV444P10;
        ctx->avctx->bits_per_raw_sample = 10;
        if (ctx->bit_depth != 10) {
            ff_blockdsp_init(&ctx->bdsp, ctx->avctx);
@ -151,7 +152,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame,
        }
        ctx->is_444 = 1;
    } else if (buf[0x21] & 0x40) {
-        ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P10;
+        ctx->pix_fmt = AV_PIX_FMT_YUV422P10;
        ctx->avctx->bits_per_raw_sample = 10;
        if (ctx->bit_depth != 10) {
            ff_blockdsp_init(&ctx->bdsp, ctx->avctx);
@ -160,7 +161,7 @@ static int dnxhd_decode_header(DNXHDContext *ctx, AVFrame *frame,
            ctx->decode_dct_block = dnxhd_decode_dct_block_10;
        }
    } else {
-        ctx->avctx->pix_fmt = AV_PIX_FMT_YUV422P;
+        ctx->pix_fmt = AV_PIX_FMT_YUV422P;
        ctx->avctx->bits_per_raw_sample = 8;
        if (ctx->bit_depth != 8) {
            ff_blockdsp_init(&ctx->bdsp, ctx->avctx);
@ -362,7 +363,7 @@ static int dnxhd_decode_macroblock(DNXHDContext *ctx, AVFrame *frame,
    dest_u = frame->data[1] + ((y * dct_linesize_chroma) << 4) + (x << (3 + shift1 + ctx->is_444));
    dest_v = frame->data[2] + ((y * dct_linesize_chroma) << 4) + (x << (3 + shift1 + ctx->is_444));
-    if (ctx->cur_field) {
+    if (frame->interlaced_frame && ctx->cur_field) {
        dest_y += frame->linesize[0];
        dest_u += frame->linesize[1];
        dest_v += frame->linesize[2];
@ -446,7 +447,13 @@ decode_coding_unit:
               avctx->width, avctx->height, ctx->width, ctx->height);
        first_field = 1;
    }
    if (avctx->pix_fmt != AV_PIX_FMT_NONE && avctx->pix_fmt != ctx->pix_fmt) {
        av_log(avctx, AV_LOG_WARNING, "pix_fmt changed: %s -> %s\n",
               av_get_pix_fmt_name(avctx->pix_fmt), av_get_pix_fmt_name(ctx->pix_fmt));
        first_field = 1;
    }
    avctx->pix_fmt = ctx->pix_fmt;
    ret = ff_set_dimensions(avctx, ctx->width, ctx->height);
    if (ret < 0)
        return ret;
--- a/libavcodec/dnxhdenc.c
+++ b/libavcodec/dnxhdenc.c
@ -117,7 +117,7 @@ static int dnxhd_10bit_dct_quantize(MpegEncContext *ctx, int16_t *block,
    for (i = 1; i < 64; ++i) {
        int j = scantable[i];
-        int sign = block[j] >> 31;
+        int sign = FF_SIGNBIT(block[j]);
        int level = (block[j] ^ sign) - sign;
        level = level * qmat[j] >> DNX10BIT_QMAT_SHIFT;
        block[j] = (level ^ sign) - sign;
--- a/libavcodec/dpx.c
+++ b/libavcodec/dpx.c
@ -334,11 +334,11 @@ static int decode_frame(AVCodecContext *avctx,
                // For 12 bit, ignore alpha
                if (elements == 4)
                    buf += 2;
                // Jump to next aligned position
                buf += need_align;
            }
            for (i = 0; i < 3; i++)
                ptr[i] += p->linesize[i];
            // Jump to next aligned position
            buf += need_align;
        }
        break;
    case 16:
--- a/libavcodec/dpxenc.c
+++ b/libavcodec/dpxenc.c
@ -75,17 +75,20 @@ static av_cold int encode_init(AVCodecContext *avctx)
    return 0;
 }
-#define write16(p, value) \
+static av_always_inline void write16_internal(int big_endian, void *p, int value)
-do { \
+{
-    if (s->big_endian) AV_WB16(p, value); \
+    if (big_endian) AV_WB16(p, value);
-    else               AV_WL16(p, value); \
+    else            AV_WL16(p, value);
-} while(0)
+}
-#define write32(p, value) \
+static av_always_inline void write32_internal(int big_endian, void *p, int value)
-do { \
+{
-    if (s->big_endian) AV_WB32(p, value); \
+    if (big_endian) AV_WB32(p, value);
-    else               AV_WL32(p, value); \
+    else            AV_WL32(p, value);
-} while(0)
+}
 #define write16(p, value) write16_internal(s->big_endian, p, value)
 #define write32(p, value) write32_internal(s->big_endian, p, value)
 static void encode_rgb48_10bit(AVCodecContext *avctx, const AVPicture *pic, uint8_t *dst)
 {
--- a/libavcodec/dvdec.c
+++ b/libavcodec/dvdec.c
@ -221,7 +221,7 @@ static int dv_decode_video_segment(AVCodecContext *avctx, void *arg)
                                    dct_mode                        * 22 * 64 +
                                    (quant + ff_dv_quant_offset[class1]) * 64];
            }
-            dc = dc << 2;
+            dc = dc * 4;
            /* convert to unsigned because 128 is not added in the
