Update for 0.7.8

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Merge branch 'release/0.8' into release/0.7
2011-11-21 20:00:13 +01:00 · 2011-11-21 19:41:08 +01:00 · 2011-11-21 18:31:30 +01:00 · 2011-11-21 18:31:23 +01:00 · 2011-11-21 18:29:17 +01:00 · 2011-11-21 16:48:40 +01:00
229 changed files with 2966 additions and 1714 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,10 @@
 *-example
 *-test
 *_g
+*.def
+*.dll
+*.lib
+*.exp
 config.*
 doc/*.1
 doc/*.html
--- a/720
+++ b/720
@@ -1,720 +0,0 @@
-Entries are sorted chronologically from oldest to youngest within each release,
-releases are sorted from youngest to oldest.
-
-
-version 0.7.1:
-
- added various additional FOURCC codec identifiers
- H.264 4:4:4 fixes
- build system and compilation fixes
- Doxygen and general documentation corrections and improvements
- fixed segfault in ffprobe
- behavioral fix in av_open_input_stream()
- Licensing clarification for LGPL'ed vf_gradfun
- bugfixes while seeking in multithreaded decoding
- support newer versions of OpenCV
- ffmpeg: fix operation with --disable-avfilter
- fixed integer underflow in matroska decoder
-
-version 0.7:
-
- many many things we forgot because we rather write code than changelogs
- libmpcodecs video filter support (3 times as many filters than before)
- mpeg2 aspect ratio dection fixed
- libxvid aspect pickiness fixed
- Frame multithreaded decoding
- E-AC-3 audio encoder
- ac3enc: add channel coupling support
- floating-point sample format support for (E-)AC-3, DCA, AAC, Vorbis decoders
- H.264/MPEG frame-level multithreading
- av_metadata_* functions renamed to av_dict_* and moved to libavutil
- 4:4:4 H.264 decoding support
- 10-bit H.264 optimizations for x86
- lut, lutrgb, and lutyuv filters added
- buffersink libavfilter sink added
- bump libswscale for recently reported ABI break
-
-
-version 0.7_beta2:
-
- VP8 frame-level multithreading
- NEON optimizations for VP8
- removed a lot of deprecated API cruft
- FFT and IMDCT optimizations for AVX (Sandy Bridge) processors
- showinfo filter added
- DPX image encoder
- SMPTE 302M AES3 audio decoder
- Apple Core Audio Format muxer
- 9bit and 10bit per sample support in the H.264 decoder
- 9bit and 10bit FFV1 encoding / decoding
- split filter added
- select filter added
- sdl output device added
-
-
-version 0.7_beta1:
-
- WebM support in Matroska de/muxer
- low overhead Ogg muxing
- MMS-TCP support
- VP8 de/encoding via libvpx
- Demuxer for On2's IVF format
- Pictor/PC Paint decoder
- HE-AAC v2 decoder
- libfaad2 wrapper removed
- DTS-ES extension (XCh) decoding support
- native VP8 decoder
- RTSP tunneling over HTTP
- RTP depacketization of SVQ3
- -strict inofficial replaced by -strict unofficial
- ffplay -exitonkeydown and -exitonmousedown options added
- native GSM / GSM MS decoder
- RTP depacketization of QDM2
- ANSI/ASCII art playback system
- Lego Mindstorms RSO de/muxer
- libavcore added
- SubRip subtitle file muxer and demuxer
- Chinese AVS encoding via libxavs
- ffprobe -show_packets option added
- RTP packetization of Theora and Vorbis
- RTP depacketization of MP4A-LATM
- RTP packetization and depacketization of VP8
- hflip filter
- Apple HTTP Live Streaming demuxer
- a64 codec
- MMS-HTTP support
- G.722 ADPCM audio encoder/decoder
- R10k video decoder
- ocv_smooth filter
- frei0r wrapper filter
- change crop filter syntax to width:height:x:y
- make the crop filter accept parametric expressions
- make ffprobe accept AVFormatContext options
- yadif filter
- blackframe filter
- Demuxer for Leitch/Harris' VR native stream format (LXF)
- RTP depacketization of the X-QT QuickTime format
- SAP (Session Announcement Protocol, RFC 2974) muxer and demuxer
- cropdetect filter
- ffmpeg -crop* options removed
- transpose filter added
- ffmpeg -force_key_frames option added
- demuxer for receiving raw rtp:// URLs without an SDP description
- single stream LATM/LOAS decoder
- setpts filter added
- Win64 support for optimized x86 assembly functions
- MJPEG/AVI1 to JPEG/JFIF bitstream filter
- ASS subtitle encoder and decoder
- IEC 61937 encapsulation for E-AC-3, TrueHD, DTS-HD (for HDMI passthrough)
- overlay filter added
- rename aspect filter to setdar, and pixelaspect to setsar
- IEC 61937 demuxer
- Mobotix .mxg demuxer
- frei0r source added
- hqdn3d filter added
- RTP depacketization of QCELP
- FLAC parser added
- gradfun filter added
- AMR-WB decoder
- replace the ocv_smooth filter with a more generic ocv filter
- Windows Televison (WTV) demuxer
- FFmpeg metadata format muxer and demuxer
- SubRip (srt) subtitle encoder and decoder
- floating-point AC-3 encoder added
- Lagarith decoder
- ffmpeg -copytb option added
- IVF muxer added
- Wing Commander IV movies decoder added
- movie source added
- Bink version 'b' audio and video decoder
- Bitmap Brothers JV playback system
- Apple HTTP Live Streaming protocol handler
- sndio support for playback and record
- Linux framebuffer input device added
- Chronomaster DFA decoder
- DPX image encoder
- MicroDVD subtitle file muxer and demuxer
- Playstation Portable PMP format demuxer
- fieldorder video filter added
- AAC encoding via libvo-aacenc
- AMR-WB encoding via libvo-amrwbenc
- xWMA demuxer
- Mobotix MxPEG decoder
-
-
-version 0.6:
-
- PB-frame decoding for H.263
- deprecated vhook subsystem removed
- deprecated old scaler removed
- VQF demuxer
- Alpha channel scaler
- PCX encoder
- RTP packetization of H.263
- RTP packetization of AMR
- RTP depacketization of Vorbis
- CorePNG decoding support
- Cook multichannel decoding support
- introduced avlanguage helpers in libavformat
- 8088flex TMV demuxer and decoder
- per-stream language-tags extraction in asfdec
- V210 decoder and encoder
- remaining GPL parts in AC-3 decoder converted to LGPL
- QCP demuxer
- SoX native format muxer and demuxer
- AMR-NB decoding/encoding, AMR-WB decoding via OpenCORE libraries
- DPX image decoder
- Electronic Arts Madcow decoder
- DivX (XSUB) subtitle encoder
- nonfree libamr support for AMR-NB/WB decoding/encoding removed
- experimental AAC encoder
- RTP depacketization of ASF and RTSP from WMS servers
- RTMP support in libavformat
- noX handling for OPT_BOOL X options
- Wave64 demuxer
- IEC-61937 compatible Muxer
- TwinVQ decoder
- Bluray (PGS) subtitle decoder
- LPCM support in MPEG-TS (HDMV RID as found on Blu-ray disks)
- WMA Pro decoder
- Core Audio Format demuxer
- Atrac1 decoder
- MD STUDIO audio demuxer
- RF64 support in WAV demuxer
- MPEG-4 Audio Lossless Coding (ALS) decoder
- -formats option split into -formats, -codecs, -bsfs, and -protocols
- IV8 demuxer
- CDG demuxer and decoder
- R210 decoder
- Auravision Aura 1 and 2 decoders
- Deluxe Paint Animation playback system
- SIPR decoder
- Adobe Filmstrip muxer and demuxer
- RTP depacketization of H.263
- Bink demuxer and audio/video decoders
- enable symbol versioning by default for linkers that support it
- IFF PBM/ILBM bitmap decoder
- concat protocol
- Indeo 5 decoder
- RTP depacketization of AMR
- WMA Voice decoder
- ffprobe tool
- AMR-NB decoder
- RTSP muxer
- HE-AAC v1 decoder
- Kega Game Video (KGV1) decoder
- VorbisComment writing for FLAC, Ogg FLAC and Ogg Speex files
- RTP depacketization of Theora
- HTTP Digest authentication
- RTMP/RTMPT/RTMPS/RTMPE/RTMPTE protocol support via librtmp
- Psygnosis YOP demuxer and video decoder
- spectral extension support in the E-AC-3 decoder
- unsharp video filter
- RTP hinting in the mov/3gp/mp4 muxer
- Dirac in Ogg demuxing
- seek to keyframes in Ogg
- 4:2:2 and 4:4:4 Theora decoding
- 35% faster VP3/Theora decoding
- faster AAC decoding
- faster H.264 decoding
- RealAudio 1.0 (14.4K) encoder
-
-
-version 0.5:
-
- DV50 AKA DVCPRO50 encoder, decoder, muxer and demuxer
- TechSmith Camtasia (TSCC) video decoder
- IBM Ultimotion (ULTI) video decoder
- Sierra Online audio file demuxer and decoder
- Apple QuickDraw (qdrw) video decoder
- Creative ADPCM audio decoder (16 bits as well as 8 bits schemes)
- Electronic Arts Multimedia (WVE/UV2/etc.) file demuxer
- Miro VideoXL (VIXL) video decoder
- H.261 video encoder
- QPEG video decoder
- Nullsoft Video (NSV) file demuxer
- Shorten audio decoder
- LOCO video decoder
- Apple Lossless Audio Codec (ALAC) decoder
- Winnov WNV1 video decoder
- Autodesk Animator Studio Codec (AASC) decoder
- Indeo 2 video decoder
- Fraps FPS1 video decoder
- Snow video encoder/decoder
- Sonic audio encoder/decoder
- Vorbis audio decoder
- Macromedia ADPCM decoder
- Duck TrueMotion 2 video decoder
- support for decoding FLX and DTA extensions in FLIC files
- H.264 custom quantization matrices support
- ffserver fixed, it should now be usable again
- QDM2 audio decoder
- Real Cooker audio decoder
- TrueSpeech audio decoder
- WMA2 audio decoder fixed, now all files should play correctly
- RealAudio 14.4 and 28.8 decoders fixed
- JPEG-LS decoder
- build system improvements
- tabs and trailing whitespace removed from the codebase
- CamStudio video decoder
- AIFF/AIFF-C audio format, encoding and decoding
- ADTS AAC file reading and writing
- Creative VOC file reading and writing
- American Laser Games multimedia (*.mm) playback system
- Zip Motion Blocks Video decoder
- improved Theora/VP3 decoder
- True Audio (TTA) decoder
- AVS demuxer and video decoder
- JPEG-LS encoder
- Smacker demuxer and decoder
- NuppelVideo/MythTV demuxer and RTjpeg decoder
- KMVC decoder
- MPEG-2 intra VLC support
- MPEG-2 4:2:2 encoder
- Flash Screen Video decoder
- GXF demuxer
- Chinese AVS decoder
- GXF muxer
- MXF demuxer
- VC-1/WMV3/WMV9 video decoder
- MacIntel support
- AVISynth support
- VMware video decoder
- VP5 video decoder
- VP6 video decoder
- WavPack lossless audio decoder
- Targa (.TGA) picture decoder
- Vorbis audio encoder
- Delphine Software .cin demuxer/audio and video decoder
- Tiertex .seq demuxer/video decoder
- MTV demuxer
- TIFF picture encoder and decoder
- GIF picture decoder
- Intel Music Coder decoder
- Zip Motion Blocks Video encoder
- Musepack decoder
- Flash Screen Video encoder
- Theora encoding via libtheora
- BMP encoder
- WMA encoder
- GSM-MS encoder and decoder
- DCA decoder
- DXA demuxer and decoder
- DNxHD decoder
- Gamecube movie (.THP) playback system
- Blackfin optimizations
- Interplay C93 demuxer and video decoder
- Bethsoft VID demuxer and video decoder
- CRYO APC demuxer
- Atrac3 decoder
- V.Flash PTX decoder
- RoQ muxer, RoQ audio encoder
- Renderware TXD demuxer and decoder
- extern C declarations for C++ removed from headers
- sws_flags command line option
- codebook generator
- RoQ video encoder
- QTRLE encoder
- OS/2 support removed and restored again
- AC-3 decoder
- NUT muxer
- additional SPARC (VIS) optimizations
- Matroska muxer
- slice-based parallel H.264 decoding
- Monkey's Audio demuxer and decoder
- AMV audio and video decoder
- DNxHD encoder
- H.264 PAFF decoding
- Nellymoser ASAO decoder
- Beam Software SIFF demuxer and decoder
- libvorbis Vorbis decoding removed in favor of native decoder
- IntraX8 (J-Frame) subdecoder for WMV2 and VC-1
- Ogg (Theora, Vorbis and FLAC) muxer
- The "device" muxers and demuxers are now in a new libavdevice library
- PC Paintbrush PCX decoder
- Sun Rasterfile decoder
- TechnoTrend PVA demuxer
- Linux Media Labs MPEG-4 (LMLM4) demuxer
- AVM2 (Flash 9) SWF muxer
- QT variant of IMA ADPCM encoder
- VFW grabber
- iPod/iPhone compatible mp4 muxer
- Mimic decoder
- MSN TCP Webcam stream demuxer
- RL2 demuxer / decoder
- IFF demuxer
- 8SVX audio decoder
- non-recursive Makefiles
- BFI demuxer
- MAXIS EA XA (.xa) demuxer / decoder
- BFI video decoder
- OMA demuxer
- MLP/TrueHD decoder
- Electronic Arts CMV decoder
- Motion Pixels Video decoder
- Motion Pixels MVI demuxer
- removed animated GIF decoder/demuxer
- D-Cinema audio muxer
- Electronic Arts TGV decoder
- Apple Lossless Audio Codec (ALAC) encoder
- AAC decoder
- floating point PCM encoder/decoder
- MXF muxer
- DV100 AKA DVCPRO HD decoder and demuxer
- E-AC-3 support added to AC-3 decoder
- Nellymoser ASAO encoder
- ASS and SSA demuxer and muxer
- liba52 wrapper removed
- SVQ3 watermark decoding support
- Speex decoding via libspeex
- Electronic Arts TGQ decoder
- RV40 decoder
- QCELP / PureVoice decoder
- RV30 decoder
- hybrid WavPack support
- R3D REDCODE demuxer
- ALSA support for playback and record
- Electronic Arts TQI decoder
- OpenJPEG based JPEG 2000 decoder
- NC (NC4600) camera file demuxer
- Gopher client support
- MXF D-10 muxer
- generic metadata API
- flash ScreenVideo2 encoder
-
-
-version 0.4.9-pre1:
-
- DV encoder, DV muxer
- Microsoft RLE video decoder
- Microsoft Video-1 decoder
- Apple Animation (RLE) decoder
- Apple Graphics (SMC) decoder
- Apple Video (RPZA) decoder
- Cinepak decoder
- Sega FILM (CPK) file demuxer
- Westwood multimedia support (VQA & AUD files)
- Id Quake II CIN playback support
- 8BPS video decoder
- FLIC playback support
- RealVideo 2.0 (RV20) decoder
- Duck TrueMotion v1 (DUCK) video decoder
- Sierra VMD demuxer and video decoder
- MSZH and ZLIB decoder support
- SVQ1 video encoder
- AMR-WB support
- PPC optimizations
- rate distortion optimal cbp support
- rate distorted optimal ac prediction for MPEG-4
- rate distorted optimal lambda->qp support
- AAC encoding with libfaac
- Sunplus JPEG codec (SP5X) support
- use Lagrange multipler instead of QP for ratecontrol
- Theora/VP3 decoding support
- XA and ADX ADPCM codecs
- export MPEG-2 active display area / pan scan
- Add support for configuring with IBM XLC
- floating point AAN DCT
- initial support for zygo video (not complete)
- RGB ffv1 support
- new audio/video parser API
- av_log() system
- av_read_frame() and av_seek_frame() support
- missing last frame fixes
- seek by mouse in ffplay
- noise reduction of DCT coefficients
- H.263 OBMC & 4MV support
- H.263 alternative inter vlc support
- H.263 loop filter
- H.263 slice structured mode
- interlaced DCT support for MPEG-2 encoding
- stuffing to stay above min_bitrate
- MB type & QP visualization
- frame stepping for ffplay
- interlaced motion estimation
- alternate scantable support
- SVCD scan offset support
- closed GOP support
- SSE2 FDCT
- quantizer noise shaping
- G.726 ADPCM audio codec
- MS ADPCM encoding
- multithreaded/SMP motion estimation
- multithreaded/SMP encoding for MPEG-1/MPEG-2/MPEG-4/H.263
- multithreaded/SMP decoding for MPEG-2
- FLAC decoder
- Metrowerks CodeWarrior suppport
- H.263+ custom pcf support
- nicer output for 'ffmpeg -formats'
- Matroska demuxer
- SGI image format, encoding and decoding
- H.264 loop filter support
- H.264 CABAC support
- nicer looking arrows for the motion vector visualization
- improved VCD support
- audio timestamp drift compensation
- MPEG-2 YUV 422/444 support
- polyphase kaiser windowed sinc and blackman nuttall windowed sinc audio resample
- better image scaling
- H.261 support
- correctly interleave packets during encoding
- VIS optimized motion compensation
- intra_dc_precision>0 encoding support
- support reuse of motion vectors/MB types/field select values of the source video
- more accurate deblock filter
- padding support
- many optimizations and bugfixes
- FunCom ISS audio file demuxer and according ADPCM decoding
-
-
-version 0.4.8:
-
- MPEG-2 video encoding (Michael)
- Id RoQ playback subsystem (Mike Melanson and Tim Ferguson)
- Wing Commander III Movie (.mve) file playback subsystem (Mike Melanson
-  and Mario Brito)
- Xan DPCM audio decoder (Mario Brito)
- Interplay MVE playback subsystem (Mike Melanson)
- Duck DK3 and DK4 ADPCM audio decoders (Mike Melanson)
-
-
-version 0.4.7:
-
- RealAudio 1.0 (14_4) and 2.0 (28_8) native decoders. Author unknown, code from mplayerhq
-  (originally from public domain player for Amiga at http://www.honeypot.net/audio)
- current version now also compiles with older GCC (Fabrice)
- 4X multimedia playback system including 4xm file demuxer (Mike
-  Melanson), and 4X video and audio codecs (Michael)
- Creative YUV (CYUV) decoder (Mike Melanson)
- FFV1 codec (our very simple lossless intra only codec, compresses much better
-  than HuffYUV) (Michael)
- ASV1 (Asus), H.264, Intel indeo3 codecs have been added (various)
- tiny PNG encoder and decoder, tiny GIF decoder, PAM decoder (PPM with
-  alpha support), JPEG YUV colorspace support. (Fabrice Bellard)
- ffplay has been replaced with a newer version which uses SDL (optionally)
-  for multiplatform support (Fabrice)
- Sorenson Version 3 codec (SVQ3) support has been added (decoding only) - donated
-  by anonymous
- AMR format has been added (Johannes Carlsson)
- 3GP support has been added (Johannes Carlsson)
- VP3 codec has been added (Mike Melanson)
- more MPEG-1/2 fixes
- better multiplatform support, MS Visual Studio fixes (various)
- AltiVec optimizations (Magnus Damn and others)
- SH4 processor support has been added (BERO)
- new public interfaces (avcodec_get_pix_fmt) (Roman Shaposhnick)
- VOB streaming support (Brian Foley)
- better MP3 autodetection (Andriy Rysin)
- qpel encoding (Michael)
- 4mv+b frames encoding finally fixed (Michael)
- chroma ME (Michael)
- 5 comparison functions for ME (Michael)
- B-frame encoding speedup (Michael)
- WMV2 codec (unfinished - Michael)
- user specified diamond size for EPZS (Michael)
- Playstation STR playback subsystem, still experimental (Mike and Michael)
- ASV2 codec (Michael)
- CLJR decoder (Alex)
-
-.. And lots more new enhancements and fixes.
-
-
-version 0.4.6:
-
- completely new integer only MPEG audio layer 1/2/3 decoder rewritten
-  from scratch
- Recoded DCT and motion vector search with gcc (no longer depends on nasm)
- fix quantization bug in AC3 encoder
- added PCM codecs and format. Corrected WAV/AVI/ASF PCM issues
- added prototype ffplay program
- added GOB header parsing on H.263/H.263+ decoder (Juanjo)
- bug fix on MCBPC tables of H.263 (Juanjo)
- bug fix on DC coefficients of H.263 (Juanjo)
- added Advanced Prediction Mode on H.263/H.263+ decoder (Juanjo)
- now we can decode H.263 streams found in QuickTime files (Juanjo)
- now we can decode H.263 streams found in VIVO v1 files(Juanjo)
- preliminary RTP "friendly" mode for H.263/H.263+ coding. (Juanjo)
- added GOB header for H.263/H.263+ coding on RTP mode (Juanjo)
- now H.263 picture size is returned on the first decoded frame (Juanjo)
- added first regression tests
- added MPEG-2 TS demuxer
- new demux API for libav
- more accurate and faster IDCT (Michael)
- faster and entropy-controlled motion search (Michael)
- two pass video encoding (Michael)
- new video rate control (Michael)
- added MSMPEG4V1, MSMPEGV2 and WMV1 support (Michael)
- great performance improvement of video encoders and decoders (Michael)
- new and faster bit readers and vlc parsers (Michael)
- high quality encoding mode: tries all macroblock/VLC types (Michael)
- added DV video decoder
- preliminary RTP/RTSP support in ffserver and libavformat
- H.263+ AIC decoding/encoding support (Juanjo)
- VCD MPEG-PS mode (Juanjo)
- PSNR stuff (Juanjo)
- simple stats output (Juanjo)
- 16-bit and 15-bit RGB/BGR/GBR support (Bisqwit)
-
-
-version 0.4.5:
-
- some header fixes (Zdenek Kabelac <kabi at informatics.muni.cz>)
- many MMX optimizations (Nick Kurshev <nickols_k at mail.ru>)
- added configure system (actually a small shell script)
- added MPEG audio layer 1/2/3 decoding using LGPL'ed mpglib by
-  Michael Hipp (temporary solution - waiting for integer only
-  decoder)
- fixed VIDIOCSYNC interrupt
- added Intel H.263 decoding support ('I263' AVI fourCC)
- added Real Video 1.0 decoding (needs further testing)
- simplified image formats again. Added PGM format (=grey
-  pgm). Renamed old PGM to PGMYUV.
- fixed msmpeg4 slice issues (tell me if you still find problems)
- fixed OpenDivX bugs with newer versions (added VOL header decoding)
- added support for MPlayer interface
- added macroblock skip optimization
- added MJPEG decoder
- added mmx/mmxext IDCT from libmpeg2
- added pgmyuvpipe, ppm, and ppm_pipe formats (original patch by Celer
-  <celer at shell.scrypt.net>)
- added pixel format conversion layer (e.g. for MJPEG or PPM)
- added deinterlacing option
- MPEG-1/2 fixes
- MPEG-4 vol header fixes (Jonathan Marsden <snmjbm at pacbell.net>)
- ARM optimizations (Lionel Ulmer <lionel.ulmer at free.fr>).
- Windows porting of file converter
- added MJPEG raw format (input/ouput)
- added JPEG image format support (input/output)
-
-
-version 0.4.4:
-
- fixed some std header definitions (Bjorn Lindgren
-  <bjorn.e.lindgren at telia.com>).
- added MPEG demuxer (MPEG-1 and 2 compatible).
- added ASF demuxer
- added prototype RM demuxer
- added AC3 decoding (done with libac3 by Aaron Holtzman)
- added decoding codec parameter guessing (.e.g. for MPEG, because the
-  header does not include them)
- fixed header generation in MPEG-1, AVI and ASF muxer: wmplayer can now
-  play them (only tested video)
- fixed H.263 white bug
- fixed phase rounding in img resample filter
- add MMX code for polyphase img resample filter
- added CPU autodetection
- added generic title/author/copyright/comment string handling (ASF and RM
-  use them)
- added SWF demux to extract MP3 track (not usable yet because no MP3
-  decoder)
- added fractional frame rate support
- codecs are no longer searched by read_header() (should fix ffserver
-  segfault)
-
-
-version 0.4.3:
-
- BGR24 patch (initial patch by Jeroen Vreeken <pe1rxq at amsat.org>)
- fixed raw yuv output
- added motion rounding support in MPEG-4
- fixed motion bug rounding in MSMPEG4
- added B-frame handling in video core
- added full MPEG-1 decoding support
- added partial (frame only) MPEG-2 support
- changed the FOURCC code for H.263 to "U263" to be able to see the
-  +AVI/H.263 file with the UB Video H.263+ decoder. MPlayer works with
-  this +codec ;) (JuanJo).
- Halfpel motion estimation after MB type selection (JuanJo)
- added pgm and .Y.U.V output format
- suppressed 'img:' protocol. Simply use: /tmp/test%d.[pgm|Y] as input or
-  output.
- added pgmpipe I/O format (original patch from Martin Aumueller
-  <lists at reserv.at>, but changed completely since we use a format
-  instead of a protocol)
-
-
-version 0.4.2:
-
- added H.263/MPEG-4/MSMPEG4 decoding support. MPEG-4 decoding support
-  (for OpenDivX) is almost complete: 8x8 MVs and rounding are
-  missing. MSMPEG4 support is complete.
- added prototype MPEG-1 decoder. Only I- and P-frames handled yet (it
-  can decode ffmpeg MPEGs :-)).
- added libavcodec API documentation (see apiexample.c).
- fixed image polyphase bug (the bottom of some images could be
-  greenish)
- added support for non clipped motion vectors (decoding only)
-  and image sizes non-multiple of 16
- added support for AC prediction (decoding only)
- added file overwrite confirmation (can be disabled with -y)
- added custom size picture to H.263 using H.263+ (Juanjo)
-
-
-version 0.4.1:
-
- added MSMPEG4 (aka DivX) compatible encoder. Changed default codec
-  of AVI and ASF to DIV3.
- added -me option to set motion estimation method
-  (default=log). suppressed redundant -hq option.
- added options -acodec and -vcodec to force a given codec (useful for
-  AVI for example)
- fixed -an option
- improved dct_quantize speed
- factorized some motion estimation code
-
-
-version 0.4.0:
-
- removing grab code from ffserver and moved it to ffmpeg. Added
-  multistream support to ffmpeg.
- added timeshifting support for live feeds (option ?date=xxx in the
-  URL)
- added high quality image resize code with polyphase filter (need
-  mmx/see optimization). Enable multiple image size support in ffserver.
- added multi live feed support in ffserver
- suppressed master feature from ffserver (it should be done with an
-  external program which opens the .ffm url and writes it to another
-  ffserver)
- added preliminary support for video stream parsing (WAV and AVI half
-  done). Added proper support for audio/video file conversion in
-  ffmpeg.
- added preliminary support for video file sending from ffserver
- redesigning I/O subsystem: now using URL based input and output
-  (see avio.h)
- added WAV format support
- added "tty user interface" to ffmpeg to stop grabbing gracefully
- added MMX/SSE optimizations to SAD (Sums of Absolutes Differences)
-  (Juan J. Sierralta P. a.k.a. "Juanjo" <juanjo at atmlab.utfsm.cl>)
- added MMX DCT from mpeg2_movie 1.5 (Juanjo)
- added new motion estimation algorithms, log and phods (Juanjo)
- changed directories: libav for format handling, libavcodec for
-  codecs
-
-
-version 0.3.4:
-
- added stereo in MPEG audio encoder
-
-
-version 0.3.3:
-
- added 'high quality' mode which use motion vectors. It can be used in
-  real time at low resolution.
- fixed rounding problems which caused quality problems at high
-  bitrates and large GOP size
-
-
-version 0.3.2: small fixes
-
- ASF fixes
- put_seek bug fix
-
-
-version 0.3.1: added avi/divx support
-
- added AVI support
- added MPEG-4 codec compatible with OpenDivX. It is based on the H.263 codec
- added sound for flash format (not tested)
-
-
-version 0.3: initial public release
--- a/2
+++ b/2
@@ -31,7 +31,7 @@ PROJECT_NAME           = FFmpeg
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.

