Changelog: Update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

CREDITS

@@ -1,6 +1,6 @@
-See the Git history of the project (git://source.ffmpeg.org/ffmpeg) to
+See the Git history of the project (https://git.ffmpeg.org/ffmpeg) to
 get the names of people who have contributed to FFmpeg.
 
 To check the log, you can type the command "git log" in the FFmpeg
 source directory, or browse the online repository at
-http://source.ffmpeg.org.
+https://git.ffmpeg.org/ffmpeg

Changelog

@@ -1,7 +1,896 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
-version <next>:
+version 4.4.6:
+ avcodec/takdec: Check remaining space for first predictors
+ avcodec/svq3: Check there are bits left before decompression
+ avcodec/sonic: Check num_taps
+ avformat/mov: reject negative ELST durations
+ avformat/avidec: Ignore duplicate GAB2
+ avcodec/h264_mb: Fix tmp_cr for arm
+ avcodec/vorbisdec: Dont treat overread as error
+ libpostproc: check minimum size
+ avformat/hls: Fix flash1.bogulus.cfd support
+ avformat/hls: Split allowed_segment_extensions off allowed_extensions
+ avformat/hls: Fix Youtube AAC
+ avformat/hls: add fmp4 to allowed_extensions
+ avformat/hls: Add ec3 to allowed_extensions
+ avformat/hls: Add cmfv and cmfa to allowed_extensions
+ configure: Clearer documentation for "disable-safe-bitstream-reader"
+ swscale/output: Fix integer overflow in yuv2gbrp_full_X_c()
+ avcodec/libtheora: fix setting keyframe_mask
+ avfilter/buffersrc: check for valid sample rate
+ doc: replace http/git by https urls
+ Update for 4.4.6
+ configure: update copyright year
+ avformat/hls: Partially revert "reduce default max reload to 3"
+ avformat/hls: Fix twitter
+ libavformat/hls: Be more restrictive on mpegts extensions
+ avformat/hls: .ts is always ok even if its a mov/mp4
+ avformat/hls: Print input format in error message
+ avformat/hls: Be more picky on extensions
+ avformat: add ff_match_url_ext()
+ avfilter/bwdif: account for chroma sub-sampling in min size calculation
+ avformat/iff: Check that we have a stream in read_dst_frame()
+ avformat/mlvdec: fix size checks
+ avformat/mxfdec: Check edit unit for overflow in mxf_set_current_edit_unit()
+ avcodec/h263dec: Check against previous dimensions instead of coded
+ avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
+ avcodec/huffyuvdec: Initialize whole output for decode_gray_bitstream()
+ avformat/ipmovie: Check signature_buffer read
+ avformat/wtvdec: Initialize buf
+ avcodec/cbs_vp9: Initialize VP9RawSuperframeIndex
+ avformat/vqf: Propagate errors from add_metadata()
+ avformat/vqf: Check avio_read() in add_metadata()
+ avformat/dashdec: Check whitelist
+ avutil/avstring: dont mess with NULL pointers in av_match_list()
+ avfilter/vf_v360: Fix NULL pointer use
+ avcodec/mpegvideo_enc: Check FLV1 resolution limits
+ avcodec/ffv1enc: Fix handling of 32bit unsigned symbols
+ avcodec/vc1dec: Clear block_index in vc1_decode_reset()
+ avcodec/aacsbr_template: Clear n_q on error
+ swscale/output: Fix undefined overflow in yuv2rgba64_full_X_c_template()
+ avfilter/af_pan: Fix sscanf() use
+ avfilter/vf_addroi: Add missing NULL termination to addroi_var_names[]()
+ avformat/rmdec: check that buf if completely filled
+ avcodec/hapdec: Clear tex buffer
+ avformat/mxfdec: Check that key was read sucessfull
+ avformat/rpl: Fix check for negative values
+ avformat/mlvdec: Check avio_read()
+ avcodec/utils: Fix block align overflow for ADPCM_IMA_WAV
+ avformat/matroskadec: Check pre_ns for overflow
+ avutil/timecode: Avoid fps overflow in av_timecode_get_smpte_from_framenum()
+ avcodec/webp: Check ref_x/y
+ avcodec/ilbcdec: Initialize tempbuff2
+ avformat/dxa: check bpc
+ swscale/slice: clear allocated memory in alloc_lines()
+ avcodec/mjpegdec: Disallow progressive bayer images
+ avformat/icodec: fix integer overflow with nb_pal
+ doc/developer: Document relationship between git accounts and MAINTAINERS
+ avformat/vividas: Check avio_read() for failure
+ avformat/ilbc: Check avio_read() for failure
+ avformat/nistspheredec: Clear buffer
+ avformat/mccdec: Initialize and check rate.den
+ INSTALL: explain the circular dependency issue and solution
+ avformat/mpegts: Initialize predefined_SLConfigDescriptor_seen
+ avformat/mxfdec: Fix overflow in midpoint computation
+ swscale/output: used unsigned for bit accumulation
+ avcodec/rangecoder: only perform renorm check/loop for callers that need it
+ avcodec/ffv1dec: Fix end computation with ec=2
+ avcodec/ffv1enc: Prevent generation of files with broken slices
+ avformat/matroskadec: Check desc_bytes so bits fit in 64bit
+ avcodec/ffv1enc: Correct error message about unsupported version
+ avcodec/ffv1enc: Slice combination is unsupported
+ avcodec/ffv1enc: 2Pass mode is not possible with golomb coding
+ avcodec/ffv1enc: Fix >8bit context size
+ avcodec/xan: Add basic input size check
+ avcodec/svq3: Check for minimum size input
+ avcodec/eacmv: Check input size for intra frames
+ avcodec/jfdctint_template: use unsigned z* in row_fdct()
+ avformat/mxfdec: Check timecode for overflow
+ avformat/mxfdec: More offset_temp checks
+ swscale/output: Fix undefined integer overflow in yuv2rgba64_2_c_template()
+ swscale/swscale: Use unsigned operation to avoid undefined behavior
+ avcodec/vc2enc: basic sanity check on slice_max_bytes
+ avformat/mvdec: Check if name was fully read
+ avcodec/wmavoice: Do not use uninitialized pitch[0]
+ avformat/argo_brp: Check that ASF chunk header is completely read
+ avcodec/notchlc: Check bytes left before reading
+ avcodec/vc1_block: propagate error codes
+ avformat/apetag: Check APETAGEX
+ avcodec/avcodec: Warn about data returned from get_buffer*()
+ avcodec/aic: Clear slice_data
+ avcodec/vc1dec: Clear mb_type_base and ttblk_base
+ avcodec/shorten: clear padding
+ avformat/mpeg: Check an avio_read() for failure
+ avcodec/mvha: Clear remaining space after inflate()
+ avformat/segafilm: Set keyframe
+ avcodec/sga: av_assert1 check init_get_bits8()
+ avcodec/dxva2: initialize hr in ff_dxva2_common_end_frame()
+ avcodec/dxva2: initialize validate
+ avcodec/dxva2: Initialize ConfigBitstreamRaw
+ avcodec/dxva2: Initialize dxva_size and check it
+ avfilter/vf_xfade: Compute w2, h2 with float
+ avfilter/vf_v360: Assert that vf was initialized
+ avfilter/vf_tonemap_opencl: Dereference after NULL check
+ avfilter/vf_xfade_opencl: Check ff_inlink_consume_frame() for failure
+ avformat/lmlm4: Eliminate some AVERROR(EIO)
+ avformat/wtvdec: Check length of read mpeg2_descriptor
+ avformat/wtvdec: clear sectors
+ avcodec/parser: ensure input padding is zeroed
+ avformat/img2dec: Clear padding data after EOF
+ avformat/wavdec: Check if there are 16 bytes before testing them
+ avcodec/snow: Fix off by 1 error in run_buffer
+ avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
+ lsws/ppc/yuv2rgb_altivec: Fix build in non-VSX environments with Clang v2
+ lsws/ppc/yuv2rgb_altivec: Fix build in non-VSX environments with Clang
+ avformat/mov: (v4) fix get_eia608_packet
+ configure: Improve the check for the rsync --contimeout option
+ rtmpproto: Avoid rare crashes in the fail: codepath in rtmp_open
+ vp9: recon: Use emulated edge to prevent buffer overflows
+ arm: vp9mc: Load only 12 pixels in the 4 pixel wide horizontal filter
+ aarch64: vp9mc: Load only 12 pixels in the 4 pixel wide horizontal filter
+ avcodec/libx265: unbreak build for X265_BUILD >= 213
+ lavc/libx265: unbreak build for X265_BUILD >= 210
+ avformat/libzmq: fix check for zmq protocol prefix
+ configure: improve check for POSIX ioctl
+ configure: restore autodetection of v4l2 and fbdev
+ configure: use just the pkg-config for sndio
+ libavcodec/arm/mlpdsp_armv5te: fix label format to work with binutils 2.43
+
+version 4.4.5:
+ avcodec/cfhdenc: Height of 16 is not supported
+ avcodec/cfhdenc: Allocate more space
+ avcodec/vaapi_encode: Check hwctx
+ avcodec/proresdec: Consider negative bits left
+ avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices
+ avutil/slicethread: Check pthread_*_init() for failure
+ avutil/frame: Check log2_crop_align
+ avutil/buffer: Check ff_mutex_init() for failure
+ avformat/xmv: Check this_packet_size
+ avformat/ty: rec_size seems to only need 32bit
+ avformat/tty: Check avio_size()
+ avformat/siff: Basic pkt_size check
+ avformat/sauce: Check avio_size() for failure
+ avformat/sapdec: Check ffurl_get_file_handle() for error
+ avformat/nsvdec: Check asize for PCM
+ avformat/mp3dec: Check header_filesize
+ avformat/mp3dec; Check for avio_size() failure
+ avformat/mov: Use 64bit for str_size
+ avformat/mm: Check length
+ avformat/hnm: Check *chunk_size
+ avformat/hlsenc: Check ret
+ avformat/bintext: Check avio_size() return
+ avformat/asfdec_o: Check size of index object
+ avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure
+ avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions()
+ avfilter/vf_lut3d: Check av_scanf()
+ avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables
+ swscale/output: Fix integer overflows in yuv2rgba64_X_c_template
+ avformat/mxfdec: Reorder elements of expression in bisect loop
+ avcodec/pnmdec: Use 64bit for input size check
+ avcodec/utvideoenc: Use unsigned shift to build flags
+ avcodec/vc2enc: Fix overflows with storing large values
+ avcodec/mpegvideo_enc: Do not duplicate pictures on shifting
+ avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
+ avcodec/tiff: Check value on positive signed targets
+ avfilter/vf_bm3d: Dont round MSE2SSE to an integer
+ avdevice/dshow: Check device_filter_unique_name before use
+ avdevice/dshow_filter: Use wcscpy_s()
+ avcodec/flac_parser: Assert that we do not overrun the link_penalty array
+ avcodec/pixlet: Simplify pfx computation
+ avcodec/motion_est: Fix score squaring overflow
+ avcodec/loco: Check loco_get_rice() for failure
+ avcodec/loco: check get_ur_golomb_jpegls() for failure
+ avcodec/imm4: check cbphi for error
+ avcodec/iff: Use signed count
+ avcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()
+ avcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()
+ avcodec/dxv: Fix type in get_opcodes()
+ avcodec/cri: Check length
+ avcodec/xsubdec: Check parse_timecode()
+ avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
+ doc/examples/mux: remove nop
+ avcodec/proresenc_kostya: use unsigned alpha for rotation
+ avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly
+ avformat/rmdec: use 64bit for audio_framesize checks
+ avutil/hwcontext_d3d11va: correct sizeof IDirect3DSurface9
+ avutil/hwcontext_d3d11va: correct sizeof AVD3D11FrameDescriptor
+ doc/examples/vaapi_encode: Try to check fwrite() for failure
+ avformat/tls_schannel: Initialize ret
+ avformat/subfile: Assert that whence is a known case
+ avformat/subfile: Merge if into switch()
+ avformat/rtsp: Check that lower transport is handled in one of the if()
+ avformat/rtsp: initialize reply1
+ avformat/rtsp: use < 0 for error check
+ avformat/rtpenc_vc2hq: Check sizes
+ avfilter/af_aderivative: Free out on error
+ avfilter/af_pan: check nb_output_channels before use
+ cbs_av1: Reject thirty-two zero bits in uvlc code
+ avfilter/af_mcompand: compute half frequency in double
+ tools/coverity: Phase 1 study of anti-halicogenic for coverity av_rescale()
+ avfilter/vf_avgblur: Check plane instead of AVFrame
+ avformat/rdt: Check pkt_len
+ avformat/mpeg: Check len in mpegps_probe()
+ avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
+ avcodec/mfenc: check IMFSample_ConvertToContiguousBuffer() for failure
+ avcodec/vc1_loopfilter: Factor duplicate code in vc1_b_h_intfi_loop_filter()
+ avformat/img2dec: assert no pipe on ts_from_file
+ avcodec/cbs_jpeg: Try to move the read entity to one side in a test
+ avformat/mov: Check edit list for overflow
+ fftools/ffmpeg: Check read() for failure
+ swscale/output: Avoid undefined overflow in yuv2rgb_write_full()
+ swscale/output: alpha can become negative after scaling, use multiply
+ avcodec/targaenc: Allocate space for the palette
+ avcodec/r210enc: Use av_rescale for bitrate
+ avcodec/jfdctint_template: Fewer integer anomalies
+ avcodec/snowenc: MV limits due to mv_penalty table size
+ avformat/mxfdec: Check container_ul->desc before use
+ MAINTAINERS: Update the entries for the release maintainer for FFmpeg
+ configure: update copyright year
+ avfilter/vf_rotate: Check ff_draw_init2() return value
+ avformat/matroskadec: Assert that num_levels is non negative
+ avformat/libzmq: Check av_strstart()
+ avformat/img2dec: Move DQT after unrelated if()
+ avdevice/xcbgrab: Check sscanf() return
+ fftools/cmdutils: Add protective () to FLAGS
+ avformat/sdp: Check before appending ","
+ avcodec/ilbcdec: Remove dead code
+ avcodec/vp8: Check cond init
+ avcodec/vp8: Check mutex init
+ avcodec/notchlc: Check init_get_bits8() for failure
+ avcodec/tests/dct: Use 64bit in intermediate for error computation
+ avcodec/scpr3: Check add_dec() for failure
+ avcodec/rv34: assert that size is not 0 in rv34_gen_vlc_ext()
+ avcodec/wavpackenc: Use unsigned for potential 31bit shift
+ avcodec/tests/jpeg2000dwt: Use 64bit in comparission
+ avcodec/tests/jpeg2000dwt: Use 64bit in err2 computation
+ avformat/fwse: Remove always false expression
+ avcodec/sga: Make it clear that the return is intentionally not checked
+ avformat/asfdec_f: Use 64bit for preroll computation
+ avformat/argo_asf: Use 64bit in offset intermediate
+ avformat/ape: Use 64bit for final frame size
+ avcodec/tiff: Assert init_get_bits8() success in unpack_gray()
+ avcodec/tiff: Assert init_get_bits8() success in horizontal_fill()
+ swscale/yuv2rgb: Use 64bit for brightness computation
+ avutil/tests/opt: Check av_set_options_string() for failure
+ avutil/tests/dict: Check av_dict_set() before get for failure
+ avdevice/dshow: fix badly indented line
+ avcodec/mscc & mwsc: Check loop counts before use
+ avcodec/mpegvideo_enc: Fix potential overflow in RD
+ avcodec/mpeg4videodec: assert impossible wrap points
+ avcodec/mpeg12dec: Use 64bit in bit computation
+ avcodec/vble: Check av_image_get_buffer_size() for failure
+ avcodec/vp3: Replace check by assert
+ avcodec/jpeg2000dec: remove ST=3 case
+ avcodec/qsvdec: Check av_image_get_buffer_size() for failure
+ avcodec/exr: Fix preview overflow
+ avcodec/fmvc: remove dead assignment
+ avcodec/h264_slice: Remove dead sps check
+ avcodec/lpc: copy levenson coeffs only when they have been computed
+ avutil/tests/base64: Check with too short output array
+ libavutil/base64: Try not to write over the array end
+ avcodec/cbs_av1: Avoid shift overflow
+ doc/examples/demux_decode: Simplify loop
+ avcodec/mpegvideo_enc: Fix 1 line and one column images
+ swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
+ swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
+ avformat/mxfdec: Check body_offset
+ avformat/kvag: Check sample_rate
+ avcodec/ac3_parser: Check init_get_bits8() for failure
+ avcodec/pngdec: Check last AVFrame before deref
+ avcodec/hevcdec: Check ref frame
+ doc/examples/vaapi_transcode: Simplify loop
+ avfilter/vf_thumbnail_cuda: Set ret before checking it
+ avfilter/signature_lookup: Dont copy uninitialized stuff around
+ avfilter/signature_lookup: Fix 2 differences to the refernce SW
+ lavc/vp9: reset segmentation fields when segmentation isn't enabled
+ configure: enable ffnvcodec, nvenc, nvdec for FreeBSD
+ avcodec/x86/vp3dsp_init: Set correct function pointer, fix crash
+ avutil/ppc/cpu: Also use the machdep.altivec sysctl on NetBSD
+ avutil/ppc/cpu: Use proper header for OpenBSD PPC CPU detection
+ lavd/v4l2: Use proper field type for second parameter of ioctl() with BSD's
+ configure: use pkg-config for sndio
+ fate/subtitles: Ignore line endings for sub-scc test
+ avformat/mxfdec: Check index_edit_rate
+ swscale/utils: Fix xInc overflow
+ avcodec/exr: Dont use 64bits to hold 6bits
+ avcodec/exr: Check for remaining bits in huf_unpack_enc_table()
+ avformat/mpegts: Reset local nb_prg on add_program() failure
+ avformat/mxfdec: Make edit_unit_byte_count unsigned
+ avformat/movenc: Check that cts fits in 32bit
+ avformat/mxfdec: Check first case of offset_temp computation for overflow
+ avfilter/vf_signature: Dont crash on no frames
+ avformat/westwood_vqa: Fix 2g packets
+ avformat/matroskadec: Check timescale
+ avformat/wavdec: satuarte next_tag_ofs, data_end
+ avformat/sbgdec: Check for negative duration
+ avformat/rpl: Use 64bit for total_audio_size and check it
+ avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate()
+ avformat/jacosubdec: Use 64bit for abs
+ avformat/concatdec: Check user_duration sum
+ avcodec/truemotion1: Height not being a multiple of 4 is unsupported
+ avcodec/hcadec: do not set hfr_group_count to invalid values
+ avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration()
+ avformat/jacosubdec: clarify code
+ avformat/cafdec: Check that data chunk end fits within 64bit
+ avformat/iff: Saturate avio_tell() + 12
+ avformat/dxa: Adjust order of operations around block align
+ avformat/cafdec: dont seek beyond 64bit
+ avformat/id3v2: read_uslt() check for the amount read
+ avcodec/proresenc_kostya: Remove bug similarity text
+ avcodec/vorbisdec: Check remaining data in vorbis_residue_decode_internal()
+ libswscale/utils: Fix bayer to yuvj
+ swscale/swscale: Check srcSliceH for bayer
+ swscale/utils: Allocate more dithererror
+ avcodec/indeo3: Round dimensions up in allocate_frame_buffers()
+ avutil/rational: Document what is to be expected from av_d2q() of doubles representing rational numbers
+ avfilter/signature_lookup: Do not dereference NULL pointers after malloc failure
+ avfilter/signature_lookup: dont leave uncleared pointers in sll_free()
+ avcodec/mpegvideo_enc: Use ptrdiff_t for stride
+ libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr.
+ avcodec/mpegvideo_enc: Dont copy beyond the image
+ avfilter/vf_minterpolate: Check pts before division
+ avformat/flacdec: Avoid double AVERRORS
+ avfilter/vf_vidstabdetect: Avoid double AVERRORS
+ avfilter/vf_swaprect: round coordinates down
+ avfilter/vf_swaprect: Use height for vertical variables
+ avfilter/vf_swaprect: assert that rectangles are within memory
+ avfilter/af_alimiter: Check nextpos before use
+ avfilter/af_stereowiden: Check length
+ avfilter/vf_weave: Fix odd height handling
+ avfilter/vf_gradfun: Do not overread last line
+ avformat/mov: do not set sign bit for chunk_offsets
+ avcodec/jpeglsdec: Check Jpeg-LS LSE
+ configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm
+ avformat/mov: Check if a key is longer than the atom containing it
+ avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer
+ avformat/mov: don't abort on duplicate Mastering Display Metadata boxes
+ avcodec/x86/mathops: clip constants used with shift instructions within inline assembly
+ avcodec/av1dec: fix matrix coefficients exposed by codec context
+ avcodec/nvdec: don't free NVDECContext->bitstream
+ avcodec/av1dec: Fix resolving zero divisor
+ avformat/mov: Ignore duplicate ftyp
+ avformat/mov: Fix integer overflow in mov_read_packet().
+ seek: Fix crashes in ff_seek_frame_binary if built with latest Clang 14
+ avcodec/4xm: Check for cfrm exhaustion
+ avformat/mov: Disallow FTYP after streams
+ doc/html: fix styling issue with Texinfo 7.0
+ doc/html: support texinfo 7.0
+ doc/t2h.pm: fix missing TOC with texinfo 6.8 and above
+ doc/t2h.pm: fix missing CSS with texinfo 6.8 and above
+ avformat/matroskadec: Fix declaration-after-statement warnings
+ avformat/rtsp: Use rtsp_st->stream_index
+ avcodec/jpeg2000dec: Check image offset
+ avformat/mxfdec: Check klv offset
+ libavutil/ppc/cpu.c: check that AT_HWCAP2 is defined
+ avcodec/h2645_parse: Avoid EAGAIN
+ avcodec/xvididct: Make c* unsigned to avoid undefined overflows
+ avformat/tmv: Check video chunk size
+ avcodec/h264_parser: saturate dts a bit
+ avformat/asfdec_f: Saturate presentation time in marker
+ avformat/xwma: sanity check bits_per_coded_sample
+ avformat/matroskadec: Check prebuffered_ns for overflow
+ avformat/wavdec: Check left avio_tell for overflow
+ avformat/tta: Better totalframes check
+ avformat/rpl: Check for number_of_chunks overflow
+ avformat/mov: compute absolute dts difference without overflow in mov_find_next_sample()
+ avformat/jacosubdec: Check timeres
+ avformat/jacosubdec: avoid signed integer overflows in get_shift()
+ avformat/jacosubdec: Factorize code in get_shift() a bit
+ avcodec/escape124: Do not return random numbers
+ avcodec/apedec: Fix an integer overflow in predictor_update_filter()
+ avformat/avs: Check if return code is representable
+ avcodec/lcldec: Make PNG filter addressing match the code afterwards
+ avformat/westwood_vqa: Check chunk size
+ avformat/sbgdec: Check for period overflow
+ avformat/concatdec: Check in/outpoint for overflow
+ avcodec/xvididct: Fix integer overflow in idct_row()
+ avcodec/celp_math: avoid overflow in shift
+ tools/target_dec_fuzzer: Adjust threshold for rtv1
+ avformat/hls: reduce default max reload to 3
+ avformat/format: Stop reading data at EOF during probing
+ avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure
+ avcodec/cscd: Fix "CamStudio Lossless Codec 1.0" gzip files
+ avcodec/cscd: Check for CamStudio Lossless Codec 1.0 behavior in end check of LZO files
+ avcodec/hevcdec: Fix undefined memcpy()
+ avcodec/mpeg4videodec: more unsigned in amv computation
+ avcodec/tta: fix signed overflow in decorrelate
+ avcodec/apedec: Fix 48khz 24bit below insane level
+ avcodec/apedec: Fix CRC for 24bps and bigendian
+ avcodec/xvididct: Fix integer overflow in idct_row()
+ avformat/avr: Check sample rate
+ avcodec/jpeg2000dec: Check for reduction factor and image offset
+ avutil/softfloat: Basic documentation for av_sincos_sf()
+ avutil/softfloat: fix av_sincos_sf()
+ avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()
+ avcodec/hevcdec: Avoid null pointer dereferences in MC
+ avcodec/takdsp: Fix integer overflows
+ avcodec: Ignoring errors is only possible before the input end
+ avcodec/noise_bsf: Check for wrapped frames
+ avformat/oggparsetheora: clip duration within 64bit
+ avformat/wavdec: Check that smv block fits in available space
+ avcodec/tiff: add a zero DNG_LINEARIZATION_TABLE check
+ avcodec/tak: Check remaining bits in ff_tak_decode_frame_header()
+ avcodec/sonic: Fix two undefined integer overflows
+ avcodec/utils: the IFF_ILBM implementation assumes that there are a multiple of 16 allocated
+ avcodec/exr: Cleanup befor return
+ avcodec/pngdec: Do not pass AVFrame into global header decode
+ avcodec/pngdec: remove AVFrame argument from decode_iccp_chunk()
+ avcodec/vorbisdec: Check codebook float values to be finite
+ avcodec/g2meet: Replace fake allocation avoidance for framebuf
+ avcodec/lcldec: More space for rgb24
+ avcodec/lcldec: Support 4:1:1 and 4:2:2 with odd width
+ libavcodec/lcldec: width and height should not be unsigned
+ avcodec/escape124: Check that blocks are allocated before use
+ avcodec/huffyuvdec: Fix undefined behavior with shift
+ avcodec/j2kenc: Replace RGB24 special case by generic test
+ avcodec/j2kenc: Replace BGR48 / GRAY16 test by test for number of bits
+ avcodec/j2kenc: simplify pixel format setup
+ avcodec/j2kenc: Fix funky bpno errors on decoding
+ avcodec/j2kenc: remove misleading pred value
+ avcodec/j2kenc: fix 5/3 DWT identifer
+ avcodec/vp3: Check width to avoid assertion failure
+ avcodec/g729postfilter: Limit shift in long term filter
+ avcodec/vdpau_mpeg4: fix order of quant matrix coefficients
+ avcodec/vdpau_mpeg12: fix order of quant matrix coefficients
+ avcodec/nvdec_mpeg4: fix order of quant matrix coefficients
+ avcodec/nvdec_mpeg2: fix order of quant matrix coefficients
+ avcodec/libsvtav1: remove compressed_ten_bit_format and simplify alloc_buffer
+ configure: account for openssl3 license change
+
+
+version 4.4.4:
+- avcodec/tests/snowenc: Fix 2nd test
+- avcodec/tests/snowenc: return a failure if DWT/IDWT mismatches
+- avcodec/snowenc: Fix visual weight calculation
+- avcodec/tests/snowenc: unbreak DWT tests
+- avcodec/vp3: Add missing check for av_malloc
+- avformat/nutdec: Add check for avformat_new_stream
+- avcodec/mpeg12dec: Check input size
+- avcodec/escape124: Fix some return codes
+- avcodec/escape124: fix signdness of end of input check
+- Use https for repository links
+- avcodec/rpzaenc: stop accessing out of bounds frame
+- avcodec/motionpixels: Mask pixels to valid values
+- avcodec/xpmdec: Check size before allocation to avoid truncation
+- avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane()
+- avcodec/bink: Fix off by 1 error in ref end
+- avcodec/utils: Ensure linesize for SVQ3
+- avcodec/utils: allocate a line more for VC1 and WMV3
+- avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things
+- avcodec/pngdec: Check deloco index more exactly
+- avcodec/ffv1dec: Check that num h/v slices is supported
+- avformat/mov: Check samplesize and offset to avoid integer overflow
