* qatar/release/0.8:
Update Changelog
h264: check ref_count validity for num_ref_idx_active_override_flag
h264: check context state before decoding slice data partitions
oggdec: free the ogg streams on read_header failure
oggdec: check memory allocation
Fix uninitialized reads on malformed ogg files.
rtsp: Recheck the reordering queue if getting a new packet
opt: avoid segfault in av_opt_next() if the class does not have an option list
alacdec: do not be too strict about the extradata size
Conflicts:
Changelog
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a335ffd7f4':
h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
h264: check sps.log2_max_frame_num for validity
h264: slice-mt: get last_pic_dropable from master context
ppc: always use pic for shared libraries
h264: error out on unset current_picture_ptr for h->current_slice > 0
flashsv: make sure data for zlib priming is available
h264: enable low delay only if no delayed frames were seen
flashsv: check for keyframe before using differential coding
lavf: avoid integer overflow in ff_compute_frame_duration()
aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
APIchanges: Fill in missing commit hashes
Conflicts:
doc/APIchanges
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '01a4e7f623':
lavf: Bump minor version to distinguish branch and master version numbers
vp6: properly fail on unsupported feature
mp3: properly forward mp_decode_frame errors
mpeg12: do not decode extradata more than once.
indeo3: when freeing buffers, set pointers referencing them to NULL as well
indeo3: ensure that decoded cell data is in 7-bit range as presumed by decoder
avconv: fix copying per-stream metadata.
id3v2: fix reading unsynchronized frames.
h264: Fix parameters to ff_er_add_slice() call
build: fix 'clean' target
Conflicts:
avconv.c
libavcodec/mpeg12.h
libavformat/id3v2.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'dcf8f259d1':
build: Add 'check' target to run all compile and test targets.
Ignore generated aviocat tool.
avconv: only apply presets when we have an encoder.
flacenc: ensure the order is within the min/max range in LPC order search
yuv4mpeg: reject unsupported codecs
vp8: reset loopfilter delta values at keyframes.
vp56: release frames on error
vp56: make parse_header return standard error codes
ivi_common: check that scan pattern is set before using it.
Prepare for 0.8.5 Release
x86: Require an assembler able to cope with AVX instructions
Conflicts:
RELEASE
avconv.c
doc/developer.texi
libavformat/yuv4mpeg.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes segfault in the fuzzed sample bipbop234.ts_s226407.
CC: libav-stable@libav.org
(cherry-picked from commit 6e5cdf2628)
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
Fixes infinite or long taking loop in frame num gap code in
the fuzzed sample bipbop234.ts_s223302.
CC: libav-stable@libav.org
(cherry picked from commit d7d6efe42b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Sometimes the extradata has duplicate atoms, but that shouldn't prevent
decoding. Just ensure that it is at least 36 bytes as a sanity check.
CC: libav-stable@libav.org
(cherry picked from commit 68a04b0cce)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fixes a segfault in the fuzzed sample resolutionchange.flv_s314809.
CC: libav-stable@libav.org
(cherry picked from commit 3ae69b9166)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Dropping frames is undesirable but that is the only way by which the
decoder could return to low delay mode. Instead emit a warning and
continue with delayed frames.
Fixes a crash in fuzzed sample nasa-8s2.ts_s20033 caused by a larger
than expected has_b_frames value. Low delay keeps getting re-enabled
from a presumely broken SPS.
CC: libav-stable@libav.org
(cherry picked from commit 706acb558a)
Conflicts:
libavcodec/h264.c
Fixes a segfault in te fuzzed sample resolutionchange.flv_s211713.
CC: libav-stable@libav.org
(cherry picked from commit 5ae72f5453)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Interlacing is not supported at all and mismanaged down the normal
codepaths causing possible buffer management issues.
Fixes: CVE-2012-2783
(cherry picked from commit be75fed975)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The function can return either a parsing error or a memory management
error.
Fixes: CVE-2012-2797
(cherry picked from commit 9ab0874ea8)
Conflicts:
libavcodec/mpegaudiodec.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
s->mb_x is reset to zero a couple of lines above. It does not make
sense to call ff_er_add_slice() with 0 as endx when the end of the
macroblock row was reached. Fixes unnecessary and counterproductive
error resilience in https://bugzilla.libav.org/show_bug.cgi?id=394.
(cherry picked from commit e6160bda98)
Conflicts:
libavcodec/h264.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This fixes use of uninitialized values when the FLAC encoder uses the
2-level, 4-level, and 8-level search methods. Fixes failure of the
fate-flac-24-comp-8 test when run using valgrind.
(cherry picked from commit 3a2731cbd3)
Conflicts:
libavcodec/flacenc.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This is consistent with the other ff_ass_split_* functions.
It also fixes a crash when trying to split a dialog with text=NULL
(which seems to happen when the text of the dialog is empty); basically,
this commit fixes crashes when trying to encode an empty text subtitle
dialog (see subrip and mov_text encoders).
Fixes Ticket2048.
(cherry picked from commit c83002a4f8)
Fixes CID733737
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 93ef29b6f4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID717905
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit feaff427c0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID604124
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 20ec0d2a75)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID703620
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b3eb4f54c0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID717910
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1037e484f0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes division by 0
Fixes CID733736
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 670b927aa2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of CID717913
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8dc8994427)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of CID717913
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4acfe3d193)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
if 0.0 != 0.0 a out of array read would occur, equal checks
with floating point may behave in such odd ways, though
this is very unlikely in a real implementation of a compiler
Fixes: CID718936
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 54b2d317ed)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID732250
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2340831b8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This makes no difference with the current #defines
Fixes CID732255
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3a48e38ad0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID610345.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit caa7e24eb1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID733728 & CID733729.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 313b40efbd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID733795
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 104b1d9e10)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'be209bdabb':
vf_pad: don't give up its own reference to the output buffer.
libvorbis: use VBR by default, with default quality of 3
libvorbis: fix use of minrate/maxrate AVOptions
h264: fix deadlocks on incomplete reference frame decoding.
cmdutils: avoid setting data pointers to invalid values in alloc_buffer()
avidec: return 0, not packet size from read_packet().
wmapro: prevent division by zero when sample rate is unspecified
vc1dec: check that coded slice positions and interlacing match.
alsdec: fix number of decoded samples in first sub-block in BGMC mode.
alsdec: remove dead assignments
alsdec: Fix out of ltp_gain_values read.
alsdec: Check that quantized parcor coeffs are within range.
alsdec: Check k used for rice decoder.
Conflicts:
avconv.c
libavcodec/h264.c
libavcodec/libvorbis.c
libavformat/avidec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '15c2e8027f':
wav: do not fail on empty INFO tags
cavsdec: check for changing w/h.
indeo4: update AVCodecContext width/height on size change
avidec: use actually read size instead of requested size
wmaprodec: check num_vec_coeffs for validity
lagarith: check count before writing zeros.
indeo3: fix out of cell write.
indeo5: check tile size in decode_mb_info().
indeo5: prevent null pointer dereference on broken files
indeo5dec: Make sure we have had a valid gop header.
indeo4/5: check empty tile size in decode_mb_info().
ivi_common: make ff_ivi_process_empty_tile() static.
Conflicts:
libavcodec/indeo5.c
libavformat/wav.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