             * standard IDCT */
            dc                   += 1024;
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@ -37,7 +37,7 @@ typedef struct DVDSubContext
  int      has_palette;
  uint8_t  colormap[4];
  uint8_t  alpha[256];
-  uint8_t *buf;
+  uint8_t  buf[0x10000];
  int      buf_size;
 #ifdef DEBUG
  int sub_id;
@ -105,6 +105,12 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h,
    int x, y, len, color;
    uint8_t *d;
    if (start >= buf_size)
        return -1;
    if (w <= 0 || h <= 0)
        return -1;
    bit_len = (buf_size - start) * 8;
    init_get_bits(&gb, buf + start, bit_len);
@ -337,7 +343,7 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
            }
        }
    the_end:
-        if (offset1 >= 0) {
+        if (offset1 >= 0 && offset2 >= 0) {
            int w, h;
            uint8_t *bitmap;
@ -356,10 +362,12 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
                sub_header->rects[0] = av_mallocz(sizeof(AVSubtitleRect));
                sub_header->num_rects = 1;
                sub_header->rects[0]->pict.data[0] = bitmap;
-                decode_rle(bitmap, w * 2, w, (h + 1) / 2,
+                if (decode_rle(bitmap, w * 2, w, (h + 1) / 2,
-                           buf, offset1, buf_size, is_8bit);
+                               buf, offset1, buf_size, is_8bit) < 0)
-                decode_rle(bitmap + w, w * 2, w, h / 2,
+                    goto fail;
-                           buf, offset2, buf_size, is_8bit);
+                if (decode_rle(bitmap + w, w * 2, w, h / 2,
                               buf, offset2, buf_size, is_8bit) < 0)
                    goto fail;
                sub_header->rects[0]->pict.data[1] = av_mallocz(AVPALETTE_SIZE);
                if (is_8bit) {
                    if (!yuv_palette)
@ -498,15 +506,11 @@ static int append_to_cached_buf(AVCodecContext *avctx,
 {
    DVDSubContext *ctx = avctx->priv_data;
-    if (ctx->buf_size > 0xffff - buf_size) {
+    if (ctx->buf_size >= sizeof(ctx->buf) - buf_size) {
        av_log(avctx, AV_LOG_WARNING, "Attempt to reconstruct "
               "too large SPU packets aborted.\n");
        av_freep(&ctx->buf);
        return AVERROR_INVALIDDATA;
    }
    ctx->buf = av_realloc(ctx->buf, ctx->buf_size + buf_size);
    if (!ctx->buf)
        return AVERROR(ENOMEM);
    memcpy(ctx->buf + ctx->buf_size, buf, buf_size);
    ctx->buf_size += buf_size;
    return 0;
@ -522,7 +526,7 @@ static int dvdsub_decode(AVCodecContext *avctx,
    AVSubtitle *sub = data;
    int is_menu;
-    if (ctx->buf) {
+    if (ctx->buf_size) {
        int ret = append_to_cached_buf(avctx, buf, buf_size);
        if (ret < 0) {
            *data_size = 0;
@ -561,7 +565,6 @@ static int dvdsub_decode(AVCodecContext *avctx,
    }
 #endif
    av_freep(&ctx->buf);
    ctx->buf_size = 0;
    *data_size = 1;
    return buf_size;
@ -583,6 +586,7 @@ static int dvdsub_parse_extradata(AVCodecContext *avctx)
 {
    DVDSubContext *ctx = (DVDSubContext*) avctx->priv_data;
    char *dataorig, *data;
    int ret = 1;
    if (!avctx->extradata || !avctx->extradata_size)
        return 1;
@ -603,11 +607,9 @@ static int dvdsub_parse_extradata(AVCodecContext *avctx)
        } else if (strncmp("size:", data, 5) == 0) {
            int w, h;
            if (sscanf(data + 5, "%dx%d", &w, &h) == 2) {
-               int ret = ff_set_dimensions(avctx, w, h);
+               ret = ff_set_dimensions(avctx, w, h);
-               if (ret < 0) {
+               if (ret < 0)
-                   av_free(dataorig);
+                   goto fail;
                   return ret;
               }
            }
        }
@ -615,8 +617,9 @@ static int dvdsub_parse_extradata(AVCodecContext *avctx)
        data += strspn(data, "\n\r");
    }
 fail:
    av_free(dataorig);
-    return 1;
+    return ret;
 }
 static av_cold int dvdsub_init(AVCodecContext *avctx)
@ -643,7 +646,6 @@ static av_cold int dvdsub_init(AVCodecContext *avctx)
 static av_cold int dvdsub_close(AVCodecContext *avctx)
 {
    DVDSubContext *ctx = avctx->priv_data;
    av_freep(&ctx->buf);
    ctx->buf_size = 0;
    return 0;
 }
--- a/libavcodec/dxa.c
+++ b/libavcodec/dxa.c
@ -329,6 +329,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
 {
    DxaDecContext * const c = avctx->priv_data;