+- avcodec/pictordec: Remove mid exit branch
+- avcodec/eac3dec: avoid float noise in fixed mode addition to overflow
+- avcodec/utils: use 32pixel alignment for bink
+- avcodec/scpr3: Check bx
+- avcodec/012v: Order operations for odd size handling
+- avcodec/eatgq: : Check index increments in tgq_decode_block()
+- avcodec/scpr: Test bx before use
+- avformat/mxfdec: Use 64bit in remainder
+- avcodec/sunrast: Fix maplength check
+- avcodec/wavpack: Avoid undefined shift in get_tail()
+- avcodec/wavpack: Check for end of input in wv_unpack_dsd_high()
+- avformat/id3v2: Check taglen in read_uslt()
+- avcodec/tiff: Ignore tile_count
+- avcodec/ffv1dec: restructure slice coordinate reading a bit
+- avcodec/mlpdec: Check max matrix instead of max channel in noise check
+- swscale/input: Use more unsigned intermediates
+- avcodec/alsdec: The minimal block is at least 7 bits
+- avformat/replaygain: avoid undefined / negative abs
+- swscale/output: Bias 16bps output calculations to improve non overflowing range
+- avcodec/speedhq: Check buf_size to be big enough for DC
+- avcodec/ffv1dec: Fail earlier if prior context is corrupted
+- avcodec/nvenc: fix b-frame DTS behavior with fractional framerates
+- avfilter/vf_untile: swap the chroma shift values used for plane offsets
+- avcodec/nvenc: fix vbv buffer size in cq mode
+- avcodec/mjpegenc: take into account component count when writing the SOF header size
+- swscale: aarch64: Fix yuv2rgb with negative stride
+
+version 4.4.3:
+- avformat/vividas: Check packet size
+- configure: link to libatomic when it's present
+- avcodec/dstdec: Check for overflow in build_filter()
+- avformat/spdifdec: Use 64bit to compute bit rate
+- avformat/rpl: Use 64bit for duration computation
+- avformat/xwma: Use av_rescale() for duration computation
+- avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation
+- avformat/sbgdec: Check ts_int in genrate_intervals
+- avformat/rmdec: check tag_size
+- avformat/nutdec: Check fields
+- avformat/flvdec: Use 64bit for sum_flv_tag_size
+- avformat/jacosubdec: Fix overflow in get_shift()
+- avformat/dxa: avoid bpc overflows
+- avformat/cafdec: Check that nb_frasmes fits within 64bit
+- avformat/asfdec_o: Limit packet offset
+- avformat/ape: Check frames size
+- avformat/icodec: Check nb_pal
+- avformat/aiffdec: Use 64bit for block_duration use
+- avformat/aiffdec: Check block_duration
+- avformat/mxfdec: only probe max run in
+- avformat/mxfdec: Check run_in is within 65536
+- avcodec/mjpegdec: Check for unsupported bayer case
+- avcodec/apedec: Fix integer overflow in filter_3800()
+- avcodec/tta: Check 24bit scaling for overflow
+- avcodec/mobiclip: Check quantizer for overflow
+- avcodec/exr: Check preview psize
+- avcodec/tiff: Fix loop detection
+- libavformat/hls: Free keys
+- avcodec/fmvc: Move frame allocation to a later stage
+- avfilter/vf_showinfo: remove backspaces
+- avcodec/speedhq: Check width
+- avcodec/bink: disallow odd positioned scaled blocks
+- avformat/asfdec_o: limit recursion depth in asf_read_unknown()
+- doc/git-howto.texi: Document commit signing
+- libavcodec/8bps: Check that line lengths fit within the buffer
+- avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer()
+- libavformat/iff: Check for overflow in body_end calculation
+- avformat/avidec: Prevent entity expansion attacks
+- avcodec/h263dec: Sanity check against minimal I/P frame size
+- avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel
+- avcodec/mpegaudiodec_template: use unsigned shift in handle_crc()
+- avformat/subviewerdec: Make read_ts() more flexible
+- avcodec/mjpegdec: bayer and rct are incompatible
+- MAINTAINERS: Add ED25519 key for signing my commits in the future
+- avcodec/hevc_filter: copy_CTB() only within width&height
+- avcodec/tiff: Check tile_length and tile_width
+- avcodec/mss4: Check image size with av_image_check_size2()
+- avformat/flvdec: Check for EOF in index reading
+- avformat/nutdec: Check get_packetheader() in mainheader
+- avformat/asfdec_f: Use 64bit for packet start time
+- avcodec/exr: Check x/ysize
+- tools/target_dec_fuzzer: Adjust threshold for MMVIDEO
+- avcodec/lagarith: Check dst/src in zero run code
+- avcodec/h264dec: Skip late SEI
+- avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()
+- avfilter/vf_signature: Fix integer overflow in filter_frame()
+- avformat/rtsp: break on unknown protocols
+- avcodec/hevcdsp_template: stay within tables in sao_band_filter()
+- avcodec/tiff: Check pixel format types for dng
+- avcodec/qpeldsp: copy less for the mc0x cases
+- avformat/aaxdec: Check for empty segments
+- avcodec/ffv1dec: Limit golomb rice coded slices to width 8M
+- avformat/iff: simplify duration calculation
+- avcodec/wnv1: Check for width =1
+- avcodec/ffv1dec_template: fix indention
+- avformat/sctp: close socket on errors
+- avcodec/aasc: Fix indention
+- avcodec/qdrw: adjust max colors to array size
+- avcodec/alacdsp: Make intermediates unsigned
+- avformat/aiffdec: cleanup size handling for extreem cases
+- avformat/matroskadec: avoid integer overflows in SAR computation
+- avcodec/jpeglsdec: fix end check for xfrm
+- avcodec/cdgraphics: limit scrolling to the line
+- avformat/hls: Limit start_seq_no to one bit less
+- avformat/aiffdec: avoid integer overflow in get_meta()
+- avformat/ape: more bits in size for less overflows
+- avformat/aviobuf: Check buf_size in ffio_ensure_seekback()
+- avformat/bfi: Check offsets better
+- avformat/asfdec_f: Check packet_frag_timestamp
+- avcodec/texturedspenc: Fix indexing in color distribution determination
+- avformat/act: Check ff_get_wav_header() for failure
+- avcodec/libxavs2: Improve r redundancy in occured
+- avformat/libzmq: Improve r redundancy in occured
+- avfilter/vsrc_mandelbrot: Check for malloc failure
+- avfilter/vf_frei0r: Copy to frame allocated according to frei0r requirements
+- avfilter/video: Add ff_default_get_video_buffer2() to set specific alignment
+- avformat/genh: Check sample rate
+- configure: bump year
+- lavc/videotoolbox: do not pass AVCodecContext to decoder output callback
+- lavc/pthread_frame: always transfer stashed hwaccel state
+- avcodec/arm/sbcenc: avoid callee preserved vfp registers
+- avfilter/vf_scale: overwrite the width and height expressions with the original values
+- lavc/pthread_frame: avoid leaving stale hwaccel state in worker threads
+- configure: extend SDL check to accept all 2.x versions
+- lavf/tls_mbedtls: add support for mbedtls version 3
+
+version 4.4.2:
+- fate: update reference files after the recent dash manifest muxer changes
+- avformat/webmdashenc: fix on-demand profile string
+- Update for FFmpeg 4.4.2
+- avcodec/exr: Avoid signed overflow in displayWindow
+- avcodec/diracdec: avoid signed integer overflow in global mv
+- avcodec/takdsp: Fix integer overflow in decorrelate_sf()
+- avcodec/apedec: fix a integer overflow in long_filter_high_3800()
+- avfilter/vf_subtitles: pass storage size to libass
+- avformat/aqtitledec: Skip unrepresentable durations
+- avformat/cafdec: Do not store empty keys in read_info_chunk()
+- avformat/mxfdec: Do not clear array in mxf_read_strong_ref_array() before writing
+- avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()
+- avformat/mxfdec: Check count in mxf_read_strong_ref_array()
+- avformat/hls: Check target_duration
+- avcodec/pixlet: Avoid signed integer overflow in scaling in filterfn()
+- avformat/matroskadec: Check pre_ns
+- avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior
+- avcodec/libuavs3d: Check ff_set_dimensions() for failure
+- avcodec/mjpegbdec: Set buf_size
+- avformat/matroskadec: Use rounded down duration in get_cue_desc() check
+- avcodec/argo: Check packet size
+- avcodec/g729_parser: Check channels
+- avformat/avidec: Check height
+- avformat/rmdec: Better duplicate tags check
+- avformat/mov: Disallow empty sidx
+- avformat/argo_asf: Fix order of operations in error check in argo_asf_write_trailer()
+- avformat/matroskadec: Check duration
+- avformat/mov: Corner case encryption error cleanup in mov_read_senc()
+- avcodec/jpeglsdec: Fix if( code style
+- avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error
+- avcodec/motion_est: fix indention of ff_get_best_fcode()
+- avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()
+- avformat/hls: Use unsigned for iv computation
+- avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned
+- avformat/matroskadec: Check desc_bytes
+- avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()
+- avformat/matroskadec: Fix infinite loop with bz decompression
+- avformat/mov: Check size before subtraction
+- avcodec/cfhd: Avoid signed integer overflow in coeff
+- avcodec/apedec: Fix integer overflows in predictor_update_3930()
+- avcodec/apedec: fix integer overflow in 8bit samples
+- avformat/flvdec: timestamps cannot use the full int64 range
+- avcodec/tiff: Remove messing with jpeg context
+- avcodec/tiff: Use ff_set_dimensions() for setting up mjpeg context dimensions
+- avcodec/tiff: Pass max_pixels to mjpeg context
+- avcodec/vqavideo: reset accounting on error
+- avcodec/alacdsp: fix integer overflow in decorrelate_stereo()
+- avformat/4xm: Check for duplicate track ids
+- avformat/4xm: Consider max_streams on reallocating tracks array
+- avformat/mov: Check next offset in mov_read_dref()
+- avformat/vivo: Favor setting fps from explicit fractions
+- avformat/vivo: Do not use the general expression evaluator for parsing a floating point value
+- avformat/mxfdec: Check for duplicate mxf_read_index_entry_array()
+- avcodec/apedec: Change avg to uint32_t
+- avformat/mxfdec: Check component_depth in mxf_get_color_range()
+- avformat/mov: Disallow duplicate smdm
+- avformat/mov: Check for EOF in mov_read_glbl()
+- avcodec/vp3: Check version in all cases when VP4 code is not built
+- avformat/mov: Check channels for mov_parse_stsd_audio()
+- avformat/avidec: Check read_odml_index() for failure
+- avformat/aiffdec: Use av_rescale() for bitrate
+- avformat/aiffdec: sanity check block_align
+- avformat/aiffdec: Check sample_rate
+- avcodec/libdav1d: free the Dav1dData packet on dav1d_send_data() failure
+- avcodec/zmbvenc: Fix memleak upon init error
+- avcodec/dnxhdenc: Fix segfault when using too many slice threads
+- avcodec/wma(dec|enc): Fix memleaks upon allocation error
+- avfilter/avfilter: Actually error out on init error
+- avcodec/opus_silk: Remove wrong size information in function declaration
+- avformat/omadec: Don't output uninitialized values
+- avformat/jacosubenc: Fix writing extradata
+- avformat/cafenc: Fix memleak when trailer is never written
+- avformat/cafenc: Don't segfault upon allocation error
+- avformat/cafenc: Fix potential integer overflow
+- avformat/movenc: Limit ism_lookahead to a sane value
+- avutil/utils: Remove racy check from avutil_version()
+- avformat/sccdec: Don't use uninitialized data, fix crash, simplify logic
+- avformat/subtitles: Honour ff_subtitles_read_line() documentation
+- avformat/tee: Fix leak of FIFO-options dictionary
+- avformat/tee: Fix leak of strings
+- avcodec/rasc: Fix potential use of uninitialized value
+- avfilter/vf_w3fdif: Fix segfault on allocation error
+- avfilter/af_surround: Fix memleaks upon allocation error
+- avfilter/af_vibrato: Fix segfault upon allocation error
+- avfilter/aeval: Fix leak of expressions upon reallocation error
+- avdevice/xv: Increase array size
+- avfilter/asrc_flite: Fix use-after-frees
+- avfilter/asrc_flite: Don't segfault when using list_voices option
+- Revert "avfilter/vf_idet: reduce noisyness if the filter has been auto inserted"
+- avformat/matroskadec: Don't unnecessarily reduce aspect ratio
+- avcodec/h263: Fix global-buffer-overflow with noout flag2 set
+- avcodec/vaapi_encode: Fix segfault upon closing uninitialized encoder
+- avcodec/movtextenc: Fix infinite loop due to variable truncation
+- avcodec/libopenh264dec: Increase array sizes, fix stack-buffer overread
+- avcodec/libkvazaar: Increase array size
+- avformat/aadec: Don't use the same loop counter in inner and outer loop
+- avformat/moflex: Don't use uninitialized timebase for data stream
+- lavf/udp: do not return an uninitialized value from udp_open()
+- avcodec/nvenc: zero-initialize NV_ENC_REGISTER_RESOURCE struct
+- configure: Add missing libshine->mpegaudioheader dependency
+- avcodec/Makefile: Add missing entry for ADPCM_IMA_AMV_ENCODER
+- avcodec/Makefile: Only compile nvenc.o if needed
+- avcodec/av1_vaapi: improve decode quality
+- avcodec/av1_vaapi: enable segmentation features
+- avcodec/av1_vaapi: setting 2 output surface for film grain
+- avcodec/vaapi: increase av1 decode pool size
+- avcodec/dxva2_av1: fix global motion params
+- avcodec/av1_vaapi: add gm params valid check
+- avcodec/av1dec: support setup shear process
+- avcodec/av1: extend some definitions in spec section 3
+- cbs_av1: fix incorrect data type
+- avcodec/libdav1d: let libdav1d choose optimal max frame delay
+- avcodec/libdav1d: pass auto threads value to libdav1d
+
+version 4.4.1:
+- avcodec/flac_parser: Consider AV_INPUT_BUFFER_PADDING_SIZE
+- avcodec/ttadsp: Fix integer overflows in tta_filter_process_c()
+- avutil/mathematics: Document av_rescale_rnd() behavior on non int64 results
+- avcodec/utils: Ensure 8x8 alignment for ARGO in avcodec_align_dimensions2()
+- avformat/matroskadec: Reset state also on failure in matroska_reset_status()
+- avformat/wavdec: Check smv_block_size
+- avformat/rmdec: Check for multiple audio_stream_info
+- avcodec/apedec: Use 64bit to avoid overflow
+- avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()
+- oavformat/avidec: Check offset in odml
+- avformat/mpegts: use actually read packet size in mpegts_resync special case
+- fftools/ffmpeg: Fix crash when flushing non-fully setup output stream
+- avfilter/scale_npp: fix non-aligned output frame dimensions
+- Revert "avformat/hlsenc: compute video_keyframe_size after write keyframe"
+- Changelog: update
+- swscale/alphablend: Fix slice handling
+- avcodec/apedec: Fix integer overflow in filter_fast_3320()
+- avformat/mov: Fix last mfra check
+- avcodec/mxpegdec: Check for AVDISCARD_ALL
+- avcodec/flicvideo: Check remaining bytes in FLI*COPY
+- avcodec/utils: ARGO writes 4x4 blocks without regard to the image dimensions
+- avcodec/cbs_h265_syntax_template: Limit sps_num_palette_predictor_initializer_minus1 to 127
+- avcodec/snowdec: Maintain avmv buffer
+- avcodec/mpeg12dec: Do not put mpeg_f_code into an invalid state on error return
+- avcodec/mpegvideo_enc: Limit bitrate tolerance to the representable
+- avcodec/apedec: Fix integer overflow in intermediate
+- avformat/mvdec: Do not set invalid sample rate
+- avformat/sbgdec: Check for t0 overflow in expand_tseq()
+- avformat/rmdec: Use 64bit for intermediate for DEINT_ID_INT4
+- avformat/sbgdec: Check opt_duration and start for overflow
+- avcodec/exr: Fix undefined integer multiplication
+- avformat/mov: Check for duplicate clli
+- avformat/utils: Ignore negative duration in codec_info_duration computation
+- avformat/jacosubdec: Check for min in t overflow in get_shift()
+- avformat/mxfdec: check channel number in mxf_get_d10_aes3_packet()
+- (origin/release/4.4) avcodec/wmadec: handle run_level_decode error
+- avcodec/wma: Return specific error code
+- avcodec/dxva2_av1: fix superres_denom parameter
+- avcodec/libdav1d: fix compilation after recent libdav1d API changes
+- Changelog: update
+- avcodec/utils: don't return negative values in av_get_audio_frame_duration()
+- avcodec/jpeg2000dec: Check that atom header is within bytsetream
+- avcodec/apedec: Fix 2 integer overflows in filter_3800()
+- avcodec/xpmdec: Move allocations down after more error checks
+- avcodec/argo: Move U, fix shift
+- avformat/mov: Check dts for overflow in mov_read_trun()
+- avformat/avidec: Use 64bit for frame number in odml index parsing
+- avcodec/mjpegbdec: Skip SOS on AVDISCARD_ALL as does mjpeg
+- avcodec/mjpegdec: Check for bits left in mjpeg_decode_scan_progressive_ac()
+- avformat/adtsenc: return value check for init_get_bits in adts_decode_extradata
+- avcodec/webp: Check available space in loop in decode_entropy_coded_image()
+- avcodec/h264dec: use picture parameters in ff_print_debug_info2()
+- avcodec/vc1dec: ff_print_debug_info() does not support WMV3 field_mode
+- avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init
+- avcodec/faxcompr: Check for end of input in cmode == 1 in decode_group3_2d_line()
+- avcodec/vc1dec: Disable error concealment for *IMAGE
+- avcodec/sbrdsp_fixed: Fix negation overflow in sbr_neg_odd_64_c()
+- avcodec/argo: Check for even dimensions
+- avformat/wtvdec: Check for EOF before seeking back in parse_media_type()
+- avformat/mpc8: Check first keyframe position for overflow
+- avcodec/exr: Check ac_count
+- avformat/wavdec: Use 64bit in new_pos computation
+- avformat/sbgdec: Check for overflow in timestamp preparation
+- avformat/dsicin: Check packet size for overflow
+- avformat/dsfdec: Change order of operations in bitrate computation
+- avformat/bfi: check nframes
+- avformat/avidec: fix position overflow in avi_load_index()
+- avformat/asfdec_f: Check sizeX against padding
+- avformat/aiffdec: Check for size overflow in header parsing
+- avcodec/aaccoder: Add minimal bias in search_for_ms()
+- avformat/mov: Fix incorrect overflow detection in mov_read_sidx()
+- avformat/mov: Avoid undefined overflow in time_offset calculation
+- avfilter/af_drmeter: Check that there is data
+- avfilter/vf_fftdnoiz: Use lrintf() in export_row8()
+- avfilter/vf_mestimate: Check b_count
+- avformat/mov: do not ignore errors in mov_metadata_hmmt()
+- avformat/mxfdec: Check size for shrinking
+- avcodec/dnxhddec: check and propagate function return value
+- swscale/slice: Fix wrong return on error
+- avcodec/aacdec_template: Avoid some invalid values to be set by decode_audio_specific_config_gb()
+- swscale/slice: Check slice for allocation failure
+- avformat/matroskadec: Fix handling of huge default durations
+- avcodec/lpc: check for zero err in normalization in compute_lpc_coefs()
+- avcodec/j2kenc: Check for av_strtok() failure
+- avformat/ftp: Check for av_strtok() failure
+- tools/cws2fws: Check read() for failure
+- avcodec/cpia: Fix missing src_size update
+- avcodec/exr: Better size checks
+- avcodec/clearvideo: Check tile_size to be not too large
+- avcodec/utils: Use 64bit for intermediate in AV_CODEC_ID_ADPCM_THP* duration calculation
+- avformat/aaxdec: Check avio_seek() in header reading
+- avcodec/hevc_sei: Use get_bits_long() for time_offset_value
+- avformat/rmdec: Check old_format len for overflow
+- avformat/realtextdec: Check the pts difference before using it for the duration computation
+- avformat/qcp: Avoid negative nb_rates
+- avformat/pp_bnk: Use 64bit in bitrate computation
+- avformat/nutdec: Check tmp_size
+- avformat/msf: Check that channels doesnt overflow during extradata construction
+- avformat/subtitles: Check pts difference before use
+- avformat/mpc8: Check for position overflow in mpc8_handle_chunk()
+- avformat/mccdec: Fix overflows in num/den
+- avformat/iff: Use 64bit in duration computation
+- avformat/dxa: Check fps to be within the supported range more precissely
+- avcodec/iff: Only write palette to plane 1 if its PAL8
+- avformat/tta: Check for EOF in index reading loop
+- avfilter/vf_scale: set the RGB matrix coefficients in case of RGB
+- avfilter/vf_scale: reset color matrix in case of identity & non-RGB
+- ffmpeg: fix order between field order autodetection and override
+- avcodec/h264_slice: clear old slice POC values on parsing failure
+- avfilter/f_metadata: do not return the frame early if there is no metadata
+- ffbuild: Avoid using the --preprocessor argument to windres
+- avcodec/crystalhd: signal that the decoder sets all output frame properties
+- avcodec/cuviddec: signal that the decoder sets all output frame properties
+- avcodec/decode: reindent after the previous commit
+- avcodec/decode: add an internal codec flag to signal a decoder sets all output frame properties
+- avcodec/decode: fetch packets from the pkt_props FIFO on every frame returned
+- Update missed irc links
+- avformat/rpl: The associative law doesnt hold for signed integers in C
+- avcodec/faxcompr: Check available bits in decode_uncompressed()
+- avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
+- avformat/utils: Avoid overflow in codec_info_duration computation for subtitles
+- avformat/utils: check dts/duration to be representable before using them
+- avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
+- avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
+- avformat/mov: Check for duplicate mdcv
+- avfilter/vf_dctdnoiz: Check threads
+- avfilter/vf_ciescope: Fix undefined behavior in rgb_to_xy() with black
+- avcodec/dpx: fix off by 1 in bits_per_color check
+- avformat/rpl: Check for EOF and zero framesize
+- avcodec/vc2enc: Check for non negative slice bounds
+- avformat/rpl: Use 64bit in bitrate computation and check it
+- avcodec/mpegvideo_enc: Reset stuffing bits if they are not supported
+- avcodec/svq1enc: Do not print debug RD value before it has been computed
+- avcodec/aacpsy: Check bandwidth
+- avcodec/aacenc: Do not divide by lambda_count if it is 0
+- avcodec/aacenc: Use FLT_EPSILON for lambda minimum
+- avfilter/vf_yadif: Fix handing of tiny images
+- avfilter/vf_vmafmotion: Check dimensions
+- avformat/movenc: Check pal_size before use
+- avcodec/lpc: Avoid floating point division by 0
+- avcodec/aacpsy: Avoid floating point division by 0 of norm_fac
+- avcodec/aacenc: Avoid 0 lambda
+- avcodec/exr: More strictly check dc_count
+- avcodec/exr: x/ymax cannot be INT_MAX
+- avformat/avio: Check av_opt_copy() for failure
+- avformat/moflex: Remove unneeded format variable
+- avformat/fifo: check for flushed packets and timeshift
+- avcodec/clearvideo: Check for 0 tile_shift
+- avcodec/vc1: Check remaining bits in ff_vc1_parse_frame_header()
+- avformat/mov: Ignore duplicate CoLL
+- avformat/mov: Limit nb_chapter_tracks to input size
+- avformat/utils: Use 64bit earlier in r_frame_rate check
+- avcodec/alsdec: Fix decoding error with mono audio files
+- avformat/mvdec: Check sample rate in parse_audio_var()
+- avcodec/faxcompr: Check for end of bitstream in decode_group3_1d_line() and decode_group3_2d_line()
+- avcodec/utils: treat PAL8 for jpegs similar to other colorspaces
+- avcodec/jpeglsdec: Set alpha plane in PAL8 so image is not 100% transparent
+- avformat/asfdec_o: Use ff_get_extradata()
+- avformat/id3v2: Check end for overflow in id3v2_parse()
+- avformat/mxfdec: Fix file position addition
+- avformat/wtvdec: Improve size overflow checks in parse_chunks()
+- avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()
+- avformat/mov: check for pts overflow in mov_read_sidx()
+- avcodec/utils: Check ima wav duration for overflow
+- avcodec/rv10: Execute whole size check earlier for rv20
+- avformat/cafdec: Check channels
+- avcodec/exr: increase vlc depth
+- avcodec/dpx: Check bits_per_color earlier
+- avformat/mvi: Check audio_data_size to be non negative
+- avcodec/nvenc: disable s12m timestamps by default
+- aarch64: hevc_idct: Fix overflows in idct_dc
+- avcodec/vaapi_av1: pass full buffer size for each tile
+- avcodec/videotoolboxenc: #define TARGET_CPU_ARM64 to 0 if not provided by the SDK
+- lavc/pngdec: fix updating reference frames for APNG_DISPOSE_OP_BACKGROUND
+- ffmpeg: return no chosen output if an uninitialized stream is unavailable
+- avcodec/h263, h263data: Move ff_h263_init_rl_inter to h263.c
+- configure: Add missing mpegvideo dependency for IPU decoder
+- avcodec/ttmlenc: Don't confuse capabilities and caps_internal
+- avformat/mpegts: add missing sample_rate value to Opus extradata
+- avformat/movenc: fix writing dOps atoms
+- avcodec/av1_metadata: don't store the inserted TD OBU in stack
+- avcodec/nellymoserenc: Fix segfault when using unsupported channels/rate
+- avutil/cpu: Use HW_NCPUONLINE to detect # of online CPUs with OpenBSD
+- avcodec/nvenc: fix lossless tuning logic
+- avfilter/overlay_cuda: check av_buffer_ref result
+- avfilter/overlay_cuda: hold explicit reference to hw_device_ctx
+- avformat/matroskaenc: Fix leak when writing attachment without filename
+
+version 4.4:
 - AudioToolbox output device
 - MacCaption demuxer
 - PGX decoder

INSTALL.md

@@ -15,3 +15,11 @@ NOTICE
 ------
 
  - Non system dependencies (e.g. libx264, libvpx) are disabled by default.
+
+NOTICE for Package Maintainers
+------------------------------
+
+ - It is recommended to build FFmpeg twice, first with minimal external dependencies so
+   that 3rd party packages, which depend on FFmpegs libavutil/libavfilter/libavcodec/libavformat
+   can then be built. And last build FFmpeg with full dependancies (which may in turn depend on
+   some of these 3rd party packages). This avoids circular dependencies during build.