-PROJECT_NUMBER         = 0.8.1
+PROJECT_NUMBER         = 0.7.8

 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.
--- a/6
+++ b/6
@@ -41,6 +41,6 @@ is incompatible with the LGPL v2.1 and the GPL v2, but not with version 3 of
 those licenses. So to combine the OpenCORE libraries with FFmpeg, the license
 version needs to be upgraded by passing --enable-version3 to configure.

-The nonfree external library libfaac can be hooked up in FFmpeg. You need to
-pass --enable-nonfree to configure to enable it. Employ this option with care
-as FFmpeg then becomes nonfree and unredistributable.
+The nonfree external libraries libfaac and libaacplus can be hooked up in FFmpeg.
+You need to pass --enable-nonfree to configure to enable it. Employ this option
+with care as FFmpeg then becomes nonfree and unredistributable.
--- a/3
+++ b/3
@@ -19,7 +19,7 @@ ffmpeg:
  ffmpeg.c                              Michael Niedermayer

 ffplay:
-  ffplay.c                              Michael Niedermayer
+  ffplay.c                              Marton Balint

 ffprobe:
  ffprobe.c                             Stefano Sabatini
@@ -373,6 +373,7 @@ Ben Littler                   3EE3 3723 E560 3214 A8CD 4DEB 2CDB FCE7 768C 8D2C
 Benoit Fouet                  B22A 4F4F 43EF 636B BB66 FCDC 0023 AE1E 2985 49C8
 Daniel Verkamp                78A6 07ED 782C 653E C628 B8B9 F0EB 8DD8 2F0E 21C7
 Diego Biurrun                 8227 1E31 B6D9 4994 7427 E220 9CAE D6CC 4757 FCC5
+Gwenole Beauchesne            2E63 B3A6 3E44 37E2 017D 2704 53C7 6266 B153 99C4
 Jaikrishnan Menon             61A1 F09F 01C9 2D45 78E1 C862 25DC 8831 AF70 D368
 Justin Ruggles                3136 ECC0 C10D 6C04 5F43 CA29 FCBE CD2A 3787 1EBF
 Loren Merritt                 ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE
--- a/7
+++ b/7
@@ -258,9 +258,12 @@ FATE_SEEK    = $(SEEK_TESTS:seek_%=fate-seek-%)
 FATE = $(FATE_ACODEC)                                                   \
       $(FATE_VCODEC)                                                   \
       $(FATE_LAVF)                                                     \
-       $(FATE_LAVFI)                                                    \
       $(FATE_SEEK)                                                     \

+FATE-$(CONFIG_AVFILTER) += $(FATE_LAVFI)
+
+FATE += $(FATE-yes)
+
 $(filter-out %-aref,$(FATE_ACODEC)): $(AREF)
 $(filter-out %-vref,$(FATE_VCODEC)): $(VREF)
 $(FATE_LAVF):   $(REFS)
@@ -282,7 +285,7 @@ fate-lavfi:  $(FATE_LAVFI)
 fate-seek:   $(FATE_SEEK)

 ifdef SAMPLES
-FATE += $(FATE_TESTS)
+FATE += $(FATE_TESTS) $(FATE_TESTS-yes)
 fate-rsync:
 	rsync -vaLW rsync://fate-suite.libav.org/fate-suite/ $(SAMPLES)
 else
--- a/2
+++ b/2
@@ -1 +1 @@
-0.7.2
+0.7.8
--- a/2
+++ b/2
@@ -1 +1 @@
-0.7.2
+0.7.8
--- a/cmdutils.c
+++ b/cmdutils.c
@@ -574,12 +574,13 @@ void show_banner(void)
    print_all_libs_info(stderr, INDENT|SHOW_VERSION);
 }

-void show_version(void) {
+int opt_version(const char *opt, const char *arg) {
    printf("%s " FFMPEG_VERSION "\n", program_name);
    print_all_libs_info(stdout, SHOW_VERSION);
+    return 0;
 }

-void show_license(void)
+int opt_license(const char *opt, const char *arg)
 {
    printf(
 #if CONFIG_NONFREE
@@ -646,9 +647,10 @@ void show_license(void)
    program_name, program_name, program_name
 #endif
    );
+    return 0;
 }

-void show_formats(void)
+int opt_formats(const char *opt, const char *arg)
 {
    AVInputFormat *ifmt=NULL;
    AVOutputFormat *ofmt=NULL;
@@ -695,9 +697,10 @@ void show_formats(void)
            name,
            long_name ? long_name:" ");
    }
+    return 0;
 }

-void show_codecs(void)
+int opt_codecs(const char *opt, const char *arg)
 {
    AVCodec *p=NULL, *p2;
    const char *last_name;
@@ -771,9 +774,10 @@ void show_codecs(void)
 "even though both encoding and decoding are supported. For example, the h263\n"
 "decoder corresponds to the h263 and h263p encoders, for file formats it is even\n"
 "worse.\n");
+    return 0;
 }

-void show_bsfs(void)
+int opt_bsfs(const char *opt, const char *arg)
 {
    AVBitStreamFilter *bsf=NULL;

@@ -781,9 +785,10 @@ void show_bsfs(void)
    while((bsf = av_bitstream_filter_next(bsf)))
        printf("%s\n", bsf->name);
    printf("\n");
+    return 0;
 }

-void show_protocols(void)
+int opt_protocols(const char *opt, const char *arg)
 {
    URLProtocol *up=NULL;

@@ -799,9 +804,10 @@ void show_protocols(void)
               up->url_write ? 'O' : '.',
               up->url_seek  ? 'S' : '.',
               up->name);
+    return 0;
 }

-void show_filters(void)
+int opt_filters(const char *opt, const char *arg)
 {
    AVFilter av_unused(**filter) = NULL;

@@ -810,9 +816,10 @@ void show_filters(void)
    while ((filter = av_filter_next(filter)) && *filter)
        printf("%-16s %s\n", (*filter)->name, (*filter)->description);
 #endif
+    return 0;
 }

-void show_pix_fmts(void)
+int opt_pix_fmts(const char *opt, const char *arg)
 {
    enum PixelFormat pix_fmt;

@@ -843,6 +850,7 @@ void show_pix_fmts(void)
               pix_desc->nb_components,
               av_get_bits_per_pixel(pix_desc));
    }
+    return 0;
 }

 int read_yesno(void)
--- a/cmdutils.h
+++ b/cmdutils.h
@@ -62,7 +62,7 @@ void uninit_opts(void);

 /**
 * Trivial log callback.
- * Only suitable for show_help and similar since it lacks prefix handling.
+ * Only suitable for opt_help and similar since it lacks prefix handling.
 */
 void log_callback_help(void* ptr, int level, const char* fmt, va_list vl);

@@ -177,50 +177,58 @@ void show_banner(void);
 * Print the version of the program to stdout. The version message
 * depends on the current versions of the repository and of the libav*
 * libraries.
+ * This option processing function does not utilize the arguments.
 */
-void show_version(void);
+int opt_version(const char *opt, const char *arg);

 /**
 * Print the license of the program to stdout. The license depends on
 * the license of the libraries compiled into the program.
+ * This option processing function does not utilize the arguments.
 */
-void show_license(void);
+int opt_license(const char *opt, const char *arg);

 /**
 * Print a listing containing all the formats supported by the
 * program.
+ * This option processing function does not utilize the arguments.
 */
-void show_formats(void);
+int opt_formats(const char *opt, const char *arg);

 /**
 * Print a listing containing all the codecs supported by the
 * program.
+ * This option processing function does not utilize the arguments.
 */
-void show_codecs(void);
+int opt_codecs(const char *opt, const char *arg);

 /**
 * Print a listing containing all the filters supported by the
 * program.
+ * This option processing function does not utilize the arguments.
 */
-void show_filters(void);
+int opt_filters(const char *opt, const char *arg);

 /**
 * Print a listing containing all the bit stream filters supported by the
 * program.
+ * This option processing function does not utilize the arguments.
 */
-void show_bsfs(void);
+int opt_bsfs(const char *opt, const char *arg);

 /**
 * Print a listing containing all the protocols supported by the
 * program.
+ * This option processing function does not utilize the arguments.
 */
-void show_protocols(void);
+int opt_protocols(const char *opt, const char *arg);

 /**
 * Print a listing containing all the pixel formats supported by the
 * program.
+ * This option processing function does not utilize the arguments.
 */
-void show_pix_fmts(void);
+int opt_pix_fmts(const char *opt, const char *arg);

 /**
 * Return a positive value if a line read from standard input
--- a/cmdutils_common_opts.h
+++ b/cmdutils_common_opts.h
@@ -1,13 +1,13 @@
-    { "L", OPT_EXIT, {(void*)show_license}, "show license" },
-    { "h", OPT_EXIT, {(void*)show_help}, "show help" },
-    { "?", OPT_EXIT, {(void*)show_help}, "show help" },
-    { "help", OPT_EXIT, {(void*)show_help}, "show help" },
-    { "-help", OPT_EXIT, {(void*)show_help}, "show help" },
-    { "version", OPT_EXIT, {(void*)show_version}, "show version" },
-    { "formats"  , OPT_EXIT, {(void*)show_formats  }, "show available formats" },
-    { "codecs"   , OPT_EXIT, {(void*)show_codecs   }, "show available codecs" },
-    { "bsfs"     , OPT_EXIT, {(void*)show_bsfs     }, "show available bit stream filters" },
-    { "protocols", OPT_EXIT, {(void*)show_protocols}, "show available protocols" },
-    { "filters",   OPT_EXIT, {(void*)show_filters  }, "show available filters" },
-    { "pix_fmts" , OPT_EXIT, {(void*)show_pix_fmts }, "show available pixel formats" },
+    { "L", OPT_EXIT, {(void*)opt_license}, "show license" },
+    { "h", OPT_EXIT, {(void*)opt_help}, "show help" },
+    { "?", OPT_EXIT, {(void*)opt_help}, "show help" },
+    { "help", OPT_EXIT, {(void*)opt_help}, "show help" },
+    { "-help", OPT_EXIT, {(void*)opt_help}, "show help" },
+    { "version", OPT_EXIT, {(void*)opt_version}, "show version" },
+    { "formats"  , OPT_EXIT, {(void*)opt_formats  }, "show available formats" },
+    { "codecs"   , OPT_EXIT, {(void*)opt_codecs   }, "show available codecs" },
+    { "bsfs"     , OPT_EXIT, {(void*)opt_bsfs     }, "show available bit stream filters" },
+    { "protocols", OPT_EXIT, {(void*)opt_protocols}, "show available protocols" },
+    { "filters",   OPT_EXIT, {(void*)opt_filters  }, "show available filters" },
+    { "pix_fmts" , OPT_EXIT, {(void*)opt_pix_fmts }, "show available pixel formats" },
    { "loglevel", HAS_ARG, {(void*)opt_loglevel}, "set libav* logging level", "loglevel" },
--- a/27
+++ b/27
@@ -162,6 +162,7 @@ External library support:
  --enable-bzlib           enable bzlib [autodetect]
  --enable-libcelt         enable CELT/Opus decoding via libcelt [no]
  --enable-frei0r          enable frei0r video filtering
+  --enable-libaacplus      enable AAC+ encoding via libaacplus [no]
  --enable-libopencore-amrnb enable AMR-NB de/encoding via libopencore-amrnb [no]
  --enable-libopencore-amrwb enable AMR-WB decoding via libopencore-amrwb [no]
  --enable-libopencv       enable video filtering via libopencv [no]
@@ -177,7 +178,7 @@ External library support:
  --enable-libopenjpeg     enable JPEG 2000 decoding via OpenJPEG [no]
  --enable-librtmp         enable RTMP[E] support via librtmp [no]
  --enable-libschroedinger enable Dirac support via libschroedinger [no]
-  --enable-libspeex        enable Speex decoding via libspeex [no]
+  --enable-libspeex        enable Speex encoding and decoding via libspeex [no]
  --enable-libtheora       enable Theora encoding via libtheora [no]
  --enable-libvo-aacenc    enable AAC encoding via libvo-aacenc [no]
  --enable-libvo-amrwbenc  enable AMR-WB encoding via libvo-amrwbenc [no]
@@ -927,6 +928,8 @@ CONFIG_LIST="
    h264pred
    hardcoded_tables
    huffman
+    libaacplus
+    libcdio
    libcelt
    libdc1394
    libdirac
@@ -1401,6 +1404,7 @@ vdpau_deps="vdpau_vdpau_h vdpau_vdpau_x11_h"
 h264_parser_select="golomb h264dsp h264pred"

 # external libraries
+libaacplus_encoder_deps="libaacplus"
 libcelt_decoder_deps="libcelt"
 libdirac_decoder_deps="libdirac !libschroedinger"
 libdirac_encoder_deps="libdirac"
@@ -1417,6 +1421,7 @@ libopenjpeg_decoder_deps="libopenjpeg"
 libschroedinger_decoder_deps="libschroedinger"
 libschroedinger_encoder_deps="libschroedinger"
 libspeex_decoder_deps="libspeex"
+libspeex_encoder_deps="libspeex"
 libtheora_encoder_deps="libtheora"
 libvo_aacenc_encoder_deps="libvo_aacenc"
 libvo_amrwbenc_encoder_deps="libvo_amrwbenc"
@@ -1531,7 +1536,7 @@ test_deps(){
        dep=${v%=*}
        tests=${v#*=}
        for name in ${tests}; do
-            eval ${name}_test_deps="'${dep}$suf1 ${dep}$suf2'"
+            append ${name}_test_deps ${dep}$suf1 ${dep}$suf2
        done
    done
 }
@@ -1541,6 +1546,9 @@ set_ne_test_deps(){
    eval ${1}_le_test_deps="!bigendian"
 }

+mxf_d10_test_deps="avfilter"
+seek_lavf_mxf_d10_test_deps="mxf_d10_test"
+
 test_deps _encoder _decoder                                             \
    adpcm_g726=g726                                                     \
    adpcm_ima_qt                                                        \
@@ -1603,7 +1611,7 @@ test_deps _muxer _demuxer                                               \
    mmf                                                                 \
    mov                                                                 \
    pcm_mulaw=mulaw                                                     \
-    mxf                                                                 \
+    mxf="mxf mxf_d10"                                                   \
    nut                                                                 \
    ogg                                                                 \
    rawvideo=pixfmt                                                     \
@@ -2195,7 +2203,7 @@ case "$arch" in
        arch="sparc"
        subarch="sparc64"
    ;;
-    i[3-6]86|i86pc|BePC|x86pc|x86_64|amd64)
+    i[3-6]86|i86pc|BePC|x86pc|x86_64|x86_32|amd64)
        arch="x86"
    ;;
 esac
@@ -2537,6 +2545,7 @@ case $target_os in
        add_cppflags -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_BSD_SOURCE
        ;;
    gnu)
+        add_cppflags -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600
        ;;
    qnx)
        add_cppflags -D_QNX_SOURCE
@@ -2582,6 +2591,7 @@ die_license_disabled gpl libxavs
 die_license_disabled gpl libxvid
 die_license_disabled gpl x11grab

+die_license_disabled nonfree libaacplus
 die_license_disabled nonfree libfaac

 die_license_disabled version3 libopencore_amrnb
@@ -2914,6 +2924,7 @@ check_mathfunc truncf
 enabled avisynth   && require2 vfw32 "windows.h vfw.h" AVIFileInit -lavifil32
 enabled libcelt    && require libcelt celt/celt.h celt_decode -lcelt0
 enabled frei0r     && { check_header frei0r.h || die "ERROR: frei0r.h header not found"; }
+enabled libaacplus && require  "libaacplus >= 2.0.0" aacplus.h aacplusEncOpen -laacplus
 enabled libdc1394  && require_pkg_config libdc1394-2 dc1394/dc1394.h dc1394_new
 enabled libdirac   && require_pkg_config dirac                          \
    "libdirac_decoder/dirac_parser.h libdirac_encoder/dirac_encoder.h"  \
@@ -3071,6 +3082,10 @@ else
 fi
 check_cflags -fno-math-errno
 check_cflags -fno-signed-zeros
+check_cc -mno-red-zone <<EOF && noredzone_flags="-mno-red-zone"
+int x;
+EOF
+

 if enabled icc; then
    # Just warnings, no remarks
@@ -3149,7 +3164,7 @@ check_deps $CONFIG_LIST       \

 enabled asm || { arch=c; disable $ARCH_LIST $ARCH_EXT_LIST; }

-if test $target_os == "haiku"; then
+if test $target_os = "haiku"; then
    disable memalign
    disable posix_memalign
 fi
@@ -3221,6 +3236,7 @@ echo "frei0r enabled            ${frei0r-no}"
 echo "libdc1394 support         ${libdc1394-no}"
 echo "libdirac enabled          ${libdirac-no}"
 echo "libfaac enabled           ${libfaac-no}"
+echo "libaacplus enabled        ${libaacplus-no}"
 echo "libgsm enabled            ${libgsm-no}"
 echo "libmp3lame enabled        ${libmp3lame-no}"
 echo "libnut enabled            ${libnut-no}"
@@ -3381,6 +3397,7 @@ SLIB_EXTRA_CMD=${SLIB_EXTRA_CMD}
 SLIB_INSTALL_EXTRA_CMD=${SLIB_INSTALL_EXTRA_CMD}
 SLIB_UNINSTALL_EXTRA_CMD=${SLIB_UNINSTALL_EXTRA_CMD}
 SAMPLES:=${samples:-\$(FATE_SAMPLES)}
+NOREDZONE_FLAGS=$noredzone_flags
 EOF

 get_version(){
--- a/doc/APIchanges
+++ b/doc/APIchanges
@@ -13,6 +13,7 @@ libavutil:   2011-04-18

 API changes, most recent first:

+
 2011-06-19 - xxxxxxx - lavfi 2.23.0 - avfilter.h
  Add layout negotiation fields and helper functions.

@@ -43,6 +44,12 @@ API changes, most recent first:
 2011-06-12 - xxxxxxx - lavfi 2.16.0 - avfilter_graph_parse()
  Change avfilter_graph_parse() signature.

+2011-07-10 - xxxxxxx - lavf 53.3.0
+  Add avformat_find_stream_info(), deprecate av_find_stream_info().
+
+2011-07-10 - xxxxxxx - lavc 53.6.0
+  Add avcodec_open2(), deprecate avcodec_open().
+
 2011-06-xx - xxxxxxx - lavf 53.2.0 - avformat.h
  Add avformat_open_input and avformat_write_header().
  Deprecate av_open_input_stream, av_open_input_file,
--- a/doc/faq.texi
+++ b/doc/faq.texi
@@ -447,6 +447,11 @@ encompassing your FFmpeg includes using @code{extern "C"}.

 See @url{http://www.parashift.com/c++-faq-lite/mixing-c-and-cpp.html#faq-32.3}

+@section I'm using libavutil from within my C++ application but the compiler complains about 'UINT64_C' was not declared in this scope
+
+Libav is a pure C project using C99 math features, in order to enable C++
+to use them you have to append -D__STDC_CONSTANT_MACROS to your CXXFLAGS
+
@section I have a file in memory / a API different from *open/*read/ libc how do I use it with libavformat?

 You have to implement a URLProtocol, see @file{libavformat/file.c} in
--- a/doc/ffmpeg.texi
+++ b/doc/ffmpeg.texi
@@ -713,8 +713,39 @@ ffmpeg -i in.ogg -map_metadata 0:0,s0 out.mp3
 Copy chapters from @var{infile} to @var{outfile}. If no chapter mapping is specified,
 then chapters are copied from the first input file with at least one chapter to all
 output files. Use a negative file index to disable any chapter copying.
-@item -debug
+@item -debug @var{category}
 Print specific debug info.
+@var{category} is a number or a string containing one of the following values:
+@table @samp
+@item bitstream
+@item buffers
+picture buffer allocations
+@item bugs
+@item dct_coeff
+@item er
+error recognition
+@item mb_type
+macroblock (MB) type
+@item mmco
+memory management control operations (H.264)
+@item mv
+motion vector
+@item pict
+picture info
+@item pts
+@item qp
+per-block quantization parameter (QP)
+@item rc
+rate control
+@item skip
+@item startcode
+@item thread_ops
+threading operations
+@item vis_mb_type
+visualize block types
+@item vis_qp
+visualize quantization parameter (QP), lower QP are tinted greener
+@end table
@item -benchmark
 Show benchmarking information at the end of an encode.
 Shows CPU time used and maximum memory consumption.
--- a/doc/filters.texi
+++ b/doc/filters.texi
@@ -1683,7 +1683,7 @@ It accepts the following parameters:

 Negative values for the amount will blur the input video, while positive
 values will sharpen. All parameters are optional and default to the
-equivalent of the string '5:5:1.0:0:0:0.0'.
+equivalent of the string '5:5:1.0:5:5:0.0'.

@table @option

@@ -1701,11 +1701,11 @@ and 5.0, default value is 1.0.

@item chroma_msize_x
 Set the chroma matrix horizontal size. It can be an integer between 3
-and 13, default value is 0.
+and 13, default value is 5.

@item chroma_msize_y
 Set the chroma matrix vertical size. It can be an integer between 3
-and 13, default value is 0.
+and 13, default value is 5.

@item luma_amount
 Set the chroma effect strength. It can be a float number between -2.0
--- a/doc/general.texi
+++ b/doc/general.texi
@@ -542,6 +542,8 @@ following image formats are supported:
@multitable @columnfractions .4 .1 .1 .4
@item Name @tab Encoding @tab Decoding @tab Comments
@item 8SVX audio             @tab     @tab  X
+@item AAC+                   @tab  E  @tab  X
+    @tab encoding supported through external library libaacplus
@item AAC                    @tab  E  @tab  X
    @tab encoding supported through external library libfaac and libvo-aacenc
@item AC-3                   @tab IX  @tab  X
@@ -1060,7 +1062,7 @@ These library packages are only available from Cygwin Ports
 (@url{http://sourceware.org/cygwinports/}) :

@example
-yasm, libSDL-devel, libdirac-devel, libfaac-devel, libgsm-devel,
+yasm, libSDL-devel, libdirac-devel, libfaac-devel, libaacplus-devel, libgsm-devel,
 libmp3lame-devel, libschroedinger1.0-devel, speex-devel, libtheora-devel,
 libxvidcore-devel
@end example
--- a/ffmpeg.c
+++ b/ffmpeg.c
@@ -345,6 +345,7 @@ typedef struct AVInputFile {
    int eof_reached;      /* true if eof reached */
    int ist_index;        /* index of first stream in ist_table */
    int buffer_size;      /* current total buffer size */
+    int nb_streams;       /* nb streams we are aware of */
 } AVInputFile;

 #if HAVE_TERMIOS_H
@@ -2046,7 +2047,7 @@ static int transcode(AVFormatContext **output_files,
        int si = stream_maps[i].stream_index;

        if (fi < 0 || fi > nb_input_files - 1 ||
-            si < 0 || si > input_files[fi].ctx->nb_streams - 1) {
+            si < 0 || si > input_files[fi].nb_streams - 1) {
            fprintf(stderr,"Could not find input stream #%d.%d\n", fi, si);
            ret = AVERROR(EINVAL);
            goto fail;
@@ -2054,7 +2055,7 @@ static int transcode(AVFormatContext **output_files,
        fi = stream_maps[i].sync_file_index;
        si = stream_maps[i].sync_stream_index;
        if (fi < 0 || fi > nb_input_files - 1 ||
-            si < 0 || si > input_files[fi].ctx->nb_streams - 1) {
+            si < 0 || si > input_files[fi].nb_streams - 1) {
            fprintf(stderr,"Could not find sync stream #%d.%d\n", fi, si);
            ret = AVERROR(EINVAL);
            goto fail;
@@ -2379,9 +2380,9 @@ static int transcode(AVFormatContext **output_files,
            }
        }
        if(codec->codec_type == AVMEDIA_TYPE_VIDEO){
-            /* maximum video buffer size is 6-bytes per pixel, plus DPX header size */
+            /* maximum video buffer size is 6-bytes per pixel, plus DPX header size (1664)*/
            int size= codec->width * codec->height;
-            bit_buffer_size= FFMAX(bit_buffer_size, 6*size + 1664);
+            bit_buffer_size= FFMAX(bit_buffer_size, 7*size + 10000);
        }
    }

@@ -2732,7 +2733,7 @@ static int transcode(AVFormatContext **output_files,
        }
        /* the following test is needed in case new streams appear
           dynamically in stream : we ignore them */
-        if (pkt.stream_index >= input_files[file_index].ctx->nb_streams)
+        if (pkt.stream_index >= input_files[file_index].nb_streams)
            goto discard_packet;
        ist_index = input_files[file_index].ist_index + pkt.stream_index;
        ist = &input_streams[ist_index];
@@ -2945,7 +2946,7 @@ static int opt_frame_pix_fmt(const char *opt, const char *arg)
            return AVERROR(EINVAL);
        }
    } else {
-        show_pix_fmts();
+        opt_pix_fmts(NULL, NULL);
        ffmpeg_exit(0);
    }
    return 0;
@@ -3469,6 +3470,7 @@ static int opt_input_file(const char *opt, const char *filename)
    input_files = grow_array(input_files, sizeof(*input_files), &nb_input_files, nb_input_files + 1);
    input_files[nb_input_files - 1].ctx        = ic;
    input_files[nb_input_files - 1].ist_index  = nb_input_streams - ic->nb_streams;
+    input_files[nb_input_files - 1].nb_streams = ic->nb_streams;

    top_field_first = -1;
    video_channel = 0;
@@ -4075,16 +4077,18 @@ static void parse_matrix_coeffs(uint16_t *dest, const char *str)
    }
 }

-static void opt_inter_matrix(const char *opt, const char *arg)
+static int opt_inter_matrix(const char *opt, const char *arg)
 {
    inter_matrix = av_mallocz(sizeof(uint16_t) * 64);
    parse_matrix_coeffs(inter_matrix, arg);
+    return 0;
 }

-static void opt_intra_matrix(const char *opt, const char *arg)
+static int opt_intra_matrix(const char *opt, const char *arg)
 {
    intra_matrix = av_mallocz(sizeof(uint16_t) * 64);
    parse_matrix_coeffs(intra_matrix, arg);
+    return 0;
 }

 static void show_usage(void)
@@ -4094,7 +4098,7 @@ static void show_usage(void)
    printf("\n");
 }

-static void show_help(void)
+static int opt_help(const char *opt, const char *arg)
 {
    AVCodec *c;
    AVOutputFormat *oformat = NULL;
@@ -4149,6 +4153,7 @@ static void show_help(void)
    }

    av_opt_show2(sws_opts, NULL, AV_OPT_FLAG_ENCODING_PARAM|AV_OPT_FLAG_DECODING_PARAM, 0);
+    return 0;
 }

 static int opt_target(const char *opt, const char *arg)
@@ -4379,11 +4384,13 @@ static void log_callback_null(void* ptr, int level, const char* fmt, va_list vl)
 {
 }