    if (avctx->width%4 || avctx->height%4) {
        avpriv_request_sample(avctx, "dimensions are not a multiple of 4");
        return AVERROR_INVALIDDATA;
    }
    c->prev = av_frame_alloc();
    if (!c->prev)
        return AVERROR(ENOMEM);
--- a/libavcodec/dxtory.c
+++ b/libavcodec/dxtory.c
@ -65,7 +65,7 @@ static int dxtory_decode_v1_410(AVCodecContext *avctx, AVFrame *pic,
    uint8_t *Y1, *Y2, *Y3, *Y4, *U, *V;
    int ret;
-    if (src_size < avctx->width * avctx->height * 9L / 8) {
+    if (src_size < FFALIGN(avctx->width, 4) * FFALIGN(avctx->height, 4) * 9LL / 8) {
        av_log(avctx, AV_LOG_ERROR, "packet too small\n");
        return AVERROR_INVALIDDATA;
    }
@ -108,7 +108,7 @@ static int dxtory_decode_v1_420(AVCodecContext *avctx, AVFrame *pic,
    uint8_t *Y1, *Y2, *U, *V;
    int ret;
-    if (src_size < avctx->width * avctx->height * 3L / 2) {
+    if (src_size < FFALIGN(avctx->width, 2) * FFALIGN(avctx->height, 2) * 3LL / 2) {
        av_log(avctx, AV_LOG_ERROR, "packet too small\n");
        return AVERROR_INVALIDDATA;
    }
@ -145,7 +145,7 @@ static int dxtory_decode_v1_444(AVCodecContext *avctx, AVFrame *pic,
    uint8_t *Y, *U, *V;
    int ret;
-    if (src_size < avctx->width * avctx->height * 3L) {
+    if (src_size < avctx->width * avctx->height * 3LL) {
        av_log(avctx, AV_LOG_ERROR, "packet too small\n");
        return AVERROR_INVALIDDATA;
    }
--- a/libavcodec/eac3dec.c
+++ b/libavcodec/eac3dec.c
@ -63,7 +63,7 @@ typedef enum {
 #define EAC3_SR_CODE_REDUCED  3
-void ff_eac3_apply_spectral_extension(AC3DecodeContext *s)
+static void ff_eac3_apply_spectral_extension(AC3DecodeContext *s)
 {
    int bin, bnd, ch, i;
    uint8_t wrapflag[SPX_MAX_BANDS]={1,0,}, num_copy_sections, copy_sizes[SPX_MAX_BANDS];
@ -101,7 +101,7 @@ void ff_eac3_apply_spectral_extension(AC3DecodeContext *s)
        for (i = 0; i < num_copy_sections; i++) {
            memcpy(&s->transform_coeffs[ch][bin],
                   &s->transform_coeffs[ch][s->spx_dst_start_freq],
-                   copy_sizes[i]*sizeof(float));
+                   copy_sizes[i]*sizeof(INTFLOAT));
            bin += copy_sizes[i];
        }
@ -124,7 +124,7 @@ void ff_eac3_apply_spectral_extension(AC3DecodeContext *s)
            bin = s->spx_src_start_freq - 2;
            for (bnd = 0; bnd < s->num_spx_bands; bnd++) {
                if (wrapflag[bnd]) {
-                    float *coeffs = &s->transform_coeffs[ch][bin];
+                    INTFLOAT *coeffs = &s->transform_coeffs[ch][bin];
                    coeffs[0] *= atten_tab[0];
                    coeffs[1] *= atten_tab[1];
                    coeffs[2] *= atten_tab[2];
@ -142,6 +142,11 @@ void ff_eac3_apply_spectral_extension(AC3DecodeContext *s)
        for (bnd = 0; bnd < s->num_spx_bands; bnd++) {
            float nscale = s->spx_noise_blend[ch][bnd] * rms_energy[bnd] * (1.0f / INT32_MIN);
            float sscale = s->spx_signal_blend[ch][bnd];
 #if USE_FIXED
            // spx_noise_blend and spx_signal_blend are both FP.23
            nscale *= 1.0 / (1<<23);
            sscale *= 1.0 / (1<<23);
 #endif
            for (i = 0; i < s->spx_band_sizes[bnd]; i++) {
                float noise  = nscale * (int32_t)av_lfg_get(&s->dith_state);
                s->transform_coeffs[ch][bin]   *= sscale;
@ -195,7 +200,7 @@ static void idct6(int pre_mant[6])
    pre_mant[5] = even0 - odd0;
 }
-void ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch)
+static void ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch)
 {
    int bin, blk, gs;
    int end_bap, gaq_mode;
@ -288,7 +293,7 @@ void ff_eac3_decode_transform_coeffs_aht_ch(AC3DecodeContext *s, int ch)
    }
 }
-int ff_eac3_parse_header(AC3DecodeContext *s)
+static int ff_eac3_parse_header(AC3DecodeContext *s)
 {
    int i, blk, ch;
    int ac3_exponent_strategy, parse_aht_info, parse_spx_atten_data;
--- a/libavcodec/eamad.c
+++ b/libavcodec/eamad.c
@ -151,6 +151,11 @@ static inline int decode_block_intra(MadContext *s, int16_t * block)
                break;
            } else if (level != 0) {
                i += run;
                if (i > 63) {
                    av_log(s->avctx, AV_LOG_ERROR,
                           "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
                    return -1;
                }
                j = scantable[i];