MAINTAINERS

@@ -583,10 +583,12 @@ wm4
 Releases
 ========
 
+7.0                                     Michael Niedermayer
+6.1                                     Michael Niedermayer
+5.1                                     Michael Niedermayer
+4.4                                     Michael Niedermayer
+3.4                                     Michael Niedermayer
 2.8                                     Michael Niedermayer
-2.7                                     Michael Niedermayer
-2.6                                     Michael Niedermayer
-2.5                                     Michael Niedermayer
 
 If you want to maintain an older release, please contact us
 
@@ -615,6 +617,7 @@ Jean Delvare                  7CA6 9F44 60F1 BDC4 1FD2 C858 A552 6B9B B3CD 4E6A
 Loren Merritt                 ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE
 Lynne                         FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464
 Michael Niedermayer           9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB
+                              DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64
 Nicolas George                24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93
 Nikolay Aleksandrov           8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1
 Panagiotis Issaris            6571 13A3 33D9 3726 F728 AA98 F643 B12E ECF3 E029

RELEASE

@@ -1 +1 @@
-4.4.git
+4.4.6

RELEASE_NOTES

@@ -0,0 +1,15 @@
+
+              ┌────────────────────────────────────┐
+              │ RELEASE NOTES for FFmpeg 4.4 "Rao" │
+              └────────────────────────────────────┘
+
+   The FFmpeg Project proudly presents FFmpeg 4.4 "Rao", about 10
+   months after the release of FFmpeg 4.3.
+
+   A complete Changelog is available at the root of the project, and the
+   complete Git history on https://git.ffmpeg.org/gitweb/ffmpeg.git
+
+   We hope you will like this release as much as we enjoyed working on it, and
+   as usual, if you have any questions about it, or any FFmpeg related topic,
+   feel free to join us on the #ffmpeg IRC channel (on irc.libera.chat) or ask
+   on the mailing-lists.

configure

@@ -416,7 +416,9 @@ Advanced options (experts only):
   --enable-hardcoded-tables use hardcoded tables instead of runtime generation
   --disable-safe-bitstream-reader
                            disable buffer boundary checking in bitreaders
-                           (faster, but may crash)
+                           (This disables some security checks and can cause undefined behavior,
+                            crashes and arbitrary code execution, it may be faster, but
+                            should only be used with trusted input)
   --sws-max-filter-size=N  the max filter size swscale uses [$sws_max_filter_size_default]
 
 Optimization options (experts only):
@@ -536,7 +538,7 @@ die(){
 
 If you think configure made a mistake, make sure you are using the latest
 version from Git.  If the latest version fails, report the problem to the
-ffmpeg-user@ffmpeg.org mailing list or IRC #ffmpeg on irc.freenode.net.
+ffmpeg-user@ffmpeg.org mailing list or IRC #ffmpeg on irc.libera.chat.
 EOF
     if disabled logging; then
         cat <<EOF
@@ -1735,7 +1737,6 @@ EXTERNAL_LIBRARY_GPL_LIST="
 EXTERNAL_LIBRARY_NONFREE_LIST="
     decklink
     libfdk_aac
-    openssl
     libtls
 "
 
@@ -1827,6 +1828,7 @@ EXTERNAL_LIBRARY_LIST="
     mediacodec
     openal
     opengl
+    openssl
     pocketsphinx
     vapoursynth
 "
@@ -2060,6 +2062,7 @@ ARCH_EXT_LIST_PPC="
     ldbrx
     power8
     ppc4xx
+    vec_xl
     vsx
 "
 
@@ -2340,6 +2343,7 @@ HAVE_LIST="
     opencl_vaapi_intel_media
     perl
     pod2man
+    posix_ioctl
     texi2html
 "
 
@@ -2549,6 +2553,7 @@ altivec_deps="ppc"
 dcbzl_deps="ppc"
 ldbrx_deps="ppc"
 ppc4xx_deps="ppc"
+vec_xl_deps="altivec"
 vsx_deps="altivec"
 power8_deps="vsx"
 
@@ -2761,6 +2766,7 @@ indeo3_decoder_select="hpeldsp"
 indeo4_decoder_select="ividsp"
 indeo5_decoder_select="ividsp"
 interplay_video_decoder_select="hpeldsp"
+ipu_decoder_select="mpegvideo"
 jpegls_decoder_select="mjpeg_decoder"
 jv_decoder_select="blockdsp"
 lagarith_decoder_select="llviddsp"
@@ -3267,7 +3273,7 @@ librav1e_encoder_deps="librav1e"
 librav1e_encoder_select="extract_extradata_bsf"
 librsvg_decoder_deps="librsvg"
 libshine_encoder_deps="libshine"
-libshine_encoder_select="audio_frame_queue"
+libshine_encoder_select="audio_frame_queue mpegaudioheader"
 libspeex_decoder_deps="libspeex"
 libspeex_encoder_deps="libspeex"
 libspeex_encoder_select="audio_frame_queue"
@@ -3364,6 +3370,7 @@ opus_muxer_select="ogg_muxer"
 psp_muxer_select="mov_muxer"
 rtp_demuxer_select="sdp_demuxer"
 rtp_muxer_select="golomb jpegtables"
+rtp_mpegts_muxer_select="mpegts_muxer rtp_muxer"
 rtpdec_select="asf_demuxer jpegtables mov_demuxer mpegts_demuxer rm_demuxer rtp_protocol srtp"
 rtsp_demuxer_select="http_protocol rtpdec"
 rtsp_muxer_select="rtp_muxer http_protocol rtp_protocol rtpenc_chain"
@@ -3704,23 +3711,23 @@ cws2fws_extralibs="zlib_extralibs"
 
 # libraries, in any order
 avcodec_deps="avutil"
-avcodec_suggest="libm"
+avcodec_suggest="libm stdatomic"
 avcodec_select="null_bsf"
 avdevice_deps="avformat avcodec avutil"
-avdevice_suggest="libm"
+avdevice_suggest="libm stdatomic"
 avfilter_deps="avutil"
-avfilter_suggest="libm"
+avfilter_suggest="libm stdatomic"
 avformat_deps="avcodec avutil"
-avformat_suggest="libm network zlib"
+avformat_suggest="libm network zlib stdatomic"
 avresample_deps="avutil"
 avresample_suggest="libm"
-avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt"
+avutil_suggest="clock_gettime ffnvcodec libm libdrm libmfx opencl user32 vaapi vulkan videotoolbox corefoundation corevideo coremedia bcrypt stdatomic"
 postproc_deps="avutil gpl"
-postproc_suggest="libm"
+postproc_suggest="libm stdatomic"
 swresample_deps="avutil"
-swresample_suggest="libm libsoxr"
+swresample_suggest="libm libsoxr stdatomic"
 swscale_deps="avutil"
-swscale_suggest="libm"
+swscale_suggest="libm stdatomic"
 
 avcodec_extralibs="pthreads_extralibs iconv_extralibs dxva2_extralibs"
 avfilter_extralibs="pthreads_extralibs"
@@ -5367,6 +5374,7 @@ case $target_os in
         ;;
     netbsd)
         disable symver
+        enable section_data_rel_ro
         oss_indev_extralibs="-lossaudio"
         oss_outdev_extralibs="-lossaudio"
         enabled gcc || check_ldflags -Wl,-zmuldefs
@@ -5385,6 +5393,7 @@ case $target_os in
         disable symver
         ;;
     freebsd)
+        enable section_data_rel_ro
         ;;
     bsd/os)
         add_extralibs -lpoll -lgnugetopt
@@ -5961,6 +5970,11 @@ elif enabled ppc; then
         check_cpp_condition power8 "altivec.h" "defined(_ARCH_PWR8)"
     fi
 
+    if enabled altivec; then
+        check_cc vec_xl altivec.h "const unsigned char *y1i = { 0 };
+                                   vector unsigned char y0 = vec_xl(0, y1i);"
+    fi
+
 elif enabled x86; then
 
     check_builtin rdtsc    intrin.h   "__rdtsc()"
@@ -6184,7 +6198,14 @@ check_headers asm/types.h
 # it seems there are versions of clang in some distros that try to use the
 # gcc headers, which explodes for stdatomic
 # so we also check that atomics actually work here
-check_builtin stdatomic stdatomic.h "atomic_int foo, bar = ATOMIC_VAR_INIT(-1); atomic_store(&foo, 0); foo += bar"
+#
+# some configurations also require linking to libatomic, so try
+# both with -latomic and without
+for LATOMIC in "-latomic" ""; do
+    check_builtin stdatomic stdatomic.h                                                 \
+        "atomic_int foo, bar = ATOMIC_VAR_INIT(-1); atomic_store(&foo, 0); foo += bar"  \
+        $LATOMIC && eval stdatomic_extralibs="\$LATOMIC" && break
+done
 
 check_lib advapi32 "windows.h"            RegCloseKey          -ladvapi32
 check_lib bcrypt   "windows.h bcrypt.h"   BCryptGenRandom      -lbcrypt &&
@@ -6522,7 +6543,10 @@ enabled omx_rpi           && { test_code cc OMX_Core.h OMX_IndexConfigBrcmVideoR
                                die "ERROR: OpenMAX IL headers from raspberrypi/firmware not found"; } &&
                              enable omx
 enabled omx               && require_headers OMX_Core.h
-enabled openssl           && { check_pkg_config openssl openssl openssl/ssl.h OPENSSL_init_ssl ||
+enabled openssl           && { { check_pkg_config openssl "openssl >= 3.0.0" openssl/ssl.h OPENSSL_init_ssl &&
+                                 { enabled gplv3 || ! enabled gpl || enabled nonfree || die "ERROR: OpenSSL >=3.0.0 requires --enable-version3"; }; } ||
+                               { enabled gpl && ! enabled nonfree && die "ERROR: OpenSSL <3.0.0 is incompatible with the gpl"; } ||
+                               check_pkg_config openssl openssl openssl/ssl.h OPENSSL_init_ssl ||
                                check_pkg_config openssl openssl openssl/ssl.h SSL_library_init ||
                                check_lib openssl openssl/ssl.h OPENSSL_init_ssl -lssl -lcrypto ||
                                check_lib openssl openssl/ssl.h SSL_library_init -lssl -lcrypto ||
@@ -6553,7 +6577,7 @@ fi
 
 if enabled sdl2; then
     SDL2_CONFIG="${cross_prefix}sdl2-config"
-    test_pkg_config sdl2 "sdl2 >= 2.0.1 sdl2 < 2.1.0" SDL_events.h SDL_PollEvent
+    test_pkg_config sdl2 "sdl2 >= 2.0.1 sdl2 < 3.0.0" SDL_events.h SDL_PollEvent
     if disabled sdl2 && "${SDL2_CONFIG}" --version > /dev/null 2>&1; then
         sdl2_cflags=$("${SDL2_CONFIG}" --cflags)
         sdl2_extralibs=$("${SDL2_CONFIG}" --libs)
@@ -6597,13 +6621,15 @@ enabled makeinfo \
 disabled makeinfo_html && texi2html --help 2> /dev/null | grep -q 'init-file' && enable texi2html || disable texi2html
 perl -v            > /dev/null 2>&1 && enable perl      || disable perl
 pod2man --help     > /dev/null 2>&1 && enable pod2man   || disable pod2man
-rsync --help 2> /dev/null | grep -q 'contimeout' && enable rsync_contimeout || disable rsync_contimeout
+rsync --help 2> /dev/null | grep -q 'contimeout=' && enable rsync_contimeout || disable rsync_contimeout
+
+check_headers linux/fb.h
+check_headers linux/videodev2.h
+test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete
+test_code cc sys/ioctl.h "int ioctl(int, int, ...)" && enable posix_ioctl
 
 # check V4L2 codecs available in the API
 if enabled v4l2_m2m; then
-    check_headers linux/fb.h
-    check_headers linux/videodev2.h
-    test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete
     check_cc v4l2_m2m linux/videodev2.h "int i = V4L2_CAP_VIDEO_M2M_MPLANE | V4L2_CAP_VIDEO_M2M | V4L2_BUF_FLAG_LAST;"
     check_cc vc1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_VC1_ANNEX_G;"
     check_cc mpeg1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_MPEG1;"
@@ -6648,7 +6674,7 @@ enabled alsa && { check_pkg_config alsa alsa "alsa/asoundlib.h" snd_pcm_htimesta
 enabled libjack &&
     require_pkg_config libjack jack jack/jack.h jack_port_get_latency_range
 
-enabled sndio && check_lib sndio sndio.h sio_open -lsndio
+enabled sndio && check_pkg_config sndio sndio sndio.h sio_open
 
 if enabled libcdio; then
     check_pkg_config libcdio libcdio_paranoia "cdio/cdda.h cdio/paranoia.h" cdio_cddap_open ||
@@ -6749,7 +6775,7 @@ enabled vulkan &&
 
 if enabled x86; then
     case $target_os in
-        mingw32*|mingw64*|win32|win64|linux|cygwin*)
+        freebsd|mingw32*|mingw64*|win32|win64|linux|cygwin*)
             ;;
         *)
             disable ffnvcodec cuvid nvdec nvenc
@@ -7348,6 +7374,7 @@ if enabled ppc; then
     echo "POWER8 enabled            ${power8-no}"
     echo "PPC 4xx optimizations     ${ppc4xx-no}"
     echo "dcbzl available           ${dcbzl-no}"
+    echo "vec_xl available          ${vec_xl-no}"
 fi
 echo "debug symbols             ${debug-no}"
 echo "strip symbols             ${stripping-no}"
@@ -7500,7 +7527,6 @@ LD_LIB=$LD_LIB
 LD_PATH=$LD_PATH
 DLLTOOL=$dlltool
 WINDRES=$windres
-DEPWINDRES=$dep_cc
 DOXYGEN=$doxygen
 LDFLAGS=$LDFLAGS
 LDEXEFLAGS=$LDEXEFLAGS
@@ -7583,7 +7609,7 @@ cat > $TMPH <<EOF
 #define FFMPEG_CONFIG_H
 #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
 #define FFMPEG_LICENSE "$(c_escape $license)"
-#define CONFIG_THIS_YEAR 2021
+#define CONFIG_THIS_YEAR 2025
 #define FFMPEG_DATADIR "$(eval c_escape $datadir)"
 #define AVCONV_DATADIR "$(eval c_escape $datadir)"
 #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"

doc/Doxyfile

@@ -38,7 +38,7 @@ PROJECT_NAME           = FFmpeg
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         =
+PROJECT_NUMBER         = 4.4.6
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

doc/authors.texi

@@ -3,9 +3,9 @@
 The FFmpeg developers.
 
 For details about the authorship, see the Git history of the project
-(git://source.ffmpeg.org/ffmpeg), e.g. by typing the command
+(https://git.ffmpeg.org/ffmpeg), e.g. by typing the command
 @command{git log} in the FFmpeg source directory, or browsing the
-online repository at @url{http://source.ffmpeg.org}.
+online repository at @url{https://git.ffmpeg.org/ffmpeg}.
 
 Maintainers for the specific components are listed in the file
 @file{MAINTAINERS} in the source code tree.

doc/demuxers.texi

@@ -327,6 +327,13 @@ segment index to start live streams at (negative values are from the end).
 @item allowed_extensions
 ',' separated list of file extensions that hls is allowed to access.
 
+@item extension_picky
+This blocks disallowed extensions from probing
+It also requires all available segments to have matching extensions to the format
+except mpegts, which is always allowed.
+It is recommended to set the whitelists correctly instead of depending on extensions
+Enabled by default.
+
 @item max_reload
 Maximum number of times a insufficient list is attempted to be reloaded.
 Default value is 1000.

doc/developer.texi

@@ -762,6 +762,25 @@ In case you need finer control over how valgrind is invoked, use the
 @code{--target-exec='valgrind <your_custom_valgrind_options>} option in
 your configure line instead.
 
+@anchor{Maintenance}
+@chapter Maintenance process
+
+@anchor{MAINTAINERS}
+@section MAINTAINERS
+
+The developers maintaining each part of the codebase are listed in @file{MAINTAINERS}.
+Being listed in @file{MAINTAINERS}, gives one the right to have git write access to
+the specific repository.
+
+@anchor{Becoming a maintainer}
+@section Becoming a maintainer
+
+People add themselves to @file{MAINTAINERS} by sending a patch like any other code
+change. These get reviewed by the community like any other patch. It is expected
+that, if someone has an objection to a new maintainer, she is willing to object
+in public with her full name and is willing to take over maintainership for the area.
+
+
 @anchor{Release process}
 @chapter Release process
 

doc/examples/demuxing_decoding.c

@@ -137,11 +137,9 @@ static int decode_packet(AVCodecContext *dec, const AVPacket *pkt)
             ret = output_audio_frame(frame);
 
         av_frame_unref(frame);
-        if (ret < 0)
-            return ret;
     }
 
-    return 0;
+    return ret;
 }
 
 static int open_codec_context(int *stream_idx,

doc/examples/muxing.c

@@ -350,8 +350,7 @@ static int write_audio_frame(AVFormatContext *oc, OutputStream *ost)
     if (frame) {
         /* convert samples from native format to destination codec format, using the resampler */
         /* compute destination number of samples */
-        dst_nb_samples = av_rescale_rnd(swr_get_delay(ost->swr_ctx, c->sample_rate) + frame->nb_samples,
-                                        c->sample_rate, c->sample_rate, AV_ROUND_UP);
+        dst_nb_samples = swr_get_delay(ost->swr_ctx, c->sample_rate) + frame->nb_samples;
         av_assert0(dst_nb_samples == frame->nb_samples);
 
         /* when we pass a frame to the encoder, it may keep a reference to it

doc/examples/vaapi_encode.c

@@ -91,6 +91,10 @@ static int encode_write(AVCodecContext *avctx, AVFrame *frame, FILE *fout)
         enc_pkt->stream_index = 0;
         ret = fwrite(enc_pkt->data, enc_pkt->size, 1, fout);
         av_packet_unref(enc_pkt);
+        if (ret != enc_pkt->size) {
+            ret = AVERROR(errno);
+            break;
+        }
     }
 
 end:

doc/examples/vaapi_transcode.c

@@ -218,10 +218,8 @@ static int dec_enc(AVPacket *pkt, AVCodec *enc_codec)
 
 fail:
         av_frame_free(&frame);
-        if (ret < 0)
-            return ret;
     }
-    return 0;
+    return ret;
 }
 
 int main(int argc, char **argv)

doc/fate_config.sh.template

@@ -1,5 +1,5 @@
 slot=                                    # some unique identifier
-repo=git://source.ffmpeg.org/ffmpeg.git  # the source repository
+repo=https://git.ffmpeg.org/ffmpeg.git   # the source repository
 #branch=release/2.6                       # the branch to test
 samples=                                 # path to samples directory
 workdir=                                 # directory in which to do all the work

doc/git-howto.texi

@@ -53,7 +53,7 @@ Most distribution and operating system provide a package for it.
 @section Cloning the source tree
 
 @example
-git clone git://source.ffmpeg.org/ffmpeg <target>
+git clone https://git.ffmpeg.org/ffmpeg.git <target>
 @end example
 
 This will put the FFmpeg sources into the directory @var{<target>}.
@@ -143,7 +143,7 @@ git log <filename(s)>
 @end example
 
 You may also use the graphical tools like @command{gitview} or @command{gitk}
-or the web interface available at @url{http://source.ffmpeg.org/}.
+or the web interface available at @url{https://git.ffmpeg.org/ffmpeg.git}.
 
 @section Checking source tree status
 
@@ -187,11 +187,18 @@ to make sure you don't have untracked files or deletions.
 git add [-i|-p|-A] <filenames/dirnames>
 @end example
 
-Make sure you have told Git your name and email address
+Make sure you have told Git your name, email address and GPG key
 
 @example
 git config --global user.name "My Name"
 git config --global user.email my@@email.invalid
+git config --global user.signingkey ABCDEF0123245
+@end example
+
+Enable signing all commits or use -S
+
+@example
+git config --global commit.gpgsign true
 @end example
 
 Use @option{--global} to set the global configuration for all your Git checkouts.
@@ -393,6 +400,19 @@ git checkout -b svn_23456 $SHA1
 where @var{$SHA1} is the commit hash from the @command{git log} output.
 