-static void opt_passlogfile(const char *opt, const char *arg)
+static int opt_passlogfile(const char *opt, const char *arg)
 {
    pass_logfilename_prefix = arg;
 #if CONFIG_LIBX264_ENCODER
-    opt_default("passlogfile", arg);
+    return opt_default("passlogfile", arg);
+#else
+    return 0;
 #endif
 }

--- a/ffplay.c
+++ b/ffplay.c
@@ -212,7 +212,7 @@ typedef struct VideoState {
    int refresh;
 } VideoState;

-static void show_help(void);
+static int opt_help(const char *opt, const char *arg);

 /* options specified by the user */
 static AVInputFormat *file_iformat;
@@ -1779,8 +1779,10 @@ static int video_thread(void *arg)

        if (ret < 0) goto the_end;

+#if CONFIG_AVFILTER
        if (!picref)
            continue;
+#endif

        pts = pts_int*av_q2d(is->video_st->time_base);

@@ -2133,7 +2135,12 @@ static int stream_component_open(VideoState *is, int stream_index)

    avctx->workaround_bugs = workaround_bugs;
    avctx->lowres = lowres;
-    if(lowres) avctx->flags |= CODEC_FLAG_EMU_EDGE;
+    if(avctx->lowres > codec->max_lowres){
+        av_log(avctx, AV_LOG_WARNING, "The maximum value for lowres supported by the decoder is %d\n",
+                codec->max_lowres);
+        avctx->lowres= codec->max_lowres;
+    }
+    if(avctx->lowres) avctx->flags |= CODEC_FLAG_EMU_EDGE;
    avctx->idct_algo= idct;
    if(fast) avctx->flags2 |= CODEC_FLAG2_FAST;
    avctx->skip_frame= skip_frame;
@@ -2950,7 +2957,7 @@ static void show_usage(void)
    printf("\n");
 }

-static void show_help(void)
+static int opt_help(const char *opt, const char *arg)
 {
    av_log_set_callback(log_callback_help);
    show_usage();
@@ -2982,6 +2989,7 @@ static void show_help(void)
           "down/up             seek backward/forward 1 minute\n"
           "mouse click         seek to percentage in file corresponding to fraction of width\n"
           );
+    return 0;
 }

 /* Called from the main */
--- a/ffprobe.c
+++ b/ffprobe.c
@@ -353,7 +353,7 @@ static int opt_input_file(const char *opt, const char *arg)
    return 0;
 }

-static void show_help(void)
+static int opt_help(const char *opt, const char *arg)
 {
    av_log_set_callback(log_callback_help);
    show_usage();
@@ -361,6 +361,7 @@ static void show_help(void)
    printf("\n");
    av_opt_show2(avformat_opts, NULL,
                 AV_OPT_FLAG_DECODING_PARAM, 0);
+    return 0;
 }

 static void opt_pretty(void)
--- a/ffserver.c
+++ b/ffserver.c
@@ -4662,12 +4662,13 @@ static void opt_debug(void)
    logfilename[0] = '-';
 }

-static void show_help(void)
+static int opt_help(const char *opt, const char *arg)
 {
    printf("usage: ffserver [options]\n"
           "Hyper fast multi format Audio/Video streaming server\n");
    printf("\n");
    show_help_options(options, "Main options:\n", 0, 0);
+    return 0;
 }

 static const OptionDef options[] = {
--- a/libavcodec/4xm.c
+++ b/libavcodec/4xm.c
@@ -133,7 +133,9 @@ typedef struct FourXContext{
    GetBitContext pre_gb;          ///< ac/dc prefix
    GetBitContext gb;
    const uint8_t *bytestream;
+    const uint8_t *bytestream_end;
    const uint16_t *wordstream;
+    const uint16_t *wordstream_end;
    int mv[256];
    VLC pre_vlc;
    int last_dc;
@@ -277,7 +279,7 @@ static void init_mv(FourXContext *f){
    }
 #endif

-static inline void mcdc(uint16_t *dst, uint16_t *src, int log2w, int h, int stride, int scale, int dc){
+static inline void mcdc(uint16_t *dst, uint16_t *src, int log2w, int h, int stride, int scale, unsigned dc){
   int i;
   dc*= 0x10001;

@@ -328,6 +330,10 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo
    assert(code>=0 && code<=6);

    if(code == 0){
+        if (f->bytestream_end - f->bytestream < 1){
+            av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n");
+            return;
+        }
        src += f->mv[ *f->bytestream++ ];
        if(start > src || src > end){
            av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
@@ -345,15 +351,31 @@ static void decode_p_block(FourXContext *f, uint16_t *dst, uint16_t *src, int lo
    }else if(code == 3 && f->version<2){
        mcdc(dst, src, log2w, h, stride, 1, 0);
    }else if(code == 4){
+        if (f->bytestream_end - f->bytestream < 1){
+            av_log(f->avctx, AV_LOG_ERROR, "bytestream overread\n");
+            return;
+        }
        src += f->mv[ *f->bytestream++ ];
        if(start > src || src > end){
            av_log(f->avctx, AV_LOG_ERROR, "mv out of pic\n");
            return;
        }
+        if (f->wordstream_end - f->wordstream < 1){
+            av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
+            return;
+        }
        mcdc(dst, src, log2w, h, stride, 1, av_le2ne16(*f->wordstream++));
    }else if(code == 5){
+        if (f->wordstream_end - f->wordstream < 1){
+            av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
+            return;
+        }
        mcdc(dst, src, log2w, h, stride, 0, av_le2ne16(*f->wordstream++));
    }else if(code == 6){
+        if (f->wordstream_end - f->wordstream < 2){
+            av_log(f->avctx, AV_LOG_ERROR, "wordstream overread\n");
+            return;
+        }
        if(log2w){
            dst[0] = av_le2ne16(*f->wordstream++);
            dst[1] = av_le2ne16(*f->wordstream++);
@@ -375,6 +397,8 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){

    if(f->version>1){
        extra=20;
+        if (length < extra)
+            return -1;
        bitstream_size= AV_RL32(buf+8);
        wordstream_size= AV_RL32(buf+12);
        bytestream_size= AV_RL32(buf+16);
@@ -385,11 +409,10 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){
        bytestream_size= FFMAX(length - bitstream_size - wordstream_size, 0);
    }

-    if(bitstream_size+ bytestream_size+ wordstream_size + extra != length
-       || bitstream_size  > (1<<26)
-       || bytestream_size > (1<<26)
-       || wordstream_size > (1<<26)
-       ){
+    if (bitstream_size > length ||
+        bytestream_size > length - bitstream_size ||
+        wordstream_size > length - bytestream_size - bitstream_size ||
+        extra > length - bytestream_size - bitstream_size - wordstream_size){
        av_log(f->avctx, AV_LOG_ERROR, "lengths %d %d %d %d\n", bitstream_size, bytestream_size, wordstream_size,
        bitstream_size+ bytestream_size+ wordstream_size - length);
        return -1;
@@ -399,10 +422,13 @@ static int decode_p_frame(FourXContext *f, const uint8_t *buf, int length){
    if (!f->bitstream_buffer)
        return AVERROR(ENOMEM);
    f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)(buf + extra), bitstream_size/4);
+    memset((uint8_t*)f->bitstream_buffer + bitstream_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
    init_get_bits(&f->gb, f->bitstream_buffer, 8*bitstream_size);

    f->wordstream= (const uint16_t*)(buf + extra + bitstream_size);
+    f->wordstream_end= f->wordstream + wordstream_size/2;
    f->bytestream= buf + extra + bitstream_size + wordstream_size;
+    f->bytestream_end = f->bytestream + bytestream_size;

    init_mv(f);

@@ -531,7 +557,7 @@ static int decode_i_mb(FourXContext *f){
    return 0;
 }

-static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf){
+static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const buf, int buf_size){
    int frequency[512];
    uint8_t flag[512];
    int up[512];
@@ -539,6 +565,7 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const
    int bits_tab[257];
    int start, end;
    const uint8_t *ptr= buf;
+    const uint8_t *ptr_end = buf + buf_size;
    int j;

    memset(frequency, 0, sizeof(frequency));
@@ -549,6 +576,8 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const
    for(;;){
        int i;

+        if (start <= end && ptr_end - ptr < end - start + 1 + 1)
+            return NULL;
        for(i=start; i<=end; i++){
            frequency[i]= *ptr++;
        }
@@ -601,9 +630,10 @@ static const uint8_t *read_huffman_tables(FourXContext *f, const uint8_t * const
        len_tab[j]= len;
    }

-    init_vlc(&f->pre_vlc, ACDC_VLC_BITS, 257,
-             len_tab , 1, 1,
-             bits_tab, 4, 4, 0);
+    if (init_vlc(&f->pre_vlc, ACDC_VLC_BITS, 257,
+                 len_tab , 1, 1,
+                 bits_tab, 4, 4, 0))
+        return NULL;

    return ptr;
 }
@@ -621,10 +651,13 @@ static int decode_i2_frame(FourXContext *f, const uint8_t *buf, int length){
    const int height= f->avctx->height;
    uint16_t *dst= (uint16_t*)f->current_picture.data[0];
    const int stride= f->current_picture.linesize[0]>>1;
+    const uint8_t *buf_end = buf + length;

    for(y=0; y<height; y+=16){
        for(x=0; x<width; x+=16){
            unsigned int color[4], bits;
+            if (buf_end - buf < 8)
+                return -1;
            memset(color, 0, sizeof(color));
 //warning following is purely guessed ...
            color[0]= bytestream_get_le16(&buf);
@@ -658,18 +691,23 @@ static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length){
    uint16_t *dst= (uint16_t*)f->current_picture.data[0];
    const int stride= f->current_picture.linesize[0]>>1;
    const unsigned int bitstream_size= AV_RL32(buf);
-    const int token_count av_unused = AV_RL32(buf + bitstream_size + 8);
-    unsigned int prestream_size= 4*AV_RL32(buf + bitstream_size + 4);
-    const uint8_t *prestream= buf + bitstream_size + 12;
+    unsigned int prestream_size;
+    const uint8_t *prestream;

-    if(prestream_size + bitstream_size + 12 != length
-       || bitstream_size > (1<<26)
-       || prestream_size > (1<<26)){
+    if (bitstream_size > (1<<26) || length < bitstream_size + 12)
+        return -1;
+    prestream_size = 4*AV_RL32(buf + bitstream_size + 4);
+    prestream = buf + bitstream_size + 12;
+
+    if (prestream_size > (1<<26) ||
+        prestream_size != length - (bitstream_size + 12)){
        av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d %d\n", prestream_size, bitstream_size, length);
        return -1;
    }

-    prestream= read_huffman_tables(f, prestream);
+    prestream= read_huffman_tables(f, prestream, buf + length - prestream);
+    if (!prestream)
+        return -1;

    init_get_bits(&f->gb, buf + 4, 8*bitstream_size);

@@ -679,6 +717,7 @@ static int decode_i_frame(FourXContext *f, const uint8_t *buf, int length){
    if (!f->bitstream_buffer)
        return AVERROR(ENOMEM);
    f->dsp.bswap_buf(f->bitstream_buffer, (const uint32_t*)prestream, prestream_size/4);
+    memset((uint8_t*)f->bitstream_buffer + prestream_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
    init_get_bits(&f->pre_gb, f->bitstream_buffer, 8*prestream_size);

    f->last_dc= 0*128*8*8;
@@ -710,6 +749,8 @@ static int decode_frame(AVCodecContext *avctx,
    AVFrame *p, temp;
    int i, frame_4cc, frame_size;

+    if (buf_size < 12)
+        return AVERROR_INVALIDDATA;
    frame_4cc= AV_RL32(buf);
    if(buf_size != AV_RL32(buf+4)+8 || buf_size < 20){
        av_log(f->avctx, AV_LOG_ERROR, "size mismatch %d %d\n", buf_size, AV_RL32(buf+4));
@@ -722,6 +763,11 @@ static int decode_frame(AVCodecContext *avctx,
        const int whole_size= AV_RL32(buf+16);
        CFrameBuffer *cfrm;

+        if (data_size < 0 || whole_size < 0){
+            av_log(f->avctx, AV_LOG_ERROR, "sizes invalid\n");
+            return AVERROR_INVALIDDATA;
+        }
+
        for(i=0; i<CFRAME_BUFFER_COUNT; i++){
            if(f->cfrm[i].id && f->cfrm[i].id < avctx->frame_number)
                av_log(f->avctx, AV_LOG_ERROR, "lost c frame %d\n", f->cfrm[i].id);
@@ -738,6 +784,8 @@ static int decode_frame(AVCodecContext *avctx,
        }
        cfrm= &f->cfrm[i];

+        if (data_size > UINT_MAX -  cfrm->size - FF_INPUT_BUFFER_PADDING_SIZE)
+            return AVERROR_INVALIDDATA;
        cfrm->data= av_fast_realloc(cfrm->data, &cfrm->allocated_size, cfrm->size + data_size + FF_INPUT_BUFFER_PADDING_SIZE);
        if(!cfrm->data){ //explicit check needed as memcpy below might not catch a NULL
            av_log(f->avctx, AV_LOG_ERROR, "realloc falure");
@@ -781,12 +829,16 @@ static int decode_frame(AVCodecContext *avctx,

    if(frame_4cc == AV_RL32("ifr2")){
        p->pict_type= AV_PICTURE_TYPE_I;
-        if(decode_i2_frame(f, buf-4, frame_size) < 0)
+        if(decode_i2_frame(f, buf-4, frame_size+4) < 0){
+            av_log(f->avctx, AV_LOG_ERROR, "decode i2 frame failed\n");
            return -1;
+        }
    }else if(frame_4cc == AV_RL32("ifrm")){
        p->pict_type= AV_PICTURE_TYPE_I;
-        if(decode_i_frame(f, buf, frame_size) < 0)
+        if(decode_i_frame(f, buf, frame_size) < 0){
+            av_log(f->avctx, AV_LOG_ERROR, "decode i frame failed\n");
            return -1;
+        }
    }else if(frame_4cc == AV_RL32("pfrm") || frame_4cc == AV_RL32("pfr2")){
        if(!f->last_picture.data[0]){
            f->last_picture.reference= 1;
@@ -797,8 +849,10 @@ static int decode_frame(AVCodecContext *avctx,
        }

        p->pict_type= AV_PICTURE_TYPE_P;
-        if(decode_p_frame(f, buf, frame_size) < 0)
+        if(decode_p_frame(f, buf, frame_size) < 0){
+            av_log(f->avctx, AV_LOG_ERROR, "decode p frame failed\n");
            return -1;
+        }
    }else if(frame_4cc == AV_RL32("snd_")){
        av_log(avctx, AV_LOG_ERROR, "ignoring snd_ chunk length:%d\n", buf_size);
    }else{
@@ -831,6 +885,10 @@ static av_cold int decode_init(AVCodecContext *avctx){
        av_log(avctx, AV_LOG_ERROR, "extradata wrong or missing\n");
        return 1;
    }
+    if((avctx->width % 16) || (avctx->height % 16)) {
+        av_log(avctx, AV_LOG_ERROR, "unsupported width/height\n");
+        return AVERROR_INVALIDDATA;
+    }

    avcodec_get_frame_defaults(&f->current_picture);
    avcodec_get_frame_defaults(&f->last_picture);
--- a/libavcodec/Makefile
+++ b/libavcodec/Makefile
@@ -568,6 +568,7 @@ OBJS-$(CONFIG_WEBM_MUXER)              += xiph.o mpeg4audio.o \
 OBJS-$(CONFIG_WTV_DEMUXER)             += mpeg4audio.o mpegaudiodata.o

 # external codec libraries
+OBJS-$(CONFIG_LIBAACPLUS_ENCODER)         += libaacplus.o
 OBJS-$(CONFIG_LIBCELT_DECODER)            += libcelt_dec.o
 OBJS-$(CONFIG_LIBDIRAC_DECODER)           += libdiracdec.o
 OBJS-$(CONFIG_LIBDIRAC_ENCODER)           += libdiracenc.o libdirac_libschro.o
@@ -588,6 +589,7 @@ OBJS-$(CONFIG_LIBSCHROEDINGER_ENCODER)    += libschroedingerenc.o \
                                             libschroedinger.o    \
                                             libdirac_libschro.o
 OBJS-$(CONFIG_LIBSPEEX_DECODER)           += libspeexdec.o
+OBJS-$(CONFIG_LIBSPEEX_ENCODER)           += libspeexenc.o
 OBJS-$(CONFIG_LIBTHEORA_ENCODER)          += libtheoraenc.o
 OBJS-$(CONFIG_LIBVO_AACENC_ENCODER)       += libvo-aacenc.o mpeg4audio.o
 OBJS-$(CONFIG_LIBVO_AMRWBENC_ENCODER)     += libvo-amrwbenc.o
--- a/libavcodec/aac_adtstoasc_bsf.c
+++ b/libavcodec/aac_adtstoasc_bsf.c
@@ -72,7 +72,7 @@ static int aac_adtstoasc_filter(AVBitStreamFilterContext *bsfc,
        int            pce_size = 0;
        uint8_t        pce_data[MAX_PCE_SIZE];
        if (!hdr.chan_config) {
-            init_get_bits(&gb, buf, buf_size);
+            init_get_bits(&gb, buf, buf_size * 8);
            if (get_bits(&gb, 3) != 5) {
                av_log_missing_feature(avctx, "PCE based channel configuration, where the PCE is not the first syntax element is", 0);
                return -1;
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -1090,7 +1090,7 @@ static int decode_spectrum_and_dequant(AACContext *ac, float coef[1024],
                            GET_VLC(code, re, gb, vlc_tab, 8, 2);
                            cb_idx = cb_vector_idx[code];
                            nnz = cb_idx >> 8 & 15;
-                            bits = SHOW_UBITS(re, gb, nnz) << (32-nnz);
+                            bits = nnz ? GET_CACHE(re, gb) : 0;
                            LAST_SKIP_BITS(re, gb, nnz);
                            cf = VMUL4S(cf, vq, cb_idx, bits, sf + idx);
                        } while (len -= 4);
@@ -1130,7 +1130,7 @@ static int decode_spectrum_and_dequant(AACContext *ac, float coef[1024],
                            GET_VLC(code, re, gb, vlc_tab, 8, 2);
                            cb_idx = cb_vector_idx[code];
                            nnz = cb_idx >> 8 & 15;
-                            sign = SHOW_UBITS(re, gb, nnz) << (cb_idx >> 12);
+                            sign = nnz ? SHOW_UBITS(re, gb, nnz) << (cb_idx >> 12) : 0;
                            LAST_SKIP_BITS(re, gb, nnz);
                            cf = VMUL2S(cf, vq, cb_idx, sign, sf + idx);
                        } while (len -= 2);
@@ -1755,12 +1755,10 @@ static void windowing_and_mdct_ltp(AACContext *ac, float *out,
    } else {
        memset(in, 0, 448 * sizeof(float));
        ac->dsp.vector_fmul(in + 448, in + 448, swindow_prev, 128);
-        memcpy(in + 576, in + 576, 448 * sizeof(float));
    }
    if (ics->window_sequence[0] != LONG_START_SEQUENCE) {
        ac->dsp.vector_fmul_reverse(in + 1024, in + 1024, lwindow, 1024);
    } else {
-        memcpy(in + 1024, in + 1024, 448 * sizeof(float));
        ac->dsp.vector_fmul_reverse(in + 1024 + 448, in + 1024 + 448, swindow, 128);
        memset(in + 1024 + 576, 0, 448 * sizeof(float));
    }
@@ -2078,7 +2076,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
    ChannelElement *che = NULL, *che_prev = NULL;
    enum RawDataBlockType elem_type, elem_type_prev = TYPE_END;
    int err, elem_id, data_size_tmp;
-    int samples = 0, multiplier;
+    int samples = 0, multiplier, audio_found = 0;

    if (show_bits(gb, 12) == 0xfff) {
        if (parse_adts_frame_header(ac, gb) < 0) {
@@ -2109,10 +2107,12 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,

        case TYPE_SCE:
            err = decode_ics(ac, &che->ch[0], gb, 0, 0);
+            audio_found = 1;
            break;

        case TYPE_CPE:
            err = decode_cpe(ac, gb, che);
+            audio_found = 1;
            break;

        case TYPE_CCE:
@@ -2121,6 +2121,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,

        case TYPE_LFE:
            err = decode_ics(ac, &che->ch[0], gb, 0, 0);
+            audio_found = 1;
            break;

        case TYPE_DSE:
@@ -2197,7 +2198,7 @@ static int aac_decode_frame_int(AVCodecContext *avctx, void *data,
                                                   samples, avctx->channels);
    }

-    if (ac->output_configured)
+    if (ac->output_configured && audio_found)
        ac->output_configured = OC_LOCKED;

    return 0;
--- a/libavcodec/aacps.c
+++ b/libavcodec/aacps.c
@@ -813,14 +813,17 @@ static void stereo_processing(PSContext *ps, float (*l)[32][2], float (*r)[32][2
    const float (*H_LUT)[8][4] = (PS_BASELINE || ps->icc_mode < 3) ? HA : HB;

    //Remapping
-    memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0]));
-    memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0]));
-    memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0]));
-    memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0]));
-    memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0]));
-    memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0]));
-    memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0]));
-    memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0]));
+    if (ps->num_env_old) {
+        memcpy(H11[0][0], H11[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[0][0][0]));
+        memcpy(H11[1][0], H11[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H11[1][0][0]));
+        memcpy(H12[0][0], H12[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[0][0][0]));
+        memcpy(H12[1][0], H12[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H12[1][0][0]));
+        memcpy(H21[0][0], H21[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[0][0][0]));
+        memcpy(H21[1][0], H21[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H21[1][0][0]));
+        memcpy(H22[0][0], H22[0][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[0][0][0]));
+        memcpy(H22[1][0], H22[1][ps->num_env_old], PS_MAX_NR_IIDICC*sizeof(H22[1][0][0]));
+    }
+
    if (is34) {
        remap34(&iid_mapped, ps->iid_par, ps->nr_iid_par, ps->num_env, 1);
        remap34(&icc_mapped, ps->icc_par, ps->nr_icc_par, ps->num_env, 1);
--- a/libavcodec/aacsbr.c
+++ b/libavcodec/aacsbr.c
@@ -33,6 +33,7 @@
 #include "fft.h"
 #include "aacps.h"
 #include "libavutil/libm.h"
+#include "libavutil/avassert.h"

 #include <stdint.h>
 #include <float.h>
@@ -1457,6 +1458,7 @@ static void sbr_mapping(AACContext *ac, SpectralBandReplication *sbr,
        uint16_t *table = ch_data->bs_freq_res[e + 1] ? sbr->f_tablehigh : sbr->f_tablelow;
        int k;

+        av_assert0(sbr->kx[1] <= table[0]);
        for (i = 0; i < ilim; i++)
            for (m = table[i]; m < table[i + 1]; m++)
                sbr->e_origmapped[e][m - sbr->kx[1]] = ch_data->env_facs[e+1][i];
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -1333,10 +1333,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
            buf_size -= 128;
        }
        break;
-    case CODEC_ID_ADPCM_IMA_EA_EACS:
+    case CODEC_ID_ADPCM_IMA_EA_EACS: {
+        unsigned header_size = 4 + (8<<st);
        samples_in_chunk = bytestream_get_le32(&src) >> (1-st);

-        if (samples_in_chunk > buf_size-4-(8<<st)) {
+        if (buf_size < header_size || samples_in_chunk > buf_size - header_size) {
            src += buf_size - 4;
            break;
        }
@@ -1351,6 +1352,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
            *samples++ = adpcm_ima_expand_nibble(&c->status[st], *src&0x0F, 3);
        }
        break;
+    }
    case CODEC_ID_ADPCM_IMA_EA_SEAD:
        for (; src < buf+buf_size; src++) {
            *samples++ = adpcm_ima_expand_nibble(&c->status[0], src[0] >> 4, 6);
--- a/libavcodec/allcodecs.c
+++ b/libavcodec/allcodecs.c
@@ -370,6 +370,7 @@ void avcodec_register_all(void)
    REGISTER_ENCDEC  (XSUB, xsub);

    /* external libraries */
+    REGISTER_ENCODER (LIBAACPLUS, libaacplus);
    REGISTER_DECODER (LIBCELT, libcelt);
    REGISTER_ENCDEC  (LIBDIRAC, libdirac);
    REGISTER_ENCODER (LIBFAAC, libfaac);
@@ -380,7 +381,7 @@ void avcodec_register_all(void)
    REGISTER_DECODER (LIBOPENCORE_AMRWB, libopencore_amrwb);
    REGISTER_DECODER (LIBOPENJPEG, libopenjpeg);
    REGISTER_ENCDEC  (LIBSCHROEDINGER, libschroedinger);
-    REGISTER_DECODER (LIBSPEEX, libspeex);
+    REGISTER_ENCDEC  (LIBSPEEX, libspeex);
    REGISTER_ENCODER (LIBTHEORA, libtheora);
    REGISTER_ENCODER (LIBVO_AACENC, libvo_aacenc);
    REGISTER_ENCODER (LIBVO_AMRWBENC, libvo_amrwbenc);
--- a/libavcodec/anm.c
+++ b/libavcodec/anm.c
@@ -79,6 +79,8 @@ static inline int op(uint8_t **dst, const uint8_t *dst_end,
        int striplen = FFMIN(count, remaining);
        if (buf) {
            striplen = FFMIN(striplen, buf_end - *buf);
+            if (*buf >= buf_end)
+                goto exhausted;
            memcpy(*dst, *buf, striplen);
            *buf += striplen;
        } else if (pixel >= 0)
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -163,6 +163,18 @@ typedef struct APEContext {

 // TODO: dsputilize

+static av_cold int ape_decode_close(AVCodecContext * avctx)
+{
+    APEContext *s = avctx->priv_data;
+    int i;
+
+    for (i = 0; i < APE_FILTER_LEVELS; i++)
+        av_freep(&s->filterbuf[i]);
+
+    av_freep(&s->data);
+    return 0;
+}
+
 static av_cold int ape_decode_init(AVCodecContext * avctx)
 {
    APEContext *s = avctx->priv_data;
@@ -195,25 +207,18 @@ static av_cold int ape_decode_init(AVCodecContext * avctx)
    for (i = 0; i < APE_FILTER_LEVELS; i++) {
        if (!ape_filter_orders[s->fset][i])
            break;
-        s->filterbuf[i] = av_malloc((ape_filter_orders[s->fset][i] * 3 + HISTORY_SIZE) * 4);
+        FF_ALLOC_OR_GOTO(avctx, s->filterbuf[i],
+                         (ape_filter_orders[s->fset][i] * 3 + HISTORY_SIZE) * 4,
+                         filter_alloc_fail);
    }

    dsputil_init(&s->dsp, avctx);
    avctx->sample_fmt = AV_SAMPLE_FMT_S16;
    avctx->channel_layout = (avctx->channels==2) ? AV_CH_LAYOUT_STEREO : AV_CH_LAYOUT_MONO;
    return 0;
-}
-
-static av_cold int ape_decode_close(AVCodecContext * avctx)
-{
-    APEContext *s = avctx->priv_data;
-    int i;
-
-    for (i = 0; i < APE_FILTER_LEVELS; i++)
-        av_freep(&s->filterbuf[i]);
-
-    av_freep(&s->data);
-    return 0;
+filter_alloc_fail:
+    ape_decode_close(avctx);
+    return AVERROR(ENOMEM);
 }

