This should make no difference but the variable will be used in a subsequent commit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8893f31e20)
The T-REC-H.265-2013044 page 79 states they have to be into the range
[-s->sps->qp_bd_offset, 51].
Fixes: asan_stack-oob_eae8e3_9522_WP_MAIN10_B_Toshiba_3.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit aead772b58)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The tile 0 cannot depend on a previous one.
Prevent an out of array bound load in ff_hevc_cabac_init().
Fixes: asan_heap-oob_e3a924_1630_DBLK_A_MAIN10_VIXS_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Guillaume Martres <smarter@ubuntu.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 48a5b15543)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The src buffer should only contain values in the interval
[0, (1 << BIT_DEPTH) - 1]. Since shift = (BIT_DEPTH - 5), src[x] >> shift
must be in the interval [0, 31], so no clip is needed.
This removes the code that was changed in 5856bca360
as the clip that was repositioned in that commit is removed
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b00a8b4d19)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This is a more proper fix than 5856bca360
The reconstructed picture should always be clipped (see section 8.6.5),
previously we did not clip coding units where
cu_transquant_bypass_flag == 1
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c9fe0caf7a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevent an out of array bound read.
Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5856bca360)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes use of uninitialized memory and out of stack array read
Fixes: signal_sigsegv_ecc526_7846_WPP_C_ericsson_MAIN_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0999f1613b)
Conflicts:
libavcodec/hevc.c
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f8b64436530_7895_quicktime_newcodec_applelosslessaudiocodec.m4a
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e11983bda0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes use of uninitialized memory
partly fixes: msan_uninit-mem_7f7834b6a530_6473_luckynight-partial.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6b18a6839b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes use of uninitialized memory
partly fixes: msan_uninit-mem_7f7834b6a530_6473_luckynight-partial.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ae3856dcaf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Avoids len from becoming negative and causing assertion failure
Fixes: signal_sigabrt_7ffff7126425_5140_fd44dc63fa7bdd12ee34fc602231ef02.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6060234d43)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_heap-uaf_ae6067_5415_g2m4.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6d9dad6a7c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes assertion failure
Fixes asan_static-oob_16431c0_8036_rio_bravo_mono_64_spx.ac3
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4782c4284f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes asan_static-oob_eb9812_5961_iv41.avi
This reverts the merge of c9ef6b0932
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit c3d5cd1ebf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes qp fields becoming out of range
Fixes: asan_static-oob_e393a3_6998_WPP_A_ericsson_MAIN10_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4ced5d7780)
Conflicts:
libavcodec/hevc_filter.c
This matches how its done for SPS/PPS.
An alternative to this is to check it when its used.
Fixes null pointer dereference
Fixes: signal_sigsegv_e30a43_1437_CIP_A_Panasonic_3.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d66bab0a69)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This ensures that theres just one AVFrame allocation function and libs dont
produce multiple AVFrame variants after a minor lib update
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5abdda214d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
AVFrames cannot be copied literally, their definition is in
avutil and their extended_data can point to their data[]
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4c1b4ae1ba)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'd4f1188d1a':
dv: use AVFrame API properly
Conflicts:
libavcodec/dvdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 94a849b8b6)
Conflicts:
libavcodec/dv.h
libavcodec/dvdec.c
libavcodec/dvenc.c
Author of the merged code: Anton Khirnov
* commit 'd351ef47d0':
pthread_frame: use the AVFrame API properly.
Conflicts:
libavcodec/pthread_frame.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 45fd4ec9ef)
Conflicts:
libavcodec/pthread_frame.c
Author of the merged code: Anton Khirnov
* commit 'b605b123ef':
mxpegdec: use the AVFrame API properly.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8947f47fdf)
Author of the merged code: Anton Khirnov
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'afa21a12bf':
p*menc: use the AVFrame API properly.
Conflicts:
libavcodec/Makefile
libavcodec/pamenc.c
libavcodec/pnmenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 37945584bf)
Author of the merged code: Anton Khirnov
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e2274aa555':
mjpegdec: use the AVFrame API properly.
Conflicts:
libavcodec/mjpegdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6393038676)
Author of the merged code: Anton Khirnov
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