 
+@chapter gpg key generation
+
+If you have no gpg key yet, we recommend that you create a ed25519 based key as it
+is small, fast and secure. Especially it results in small signatures in git.
+
+@example
+gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-generate-key "human@@server.com"
+@end example
+
+When generating a key, make sure the email specified matches the email used in git as some sites like
+github consider mismatches a reason to declare such commits unverified. After generating a key you
+can add it to the MAINTAINER file and upload it to a keyserver.
+
 @chapter Pre-push checklist
 
 Once you have a set of commits that you feel are ready for pushing,

doc/t2h.pm

@@ -20,8 +20,45 @@
 # License along with FFmpeg; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
+# Texinfo 7.0 changed the syntax of various functions.
+# Provide a shim for older versions.
+sub ff_set_from_init_file($$) {
+    my $key = shift;
+    my $value = shift;
+    if (exists &{'texinfo_set_from_init_file'}) {
+        texinfo_set_from_init_file($key, $value);
+    } else {
+        set_from_init_file($key, $value);
+    }
+}
+
+sub ff_get_conf($) {
+    my $key = shift;
+    if (exists &{'texinfo_get_conf'}) {
+        texinfo_get_conf($key);
+    } else {
+        get_conf($key);
+    }
+}
+
+sub get_formatting_function($$) {
+    my $obj = shift;
+    my $func = shift;
+
+    my $sub = $obj->can('formatting_function');
+    if ($sub) {
+        return $obj->formatting_function($func);
+    } else {
+        return $obj->{$func};
+    }
+}
+
+# determine texinfo version
+my $program_version_num = version->declare(ff_get_conf('PACKAGE_VERSION'))->numify;
+my $program_version_6_8 = $program_version_num >= 6.008000;
+
 # no navigation elements
-set_from_init_file('HEADERS', 0);
+ff_set_from_init_file('HEADERS', 0);
 
 sub ffmpeg_heading_command($$$$$)
 {
@@ -55,7 +92,7 @@ sub ffmpeg_heading_command($$$$$)
         $element = $command->{'parent'};
     }
     if ($element) {
-        $result .= &{$self->{'format_element_header'}}($self, $cmdname,
+        $result .= &{get_formatting_function($self, 'format_element_header')}($self, $cmdname,
                                                        $command, $element);
     }
 
@@ -112,7 +149,11 @@ sub ffmpeg_heading_command($$$$$)
                 $cmdname
                     = $Texinfo::Common::level_to_structuring_command{$cmdname}->[$heading_level];
             }
-            $result .= &{$self->{'format_heading_text'}}(
+            # format_heading_text expects an array of headings for texinfo >= 7.0
+            if ($program_version_num >= 7.000000) {
+                $heading = [$heading];
+            }
+            $result .= &{get_formatting_function($self,'format_heading_text')}(
                         $self, $cmdname, $heading,
                         $heading_level +
                         $self->get_conf('CHAPTER_HEADER_LEVEL') - 1, $command);
@@ -127,14 +168,18 @@ foreach my $command (keys(%Texinfo::Common::sectioning_commands), 'node') {
 }
 
 # print the TOC where @contents is used
-set_from_init_file('INLINE_CONTENTS', 1);
+if ($program_version_6_8) {
+    ff_set_from_init_file('CONTENTS_OUTPUT_LOCATION', 'inline');
+} else {
+    ff_set_from_init_file('INLINE_CONTENTS', 1);
+}
 
 # make chapters <h2>
-set_from_init_file('CHAPTER_HEADER_LEVEL', 2);
+ff_set_from_init_file('CHAPTER_HEADER_LEVEL', 2);
 
 # Do not add <hr>
-set_from_init_file('DEFAULT_RULE', '');
-set_from_init_file('BIG_RULE', '');
+ff_set_from_init_file('DEFAULT_RULE', '');
+ff_set_from_init_file('BIG_RULE', '');
 
 # Customized file beginning
 sub ffmpeg_begin_file($$$)
@@ -151,7 +196,18 @@ sub ffmpeg_begin_file($$$)
     my ($title, $description, $encoding, $date, $css_lines,
         $doctype, $bodytext, $copying_comment, $after_body_open,
         $extra_head, $program_and_version, $program_homepage,
-        $program, $generator) = $self->_file_header_informations($command);
+        $program, $generator);
+    if ($program_version_num >= 7.000000) {
+        ($title, $description, $encoding, $date, $css_lines,
+         $doctype, $bodytext, $copying_comment, $after_body_open,
+         $extra_head, $program_and_version, $program_homepage,
+         $program, $generator) = $self->_file_header_information($command);
+    } else {
+        ($title, $description, $encoding, $date, $css_lines,
+         $doctype, $bodytext, $copying_comment, $after_body_open,
+         $extra_head, $program_and_version, $program_homepage,
+         $program, $generator) = $self->_file_header_informations($command);
+    }
 
     my $links = $self->_get_links ($filename, $element);
 
@@ -184,7 +240,11 @@ EOT
 
     return $head1 . $head_title . $head2 . $head_title . $head3;
 }
-texinfo_register_formatting_function('begin_file', \&ffmpeg_begin_file);
+if ($program_version_6_8) {
+    texinfo_register_formatting_function('format_begin_file', \&ffmpeg_begin_file);
+} else {
+    texinfo_register_formatting_function('begin_file', \&ffmpeg_begin_file);
+}
 
 sub ffmpeg_program_string($)
 {
@@ -201,13 +261,17 @@ sub ffmpeg_program_string($)
       $self->gdt('This document was generated automatically.'));
   }
 }
-texinfo_register_formatting_function('program_string', \&ffmpeg_program_string);
+if ($program_version_6_8) {
+    texinfo_register_formatting_function('format_program_string', \&ffmpeg_program_string);
+} else {
+    texinfo_register_formatting_function('program_string', \&ffmpeg_program_string);
+}
 
 # Customized file ending
 sub ffmpeg_end_file($)
 {
     my $self = shift;
-    my $program_string = &{$self->{'format_program_string'}}($self);
+    my $program_string = &{get_formatting_function($self,'format_program_string')}($self);
     my $program_text = <<EOT;
       <p style="font-size: small;">
         $program_string
@@ -220,11 +284,15 @@ EOT
 EOT
     return $program_text . $footer;
 }
-texinfo_register_formatting_function('end_file', \&ffmpeg_end_file);
+if ($program_version_6_8) {
+    texinfo_register_formatting_function('format_end_file', \&ffmpeg_end_file);
+} else {
+    texinfo_register_formatting_function('end_file', \&ffmpeg_end_file);
+}
 
 # Dummy title command
 # Ignore title. Title is handled through ffmpeg_begin_file().
-set_from_init_file('USE_TITLEPAGE_FOR_TITLE', 1);
+ff_set_from_init_file('USE_TITLEPAGE_FOR_TITLE', 1);
 sub ffmpeg_title($$$$)
 {
     return '';
@@ -242,8 +310,14 @@ sub ffmpeg_float($$$$$)
     my $args = shift;
     my $content = shift;
 
-    my ($caption, $prepended) = Texinfo::Common::float_name_caption($self,
-                                                                $command);
+    my ($caption, $prepended);
+    if ($program_version_num >= 7.000000) {
+        ($caption, $prepended) = Texinfo::Convert::Converter::float_name_caption($self,
+                                                                                 $command);
+    } else {
+        ($caption, $prepended) = Texinfo::Common::float_name_caption($self,
+                                                                     $command);
+    }
     my $caption_text = '';
     my $prepended_text;
     my $prepended_save = '';
@@ -315,8 +389,13 @@ sub ffmpeg_float($$$$$)
             $caption->{'args'}->[0], 'float caption');
     }
     if ($prepended_text.$caption_text ne '') {
-        $prepended_text = $self->_attribute_class('div','float-caption'). '>'
-                . $prepended_text;
+        if ($program_version_num >= 7.000000) {
+            $prepended_text = $self->html_attribute_class('div',['float-caption']). '>'
+                    . $prepended_text;
+        } else {
+            $prepended_text = $self->_attribute_class('div','float-caption'). '>'
+                    . $prepended_text;
+        }
         $caption_text .= '</div>';
     }
     my $html_class = '';
@@ -329,8 +408,13 @@ sub ffmpeg_float($$$$$)
         $prepended_text = '';
         $caption_text   = '';
     }
-    return $self->_attribute_class('div', $html_class). '>' . "\n" .
-        $prepended_text . $caption_text . $content . '</div>';
+    if ($program_version_num >= 7.000000) {
+        return $self->html_attribute_class('div', [$html_class]). '>' . "\n" .
+            $prepended_text . $caption_text . $content . '</div>';
+    } else {
+        return $self->_attribute_class('div', $html_class). '>' . "\n" .
+            $prepended_text . $caption_text . $content . '</div>';
+    }
 }
 
 texinfo_register_command_formatting('float',

doc/writing_filters.txt

@@ -418,4 +418,4 @@ done:
 
 When all of this is done, you can submit your patch to the ffmpeg-devel
 mailing-list for review.  If you need any help, feel free to come on our IRC
-channel, #ffmpeg-devel on irc.freenode.net.
+channel, #ffmpeg-devel on irc.libera.chat.

ffbuild/common.mak

@@ -90,7 +90,7 @@ COMPILE_MSA = $(call COMPILE,CC,MSAFLAGS)
 	-$(if $(ASMSTRIPFLAGS), $(STRIP) $(ASMSTRIPFLAGS) $@)
 
 %.o: %.rc
-	$(WINDRES) $(IFLAGS) --preprocessor "$(DEPWINDRES) -E -xc-header -DRC_INVOKED $(CC_DEPFLAGS)" -o $@ $<
+	$(WINDRES) $(IFLAGS) $(foreach ARG,$(CC_DEPFLAGS),--preprocessor-arg "$(ARG)") -o $@ $<
 
 %.i: %.c
 	$(CC) $(CCFLAGS) $(CC_E) $<

fftools/cmdutils.c

@@ -537,7 +537,7 @@ static const AVOption *opt_find(void *obj, const char *name, const char *unit,
     return o;
 }
 
-#define FLAGS (o->type == AV_OPT_TYPE_FLAGS && (arg[0]=='-' || arg[0]=='+')) ? AV_DICT_APPEND : 0
+#define FLAGS ((o->type == AV_OPT_TYPE_FLAGS && (arg[0]=='-' || arg[0]=='+')) ? AV_DICT_APPEND : 0)
 int opt_default(void *optctx, const char *opt, const char *arg)
 {
     const AVOption *o;

fftools/ffmpeg.c

@@ -492,8 +492,9 @@ static int read_key(void)
         }
         //Read it
         if(nchars != 0) {
-            read(0, &ch, 1);
-            return ch;
+            if (read(0, &ch, 1) == 1)
+                return ch;
+            return 0;
         }else{
             return -1;
         }
@@ -1974,6 +1975,9 @@ static void flush_encoders(void)
             AVPacket *pkt = ost->pkt;
             int pkt_size;
 
+            if (!pkt)
+                break;
+
             switch (enc->codec_type) {
             case AVMEDIA_TYPE_AUDIO:
                 desc   = "audio";
@@ -3463,12 +3467,7 @@ static int init_output_stream_encode(OutputStream *ost, AVFrame *frame)
             enc_ctx->bits_per_raw_sample = frame_bits_per_raw_sample;
         }
 
-        if (ost->top_field_first == 0) {
-            enc_ctx->field_order = AV_FIELD_BB;
-        } else if (ost->top_field_first == 1) {
-            enc_ctx->field_order = AV_FIELD_TT;
-        }
-
+        // Field order: autodetection
         if (frame) {
             if (enc_ctx->flags & (AV_CODEC_FLAG_INTERLACED_DCT | AV_CODEC_FLAG_INTERLACED_ME) &&
                 ost->top_field_first >= 0)
@@ -3483,6 +3482,13 @@ static int init_output_stream_encode(OutputStream *ost, AVFrame *frame)
                 enc_ctx->field_order = AV_FIELD_PROGRESSIVE;
         }
 
+        // Field order: override
+        if (ost->top_field_first == 0) {
+            enc_ctx->field_order = AV_FIELD_BB;
+        } else if (ost->top_field_first == 1) {
+            enc_ctx->field_order = AV_FIELD_TT;
+        }
+
         if (ost->forced_keyframes) {
             if (!strncmp(ost->forced_keyframes, "expr:", 5)) {
                 ret = av_expr_parse(&ost->forced_keyframes_pexpr, ost->forced_keyframes+5,
@@ -3950,7 +3956,7 @@ static OutputStream *choose_output(void)
                 ost->st->index, ost->st->id, ost->initialized, ost->inputs_done, ost->finished);
 
         if (!ost->initialized && !ost->inputs_done)
-            return ost;
+            return ost->unavailable ? NULL : ost;
 
         if (!ost->finished && opts < opts_min) {
             opts_min = opts;

libavcodec/012v.c

@@ -131,8 +131,8 @@ static int zero12v_decode_frame(AVCodecContext *avctx, void *data,
             u = x/2 + (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
             v = x/2 + (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
             memcpy(y, y_temp, sizeof(*y) * (width - x));
-            memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2);
-            memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2);
+            memcpy(u, u_temp, sizeof(*u) * ((width - x + 1) / 2));
+            memcpy(v, v_temp, sizeof(*v) * ((width - x + 1) / 2));
         }
 
         line_end += stride;

libavcodec/4xm.c

@@ -886,6 +886,8 @@ static int decode_frame(AVCodecContext *avctx, void *data,
         }
 
         if (i >= CFRAME_BUFFER_COUNT) {
+            if (free_index < 0)
+                return AVERROR_INVALIDDATA;
             i             = free_index;
             f->cfrm[i].id = id;
         }

libavcodec/8bps.c

@@ -70,6 +70,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
     unsigned char *planemap = c->planemap;
     int ret;
 
+    if (buf_size < planes * height *2)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
         return ret;
 

libavcodec/Makefile

@@ -132,7 +132,6 @@ OBJS-$(CONFIG_MPEGVIDEOENC)            += mpegvideo_enc.o mpeg12data.o  \
                                           motion_est.o ratecontrol.o    \
                                           mpegvideoencdsp.o
 OBJS-$(CONFIG_MSS34DSP)                += mss34dsp.o
-OBJS-$(CONFIG_NVENC)                   += nvenc.o
 OBJS-$(CONFIG_PIXBLOCKDSP)             += pixblockdsp.o
 OBJS-$(CONFIG_QPELDSP)                 += qpeldsp.o
 OBJS-$(CONFIG_QSV)                     += qsv.o
@@ -375,9 +374,9 @@ OBJS-$(CONFIG_H264_CUVID_DECODER)      += cuviddec.o
 OBJS-$(CONFIG_H264_MEDIACODEC_DECODER) += mediacodecdec.o
 OBJS-$(CONFIG_H264_MF_ENCODER)         += mfenc.o mf_utils.o
 OBJS-$(CONFIG_H264_MMAL_DECODER)       += mmaldec.o
-OBJS-$(CONFIG_H264_NVENC_ENCODER)      += nvenc_h264.o
-OBJS-$(CONFIG_NVENC_ENCODER)           += nvenc_h264.o
-OBJS-$(CONFIG_NVENC_H264_ENCODER)      += nvenc_h264.o
+OBJS-$(CONFIG_H264_NVENC_ENCODER)      += nvenc.o nvenc_h264.o
+OBJS-$(CONFIG_NVENC_ENCODER)           += nvenc.o nvenc_h264.o
+OBJS-$(CONFIG_NVENC_H264_ENCODER)      += nvenc.o nvenc_h264.o
 OBJS-$(CONFIG_H264_OMX_ENCODER)        += omx.o
 OBJS-$(CONFIG_H264_QSV_DECODER)        += qsvdec.o
 OBJS-$(CONFIG_H264_QSV_ENCODER)        += qsvenc_h264.o
@@ -397,8 +396,8 @@ OBJS-$(CONFIG_HEVC_AMF_ENCODER)        += amfenc_hevc.o
 OBJS-$(CONFIG_HEVC_CUVID_DECODER)      += cuviddec.o
 OBJS-$(CONFIG_HEVC_MEDIACODEC_DECODER) += mediacodecdec.o
 OBJS-$(CONFIG_HEVC_MF_ENCODER)         += mfenc.o mf_utils.o
-OBJS-$(CONFIG_HEVC_NVENC_ENCODER)      += nvenc_hevc.o
-OBJS-$(CONFIG_NVENC_HEVC_ENCODER)      += nvenc_hevc.o
+OBJS-$(CONFIG_HEVC_NVENC_ENCODER)      += nvenc.o nvenc_hevc.o
+OBJS-$(CONFIG_NVENC_HEVC_ENCODER)      += nvenc.o nvenc_hevc.o
 OBJS-$(CONFIG_HEVC_QSV_DECODER)        += qsvdec.o
 OBJS-$(CONFIG_HEVC_QSV_ENCODER)        += qsvenc_hevc.o hevc_ps_enc.o       \
                                           hevc_data.o
@@ -875,6 +874,7 @@ OBJS-$(CONFIG_ADPCM_G726_ENCODER)         += g726.o
 OBJS-$(CONFIG_ADPCM_G726LE_DECODER)       += g726.o
 OBJS-$(CONFIG_ADPCM_G726LE_ENCODER)       += g726.o
 OBJS-$(CONFIG_ADPCM_IMA_AMV_DECODER)      += adpcm.o adpcm_data.o
+OBJS-$(CONFIG_ADPCM_IMA_AMV_ENCODER)      += adpcmenc.o adpcm_data.o
 OBJS-$(CONFIG_ADPCM_IMA_ALP_DECODER)      += adpcm.o adpcm_data.o
 OBJS-$(CONFIG_ADPCM_IMA_ALP_ENCODER)      += adpcmenc.o adpcm_data.o
 OBJS-$(CONFIG_ADPCM_IMA_APC_DECODER)      += adpcm.o adpcm_data.o

libavcodec/a64multienc.c

@@ -107,13 +107,16 @@ static void render_charset(AVCodecContext *avctx, uint8_t *charset,
     uint8_t pix;
     int lowdiff, highdiff;
     int *best_cb = c->mc_best_cb;
-    static uint8_t index1[256];
-    static uint8_t index2[256];
-    static uint8_t dither[256];
+    uint8_t index1[256];
+    uint8_t index2[256];
+    uint8_t dither[256];
     int i;
     int distance;
 
-    /* generate lookup-tables for dither and index before looping */
+    /* Generate lookup-tables for dither and index before looping.
+     * This code relies on c->mc_luma_vals[c->mc_pal_size - 1] being
+     * the maximum of all the mc_luma_vals values and on the minimum
+     * being zero; this ensures that dither is properly initialized. */
     i = 0;
     for (a=0; a < 256; a++) {
         if(i < c->mc_pal_size -1 && a == c->mc_luma_vals[i + 1]) {

libavcodec/aaccoder.c

@@ -843,25 +843,25 @@ static void search_for_ms(AACEncContext *s, ChannelElement *cpe)
                                                     sce0->ics.swb_sizes[g],
                                                     sce0->sf_idx[w*16+g],
                                                     sce0->band_type[w*16+g],
-                                                    lambda / band0->threshold, INFINITY, &b1, NULL, 0);
+                                                    lambda / (band0->threshold + FLT_MIN), INFINITY, &b1, NULL, 0);
                         dist1 += quantize_band_cost(s, &sce1->coeffs[start + (w+w2)*128],
                                                     R34,
                                                     sce1->ics.swb_sizes[g],
                                                     sce1->sf_idx[w*16+g],
                                                     sce1->band_type[w*16+g],
-                                                    lambda / band1->threshold, INFINITY, &b2, NULL, 0);
+                                                    lambda / (band1->threshold + FLT_MIN), INFINITY, &b2, NULL, 0);
                         dist2 += quantize_band_cost(s, M,
                                                     M34,
                                                     sce0->ics.swb_sizes[g],
                                                     mididx,
                                                     midcb,
-                                                    lambda / minthr, INFINITY, &b3, NULL, 0);
+                                                    lambda / (minthr + FLT_MIN), INFINITY, &b3, NULL, 0);
                         dist2 += quantize_band_cost(s, S,
                                                     S34,
                                                     sce1->ics.swb_sizes[g],
                                                     sididx,
                                                     sidcb,
-                                                    mslambda / (minthr * bmax), INFINITY, &b4, NULL, 0);
+                                                    mslambda / (minthr * bmax + FLT_MIN), INFINITY, &b4, NULL, 0);
                         B0 += b1+b2;
                         B1 += b3+b4;
                         dist1 -= b1+b2;

libavcodec/aacdec_template.c

@@ -1076,14 +1076,18 @@ static int decode_audio_specific_config_gb(AACContext *ac,
 {
     int i, ret;
     GetBitContext gbc = *gb;
+    MPEG4AudioConfig m4ac_bak = *m4ac;
 
-    if ((i = ff_mpeg4audio_get_config_gb(m4ac, &gbc, sync_extension, avctx)) < 0)
+    if ((i = ff_mpeg4audio_get_config_gb(m4ac, &gbc, sync_extension, avctx)) < 0) {
+        *m4ac = m4ac_bak;
         return AVERROR_INVALIDDATA;
+    }
 
     if (m4ac->sampling_index > 12) {
         av_log(avctx, AV_LOG_ERROR,
                "invalid sampling rate index %d\n",
                m4ac->sampling_index);
+        *m4ac = m4ac_bak;
         return AVERROR_INVALIDDATA;
     }
     if (m4ac->object_type == AOT_ER_AAC_LD &&
@@ -1091,6 +1095,7 @@ static int decode_audio_specific_config_gb(AACContext *ac,
         av_log(avctx, AV_LOG_ERROR,
                "invalid low delay sampling rate index %d\n",
                m4ac->sampling_index);
+        *m4ac = m4ac_bak;
         return AVERROR_INVALIDDATA;
     }
 

libavcodec/aacenc.c

@@ -28,6 +28,7 @@
  *              TODOs:
  * add sane pulse detection
  ***********************************/
+#include <float.h>
 
 #include "libavutil/libm.h"
 #include "libavutil/float_dsp.h"
@@ -852,7 +853,7 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
                 /* Not so fast though */
                 ratio = sqrtf(ratio);
             }
-            s->lambda = FFMIN(s->lambda * ratio, 65536.f);
+            s->lambda = av_clipf(s->lambda * ratio, FLT_EPSILON, 65536.f);
 
             /* Keep iterating if we must reduce and lambda is in the sky */
             if (ratio > 0.9f && ratio < 1.1f) {
@@ -897,7 +898,7 @@ static av_cold int aac_encode_end(AVCodecContext *avctx)
 {
     AACEncContext *s = avctx->priv_data;
 
-    av_log(avctx, AV_LOG_INFO, "Qavg: %.3f\n", s->lambda_sum / s->lambda_count);
+    av_log(avctx, AV_LOG_INFO, "Qavg: %.3f\n", s->lambda_count ? s->lambda_sum / s->lambda_count : NAN);
 
     ff_mdct_end(&s->mdct1024);
     ff_mdct_end(&s->mdct128);

libavcodec/aacpsy.c

@@ -308,6 +308,9 @@ static av_cold int psy_3gpp_init(FFPsyContext *ctx) {
     const int bandwidth    = ctx->cutoff ? ctx->cutoff : AAC_CUTOFF(ctx->avctx);
     const float num_bark   = calc_bark((float)bandwidth);
 
+    if (bandwidth <= 0)
+        return AVERROR(EINVAL);
+
     ctx->model_priv_data = av_mallocz(sizeof(AacPsyContext));
     if (!ctx->model_priv_data)
         return AVERROR(ENOMEM);
@@ -794,7 +797,7 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel,
 
         if (pe < 1.15f * desired_pe) {
             /* 6.6.1.3.6 "Final threshold modification by linearization" */
-            norm_fac = 1.0f / norm_fac;
+            norm_fac = norm_fac ? 1.0f / norm_fac : 0;
             for (w = 0; w < wi->num_windows*16; w += 16) {
                 for (g = 0; g < num_bands; g++) {
                     AacPsyBand *band = &pch->band[w+g];

libavcodec/aacsbr_template.c

@@ -588,6 +588,7 @@ static int sbr_make_f_derived(AACContext *ac, SpectralBandReplication *sbr)
 
     if (sbr->n_q > 5) {
         av_log(ac->avctx, AV_LOG_ERROR, "Too many noise floor scale factors: %d\n", sbr->n_q);
+        sbr->n_q = 1;
         return -1;
     }
 

libavcodec/aarch64/hevcdsp_idct_neon.S

@@ -573,14 +573,13 @@ idct_16x16 10
 // void ff_hevc_idct_NxN_dc_DEPTH_neon(int16_t *coeffs)
 .macro idct_dc size, bitdepth
 function ff_hevc_idct_\size\()x\size\()_dc_\bitdepth\()_neon, export=1
-        movi          v1.8h,  #((1 << (14 - \bitdepth))+1)
         ld1r         {v4.8h}, [x0]
-        add           v4.8h,  v4.8h,  v1.8h
-        sshr          v0.8h,  v4.8h,  #(15 - \bitdepth)
-        sshr          v1.8h,  v4.8h,  #(15 - \bitdepth)
+        srshr         v4.8h,  v4.8h,  #1
+        srshr         v0.8h,  v4.8h,  #(14 - \bitdepth)
+        srshr         v1.8h,  v4.8h,  #(14 - \bitdepth)
 .if \size > 4
-        sshr          v2.8h,  v4.8h,  #(15 - \bitdepth)
-        sshr          v3.8h,  v4.8h,  #(15 - \bitdepth)
+        srshr         v2.8h,  v4.8h,  #(14 - \bitdepth)
+        srshr         v3.8h,  v4.8h,  #(14 - \bitdepth)
 .if \size > 16 /* dc 32x32 */
         mov              x2,  #4
 1:

libavcodec/aarch64/vp9mc_neon.S

@@ -230,6 +230,9 @@ function \type\()_8tap_\size\()h_\idx1\idx2
         // reduced dst stride
 .if \size >= 16
         sub             x1,  x1,  x5
+.elseif \size == 4
+        add             x12, x2,  #8
+        add             x13, x7,  #8
 .endif
         // size >= 16 loads two qwords and increments x2,
         // for size 4/8 it's enough with one qword and no
@@ -248,9 +251,14 @@ function \type\()_8tap_\size\()h_\idx1\idx2
 .if \size >= 16
         ld1             {v4.8b,  v5.8b,  v6.8b},  [x2], #24
         ld1             {v16.8b, v17.8b, v18.8b}, [x7], #24
-.else
+.elseif \size == 8
         ld1             {v4.8b,  v5.8b},  [x2]
         ld1             {v16.8b, v17.8b}, [x7]
+.else // \size == 4
+        ld1             {v4.8b},  [x2]
+        ld1             {v16.8b}, [x7]
+        ld1             {v5.s}[0],  [x12], x3
+        ld1             {v17.s}[0], [x13], x3
 .endif
         uxtl            v4.8h,  v4.8b
         uxtl            v5.8h,  v5.8b

libavcodec/aasc.c

@@ -104,26 +104,26 @@ static int aasc_decode_frame(AVCodecContext *avctx,
         ff_msrle_decode(avctx, s->frame, 8, &s->gb);
         break;
     case MKTAG('A', 'A', 'S', 'C'):
-    switch (compr) {
-    case 0:
-        stride = (avctx->width * psize + psize) & ~psize;
-        if (buf_size < stride * avctx->height)
+        switch (compr) {
+        case 0:
+            stride = (avctx->width * psize + psize) & ~psize;
+            if (buf_size < stride * avctx->height)
+                return AVERROR_INVALIDDATA;
+            for (i = avctx->height - 1; i >= 0; i--) {
+                memcpy(s->frame->data[0] + i * s->frame->linesize[0], buf, avctx->width * psize);
+                buf += stride;
+                buf_size -= stride;
+            }
+            break;
+        case 1:
+            bytestream2_init(&s->gb, buf, buf_size);
+            ff_msrle_decode(avctx, s->frame, 8, &s->gb);
+            break;
+        default:
+            av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n", compr);
             return AVERROR_INVALIDDATA;
-        for (i = avctx->height - 1; i >= 0; i--) {
-            memcpy(s->frame->data[0] + i * s->frame->linesize[0], buf, avctx->width * psize);
-            buf += stride;
-            buf_size -= stride;
         }
         break;
-    case 1:
-        bytestream2_init(&s->gb, buf, buf_size);
-        ff_msrle_decode(avctx, s->frame, 8, &s->gb);
-        break;
-    default:
-        av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n", compr);
-        return AVERROR_INVALIDDATA;
-    }
-        break;
     default:
         av_log(avctx, AV_LOG_ERROR, "Unknown FourCC: %X\n", avctx->codec_tag);
         return -1;

libavcodec/ac3.h

@@ -27,7 +27,6 @@
 #ifndef AVCODEC_AC3_H
 #define AVCODEC_AC3_H
 
-#define AC3_MAX_CODED_FRAME_SIZE 3840 /* in bytes */
 #define EAC3_MAX_CHANNELS 16          /**< maximum number of channels in EAC3 */
 #define AC3_MAX_CHANNELS 7            /**< maximum number of channels, including coupling channel */
 #define CPL_CH 0                      /**< coupling channel index */
@@ -75,6 +74,7 @@
 #define AC3_DYNAMIC_RANGE1      0
 
 typedef int                     INTFLOAT;
+typedef unsigned int            UINTFLOAT;
 typedef int16_t                 SHORTFLOAT;
 