 /**
@@ -797,7 +802,7 @@ static int ape_decode_frame(AVCodecContext * avctx,
    int buf_size = avpkt->size;
    APEContext *s = avctx->priv_data;
    int16_t *samples = data;
-    int nblocks;
+    uint32_t nblocks;
    int i, n;
    int blockstodecode;
    int bytes_used;
@@ -814,12 +819,15 @@ static int ape_decode_frame(AVCodecContext * avctx,
    }

    if(!s->samples){
-        s->data = av_realloc(s->data, (buf_size + 3) & ~3);
+        void *tmp_data = av_realloc(s->data, (buf_size + 3) & ~3);
+        if (!tmp_data)
+            return AVERROR(ENOMEM);
+        s->data = tmp_data;
        s->dsp.bswap_buf((uint32_t*)s->data, (const uint32_t*)buf, buf_size >> 2);
        s->ptr = s->last_ptr = s->data;
        s->data_end = s->data + buf_size;

-        nblocks = s->samples = bytestream_get_be32(&s->ptr);
+        nblocks = bytestream_get_be32(&s->ptr);
        n =  bytestream_get_be32(&s->ptr);
        if(n < 0 || n > 3){
            av_log(avctx, AV_LOG_ERROR, "Incorrect offset passed\n");
@@ -828,12 +836,13 @@ static int ape_decode_frame(AVCodecContext * avctx,
        }
        s->ptr += n;

-        s->currentframeblocks = nblocks;
        buf += 4;
-        if (s->samples <= 0) {
+        if (!nblocks || nblocks > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks);
            *data_size = 0;
-            return buf_size;
+            return AVERROR_INVALIDDATA;
        }
+        s->currentframeblocks = s->samples = nblocks;

        memset(s->decoded0,  0, sizeof(s->decoded0));
        memset(s->decoded1,  0, sizeof(s->decoded1));
--- a/libavcodec/arm/fft_fixed_neon.S
+++ b/libavcodec/arm/fft_fixed_neon.S
@@ -56,7 +56,7 @@
        vhsub.s16       \r0, \d0, \d1           @ t3, t4, t8, t7
        vhsub.s16       \r1, \d1, \d0
        vhadd.s16       \d0, \d0, \d1           @ t1, t2, t6, t5
-        vmov.i64        \d1, #0xffff<<32
+        vmov.i64        \d1, #0xffff00000000
        vbit            \r0, \r1, \d1
        vrev64.16       \r1, \r0                @ t7, t8, t4, t3
        vtrn.32         \r0, \r1                @ t3, t4, t7, t8
--- a/libavcodec/atrac1.c
+++ b/libavcodec/atrac1.c
@@ -276,7 +276,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
    const uint8_t *buf = avpkt->data;
    int buf_size       = avpkt->size;
    AT1Ctx *q          = avctx->priv_data;
-    int ch, ret, i;
+    int ch, ret, i, out_size;
    GetBitContext gb;
    float* samples = data;

@@ -286,6 +286,13 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
        return -1;
    }

+    out_size = q->channels * AT1_SU_SAMPLES *
+               av_get_bytes_per_sample(avctx->sample_fmt);
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
    for (ch = 0; ch < q->channels; ch++) {
        AT1SUCtx* su = &q->SUs[ch];

@@ -318,7 +325,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
        }
    }

-    *data_size = q->channels * AT1_SU_SAMPLES * sizeof(*samples);
+    *data_size = out_size;
    return avctx->block_align;
 }

@@ -329,6 +336,11 @@ static av_cold int atrac1_decode_init(AVCodecContext *avctx)

    avctx->sample_fmt = AV_SAMPLE_FMT_FLT;

+    if (avctx->channels < 1 || avctx->channels > AT1_MAX_CHANNELS) {
+        av_log(avctx, AV_LOG_ERROR, "Unsupported number of channels: %d\n",
+               avctx->channels);
+        return AVERROR(EINVAL);
+    }
    q->channels = avctx->channels;

    /* Init the mdct transforms */
--- a/libavcodec/avcodec.h
+++ b/libavcodec/avcodec.h
@@ -30,6 +30,7 @@
 #include "libavutil/samplefmt.h"
 #include "libavutil/avutil.h"
 #include "libavutil/cpu.h"
+#include "libavutil/dict.h"

 #include "libavcodec/version.h"

@@ -2686,7 +2687,6 @@ typedef struct AVCodecContext {

    /**
     * Bits per sample/pixel of internal libavcodec pixel/sample format.
-     * This field is applicable only when sample_fmt is AV_SAMPLE_FMT_S32.
     * - encoding: set by user.
     * - decoding: set by libavcodec.
     */
@@ -3785,6 +3785,7 @@ int avcodec_default_execute(AVCodecContext *c, int (*func)(AVCodecContext *c2, v
 int avcodec_default_execute2(AVCodecContext *c, int (*func)(AVCodecContext *c2, void *arg2, int, int),void *arg, int *ret, int count);
 //FIXME func typedef

+#if FF_API_AVCODEC_OPEN
 /**
 * Initialize the AVCodecContext to use the given AVCodec. Prior to using this
 * function the context has to be allocated.
@@ -3811,8 +3812,44 @@ int avcodec_default_execute2(AVCodecContext *c, int (*func)(AVCodecContext *c2,
 * @param codec The codec to use within the context.
 * @return zero on success, a negative value on error
 * @see avcodec_alloc_context, avcodec_find_decoder, avcodec_find_encoder, avcodec_close
+ *
+ * @deprecated use avcodec_open2
 */
 int avcodec_open(AVCodecContext *avctx, AVCodec *codec);
+#endif
+
+/**
+ * Initialize the AVCodecContext to use the given AVCodec. Prior to using this
+ * function the context has to be allocated with avcodec_alloc_context().
+ *
+ * The functions avcodec_find_decoder_by_name(), avcodec_find_encoder_by_name(),
+ * avcodec_find_decoder() and avcodec_find_encoder() provide an easy way for
+ * retrieving a codec.
+ *
+ * @warning This function is not thread safe!
+ *
+ * @code
+ * avcodec_register_all();
+ * av_dict_set(&opts, "b", "2.5M", 0);
+ * codec = avcodec_find_decoder(CODEC_ID_H264);
+ * if (!codec)
+ *     exit(1);
+ *
+ * context = avcodec_alloc_context();
+ *
+ * if (avcodec_open(context, codec, opts) < 0)
+ *     exit(1);
+ * @endcode
+ *
+ * @param avctx The context to initialize.
+ * @param options A dictionary filled with AVCodecContext and codec-private options.
+ *                On return this object will be filled with options that were not found.
+ *
+ * @return zero on success, a negative value on error
+ * @see avcodec_alloc_context3(), avcodec_find_decoder(), avcodec_find_encoder(),
+ *      av_dict_set(), av_opt_find().
+ */
+int avcodec_open2(AVCodecContext *avctx, AVCodec *codec, AVDictionary **options);

 #if FF_API_AUDIO_OLD
 /**
--- a/libavcodec/avs.c
+++ b/libavcodec/avs.c
@@ -47,6 +47,7 @@ avs_decode_frame(AVCodecContext * avctx,
                 void *data, int *data_size, AVPacket *avpkt)
 {
    const uint8_t *buf = avpkt->data;
+    const uint8_t *buf_end = avpkt->data + avpkt->size;
    int buf_size = avpkt->size;
    AvsContext *const avs = avctx->priv_data;
    AVFrame *picture = data;
@@ -69,6 +70,8 @@ avs_decode_frame(AVCodecContext * avctx,
    out = avs->picture.data[0];
    stride = avs->picture.linesize[0];

+    if (buf_end - buf < 4)
+        return AVERROR_INVALIDDATA;
    sub_type = buf[0];
    type = buf[1];
    buf += 4;
@@ -79,6 +82,8 @@ avs_decode_frame(AVCodecContext * avctx,

        first = AV_RL16(buf);
        last = first + AV_RL16(buf + 2);
+        if (first >= 256 || last > 256 || buf_end - buf < 4 + 4 + 3 * (last - first))
+            return AVERROR_INVALIDDATA;
        buf += 4;
        for (i=first; i<last; i++, buf+=3)
            pal[i] = (buf[0] << 18) | (buf[1] << 10) | (buf[2] << 2);
@@ -114,16 +119,22 @@ avs_decode_frame(AVCodecContext * avctx,
      return -1;
    }

+    if (buf_end - buf < 256 * vect_w * vect_h)
+        return AVERROR_INVALIDDATA;
    table = buf + (256 * vect_w * vect_h);
    if (sub_type != AVS_I_FRAME) {
        int map_size = ((318 / vect_w + 7) / 8) * (198 / vect_h);
-        init_get_bits(&change_map, table, map_size);
+        if (buf_end - table < map_size)
+            return AVERROR_INVALIDDATA;
+        init_get_bits(&change_map, table, map_size * 8);
        table += map_size;
    }

    for (y=0; y<198; y+=vect_h) {
        for (x=0; x<318; x+=vect_w) {
            if (sub_type == AVS_I_FRAME || get_bits1(&change_map)) {
+                if (buf_end - table < 1)
+                    return AVERROR_INVALIDDATA;
                vect = &buf[*table++ * (vect_w * vect_h)];
                for (j=0; j<vect_w; j++) {
                    out[(y + 0) * stride + x + j] = vect[(0 * vect_w) + j];
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -246,7 +246,7 @@ static void read_tree(GetBitContext *gb, Tree *tree)
            tree->syms[i] = get_bits(gb, 4);
            tmp1[tree->syms[i]] = 1;
        }
-        for (i = 0; i < 16; i++)
+        for (i = 0; i < 16 && len < 16 - 1; i++)
            if (!tmp1[i])
                tree->syms[++len] = i;
    } else {
@@ -343,14 +343,14 @@ static int read_motion_values(AVCodecContext *avctx, GetBitContext *gb, Bundle *
        memset(b->cur_dec, v, t);
        b->cur_dec += t;
    } else {
-        do {
+        while (b->cur_dec < dec_end) {
            v = GET_HUFF(gb, b->tree);
            if (v) {
                sign = -get_bits1(gb);
                v = (v ^ sign) - sign;
            }
            *b->cur_dec++ = v;
-        } while (b->cur_dec < dec_end);
+        }
    }
    return 0;
 }
@@ -374,7 +374,7 @@ static int read_block_types(AVCodecContext *avctx, GetBitContext *gb, Bundle *b)
        memset(b->cur_dec, v, t);
        b->cur_dec += t;
    } else {
-        do {
+        while (b->cur_dec < dec_end) {
            v = GET_HUFF(gb, b->tree);
            if (v < 12) {
                last = v;
@@ -382,10 +382,12 @@ static int read_block_types(AVCodecContext *avctx, GetBitContext *gb, Bundle *b)
            } else {
                int run = bink_rlelens[v - 12];

+                if (dec_end - b->cur_dec < run)
+                    return -1;
                memset(b->cur_dec, last, run);
                b->cur_dec += run;
            }
-        } while (b->cur_dec < dec_end);
+        }
    }
    return 0;
 }
@@ -456,6 +458,7 @@ static int read_dcs(AVCodecContext *avctx, GetBitContext *gb, Bundle *b,
 {
    int i, j, len, len2, bsize, sign, v, v2;
    int16_t *dst = (int16_t*)b->cur_dec;
+    int16_t *dst_end =( int16_t*)b->data_end;

    CHECK_READ_VAL(gb, b, len);
    v = get_bits(gb, start_bits - has_sign);
@@ -463,10 +466,14 @@ static int read_dcs(AVCodecContext *avctx, GetBitContext *gb, Bundle *b,
        sign = -get_bits1(gb);
        v = (v ^ sign) - sign;
    }
+    if (dst_end - dst < 1)
+        return -1;
    *dst++ = v;
    len--;
    for (i = 0; i < len; i += 8) {
        len2 = FFMIN(len - i, 8);
+        if (dst_end - dst < len2)
+            return -1;
        bsize = get_bits(gb, 4);
        if (bsize) {
            for (j = 0; j < len2; j++) {
@@ -534,6 +541,8 @@ static int binkb_read_bundle(BinkContext *c, GetBitContext *gb, int bundle_num)
    int i, len;

    CHECK_READ_VAL(gb, b, len);
+    if (b->data_end - b->cur_dec < len * (1 + (bits > 8)))
+        return -1;
    if (bits <= 8) {
        if (!issigned) {
            for (i = 0; i < len; i++)
@@ -571,6 +580,22 @@ static inline int binkb_get_value(BinkContext *c, int bundle_num)
    return ret;
 }

+static inline DCTELEM dequant(DCTELEM in, uint32_t quant, int dc)
+{
+    /* Note: multiplication is unsigned but we want signed shift
+     * otherwise clipping breaks.
+     * TODO: The official decoder does not use clipping at all
+     * but instead uses the full 32-bit result.
+     * However clipping at least gets rid of the case that a
+     * half-black half-white intra block gets black and white swapped
+     * and should cause at most minor differences (except for DC). */
+    int32_t res = in * quant;
+    res >>= 11;
+    if (!dc)
+        res = av_clip_int16(res);
+    return res;
+}
+
 /**
 * Read 8x8 block of DCT coefficients.
 *
@@ -669,10 +694,10 @@ static int read_dct_coeffs(GetBitContext *gb, DCTELEM block[64], const uint8_t *

    quant = quant_matrices[quant_idx];

-    block[0] = (block[0] * quant[0]) >> 11;
+    block[0] = dequant(block[0], quant[0], 1);
    for (i = 0; i < coef_count; i++) {
        int idx = coef_idx[i];
-        block[scan[idx]] = (block[scan[idx]] * quant[idx]) >> 11;
+        block[scan[idx]] = dequant(block[scan[idx]], quant[idx], 0);
    }

    return 0;
@@ -948,8 +973,9 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
    for (i = 0; i < BINK_NB_SRC; i++)
        read_bundle(gb, c, i);

-    ref_start = c->last.data[plane_idx];
-    ref_end   = c->last.data[plane_idx]
+    ref_start = c->last.data[plane_idx] ? c->last.data[plane_idx]
+                                        : c->pic.data[plane_idx];
+    ref_end   = ref_start
                + (bw - 1 + c->last.linesize[plane_idx] * (bh - 1)) * 8;

    for (i = 0; i < 64; i++)
@@ -978,7 +1004,8 @@ static int bink_decode_plane(BinkContext *c, GetBitContext *gb, int plane_idx,
        if (by == bh)
            break;
        dst  = c->pic.data[plane_idx]  + 8*by*stride;
-        prev = c->last.data[plane_idx] + 8*by*stride;
+        prev = (c->last.data[plane_idx] ? c->last.data[plane_idx]
+                                        : c->pic.data[plane_idx]) + 8*by*stride;
        for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
            blk = get_value(c, BINK_SRC_BLOCK_TYPES);
            // 16x16 block type on odd line means part of the already decoded block, so skip it
--- a/libavcodec/binkaudio.c
+++ b/libavcodec/binkaudio.c
@@ -153,11 +153,18 @@ static const uint8_t rle_length_tab[16] = {
    2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 32, 64
 };

+#define GET_BITS_SAFE(out, nbits) do {  \
+    if (get_bits_left(gb) < nbits)      \
+        return AVERROR_INVALIDDATA;     \
+    out = get_bits(gb, nbits);          \
+} while (0)
+
 /**
 * Decode Bink Audio block
 * @param[out] out Output buffer (must contain s->block_size elements)
+ * @return 0 on success, negative error code on failure
 */
-static void decode_block(BinkAudioContext *s, short *out, int use_dct)
+static int decode_block(BinkAudioContext *s, short *out, int use_dct)
 {
    int ch, i, j, k;
    float q, quant[25];
@@ -170,13 +177,19 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct)
    for (ch = 0; ch < s->channels; ch++) {
        FFTSample *coeffs = s->coeffs_ptr[ch];
        if (s->version_b) {
+            if (get_bits_left(gb) < 64)
+                return AVERROR_INVALIDDATA;
            coeffs[0] = av_int2flt(get_bits(gb, 32)) * s->root;
            coeffs[1] = av_int2flt(get_bits(gb, 32)) * s->root;
        } else {
+            if (get_bits_left(gb) < 58)
+                return AVERROR_INVALIDDATA;
            coeffs[0] = get_float(gb) * s->root;
            coeffs[1] = get_float(gb) * s->root;
        }

+        if (get_bits_left(gb) < s->num_bands * 8)
+            return AVERROR_INVALIDDATA;
        for (i = 0; i < s->num_bands; i++) {
            /* constant is result of 0.066399999/log10(M_E) */
            int value = get_bits(gb, 8);
@@ -191,15 +204,20 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct)
        while (i < s->frame_len) {
            if (s->version_b) {
                j = i + 16;
-            } else if (get_bits1(gb)) {
-                j = i + rle_length_tab[get_bits(gb, 4)] * 8;
            } else {
-                j = i + 8;
+                int v;
+                GET_BITS_SAFE(v, 1);
+                if (v) {
+                    GET_BITS_SAFE(v, 4);
+                    j = i + rle_length_tab[v] * 8;
+                } else {
+                    j = i + 8;
+                }
            }

            j = FFMIN(j, s->frame_len);

-            width = get_bits(gb, 4);
+            GET_BITS_SAFE(width, 4);
            if (width == 0) {
                memset(coeffs + i, 0, (j - i) * sizeof(*coeffs));
                i = j;
@@ -209,9 +227,11 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct)
                while (i < j) {
                    if (s->bands[k] == i)
                        q = quant[k++];
-                    coeff = get_bits(gb, width);
+                    GET_BITS_SAFE(coeff, width);
                    if (coeff) {
-                        if (get_bits1(gb))
+                        int v;
+                        GET_BITS_SAFE(v, 1);
+                        if (v)
                            coeffs[i] = -q * coeff;
                        else
                            coeffs[i] =  q * coeff;
@@ -247,6 +267,8 @@ static void decode_block(BinkAudioContext *s, short *out, int use_dct)
           s->overlap_len * s->channels * sizeof(*out));

    s->first = 0;
+
+    return 0;
 }

 static av_cold int decode_end(AVCodecContext *avctx)
@@ -278,12 +300,17 @@ static int decode_frame(AVCodecContext *avctx,
    int reported_size;
    GetBitContext *gb = &s->gb;

+    if (buf_size < 4) {
+        av_log(avctx, AV_LOG_ERROR, "Packet is too small\n");
+        return AVERROR_INVALIDDATA;
+    }
+
    init_get_bits(gb, buf, buf_size * 8);

    reported_size = get_bits_long(gb, 32);
-    while (get_bits_count(gb) / 8 < buf_size &&
-           samples + s->block_size <= samples_end) {
-        decode_block(s, samples, avctx->codec->id == CODEC_ID_BINKAUDIO_DCT);
+    while (samples + s->block_size <= samples_end) {
+        if (decode_block(s, samples, avctx->codec->id == CODEC_ID_BINKAUDIO_DCT))
+            break;
        samples += s->block_size;
        get_bits_align32(gb);
    }
--- a/libavcodec/bitstream.c
+++ b/libavcodec/bitstream.c
@@ -109,8 +109,8 @@ static int alloc_table(VLC *vlc, int size, int use_static)
        if(use_static)
            abort(); //cant do anything, init_vlc() is used with too little memory
        vlc->table_allocated += (1 << vlc->bits);
-        vlc->table = av_realloc(vlc->table,
-                                sizeof(VLC_TYPE) * 2 * vlc->table_allocated);
+        vlc->table = av_realloc_f(vlc->table,
+                                  vlc->table_allocated, sizeof(VLC_TYPE) * 2);
        if (!vlc->table)
            return -1;
    }
--- a/libavcodec/cabac.c
+++ b/libavcodec/cabac.c
@@ -161,10 +161,14 @@ void ff_init_cabac_states(CABACContext *c){
        ff_h264_mps_state[2*i+1]= 2*mps_state[i]+1;

        if( i ){
+            ff_h264_lps_state[2*i+0]=
            ff_h264_mlps_state[128-2*i-1]= 2*lps_state[i]+0;
+            ff_h264_lps_state[2*i+1]=
            ff_h264_mlps_state[128-2*i-2]= 2*lps_state[i]+1;
        }else{
+            ff_h264_lps_state[2*i+0]=
            ff_h264_mlps_state[128-2*i-1]= 1;
+            ff_h264_lps_state[2*i+1]=
            ff_h264_mlps_state[128-2*i-2]= 0;
        }
    }
@@ -190,7 +194,8 @@ int main(void){
    ff_init_cabac_states(&c);

    for(i=0; i<SIZE; i++){
-        r[i] = av_lfg_get(&prng) % 7;
+        if(2*i<SIZE) r[i] = av_lfg_get(&prng) % 7;
+        else         r[i] = (i>>8)&1;
    }

    for(i=0; i<SIZE; i++){
@@ -205,6 +210,7 @@ START_TIMER
 STOP_TIMER("put_cabac")
    }

+#if 0
    for(i=0; i<SIZE; i++){
 START_TIMER
        put_cabac_u(&c, state, r[i], 6, 3, i&1);
@@ -216,7 +222,7 @@ START_TIMER
        put_cabac_ueg(&c, state, r[i], 3, 0, 1, 2);
 STOP_TIMER("put_cabac_ueg")
    }
-
+#endif
    put_cabac_terminate(&c, 1);

    ff_init_cabac_decoder(&c, b, SIZE);
--- a/libavcodec/cavsdec.c
+++ b/libavcodec/cavsdec.c
@@ -115,7 +115,8 @@ static inline int get_ue_code(GetBitContext *gb, int order) {
 static int decode_residual_block(AVSContext *h, GetBitContext *gb,
                                 const struct dec_2dvlc *r, int esc_golomb_order,
                                 int qp, uint8_t *dst, int stride) {
-    int i, level_code, esc_code, level, run, mask;
+    int i, esc_code, level, mask;
+    unsigned int level_code, run;
    DCTELEM level_buf[65];
    uint8_t run_buf[65];
    DCTELEM *block = h->block;
@@ -124,6 +125,8 @@ static int decode_residual_block(AVSContext *h, GetBitContext *gb,
        level_code = get_ue_code(gb,r->golomb_order);
        if(level_code >= ESCAPE_CODE) {
            run = ((level_code - ESCAPE_CODE) >> 1) + 1;
+            if(run > 64)
+                return -1;
            esc_code = get_ue_code(gb,esc_golomb_order);
            level = esc_code + (run > r->max_run ? 1 : r->level_add[run]);
            while(level > r->inc_limit)
@@ -163,7 +166,7 @@ static inline int decode_residual_inter(AVSContext *h) {

    /* get coded block pattern */
    int cbp= get_ue_golomb(&h->s.gb);
-    if(cbp > 63){
+    if(cbp > 63U){
        av_log(h->s.avctx, AV_LOG_ERROR, "illegal inter cbp\n");
        return -1;
    }
@@ -189,7 +192,8 @@ static inline int decode_residual_inter(AVSContext *h) {

 static int decode_mb_i(AVSContext *h, int cbp_code) {
    GetBitContext *gb = &h->s.gb;
-    int block, pred_mode_uv;
+    unsigned pred_mode_uv;
+    int block;
    uint8_t top[18];
    uint8_t *left = NULL;
    uint8_t *d;
@@ -222,7 +226,7 @@ static int decode_mb_i(AVSContext *h, int cbp_code) {
    /* get coded block pattern */
    if(h->pic_type == AV_PICTURE_TYPE_I)
        cbp_code = get_ue_golomb(gb);
-    if(cbp_code > 63){
+    if(cbp_code > 63U){
        av_log(h->s.avctx, AV_LOG_ERROR, "illegal intra cbp\n");
        return -1;
    }
@@ -445,6 +449,8 @@ static inline int check_for_slice(AVSContext *h) {
    if((show_bits_long(gb,24+align) & 0xFFFFFF) == 0x000001) {
        skip_bits_long(gb,24+align);
        h->stc = get_bits(gb,8);
+        if (h->stc >= h->mb_height)
+            return 0;
        decode_slice_header(h,gb);
        return 1;
    }
@@ -659,7 +665,7 @@ static int cavs_decode_frame(AVCodecContext * avctx,void *data, int *data_size,
    buf_end = buf + buf_size;
    for(;;) {
        buf_ptr = ff_find_start_code(buf_ptr,buf_end, &stc);
-        if(stc & 0xFFFFFE00)
+        if((stc & 0xFFFFFE00) || buf_ptr == buf_end)
            return FFMAX(0, buf_ptr - buf - s->parse_context.last_index);
        input_size = (buf_end - buf_ptr)*8;
        switch(stc) {
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -335,7 +335,8 @@ static int cinepak_decode (CinepakContext *s)
             * If the frame header is followed by the bytes FE 00 00 06 00 00 then
             * this is probably one of the two known files that have 6 extra bytes
             * after the frame header. Else, assume 2 extra bytes. */
-            if ((s->data[10] == 0xFE) &&
+            if (s->size >= 16 &&
+                (s->data[10] == 0xFE) &&
                (s->data[11] == 0x00) &&
                (s->data[12] == 0x00) &&
                (s->data[13] == 0x06) &&
@@ -364,6 +365,8 @@ static int cinepak_decode (CinepakContext *s)
        s->strips[i].x2 = s->avctx->width;

        strip_size = AV_RB24 (&s->data[1]) - 12;
+        if(strip_size < 0)
+            return -1;
        s->data   += 12;
        strip_size = ((s->data + strip_size) > eod) ? (eod - s->data) : strip_size;

--- a/libavcodec/cljr.c
+++ b/libavcodec/cljr.c
@@ -67,7 +67,7 @@ static int decode_frame(AVCodecContext *avctx,
    p->pict_type= AV_PICTURE_TYPE_I;
    p->key_frame= 1;

-    init_get_bits(&a->gb, buf, buf_size);
+    init_get_bits(&a->gb, buf, buf_size * 8);

    for(y=0; y<avctx->height; y++){
        uint8_t *luma= &a->picture.data[0][ y*a->picture.linesize[0] ];
--- a/libavcodec/cook.c
+++ b/libavcodec/cook.c
@@ -1079,7 +1079,7 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
            q->subpacket[s].subbands = bytestream_get_be16(&edata_ptr);
            extradata_size -= 8;
        }
-        if (avctx->extradata_size >= 8){
+        if (extradata_size >= 8){
            bytestream_get_be32(&edata_ptr);    //Unknown unused
            q->subpacket[s].js_subband_start = bytestream_get_be16(&edata_ptr);
            q->subpacket[s].js_vlc_bits = bytestream_get_be16(&edata_ptr);
@@ -1175,8 +1175,9 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
            return -1;
        }

-        if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 0)) {
-            av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= 0 and <= 6 allowed!\n",q->subpacket[s].js_vlc_bits);
+        if ((q->subpacket[s].js_vlc_bits > 6) || (q->subpacket[s].js_vlc_bits < 2*q->subpacket[s].joint_stereo)) {
+            av_log(avctx,AV_LOG_ERROR,"js_vlc_bits = %d, only >= %d and <= 6 allowed!\n",
+                   q->subpacket[s].js_vlc_bits, 2*q->subpacket[s].joint_stereo);
            return -1;
        }

--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@@ -898,15 +898,17 @@ static void qmf_32_subbands(DCAContext * s, int chans,
    else                        /* Perfect reconstruction */
        prCoeff = fir_32bands_perfect;

