* commit '330c180324':
matroskaenc: allow override of "writing application" tag
avfilter: Add missing emms_c when needed
mpeg12: check scantable indices in all decode_block functions
Conflicts:
libavformat/matroskaenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '71b8c8430c':
sgidec: fix buffer size check in expand_rle_row()
adx: check that the offset is not negative
mpegvideo: set reference/pict_type on generated reference frames
Conflicts:
libavcodec/mpegvideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '2cbc8dfedd':
h264: check buffer size before accessing it
configure: use utilities from /usr/xpg4/bin if it exists
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f1a8885ae9':
doc: Point to the correct, actually maintained gas-preprocessor repo
Conflicts:
doc/platform.texi
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'aedf1a2996':
Update Changelog for 0.8.11
configure: Update freetype check to follow upstream
Conflicts:
Changelog
Changelog not merged as it does not match for FFmpeg
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ec772cca60':
drawtext: Drop pointless header
configure: Support preprocessor macros as header names
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is basically an overread/overwrite-safe memcpy between a
GetByteContext and a PutByteContext.
CC:libav-stable@libav.org
(cherry picked from commit 5748faf291)
Prevents using GetBitContexts with data from previous calls.
Fixes access to freed memory.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Otherwise the ER code might try to use some already freed references.
Fixes possible access to freed memory.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
In this case we may not have a current frame, while first_field being
set implies we do.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Higher modes are not allowed for 16x16/chroma, which is what this
function is used for. Otherwise this function would return 0 (vertical
prediction) for invalid higher modes, which could result in invalid
reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
There is no point in delaying the check and it avoids bugs with a
half-initialized context.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
CC:libav-stable@libav.org
(cherry picked from commit de9d2705f6)
Otherwise the generic code will unref them, which can then result in
last_picture_ptr == current_picture_ptr, which causes deadlocks at least
in rv40.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
If it was set before then we can end up trying to decode a slice without
a valid slice header, which can lead to invalid memory access.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Solaris defaults to non-standard utilities (grep, sed, ...) with
proper ones being in /usr/xpg4/bin. Prefixing PATH with this
directory when it exists ensures we get correct variants.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Avoid a division by 0 in ff_mpeg4_set_one_direct_mv.
Sample-Id: 00000168-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 9514440337)
(cherry picked from commit 5df52b0131)
(cherry picked from commit aa2a3ca27a)
New versions of FreeType have moved the location of their API
header(s) and hide the location behind a macro.
Since the location changes between versions and no other way
to know the location exists, this workaround becomes necessary.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 52ccc4a0ec)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
configure
Fixes out of array read
Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61d59703c9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c919e1ca2e)
Conflicts:
libavcodec/msrle.c
(cherry picked from commit bc1c8ec5e6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