 #else /* USE_FIXED */
@@ -94,6 +94,7 @@ typedef int16_t                 SHORTFLOAT;
 #define AC3_DYNAMIC_RANGE1      1.0f
 
 typedef float                   INTFLOAT;
+typedef float                   UINTFLOAT;
 typedef float                   SHORTFLOAT;
 
 #endif /* USE_FIXED */

libavcodec/ac3_parser.c

@@ -179,7 +179,9 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size,
     AC3HeaderInfo hdr;
     int err;
 
-    init_get_bits8(&gb, buf, size);
+    err = init_get_bits8(&gb, buf, size);
+    if (err < 0)
+        return AVERROR_INVALIDDATA;
     err = ff_ac3_parse_header(&gb, &hdr);
     if (err < 0)
         return AVERROR_INVALIDDATA;

libavcodec/ac3enc.c

@@ -1729,7 +1729,7 @@ static void ac3_output_frame(AC3EncodeContext *s, unsigned char *frame)
 {
     int blk;
 
-    init_put_bits(&s->pb, frame, AC3_MAX_CODED_FRAME_SIZE);
+    init_put_bits(&s->pb, frame, s->frame_size);
 
     s->output_frame_header(s);
 

libavcodec/adpcm.c

@@ -100,7 +100,7 @@ static const int8_t mtf_index_table[16] = {
 typedef struct ADPCMDecodeContext {
     ADPCMChannelStatus status[14];
     int vqa_version;                /**< VQA version. Used for ADPCM_IMA_WS */
-    int has_status;
+    int has_status;                 /**< Status flag. Reset to 0 after a flush. */
 } ADPCMDecodeContext;
 
 static av_cold int adpcm_decode_init(AVCodecContext * avctx)
@@ -1811,11 +1811,6 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
         }
         break;
     case AV_CODEC_ID_ADPCM_AICA:
-        if (!c->has_status) {
-            for (channel = 0; channel < avctx->channels; channel++)
-                c->status[channel].step = 0;
-            c->has_status = 1;
-        }
         for (channel = 0; channel < avctx->channels; channel++) {
             samples = samples_p[channel];
             for (n = nb_samples >> 1; n > 0; n--) {
@@ -2077,13 +2072,6 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
         }
         break;
     case AV_CODEC_ID_ADPCM_ZORK:
-        if (!c->has_status) {
-            for (channel = 0; channel < avctx->channels; channel++) {
-                c->status[channel].predictor  = 0;
-                c->status[channel].step_index = 0;
-            }
-            c->has_status = 1;
-        }
         for (n = 0; n < nb_samples * avctx->channels; n++) {
             int v = bytestream2_get_byteu(&gb);
             *samples++ = adpcm_zork_expand_nibble(&c->status[n % avctx->channels], v);
@@ -2121,7 +2109,37 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
 static void adpcm_flush(AVCodecContext *avctx)
 {
     ADPCMDecodeContext *c = avctx->priv_data;
-    c->has_status = 0;
+
+    switch(avctx->codec_id) {
+    case AV_CODEC_ID_ADPCM_AICA:
+        for (int channel = 0; channel < avctx->channels; channel++)
+            c->status[channel].step = 0;
+        break;
+
+    case AV_CODEC_ID_ADPCM_ARGO:
+        for (int channel = 0; channel < avctx->channels; channel++) {
+            c->status[channel].sample1 = 0;
+            c->status[channel].sample2 = 0;
+        }
+        break;
+
+    case AV_CODEC_ID_ADPCM_IMA_ALP:
+    case AV_CODEC_ID_ADPCM_IMA_CUNNING:
+    case AV_CODEC_ID_ADPCM_IMA_SSI:
+    case AV_CODEC_ID_ADPCM_ZORK:
+        for (int channel = 0; channel < avctx->channels; channel++) {
+            c->status[channel].predictor  = 0;
+            c->status[channel].step_index = 0;
+        }
+        break;
+
+    default:
+        /* Other codecs may want to handle this during decoding. */
+        c->has_status = 0;
+        return;
+    }
+
+    c->has_status = 1;
 }
 
 

libavcodec/adpcmenc.c

@@ -959,14 +959,14 @@ static const AVOption options[] = {
     { NULL }
 };
 
-static const AVClass adpcm_encoder_class = {
-    .class_name = "ADPCM Encoder",
-    .item_name  = av_default_item_name,
-    .option     = options,
-    .version    = LIBAVUTIL_VERSION_INT,
-};
-
 #define ADPCM_ENCODER(id_, name_, sample_fmts_, capabilities_, long_name_) \
+static const AVClass name_ ## _encoder_class = {                           \
+    .class_name = #name_,                                                  \
+    .item_name  = av_default_item_name,                                    \
+    .option     = options,                                                 \
+    .version    = LIBAVUTIL_VERSION_INT,                                   \
+};                                                                         \
+                                                                           \
 AVCodec ff_ ## name_ ## _encoder = {                                       \
     .name           = #name_,                                              \
     .long_name      = NULL_IF_CONFIG_SMALL(long_name_),                    \
@@ -979,7 +979,7 @@ AVCodec ff_ ## name_ ## _encoder = {                                       \
     .sample_fmts    = sample_fmts_,                                        \
     .capabilities   = capabilities_,                                       \
     .caps_internal  = FF_CODEC_CAP_INIT_CLEANUP | FF_CODEC_CAP_INIT_THREADSAFE, \
-    .priv_class     = &adpcm_encoder_class,                                \
+    .priv_class     = &name_ ## _encoder_class,                            \
 }
 
 ADPCM_ENCODER(AV_CODEC_ID_ADPCM_ARGO,    adpcm_argo,    sample_fmts_p, 0,                             "ADPCM Argonaut Games");

libavcodec/aic.c

@@ -472,8 +472,7 @@ static av_cold int aic_decode_init(AVCodecContext *avctx)
         }
     }
 
-    ctx->slice_data = av_malloc_array(ctx->slice_width, AIC_BAND_COEFFS
-                                * sizeof(*ctx->slice_data));
+    ctx->slice_data = av_calloc(ctx->slice_width, AIC_BAND_COEFFS * sizeof(*ctx->slice_data));
     if (!ctx->slice_data) {
         av_log(avctx, AV_LOG_ERROR, "Error allocating slice buffer\n");
 

libavcodec/alacdsp.c

@@ -29,12 +29,12 @@ static void decorrelate_stereo(int32_t *buffer[2], int nb_samples,
     int i;
 
     for (i = 0; i < nb_samples; i++) {
-        int32_t a, b;
+        uint32_t a, b;
 
         a = buffer[0][i];
         b = buffer[1][i];
 
-        a -= (b * decorr_left_weight) >> decorr_shift;
+        a -= (int)(b * decorr_left_weight) >> decorr_shift;
         b += a;
 
         buffer[0][i] = b;

libavcodec/alsdec.c

@@ -1017,7 +1017,7 @@ static int read_block(ALSDecContext *ctx, ALSBlockData *bd)
 
     *bd->shift_lsbs = 0;
 
-    if (get_bits_left(gb) < 1)
+    if (get_bits_left(gb) < 7)
         return AVERROR_INVALIDDATA;
 
     // read block type flag and read the samples accordingly
@@ -1632,7 +1632,7 @@ static int read_frame_data(ALSDecContext *ctx, unsigned int ra_frame)
     AVCodecContext *avctx    = ctx->avctx;
     GetBitContext *gb = &ctx->gb;
     unsigned int div_blocks[32];                ///< block sizes.
-    unsigned int c;
+    int c;
     unsigned int js_blocks[2];
     uint32_t bs_info = 0;
     int ret;
@@ -1810,14 +1810,17 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame_ptr,
     else
         ctx->cur_frame_length = sconf->frame_length;
 
-    ctx->highest_decoded_channel = 0;
+    ctx->highest_decoded_channel = -1;
     // decode the frame data
     if ((invalid_frame = read_frame_data(ctx, ra_frame)) < 0)
         av_log(ctx->avctx, AV_LOG_WARNING,
                "Reading frame data failed. Skipping RA unit.\n");
 
-    if (ctx->highest_decoded_channel == 0)
+    if (ctx->highest_decoded_channel == -1) {
+        av_log(ctx->avctx, AV_LOG_WARNING,
+               "No channel data decoded.\n");
         return AVERROR_INVALIDDATA;
+    }
 
     ctx->frame_id++;
 

libavcodec/apedec.c

@@ -102,7 +102,7 @@ typedef struct APEFilter {
     int16_t *historybuffer; ///< filter memory
     int16_t *delay;         ///< filtered values
 
-    int avg;
+    uint32_t avg;
 } APEFilter;
 
 typedef struct APERice {
@@ -879,7 +879,7 @@ static av_always_inline int filter_fast_3320(APEPredictor *p,
     }
 
     predictionA = p->buf[delayA] * 2U - p->buf[delayA - 1];
-    p->lastA[filter] = decoded + ((int32_t)(predictionA  * p->coeffsA[filter][0]) >> 9);
+    p->lastA[filter] = decoded + (unsigned)((int32_t)(predictionA  * p->coeffsA[filter][0]) >> 9);
 
     if ((decoded ^ predictionA) > 0)
         p->coeffsA[filter][0]++;
@@ -909,8 +909,8 @@ static av_always_inline int filter_3800(APEPredictor *p,
         return predictionA;
     }
     d2 =  p->buf[delayA];
-    d1 = (p->buf[delayA] - p->buf[delayA - 1]) * 2U;
-    d0 =  p->buf[delayA] + ((p->buf[delayA - 2] - p->buf[delayA - 1]) * 8U);
+    d1 = (p->buf[delayA] - (unsigned)p->buf[delayA - 1]) * 2;
+    d0 =  p->buf[delayA] + ((p->buf[delayA - 2] - (unsigned)p->buf[delayA - 1]) * 8);
     d3 =  p->buf[delayB] * 2U - p->buf[delayB - 1];
     d4 =  p->buf[delayB];
 
@@ -930,7 +930,7 @@ static av_always_inline int filter_3800(APEPredictor *p,
     p->coeffsB[filter][0] += (((d3 >> 29) & 4) - 2) * sign;
     p->coeffsB[filter][1] -= (((d4 >> 30) & 2) - 1) * sign;
 
-    p->filterB[filter] = p->lastA[filter] + (predictionB >> shift);
+    p->filterB[filter] = p->lastA[filter] + (unsigned)(predictionB >> shift);
     p->filterA[filter] = p->filterB[filter] + (unsigned)((int)(p->filterA[filter] * 31U) >> 5);
 
     return p->filterA[filter];
@@ -955,7 +955,7 @@ static void long_filter_high_3800(int32_t *buffer, int order, int shift, int len
             dotprod += delay[j] * (unsigned)coeffs[j];
             coeffs[j] += ((delay[j] >> 31) | 1) * sign;
         }
-        buffer[i] -= dotprod >> shift;
+        buffer[i] -= (unsigned)(dotprod >> shift);
         for (j = 0; j < order - 1; j++)
             delay[j] = delay[j + 1];
         delay[order - 1] = buffer[i];
@@ -979,7 +979,7 @@ static void long_filter_ehigh_3830(int32_t *buffer, int length)
         for (j = 7; j > 0; j--)
             delay[j] = delay[j - 1];
         delay[0] = buffer[i];
-        buffer[i] -= dotprod >> 9;
+        buffer[i] -= (unsigned)(dotprod >> 9);
     }
 }
 
@@ -1088,13 +1088,13 @@ static av_always_inline int predictor_update_3930(APEPredictor *p,
                                                   const int delayA)
 {
     int32_t predictionA, sign;
-    int32_t d0, d1, d2, d3;
+    uint32_t d0, d1, d2, d3;
 
     p->buf[delayA]     = p->lastA[filter];
     d0 = p->buf[delayA    ];
-    d1 = p->buf[delayA    ] - p->buf[delayA - 1];
-    d2 = p->buf[delayA - 1] - p->buf[delayA - 2];
-    d3 = p->buf[delayA - 2] - p->buf[delayA - 3];
+    d1 = p->buf[delayA    ] - (unsigned)p->buf[delayA - 1];
+    d2 = p->buf[delayA - 1] - (unsigned)p->buf[delayA - 2];
+    d3 = p->buf[delayA - 2] - (unsigned)p->buf[delayA - 3];
 
     predictionA = d0 * p->coeffsA[filter][0] +
                   d1 * p->coeffsA[filter][1] +
@@ -1105,10 +1105,10 @@ static av_always_inline int predictor_update_3930(APEPredictor *p,
     p->filterA[filter] = p->lastA[filter] + ((int)(p->filterA[filter] * 31U) >> 5);
 
     sign = APESIGN(decoded);
-    p->coeffsA[filter][0] += ((d0 < 0) * 2 - 1) * sign;
-    p->coeffsA[filter][1] += ((d1 < 0) * 2 - 1) * sign;
-    p->coeffsA[filter][2] += ((d2 < 0) * 2 - 1) * sign;
-    p->coeffsA[filter][3] += ((d3 < 0) * 2 - 1) * sign;
+    p->coeffsA[filter][0] += (((int32_t)d0 < 0) * 2 - 1) * sign;
+    p->coeffsA[filter][1] += (((int32_t)d1 < 0) * 2 - 1) * sign;
+    p->coeffsA[filter][2] += (((int32_t)d2 < 0) * 2 - 1) * sign;
+    p->coeffsA[filter][3] += (((int32_t)d3 < 0) * 2 - 1) * sign;
 
     return p->filterA[filter];
 }
@@ -1166,7 +1166,8 @@ static void predictor_decode_mono_3930(APEContext *ctx, int count)
 static av_always_inline int predictor_update_filter(APEPredictor64 *p,
                                                     const int decoded, const int filter,
                                                     const int delayA,  const int delayB,
-                                                    const int adaptA,  const int adaptB)
+                                                    const int adaptA,  const int adaptB,
+                                                    int compression_level)
 {
     int64_t predictionA, predictionB;
     int32_t sign;
@@ -1194,7 +1195,13 @@ static av_always_inline int predictor_update_filter(APEPredictor64 *p,
                   p->buf[delayB - 3] * p->coeffsB[filter][3] +
                   p->buf[delayB - 4] * p->coeffsB[filter][4];
 
-    p->lastA[filter] = decoded + ((int64_t)((uint64_t)predictionA + (predictionB >> 1)) >> 10);
+    if (compression_level < COMPRESSION_LEVEL_INSANE) {
+        predictionA = (int32_t)predictionA;
+        predictionB = (int32_t)predictionB;
+        p->lastA[filter] = (int32_t)(decoded + (unsigned)((int32_t)(predictionA + (predictionB >> 1)) >> 10));
+    } else {
+        p->lastA[filter] = decoded + ((int64_t)((uint64_t)predictionA + (predictionB >> 1)) >> 10);
+    }
     p->filterA[filter] = p->lastA[filter] + ((int64_t)(p->filterA[filter] * 31ULL) >> 5);
 
     sign = APESIGN(decoded);
@@ -1222,10 +1229,12 @@ static void predictor_decode_stereo_3950(APEContext *ctx, int count)
     while (count--) {
         /* Predictor Y */
         *decoded0 = predictor_update_filter(p, *decoded0, 0, YDELAYA, YDELAYB,
-                                            YADAPTCOEFFSA, YADAPTCOEFFSB);
+                                            YADAPTCOEFFSA, YADAPTCOEFFSB,
+                                            ctx->compression_level);
         decoded0++;
         *decoded1 = predictor_update_filter(p, *decoded1, 1, XDELAYA, XDELAYB,
-                                            XADAPTCOEFFSA, XADAPTCOEFFSB);
+                                            XADAPTCOEFFSA, XADAPTCOEFFSB,
+                                            ctx->compression_level);
         decoded1++;
 
         /* Combined */
@@ -1337,7 +1346,7 @@ static void do_apply_filter(APEContext *ctx, int version, APEFilter *f,
             absres = FFABSU(res);
             if (absres)
                 *f->adaptcoeffs = APESIGN(res) *
-                                  (8 << ((absres > f->avg * 3) + (absres > f->avg * 4 / 3)));
+                                  (8 << ((absres > f->avg * 3LL) + (absres > (f->avg + f->avg / 3))));
                 /* equivalent to the following code
                     if (absres <= f->avg * 4 / 3)
                         *f->adaptcoeffs = APESIGN(res) * 8;
@@ -1587,7 +1596,7 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data,
         for (ch = 0; ch < s->channels; ch++) {
             sample8 = (uint8_t *)frame->data[ch];
             for (i = 0; i < blockstodecode; i++)
-                *sample8++ = (s->decoded[ch][i] + 0x80) & 0xff;
+                *sample8++ = (s->decoded[ch][i] + 0x80U) & 0xff;
         }
         break;
     case 16:
@@ -1609,13 +1618,24 @@ static int ape_decode_frame(AVCodecContext *avctx, void *data,
     s->samples -= blockstodecode;
 
     if (avctx->err_recognition & AV_EF_CRCCHECK &&
-        s->fileversion >= 3900 && s->bps < 24) {
+        s->fileversion >= 3900) {
         uint32_t crc = s->CRC_state;
         const AVCRC *crc_tab = av_crc_get_table(AV_CRC_32_IEEE_LE);
+        int stride = s->bps == 24 ? 4 : (s->bps>>3);
+        int offset = s->bps == 24;
+        int bytes  = s->bps >> 3;
+
         for (i = 0; i < blockstodecode; i++) {
             for (ch = 0; ch < s->channels; ch++) {
-                uint8_t *smp = frame->data[ch] + (i*(s->bps >> 3));
-                crc = av_crc(crc_tab, crc, smp, s->bps >> 3);
+#if HAVE_BIGENDIAN
+                uint8_t *smp_native = frame->data[ch] + i*stride;
+                uint8_t smp[4];
+                for(int j = 0; j<stride; j++)
+                    smp[j] = smp_native[stride-j-1];
+#else
+                uint8_t *smp = frame->data[ch] + i*stride;
+#endif
+                crc = av_crc(crc_tab, crc, smp+offset, bytes);
             }
         }
 

libavcodec/argo.c

@@ -59,7 +59,7 @@ static int decode_pal8(AVCodecContext *avctx, uint32_t *pal)
         return AVERROR_INVALIDDATA;
 
     for (int i = 0; i < count; i++)
-        pal[start + i] = (0xFF << 24U) | bytestream2_get_be24u(gb);
+        pal[start + i] = (0xFFU << 24) | bytestream2_get_be24u(gb);
 
     return 0;
 }
@@ -608,6 +608,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
     uint32_t chunk;
     int ret;
 
+    if (avpkt->size < 4)
+        return AVERROR_INVALIDDATA;
+
     bytestream2_init(gb, avpkt->data, avpkt->size);
 
     if ((ret = ff_reget_buffer(avctx, frame, 0)) < 0)
@@ -685,6 +688,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
              return AVERROR_PATCHWELCOME;
     }
 
+    if (avctx->width % 2 || avctx->height % 2) {
+        avpriv_request_sample(s, "Odd dimensions\n");
+        return AVERROR_PATCHWELCOME;
+    }
+
     s->frame = av_frame_alloc();
     if (!s->frame)
         return AVERROR(ENOMEM);

libavcodec/arm/mlpdsp_armv5te.S

@@ -229,7 +229,7 @@ A .endif
   .endif
 
         // Begin loop
-01:
+1:
   .if TOTAL_TAPS == 0
         // Things simplify a lot in this case
         // In fact this could be pipelined further if it's worth it...
@@ -241,7 +241,7 @@ A .endif
         str     ST0, [PST, #-4]!
         str     ST0, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
         str     ST0, [PSAMP], #4 * MAX_CHANNELS
-        bne     01b
+        bne     1b
   .else
     .if \fir_taps & 1
       .set LOAD_REG, 1
@@ -333,7 +333,7 @@ T       orr     AC0, AC0, AC1
         str     ST3, [PST, #-4]!
         str     ST2, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
         str     ST3, [PSAMP], #4 * MAX_CHANNELS
-        bne     01b
+        bne     1b
   .endif
         b       99f
 

libavcodec/arm/sbcdsp_neon.S

@@ -38,49 +38,49 @@ function ff_sbc_analyze_4_neon, export=1
         /* TODO: merge even and odd cases (or even merge all four calls to this
          * function) in order to have only aligned reads from 'in' array
          * and reduce number of load instructions */
-        vld1.16         {d4, d5}, [r0, :64]!
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d16, d17}, [r0, :64]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmull.s16       q0, d4, d8
-        vld1.16         {d6,  d7}, [r0, :64]!
-        vmull.s16       q1, d5, d9
-        vld1.16         {d10, d11}, [r2, :128]!
+        vmull.s16       q0, d16, d20
+        vld1.16         {d18, d19}, [r0, :64]!
+        vmull.s16       q1, d17, d21
+        vld1.16         {d22, d23}, [r2, :128]!
 
-        vmlal.s16       q0, d6, d10
-        vld1.16         {d4, d5}, [r0, :64]!
-        vmlal.s16       q1, d7, d11
-        vld1.16         {d8, d9}, [r2, :128]!
+        vmlal.s16       q0, d18, d22
+        vld1.16         {d16, d17}, [r0, :64]!
+        vmlal.s16       q1, d19, d23
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q0, d4, d8
-        vld1.16         {d6,  d7}, [r0, :64]!
-        vmlal.s16       q1, d5, d9
-        vld1.16         {d10, d11}, [r2, :128]!
+        vmlal.s16       q0, d16, d20
+        vld1.16         {d18, d19}, [r0, :64]!
+        vmlal.s16       q1, d17, d21
+        vld1.16         {d22, d23}, [r2, :128]!
 
-        vmlal.s16       q0, d6, d10
-        vld1.16         {d4, d5}, [r0, :64]!
-        vmlal.s16       q1, d7, d11
-        vld1.16         {d8, d9}, [r2, :128]!
+        vmlal.s16       q0, d18, d22
+        vld1.16         {d16, d17}, [r0, :64]!
+        vmlal.s16       q1, d19, d23
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q0, d4, d8
-        vmlal.s16       q1, d5, d9
+        vmlal.s16       q0, d16, d20
+        vmlal.s16       q1, d17, d21
 
         vpadd.s32       d0, d0, d1
         vpadd.s32       d1, d2, d3
 
         vrshrn.s32      d0, q0, SBC_PROTO_FIXED_SCALE
 
-        vld1.16         {d2, d3, d4, d5}, [r2, :128]!
+        vld1.16         {d16, d17, d18, d19}, [r2, :128]!
 
         vdup.i32        d1, d0[1]  /* TODO: can be eliminated */
         vdup.i32        d0, d0[0]  /* TODO: can be eliminated */
 
-        vmull.s16       q3, d2, d0
-        vmull.s16       q4, d3, d0
-        vmlal.s16       q3, d4, d1
-        vmlal.s16       q4, d5, d1
+        vmull.s16       q10, d16, d0
+        vmull.s16       q11, d17, d0
+        vmlal.s16       q10, d18, d1
+        vmlal.s16       q11, d19, d1
 
-        vpadd.s32       d0, d6, d7 /* TODO: can be eliminated */
-        vpadd.s32       d1, d8, d9 /* TODO: can be eliminated */
+        vpadd.s32       d0, d20, d21 /* TODO: can be eliminated */
+        vpadd.s32       d1, d22, d23 /* TODO: can be eliminated */
 
         vst1.32         {d0, d1}, [r1, :128]
 
@@ -91,57 +91,57 @@ function ff_sbc_analyze_8_neon, export=1
         /* TODO: merge even and odd cases (or even merge all four calls to this
          * function) in order to have only aligned reads from 'in' array
          * and reduce number of load instructions */
-        vld1.16         {d4, d5}, [r0, :64]!
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d16, d17}, [r0, :64]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmull.s16       q6, d4, d8
-        vld1.16         {d6,  d7}, [r0, :64]!
-        vmull.s16       q7, d5, d9
-        vld1.16         {d10, d11}, [r2, :128]!
-        vmull.s16       q8, d6, d10
-        vld1.16         {d4, d5}, [r0, :64]!
-        vmull.s16       q9, d7, d11
-        vld1.16         {d8, d9}, [r2, :128]!
+        vmull.s16       q12, d16, d20
+        vld1.16         {d18, d19}, [r0, :64]!
+        vmull.s16       q13, d17, d21
+        vld1.16         {d22, d23}, [r2, :128]!
+        vmull.s16       q14, d18, d22
+        vld1.16         {d16, d17}, [r0, :64]!
+        vmull.s16       q15, d19, d23
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
-        vld1.16         {d6,  d7}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
-        vld1.16         {d10, d11}, [r2, :128]!
-        vmlal.s16       q8, d6, d10
-        vld1.16         {d4, d5}, [r0, :64]!
-        vmlal.s16       q9, d7, d11
-        vld1.16         {d8, d9}, [r2, :128]!
+        vmlal.s16       q12, d16, d20
+        vld1.16         {d18, d19}, [r0, :64]!
+        vmlal.s16       q13, d17, d21
+        vld1.16         {d22, d23}, [r2, :128]!
+        vmlal.s16       q14, d18, d22
+        vld1.16         {d16, d17}, [r0, :64]!
+        vmlal.s16       q15, d19, d23
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
-        vld1.16         {d6,  d7}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
-        vld1.16         {d10, d11}, [r2, :128]!
-        vmlal.s16       q8, d6, d10
-        vld1.16         {d4, d5}, [r0, :64]!
-        vmlal.s16       q9, d7, d11
-        vld1.16         {d8, d9}, [r2, :128]!
+        vmlal.s16       q12, d16, d20
+        vld1.16         {d18, d19}, [r0, :64]!
+        vmlal.s16       q13, d17, d21
+        vld1.16         {d22, d23}, [r2, :128]!
+        vmlal.s16       q14, d18, d22
+        vld1.16         {d16, d17}, [r0, :64]!
+        vmlal.s16       q15, d19, d23
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
-        vld1.16         {d6,  d7}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
-        vld1.16         {d10, d11}, [r2, :128]!
-        vmlal.s16       q8, d6, d10
-        vld1.16         {d4, d5}, [r0, :64]!
-        vmlal.s16       q9, d7, d11
-        vld1.16         {d8, d9}, [r2, :128]!
+        vmlal.s16       q12, d16, d20
+        vld1.16         {d18, d19}, [r0, :64]!
+        vmlal.s16       q13, d17, d21
+        vld1.16         {d22, d23}, [r2, :128]!
+        vmlal.s16       q14, d18, d22
+        vld1.16         {d16, d17}, [r0, :64]!
+        vmlal.s16       q15, d19, d23
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
-        vld1.16         {d6,  d7}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
-        vld1.16         {d10, d11}, [r2, :128]!
+        vmlal.s16       q12, d16, d20
+        vld1.16         {d18, d19}, [r0, :64]!
+        vmlal.s16       q13, d17, d21
+        vld1.16         {d22, d23}, [r2, :128]!
 