+    for (i = sb_act; i < 32; i++)
+        s->raXin[i] = 0.0;
+
    /* Reconstructed channel sample index */
    for (subindex = 0; subindex < 8; subindex++) {
        /* Load in one sample from each subband and clear inactive subbands */
        for (i = 0; i < sb_act; i++){
-            uint32_t v = AV_RN32A(&samples_in[i][subindex]) ^ ((i-1)&2)<<30;
+            unsigned sign = (i - 1) & 2;
+            uint32_t v = AV_RN32A(&samples_in[i][subindex]) ^ sign << 30;
            AV_WN32A(&s->raXin[i], v);
        }
-        for (; i < 32; i++)
-            s->raXin[i] = 0.0;

        s->synth.synth_filter_float(&s->imdct,
                              s->subband_fir_hist[chans], &s->hist_index[chans],
@@ -1650,6 +1652,7 @@ static int dca_decode_frame(AVCodecContext * avctx,
    //set AVCodec values with parsed data
    avctx->sample_rate = s->sample_rate;
    avctx->bit_rate = s->bit_rate;
+    avctx->frame_size = s->sample_blocks * 32;

    s->profile = FF_PROFILE_DTS;

--- a/libavcodec/dirac.c
+++ b/libavcodec/dirac.c
@@ -120,7 +120,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
    // chroma subsampling
    if (get_bits1(gb))
        source->chroma_format = svq3_get_ue_golomb(gb);
-    if (source->chroma_format > 2) {
+    if (source->chroma_format > 2U) {
        av_log(avctx, AV_LOG_ERROR, "Unknown chroma format %d\n",
               source->chroma_format);
        return -1;
@@ -128,14 +128,14 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,

    if (get_bits1(gb))
        source->interlaced = svq3_get_ue_golomb(gb);
-    if (source->interlaced > 1)
+    if (source->interlaced > 1U)
        return -1;

    // frame rate
    if (get_bits1(gb)) {
        source->frame_rate_index = svq3_get_ue_golomb(gb);

-        if (source->frame_rate_index > 10)
+        if (source->frame_rate_index > 10U)
            return -1;

        if (!source->frame_rate_index) {
@@ -156,7 +156,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
    if (get_bits1(gb)) {
        source->aspect_ratio_index = svq3_get_ue_golomb(gb);

-        if (source->aspect_ratio_index > 6)
+        if (source->aspect_ratio_index > 6U)
            return -1;

        if (!source->aspect_ratio_index) {
@@ -179,7 +179,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
    if (get_bits1(gb)) {
        source->pixel_range_index = svq3_get_ue_golomb(gb);

-        if (source->pixel_range_index > 4)
+        if (source->pixel_range_index > 4U)
            return -1;

        // This assumes either fullrange or MPEG levels only
@@ -207,7 +207,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
    if (get_bits1(gb)) {
        idx = source->color_spec_index = svq3_get_ue_golomb(gb);

-        if (source->color_spec_index > 4)
+        if (source->color_spec_index > 4U)
            return -1;

        avctx->color_primaries = dirac_color_presets[idx].color_primaries;
@@ -217,7 +217,7 @@ static int parse_source_parameters(AVCodecContext *avctx, GetBitContext *gb,
        if (!source->color_spec_index) {
            if (get_bits1(gb)) {
                idx = svq3_get_ue_golomb(gb);
-                if (idx < 3)
+                if (idx < 3U)
                    avctx->color_primaries = dirac_primaries[idx];
            }

@@ -259,7 +259,7 @@ int ff_dirac_parse_sequence_header(AVCodecContext *avctx, GetBitContext *gb,
    else if (version_major > 2)
        av_log(avctx, AV_LOG_WARNING, "Stream may have unhandled features\n");

-    if (video_format > 20)
+    if (video_format > 20U)
        return -1;

    // Fill in defaults for the source parameters.
--- a/libavcodec/dsicinav.c
+++ b/libavcodec/dsicinav.c
@@ -217,7 +217,11 @@ static int cinvideo_decode_frame(AVCodecContext *avctx,
    bitmap_frame_size = buf_size - 4;

    /* handle palette */
+    if (bitmap_frame_size < palette_colors_count * (3 + (palette_type != 0)))
+        return AVERROR_INVALIDDATA;
    if (palette_type == 0) {
+        if (palette_colors_count > 256)
+            return AVERROR_INVALIDDATA;
        for (i = 0; i < palette_colors_count; ++i) {
            cin->palette[i] = bytestream_get_le24(&buf);
            bitmap_frame_size -= 3;
@@ -306,6 +310,11 @@ static av_cold int cinaudio_decode_init(AVCodecContext *avctx)
    CinAudioContext *cin = avctx->priv_data;

    cin->avctx = avctx;
+    if (avctx->channels != 1) {
+        av_log_ask_for_sample(avctx, "Number of channels is not supported\n");
+        return AVERROR_PATCHWELCOME;
+    }
+
    cin->initial_decode_frame = 1;
    cin->delta = 0;
    avctx->sample_fmt = AV_SAMPLE_FMT_S16;
--- a/libavcodec/dvbsubdec.c
+++ b/libavcodec/dvbsubdec.c
@@ -1360,7 +1360,7 @@ static int dvbsub_display_end_segment(AVCodecContext *avctx, const uint8_t *buf,
        rect->y = display->y_pos + offset_y;
        rect->w = region->width;
        rect->h = region->height;
-        rect->nb_colors = 16;
+        rect->nb_colors = (1 << region->depth);
        rect->type      = SUBTITLE_BITMAP;
        rect->pict.linesize[0] = region->width;

--- a/libavcodec/dvdata.c
+++ b/libavcodec/dvdata.c
@@ -248,11 +248,13 @@ static const DVprofile dv_profiles[] = {
 const DVprofile* ff_dv_frame_profile(const DVprofile *sys,
                                  const uint8_t* frame, unsigned buf_size)
 {
-   int i;
+   int i, dsf, stype;

-   int dsf = (frame[3] & 0x80) >> 7;
+   if(buf_size < DV_PROFILE_BYTES)
+       return NULL;

-   int stype = frame[80*5 + 48 + 3] & 0x1f;
+   dsf = (frame[3] & 0x80) >> 7;
+   stype = frame[80*5 + 48 + 3] & 0x1f;

   /* 576i50 25Mbps 4:1:1 is a special case */
   if (dsf == 1 && stype == 0 && frame[4] & 0x07 /* the APT field */) {
--- a/libavcodec/dxva2_h264.c
+++ b/libavcodec/dxva2_h264.c
@@ -158,9 +158,10 @@ static void fill_scaling_lists(const H264Context *h, DXVA_Qmatrix_H264 *qm)
        for (j = 0; j < 16; j++)
            qm->bScalingLists4x4[i][j] = h->pps.scaling_matrix4[i][zigzag_scan[j]];

-    for (i = 0; i < 2; i++)
-        for (j = 0; j < 64; j++)
-            qm->bScalingLists8x8[i][j] = h->pps.scaling_matrix8[i][ff_zigzag_direct[j]];
+    for (j = 0; j < 64; j++) {
+        qm->bScalingLists8x8[0][j] = h->pps.scaling_matrix8[0][ff_zigzag_direct[j]];
+        qm->bScalingLists8x8[1][j] = h->pps.scaling_matrix8[3][ff_zigzag_direct[j]];
+    }
 }

 static int is_slice_short(struct dxva_context *ctx)
--- a/libavcodec/eacmv.c
+++ b/libavcodec/eacmv.c
@@ -56,7 +56,7 @@ static void cmv_decode_intra(CmvContext * s, const uint8_t *buf, const uint8_t *
    unsigned char *dst = s->frame.data[0];
    int i;

-    for (i=0; i < s->avctx->height && buf+s->avctx->width<=buf_end; i++) {
+    for (i=0; i < s->avctx->height && buf_end - buf >= s->avctx->width; i++) {
        memcpy(dst, buf, s->avctx->width);
        dst += s->frame.linesize[0];
        buf += s->avctx->width;
@@ -88,7 +88,7 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t *

    i = 0;
    for(y=0; y<s->avctx->height/4; y++)
-    for(x=0; x<s->avctx->width/4 && buf+i<buf_end; x++) {
+    for(x=0; x<s->avctx->width/4 && buf_end - buf > i; x++) {
        if (buf[i]==0xFF) {
            unsigned char *dst = s->frame.data[0] + (y*4)*s->frame.linesize[0] + x*4;
            if (raw+16<buf_end && *raw==0xFF) { /* intra */
@@ -110,9 +110,10 @@ static void cmv_decode_inter(CmvContext * s, const uint8_t *buf, const uint8_t *
        }else{  /* inter using last frame as reference */
            int xoffset = (buf[i] & 0xF) - 7;
            int yoffset = ((buf[i] >> 4)) - 7;
-            cmv_motcomp(s->frame.data[0], s->frame.linesize[0],
-                      s->last_frame.data[0], s->last_frame.linesize[0],
-                      x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height);
+            if (s->last_frame.data[0])
+                cmv_motcomp(s->frame.data[0], s->frame.linesize[0],
+                          s->last_frame.data[0], s->last_frame.linesize[0],
+                          x*4, y*4, xoffset, yoffset, s->avctx->width, s->avctx->height);
        }
        i++;
    }
@@ -122,7 +123,7 @@ static void cmv_process_header(CmvContext *s, const uint8_t *buf, const uint8_t
 {
    int pal_start, pal_count, i;

-    if(buf+16>=buf_end) {
+    if(buf_end - buf < 16) {
        av_log(s->avctx, AV_LOG_WARNING, "truncated header\n");
        return;
    }
@@ -139,7 +140,7 @@ static void cmv_process_header(CmvContext *s, const uint8_t *buf, const uint8_t
    pal_count = AV_RL16(&buf[14]);

    buf += 16;
-    for (i=pal_start; i<pal_start+pal_count && i<AVPALETTE_COUNT && buf+2<buf_end; i++) {
+    for (i=pal_start; i<pal_start+pal_count && i<AVPALETTE_COUNT && buf_end - buf >= 3; i++) {
        s->palette[i] = AV_RB24(buf);
        buf += 3;
    }
@@ -157,6 +158,9 @@ static int cmv_decode_frame(AVCodecContext *avctx,
    CmvContext *s = avctx->priv_data;
    const uint8_t *buf_end = buf + buf_size;

+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
    if (AV_RL32(buf)==MVIh_TAG||AV_RB32(buf)==MVIh_TAG) {
        cmv_process_header(s, buf+EA_PREAMBLE_SIZE, buf_end);
        return buf_size;
--- a/libavcodec/eamad.c
+++ b/libavcodec/eamad.c
@@ -85,15 +85,21 @@ static inline void comp_block(MadContext *t, int mb_x, int mb_y,
 {
    MpegEncContext *s = &t->s;
    if (j < 4) {
+        unsigned offset = (mb_y*16 + ((j&2)<<2) + mv_y)*t->last_frame.linesize[0] + mb_x*16 + ((j&1)<<3) + mv_x;
+        if (offset >= (s->height - 7) * t->last_frame.linesize[0] - 7)
+            return;
        comp(t->frame.data[0] + (mb_y*16 + ((j&2)<<2))*t->frame.linesize[0] + mb_x*16 + ((j&1)<<3),
             t->frame.linesize[0],
-             t->last_frame.data[0] + (mb_y*16 + ((j&2)<<2) + mv_y)*t->last_frame.linesize[0] + mb_x*16 + ((j&1)<<3) + mv_x,
+             t->last_frame.data[0] + offset,
             t->last_frame.linesize[0], add);
    } else if (!(s->avctx->flags & CODEC_FLAG_GRAY)) {
        int index = j - 3;
+        unsigned offset = (mb_y * 8 + (mv_y/2))*t->last_frame.linesize[index] + mb_x * 8 + (mv_x/2);
+        if (offset >= (s->height/2 - 7) * t->last_frame.linesize[index] - 7)
+            return;
        comp(t->frame.data[index] + (mb_y*8)*t->frame.linesize[index] + mb_x * 8,
             t->frame.linesize[index],
-             t->last_frame.data[index] + (mb_y * 8 + (mv_y/2))*t->last_frame.linesize[index] + mb_x * 8 + (mv_x/2),
+             t->last_frame.data[index] + offset,
             t->last_frame.linesize[index], add);
    }
 }
@@ -205,7 +211,8 @@ static void decode_mb(MadContext *t, int inter)
    for (j=0; j<6; j++) {
        if (mv_map & (1<<j)) {  // mv_x and mv_y are guarded by mv_map
            int add = 2*decode_motion(&s->gb);
-            comp_block(t, s->mb_x, s->mb_y, j, mv_x, mv_y, add);
+            if (t->last_frame.data[0])
+                comp_block(t, s->mb_x, s->mb_y, j, mv_x, mv_y, add);
        } else {
            s->dsp.clear_block(t->block);
            decode_block_intra(t, t->block);
@@ -266,6 +273,8 @@ static int decode_frame(AVCodecContext *avctx,
        avcodec_set_dimensions(avctx, s->width, s->height);
        if (t->frame.data[0])
            avctx->release_buffer(avctx, &t->frame);
+        if (t->last_frame.data[0])
+            avctx->release_buffer(avctx, &t->last_frame);
    }

    t->frame.reference = 1;
@@ -280,6 +289,7 @@ static int decode_frame(AVCodecContext *avctx,
    if (!t->bitstream_buf)
        return AVERROR(ENOMEM);
    bswap16_buf(t->bitstream_buf, (const uint16_t*)buf, (buf_end-buf)/2);
+    memset((uint8_t*)t->bitstream_buf + (buf_end-buf), 0, FF_INPUT_BUFFER_PADDING_SIZE);
    init_get_bits(&s->gb, t->bitstream_buf, 8*(buf_end-buf));

    for (s->mb_y=0; s->mb_y < (avctx->height+15)/16; s->mb_y++)
--- a/libavcodec/eatgv.c
+++ b/libavcodec/eatgv.c
@@ -74,7 +74,7 @@ static int unpack(const uint8_t *src, const uint8_t *src_end, unsigned char *dst
    else
        src += 2;

-    if (src+3>src_end)
+    if (src_end - src < 3)
        return -1;
    size = AV_RB24(src);
    src += 3;
@@ -138,7 +138,7 @@ static int unpack(const uint8_t *src, const uint8_t *src_end, unsigned char *dst
 * @return 0 on success, -1 on critical buffer underflow
 */
 static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *buf_end){
-    unsigned char *frame0_end = s->last_frame.data[0] + s->avctx->width*s->last_frame.linesize[0];
+    unsigned last_frame_size = s->avctx->height*s->last_frame.linesize[0];
    int num_mvs;
    int num_blocks_raw;
    int num_blocks_packed;
@@ -148,7 +148,7 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b
    int mvbits;
    const unsigned char *blocks_raw;

-    if(buf+12>buf_end)
+    if(buf_end - buf < 12)
        return -1;

    num_mvs           = AV_RL16(&buf[0]);
@@ -171,7 +171,7 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b
    /* read motion vectors */
    mvbits = (num_mvs*2*10+31) & ~31;

-    if (buf+(mvbits>>3)+16*num_blocks_raw+8*num_blocks_packed>buf_end)
+    if (buf_end - buf < (mvbits>>3)+16*num_blocks_raw+8*num_blocks_packed)
        return -1;

    init_get_bits(&gb, buf, mvbits);
@@ -207,12 +207,14 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b
        int src_stride;

        if (vector < num_mvs) {
-            src = s->last_frame.data[0] +
-                  (y*4 + s->mv_codebook[vector][1])*s->last_frame.linesize[0] +
-                   x*4 + s->mv_codebook[vector][0];
+            unsigned offset =
+                (y*4 + s->mv_codebook[vector][1])*s->last_frame.linesize[0] +
+                 x*4 + s->mv_codebook[vector][0];
+
            src_stride = s->last_frame.linesize[0];
-            if (src+3*src_stride+3>=frame0_end)
+            if (offset >= last_frame_size - (3*src_stride+3))
                continue;
+            src = s->last_frame.data[0] + offset;
        }else{
            int offset = vector - num_mvs;
            if (offset<num_blocks_raw)
@@ -252,12 +254,15 @@ static int tgv_decode_frame(AVCodecContext *avctx,
    const uint8_t *buf_end = buf + buf_size;
    int chunk_type;

+    if (buf_end - buf < EA_PREAMBLE_SIZE)
+        return AVERROR_INVALIDDATA;
+
    chunk_type = AV_RL32(&buf[0]);
    buf += EA_PREAMBLE_SIZE;

    if (chunk_type==kVGT_TAG) {
        int pal_count, i;
-        if(buf+12>buf_end) {
+        if(buf_end - buf < 12) {
            av_log(avctx, AV_LOG_WARNING, "truncated header\n");
            return -1;
        }
@@ -272,7 +277,7 @@ static int tgv_decode_frame(AVCodecContext *avctx,

        pal_count = AV_RL16(&buf[6]);
        buf += 12;
-        for(i=0; i<pal_count && i<AVPALETTE_COUNT && buf+2<buf_end; i++) {
+        for(i=0; i<pal_count && i<AVPALETTE_COUNT && buf_end - buf >= 3; i++) {
            s->palette[i] = AV_RB24(buf);
            buf += 3;
        }
--- a/libavcodec/error_resilience.c
+++ b/libavcodec/error_resilience.c
@@ -660,7 +660,7 @@ static int is_intra_more_likely(MpegEncContext *s){

    if(s->codec_id == CODEC_ID_H264){
        H264Context *h= (void*)s;
-        if(h->ref_count[0] <= 0 || !h->ref_list[0][0].data[0])
+        if (h->list_count <= 0 || h->ref_count[0] <= 0 || !h->ref_list[0][0].data[0])
            return 1;
    }

--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -1805,7 +1805,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
        bytes_read = c->bytestream - c->bytestream_start - 1;
        if(bytes_read ==0) av_log(avctx, AV_LOG_ERROR, "error at end of AC stream\n"); //FIXME
 //printf("pos=%d\n", bytes_read);
-        init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, buf_size - bytes_read);
+        init_get_bits(&f->slice_context[0]->gb, buf + bytes_read, (buf_size - bytes_read) * 8);
    } else {
        bytes_read = 0; /* avoid warning */
    }
@@ -1822,7 +1822,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
        if(fs->ac){
            ff_init_range_decoder(&fs->c, buf_p, v);
        }else{
-            init_get_bits(&fs->gb, buf_p, v);
+            init_get_bits(&fs->gb, buf_p, v * 8);
        }
    }

--- a/libavcodec/flacdec.c
+++ b/libavcodec/flacdec.c
@@ -228,9 +228,11 @@ static int get_metadata_size(const uint8_t *buf, int buf_size)

    buf += 4;
    do {
+        if (buf_end - buf < 4)
+            return 0;
        ff_flac_parse_block_header(buf, &metadata_last, NULL, &metadata_size);
        buf += 4;
-        if (buf + metadata_size > buf_end) {
+        if (buf_end - buf < metadata_size) {
            /* need more data in order to read the complete header */
            return 0;
        }
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -132,7 +132,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
    FlicDecodeContext *s = avctx->priv_data;

    int stream_ptr = 0;
-    int stream_ptr_after_color_chunk;
    int pixel_ptr;
    int palette_ptr;
    unsigned char palette_idx1;
@@ -172,7 +171,11 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
    pixels = s->frame.data[0];
    pixel_limit = s->avctx->height * s->frame.linesize[0];

+    if (buf_size < 16 || buf_size > INT_MAX - (3 * 256 + FF_INPUT_BUFFER_PADDING_SIZE))
+        return AVERROR_INVALIDDATA;
    frame_size = AV_RL32(&buf[stream_ptr]);
+    if (frame_size > buf_size)
+        frame_size = buf_size;
    stream_ptr += 6;  /* skip the magic number */
    num_chunks = AV_RL16(&buf[stream_ptr]);
    stream_ptr += 10;  /* skip padding */
@@ -180,13 +183,16 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
    frame_size -= 16;

    /* iterate through the chunks */
-    while ((frame_size > 0) && (num_chunks > 0)) {
+    while ((frame_size >= 6) && (num_chunks > 0)) {
+        int stream_ptr_after_chunk;
        chunk_size = AV_RL32(&buf[stream_ptr]);
        if (chunk_size > frame_size) {
            av_log(avctx, AV_LOG_WARNING,
                   "Invalid chunk_size = %u > frame_size = %u\n", chunk_size, frame_size);
            chunk_size = frame_size;
        }
+        stream_ptr_after_chunk = stream_ptr + chunk_size;
+
        stream_ptr += 4;
        chunk_type = AV_RL16(&buf[stream_ptr]);
        stream_ptr += 2;
@@ -194,8 +200,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
        switch (chunk_type) {
        case FLI_256_COLOR:
        case FLI_COLOR:
-            stream_ptr_after_color_chunk = stream_ptr + chunk_size - 6;
-
            /* check special case: If this file is from the Magic Carpet
             * game and uses 6-bit colors even though it reports 256-color
             * chunks in a 0xAF12-type file (fli_type is set to 0xAF13 during
@@ -219,6 +223,9 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                if (color_changes == 0)
                    color_changes = 256;

+                if (stream_ptr + color_changes * 3 > stream_ptr_after_chunk)
+                    break;
+
                for (j = 0; j < color_changes; j++) {
                    unsigned int entry;

@@ -235,13 +242,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                    s->palette[palette_ptr++] = entry;
                }
            }
-
-            /* color chunks sometimes have weird 16-bit alignment issues;
-             * therefore, take the hardline approach and set the stream_ptr
-             * to the value calculated w.r.t. the size specified by the color
-             * chunk header */
-            stream_ptr = stream_ptr_after_color_chunk;
-
            break;

        case FLI_DELTA:
@@ -249,6 +249,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
            compressed_lines = AV_RL16(&buf[stream_ptr]);
            stream_ptr += 2;
            while (compressed_lines > 0) {
+                if (stream_ptr + 2 > stream_ptr_after_chunk)
+                    break;
                line_packets = AV_RL16(&buf[stream_ptr]);
                stream_ptr += 2;
                if ((line_packets & 0xC000) == 0xC000) {
@@ -268,6 +270,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                    CHECK_PIXEL_PTR(0);
                    pixel_countdown = s->avctx->width;
                    for (i = 0; i < line_packets; i++) {
+                        if (stream_ptr + 2 > stream_ptr_after_chunk)
+                            break;
                        /* account for the skip bytes */
                        pixel_skip = buf[stream_ptr++];
                        pixel_ptr += pixel_skip;
@@ -284,6 +288,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                            }
                        } else {
                            CHECK_PIXEL_PTR(byte_run * 2);
+                            if (stream_ptr + byte_run * 2 > stream_ptr_after_chunk)
+                                break;
                            for (j = 0; j < byte_run * 2; j++, pixel_countdown--) {
                                palette_idx1 = buf[stream_ptr++];
                                pixels[pixel_ptr++] = palette_idx1;
@@ -310,6 +316,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                CHECK_PIXEL_PTR(0);
                pixel_countdown = s->avctx->width;
                line_packets = buf[stream_ptr++];
+                if (stream_ptr + 2 * line_packets > stream_ptr_after_chunk)
+                    break;
                if (line_packets > 0) {
                    for (i = 0; i < line_packets; i++) {
                        /* account for the skip bytes */
@@ -319,6 +327,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                        byte_run = (signed char)(buf[stream_ptr++]);
                        if (byte_run > 0) {
                            CHECK_PIXEL_PTR(byte_run);
+                            if (stream_ptr + byte_run > stream_ptr_after_chunk)
+                                break;
                            for (j = 0; j < byte_run; j++, pixel_countdown--) {
                                palette_idx1 = buf[stream_ptr++];
                                pixels[pixel_ptr++] = palette_idx1;
@@ -356,6 +366,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                stream_ptr++;
                pixel_countdown = s->avctx->width;
                while (pixel_countdown > 0) {
+                    if (stream_ptr + 1 > stream_ptr_after_chunk)
+                        break;
                    byte_run = (signed char)(buf[stream_ptr++]);
                    if (byte_run > 0) {
                        palette_idx1 = buf[stream_ptr++];
@@ -370,6 +382,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                    } else {  /* copy bytes if byte_run < 0 */
                        byte_run = -byte_run;
                        CHECK_PIXEL_PTR(byte_run);
+                        if (stream_ptr + byte_run > stream_ptr_after_chunk)
+                            break;
                        for (j = 0; j < byte_run; j++) {
                            palette_idx1 = buf[stream_ptr++];
                            pixels[pixel_ptr++] = palette_idx1;
@@ -387,10 +401,9 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,

        case FLI_COPY:
            /* copy the chunk (uncompressed frame) */
-            if (chunk_size - 6 > s->avctx->width * s->avctx->height) {
+            if (chunk_size - 6 != s->avctx->width * s->avctx->height) {
                av_log(avctx, AV_LOG_ERROR, "In chunk FLI_COPY : source data (%d bytes) " \
-                       "bigger than image, skipping chunk\n", chunk_size - 6);
-                stream_ptr += chunk_size - 6;
+                       "has incorrect size, skipping chunk\n", chunk_size - 6);
            } else {
                for (y_ptr = 0; y_ptr < s->frame.linesize[0] * s->avctx->height;
                     y_ptr += s->frame.linesize[0]) {
@@ -403,7 +416,6 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,

        case FLI_MINI:
            /* some sort of a thumbnail? disregard this chunk... */
-            stream_ptr += chunk_size - 6;
            break;

        default:
@@ -411,6 +423,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
            break;
        }

+        stream_ptr = stream_ptr_after_chunk;
+
        frame_size -= chunk_size;
        num_chunks--;
    }
--- a/libavcodec/golomb.h
+++ b/libavcodec/golomb.h
@@ -75,6 +75,20 @@ static inline int get_ue_golomb(GetBitContext *gb){
    }
 }

+/**
+ * Read an unsigned Exp-Golomb code in the range 0 to UINT32_MAX-1.
+ */
+static inline unsigned get_ue_golomb_long(GetBitContext *gb)
+{
+    unsigned buf, log;
+
+    buf = show_bits_long(gb, 32);
+    log = 31 - av_log2(buf);
+    skip_bits_long(gb, log);
+
+    return get_bits_long(gb, log + 1) - 1;
+}
+
 /**
 * read unsigned exp golomb code, constraint to a max of 31.
 * the return value is undefined if the stored value exceeds 31.
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -380,7 +380,7 @@ uint64_t time= rdtsc();


 retry:
-    if(s->divx_packed && s->xvid_build>=0 && s->bitstream_buffer_size){
+    if(s->divx_packed && s->bitstream_buffer_size){
        int i;
        for(i=0; i<buf_size-3; i++){
            if(buf[i]==0 && buf[i+1]==0 && buf[i+2]==1){
@@ -689,7 +689,7 @@ frame_end:
        int current_pos= s->gb.buffer == s->bitstream_buffer ? 0 : (get_bits_count(&s->gb)>>3);
        int startcode_found=0;

-        if(buf_size - current_pos > 5){
+        if(buf_size - current_pos > 7){
            int i;
            for(i=current_pos; i<buf_size-4; i++){
                if(buf[i]==0 && buf[i+1]==0 && buf[i+2]==1 && buf[i+3]==0xB6){
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -106,12 +106,9 @@ int ff_h264_check_intra4x4_pred_mode(H264Context *h){
    }

    return 0;
-} //FIXME cleanup like ff_h264_check_intra_pred_mode
+} //FIXME cleanup like check_intra_pred_mode