                level = (level*quant_matrix[j]) >> 4;
                level = (level-1)|1;
@ -165,6 +170,11 @@ static inline int decode_block_intra(MadContext *s, int16_t * block)
                run = SHOW_UBITS(re, &s->gb, 6)+1; LAST_SKIP_BITS(re, &s->gb, 6);
                i += run;
                if (i > 63) {
                    av_log(s->avctx, AV_LOG_ERROR,
                           "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
                    return -1;
                }
                j = scantable[i];
                if (level < 0) {
                    level = -level;
@ -176,10 +186,6 @@ static inline int decode_block_intra(MadContext *s, int16_t * block)
                    level = (level-1)|1;
                }
            }
            if (i > 63) {
                av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
                return -1;
            }
            block[j] = level;
        }
--- a/libavcodec/error_resilience.c
+++ b/libavcodec/error_resilience.c
@ -377,14 +377,19 @@ static void guess_mv(ERContext *s)
 #define MV_UNCHANGED 1
    const int mb_stride = s->mb_stride;
    const int mb_width  = s->mb_width;
-    const int mb_height = s->mb_height;
+    int mb_height = s->mb_height;
    int i, depth, num_avail;
    int mb_x, mb_y, mot_step, mot_stride;
    if (s->last_pic.f && s->last_pic.f->data[0])
        mb_height = FFMIN(mb_height, (s->last_pic.f->height+15)>>4);
    if (s->next_pic.f && s->next_pic.f->data[0])
        mb_height = FFMIN(mb_height, (s->next_pic.f->height+15)>>4);
    set_mv_strides(s, &mot_step, &mot_stride);
    num_avail = 0;
-    for (i = 0; i < s->mb_num; i++) {
+    for (i = 0; i < mb_width * mb_height; i++) {
        const int mb_xy = s->mb_index2xy[i];
        int f = 0;
        int error = s->error_status_table[mb_xy];
@ -409,7 +414,7 @@ static void guess_mv(ERContext *s)
    if ((!(s->avctx->error_concealment&FF_EC_GUESS_MVS)) ||
        num_avail <= mb_width / 2) {
-        for (mb_y = 0; mb_y < s->mb_height; mb_y++) {
+        for (mb_y = 0; mb_y < mb_height; mb_y++) {
            for (mb_x = 0; mb_x < s->mb_width; mb_x++) {
                const int mb_xy = mb_x + mb_y * s->mb_stride;
                int mv_dir = (s->last_pic.f && s->last_pic.f->data[0]) ? MV_DIR_FORWARD : MV_DIR_BACKWARD;
@ -438,7 +443,7 @@ static void guess_mv(ERContext *s)
            int score_sum = 0;
            changed = 0;
-            for (mb_y = 0; mb_y < s->mb_height; mb_y++) {
+            for (mb_y = 0; mb_y < mb_height; mb_y++) {
                for (mb_x = 0; mb_x < s->mb_width; mb_x++) {
                    const int mb_xy        = mb_x + mb_y * s->mb_stride;
                    int mv_predictor[8][2] = { { 0 } };
@ -671,7 +676,7 @@ skip_last_mv:
        if (none_left)
            return;
-        for (i = 0; i < s->mb_num; i++) {
+        for (i = 0; i < mb_width * mb_height; i++) {
            int mb_xy = s->mb_index2xy[i];
            if (fixed[mb_xy])
                fixed[mb_xy] = MV_FROZEN;
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@ -460,7 +460,7 @@ static int huf_build_dec_table(const uint64_t *hcode, int im,
        lc += 8;                                                              \
 }
-#define get_code(po, rlc, c, lc, gb, out, oe)                                 \
+#define get_code(po, rlc, c, lc, gb, out, oe, outb)                           \
 {                                                                             \
        if (po == rlc) {                                                      \
            if (lc < 8)                                                       \
@ -469,7 +469,7 @@ static int huf_build_dec_table(const uint64_t *hcode, int im,
                                                                              \
            cs = c >> lc;                                                     \
                                                                              \
-            if (out + cs > oe)                                                \
+            if (out + cs > oe || out == outb)                                 \
                return AVERROR_INVALIDDATA;                                   \
                                                                              \