-        vmlal.s16       q8, d6, d10
-        vmlal.s16       q9, d7, d11
+        vmlal.s16       q14, d18, d22
+        vmlal.s16       q15, d19, d23
 
-        vpadd.s32       d0, d12, d13
-        vpadd.s32       d1, d14, d15
-        vpadd.s32       d2, d16, d17
-        vpadd.s32       d3, d18, d19
+        vpadd.s32       d0, d24, d25
+        vpadd.s32       d1, d26, d27
+        vpadd.s32       d2, d28, d29
+        vpadd.s32       d3, d30, d31
 
         vrshr.s32       q0, q0, SBC_PROTO_FIXED_SCALE
         vrshr.s32       q1, q1, SBC_PROTO_FIXED_SCALE
@@ -153,38 +153,38 @@ function ff_sbc_analyze_8_neon, export=1
         vdup.i32        d1, d0[1]  /* TODO: can be eliminated */
         vdup.i32        d0, d0[0]  /* TODO: can be eliminated */
 
-        vld1.16         {d4, d5}, [r2, :128]!
-        vmull.s16       q6, d4, d0
-        vld1.16         {d6, d7}, [r2, :128]!
-        vmull.s16       q7, d5, d0
-        vmull.s16       q8, d6, d0
-        vmull.s16       q9, d7, d0
+        vld1.16         {d16, d17}, [r2, :128]!
+        vmull.s16       q12, d16, d0
+        vld1.16         {d18, d19}, [r2, :128]!
+        vmull.s16       q13, d17, d0
+        vmull.s16       q14, d18, d0
+        vmull.s16       q15, d19, d0
 
-        vld1.16         {d4, d5}, [r2, :128]!
-        vmlal.s16       q6, d4, d1
-        vld1.16         {d6, d7}, [r2, :128]!
-        vmlal.s16       q7, d5, d1
-        vmlal.s16       q8, d6, d1
-        vmlal.s16       q9, d7, d1
+        vld1.16         {d16, d17}, [r2, :128]!
+        vmlal.s16       q12, d16, d1
+        vld1.16         {d18, d19}, [r2, :128]!
+        vmlal.s16       q13, d17, d1
+        vmlal.s16       q14, d18, d1
+        vmlal.s16       q15, d19, d1
 
-        vld1.16         {d4, d5}, [r2, :128]!
-        vmlal.s16       q6, d4, d2
-        vld1.16         {d6, d7}, [r2, :128]!
-        vmlal.s16       q7, d5, d2
-        vmlal.s16       q8, d6, d2
-        vmlal.s16       q9, d7, d2
+        vld1.16         {d16, d17}, [r2, :128]!
+        vmlal.s16       q12, d16, d2
+        vld1.16         {d18, d19}, [r2, :128]!
+        vmlal.s16       q13, d17, d2
+        vmlal.s16       q14, d18, d2
+        vmlal.s16       q15, d19, d2
 
-        vld1.16         {d4, d5}, [r2, :128]!
-        vmlal.s16       q6, d4, d3
-        vld1.16         {d6, d7}, [r2, :128]!
-        vmlal.s16       q7, d5, d3
-        vmlal.s16       q8, d6, d3
-        vmlal.s16       q9, d7, d3
+        vld1.16         {d16, d17}, [r2, :128]!
+        vmlal.s16       q12, d16, d3
+        vld1.16         {d18, d19}, [r2, :128]!
+        vmlal.s16       q13, d17, d3
+        vmlal.s16       q14, d18, d3
+        vmlal.s16       q15, d19, d3
 
-        vpadd.s32       d0, d12, d13 /* TODO: can be eliminated */
-        vpadd.s32       d1, d14, d15 /* TODO: can be eliminated */
-        vpadd.s32       d2, d16, d17 /* TODO: can be eliminated */
-        vpadd.s32       d3, d18, d19 /* TODO: can be eliminated */
+        vpadd.s32       d0, d24, d25 /* TODO: can be eliminated */
+        vpadd.s32       d1, d26, d27 /* TODO: can be eliminated */
+        vpadd.s32       d2, d28, d29 /* TODO: can be eliminated */
+        vpadd.s32       d3, d30, d31 /* TODO: can be eliminated */
 
         vst1.32         {d0, d1, d2, d3}, [r1, :128]
 

libavcodec/arm/vp9mc_neon.S

@@ -279,11 +279,13 @@ function \type\()_8tap_\size\()h_\idx1\idx2
         sub             r1,  r1,  r5
 .endif
         @ size >= 16 loads two qwords and increments r2,
-        @ for size 4/8 it's enough with one qword and no
-        @ postincrement
+        @ size 4 loads 1 d word, increments r2 and loads 1 32-bit lane
+        @ for size 8 it's enough with one qword and no postincrement
 .if \size >= 16
         sub             r3,  r3,  r5
         sub             r3,  r3,  #8
+.elseif \size == 4
+        sub             r3,  r3,  #8
 .endif
         @ Load the filter vector
         vld1.16         {q0},  [r12,:128]
@@ -295,9 +297,14 @@ function \type\()_8tap_\size\()h_\idx1\idx2
 .if \size >= 16
         vld1.8          {d18, d19, d20}, [r2]!
         vld1.8          {d24, d25, d26}, [r7]!
-.else
+.elseif \size == 8
         vld1.8          {q9},  [r2]
         vld1.8          {q12}, [r7]
+.else @ size == 4
+        vld1.8          {d18}, [r2]!
+        vld1.8          {d24}, [r7]!
+        vld1.32         {d19[0]}, [r2]
+        vld1.32         {d25[0]}, [r7]
 .endif
         vmovl.u8        q8,  d18
         vmovl.u8        q9,  d19

libavcodec/ass_split.c

@@ -376,7 +376,7 @@ ASSSplitContext *ff_ass_split(const char *buf)
     ASSSplitContext *ctx = av_mallocz(sizeof(*ctx));
     if (!ctx)
         return NULL;
-    if (buf && !memcmp(buf, "\xef\xbb\xbf", 3)) // Skip UTF-8 BOM header
+    if (buf && !strncmp(buf, "\xef\xbb\xbf", 3)) // Skip UTF-8 BOM header
         buf += 3;
     ctx->current_section = -1;
     if (ass_split(ctx, buf) < 0) {

libavcodec/av1.h

@@ -114,6 +114,13 @@ enum {
     AV1_WARP_MODEL_TRANSLATION = 1,
     AV1_WARP_MODEL_ROTZOOM     = 2,
     AV1_WARP_MODEL_AFFINE      = 3,
+    AV1_WARP_PARAM_REDUCE_BITS = 6,
+
+    AV1_DIV_LUT_BITS      = 8,
+    AV1_DIV_LUT_PREC_BITS = 14,
+    AV1_DIV_LUT_NUM       = 257,
+
+    AV1_MAX_LOOP_FILTER = 63,
 };
 
 

libavcodec/av1_metadata_bsf.c

@@ -28,6 +28,7 @@ typedef struct AV1MetadataContext {
     CBSBSFContext common;
 
     int td;
+    AV1RawOBU td_obu;
 
     int color_primaries;
     int transfer_characteristics;
@@ -107,12 +108,11 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
                                         CodedBitstreamFragment *frag)
 {
     AV1MetadataContext *ctx = bsf->priv_data;
-    AV1RawOBU td, *obu;
     int err, i;
 
     for (i = 0; i < frag->nb_units; i++) {
         if (frag->units[i].type == AV1_OBU_SEQUENCE_HEADER) {
-            obu = frag->units[i].content;
+            AV1RawOBU *obu = frag->units[i].content;
             err = av1_metadata_update_sequence_header(bsf, &obu->obu.sequence_header);
             if (err < 0)
                 return err;
@@ -120,16 +120,12 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
     }
 
     // If a Temporal Delimiter is present, it must be the first OBU.
-    if (frag->units[0].type == AV1_OBU_TEMPORAL_DELIMITER) {
+    if (frag->nb_units && frag->units[0].type == AV1_OBU_TEMPORAL_DELIMITER) {
         if (ctx->td == BSF_ELEMENT_REMOVE)
             ff_cbs_delete_unit(frag, 0);
     } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) {
-        td = (AV1RawOBU) {
-            .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER,
-        };
-
         err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER,
-                                         &td, NULL);
+                                         &ctx->td_obu, NULL);
         if (err < 0) {
             av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n");
             return err;
@@ -155,6 +151,12 @@ static const CBSBSFType av1_metadata_type = {
 
 static int av1_metadata_init(AVBSFContext *bsf)
 {
+    AV1MetadataContext *ctx = bsf->priv_data;
+
+    ctx->td_obu = (AV1RawOBU) {
+        .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER,
+    };
+
     return ff_cbs_bsf_generic_init(bsf, &av1_metadata_type);
 }
 

libavcodec/av1dec.c

@@ -28,6 +28,34 @@
 #include "internal.h"
 #include "profiles.h"
 
+/**< same with Div_Lut defined in spec 7.11.3.7 */
+static const uint16_t div_lut[AV1_DIV_LUT_NUM] = {
+  16384, 16320, 16257, 16194, 16132, 16070, 16009, 15948, 15888, 15828, 15768,
+  15709, 15650, 15592, 15534, 15477, 15420, 15364, 15308, 15252, 15197, 15142,
+  15087, 15033, 14980, 14926, 14873, 14821, 14769, 14717, 14665, 14614, 14564,
+  14513, 14463, 14413, 14364, 14315, 14266, 14218, 14170, 14122, 14075, 14028,
+  13981, 13935, 13888, 13843, 13797, 13752, 13707, 13662, 13618, 13574, 13530,
+  13487, 13443, 13400, 13358, 13315, 13273, 13231, 13190, 13148, 13107, 13066,
+  13026, 12985, 12945, 12906, 12866, 12827, 12788, 12749, 12710, 12672, 12633,
+  12596, 12558, 12520, 12483, 12446, 12409, 12373, 12336, 12300, 12264, 12228,
+  12193, 12157, 12122, 12087, 12053, 12018, 11984, 11950, 11916, 11882, 11848,
+  11815, 11782, 11749, 11716, 11683, 11651, 11619, 11586, 11555, 11523, 11491,
+  11460, 11429, 11398, 11367, 11336, 11305, 11275, 11245, 11215, 11185, 11155,
+  11125, 11096, 11067, 11038, 11009, 10980, 10951, 10923, 10894, 10866, 10838,
+  10810, 10782, 10755, 10727, 10700, 10673, 10645, 10618, 10592, 10565, 10538,
+  10512, 10486, 10460, 10434, 10408, 10382, 10356, 10331, 10305, 10280, 10255,
+  10230, 10205, 10180, 10156, 10131, 10107, 10082, 10058, 10034, 10010, 9986,
+  9963,  9939,  9916,  9892,  9869,  9846,  9823,  9800,  9777,  9754,  9732,
+  9709,  9687,  9664,  9642,  9620,  9598,  9576,  9554,  9533,  9511,  9489,
+  9468,  9447,  9425,  9404,  9383,  9362,  9341,  9321,  9300,  9279,  9259,
+  9239,  9218,  9198,  9178,  9158,  9138,  9118,  9098,  9079,  9059,  9039,
+  9020,  9001,  8981,  8962,  8943,  8924,  8905,  8886,  8867,  8849,  8830,
+  8812,  8793,  8775,  8756,  8738,  8720,  8702,  8684,  8666,  8648,  8630,
+  8613,  8595,  8577,  8560,  8542,  8525,  8508,  8490,  8473,  8456,  8439,
+  8422,  8405,  8389,  8372,  8355,  8339,  8322,  8306,  8289,  8273,  8257,
+  8240,  8224,  8208,  8192
+};
+
 static uint32_t inverse_recenter(int r, uint32_t v)
 {
     if (v > 2 * r)
@@ -97,6 +125,70 @@ static void read_global_param(AV1DecContext *s, int type, int ref, int idx)
                                        -mx, mx + 1, r) << prec_diff) + round;
 }
 
+static uint64_t round_two(uint64_t x, uint16_t n)
+{
+    if (n == 0)
+        return x;
+    return ((x + ((uint64_t)1 << (n - 1))) >> n);
+}
+
+static int64_t round_two_signed(int64_t x, uint16_t n)
+{
+    return ((x<0) ? -((int64_t)round_two(-x, n)) : (int64_t)round_two(x, n));
+}
+
+/**
+ * Resolve divisor process.
+ * see spec 7.11.3.7
+ */
+static int16_t resolve_divisor(uint32_t d, uint16_t *shift)
+{
+    int32_t e, f;
+
+    *shift = av_log2(d);
+    e = d - (1 << (*shift));
+    if (*shift > AV1_DIV_LUT_BITS)
+        f = round_two(e, *shift - AV1_DIV_LUT_BITS);
+    else
+        f = e << (AV1_DIV_LUT_BITS - (*shift));
+
+    *shift += AV1_DIV_LUT_PREC_BITS;
+
+    return div_lut[f];
+}
+
+/**
+ * check if global motion params is valid.
+ * see spec 7.11.3.6
+ */
+static uint8_t get_shear_params_valid(AV1DecContext *s, int idx)
+{
+    int16_t alpha, beta, gamma, delta, divf, divs;
+    int64_t v, w;
+    int32_t *param = &s->cur_frame.gm_params[idx][0];
+    if (param[2] <= 0)
+        return 0;
+
+    alpha = av_clip_int16(param[2] - (1 << AV1_WARPEDMODEL_PREC_BITS));
+    beta  = av_clip_int16(param[3]);
+    divf  = resolve_divisor(abs(param[2]), &divs);
+    v     = (int64_t)param[4] * (1 << AV1_WARPEDMODEL_PREC_BITS);
+    w     = (int64_t)param[3] * param[4];
+    gamma = av_clip_int16((int)round_two_signed((v * divf), divs));
+    delta = av_clip_int16(param[5] - (int)round_two_signed((w * divf), divs) - (1 << AV1_WARPEDMODEL_PREC_BITS));
+
+    alpha = round_two_signed(alpha, AV1_WARP_PARAM_REDUCE_BITS) << AV1_WARP_PARAM_REDUCE_BITS;
+    beta  = round_two_signed(beta,  AV1_WARP_PARAM_REDUCE_BITS) << AV1_WARP_PARAM_REDUCE_BITS;
+    gamma = round_two_signed(gamma, AV1_WARP_PARAM_REDUCE_BITS) << AV1_WARP_PARAM_REDUCE_BITS;
+    delta = round_two_signed(delta, AV1_WARP_PARAM_REDUCE_BITS) << AV1_WARP_PARAM_REDUCE_BITS;
+
+    if ((4 * abs(alpha) + 7 * abs(beta)) >= (1 << AV1_WARPEDMODEL_PREC_BITS) ||
+        (4 * abs(gamma) + 4 * abs(delta)) >= (1 << AV1_WARPEDMODEL_PREC_BITS))
+        return 0;
+
+    return 1;
+}
+
 /**
 * update gm type/params, since cbs already implemented part of this funcation,
 * so we don't need to full implement spec.
@@ -144,6 +236,9 @@ static void global_motion_params(AV1DecContext *s)
             read_global_param(s, type, ref, 0);
             read_global_param(s, type, ref, 1);
         }
+        if (type <= AV1_WARP_MODEL_AFFINE) {
+            s->cur_frame.gm_invalid[ref] = !get_shear_params_valid(s, ref);
+        }
     }
 }
 
@@ -509,6 +604,9 @@ static int av1_frame_ref(AVCodecContext *avctx, AV1Frame *dst, const AV1Frame *s
 
     dst->spatial_id = src->spatial_id;
     dst->temporal_id = src->temporal_id;
+    memcpy(dst->gm_invalid,
+           src->gm_invalid,
+           AV1_NUM_REF_FRAMES * sizeof(uint8_t));
     memcpy(dst->gm_type,
            src->gm_type,
            AV1_NUM_REF_FRAMES * sizeof(uint8_t));
@@ -563,7 +661,7 @@ static int set_context_with_sequence(AVCodecContext *avctx,
     avctx->color_range =
         seq->color_config.color_range ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
     avctx->color_primaries = seq->color_config.color_primaries;
-    avctx->colorspace = seq->color_config.color_primaries;
+    avctx->colorspace = seq->color_config.matrix_coefficients;
     avctx->color_trc = seq->color_config.transfer_characteristics;
 
     switch (seq->color_config.chroma_sample_position) {

libavcodec/av1dec.h

@@ -42,6 +42,7 @@ typedef struct AV1Frame {
     int temporal_id;
     int spatial_id;
 
+    uint8_t gm_invalid[AV1_NUM_REF_FRAMES];
     uint8_t gm_type[AV1_NUM_REF_FRAMES];
     int32_t gm_params[AV1_NUM_REF_FRAMES][6];
 

libavcodec/avcodec.c

@@ -318,6 +318,13 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
         avctx->time_base.den = avctx->sample_rate;
     }
 
+    if (av_codec_is_encoder(avctx->codec))
+        ret = ff_encode_preinit(avctx);
+    else
+        ret = ff_decode_preinit(avctx);
+    if (ret < 0)
+        goto free_and_end;
+
     if (!HAVE_THREADS)
         av_log(avctx, AV_LOG_WARNING, "Warning: not compiled with thread support, using thread emulation\n");
 
@@ -339,13 +346,6 @@ int attribute_align_arg avcodec_open2(AVCodecContext *avctx, const AVCodec *code
     if (!HAVE_THREADS && !(codec->caps_internal & FF_CODEC_CAP_AUTO_THREADS))
         avctx->thread_count = 1;
 
-    if (av_codec_is_encoder(avctx->codec))
-        ret = ff_encode_preinit(avctx);
-    else
-        ret = ff_decode_preinit(avctx);
-    if (ret < 0)
-        goto free_and_end;
-
     if (   avctx->codec->init && (!(avctx->active_thread_type&FF_THREAD_FRAME)
         || avci->frame_thread_encoder)) {
         ret = avctx->codec->init(avctx);
@@ -644,6 +644,11 @@ FF_ENABLE_DEPRECATION_WARNINGS
     return 0;
 }
 
+static const char *unknown_if_null(const char *str)
+{
+    return str ? str : "unknown";
+}
+
 void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
 {
     const char *codec_type;
@@ -653,6 +658,7 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
     int new_line = 0;
     AVRational display_aspect_ratio;
     const char *separator = enc->dump_separator ? (const char *)enc->dump_separator : ", ";
+    const char *str;
 
     if (!buf || buf_size <= 0)
         return;
@@ -688,28 +694,27 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
             av_strlcat(buf, separator, buf_size);
 
             snprintf(buf + strlen(buf), buf_size - strlen(buf),
-                 "%s", enc->pix_fmt == AV_PIX_FMT_NONE ? "none" :
-                     av_get_pix_fmt_name(enc->pix_fmt));
+                     "%s", enc->pix_fmt == AV_PIX_FMT_NONE ? "none" :
+                     unknown_if_null(av_get_pix_fmt_name(enc->pix_fmt)));
             if (enc->bits_per_raw_sample && enc->pix_fmt != AV_PIX_FMT_NONE &&
                 enc->bits_per_raw_sample < av_pix_fmt_desc_get(enc->pix_fmt)->comp[0].depth)
                 av_strlcatf(detail, sizeof(detail), "%d bpc, ", enc->bits_per_raw_sample);
-            if (enc->color_range != AVCOL_RANGE_UNSPECIFIED)
-                av_strlcatf(detail, sizeof(detail), "%s, ",
-                            av_color_range_name(enc->color_range));
+            if (enc->color_range != AVCOL_RANGE_UNSPECIFIED &&
+                (str = av_color_range_name(enc->color_range)))
+                av_strlcatf(detail, sizeof(detail), "%s, ", str);
 
             if (enc->colorspace != AVCOL_SPC_UNSPECIFIED ||
                 enc->color_primaries != AVCOL_PRI_UNSPECIFIED ||
                 enc->color_trc != AVCOL_TRC_UNSPECIFIED) {
-                if (enc->colorspace != (int)enc->color_primaries ||
-                    enc->colorspace != (int)enc->color_trc) {
+                const char *col = unknown_if_null(av_color_space_name(enc->colorspace));
+                const char *pri = unknown_if_null(av_color_primaries_name(enc->color_primaries));
+                const char *trc = unknown_if_null(av_color_transfer_name(enc->color_trc));
+                if (strcmp(col, pri) || strcmp(col, trc)) {
                     new_line = 1;
                     av_strlcatf(detail, sizeof(detail), "%s/%s/%s, ",
-                                av_color_space_name(enc->colorspace),
-                                av_color_primaries_name(enc->color_primaries),
-                                av_color_transfer_name(enc->color_trc));
+                                col, pri, trc);
                 } else
-                    av_strlcatf(detail, sizeof(detail), "%s, ",
-                                av_get_colorspace_name(enc->colorspace));
+                    av_strlcatf(detail, sizeof(detail), "%s, ", col);
             }
 
             if (enc->field_order != AV_FIELD_UNKNOWN) {
@@ -727,9 +732,9 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
             }
 
             if (av_log_get_level() >= AV_LOG_VERBOSE &&
-                enc->chroma_sample_location != AVCHROMA_LOC_UNSPECIFIED)
-                av_strlcatf(detail, sizeof(detail), "%s, ",
-                            av_chroma_location_name(enc->chroma_sample_location));
+                enc->chroma_sample_location != AVCHROMA_LOC_UNSPECIFIED &&
+                (str = av_chroma_location_name(enc->chroma_sample_location)))
+                av_strlcatf(detail, sizeof(detail), "%s, ", str);
 
             if (strlen(detail) > 1) {
                 detail[strlen(detail) - 2] = 0;
@@ -787,9 +792,10 @@ void avcodec_string(char *buf, int buf_size, AVCodecContext *enc, int encode)
                      "%d Hz, ", enc->sample_rate);
         }
         av_get_channel_layout_string(buf + strlen(buf), buf_size - strlen(buf), enc->channels, enc->channel_layout);
-        if (enc->sample_fmt != AV_SAMPLE_FMT_NONE) {
+        if (enc->sample_fmt != AV_SAMPLE_FMT_NONE &&
+            (str = av_get_sample_fmt_name(enc->sample_fmt))) {
             snprintf(buf + strlen(buf), buf_size - strlen(buf),
-                     ", %s", av_get_sample_fmt_name(enc->sample_fmt));
+                     ", %s", str);
         }
         if (   enc->bits_per_raw_sample > 0
             && enc->bits_per_raw_sample != av_get_bytes_per_sample(enc->sample_fmt) * 8)

libavcodec/avcodec.h

@@ -1304,6 +1304,10 @@ typedef struct AVCodecContext {
      *   this callback and filled with the extra buffers if there are more
      *   buffers than buf[] can hold. extended_buf will be freed in
      *   av_frame_unref().
+     *   Decoders will generally initialize the whole buffer before it is output
+     *   but it can in rare error conditions happen that uninitialized data is passed
+     *   through. \important The buffers returned by get_buffer* should thus not contain sensitive
+     *   data.
      *
      * If AV_CODEC_CAP_DR1 is not set then get_buffer2() must call
      * avcodec_default_get_buffer2() instead of providing buffers allocated by

libavcodec/bink.c

@@ -869,7 +869,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
 
     binkb_init_bundles(c);
     ref_start = frame->data[plane_idx];
-    ref_end   = frame->data[plane_idx] + (bh * frame->linesize[plane_idx] + bw) * 8;
+    ref_end   = frame->data[plane_idx] + ((bh - 1) * frame->linesize[plane_idx] + bw - 1) * 8;
 
     for (i = 0; i < 64; i++)
         coordmap[i] = (i & 7) + (i >> 3) * stride;
@@ -925,7 +925,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
                 xoff = binkb_get_value(c, BINKB_SRC_X_OFF);
                 yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias;
                 ref = dst + xoff + yoff * stride;
-                if (ref < ref_start || ref + 8*stride > ref_end) {
+                if (ref < ref_start || ref > ref_end) {
                     av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n");
                 } else if (ref + 8*stride < dst || ref >= dst + 8*stride) {
                     c->put_pixels_tab(dst, ref, stride, 8);
@@ -941,7 +941,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
                 xoff = binkb_get_value(c, BINKB_SRC_X_OFF);
                 yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias;
                 ref = dst + xoff + yoff * stride;
-                if (ref < ref_start || ref + 8 * stride > ref_end) {
+                if (ref < ref_start || ref > ref_end) {
                     av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n");
                 } else if (ref + 8*stride < dst || ref >= dst + 8*stride) {
                     c->put_pixels_tab(dst, ref, stride, 8);
@@ -973,7 +973,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
                 xoff = binkb_get_value(c, BINKB_SRC_X_OFF);
                 yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias;
                 ref = dst + xoff + yoff * stride;
-                if (ref < ref_start || ref + 8 * stride > ref_end) {
+                if (ref < ref_start || ref > ref_end) {
                     av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n");
                 } else if (ref + 8*stride < dst || ref >= dst + 8*stride) {
                     c->put_pixels_tab(dst, ref, stride, 8);
@@ -1086,7 +1086,7 @@ static int bink_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
         for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
             blk = get_value(c, BINK_SRC_BLOCK_TYPES);
             // 16x16 block type on odd line means part of the already decoded block, so skip it
-            if ((by & 1) && blk == SCALED_BLOCK) {
+            if (((by & 1) || (bx & 1)) && blk == SCALED_BLOCK) {
                 bx++;
                 dst  += 8;
                 prev += 8;

libavcodec/binkaudio.c

@@ -70,7 +70,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
     BinkAudioContext *s = avctx->priv_data;
     int sample_rate = avctx->sample_rate;
     int sample_rate_half;
-    int i;
+    int i, ret;
     int frame_len_bits;
 