-/**
- * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks.
- */
-int ff_h264_check_intra_pred_mode(H264Context *h, int mode){
+static int check_intra_pred_mode(H264Context *h, int mode, int is_chroma){
    MpegEncContext * const s = &h->s;
    static const int8_t top [7]= {LEFT_DC_PRED8x8, 1,-1,-1};
    static const int8_t left[7]= { TOP_DC_PRED8x8,-1, 2,-1,DC_128_PRED8x8};
@@ -131,7 +128,7 @@ int ff_h264_check_intra_pred_mode(H264Context *h, int mode){

    if((h->left_samples_available&0x8080) != 0x8080){
        mode= left[ mode ];
-        if(h->left_samples_available&0x8080){ //mad cow disease mode, aka MBAFF + constrained_intra_pred
+        if(is_chroma && (h->left_samples_available&0x8080)){ //mad cow disease mode, aka MBAFF + constrained_intra_pred
            mode= ALZHEIMER_DC_L0T_PRED8x8 + (!(h->left_samples_available&0x8000)) + 2*(mode == DC_128_PRED8x8);
        }
        if(mode<0){
@@ -143,6 +140,23 @@ int ff_h264_check_intra_pred_mode(H264Context *h, int mode){
    return mode;
 }

+/**
+ * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks.
+ */
+int ff_h264_check_intra16x16_pred_mode(H264Context *h, int mode)
+{
+    return check_intra_pred_mode(h, mode, 0);
+}
+
+/**
+ * checks if the top & left blocks are available if needed & changes the dc mode so it only uses the available blocks.
+ */
+int ff_h264_check_intra_chroma_pred_mode(H264Context *h, int mode)
+{
+    return check_intra_pred_mode(h, mode, 1);
+}
+
+
 const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_length, int *consumed, int length){
    int i, si, di;
    uint8_t *dst;
@@ -183,20 +197,28 @@ const uint8_t *ff_h264_decode_nal(H264Context *h, const uint8_t *src, int *dst_l
        i-= RS;
    }

-    if(i>=length-1){ //no escaped 0
-        *dst_length= length;
-        *consumed= length+1; //+1 for the header
-        return src;
-    }
-
    bufidx = h->nal_unit_type == NAL_DPC ? 1 : 0; // use second escape buffer for inter data
-    av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE);
+    si=h->rbsp_buffer_size[bufidx];
+    av_fast_malloc(&h->rbsp_buffer[bufidx], &h->rbsp_buffer_size[bufidx], length+FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);
    dst= h->rbsp_buffer[bufidx];
+    if(si != h->rbsp_buffer_size[bufidx])
+        memset(dst + length, 0, FF_INPUT_BUFFER_PADDING_SIZE+MAX_MBPAIR_SIZE);

    if (dst == NULL){
        return NULL;
    }

+    if(i>=length-1){ //no escaped 0
+        *dst_length= length;
+        *consumed= length+1; //+1 for the header
+        if(h->s.avctx->flags2 & CODEC_FLAG2_FAST){
+            return src;
+        }else{
+            memcpy(dst, src, length);
+            return dst;
+        }
+    }
+
 //printf("decoding esc\n");
    memcpy(dst, src, i);
    si=di=i;
@@ -997,8 +1019,12 @@ static av_cold void common_init(H264Context *h){
    s->height = s->avctx->height;
    s->codec_id= s->avctx->codec->id;

-    ff_h264dsp_init(&h->h264dsp, 8);
-    ff_h264_pred_init(&h->hpc, s->codec_id, 8);
+    s->avctx->bits_per_raw_sample = 8;
+
+    ff_h264dsp_init(&h->h264dsp,
+                    s->avctx->bits_per_raw_sample);
+    ff_h264_pred_init(&h->hpc, s->codec_id,
+                      s->avctx->bits_per_raw_sample);

    h->dequant_coeff_pps= -1;
    s->unrestricted_mv=1;
@@ -1010,17 +1036,20 @@ static av_cold void common_init(H264Context *h){
    memset(h->pps.scaling_matrix8, 16, 2*64*sizeof(uint8_t));
 }

-int ff_h264_decode_extradata(H264Context *h)
+int ff_h264_decode_extradata(H264Context *h, const uint8_t *buf, int size)
 {
    AVCodecContext *avctx = h->s.avctx;

-    if(avctx->extradata[0] == 1){
+    if(!buf || size <= 0)
+        return -1;
+
+    if(buf[0] == 1){
        int i, cnt, nalsize;
-        unsigned char *p = avctx->extradata;
+        const unsigned char *p = buf;

        h->is_avc = 1;

-        if(avctx->extradata_size < 7) {
+        if(size < 7) {
            av_log(avctx, AV_LOG_ERROR, "avcC too short\n");
            return -1;
        }
@@ -1032,6 +1061,8 @@ int ff_h264_decode_extradata(H264Context *h)
        p += 6;
        for (i = 0; i < cnt; i++) {
            nalsize = AV_RB16(p) + 2;
+            if(nalsize > size - (p-buf))
+                return -1;
            if(decode_nal_units(h, p, nalsize) < 0) {
                av_log(avctx, AV_LOG_ERROR, "Decoding sps %d from avcC failed\n", i);
                return -1;
@@ -1042,6 +1073,8 @@ int ff_h264_decode_extradata(H264Context *h)
        cnt = *(p++); // Number of pps
        for (i = 0; i < cnt; i++) {
            nalsize = AV_RB16(p) + 2;
+            if(nalsize > size - (p-buf))
+                return -1;
            if (decode_nal_units(h, p, nalsize) < 0) {
                av_log(avctx, AV_LOG_ERROR, "Decoding pps %d from avcC failed\n", i);
                return -1;
@@ -1049,10 +1082,10 @@ int ff_h264_decode_extradata(H264Context *h)
            p += nalsize;
        }
        // Now store right nal length size, that will be use to parse all other nals
-        h->nal_length_size = (avctx->extradata[4] & 0x03) + 1;
+        h->nal_length_size = (buf[4] & 0x03) + 1;
    } else {
        h->is_avc = 0;
-        if(decode_nal_units(h, avctx->extradata, avctx->extradata_size) < 0)
+        if(decode_nal_units(h, buf, size) < 0)
            return -1;
    }
    return 0;
@@ -1096,7 +1129,7 @@ av_cold int ff_h264_decode_init(AVCodecContext *avctx){
    }

    if(avctx->extradata_size > 0 && avctx->extradata &&
-        ff_h264_decode_extradata(h))
+        ff_h264_decode_extradata(h, avctx->extradata, avctx->extradata_size))
        return -1;

    if(h->sps.bitstream_restriction_flag && s->avctx->has_b_frames < h->sps.num_reorder_frames){
@@ -1165,7 +1198,10 @@ static int decode_update_thread_context(AVCodecContext *dst, const AVCodecContex
        memcpy(&h->s + 1, &h1->s + 1, sizeof(H264Context) - sizeof(MpegEncContext)); //copy all fields after MpegEnc
        memset(h->sps_buffers, 0, sizeof(h->sps_buffers));
        memset(h->pps_buffers, 0, sizeof(h->pps_buffers));
-        ff_h264_alloc_tables(h);
+        if (ff_h264_alloc_tables(h) < 0) {
+            av_log(dst, AV_LOG_ERROR, "Could not allocate memory for h264\n");
+            return AVERROR(ENOMEM);
+        }
        context_init(h);

        for(i=0; i<2; i++){
@@ -1403,7 +1439,7 @@ static void decode_postinit(H264Context *h, int setup_finished){
    pics = 0;
    while(h->delayed_pic[pics]) pics++;

-    assert(pics <= MAX_DELAYED_PIC_COUNT);
+    av_assert0(pics <= MAX_DELAYED_PIC_COUNT);

    h->delayed_pic[pics++] = cur;
    if(cur->reference == 0)
@@ -1848,15 +1884,30 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i
                    tmp_y[j] = get_bits(&gb, bit_depth);
            }
            if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){
-                for (i = 0; i < 8; i++) {
-                    uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize);
-                    for (j = 0; j < 8; j++)
-                        tmp_cb[j] = get_bits(&gb, bit_depth);
-                }
-                for (i = 0; i < 8; i++) {
-                    uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize);
-                    for (j = 0; j < 8; j++)
-                        tmp_cr[j] = get_bits(&gb, bit_depth);
+                if (!h->sps.chroma_format_idc) {
+                    for (i = 0; i < 8; i++) {
+                        uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize);
+                        for (j = 0; j < 8; j++) {
+                            tmp_cb[j] = 1 << (bit_depth - 1);
+                        }
+                    }
+                    for (i = 0; i < 8; i++) {
+                        uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize);
+                        for (j = 0; j < 8; j++) {
+                            tmp_cr[j] = 1 << (bit_depth - 1);
+                        }
+                    }
+                } else {
+                    for (i = 0; i < 8; i++) {
+                        uint16_t *tmp_cb = (uint16_t*)(dest_cb + i*uvlinesize);
+                        for (j = 0; j < 8; j++)
+                            tmp_cb[j] = get_bits(&gb, bit_depth);
+                    }
+                    for (i = 0; i < 8; i++) {
+                        uint16_t *tmp_cr = (uint16_t*)(dest_cr + i*uvlinesize);
+                        for (j = 0; j < 8; j++)
+                            tmp_cr[j] = get_bits(&gb, bit_depth);
+                    }
                }
            }
        } else {
@@ -1864,9 +1915,16 @@ static av_always_inline void hl_decode_mb_internal(H264Context *h, int simple, i
                memcpy(dest_y + i*  linesize, h->mb       + i*8, 16);
            }
            if(simple || !CONFIG_GRAY || !(s->flags&CODEC_FLAG_GRAY)){
-                for (i=0; i<8; i++) {
-                    memcpy(dest_cb+ i*uvlinesize, h->mb + 128 + i*4,  8);
-                    memcpy(dest_cr+ i*uvlinesize, h->mb + 160 + i*4,  8);
+                if (!h->sps.chroma_format_idc) {
+                    for (i = 0; i < 8; i++) {
+                        memset(dest_cb + i*uvlinesize, 128, 8);
+                        memset(dest_cr + i*uvlinesize, 128, 8);
+                    }
+                } else {
+                    for (i = 0; i < 8; i++) {
+                        memcpy(dest_cb + i*uvlinesize, h->mb + 128 + i*4,  8);
+                        memcpy(dest_cr + i*uvlinesize, h->mb + 160 + i*4,  8);
+                    }
                }
            }
        }
@@ -2198,15 +2256,17 @@ static void implicit_weight_table(H264Context *h, int field){
    for(ref0=ref_start; ref0 < ref_count0; ref0++){
        int poc0 = h->ref_list[0][ref0].poc;
        for(ref1=ref_start; ref1 < ref_count1; ref1++){
-            int poc1 = h->ref_list[1][ref1].poc;
-            int td = av_clip(poc1 - poc0, -128, 127);
-            int w= 32;
-            if(td){
-                int tb = av_clip(cur_poc - poc0, -128, 127);
-                int tx = (16384 + (FFABS(td) >> 1)) / td;
-                int dist_scale_factor = (tb*tx + 32) >> 8;
-                if(dist_scale_factor >= -64 && dist_scale_factor <= 128)
-                    w = 64 - dist_scale_factor;
+            int w = 32;
+            if (!h->ref_list[0][ref0].long_ref && !h->ref_list[1][ref1].long_ref) {
+                int poc1 = h->ref_list[1][ref1].poc;
+                int td = av_clip(poc1 - poc0, -128, 127);
+                if(td){
+                    int tb = av_clip(cur_poc - poc0, -128, 127);
+                    int tx = (16384 + (FFABS(td) >> 1)) / td;
+                    int dist_scale_factor = (tb*tx + 32) >> 8;
+                    if(dist_scale_factor >= -64 && dist_scale_factor <= 128)
+                        w = 64 - dist_scale_factor;
+                }
            }
            if(field<0){
                h->implicit_weight[ref0][ref1][0]=
@@ -2233,7 +2293,7 @@ static void idr(H264Context *h){
 static void flush_dpb(AVCodecContext *avctx){
    H264Context *h= avctx->priv_data;
    int i;
-    for(i=0; i<MAX_DELAYED_PIC_COUNT; i++) {
+    for(i=0; i<=MAX_DELAYED_PIC_COUNT; i++) {
        if(h->delayed_pic[i])
            h->delayed_pic[i]->reference= 0;
        h->delayed_pic[i]= NULL;
@@ -2577,6 +2637,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
        free_tables(h, 0);
        flush_dpb(s->avctx);
        MPV_common_end(s);
+        h->list_count = 0;
    }
    if (!s->context_initialized) {
        if (h != h0) {
@@ -2638,7 +2699,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
        h->prev_interlaced_frame = 1;

        init_scan_tables(h);
-        ff_h264_alloc_tables(h);
+        if (ff_h264_alloc_tables(h) < 0) {
+            av_log(h->s.avctx, AV_LOG_ERROR, "Could not allocate memory for h264\n");
+            return AVERROR(ENOMEM);
+        }

        if (!HAVE_THREADS || !(s->avctx->active_thread_type&FF_THREAD_SLICE)) {
            if (context_init(h) < 0) {
@@ -2834,6 +2898,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
    h->ref_count[1]= h->pps.ref_count[1];

    if(h->slice_type_nos != AV_PICTURE_TYPE_I){
+        unsigned max= (16<<(s->picture_structure != PICT_FRAME))-1;
        if(h->slice_type_nos == AV_PICTURE_TYPE_B){
            h->direct_spatial_mv_pred= get_bits1(&s->gb);
        }
@@ -2844,25 +2909,27 @@ static int decode_slice_header(H264Context *h, H264Context *h0){
            if(h->slice_type_nos==AV_PICTURE_TYPE_B)
                h->ref_count[1]= get_ue_golomb(&s->gb) + 1;

-            if(h->ref_count[0]-1 > 32-1 || h->ref_count[1]-1 > 32-1){
-                av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow\n");
-                h->ref_count[0]= h->ref_count[1]= 1;
-                return -1;
-            }
+        }
+        if(h->ref_count[0]-1 > max || h->ref_count[1]-1 > max){
+            av_log(h->s.avctx, AV_LOG_ERROR, "reference overflow\n");
+            h->ref_count[0]= h->ref_count[1]= 1;
+            return -1;
        }
        if(h->slice_type_nos == AV_PICTURE_TYPE_B)
            h->list_count= 2;
        else
            h->list_count= 1;
    }else
-        h->list_count= 0;
+        h->ref_count[1]= h->ref_count[0]= h->list_count= 0;

    if(!default_ref_list_done){
        ff_h264_fill_default_ref_list(h);
    }

-    if(h->slice_type_nos!=AV_PICTURE_TYPE_I && ff_h264_decode_ref_pic_list_reordering(h) < 0)
+    if(h->slice_type_nos!=AV_PICTURE_TYPE_I && ff_h264_decode_ref_pic_list_reordering(h) < 0) {
+        h->ref_count[1]= h->ref_count[0]= 0;
        return -1;
+    }

    if(h->slice_type_nos!=AV_PICTURE_TYPE_I){
        s->last_picture_ptr= &h->ref_list[0][0];
@@ -3668,7 +3735,7 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
            s->workaround_bugs |= FF_BUG_TRUNCATED;

        if(!(s->workaround_bugs & FF_BUG_TRUNCATED)){
-        while(ptr[dst_length - 1] == 0 && dst_length > 0)
+        while(dst_length > 0 && ptr[dst_length - 1] == 0)
            dst_length--;
        }
        bit_length= !dst_length ? 0 : (8*dst_length - ff_h264_decode_rbsp_trailing(h, ptr + dst_length - 1));
@@ -3691,9 +3758,13 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
            switch (hx->nal_unit_type) {
                case NAL_SPS:
                case NAL_PPS:
+                    nals_needed = nal_index;
+                    break;
                case NAL_IDR_SLICE:
                case NAL_SLICE:
-                    nals_needed = nal_index;
+                    init_get_bits(&hx->s.gb, ptr, bit_length);
+                    if(!get_ue_golomb(&hx->s.gb))
+                        nals_needed = nal_index;
            }
            continue;
        }
--- a/libavcodec/h264.h
+++ b/libavcodec/h264.h
@@ -53,6 +53,8 @@

 #define MAX_DELAYED_PIC_COUNT 16

+#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes
+
 /* Compiling in interlaced support reduces the speed
 * of progressive decoding by about 2%. */
 #define ALLOW_INTERLACE
@@ -99,7 +101,7 @@
 */
 #define DELAYED_PIC_REF 4

-#define QP_MAX_NUM (51 + 2*6)           // The maximum supported qp
+#define QP_MAX_NUM (51 + 4*6)           // The maximum supported qp

 /* NAL unit types */
 enum {
@@ -225,7 +227,7 @@ typedef struct PPS{
    int transform_8x8_mode;     ///< transform_8x8_mode_flag
    uint8_t scaling_matrix4[6][16];
    uint8_t scaling_matrix8[6][64];
-    uint8_t chroma_qp_table[2][64];  ///< pre-scaled (with chroma_qp_index_offset) version of qp_table
+    uint8_t chroma_qp_table[2][QP_MAX_NUM+1];  ///< pre-scaled (with chroma_qp_index_offset) version of qp_table
    int chroma_qp_diff;
 }PPS;

@@ -582,7 +584,7 @@ typedef struct H264Context{
 }H264Context;


-extern const uint8_t ff_h264_chroma_qp[3][QP_MAX_NUM+1]; ///< One chroma qp table for each supported bit depth (8, 9, 10).
+extern const uint8_t ff_h264_chroma_qp[5][QP_MAX_NUM+1]; ///< One chroma qp table for each possible bit depth (8-12).

 /**
 * Decode SEI
@@ -656,12 +658,17 @@ int ff_h264_check_intra4x4_pred_mode(H264Context *h);
 /**
 * Check if the top & left blocks are available if needed & change the dc mode so it only uses the available blocks.
 */
-int ff_h264_check_intra_pred_mode(H264Context *h, int mode);
+int ff_h264_check_intra16x16_pred_mode(H264Context *h, int mode);
+
+/**
+ * Check if the top & left blocks are available if needed & change the dc mode so it only uses the available blocks.
+ */
+int ff_h264_check_intra_chroma_pred_mode(H264Context *h, int mode);

 void ff_h264_write_back_intra_pred_mode(H264Context *h);
 void ff_h264_hl_decode_mb(H264Context *h);
 int ff_h264_frame_start(H264Context *h);
-int ff_h264_decode_extradata(H264Context *h);
+int ff_h264_decode_extradata(H264Context *h, const uint8_t *buf, int size);
 av_cold int ff_h264_decode_init(AVCodecContext *avctx);
 av_cold int ff_h264_decode_end(AVCodecContext *avctx);
 av_cold void ff_h264_decode_init_vlc(void);
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -2003,14 +2003,14 @@ decode_intra_mb:
            ff_h264_write_back_intra_pred_mode(h);
            if( ff_h264_check_intra4x4_pred_mode(h) < 0 ) return -1;
        } else {
-            h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode( h, h->intra16x16_pred_mode );
+            h->intra16x16_pred_mode= ff_h264_check_intra16x16_pred_mode( h, h->intra16x16_pred_mode );
            if( h->intra16x16_pred_mode < 0 ) return -1;
        }
        if(decode_chroma){
            h->chroma_pred_mode_table[mb_xy] =
            pred_mode                        = decode_cabac_mb_chroma_pre_mode( h );

-            pred_mode= ff_h264_check_intra_pred_mode( h, pred_mode );
+            pred_mode= ff_h264_check_intra_chroma_pred_mode( h, pred_mode );
            if( pred_mode < 0 ) return -1;
            h->chroma_pred_mode= pred_mode;
        } else {
--- a/libavcodec/h264_cavlc.c
+++ b/libavcodec/h264_cavlc.c
@@ -735,12 +735,12 @@ decode_intra_mb:
            if( ff_h264_check_intra4x4_pred_mode(h) < 0)
                return -1;
        }else{
-            h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode(h, h->intra16x16_pred_mode);
+            h->intra16x16_pred_mode= ff_h264_check_intra16x16_pred_mode(h, h->intra16x16_pred_mode);
            if(h->intra16x16_pred_mode < 0)
                return -1;
        }
        if(decode_chroma){
-            pred_mode= ff_h264_check_intra_pred_mode(h, get_ue_golomb_31(&s->gb));
+            pred_mode= ff_h264_check_intra_chroma_pred_mode(h, get_ue_golomb_31(&s->gb));
            if(pred_mode < 0)
                return -1;
            h->chroma_pred_mode= pred_mode;
--- a/libavcodec/h264_direct.c
+++ b/libavcodec/h264_direct.c
@@ -89,7 +89,8 @@ static void fill_colmap(H264Context *h, int map[2][16+32], int list, int field,
            for(j=start; j<end; j++){
                if(4*h->ref_list[0][j].frame_num + (h->ref_list[0][j].reference&3) == poc){
                    int cur_ref= mbafi ? (j-16)^field : j;
-                    map[list][2*old_ref + (rfield^field) + 16] = cur_ref;
+                    if(ref1->mbaff)
+                        map[list][2*old_ref + (rfield^field) + 16] = cur_ref;
                    if(rfield == field || !interl)
                        map[list][old_ref] = cur_ref;
                    break;
@@ -252,6 +253,10 @@ static void pred_spatial_direct_motion(H264Context * const h, int *mb_type){
            mb_type_col[1] = h->ref_list[1][0].mb_type[mb_xy + s->mb_stride];
            b8_stride = 2+4*s->mb_stride;
            b4_stride *= 6;
+            if(IS_INTERLACED(mb_type_col[0]) != IS_INTERLACED(mb_type_col[1])){
+                mb_type_col[0] &= ~MB_TYPE_INTERLACED;
+                mb_type_col[1] &= ~MB_TYPE_INTERLACED;
+            }

            sub_mb_type |= MB_TYPE_16x16|MB_TYPE_DIRECT2; /* B_SUB_8x8 */
            if(    (mb_type_col[0] & MB_TYPE_16x16_OR_INTRA)
--- a/libavcodec/h264_parser.c
+++ b/libavcodec/h264_parser.c
@@ -251,7 +251,7 @@ static int h264_parse(AVCodecParserContext *s,
        h->got_first = 1;
        if (avctx->extradata_size) {
            h->s.avctx = avctx;
-            ff_h264_decode_extradata(h);
+            ff_h264_decode_extradata(h, avctx->extradata, avctx->extradata_size);
        }
    }

--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -70,7 +70,7 @@ static const AVRational pixel_aspect[17]={
    QP(37,d), QP(37,d), QP(37,d), QP(38,d), QP(38,d), QP(38,d),\
    QP(39,d), QP(39,d), QP(39,d), QP(39,d)

-const uint8_t ff_h264_chroma_qp[3][QP_MAX_NUM+1] = {
+const uint8_t ff_h264_chroma_qp[5][QP_MAX_NUM+1] = {
    {
        CHROMA_QP_TABLE_END(8)
    },
@@ -83,6 +83,19 @@ const uint8_t ff_h264_chroma_qp[3][QP_MAX_NUM+1] = {
        6, 7, 8, 9, 10, 11,
        CHROMA_QP_TABLE_END(10)
    },
+    {
+        0,  1, 2, 3,  4,  5,
+        6,  7, 8, 9, 10, 11,
+        12,13,14,15, 16, 17,
+        CHROMA_QP_TABLE_END(11)
+    },
+    {
+        0,  1, 2, 3,  4,  5,
+        6,  7, 8, 9, 10, 11,
+        12,13,14,15, 16, 17,
+        18,19,20,21, 22, 23,
+        CHROMA_QP_TABLE_END(12)
+    },
 };

 static const uint8_t default_scaling4[2][16]={
@@ -130,8 +143,8 @@ static inline int decode_hrd_parameters(H264Context *h, SPS *sps){
    get_bits(&s->gb, 4); /* bit_rate_scale */
    get_bits(&s->gb, 4); /* cpb_size_scale */
    for(i=0; i<cpb_count; i++){
-        get_ue_golomb(&s->gb); /* bit_rate_value_minus1 */
-        get_ue_golomb(&s->gb); /* cpb_size_value_minus1 */
+        get_ue_golomb_long(&s->gb); /* bit_rate_value_minus1 */
+        get_ue_golomb_long(&s->gb); /* cpb_size_value_minus1 */
        get_bits1(&s->gb);     /* cbr_flag */
    }
    sps->initial_cpb_removal_delay_length = get_bits(&s->gb, 5) + 1;
@@ -333,6 +346,11 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
            sps->residual_color_transform_flag = get_bits1(&s->gb);
        sps->bit_depth_luma   = get_ue_golomb(&s->gb) + 8;
        sps->bit_depth_chroma = get_ue_golomb(&s->gb) + 8;
+        if (sps->bit_depth_luma > 12U || sps->bit_depth_chroma > 12U) {
+            av_log(h->s.avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n",
+                   sps->bit_depth_luma, sps->bit_depth_chroma);
+            goto fail;
+        }
        sps->transform_bypass = get_bits1(&s->gb);
        decode_scaling_matrices(h, sps, NULL, 1, sps->scaling_matrix4, sps->scaling_matrix8);
    }else{
@@ -365,7 +383,7 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
    }

    sps->ref_frame_count= get_ue_golomb_31(&s->gb);
-    if(sps->ref_frame_count > MAX_PICTURE_COUNT-2 || sps->ref_frame_count >= 32U){
+    if(sps->ref_frame_count > MAX_PICTURE_COUNT-2 || sps->ref_frame_count > 16U){
        av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n");
        goto fail;
    }
--- a/libavcodec/h264_refs.c
+++ b/libavcodec/h264_refs.c
@@ -301,7 +301,7 @@ int ff_h264_decode_ref_pic_list_reordering(H264Context *h){

 void ff_h264_fill_mbaff_ref_list(H264Context *h){
    int list, i, j;
-    for(list=0; list<2; list++){ //FIXME try list_count
+    for(list=0; list<h->list_count; list++){
        for(i=0; i<h->ref_count[list]; i++){
            Picture *frame = &h->ref_list[list][i];
            Picture *field = &h->ref_list[list][16+2*i];
@@ -678,7 +678,7 @@ int ff_h264_decode_ref_pic_marking(H264Context *h, GetBitContext *gb){
                }
                if(opcode==MMCO_SHORT2LONG || opcode==MMCO_LONG2UNUSED || opcode==MMCO_LONG || opcode==MMCO_SET_MAX_LONG){
                    unsigned int long_arg= get_ue_golomb_31(gb);
-                    if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){
+                    if(long_arg >= 32 || (long_arg >= 16 && !(opcode == MMCO_SET_MAX_LONG && long_arg == 16) && !(opcode == MMCO_LONG2UNUSED && FIELD_PICTURE))){
                        av_log(h->s.avctx, AV_LOG_ERROR, "illegal long ref in memory management control operation %d\n", opcode);
                        return -1;
                    }
--- a/libavcodec/h264pred.c
+++ b/libavcodec/h264pred.c
@@ -40,7 +40,7 @@
 #undef BIT_DEPTH

 static void pred4x4_vertical_vp8_c(uint8_t *src, const uint8_t *topright, int stride){
-    const int lt= src[-1-1*stride];
+    const unsigned lt = src[-1-1*stride];
    LOAD_TOP_EDGE
    LOAD_TOP_RIGHT_EDGE
    uint32_t v = PACK_4U8((lt + 2*t0 + t1 + 2) >> 2,
@@ -55,7 +55,7 @@ static void pred4x4_vertical_vp8_c(uint8_t *src, const uint8_t *topright, int st
 }

 static void pred4x4_horizontal_vp8_c(uint8_t *src, const uint8_t *topright, int stride){
-    const int lt= src[-1-1*stride];
+    const unsigned lt = src[-1-1*stride];
    LOAD_LEFT_EDGE