            s = out[-1];                                                      \
@ -502,7 +502,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
            if (pl.len) {
                lc -= pl.len;
-                get_code(pl.lit, rlc, c, lc, gb, out, oe);
+                get_code(pl.lit, rlc, c, lc, gb, out, oe, outb);
            } else {
                int j;
@ -519,7 +519,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
                        if ((hcode[pl.p[j]] >> 6) ==
                            ((c >> (lc - l)) & ((1LL << l) - 1))) {
                            lc -= l;
-                            get_code(pl.p[j], rlc, c, lc, gb, out, oe);
+                            get_code(pl.p[j], rlc, c, lc, gb, out, oe, outb);
                            break;
                        }
                    }
@ -540,7 +540,7 @@ static int huf_decode(const uint64_t *hcode, const HufDec *hdecod,
        if (pl.len) {
            lc -= pl.len;
-            get_code(pl.lit, rlc, c, lc, gb, out, oe);
+            get_code(pl.lit, rlc, c, lc, gb, out, oe, outb);
        } else {
            return AVERROR_INVALIDDATA;
        }
@ -1011,6 +1011,22 @@ static int decode_header(EXRContext *s)
    int current_channel_offset = 0;
    int magic_number, version, flags, i;
    s->xmin               = ~0;
    s->xmax               = ~0;
    s->ymin               = ~0;
    s->ymax               = ~0;
    s->xdelta             = ~0;
    s->ydelta             = ~0;
    s->channel_offsets[0] = -1;
    s->channel_offsets[1] = -1;
    s->channel_offsets[2] = -1;
    s->channel_offsets[3] = -1;
    s->pixel_type         = EXR_UNKNOWN;
    s->compression        = EXR_UNKN;
    s->nb_channels        = 0;
    s->w                  = 0;
    s->h                  = 0;
    if (bytestream2_get_bytes_left(&s->gb) < 10) {
        av_log(s->avctx, AV_LOG_ERROR, "Header too short to parse.\n");
        return AVERROR_INVALIDDATA;
@ -1351,21 +1367,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
    float one_gamma = 1.0f / s->gamma;
    s->avctx              = avctx;
    s->xmin               = ~0;
    s->xmax               = ~0;
    s->ymin               = ~0;
    s->ymax               = ~0;
    s->xdelta             = ~0;
    s->ydelta             = ~0;
    s->channel_offsets[0] = -1;
    s->channel_offsets[1] = -1;
    s->channel_offsets[2] = -1;
    s->channel_offsets[3] = -1;
    s->pixel_type         = EXR_UNKNOWN;
    s->compression        = EXR_UNKN;
    s->nb_channels        = 0;
    s->w                  = 0;
    s->h                  = 0;
    if ( one_gamma > 0.9999f && one_gamma < 1.0001f ) {
        for ( i = 0; i < 65536; ++i ) {
--- a/libavcodec/faxcompr.c
+++ b/libavcodec/faxcompr.c
@ -251,7 +251,7 @@ static void put_line(uint8_t *dst, int size, int width, const int *runs)
    PutBitContext pb;
    int run, mode = ~0, pix_left = width, run_idx = 0;
-    init_put_bits(&pb, dst, size * 8);
+    init_put_bits(&pb, dst, size);
    while (pix_left > 0) {
        run       = runs[run_idx++];
        mode      = ~mode;
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@ -66,7 +66,7 @@ av_cold int ffv1_common_init(AVCodecContext *avctx)
 av_cold int ffv1_init_slice_state(FFV1Context *f, FFV1Context *fs)
 {
-    int j;
+    int j, i;
    fs->plane_count  = f->plane_count;
    fs->transparency = f->transparency;
@ -80,10 +80,15 @@ av_cold int ffv1_init_slice_state(FFV1Context *f, FFV1Context *fs)
            if (!p->state)
                return AVERROR(ENOMEM);
        } else {
-            if (!p->vlc_state)
+            if (!p->vlc_state) {
-                p->vlc_state = av_malloc_array(p->context_count, sizeof(VlcState));
+                p->vlc_state = av_mallocz_array(p->context_count, sizeof(VlcState));
-            if (!p->vlc_state)
+                if (!p->vlc_state)
-                return AVERROR(ENOMEM);
+                    return AVERROR(ENOMEM);
                for (i = 0; i < p->context_count; i++) {
                    p->vlc_state[i].error_sum = 4;
                    p->vlc_state[i].count     = 1;
                }
            }
        }
    }
@ -101,7 +106,7 @@ av_cold int ffv1_init_slice_state(FFV1Context *f, FFV1Context *fs)
 av_cold int ffv1_init_slices_state(FFV1Context *f)
 {
    int i, ret;
-    for (i = 0; i < f->slice_count; i++) {