     /* determine frame length */
@@ -132,11 +132,13 @@ static av_cold int decode_init(AVCodecContext *avctx)
     s->first = 1;
 
     if (CONFIG_BINKAUDIO_RDFT_DECODER && avctx->codec->id == AV_CODEC_ID_BINKAUDIO_RDFT)
-        ff_rdft_init(&s->trans.rdft, frame_len_bits, DFT_C2R);
+        ret = ff_rdft_init(&s->trans.rdft, frame_len_bits, DFT_C2R);
     else if (CONFIG_BINKAUDIO_DCT_DECODER)
-        ff_dct_init(&s->trans.dct, frame_len_bits, DCT_III);
+        ret = ff_dct_init(&s->trans.dct, frame_len_bits, DCT_III);
     else
         av_assert0(0);
+    if (ret < 0)
+        return ret;
 
     s->pkt = av_packet_alloc();
     if (!s->pkt)
@@ -345,6 +347,7 @@ AVCodec ff_binkaudio_rdft_decoder = {
     .close          = decode_end,
     .receive_frame  = binkaudio_receive_frame,
     .capabilities   = AV_CODEC_CAP_DELAY | AV_CODEC_CAP_DR1,
+    .caps_internal  = FF_CODEC_CAP_INIT_CLEANUP,
 };
 
 AVCodec ff_binkaudio_dct_decoder = {
@@ -357,4 +360,5 @@ AVCodec ff_binkaudio_dct_decoder = {
     .close          = decode_end,
     .receive_frame  = binkaudio_receive_frame,
     .capabilities   = AV_CODEC_CAP_DELAY | AV_CODEC_CAP_DR1,
+    .caps_internal  = FF_CODEC_CAP_INIT_CLEANUP,
 };

libavcodec/bsf.c

@@ -45,14 +45,15 @@ void av_bsf_free(AVBSFContext **pctx)
         return;
     ctx = *pctx;
 
-    if (ctx->filter->close)
-        ctx->filter->close(ctx);
+    if (ctx->internal) {
+        if (ctx->filter->close)
+            ctx->filter->close(ctx);
+        av_packet_free(&ctx->internal->buffer_pkt);
+        av_freep(&ctx->internal);
+    }
     if (ctx->filter->priv_class && ctx->priv_data)
         av_opt_free(ctx->priv_data);
 
-    if (ctx->internal)
-        av_packet_free(&ctx->internal->buffer_pkt);
-    av_freep(&ctx->internal);
     av_freep(&ctx->priv_data);
 
     avcodec_parameters_free(&ctx->par_in);
@@ -110,20 +111,6 @@ int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx)
         ret = AVERROR(ENOMEM);
         goto fail;
     }
-
-    bsfi = av_mallocz(sizeof(*bsfi));
-    if (!bsfi) {
-        ret = AVERROR(ENOMEM);
-        goto fail;
-    }
-    ctx->internal = bsfi;
-
-    bsfi->buffer_pkt = av_packet_alloc();
-    if (!bsfi->buffer_pkt) {
-        ret = AVERROR(ENOMEM);
-        goto fail;
-    }
-
     /* allocate priv data and init private options */
     if (filter->priv_data_size) {
         ctx->priv_data = av_mallocz(filter->priv_data_size);
@@ -136,6 +123,20 @@ int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx)
             av_opt_set_defaults(ctx->priv_data);
         }
     }
+    /* Allocate AVBSFInternal; must happen after priv_data has been allocated
+     * so that a filter->close needing priv_data is never called without. */
+    bsfi = av_mallocz(sizeof(*bsfi));
+    if (!bsfi) {
+        ret = AVERROR(ENOMEM);
+        goto fail;
+    }
+    ctx->internal = bsfi;
+
+    bsfi->buffer_pkt = av_packet_alloc();
+    if (!bsfi->buffer_pkt) {
+        ret = AVERROR(ENOMEM);
+        goto fail;
+    }
 
     *pctx = ctx;
     return 0;

libavcodec/cbs_av1.c

@@ -37,7 +37,7 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
         position = get_bits_count(gbc);
 
     zeroes = 0;
-    while (1) {
+    while (zeroes < 32) {
         if (get_bits_left(gbc) < 1) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
                    "%s: bitstream ended.\n", name);
@@ -50,7 +50,18 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
     }
 
     if (zeroes >= 32) {
-        value = MAX_UINT_BITS(32);
+        // The spec allows at least thirty-two zero bits followed by a
+        // one to mean 2^32-1, with no constraint on the number of
+        // zeroes.  The libaom reference decoder does not match this,
+        // instead reading thirty-two zeroes but not the following one
+        // to mean 2^32-1.  These two interpretations are incompatible
+        // and other implementations may follow one or the other.
+        // Therefore we reject thirty-two zeroes because the intended
+        // behaviour is not clear.
+        av_log(ctx->log_ctx, AV_LOG_ERROR, "Thirty-two zero bits in "
+               "%s uvlc code: considered invalid due to conflicting "
+               "standard and reference decoder behaviour.\n", name);
+        return AVERROR_INVALIDDATA;
     } else {
         if (get_bits_left(gbc) < zeroes) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
@@ -379,7 +390,7 @@ static int cbs_av1_write_increment(CodedBitstreamContext *ctx, PutBitContext *pb
     }
 
     if (len > 0)
-        put_bits(pbc, len, (1 << len) - 1 - (value != range_max));
+        put_bits(pbc, len, (1U << len) - 1 - (value != range_max));
 
     return 0;
 }

libavcodec/cbs_av1_syntax_template.c

@@ -355,7 +355,7 @@ static int FUNC(set_frame_refs)(CodedBitstreamContext *ctx, RWContext *rw,
         AV1_REF_FRAME_ALTREF2, AV1_REF_FRAME_ALTREF
     };
     int8_t ref_frame_idx[AV1_REFS_PER_FRAME], used_frame[AV1_NUM_REF_FRAMES];
-    int8_t shifted_order_hints[AV1_NUM_REF_FRAMES];
+    int16_t shifted_order_hints[AV1_NUM_REF_FRAMES];
     int cur_frame_hint, latest_order_hint, earliest_order_hint, ref;
     int i, j;
 

libavcodec/cbs_h265_syntax_template.c

@@ -728,7 +728,7 @@ static int FUNC(sps_scc_extension)(CodedBitstreamContext *ctx, RWContext *rw,
 
         flag(sps_palette_predictor_initializer_present_flag);
         if (current->sps_palette_predictor_initializer_present_flag) {
-            ue(sps_num_palette_predictor_initializer_minus1, 0, 128);
+            ue(sps_num_palette_predictor_initializer_minus1, 0, 127);
             for (comp = 0; comp < (current->chroma_format_idc ? 3 : 1); comp++) {
                 int bit_depth = comp == 0 ? current->bit_depth_luma_minus8 + 8
                                           : current->bit_depth_chroma_minus8 + 8;

libavcodec/cbs_jpeg.c

@@ -166,13 +166,13 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
             }
         } else {
             i = start;
-            if (i + 2 > frag->data_size) {
+            if (i > frag->data_size - 2) {
                 av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: "
                        "truncated at %02x marker.\n", marker);
                 return AVERROR_INVALIDDATA;
             }
             length = AV_RB16(frag->data + i);
-            if (i + length > frag->data_size) {
+            if (length > frag->data_size - i) {
                 av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: "
                        "truncated at %02x marker segment.\n", marker);
                 return AVERROR_INVALIDDATA;

libavcodec/cbs_vp9.c

@@ -422,7 +422,7 @@ static int cbs_vp9_split_fragment(CodedBitstreamContext *ctx,
     superframe_header = frag->data[frag->data_size - 1];
 
     if ((superframe_header & 0xe0) == 0xc0) {
-        VP9RawSuperframeIndex sfi;
+        VP9RawSuperframeIndex sfi = {0};
         GetBitContext gbc;
         size_t index_size, pos;
         int i;

libavcodec/cdgraphics.c

@@ -239,7 +239,7 @@ static void cdg_scroll(CDGraphicsContext *cc, uint8_t *data,
     for (y = FFMAX(0, vinc); y < FFMIN(CDG_FULL_HEIGHT + vinc, CDG_FULL_HEIGHT); y++)
         memcpy(out + FFMAX(0, hinc) + stride * y,
                in + FFMAX(0, hinc) - hinc + (y - vinc) * stride,
-               FFMIN(stride + hinc, stride));
+               FFABS(stride) - FFABS(hinc));
 
     if (vinc > 0)
         cdg_fill_wrapper(0, 0, out,

libavcodec/celp_math.h

@@ -78,7 +78,7 @@ int64_t ff_dot_product(const int16_t *a, const int16_t *b, int length);
  *
  * @return value << offset, if offset>=0; value >> -offset - otherwise
  */
-static inline int bidir_sal(int value, int offset)
+static inline unsigned bidir_sal(unsigned value, int offset)
 {
     if(offset < 0) return value >> -offset;
     else           return value <<  offset;

libavcodec/cfhd.c

@@ -221,6 +221,7 @@ static void free_buffers(CFHDContext *s)
     int i, j;
 
     for (i = 0; i < FF_ARRAY_ELEMS(s->plane); i++) {
+        Plane *p = &s->plane[i];
         av_freep(&s->plane[i].idwt_buf);
         av_freep(&s->plane[i].idwt_tmp);
         s->plane[i].idwt_size = 0;
@@ -230,9 +231,16 @@ static void free_buffers(CFHDContext *s)
 
         for (j = 0; j < 10; j++)
             s->plane[i].l_h[j] = NULL;
+
+        for (j = 0; j < DWT_LEVELS_3D; j++)
+            p->band[j][0].read_ok =
+            p->band[j][1].read_ok =
+            p->band[j][2].read_ok =
+            p->band[j][3].read_ok = 0;
     }
     s->a_height = 0;
     s->a_width  = 0;
+    s->a_transform_type = INT_MIN;
 }
 
 static int alloc_buffers(AVCodecContext *avctx)
@@ -356,6 +364,7 @@ static int alloc_buffers(AVCodecContext *avctx)
         }
     }
 
+    s->a_transform_type = s->transform_type;
     s->a_height = s->coded_height;
     s->a_width  = s->coded_width;
     s->a_format = s->coded_format;
@@ -655,7 +664,8 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                 s->coded_height = s->a_height;
 
             if (s->a_width != s->coded_width || s->a_height != s->coded_height ||
-                s->a_format != s->coded_format) {
+                s->a_format != s->coded_format ||
+                s->transform_type != s->a_transform_type) {
                 free_buffers(s);
                 if ((ret = alloc_buffers(avctx)) < 0) {
                     free_buffers(s);
@@ -698,11 +708,18 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
         coeff_data = s->plane[s->channel_num].subband[s->subband_num_actual];
 
         /* Lowpass coefficients */
-        if (tag == BitstreamMarker && data == 0xf0f && s->a_width && s->a_height) {
-            int lowpass_height = s->plane[s->channel_num].band[0][0].height;
-            int lowpass_width  = s->plane[s->channel_num].band[0][0].width;
-            int lowpass_a_height = s->plane[s->channel_num].band[0][0].a_height;
-            int lowpass_a_width  = s->plane[s->channel_num].band[0][0].a_width;
+        if (tag == BitstreamMarker && data == 0xf0f) {
+            int lowpass_height, lowpass_width, lowpass_a_height, lowpass_a_width;
+
+            if (!s->a_width || !s->a_height) {
+                ret = AVERROR_INVALIDDATA;
+                goto end;
+            }
+
+            lowpass_height = s->plane[s->channel_num].band[0][0].height;
+            lowpass_width  = s->plane[s->channel_num].band[0][0].width;
+            lowpass_a_height = s->plane[s->channel_num].band[0][0].a_height;
+            lowpass_a_width  = s->plane[s->channel_num].band[0][0].a_width;
 
             if (lowpass_width < 3 ||
                 lowpass_width > lowpass_a_width) {
@@ -749,20 +766,30 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                        lowpass_width * sizeof(*coeff_data));
             }
 
+            s->plane[s->channel_num].band[0][0].read_ok = 1;
+
             av_log(avctx, AV_LOG_DEBUG, "Lowpass coefficients %d\n", lowpass_width * lowpass_height);
         }
 
-        if ((tag == BandHeader || tag == BandSecondPass) && s->subband_num_actual != 255 && s->a_width && s->a_height) {
-            int highpass_height = s->plane[s->channel_num].band[s->level][s->subband_num].height;
-            int highpass_width  = s->plane[s->channel_num].band[s->level][s->subband_num].width;
-            int highpass_a_width = s->plane[s->channel_num].band[s->level][s->subband_num].a_width;
-            int highpass_a_height = s->plane[s->channel_num].band[s->level][s->subband_num].a_height;
-            int highpass_stride = s->plane[s->channel_num].band[s->level][s->subband_num].stride;
+        av_assert0(s->subband_num_actual != 255);
+        if (tag == BandHeader || tag == BandSecondPass) {
+            int highpass_height, highpass_width, highpass_a_width, highpass_a_height, highpass_stride, a_expected;
             int expected;
-            int a_expected = highpass_a_height * highpass_a_width;
             int level, run, coeff;
             int count = 0, bytes;
 
+            if (!s->a_width || !s->a_height) {
+                ret = AVERROR_INVALIDDATA;
+                goto end;
+            }
+
+            highpass_height = s->plane[s->channel_num].band[s->level][s->subband_num].height;
+            highpass_width  = s->plane[s->channel_num].band[s->level][s->subband_num].width;
+            highpass_a_width = s->plane[s->channel_num].band[s->level][s->subband_num].a_width;
+            highpass_a_height = s->plane[s->channel_num].band[s->level][s->subband_num].a_height;
+            highpass_stride = s->plane[s->channel_num].band[s->level][s->subband_num].stride;
+            a_expected = highpass_a_height * highpass_a_width;
+
             if (!got_buffer) {
                 av_log(avctx, AV_LOG_ERROR, "No end of header tag found\n");
                 ret = AVERROR(EINVAL);
@@ -811,7 +838,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                             const uint16_t q = s->quantisation;
 
                             for (i = 0; i < run; i++) {
-                                *coeff_data |= coeff * 256;
+                                *coeff_data |= coeff * 256U;
                                 *coeff_data++ *= q;
                             }
                         } else {
@@ -842,7 +869,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                             const uint16_t q = s->quantisation;
 
                             for (i = 0; i < run; i++) {
-                                *coeff_data |= coeff * 256;
+                                *coeff_data |= coeff * 256U;
                                 *coeff_data++ *= q;
                             }
                         } else {
@@ -873,6 +900,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                 bytestream2_seek(&gb, bytes, SEEK_CUR);
 
             av_log(avctx, AV_LOG_DEBUG, "End subband coeffs %i extra %i\n", count, count - expected);
+            s->plane[s->channel_num].band[s->level][s->subband_num].read_ok = 1;
 finish:
             if (s->subband_num_actual != 255)
                 s->codebook = 0;
@@ -888,6 +916,7 @@ finish:
     ff_thread_finish_setup(avctx);
 
     if (!s->a_width || !s->a_height || s->a_format == AV_PIX_FMT_NONE ||
+        s->a_transform_type == INT_MIN ||
         s->coded_width || s->coded_height || s->coded_format != AV_PIX_FMT_NONE) {
         av_log(avctx, AV_LOG_ERROR, "Invalid dimensions\n");
         ret = AVERROR(EINVAL);
@@ -900,6 +929,22 @@ finish:
         goto end;
     }
 
+    for (plane = 0; plane < s->planes; plane++) {
+        int o, level;
+
+        for (level = 0; level < (s->transform_type == 0 ? DWT_LEVELS : DWT_LEVELS_3D) ; level++) {
+            if (s->transform_type == 2)
+                if (level == 2 || level == 5)
+                    continue;
+            for (o = !!level; o < 4 ; o++) {
+                if (!s->plane[plane].band[level][o].read_ok) {
+                    ret = AVERROR_INVALIDDATA;
+                    goto end;
+                }
+            }
+        }
+    }
+
     if (s->transform_type == 0 && s->sample_type != 1) {
         for (plane = 0; plane < s->planes && !ret; plane++) {
             /* level 1 */
@@ -1381,12 +1426,14 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src)
     if (pdst->plane[0].idwt_size != psrc->plane[0].idwt_size ||
         pdst->a_format != psrc->a_format ||
         pdst->a_width != psrc->a_width ||
-        pdst->a_height != psrc->a_height)
+        pdst->a_height != psrc->a_height ||
+        pdst->a_transform_type != psrc->a_transform_type)
         free_buffers(pdst);
 
     pdst->a_format = psrc->a_format;
     pdst->a_width  = psrc->a_width;
     pdst->a_height = psrc->a_height;
+    pdst->a_transform_type = psrc->a_transform_type;
     pdst->transform_type = psrc->transform_type;
     pdst->progressive = psrc->progressive;
     pdst->planes = psrc->planes;
@@ -1395,6 +1442,7 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src)
         pdst->coded_width  = pdst->a_width;
         pdst->coded_height = pdst->a_height;
         pdst->coded_format = pdst->a_format;
+        pdst->transform_type = pdst->a_transform_type;
         ret = alloc_buffers(dst);
         if (ret < 0)
             return ret;

libavcodec/cfhd.h

@@ -114,6 +114,7 @@ typedef struct SubBand {
     int width;
     int a_height;
     int height;
+    int8_t read_ok;
 } SubBand;
 
 typedef struct Plane {
@@ -165,6 +166,7 @@ typedef struct CFHDContext {
     int a_width;
     int a_height;
     int a_format;
+    int a_transform_type;
 
     int bpc; // bits per channel/component
     int channel_cnt;

libavcodec/cfhdenc.c

@@ -258,6 +258,11 @@ static av_cold int cfhd_encode_init(AVCodecContext *avctx)
     if (ret < 0)
         return ret;
 
+    if (avctx->height < 32) {
+        av_log(avctx, AV_LOG_ERROR, "Height must be >= 32.\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     if (avctx->width & 15) {
         av_log(avctx, AV_LOG_ERROR, "Width must be multiple of 16.\n");
         return AVERROR_INVALIDDATA;
@@ -547,7 +552,7 @@ static int cfhd_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
                          width, height * 2);
     }
 
-    ret = ff_alloc_packet2(avctx, pkt, 64LL + s->planes * (2LL * avctx->width * avctx->height + 1000LL), 0);
+    ret = ff_alloc_packet2(avctx, pkt, 256LL + s->planes * (4LL * avctx->width * (avctx->height + 15) + 2048LL), 0);
     if (ret < 0)
         return ret;
 

libavcodec/clearvideo.c

@@ -722,8 +722,8 @@ static av_cold int clv_decode_init(AVCodecContext *avctx)
     }
 
     c->tile_shift = av_log2(c->tile_size);
-    if (1U << c->tile_shift != c->tile_size) {
-        av_log(avctx, AV_LOG_ERROR, "Tile size: %d, is not power of 2.\n", c->tile_size);
+    if (1U << c->tile_shift != c->tile_size || c->tile_shift < 1 || c->tile_shift > 30) {
+        av_log(avctx, AV_LOG_ERROR, "Tile size: %d, is not power of 2 > 1 and < 2^31\n", c->tile_size);
         return AVERROR_INVALIDDATA;
     }
 

libavcodec/cpia.c

@@ -111,6 +111,7 @@ static int cpia_decode_frame(AVCodecContext *avctx,
         // Read line length, two byte little endian
         linelength = AV_RL16(src);
         src += 2;
+        src_size -= 2;
 
         if (src_size < linelength) {
             frame->decode_error_flags = FF_DECODE_ERROR_INVALID_BITSTREAM;

libavcodec/cri.c

@@ -236,10 +236,14 @@ static int cri_decode_frame(AVCodecContext *avctx, void *data,
             s->data_size = length;
             goto skip;
         case 105:
+            if (length <= 0)
+                return AVERROR_INVALIDDATA;
             hflip = bytestream2_get_byte(gb) != 0;
             length--;
             goto skip;
         case 106:
+            if (length <= 0)
+                return AVERROR_INVALIDDATA;
             vflip = bytestream2_get_byte(gb) != 0;
             length--;
             goto skip;

libavcodec/crystalhd.c

@@ -785,6 +785,7 @@ static int crystalhd_receive_frame(AVCodecContext *avctx, AVFrame *frame)
         .flush          = flush, \
         .bsfs           = bsf_name, \
         .capabilities   = AV_CODEC_CAP_DELAY | AV_CODEC_CAP_AVOID_PROBING | AV_CODEC_CAP_HARDWARE, \
+        .caps_internal  = FF_CODEC_CAP_SETS_FRAME_PROPS, \
         .pix_fmts       = (const enum AVPixelFormat[]){AV_PIX_FMT_YUYV422, AV_PIX_FMT_NONE}, \
         .wrapper_name   = "crystalhd", \
     };

libavcodec/cscd.c

@@ -71,6 +71,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     int buf_size = avpkt->size;
     CamStudioContext *c = avctx->priv_data;
     int ret;
+    int bpp = avctx->bits_per_coded_sample / 8;
+    int bugdelta = FFALIGN(avctx->width * bpp, 4)       * avctx->height
+                 -        (avctx->width     & ~3) * bpp * avctx->height;
 
     if (buf_size < 2) {
         av_log(avctx, AV_LOG_ERROR, "coded frame too small\n");
@@ -84,7 +87,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     switch ((buf[0] >> 1) & 7) {
     case 0: { // lzo compression
         int outlen = c->decomp_size, inlen = buf_size - 2;
-        if (av_lzo1x_decode(c->decomp_buf, &outlen, &buf[2], &inlen) || outlen) {
+        if (av_lzo1x_decode(c->decomp_buf, &outlen, &buf[2], &inlen) || (outlen && outlen != bugdelta)) {
             av_log(avctx, AV_LOG_ERROR, "error during lzo decompression\n");
             return AVERROR_INVALIDDATA;
         }
@@ -93,7 +96,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     case 1: { // zlib compression
 #if CONFIG_ZLIB
         unsigned long dlen = c->decomp_size;
-        if (uncompress(c->decomp_buf, &dlen, &buf[2], buf_size - 2) != Z_OK || dlen != c->decomp_size) {
+        if (uncompress(c->decomp_buf, &dlen, &buf[2], buf_size - 2) != Z_OK || (dlen != c->decomp_size && dlen != c->decomp_size - bugdelta)) {
             av_log(avctx, AV_LOG_ERROR, "error during zlib decompression\n");
             return AVERROR_INVALIDDATA;
         }

libavcodec/cuviddec.c

@@ -1150,6 +1150,7 @@ static const AVCodecHWConfigInternal *const cuvid_hw_configs[] = {
         .flush          = cuvid_flush, \
         .bsfs           = bsf_name, \
         .capabilities   = AV_CODEC_CAP_DELAY | AV_CODEC_CAP_AVOID_PROBING | AV_CODEC_CAP_HARDWARE, \
+        .caps_internal  = FF_CODEC_CAP_SETS_FRAME_PROPS, \
         .pix_fmts       = (const enum AVPixelFormat[]){ AV_PIX_FMT_CUDA, \
                                                         AV_PIX_FMT_NV12, \
                                                         AV_PIX_FMT_P010, \

libavcodec/dcaenc.c

@@ -925,10 +925,10 @@ static void fill_in_adpcm_bufer(DCAEncContext *c)
              * But there are no proper value in decoder history, so likely result will be no good.
              * Bitstream has "Predictor history flag switch", but this flag disables history for all subbands
              */
-            samples[0] = c->adpcm_history[ch][band][0] << 7;
-            samples[1] = c->adpcm_history[ch][band][1] << 7;
-            samples[2] = c->adpcm_history[ch][band][2] << 7;
-            samples[3] = c->adpcm_history[ch][band][3] << 7;
+            samples[0] = c->adpcm_history[ch][band][0] * (1 << 7);
+            samples[1] = c->adpcm_history[ch][band][1] * (1 << 7);
+            samples[2] = c->adpcm_history[ch][band][2] * (1 << 7);
+            samples[3] = c->adpcm_history[ch][band][3] * (1 << 7);
         }
      }
 }

libavcodec/decode.c

@@ -233,9 +233,11 @@ int ff_decode_get_packet(AVCodecContext *avctx, AVPacket *pkt)
     if (ret < 0)
         return ret;
 