    AV_WN32A(src+0*stride, ((lt + 2*l0 + l1 + 2) >> 2)*0x01010101);
@@ -292,7 +292,7 @@ static void pred16x16_tm_vp8_c(uint8_t *src, int stride){

 static void pred8x8_left_dc_rv40_c(uint8_t *src, int stride){
    int i;
-    int dc0;
+    unsigned dc0;

    dc0=0;
    for(i=0;i<8; i++)
@@ -307,7 +307,7 @@ static void pred8x8_left_dc_rv40_c(uint8_t *src, int stride){

 static void pred8x8_top_dc_rv40_c(uint8_t *src, int stride){
    int i;
-    int dc0;
+    unsigned dc0;

    dc0=0;
    for(i=0;i<8; i++)
@@ -322,7 +322,7 @@ static void pred8x8_top_dc_rv40_c(uint8_t *src, int stride){

 static void pred8x8_dc_rv40_c(uint8_t *src, int stride){
    int i;
-    int dc0=0;
+    unsigned dc0 = 0;

    for(i=0;i<4; i++){
        dc0+= src[-1+i*stride] + src[i-stride];
--- a/libavcodec/h264pred_template.c
+++ b/libavcodec/h264pred_template.c
@@ -120,28 +120,28 @@ static void FUNCC(pred4x4_129_dc)(uint8_t *_src, const uint8_t *topright, int _s


 #define LOAD_TOP_RIGHT_EDGE\
-    const int av_unused t4= topright[0];\
-    const int av_unused t5= topright[1];\
-    const int av_unused t6= topright[2];\
-    const int av_unused t7= topright[3];\
+    const unsigned av_unused t4 = topright[0];\
+    const unsigned av_unused t5 = topright[1];\
+    const unsigned av_unused t6 = topright[2];\
+    const unsigned av_unused t7 = topright[3];\

 #define LOAD_DOWN_LEFT_EDGE\
-    const int av_unused l4= src[-1+4*stride];\
-    const int av_unused l5= src[-1+5*stride];\
-    const int av_unused l6= src[-1+6*stride];\
-    const int av_unused l7= src[-1+7*stride];\
+    const unsigned av_unused l4 = src[-1+4*stride];\
+    const unsigned av_unused l5 = src[-1+5*stride];\
+    const unsigned av_unused l6 = src[-1+6*stride];\
+    const unsigned av_unused l7 = src[-1+7*stride];\

 #define LOAD_LEFT_EDGE\
-    const int av_unused l0= src[-1+0*stride];\
-    const int av_unused l1= src[-1+1*stride];\
-    const int av_unused l2= src[-1+2*stride];\
-    const int av_unused l3= src[-1+3*stride];\
+    const unsigned av_unused l0 = src[-1+0*stride];\
+    const unsigned av_unused l1 = src[-1+1*stride];\
+    const unsigned av_unused l2 = src[-1+2*stride];\
+    const unsigned av_unused l3 = src[-1+3*stride];\

 #define LOAD_TOP_EDGE\
-    const int av_unused t0= src[ 0-1*stride];\
-    const int av_unused t1= src[ 1-1*stride];\
-    const int av_unused t2= src[ 2-1*stride];\
-    const int av_unused t3= src[ 3-1*stride];\
+    const unsigned av_unused t0 = src[ 0-1*stride];\
+    const unsigned av_unused t1 = src[ 1-1*stride];\
+    const unsigned av_unused t2 = src[ 2-1*stride];\
+    const unsigned av_unused t3 = src[ 3-1*stride];\

 static void FUNCC(pred4x4_down_right)(uint8_t *_src, const uint8_t *topright, int _stride){
    pixel *src = (pixel*)_src;
--- a/libavcodec/imc.c
+++ b/libavcodec/imc.c
@@ -104,10 +104,15 @@ static VLC_TYPE vlc_tables[VLC_TABLES_SIZE][2];

 static av_cold int imc_decode_init(AVCodecContext * avctx)
 {
-    int i, j;
+    int i, j, ret;
    IMCContext *q = avctx->priv_data;
    double r1, r2;

+    if (avctx->channels != 1) {
+        av_log_ask_for_sample(avctx, "Number of channels is not supported\n");
+        return AVERROR_PATCHWELCOME;
+    }
+
    q->decoder_reset = 1;

    for(i = 0; i < BANDS; i++)
@@ -156,7 +161,10 @@ static av_cold int imc_decode_init(AVCodecContext * avctx)
    }
    q->one_div_log2 = 1/log(2);

-    ff_fft_init(&q->fft, 7, 1);
+    if ((ret = ff_fft_init(&q->fft, 7, 1))) {
+        av_log(avctx, AV_LOG_INFO, "FFT init failed\n");
+        return ret;
+    }
    dsputil_init(&q->dsp, avctx);
    avctx->sample_fmt = AV_SAMPLE_FMT_FLT;
    avctx->channel_layout = (avctx->channels==2) ? AV_CH_LAYOUT_STEREO : AV_CH_LAYOUT_MONO;
--- a/libavcodec/imgconvert.c
+++ b/libavcodec/imgconvert.c
@@ -499,6 +499,16 @@ int avpicture_layout(const AVPicture* src, enum PixelFormat pix_fmt, int width,
        }
    }

+    switch (pix_fmt) {
+    case PIX_FMT_RGB8:
+    case PIX_FMT_BGR8:
+    case PIX_FMT_RGB4_BYTE:
+    case PIX_FMT_BGR4_BYTE:
+    case PIX_FMT_GRAY8:
+        // do not include palette for these pseudo-paletted formats
+        return size;
+    }
+
    if (desc->flags & PIX_FMT_PAL)
        memcpy((unsigned char *)(((size_t)dest + 3) & ~3), src->data[1], 256 * 4);

--- a/libavcodec/indeo2.c
+++ b/libavcodec/indeo2.c
@@ -153,6 +153,13 @@ static int ir2_decode_frame(AVCodecContext *avctx,
        return -1;
    }

+    start = 48; /* hardcoded for now */
+
+    if (start >= buf_size) {
+        av_log(s->avctx, AV_LOG_ERROR, "input buffer size too small (%d)\n", buf_size);
+        return AVERROR_INVALIDDATA;
+    }
+
    s->decode_delta = buf[18];

    /* decide whether frame uses deltas or not */
@@ -160,9 +167,8 @@ static int ir2_decode_frame(AVCodecContext *avctx,
    for (i = 0; i < buf_size; i++)
        buf[i] = av_reverse[buf[i]];
 #endif
-    start = 48; /* hardcoded for now */

-    init_get_bits(&s->gb, buf + start, buf_size - start);
+    init_get_bits(&s->gb, buf + start, (buf_size - start) * 8);

    if (s->decode_delta) { /* intraframe */
        ir2_decode_plane(s, avctx->width, avctx->height,
--- a/libavcodec/j2k_dwt.c
+++ b/libavcodec/j2k_dwt.c
@@ -321,6 +321,8 @@ int ff_j2k_dwt_init(DWTContext *s, uint16_t border[2][2], int decomp_levels, int
    int i, j, lev = decomp_levels, maxlen,
        b[2][2];

+    if (decomp_levels >= FF_DWT_MAX_DECLVLS)
+        return AVERROR_INVALIDDATA;
    s->ndeclevels = decomp_levels;
    s->type = type;

--- a/libavcodec/j2kdec.c
+++ b/libavcodec/j2kdec.c
@@ -961,18 +961,20 @@ static int decode_codestream(J2kDecoderContext *s)

 static int jp2_find_codestream(J2kDecoderContext *s)
 {
-    int32_t atom_size;
+    uint32_t atom_size;
    int found_codestream = 0, search_range = 10;

    // skip jpeg2k signature atom
    s->buf += 12;

-    while(!found_codestream && search_range) {
+    while(!found_codestream && search_range && s->buf_end - s->buf >= 8) {
        atom_size = AV_RB32(s->buf);
        if(AV_RB32(s->buf + 4) == JP2_CODESTREAM) {
            found_codestream = 1;
            s->buf += 8;
        } else {
+            if (s->buf_end - s->buf < atom_size)
+                return 0;
            s->buf += atom_size;
            search_range--;
        }
@@ -1005,7 +1007,8 @@ static int decode_frame(AVCodecContext *avctx,
        return AVERROR(EINVAL);

    // check if the image is in jp2 format
-    if((AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) &&
+    if(s->buf_end - s->buf >= 12 &&
+       (AV_RB32(s->buf) == 12) && (AV_RB32(s->buf + 4) == JP2_SIG_TYPE) &&
       (AV_RB32(s->buf + 8) == JP2_SIG_VALUE)) {
        if(!jp2_find_codestream(s)) {
            av_log(avctx, AV_LOG_ERROR, "couldn't find jpeg2k codestream atom\n");
--- a/libavcodec/jpegls.h
+++ b/libavcodec/jpegls.h
@@ -86,6 +86,8 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q){
 }

 static inline int ff_jpegls_update_state_regular(JLSState *state, int Q, int err){
+    if(FFABS(err) > 0xFFFF)
+        return -0x10000;
    state->A[Q] += FFABS(err);
    err *= state->twonear;
    state->B[Q] += err;
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -150,7 +150,7 @@ static int decode_frame(AVCodecContext *avctx,

        if (video_type == 0 || video_type == 1) {
            GetBitContext gb;
-            init_get_bits(&gb, buf, FFMIN(video_size, buf_end - buf));
+            init_get_bits(&gb, buf, FFMIN(video_size, (buf_end - buf) * 8));

            for (j = 0; j < avctx->height; j += 8)
                for (i = 0; i < avctx->width; i += 8)
--- a/libavcodec/kgv1dec.c
+++ b/libavcodec/kgv1dec.c
@@ -174,6 +174,5 @@ AVCodec ff_kgv1_decoder = {
    NULL,
    decode_end,
    decode_frame,
-    .max_lowres = 1,
    .long_name = NULL_IF_CONFIG_SMALL("Kega Game Video"),
 };
--- a/libavcodec/libaacplus.c
+++ b/libavcodec/libaacplus.c
@@ -0,0 +1,136 @@
+/*
+ * Interface to libaacplus for aac+ (sbr+ps) encoding
+ * Copyright (c) 2010 tipok <piratfm@gmail.com>
+ *
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/**
+ * @file
+ * Interface to libaacplus for aac+ (sbr+ps) encoding.
+ */
+
+#include "avcodec.h"
+#include <aacplus.h>
+
+typedef struct aacPlusAudioContext {
+    aacplusEncHandle aacplus_handle;
+} aacPlusAudioContext;
+
+static av_cold int aacPlus_encode_init(AVCodecContext *avctx)
+{
+    aacPlusAudioContext *s = avctx->priv_data;
+    aacplusEncConfiguration *aacplus_cfg;
+    unsigned long samples_input, max_bytes_output;
+
+    /* number of channels */
+    if (avctx->channels < 1 || avctx->channels > 2) {
+        av_log(avctx, AV_LOG_ERROR, "encoding %d channel(s) is not allowed\n", avctx->channels);
+        return -1;
+    }
+
+    s->aacplus_handle = aacplusEncOpen(avctx->sample_rate,
+                                 avctx->channels,
+                                 &samples_input, &max_bytes_output);
+    if(!s->aacplus_handle) {
+            av_log(avctx, AV_LOG_ERROR, "can't open encoder\n");
+            return -1;
+    }
+
+    /* check aacplus version */
+    aacplus_cfg = aacplusEncGetCurrentConfiguration(s->aacplus_handle);
+
+    /* put the options in the configuration struct */
+    if(avctx->profile != FF_PROFILE_AAC_LOW && avctx->profile != FF_PROFILE_UNKNOWN) {
+            av_log(avctx, AV_LOG_ERROR, "invalid AAC profile: %d, only LC supported\n", avctx->profile);
+            aacplusEncClose(s->aacplus_handle);
+            return -1;
+    }
+
+    aacplus_cfg->bitRate = avctx->bit_rate;
+    aacplus_cfg->bandWidth = avctx->cutoff;
+    if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) {
+        aacplus_cfg->outputFormat = 0; //raw aac
+    }
+    aacplus_cfg->inputFormat = AACPLUS_INPUT_16BIT;
+    if (!aacplusEncSetConfiguration(s->aacplus_handle, aacplus_cfg)) {
+        av_log(avctx, AV_LOG_ERROR, "libaacplus doesn't support this output format!\n");
+        return -1;
+    }
+
+    avctx->frame_size = samples_input / avctx->channels;
+
+    avctx->coded_frame= avcodec_alloc_frame();
+    avctx->coded_frame->key_frame= 1;
+
+    /* Set decoder specific info */
+    avctx->extradata_size = 0;
+    if (avctx->flags & CODEC_FLAG_GLOBAL_HEADER) {
+
+        unsigned char *buffer = NULL;
+        unsigned long decoder_specific_info_size;
+
+        if (aacplusEncGetDecoderSpecificInfo(s->aacplus_handle, &buffer,
+                                           &decoder_specific_info_size) == 1) {
+            avctx->extradata = av_malloc(decoder_specific_info_size + FF_INPUT_BUFFER_PADDING_SIZE);
+            avctx->extradata_size = decoder_specific_info_size;
+            memcpy(avctx->extradata, buffer, avctx->extradata_size);
+        }
+#undef free
+        free(buffer);
+#define free please_use_av_free
+    }
+    return 0;
+}
+
+static int aacPlus_encode_frame(AVCodecContext *avctx,
+                             unsigned char *frame, int buf_size, void *data)
+{
+    aacPlusAudioContext *s = avctx->priv_data;
+    int bytes_written;
+
+    bytes_written = aacplusEncEncode(s->aacplus_handle,
+                                  data,
+                                  avctx->frame_size * avctx->channels,
+                                  frame,
+                                  buf_size);
+
+    return bytes_written;
+}
+
+static av_cold int aacPlus_encode_close(AVCodecContext *avctx)
+{
+    aacPlusAudioContext *s = avctx->priv_data;
+
+    av_freep(&avctx->coded_frame);
+    av_freep(&avctx->extradata);
+
+    aacplusEncClose(s->aacplus_handle);
+    return 0;
+}
+
+AVCodec ff_libaacplus_encoder = {
+    "libaacplus",
+    AVMEDIA_TYPE_AUDIO,
+    CODEC_ID_AAC,
+    sizeof(aacPlusAudioContext),
+    aacPlus_encode_init,
+    aacPlus_encode_frame,
+    aacPlus_encode_close,
+    .sample_fmts = (const enum SampleFormat[]){SAMPLE_FMT_S16,SAMPLE_FMT_NONE},
+    .long_name = NULL_IF_CONFIG_SMALL("libaacplus AAC+ (Advanced Audio Codec with SBR+PS)"),
+};
--- a/libavcodec/libgsm.c
+++ b/libavcodec/libgsm.c
@@ -141,18 +141,25 @@ static int libgsm_decode_frame(AVCodecContext *avctx,
                               AVPacket *avpkt) {
    const uint8_t *buf = avpkt->data;
    int buf_size = avpkt->size;
+    int out_size = avctx->frame_size * av_get_bytes_per_sample(avctx->sample_fmt);
+
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
    *data_size = 0; /* In case of error */
    if(buf_size < avctx->block_align) return -1;
    switch(avctx->codec_id) {
    case CODEC_ID_GSM:
        if(gsm_decode(avctx->priv_data,buf,data)) return -1;
-        *data_size = GSM_FRAME_SIZE*sizeof(int16_t);
        break;
    case CODEC_ID_GSM_MS:
        if(gsm_decode(avctx->priv_data,buf,data) ||
           gsm_decode(avctx->priv_data,buf+33,((int16_t*)data)+GSM_FRAME_SIZE)) return -1;
-        *data_size = GSM_FRAME_SIZE*sizeof(int16_t)*2;
    }
+
+    *data_size = out_size;
    return avctx->block_align;
 }

--- a/libavcodec/libspeexenc.c
+++ b/libavcodec/libspeexenc.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) 2009 by Xuggle Incorporated.  All rights reserved.
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+#include <libavcodec/avcodec.h>
+#include <speex/speex.h>
+#include <speex/speex_header.h>
+#include <speex/speex_stereo.h>
+
+typedef struct {
+    SpeexBits bits;
+    void *enc_state;
+    SpeexHeader header;
+} LibSpeexEncContext;
+
+
+static av_cold int libspeex_encode_init(AVCodecContext *avctx)
+{
+    LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+    const SpeexMode *mode;
+
+    if ((avctx->sample_fmt != SAMPLE_FMT_S16 && avctx->sample_fmt != SAMPLE_FMT_FLT) ||
+            avctx->sample_rate <= 0 ||
+            avctx->channels <= 0 ||
+            avctx->channels > 2)
+    {
+        av_log(avctx, AV_LOG_ERROR, "Unsupported sample format, rate, or channels for speex");
+        return -1;
+    }
+
+    if (avctx->sample_rate <= 8000)
+        mode = &speex_nb_mode;
+    else if (avctx->sample_rate <= 16000)
+        mode = &speex_wb_mode;
+    else
+        mode = &speex_uwb_mode;
+
+    speex_bits_init(&s->bits);
+    s->enc_state = speex_encoder_init(mode);
+    if (!s->enc_state)
+    {
+        av_log(avctx, AV_LOG_ERROR, "could not initialize speex encoder");
+        return -1;
+    }
+
+    // initialize the header
+    speex_init_header(&s->header, avctx->sample_rate,
+            avctx->channels, mode);
+
+    // TODO: It'd be nice to support VBR here, but
+    // I'm uncertain what AVCodecContext options to use
+    // to signal whether to turn it on.
+    if (avctx->flags & CODEC_FLAG_QSCALE) {
+        spx_int32_t quality = 0;
+        // Map global_quality's mpeg 1/2/4 scale into Speex's 0-10 scale
+        if (avctx->global_quality > FF_LAMBDA_MAX)
+            quality = 0; // lowest possible quality
+        else
+            quality = (spx_int32_t)((FF_LAMBDA_MAX-avctx->global_quality)*10.0/FF_LAMBDA_MAX);
+        speex_encoder_ctl(s->enc_state, SPEEX_SET_QUALITY, &quality);
+    } else {
+        // default to CBR
+        if (avctx->bit_rate > 0)
+            speex_encoder_ctl(s->enc_state, SPEEX_SET_BITRATE, &avctx->bit_rate);
+        // otherwise just take the default quality setting
+    }
+    // reset the bit-rate to the actual bit rate speex will use
+    speex_encoder_ctl(s->enc_state, SPEEX_GET_BITRATE, &s->header.bitrate);
+    avctx->bit_rate = s->header.bitrate;
+
+    // get the actual sample rate
+    speex_encoder_ctl(s->enc_state, SPEEX_GET_SAMPLING_RATE, &s->header.rate);
+    avctx->sample_rate = s->header.rate;
+
+    // get the frame-size.  To align with FLV, we're going to put 2 frames
+    // per packet.  If someone can tell me how to make this configurable
+    // from the avcodec contents, I'll mod this so it's not hard-coded.
+    // but without this, FLV files with speex data won't play correctly
+    // in flash player 10.
+    speex_encoder_ctl(s->enc_state, SPEEX_GET_FRAME_SIZE, &s->header.frame_size);
+    s->header.frames_per_packet = 2; // Need for FLV container support
+    avctx->frame_size = s->header.frame_size*s->header.frames_per_packet;
+
+    // and we'll put a speex header packet into extradata so that muxers
+    // can use it.
+    avctx->extradata = speex_header_to_packet(&s->header, &avctx->extradata_size);
+    return 0;
+}
+
+static av_cold int libspeex_encode_frame(
+        AVCodecContext *avctx, uint8_t *frame,
+        int buf_size, void *data)
+{
+    LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+    int i = 0;
+
+    if (!data)
+        // nothing to flush
+        return 0;
+
+    speex_bits_reset(&s->bits);
+    for(i = 0; i < s->header.frames_per_packet; i++)
+    {
+        if (avctx->sample_fmt == SAMPLE_FMT_FLT)
+        {
+            if (avctx->channels == 2) {
+                speex_encode_stereo(
+                        (float*)data+i*s->header.frame_size,
+                        s->header.frame_size,
+                        &s->bits);
+            }
+            speex_encode(s->enc_state,
+                    (float*)data+i*s->header.frame_size, &s->bits);
+        } else {
+            if (avctx->channels == 2) {
+                speex_encode_stereo_int(
+                        (spx_int16_t*)data+i*s->header.frame_size,
+                        s->header.frame_size,
+                        &s->bits);
+            }
+            speex_encode_int(s->enc_state,
+                    (spx_int16_t*)data+i*s->header.frame_size, &s->bits);
+        }
+    }
+    // put in a terminator so this will fit in a OGG or FLV packet
+    speex_bits_insert_terminator(&s->bits);
+
+    if (buf_size >= speex_bits_nbytes(&s->bits)) {
+        return speex_bits_write(&s->bits, frame, buf_size);
+    } else {
+        av_log(avctx, AV_LOG_ERROR, "output buffer too small");
+        return -1;
+    }
+}
+
+static av_cold int libspeex_encode_close(AVCodecContext *avctx)
+{
+    LibSpeexEncContext *s = (LibSpeexEncContext*)avctx->priv_data;
+
+    speex_bits_destroy(&s->bits);
+    speex_encoder_destroy(s->enc_state);
+    s->enc_state = 0;
+    if (avctx->extradata)
+        speex_header_free(avctx->extradata);
+    avctx->extradata = 0;
+    avctx->extradata_size = 0;
+
+    return 0;
+}
+
+AVCodec ff_libspeex_encoder = {
+    "libspeex",
+    AVMEDIA_TYPE_AUDIO,
+    CODEC_ID_SPEEX,
+    sizeof(LibSpeexEncContext),
+    libspeex_encode_init,
+    libspeex_encode_frame,
+    libspeex_encode_close,
+    0,
+    .capabilities = CODEC_CAP_DELAY,
+    .supported_samplerates = (const int[]){8000, 16000, 32000, 0},
+    .sample_fmts = (enum SampleFormat[]){SAMPLE_FMT_S16,SAMPLE_FMT_FLT,SAMPLE_FMT_NONE},
+    .long_name = NULL_IF_CONFIG_SMALL("libspeex Speex Encoder"),
+};
--- a/libavcodec/libvpxenc.c
+++ b/libavcodec/libvpxenc.c
@@ -481,8 +481,8 @@ static int queue_frames(AVCodecContext *avctx, uint8_t *buf, int buf_size,
            break;
        case VPX_CODEC_STATS_PKT: {
            struct vpx_fixed_buf *stats = &ctx->twopass_stats;
-            stats->buf = av_realloc(stats->buf,
-                                    stats->sz + pkt->data.twopass_stats.sz);
+            stats->buf = av_realloc_f(stats->buf, 1,
+                                      stats->sz + pkt->data.twopass_stats.sz);
            if (!stats->buf) {
                av_log(avctx, AV_LOG_ERROR, "Stat buffer realloc failed\n");
                return AVERROR(ENOMEM);
--- a/libavcodec/libx264.c
+++ b/libavcodec/libx264.c
@@ -70,9 +70,14 @@ static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size,

    /* Write the SEI as part of the first frame. */
    if (x4->sei_size > 0 && nnal > 0) {
+        if (x4->sei_size > size) {
+            av_log(ctx, AV_LOG_ERROR, "Error: nal buffer is too small\n");
+            return -1;
+        }
        memcpy(p, x4->sei, x4->sei_size);
        p += x4->sei_size;
        x4->sei_size = 0;
+        // why is x4->sei not freed?
    }

    for (i = 0; i < nnal; i++){
@@ -83,6 +88,11 @@ static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size,
            memcpy(x4->sei, nals[i].p_payload, nals[i].i_payload);
            continue;
        }
+        if (nals[i].i_payload > (size - (p - buf))) {
+            // return only complete nals which fit in buf
+            av_log(ctx, AV_LOG_ERROR, "Error: nal buffer is too small\n");
+            break;
+        }
        memcpy(p, nals[i].p_payload, nals[i].i_payload);
        p += nals[i].i_payload;
    }
@@ -91,13 +101,14 @@ static int encode_nals(AVCodecContext *ctx, uint8_t *buf, int size,
 }

 static int X264_frame(AVCodecContext *ctx, uint8_t *buf,
-                      int bufsize, void *data)
+                      int orig_bufsize, void *data)
 {
    X264Context *x4 = ctx->priv_data;
    AVFrame *frame = data;
    x264_nal_t *nal;
    int nnal, i;
    x264_picture_t pic_out;
+    int bufsize;

    x264_picture_init( &x4->pic );
    x4->pic.img.i_csp   = X264_CSP_I420;
@@ -128,6 +139,7 @@ static int X264_frame(AVCodecContext *ctx, uint8_t *buf,
    }

    do {
+        bufsize = orig_bufsize;
    if (x264_encoder_encode(x4->enc, &nal, &nnal, frame? &x4->pic: NULL, &pic_out) < 0)
        return -1;

--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -318,8 +318,10 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
    case 0x11111100:
        if(s->rgb){
            s->avctx->pix_fmt = PIX_FMT_BGRA;
-        }else
+        }else{
            s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV444P : PIX_FMT_YUVJ444P;
+            s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
+        }
        assert(s->nb_components==3);
        break;
    case 0x11000000:
@@ -327,12 +329,15 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
        break;
    case 0x12111100:
        s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV440P : PIX_FMT_YUVJ440P;
+        s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
        break;
    case 0x21111100:
        s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV422P : PIX_FMT_YUVJ422P;
+        s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
        break;
    case 0x22111100:
        s->avctx->pix_fmt = s->cs_itu601 ? PIX_FMT_YUV420P : PIX_FMT_YUVJ420P;
+        s->avctx->color_range = s->cs_itu601 ? AVCOL_RANGE_MPEG : AVCOL_RANGE_JPEG;
        break;
    default:
        av_log(s->avctx, AV_LOG_ERROR, "Unhandled pixel format 0x%x\n", pix_fmt_id);
@@ -881,14 +886,19 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int nb_components, int Ah, i
                }
            }

-            if (s->restart_interval && show_bits(&s->gb, 8) == 0xFF){/* skip RSTn */
-                --s->restart_count;
+            if (s->restart_interval) --s->restart_count;
+            i= 8+((-get_bits_count(&s->gb))&7);
+            if (s->restart_interval && show_bits(&s->gb, i)  == (1<<i)-1){ /* skip RSTn */
+                int pos= get_bits_count(&s->gb);
                align_get_bits(&s->gb);
                while(show_bits(&s->gb, 8) == 0xFF)
                    skip_bits(&s->gb, 8);
-                skip_bits(&s->gb, 8);
-                for (i=0; i<nb_components; i++) /* reset dc */
-                    s->last_dc[i] = 1024;
+                if((get_bits(&s->gb, 8)&0xF8) == 0xD0){
+                    for (i=0; i<nb_components; i++) /* reset dc */
+                        s->last_dc[i] = 1024;
+                }else{
+                    skip_bits_long(&s->gb, pos - get_bits_count(&s->gb));
+                }
            }
        }
    }
--- a/libavcodec/mlpdec.c
+++ b/libavcodec/mlpdec.c
@@ -950,7 +950,12 @@ static int output_data_internal(MLPDecodeContext *m, unsigned int substr,
    int32_t *data_32 = (int32_t*) data;
    int16_t *data_16 = (int16_t*) data;