+    for (i = 0; i < f->max_slice_count; i++) {
        FFV1Context *fs = f->slice_context[i];
        if ((ret = ffv1_init_slice_state(f, fs)) < 0)
            return AVERROR(ENOMEM);
@ -113,10 +118,10 @@ av_cold int ffv1_init_slice_contexts(FFV1Context *f)
 {
    int i;
-    f->slice_count = f->num_h_slices * f->num_v_slices;
+    f->max_slice_count = f->num_h_slices * f->num_v_slices;
-    av_assert0(f->slice_count > 0);
+    av_assert0(f->max_slice_count > 0);
-    for (i = 0; i < f->slice_count; i++) {
+    for (i = 0; i < f->max_slice_count; i++) {
        FFV1Context *fs = av_mallocz(sizeof(*fs));
        int sx          = i % f->num_h_slices;
        int sy          = i / f->num_h_slices;
@ -201,7 +206,7 @@ av_cold int ffv1_close(AVCodecContext *avctx)
        ff_thread_release_buffer(avctx, &s->last_picture);
    av_frame_free(&s->last_picture.f);
-    for (j = 0; j < s->slice_count; j++) {
+    for (j = 0; j < s->max_slice_count; j++) {
        FFV1Context *fs = s->slice_context[j];
        for (i = 0; i < s->plane_count; i++) {
            PlaneContext *p = &fs->plane[i];
@ -215,14 +220,14 @@ av_cold int ffv1_close(AVCodecContext *avctx)
    av_freep(&avctx->stats_out);
    for (j = 0; j < s->quant_table_count; j++) {
        av_freep(&s->initial_states[j]);
-        for (i = 0; i < s->slice_count; i++) {
+        for (i = 0; i < s->max_slice_count; i++) {
            FFV1Context *sf = s->slice_context[i];
            av_freep(&sf->rc_stat2[j]);
        }
        av_freep(&s->rc_stat2[j]);
    }
-    for (i = 0; i < s->slice_count; i++)
+    for (i = 0; i < s->max_slice_count; i++)
        av_freep(&s->slice_context[i]);
    return 0;
--- a/libavcodec/ffv1.h
+++ b/libavcodec/ffv1.h
@ -117,6 +117,7 @@ typedef struct FFV1Context {
    struct FFV1Context *slice_context[MAX_SLICES];
    int slice_count;
    int max_slice_count;
    int num_v_slices;
    int num_h_slices;
    int slice_width;
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@ -47,8 +47,11 @@ static inline av_flatten int get_symbol_inline(RangeCoder *c, uint8_t *state,
    else {
        int i, e, a;
        e = 0;
-        while (get_rac(c, state + 1 + FFMIN(e, 9))) // 1..10
+        while (get_rac(c, state + 1 + FFMIN(e, 9))) { // 1..10
            e++;
            if (e > 31)
                return AVERROR_INVALIDDATA;
        }
        a = 1;
        for (i = e - 1; i >= 0; i--)
@ -303,7 +306,7 @@ static int decode_slice_header(FFV1Context *f, FFV1Context *fs)
    for (i = 0; i < f->plane_count; i++) {
        PlaneContext * const p = &fs->plane[i];
        int idx = get_symbol(c, state, 0);
-        if (idx > (unsigned)f->quant_table_count) {
+        if (idx >= (unsigned)f->quant_table_count) {
            av_log(f->avctx, AV_LOG_ERROR, "quant_table_index out of range\n");
            return -1;
        }
@ -406,6 +409,7 @@ static int decode_slice(AVCodecContext *c, void *arg)
        if (ffv1_init_slice_state(f, fs) < 0)
            return AVERROR(ENOMEM);
        if (decode_slice_header(f, fs) < 0) {
            fs->slice_x = fs->slice_y = fs->slice_height = fs->slice_width = 0;
            fs->slice_damaged = 1;
            return AVERROR_INVALIDDATA;
        }
@ -500,7 +504,10 @@ static int read_quant_tables(RangeCoder *c,
    int context_count = 1;
    for (i = 0; i < 5; i++) {
-        context_count *= read_quant_table(c, quant_table[i], context_count);
+        int ret = read_quant_table(c, quant_table[i], context_count);
        if (ret < 0)
            return ret;
        context_count *= ret;
        if (context_count > 32768U) {
            return AVERROR_INVALIDDATA;
        }
@ -546,6 +553,12 @@ static int read_extra_header(FFV1Context *f)
    f->num_h_slices               = 1 + get_symbol(c, state, 0);
    f->num_v_slices               = 1 + get_symbol(c, state, 0);
    if (f->chroma_h_shift > 4U || f->chroma_v_shift > 4U) {
        av_log(f->avctx, AV_LOG_ERROR, "chroma shift parameters %d %d are invalid\n",
               f->chroma_h_shift, f->chroma_v_shift);
        return AVERROR_INVALIDDATA;
    }
    if (f->num_h_slices > (unsigned)f->width  || !f->num_h_slices ||
        f->num_v_slices > (unsigned)f->height || !f->num_v_slices
       ) {
@ -554,8 +567,11 @@ static int read_extra_header(FFV1Context *f)
    }
    f->quant_table_count = get_symbol(c, state, 0);