-    if (*data_size < (s->max_channel + 1) * s->blockpos * (is32 ? 4 : 2))
+    if (m->avctx->channels != s->max_matrix_channel + 1) {
+        av_log(m->avctx, AV_LOG_ERROR, "channel count mismatch\n");
+        return AVERROR_INVALIDDATA;
+    }
+
+    if (*data_size < m->avctx->channels * s->blockpos * (is32 ? 4 : 2))
        return -1;

    for (i = 0; i < s->blockpos; i++) {
--- a/libavcodec/motion_est.c
+++ b/libavcodec/motion_est.c
@@ -1040,7 +1040,7 @@ void ff_estimate_p_frame_motion(MpegEncContext * s,
    /* intra / predictive decision */
    pix = c->src[0][0];
    sum = s->dsp.pix_sum(pix, s->linesize);
-    varc = s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)(sum*sum))>>8) + 500;
+    varc = s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)sum*sum)>>8) + 500;

    pic->mb_mean[s->mb_stride * mb_y + mb_x] = (sum+128)>>8;
    pic->mb_var [s->mb_stride * mb_y + mb_x] = (varc+128)>>8;
@@ -1202,7 +1202,7 @@ void ff_estimate_p_frame_motion(MpegEncContext * s,
        if((c->avctx->mb_cmp&0xFF)==FF_CMP_SSE){
            intra_score= varc - 500;
        }else{
-            int mean= (sum+128)>>8;
+            unsigned mean = (sum+128)>>8;
            mean*= 0x01010101;

            for(i=0; i<16; i++){
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -52,14 +52,16 @@ typedef struct MotionPixelsContext {
 static av_cold int mp_decode_init(AVCodecContext *avctx)
 {
    MotionPixelsContext *mp = avctx->priv_data;
+    int w4 = (avctx->width  + 3) & ~3;
+    int h4 = (avctx->height + 3) & ~3;

    motionpixels_tableinit();
    mp->avctx = avctx;
    dsputil_init(&mp->dsp, avctx);
-    mp->changes_map = av_mallocz(avctx->width * avctx->height);
+    mp->changes_map = av_mallocz(avctx->width * h4);
    mp->offset_bits_len = av_log2(avctx->width * avctx->height) + 1;
    mp->vpt = av_mallocz(avctx->height * sizeof(YuvPixel));
-    mp->hpt = av_mallocz(avctx->height * avctx->width / 16 * sizeof(YuvPixel));
+    mp->hpt = av_mallocz(h4 * w4 / 16 * sizeof(YuvPixel));
    avctx->pix_fmt = PIX_FMT_RGB555;
    avcodec_get_frame_defaults(&mp->frame);
    return 0;
@@ -253,6 +255,7 @@ static int mp_decode_frame(AVCodecContext *avctx,
    mp->dsp.bswap_buf((uint32_t *)mp->bswapbuf, (const uint32_t *)buf, buf_size / 4);
    if (buf_size & 3)
        memcpy(mp->bswapbuf + (buf_size & ~3), buf + (buf_size & ~3), buf_size & 3);
+    memset(mp->bswapbuf + buf_size, 0, FF_INPUT_BUFFER_PADDING_SIZE);
    init_get_bits(&gb, mp->bswapbuf, buf_size * 8);

    memset(mp->changes_map, 0, avctx->width * avctx->height);
@@ -279,7 +282,10 @@ static int mp_decode_frame(AVCodecContext *avctx,
    if (sz == 0)
        goto end;

-    init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0);
+    if (mp->max_codes_bits <= 0)
+        goto end;
+    if (init_vlc(&mp->vlc, mp->max_codes_bits, mp->codes_count, &mp->codes[0].size, sizeof(HuffCode), 1, &mp->codes[0].code, sizeof(HuffCode), 4, 0))
+        goto end;
    mp_decode_frame_helper(mp, &gb);
    free_vlc(&mp->vlc);

--- a/libavcodec/mpc7.c
+++ b/libavcodec/mpc7.c
@@ -197,12 +197,19 @@ static int mpc7_decode_frame(AVCodecContext * avctx,
    int i, ch;
    int mb = -1;
    Band *bands = c->bands;
-    int off;
+    int off, out_size;
    int bits_used, bits_avail;

    memset(bands, 0, sizeof(bands));
    if(buf_size <= 4){
        av_log(avctx, AV_LOG_ERROR, "Too small buffer passed (%i bytes)\n", buf_size);
+        return AVERROR(EINVAL);
+    }
+
+    out_size = (buf[1] ? c->lastframelen : MPC_FRAME_SIZE) * 4;
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
    }

    bits = av_malloc(((buf_size - 1) & ~3) + FF_INPUT_BUFFER_PADDING_SIZE);
@@ -277,7 +284,7 @@ static int mpc7_decode_frame(AVCodecContext * avctx,
        *data_size = 0;
        return buf_size;
    }
-    *data_size = (buf[1] ? c->lastframelen : MPC_FRAME_SIZE) * 4;
+    *data_size = out_size;

    return buf_size;
 }
--- a/libavcodec/mpc8.c
+++ b/libavcodec/mpc8.c
@@ -127,6 +127,8 @@ static av_cold int mpc8_decode_init(AVCodecContext * avctx)

    skip_bits(&gb, 3);//sample rate
    c->maxbands = get_bits(&gb, 5) + 1;
+    if (c->maxbands >= BANDS)
+        return AVERROR_INVALIDDATA;
    channels = get_bits(&gb, 4) + 1;
    if (channels > 2) {
        av_log_missing_feature(avctx, "Multichannel MPC SV8", 1);
@@ -241,10 +243,16 @@ static int mpc8_decode_frame(AVCodecContext * avctx,
    GetBitContext gb2, *gb = &gb2;
    int i, j, k, ch, cnt, res, t;
    Band *bands = c->bands;
-    int off;
+    int off, out_size;
    int maxband, keyframe;
    int last[2];

+    out_size = MPC_FRAME_SIZE * 2 * avctx->channels;
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
    keyframe = c->cur_frame == 0;

    if(keyframe){
@@ -260,6 +268,8 @@ static int mpc8_decode_frame(AVCodecContext * avctx,
        maxband = c->last_max_band + get_vlc2(gb, band_vlc.table, MPC8_BANDS_BITS, 2);
        if(maxband > 32) maxband -= 33;
    }
+    if(maxband > c->maxbands)
+        return AVERROR_INVALIDDATA;
    c->last_max_band = maxband;

    /* read subband indexes */
@@ -400,7 +410,7 @@ static int mpc8_decode_frame(AVCodecContext * avctx,
    c->last_bits_used = get_bits_count(gb);
    if(c->cur_frame >= c->frames)
        c->cur_frame = 0;
-    *data_size =  MPC_FRAME_SIZE * 2 * avctx->channels;
+    *data_size =  out_size;

    return c->cur_frame ? c->last_bits_used >> 3 : buf_size;
 }
--- a/libavcodec/mpeg4videoenc.c
+++ b/libavcodec/mpeg4videoenc.c
@@ -898,8 +898,8 @@ static void mpeg4_encode_gop_header(MpegEncContext * s){
    s->last_time_base= FFUDIV(time, s->avctx->time_base.den);

    seconds= FFUDIV(time, s->avctx->time_base.den);
-    minutes= FFUDIV(seconds, 60); FFUMOD(seconds, 60);
-    hours  = FFUDIV(minutes, 60); FFUMOD(minutes, 60);
+    minutes= FFUDIV(seconds, 60); seconds = FFUMOD(seconds, 60);
+    hours  = FFUDIV(minutes, 60); minutes = FFUMOD(minutes, 60);
    hours  = FFUMOD(hours  , 24);

    put_bits(&s->pb, 5, hours);
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -1801,15 +1801,15 @@ static int decode_frame(AVCodecContext * avctx,
        avctx->bit_rate = s->bit_rate;
    avctx->sub_id = s->layer;

-    if(*data_size < 1152*avctx->channels*sizeof(OUT_INT))
-        return -1;
+    if (*data_size < avctx->frame_size * avctx->channels * sizeof(OUT_INT))
+        return AVERROR(EINVAL);
    *data_size = 0;

    if(s->frame_size<=0 || s->frame_size > buf_size){
        av_log(avctx, AV_LOG_ERROR, "incomplete frame\n");
        return -1;
    }else if(s->frame_size < buf_size){
-        av_log(avctx, AV_LOG_ERROR, "incorrect frame size\n");
+        av_log(avctx, AV_LOG_DEBUG, "incorrect frame size - multiple frames in buffer?\n");
        buf_size= s->frame_size;
    }

@@ -1870,6 +1870,9 @@ static int decode_frame_adu(AVCodecContext * avctx,
        avctx->bit_rate = s->bit_rate;
    avctx->sub_id = s->layer;

+    if (*data_size < avctx->frame_size * avctx->channels * sizeof(OUT_INT))
+        return AVERROR(EINVAL);
+
    s->frame_size = len;

    if (avctx->parse_only) {
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -285,9 +285,10 @@ int ff_alloc_picture(MpegEncContext *s, Picture *pic, int shared){
        }

        FF_ALLOCZ_OR_GOTO(s->avctx, pic->mbskip_table , mb_array_size * sizeof(uint8_t)+2, fail) //the +2 is for the slice end check
-        FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table , mb_array_size * sizeof(uint8_t)  , fail)
+        FF_ALLOCZ_OR_GOTO(s->avctx, pic->qscale_table_base , (big_mb_num + s->mb_stride) * sizeof(uint8_t)  , fail)
        FF_ALLOCZ_OR_GOTO(s->avctx, pic->mb_type_base , (big_mb_num + s->mb_stride) * sizeof(uint32_t), fail)
        pic->mb_type= pic->mb_type_base + 2*s->mb_stride+1;
+        pic->qscale_table = pic->qscale_table_base + 2*s->mb_stride + 1;
        if(s->out_format == FMT_H264){
            for(i=0; i<2; i++){
                FF_ALLOCZ_OR_GOTO(s->avctx, pic->motion_val_base[i], 2 * (b4_array_size+4)  * sizeof(int16_t), fail)
@@ -339,7 +340,7 @@ static void free_picture(MpegEncContext *s, Picture *pic){
    av_freep(&pic->mc_mb_var);
    av_freep(&pic->mb_mean);
    av_freep(&pic->mbskip_table);
-    av_freep(&pic->qscale_table);
+    av_freep(&pic->qscale_table_base);
    av_freep(&pic->mb_type_base);
    av_freep(&pic->dct_coeff);
    av_freep(&pic->pan_scan);
@@ -365,8 +366,8 @@ static int init_duplicate_context(MpegEncContext *s, MpegEncContext *base){
    int i;

    // edge emu needs blocksize + filter length - 1 (=17x17 for halfpel / 21x21 for h264)
-    FF_ALLOCZ_OR_GOTO(s->avctx, s->allocated_edge_emu_buffer, (s->width+64)*2*21*2, fail); //(width + edge + align)*interlaced*MBsize*tolerance
-    s->edge_emu_buffer= s->allocated_edge_emu_buffer + (s->width+64)*2*21;
+    FF_ALLOCZ_OR_GOTO(s->avctx, s->allocated_edge_emu_buffer, (s->width+64)*2*21*2*2, fail); //(width + edge + align)*interlaced*MBsize*tolerance
+    s->edge_emu_buffer= s->allocated_edge_emu_buffer + (s->width+64)*2*21*2;

     //FIXME should be linesize instead of s->width*2 but that is not known before get_buffer()
    FF_ALLOCZ_OR_GOTO(s->avctx, s->me.scratchpad,  (s->width+64)*4*16*2*sizeof(uint8_t), fail)
@@ -2307,12 +2308,15 @@ void ff_draw_horiz_band(MpegEncContext *s, int y, int h){

        edge_h= FFMIN(h, s->v_edge_pos - y);

-        s->dsp.draw_edges(s->current_picture_ptr->data[0] +  y         *s->linesize  , s->linesize,
-                          s->h_edge_pos        , edge_h        , EDGE_WIDTH        , EDGE_WIDTH        , sides);
-        s->dsp.draw_edges(s->current_picture_ptr->data[1] + (y>>vshift)*s->uvlinesize, s->uvlinesize,
-                          s->h_edge_pos>>hshift, edge_h>>hshift, EDGE_WIDTH>>hshift, EDGE_WIDTH>>vshift, sides);
-        s->dsp.draw_edges(s->current_picture_ptr->data[2] + (y>>vshift)*s->uvlinesize, s->uvlinesize,
-                          s->h_edge_pos>>hshift, edge_h>>hshift, EDGE_WIDTH>>hshift, EDGE_WIDTH>>vshift, sides);
+        s->dsp.draw_edges(s->current_picture_ptr->data[0] +  y         *s->linesize,
+                          s->linesize,           s->h_edge_pos,         edge_h,
+                          EDGE_WIDTH,            EDGE_WIDTH,            sides);
+        s->dsp.draw_edges(s->current_picture_ptr->data[1] + (y>>vshift)*s->uvlinesize,
+                          s->uvlinesize,         s->h_edge_pos>>hshift, edge_h>>vshift,
+                          EDGE_WIDTH>>hshift,    EDGE_WIDTH>>vshift,    sides);
+        s->dsp.draw_edges(s->current_picture_ptr->data[2] + (y>>vshift)*s->uvlinesize,
+                          s->uvlinesize,         s->h_edge_pos>>hshift, edge_h>>vshift,
+                          EDGE_WIDTH>>hshift,    EDGE_WIDTH>>vshift,    sides);
    }

    h= FFMIN(h, s->avctx->height - y);
--- a/libavcodec/mpegvideo.h
+++ b/libavcodec/mpegvideo.h
@@ -88,6 +88,7 @@ typedef struct Picture{
     * halfpel luma planes.
     */
    uint8_t *interpolated[3];
+    int8_t *qscale_table_base;
    int16_t (*motion_val_base[2])[2];
    uint32_t *mb_type_base;
 #define MB_TYPE_INTRA MB_TYPE_INTRA4x4 //default mb_type if there is just one type
@@ -122,7 +123,7 @@ typedef struct Picture{
    int pic_id;                 /**< h264 pic_num (short -> no wrap version of pic_num,
                                     pic_num & max_pic_num; long -> long_pic_num) */
    int long_ref;               ///< 1->long term reference 0->short term reference
-    int ref_poc[2][2][16];      ///< h264 POCs of the frames used as reference (FIXME need per slice)
+    int ref_poc[2][2][32];      ///< h264 POCs of the frames/fields used as reference (FIXME need per slice)
    int ref_count[2][2];        ///< number of entries in ref_poc              (FIXME need per slice)
    int mbaff;                  ///< h264 1 -> MBAFF frame 0-> not MBAFF
    int field_picture;          ///< whether or not the picture was encoded in seperate fields
--- a/libavcodec/mpegvideo_common.h
+++ b/libavcodec/mpegvideo_common.h
@@ -725,7 +725,7 @@ static av_always_inline void MPV_motion_internal(MpegEncContext *s,
                        0, 0, 0,
                        ref_picture, pix_op, qpix_op,
                        s->mv[dir][0][0], s->mv[dir][0][1], 16);
-        }else if(!is_mpeg12 && (CONFIG_WMV2_DECODER || CONFIG_WMV2_ENCODER) && s->mspel){
+        }else if(!is_mpeg12 && (CONFIG_WMV2_DECODER || CONFIG_WMV2_ENCODER) && s->mspel && s->codec_id == CODEC_ID_WMV2){
            ff_mspel_motion(s, dest_y, dest_cb, dest_cr,
                        ref_picture, pix_op,
                        s->mv[dir][0][0], s->mv[dir][0][1], 16);
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -411,9 +411,10 @@ av_cold int MPV_encode_init(AVCodecContext *avctx)
    if ((s->codec_id == CODEC_ID_MPEG4 || s->codec_id == CODEC_ID_H263 ||
         s->codec_id == CODEC_ID_H263P) &&
        (avctx->sample_aspect_ratio.num > 255 || avctx->sample_aspect_ratio.den > 255)) {
-        av_log(avctx, AV_LOG_ERROR, "Invalid pixel aspect ratio %i/%i, limit is 255/255\n",
+        av_log(avctx, AV_LOG_WARNING, "Invalid pixel aspect ratio %i/%i, limit is 255/255 reducing\n",
               avctx->sample_aspect_ratio.num, avctx->sample_aspect_ratio.den);
-        return -1;
+        av_reduce(&avctx->sample_aspect_ratio.num, &avctx->sample_aspect_ratio.den,
+                   avctx->sample_aspect_ratio.num,  avctx->sample_aspect_ratio.den, 255);
    }

    if((s->flags & (CODEC_FLAG_INTERLACED_DCT|CODEC_FLAG_INTERLACED_ME|CODEC_FLAG_ALT_SCAN))
@@ -972,7 +973,7 @@ static int estimate_best_b_count(MpegEncContext *s){
    c->time_base= s->avctx->time_base;
    c->max_b_frames= s->max_b_frames;

-    if (avcodec_open(c, codec) < 0)
+    if (avcodec_open2(c, codec, NULL) < 0)
        return -1;

    for(i=0; i<s->max_b_frames+2; i++){
@@ -2006,7 +2007,7 @@ static int mb_var_thread(AVCodecContext *c, void *arg){
            int varc;
            int sum = s->dsp.pix_sum(pix, s->linesize);

-            varc = (s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)(sum*sum))>>8) + 500 + 128)>>8;
+            varc = (s->dsp.pix_norm1(pix, s->linesize) - (((unsigned)sum*sum)>>8) + 500 + 128)>>8;

            s->current_picture.mb_var [s->mb_stride * mb_y + mb_x] = varc;
            s->current_picture.mb_mean[s->mb_stride * mb_y + mb_x] = (sum+128)>>8;
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
    const uint8_t *buf = avpkt->data;
    int buf_size = avpkt->size;
    NellyMoserDecodeContext *s = avctx->priv_data;
+    int data_max = *data_size;
    int blocks, i;
    int16_t* samples;
    *data_size = 0;
@@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
     */

    for (i=0 ; i<blocks ; i++) {
+        if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
+            return i > 0 ? i * NELLY_BLOCK_LEN : -1;
        nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
        s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
        *data_size += NELLY_SAMPLES*sizeof(int16_t);
--- a/libavcodec/nuv.c
+++ b/libavcodec/nuv.c
@@ -20,6 +20,7 @@
 */
 #include <stdio.h>
 #include <stdlib.h>
+#include <limits.h>

 #include "libavutil/bswap.h"
 #include "libavutil/lzo.h"
@@ -112,19 +113,23 @@ static int codec_reinit(AVCodecContext *avctx, int width, int height, int qualit
    if (quality >= 0)
        get_quant_quality(c, quality);
    if (width != c->width || height != c->height) {
-        if (av_image_check_size(height, width, 0, avctx) < 0)
-            return 0;
+        // also reserve space for a possible additional header
+        int buf_size = 24 + height * width * 3 / 2 + AV_LZO_OUTPUT_PADDING;
+        if (av_image_check_size(height, width, 0, avctx) < 0 ||
+            buf_size > INT_MAX/8)
+            return -1;
        avctx->width = c->width = width;
        avctx->height = c->height = height;
-        av_fast_malloc(&c->decomp_buf, &c->decomp_size, c->height * c->width * 3 / 2);
+        av_fast_malloc(&c->decomp_buf, &c->decomp_size, buf_size);
        if (!c->decomp_buf) {
            av_log(avctx, AV_LOG_ERROR, "Can't allocate decompression buffer.\n");
-            return 0;
+            return AVERROR(ENOMEM);
        }
        rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, c->lq, c->cq);
+        return 1;
    } else if (quality != c->quality)
        rtjpeg_decode_init(&c->rtj, &c->dsp, c->width, c->height, c->lq, c->cq);
-    return 1;
+    return 0;
 }

 static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
@@ -135,6 +140,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
    AVFrame *picture = data;
    int orig_size = buf_size;
    int keyframe;
+    int size_change = 0;
    int result;
    enum {NUV_UNCOMPRESSED = '0', NUV_RTJPEG = '1',
          NUV_RTJPEG_IN_LZO = '2', NUV_LZO = '3',
@@ -172,18 +178,19 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
        default:
            keyframe = 1; break;
    }
+retry:
    // skip rest of the frameheader.
    buf = &buf[12];
    buf_size -= 12;
    if (comptype == NUV_RTJPEG_IN_LZO || comptype == NUV_LZO) {
-        int outlen = c->decomp_size, inlen = buf_size;
+        int outlen = c->decomp_size - AV_LZO_OUTPUT_PADDING, inlen = buf_size;
        if (av_lzo1x_decode(c->decomp_buf, &outlen, buf, &inlen))
            av_log(avctx, AV_LOG_ERROR, "error during lzo decompression\n");
        buf = c->decomp_buf;
-        buf_size = c->decomp_size;
+        buf_size = c->decomp_size - AV_LZO_OUTPUT_PADDING;
    }
    if (c->codec_frameheader) {
-        int w, h, q;
+        int w, h, q, res;
        if (buf_size < 12) {
            av_log(avctx, AV_LOG_ERROR, "invalid nuv video frame\n");
            return -1;
@@ -191,13 +198,20 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size,
        w = AV_RL16(&buf[6]);
        h = AV_RL16(&buf[8]);
        q = buf[10];
-        if (!codec_reinit(avctx, w, h, q))
-            return -1;
+        res = codec_reinit(avctx, w, h, q);
+        if (res < 0)
+            return res;
+        if (res) {
+            buf = avpkt->data;
+            buf_size = avpkt->size;
+            size_change = 1;
+            goto retry;
+        }
        buf = &buf[12];
        buf_size -= 12;
    }

-    if (keyframe && c->pic.data[0])
+    if ((size_change || keyframe) && c->pic.data[0])
        avctx->release_buffer(avctx, &c->pic);
    c->pic.reference = 3;
    c->pic.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_READABLE |
@@ -259,7 +273,7 @@ static av_cold int decode_init(AVCodecContext *avctx) {
    if (avctx->extradata_size)
        get_quant(avctx, c, avctx->extradata, avctx->extradata_size);
    dsputil_init(&c->dsp, avctx);
-    if (!codec_reinit(avctx, avctx->width, avctx->height, -1))
+    if (codec_reinit(avctx, avctx->width, avctx->height, -1) < 0)
        return 1;
    return 0;
 }
--- a/libavcodec/options.c
+++ b/libavcodec/options.c
@@ -447,10 +447,9 @@ static const AVOption options[]={
 {"lpc_passes", "deprecated, use flac-specific options", OFFSET(lpc_passes), FF_OPT_TYPE_INT, {.dbl = -1 }, INT_MIN, INT_MAX, A|E},
 #endif
 {"slices", "number of slices, used in parallelized decoding", OFFSET(slices), FF_OPT_TYPE_INT, {.dbl = 0 }, 0, INT_MAX, V|E},
-{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_INT, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"},
+{"thread_type", "select multithreading type", OFFSET(thread_type), FF_OPT_TYPE_FLAGS, {.dbl = FF_THREAD_SLICE|FF_THREAD_FRAME }, 0, INT_MAX, V|E|D, "thread_type"},
 {"slice", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_SLICE }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
 {"frame", NULL, 0, FF_OPT_TYPE_CONST, {.dbl = FF_THREAD_FRAME }, INT_MIN, INT_MAX, V|E|D, "thread_type"},
-{"vbv_delay", "initial buffer fill time in periods of 27Mhz clock", 0, FF_OPT_TYPE_INT64, {.dbl = 0 }, 0, INT64_MAX},
 {"audio_service_type", "audio service type", OFFSET(audio_service_type), FF_OPT_TYPE_INT, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN }, 0, AV_AUDIO_SERVICE_TYPE_NB-1, A|E, "audio_service_type"},
 {"ma", "Main Audio Service", 0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_MAIN },              INT_MIN, INT_MAX, A|E, "audio_service_type"},
 {"ef", "Effects",            0, FF_OPT_TYPE_CONST, {.dbl = AV_AUDIO_SERVICE_TYPE_EFFECTS },           INT_MIN, INT_MAX, A|E, "audio_service_type"},
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -471,7 +471,8 @@ static int decode_frame(AVCodecContext *avctx,
                    avctx->pix_fmt = PIX_FMT_MONOBLACK;
                } else if (s->color_type == PNG_COLOR_TYPE_PALETTE) {
                    avctx->pix_fmt = PIX_FMT_PAL8;
-                } else if (s->color_type == PNG_COLOR_TYPE_GRAY_ALPHA) {
+                } else if (s->bit_depth == 8 &&
+                           s->color_type == PNG_COLOR_TYPE_GRAY_ALPHA) {
                    avctx->pix_fmt = PIX_FMT_GRAY8A;
                } else {
                    goto fail;
--- a/libavcodec/ppc/asm.S
+++ b/libavcodec/ppc/asm.S
@@ -44,10 +44,13 @@ X(\name):
 L(\name):
 .endm

-.macro movrel rd, sym
+.macro movrel rd, sym, gp
    ld      \rd, \sym@got(r2)
 .endm

+.macro get_got rd
+.endm
+
 #else /* ARCH_PPC64 */

 #define PTR  .int
@@ -65,19 +68,25 @@ X(\name):
 \name:
 .endm

-.macro movrel rd, sym
+.macro movrel rd, sym, gp
 #if CONFIG_PIC
-    bcl             20, 31, lab_pic_\@
-lab_pic_\@:
-    mflr    \rd
-    addis   \rd, \rd, (\sym - lab_pic_\@)@ha
-    addi    \rd, \rd, (\sym - lab_pic_\@)@l
+    lwz     \rd, \sym@got(\gp)
 #else
    lis     \rd, \sym@ha
    la      \rd, \sym@l(\rd)
 #endif
 .endm

+.macro get_got rd
+#if CONFIG_PIC
+    bcl     20, 31, .Lgot\@
+.Lgot\@:
+    mflr    \rd
+    addis   \rd, \rd, _GLOBAL_OFFSET_TABLE_ - .Lgot\@@ha
+    addi    \rd, \rd, _GLOBAL_OFFSET_TABLE_ - .Lgot\@@l
+#endif
+.endm
+
 #endif /* ARCH_PPC64 */

 #if HAVE_IBM_ASM
--- a/libavcodec/ppc/fft_altivec_s.S
+++ b/libavcodec/ppc/fft_altivec_s.S
@@ -353,6 +353,7 @@ extfunc ff_fft_calc\interleave\()_altivec
    mflr    r0
    stp     r0, 2*PS(r1)
    stpu    r1, -(160+16*PS)(r1)
+    get_got r11
    addi    r6, r1, 16*PS
    stvm    r6, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29
    mfvrsave r0
@@ -360,14 +361,14 @@ extfunc ff_fft_calc\interleave\()_altivec
    li      r6, 0xfffffffc
    mtvrsave r6

-    movrel  r6, fft_data
+    movrel  r6, fft_data, r11
    lvm     r6, v14, v15, v16, v17, v18, v19, v20, v21
    lvm     r6, v22, v23, v24, v25, v26, v27, v28, v29

    li      r9, 16
-    movrel  r12, X(ff_cos_tabs)
+    movrel  r12, X(ff_cos_tabs), r11

-    movrel  r6, fft_dispatch_tab\interleave\()_altivec
+    movrel  r6, fft_dispatch_tab\interleave\()_altivec, r11
    lwz     r3, 0(r3)
    subi    r3, r3, 2
    slwi    r3, r3, 2+ARCH_PPC64
--- a/libavcodec/pthread.c
+++ b/libavcodec/pthread.c
@@ -332,6 +332,9 @@ static int update_context_from_thread(AVCodecContext *dst, AVCodecContext *src,
        dst->height    = src->height;
        dst->pix_fmt   = src->pix_fmt;

+        dst->coded_width  = src->coded_width;
+        dst->coded_height = src->coded_height;
+
        dst->has_b_frames = src->has_b_frames;
        dst->idct_algo    = src->idct_algo;
        dst->slice_count  = src->slice_count;
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .7.2
 .7.8