-    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES)
+    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) {
        av_log(f->avctx, AV_LOG_ERROR, "quant table count %d is invalid\n", f->quant_table_count);
        f->quant_table_count = 0;
        return AVERROR_INVALIDDATA;
    }
    for (i = 0; i < f->quant_table_count; i++) {
        f->context_count[i] = read_quant_tables(c, f->quant_tables[i]);
@ -651,6 +667,12 @@ static int read_header(FFV1Context *f)
            }
        }
        if (chroma_h_shift > 4U || chroma_v_shift > 4U) {
            av_log(f->avctx, AV_LOG_ERROR, "chroma shift parameters %d %d are invalid\n",
                   chroma_h_shift, chroma_v_shift);
            return AVERROR_INVALIDDATA;
        }
        f->colorspace                 = colorspace;
        f->avctx->bits_per_raw_sample = bits_per_raw_sample;
        f->chroma_planes              = chroma_planes;
@ -758,6 +780,7 @@ static int read_header(FFV1Context *f)
            av_log(f->avctx, AV_LOG_ERROR, "read_quant_table error\n");
            return AVERROR_INVALIDDATA;
        }
        f->slice_count = f->max_slice_count;
    } else if (f->version < 3) {
        f->slice_count = get_symbol(c, state, 0);
    } else {
@ -772,8 +795,8 @@ static int read_header(FFV1Context *f)
            p -= size + trailer;
        }
    }
-    if (f->slice_count > (unsigned)MAX_SLICES || f->slice_count <= 0) {
+    if (f->slice_count > (unsigned)MAX_SLICES || f->slice_count <= 0 || f->slice_count > f->max_slice_count) {
-        av_log(f->avctx, AV_LOG_ERROR, "slice count %d is invalid\n", f->slice_count);
+        av_log(f->avctx, AV_LOG_ERROR, "slice count %d is invalid (max=%d)\n", f->slice_count, f->max_slice_count);
        return AVERROR_INVALIDDATA;
    }
@ -915,6 +938,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame, AVPac
        else                     v = buf_p - c->bytestream_start;
        if (buf_p - c->bytestream_start < v) {
            av_log(avctx, AV_LOG_ERROR, "Slice pointer chain broken\n");
            ff_thread_report_progress(&f->picture, INT_MAX, 0);
            return AVERROR_INVALIDDATA;
        }
        buf_p -= v;
@ -996,6 +1020,7 @@ static int init_thread_copy(AVCodecContext *avctx)
    f->picture.f      = NULL;
    f->last_picture.f = NULL;
    f->sample_buffer  = NULL;
    f->max_slice_count = 0;
    f->slice_count = 0;
    for (i = 0; i < f->quant_table_count; i++) {
@ -1066,7 +1091,7 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src)
        av_assert0(!fdst->sample_buffer);
    }
-    av_assert1(fdst->slice_count == fsrc->slice_count);
+    av_assert1(fdst->max_slice_count == fsrc->max_slice_count);
    ff_thread_release_buffer(dst, &fdst->picture);
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@ -166,7 +166,7 @@ static void find_best_state(uint8_t best_state[256][256],
                    best_len[k]      = len;
                    best_state[i][k] = j;
                }
-                for (m = 0; m < 256; m++)
+                for (m = 1; m < 256; m++)
                    if (occ[m]) {
                        newocc[      one_state[      m]] += occ[m] * p;
                        newocc[256 - one_state[256 - m]] += occ[m] * (1 - p);
@ -961,6 +961,7 @@ slices_ok:
    if ((ret = ffv1_init_slice_contexts(s)) < 0)
        return ret;
    s->slice_count = s->max_slice_count;
    if ((ret = ffv1_init_slices_state(s)) < 0)
        return ret;
@ -970,7 +971,7 @@ slices_ok:
        if (!avctx->stats_out)
            return AVERROR(ENOMEM);
        for (i = 0; i < s->quant_table_count; i++)
-            for (j = 0; j < s->slice_count; j++) {
+            for (j = 0; j < s->max_slice_count; j++) {
                FFV1Context *sf = s->slice_context[j];
                av_assert0(!sf->rc_stat2[i]);
                sf->rc_stat2[i] = av_mallocz(s->context_count[i] *
@ -1194,6 +1195,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt,
            for (i = 0; i < f->quant_table_count; i++)
                memset(f->rc_stat2[i], 0, f->context_count[i] * sizeof(*f->rc_stat2[i]));
            av_assert0(f->slice_count == f->max_slice_count);
            for (j = 0; j < f->slice_count; j++) {
                FFV1Context *fs = f->slice_context[j];
                for (i = 0; i < 256; i++) {
--- a/libavcodec/flac_parser.c
+++ b/libavcodec/flac_parser.c
@ -697,7 +697,7 @@ static int flac_parse(AVCodecParserContext *s, AVCodecContext *avctx,
 handle_error:
    *poutbuf      = NULL;
    *poutbuf_size = 0;
-    return read_end - buf;
+    return buf_size ? read_end - buf : 0;
 }
 static av_cold int flac_parse_init(AVCodecParserContext *c)
--- a/libavcodec/flacdec.c
+++ b/libavcodec/flacdec.c
@ -473,10 +473,10 @@ static int decode_frame(FLACContext *s)
        ret = allocate_buffers(s);
        if (ret < 0)
            return ret;
        ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps);
        s->got_streaminfo = 1;
        dump_headers(s->avctx, (FLACStreaminfo *)s);
    }
    ff_flacdsp_init(&s->dsp, s->avctx->sample_fmt, s->bps);
 //    dump_headers(s->avctx, (FLACStreaminfo *)s);
--- a/libavcodec/flacenc.c
+++ b/libavcodec/flacenc.c
@ -916,7 +916,7 @@ static int count_frame_header(FlacEncodeContext *s)
        count += 16;
    /* explicit sample rate */
-    count += ((s->sr_code[0] == 12) + (s->sr_code[0] > 12)) * 8;
+    count += ((s->sr_code[0] == 12) + (s->sr_code[0] > 12) * 2) * 8;
    /* frame header CRC-8 */
    count += 8;
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@ -413,6 +413,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data,
                }
                if (has_diff) {
                    if (size < 3) {
                        av_log(avctx, AV_LOG_ERROR, "size too small for diff\n");
                        return AVERROR_INVALIDDATA;
                    }
                    if (!s->keyframe) {
                        av_log(avctx, AV_LOG_ERROR,
                               "Inter frame without keyframe\n");
@ -440,6 +444,10 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data,
                    int row = get_bits(&gb, 8);
                    av_log(avctx, AV_LOG_DEBUG, "%dx%d zlibprime_curr %dx%d\n",
                           i, j, col, row);
                    if (size < 3) {
                        av_log(avctx, AV_LOG_ERROR, "size too small for zlibprime_curr\n");
                        return AVERROR_INVALIDDATA;
                    }
                    size -= 2;
                    avpriv_request_sample(avctx, "zlibprime_curr");
                    return AVERROR_PATCHWELCOME;
--- a/libavcodec/flashsv2enc.c
+++ b/libavcodec/flashsv2enc.c
@ -287,7 +287,7 @@ static int write_header(FlashSV2Context * s, uint8_t * buf, int buf_size)
    if (buf_size < 5)
        return -1;
-    init_put_bits(&pb, buf, buf_size * 8);
+    init_put_bits(&pb, buf, buf_size);
    put_bits(&pb, 4, (s->block_width  >> 4) - 1);
    put_bits(&pb, 12, s->image_width);
--- a/libavcodec/flashsvenc.c
+++ b/libavcodec/flashsvenc.c
@ -111,7 +111,7 @@ static av_cold int flashsv_encode_init(AVCodecContext *avctx)
    if (avctx->width > 4095 || avctx->height > 4095) {
        av_log(avctx, AV_LOG_ERROR,
-               "Input dimensions too large, input must be max 4096x4096 !\n");
+               "Input dimensions too large, input must be max 4095x4095 !\n");
        return AVERROR_INVALIDDATA;
    }
@ -151,7 +151,7 @@ static int encode_bitstream(FlashSVContext *s, const AVFrame *p, uint8_t *buf,
    int buf_pos, res;
    int pred_blocks = 0;
-    init_put_bits(&pb, buf, buf_size * 8);
+    init_put_bits(&pb, buf, buf_size);
    put_bits(&pb,  4, block_width / 16 - 1);
    put_bits(&pb, 12, s->image_width);
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@ -736,8 +736,10 @@ static int g2m_decode_frame(AVCodecContext *avctx, void *data,
            }
            c->tile_width  = bytestream2_get_be32(&bc);
            c->tile_height = bytestream2_get_be32(&bc);
-            if (!c->tile_width || !c->tile_height ||
+            if (c->tile_width <= 0 || c->tile_height <= 0 ||
-                ((c->tile_width | c->tile_height) & 0xF)) {
+                ((c->tile_width | c->tile_height) & 0xF) ||
                c->tile_width * (uint64_t)c->tile_height >= INT_MAX / 4
            ) {
                av_log(avctx, AV_LOG_ERROR,
                       "Invalid tile dimensions %dx%d\n",
                       c->tile_width, c->tile_height);
@ -867,6 +869,8 @@ header_fail:
    c->height  = 0;
    c->tiles_x =
    c->tiles_y = 0;
    c->tile_width =
    c->tile_height = 0;
    return ret;
 }
--- a/Show More
+++ b/Show More