-    ret = extract_packet_props(avctx->internal, pkt);
-    if (ret < 0)
-        goto finish;
+    if (!(avctx->codec->caps_internal & FF_CODEC_CAP_SETS_FRAME_PROPS)) {
+        ret = extract_packet_props(avctx->internal, pkt);
+        if (ret < 0)
+            goto finish;
+    }
 
     ret = apply_param_change(avctx, pkt);
     if (ret < 0)
@@ -502,11 +504,13 @@ FF_ENABLE_DEPRECATION_WARNINGS
 
         pkt->data                += consumed;
         pkt->size                -= consumed;
-        avci->last_pkt_props->size -= consumed; // See extract_packet_props() comment.
         pkt->pts                  = AV_NOPTS_VALUE;
         pkt->dts                  = AV_NOPTS_VALUE;
-        avci->last_pkt_props->pts = AV_NOPTS_VALUE;
-        avci->last_pkt_props->dts = AV_NOPTS_VALUE;
+        if (!(avctx->codec->caps_internal & FF_CODEC_CAP_SETS_FRAME_PROPS)) {
+            avci->last_pkt_props->size -= consumed; // See extract_packet_props() comment.
+            avci->last_pkt_props->pts = AV_NOPTS_VALUE;
+            avci->last_pkt_props->dts = AV_NOPTS_VALUE;
+        }
     }
 
     if (got_frame)
@@ -548,6 +552,11 @@ static int decode_receive_frame_internal(AVCodecContext *avctx, AVFrame *frame)
     if (ret == AVERROR_EOF)
         avci->draining_done = 1;
 
+    if (!(avctx->codec->caps_internal & FF_CODEC_CAP_SETS_FRAME_PROPS) &&
+        IS_EMPTY(avci->last_pkt_props) && av_fifo_size(avci->pkt_props) >= sizeof(*avci->last_pkt_props))
+        av_fifo_generic_read(avci->pkt_props,
+                             avci->last_pkt_props, sizeof(*avci->last_pkt_props), NULL);
+
     if (!ret) {
         frame->best_effort_timestamp = guess_correct_pts(avctx,
                                                          frame->pts,
@@ -1738,39 +1747,37 @@ int ff_decode_frame_props(AVCodecContext *avctx, AVFrame *frame)
         { AV_PKT_DATA_S12M_TIMECODE,              AV_FRAME_DATA_S12M_TIMECODE },
     };
 
-    if (IS_EMPTY(pkt) && av_fifo_size(avctx->internal->pkt_props) >= sizeof(*pkt))
-        av_fifo_generic_read(avctx->internal->pkt_props,
-                             pkt, sizeof(*pkt), NULL);
-
-    frame->pts = pkt->pts;
+    if (!(avctx->codec->caps_internal & FF_CODEC_CAP_SETS_FRAME_PROPS)) {
+        frame->pts = pkt->pts;
 #if FF_API_PKT_PTS
 FF_DISABLE_DEPRECATION_WARNINGS
-    frame->pkt_pts = pkt->pts;
+        frame->pkt_pts = pkt->pts;
 FF_ENABLE_DEPRECATION_WARNINGS
 #endif
-    frame->pkt_pos      = pkt->pos;
-    frame->pkt_duration = pkt->duration;
-    frame->pkt_size     = pkt->size;
+        frame->pkt_pos      = pkt->pos;
+        frame->pkt_duration = pkt->duration;
+        frame->pkt_size     = pkt->size;
 
-    for (int i = 0; i < FF_ARRAY_ELEMS(sd); i++) {
-        buffer_size_t size;
-        uint8_t *packet_sd = av_packet_get_side_data(pkt, sd[i].packet, &size);
-        if (packet_sd) {
-            AVFrameSideData *frame_sd = av_frame_new_side_data(frame,
-                                                               sd[i].frame,
-                                                               size);
-            if (!frame_sd)
-                return AVERROR(ENOMEM);
+        for (int i = 0; i < FF_ARRAY_ELEMS(sd); i++) {
+            buffer_size_t size;
+            uint8_t *packet_sd = av_packet_get_side_data(pkt, sd[i].packet, &size);
+            if (packet_sd) {
+                AVFrameSideData *frame_sd = av_frame_new_side_data(frame,
+                                                                   sd[i].frame,
+                                                                   size);
+                if (!frame_sd)
+                    return AVERROR(ENOMEM);
 
-            memcpy(frame_sd->data, packet_sd, size);
+                memcpy(frame_sd->data, packet_sd, size);
+            }
         }
-    }
-    add_metadata_from_side_data(pkt, frame);
+        add_metadata_from_side_data(pkt, frame);
 
-    if (pkt->flags & AV_PKT_FLAG_DISCARD) {
-        frame->flags |= AV_FRAME_FLAG_DISCARD;
-    } else {
-        frame->flags = (frame->flags & ~AV_FRAME_FLAG_DISCARD);
+        if (pkt->flags & AV_PKT_FLAG_DISCARD) {
+            frame->flags |= AV_FRAME_FLAG_DISCARD;
+        } else {
+            frame->flags = (frame->flags & ~AV_FRAME_FLAG_DISCARD);
+        }
     }
     frame->reordered_opaque = avctx->reordered_opaque;
 

libavcodec/diracdec.c

@@ -1432,8 +1432,8 @@ static void global_mv(DiracContext *s, DiracBlock *block, int x, int y, int ref)
     int *c      = s->globalmc[ref].perspective;
 
     int64_t m   = (1<<ep) - (c[0]*(int64_t)x + c[1]*(int64_t)y);
-    int64_t mx  = m * (int64_t)((A[0][0] * (int64_t)x + A[0][1]*(int64_t)y) + (1LL<<ez) * b[0]);
-    int64_t my  = m * (int64_t)((A[1][0] * (int64_t)x + A[1][1]*(int64_t)y) + (1LL<<ez) * b[1]);
+    int64_t mx  = m * (uint64_t)((A[0][0] * (int64_t)x + A[0][1]*(int64_t)y) + (1LL<<ez) * b[0]);
+    int64_t my  = m * (uint64_t)((A[1][0] * (int64_t)x + A[1][1]*(int64_t)y) + (1LL<<ez) * b[1]);
 
     block->u.mv[ref][0] = (mx + (1<<(ez+ep))) >> (ez+ep);
     block->u.mv[ref][1] = (my + (1<<(ez+ep))) >> (ez+ep);

libavcodec/dnxhddec.c

@@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
 
 static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
 {
+    int ret;
     if (cid != ctx->cid) {
         const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid);
 
@@ -132,19 +133,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
         ff_free_vlc(&ctx->dc_vlc);
         ff_free_vlc(&ctx->run_vlc);
 
-        init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
+        if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
                  ctx->cid_table->ac_bits, 1, 1,
-                 ctx->cid_table->ac_codes, 2, 2, 0);
-        init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
+                 ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
+            goto out;
+        if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
                  ctx->cid_table->dc_bits, 1, 1,
-                 ctx->cid_table->dc_codes, 1, 1, 0);
-        init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
+                 ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
+            goto out;
+        if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
                  ctx->cid_table->run_bits, 1, 1,
-                 ctx->cid_table->run_codes, 2, 2, 0);
+                 ctx->cid_table->run_codes, 2, 2, 0)) < 0)
+            goto out;
 
         ctx->cid = cid;
     }
-    return 0;
+    ret = 0;
+out:
+    if (ret < 0)
+        av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
+    return ret;
 }
 
 static int dnxhd_get_profile(int cid)

libavcodec/dnxhdenc.c

@@ -1353,7 +1353,7 @@ static av_cold int dnxhd_encode_end(AVCodecContext *avctx)
     av_freep(&ctx->qmatrix_c16);
     av_freep(&ctx->qmatrix_l16);
 
-    if (avctx->active_thread_type == FF_THREAD_SLICE) {
+    if (ctx->thread[1]) {
         for (i = 1; i < avctx->thread_count; i++)
             av_freep(&ctx->thread[i]);
     }

libavcodec/dpx.c

@@ -242,6 +242,9 @@ static int decode_frame(AVCodecContext *avctx,
         return AVERROR_PATCHWELCOME;
     }
 
+    if (bits_per_color > 31)
+        return AVERROR_INVALIDDATA;
+
     buf += 820;
     avctx->sample_aspect_ratio.num = read32(&buf, endian);
     avctx->sample_aspect_ratio.den = read32(&buf, endian);
@@ -316,7 +319,7 @@ static int decode_frame(AVCodecContext *avctx,
             minCV = av_int2float(i);
             maxCV = av_int2float(j);
             if (bits_per_color >= 1 &&
-                minCV == 0.0f && maxCV == ((1<<bits_per_color) - 1)) {
+                minCV == 0.0f && maxCV == ((1U<<bits_per_color) - 1)) {
                 avctx->color_range = AVCOL_RANGE_JPEG;
             } else if (bits_per_color >= 8 &&
                        minCV == (1  <<(bits_per_color - 4)) &&

libavcodec/dstdec.c

@@ -215,7 +215,7 @@ static uint8_t prob_dst_x_bit(int c)
     return (ff_reverse[c & 127] >> 1) + 1;
 }
 
-static void build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table *fsets)
+static int build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table *fsets)
 {
     int i, j, k, l;
 
@@ -226,14 +226,17 @@ static void build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table *
             int total = av_clip(length - j * 8, 0, 8);
 
             for (k = 0; k < 256; k++) {
-                int v = 0;
+                int64_t v = 0;
 
                 for (l = 0; l < total; l++)
                     v += (((k >> l) & 1) * 2 - 1) * fsets->coeff[i][j * 8 + l];
+                if ((int16_t)v != v)
+                    return AVERROR_INVALIDDATA;
                 table[i][j][k] = v;
             }
         }
     }
+    return 0;
 }
 
 static int decode_frame(AVCodecContext *avctx, void *data,
@@ -329,7 +332,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
         return AVERROR_INVALIDDATA;
     ac_init(ac, gb);
 
-    build_filter(s->filter, &s->fsets);
+    ret = build_filter(s->filter, &s->fsets);
+    if (ret < 0)
+        return ret;
 
     memset(s->status, 0xAA, sizeof(s->status));
     memset(dsd, 0, frame->nb_samples * 4 * channels);

libavcodec/dv_profile.c

@@ -261,24 +261,22 @@ const AVDVProfile* ff_dv_frame_profile(AVCodecContext* codec, const AVDVProfile
                                        const uint8_t *frame, unsigned buf_size)
 {
 #if CONFIG_DVPROFILE
-    int i, dsf, stype;
+    int i, dsf, stype, pal;
 
     if(buf_size < DV_PROFILE_BYTES)
         return NULL;
 
     dsf   = (frame[3] & 0x80) >> 7;
     stype = frame[80 * 5 + 48 + 3] & 0x1f;
+    pal   = !!(frame[80 * 5 + 48 + 3] & 0x20);
 
     /* 576i50 25Mbps 4:1:1 is a special case */
     if ((dsf == 1 && stype == 0 && frame[4] & 0x07 /* the APT field */) ||
         (stype == 31 && codec && codec->codec_tag==AV_RL32("SL25") && codec->coded_width==720 && codec->coded_height==576))
         return &dv_profiles[2];
 
-    if(   stype == 0
-       && codec
-       && (codec->codec_tag==AV_RL32("dvsd") || codec->codec_tag==AV_RL32("CDVC"))
-       && codec->coded_width ==720
-       && codec->coded_height==576)
+    /* hack for trac issues #8333 and #2177, PAL DV files with dsf flag 0 - detect via pal flag and buf_size */
+    if (dsf == 0 && pal == 1 && stype == dv_profiles[1].video_stype && buf_size == dv_profiles[1].frame_size)
         return &dv_profiles[1];
 
     for (i = 0; i < FF_ARRAY_ELEMS(dv_profiles); i++)

libavcodec/dxv.c

@@ -440,7 +440,7 @@ static int get_opcodes(GetByteContext *gb, uint32_t *table, uint8_t *dst, int op
 
     size_in_bits = bytestream2_get_le32(gb);
     endoffset = ((size_in_bits + 7) >> 3) - 4;
-    if (endoffset <= 0 || bytestream2_get_bytes_left(gb) < endoffset)
+    if ((int)endoffset <= 0 || bytestream2_get_bytes_left(gb) < endoffset)
         return AVERROR_INVALIDDATA;
 
     offset = endoffset;

libavcodec/dxva2.c

@@ -117,7 +117,7 @@ static int dxva_get_decoder_configuration(AVCodecContext *avctx,
 
     for (i = 0; i < cfg_count; i++) {
         unsigned score;
-        UINT ConfigBitstreamRaw;
+        UINT ConfigBitstreamRaw = 0;
         GUID guidConfigBitstreamEncryption;
 
 #if CONFIG_D3D11VA
@@ -268,7 +268,7 @@ static int dxva_get_decoder_guid(AVCodecContext *avctx, void *service, void *sur
     *decoder_guid = ff_GUID_NULL;
     for (i = 0; dxva_modes[i].guid; i++) {
         const dxva_mode *mode = &dxva_modes[i];
-        int validate;
+        int validate = 0;
         if (!dxva_check_codec_compatibility(avctx, mode))
             continue;
 
@@ -800,7 +800,7 @@ int ff_dxva2_commit_buffer(AVCodecContext *avctx,
                            unsigned type, const void *data, unsigned size,
                            unsigned mb_count)
 {
-    void     *dxva_data;
+    void     *dxva_data = NULL;
     unsigned dxva_size;
     int      result;
     HRESULT hr = 0;
@@ -822,7 +822,7 @@ int ff_dxva2_commit_buffer(AVCodecContext *avctx,
                type, (unsigned)hr);
         return -1;
     }
-    if (size <= dxva_size) {
+    if (dxva_data && size <= dxva_size) {
         memcpy(dxva_data, data, size);
 
 #if CONFIG_D3D11VA
@@ -900,7 +900,7 @@ int ff_dxva2_common_end_frame(AVCodecContext *avctx, AVFrame *frame,
 #endif
     DECODER_BUFFER_DESC             *buffer = NULL, *buffer_slice = NULL;
     int result, runs = 0;
-    HRESULT hr;
+    HRESULT hr = -1;
     unsigned type;
     FFDXVASharedContext *sctx = DXVA_SHARED_CONTEXT(avctx);
 

libavcodec/dxva2_av1.c

@@ -73,7 +73,7 @@ static int fill_picture_parameters(const AVCodecContext *avctx, AVDXVAContext *c
     pp->max_height = seq->max_frame_height_minus_1 + 1;
 
     pp->CurrPicTextureIndex = ff_dxva2_get_surface_index(avctx, ctx, h->cur_frame.tf.f);
-    pp->superres_denom      = frame_header->use_superres ? frame_header->coded_denom : AV1_SUPERRES_NUM;
+    pp->superres_denom      = frame_header->use_superres ? frame_header->coded_denom + AV1_SUPERRES_DENOM_MIN : AV1_SUPERRES_NUM;
     pp->bitdepth            = get_bit_depth_from_seq(seq);
     pp->seq_profile         = seq->seq_profile;
 
@@ -139,7 +139,7 @@ static int fill_picture_parameters(const AVCodecContext *avctx, AVDXVAContext *c
         pp->frame_refs[i].Index  = ref_frame->buf[0] ? ref_idx : 0xFF;
 
         /* Global Motion */
-        pp->frame_refs[i].wminvalid = (h->cur_frame.gm_type[AV1_REF_FRAME_LAST + i] == AV1_WARP_MODEL_IDENTITY);
+        pp->frame_refs[i].wminvalid = h->cur_frame.gm_invalid[AV1_REF_FRAME_LAST + i];
         pp->frame_refs[i].wmtype    = h->cur_frame.gm_type[AV1_REF_FRAME_LAST + i];
         for (j = 0; j < 6; ++j) {
              pp->frame_refs[i].wmmat[j] = h->cur_frame.gm_params[AV1_REF_FRAME_LAST + i][j];

libavcodec/eac3dec.c

@@ -139,9 +139,11 @@ static void ff_eac3_apply_spectral_extension(AC3DecodeContext *s)
             // spx_noise_blend and spx_signal_blend are both FP.23
             nscale *= 1.0 / (1<<23);
             sscale *= 1.0 / (1<<23);
+            if (nscale < -1.0)
+                nscale = -1.0;
 #endif
             for (i = 0; i < s->spx_band_sizes[bnd]; i++) {
-                float noise  = nscale * (int32_t)av_lfg_get(&s->dith_state);
+                UINTFLOAT noise = (INTFLOAT)(nscale * (int32_t)av_lfg_get(&s->dith_state));
                 s->transform_coeffs[ch][bin]   *= sscale;
                 s->transform_coeffs[ch][bin++] += noise;
             }

libavcodec/eacmv.c

@@ -195,12 +195,15 @@ static int cmv_decode_frame(AVCodecContext *avctx,
     if ((ret = av_image_check_size(s->width, s->height, 0, s->avctx)) < 0)
         return ret;
 
+    buf += EA_PREAMBLE_SIZE;
+    if (!(buf[0]&1) && buf_end - buf < s->width * s->height * (int64_t)(100 - s->avctx->discard_damaged_percentage) / 100)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
         return ret;
 
     memcpy(frame->data[1], s->palette, AVPALETTE_SIZE);
 
-    buf += EA_PREAMBLE_SIZE;
     if ((buf[0]&1)) {  // subtype
         cmv_decode_inter(s, frame, buf+2, buf_end);
         frame->key_frame = 0;

libavcodec/eatgq.c

@@ -61,7 +61,7 @@ static av_cold int tgq_decode_init(AVCodecContext *avctx)
     return 0;
 }
 
-static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb)
+static int tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb)
 {
     uint8_t *perm = s->scantable.permutated;
     int i, j, value;
@@ -69,6 +69,8 @@ static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb
     for (i = 1; i < 64;) {
         switch (show_bits(gb, 3)) {
         case 4:
+            if (i >= 63)
+                return AVERROR_INVALIDDATA;
             block[perm[i++]] = 0;
         case 0:
             block[perm[i++]] = 0;
@@ -78,6 +80,8 @@ static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb
         case 1:
             skip_bits(gb, 2);
             value = get_bits(gb, 6);
+            if (value > 64 - i)
+                return AVERROR_INVALIDDATA;
             for (j = 0; j < value; j++)
                 block[perm[i++]] = 0;
             break;
@@ -105,6 +109,7 @@ static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb
         }
     }
     block[0] += 128 << 4;
+    return 0;
 }
 
 static void tgq_idct_put_mb(TgqContext *s, int16_t (*block)[64], AVFrame *frame,
@@ -164,8 +169,11 @@ static int tgq_decode_mb(TgqContext *s, AVFrame *frame, int mb_y, int mb_x)
         if (ret < 0)
             return ret;
 
-        for (i = 0; i < 6; i++)
-            tgq_decode_block(s, s->block[i], &gb);
+        for (i = 0; i < 6; i++) {
+            int ret = tgq_decode_block(s, s->block[i], &gb);
+            if (ret < 0)
+                return ret;
+        }
         tgq_idct_put_mb(s, s->block, frame, mb_x, mb_y);
         bytestream2_skip(&s->gb, mode);
     } else {

libavcodec/encode.c

@@ -565,7 +565,7 @@ FF_ENABLE_DEPRECATION_WARNINGS
             if (avctx->pix_fmt == avctx->codec->pix_fmts[i])
                 break;
         if (avctx->codec->pix_fmts[i] == AV_PIX_FMT_NONE
-            && !((avctx->codec_id == AV_CODEC_ID_MJPEG || avctx->codec_id == AV_CODEC_ID_LJPEG)
+            && !(avctx->codec_id == AV_CODEC_ID_MJPEG
                  && avctx->strict_std_compliance <= FF_COMPLIANCE_UNOFFICIAL)) {
             char buf[128];
             snprintf(buf, sizeof(buf), "%d", avctx->pix_fmt);

libavcodec/escape124.c

@@ -88,11 +88,6 @@ static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth,
     unsigned i, j;
     CodeBook cb = { 0 };
 
-    if (size >= INT_MAX / 34 || get_bits_left(gb) < size * 34)
-        return cb;
-
-    if (size >= INT_MAX / sizeof(MacroBlock))
-        return cb;
     cb.blocks = av_malloc(size ? size * sizeof(MacroBlock) : 1);
     if (!cb.blocks)
         return cb;
@@ -162,7 +157,7 @@ static MacroBlock decode_macroblock(Escape124Context* s, GetBitContext* gb,
 
     // This condition can occur with invalid bitstreams and
     // *codebook_index == 2
-    if (block_index >= s->codebooks[*codebook_index].size)
+    if (block_index >= s->codebooks[*codebook_index].size || !s->codebooks[*codebook_index].blocks)
         return (MacroBlock) { { 0 } };
 
     return s->codebooks[*codebook_index].blocks[block_index];
@@ -226,7 +221,7 @@ static int escape124_decode_frame(AVCodecContext *avctx,
     // represent a lower bound of the space needed for skipped superblocks. Non
     // skipped SBs need more space.
     if (get_bits_left(&gb) < 64 + s->num_superblocks * 23LL / 4320)
-        return -1;
+        return AVERROR_INVALIDDATA;
 
     frame_flags = get_bits_long(&gb, 32);
     frame_size  = get_bits_long(&gb, 32);
@@ -243,7 +238,7 @@ static int escape124_decode_frame(AVCodecContext *avctx,
         if ((ret = av_frame_ref(frame, s->frame)) < 0)
             return ret;
 
-        return frame_size;
+        return 0;
     }
 
     for (i = 0; i < 3; i++) {
@@ -277,9 +272,14 @@ static int escape124_decode_frame(AVCodecContext *avctx,
             }
 
             av_freep(&s->codebooks[i].blocks);
+            if (cb_size >= INT_MAX / 34 || get_bits_left(&gb) < (int)cb_size * 34)
+                return AVERROR_INVALIDDATA;
+
+            if (cb_size >= INT_MAX / sizeof(MacroBlock))
+                return AVERROR_INVALIDDATA;
             s->codebooks[i] = unpack_codebook(&gb, cb_depth, cb_size);
             if (!s->codebooks[i].blocks)
-                return -1;
+                return AVERROR(ENOMEM);
         }
     }
 
@@ -372,7 +372,7 @@ static int escape124_decode_frame(AVCodecContext *avctx,
 
     *got_frame = 1;
 
-    return frame_size;
+    return 0;
 }
 
 

libavcodec/exr.c

@@ -333,7 +333,10 @@ static int huf_unpack_enc_table(GetByteContext *gb,
         return ret;
 
     for (; im <= iM; im++) {
-        uint64_t l = freq[im] = get_bits(&gbit, 6);
+        int l;
+        if (get_bits_left(&gbit) < 6)
+            return AVERROR_INVALIDDATA;
+        l = freq[im] = get_bits(&gbit, 6);
 
         if (l == LONG_ZEROCODE_RUN) {
             int zerun = get_bits(&gbit, 8) + SHORTEST_LONG_RUN;
@@ -418,11 +421,16 @@ static int huf_decode(VLC *vlc, GetByteContext *gb, int nbits, int run_sym,
 
     init_get_bits(&gbit, gb->buffer, nbits);
     while (get_bits_left(&gbit) > 0 && oe < no) {
-        uint16_t x = get_vlc2(&gbit, vlc->table, 12, 2);
+        uint16_t x = get_vlc2(&gbit, vlc->table, 12, 3);
 
         if (x == run_sym) {
             int run = get_bits(&gbit, 8);
-            uint16_t fill = out[oe - 1];
+            uint16_t fill;
+
+            if (oe == 0 || oe + run > no)
+                return AVERROR_INVALIDDATA;
+
+            fill = out[oe - 1];
 
             while (run-- > 0)
                 out[oe++] = fill;
@@ -1009,7 +1017,9 @@ static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size
     dc_count = AV_RL64(src + 72);
     ac_compression = AV_RL64(src + 80);
 
-    if (compressed_size < 88LL + lo_size + ac_size + dc_size + rle_csize)
+    if (   compressed_size < (uint64_t)(lo_size | ac_size | dc_size | rle_csize) || compressed_size < 88LL + lo_size + ac_size + dc_size + rle_csize
+        || ac_count > (uint64_t)INT_MAX/2
+    )
         return AVERROR_INVALIDDATA;
 
     bytestream2_init(&gb, src + 88, compressed_size - 88);
@@ -1026,12 +1036,14 @@ static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size
     }
 
     if (ac_size > 0) {
-        unsigned long dest_len = ac_count * 2LL;
+        unsigned long dest_len;
         GetByteContext agb = gb;
 
         if (ac_count > 3LL * td->xsize * s->scan_lines_per_block)
             return AVERROR_INVALIDDATA;
 
+        dest_len = ac_count * 2LL;
+
         av_fast_padded_malloc(&td->ac_data, &td->ac_size, dest_len);
         if (!td->ac_data)
             return AVERROR(ENOMEM);
@@ -1054,13 +1066,15 @@ static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size
         bytestream2_skip(&gb, ac_size);
     }
 
-    if (dc_size > 0) {
-        unsigned long dest_len = dc_count * 2LL;
+    {
+        unsigned long dest_len;
         GetByteContext agb = gb;
 
-        if (dc_count > (6LL * td->xsize * td->ysize + 63) / 64)
+        if (dc_count != dc_w * dc_h * 3)
             return AVERROR_INVALIDDATA;
 
+        dest_len = dc_count * 2LL;
+
         av_fast_padded_malloc(&td->dc_data, &td->dc_size, FFALIGN(dest_len, 64) * 2);
         if (!td->dc_data)
             return AVERROR(ENOMEM);
@@ -1229,7 +1243,8 @@ static int decode_block(AVCodecContext *avctx, void *tdata,
         td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tile_y * s->tile_attr.ySize);
         td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tile_x * s->tile_attr.xSize);
 
-        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
+        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX ||
+            av_image_check_size2(td->xsize, td->ysize, s->avctx->max_pixels, AV_PIX_FMT_NONE, 0, s->avctx) < 0)
             return AVERROR_INVALIDDATA;
 
         td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */
@@ -1253,7 +1268,8 @@ static int decode_block(AVCodecContext *avctx, void *tdata,
         td->ysize          = FFMIN(s->scan_lines_per_block, s->ymax - line + 1); /* s->ydelta - line ?? */
         td->xsize          = s->xdelta;
 
-        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
+        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX ||
+            av_image_check_size2(td->xsize, td->ysize, s->avctx->max_pixels, AV_PIX_FMT_NONE, 0, s->avctx) < 0)
             return AVERROR_INVALIDDATA;
 
         td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */
@@ -1790,6 +1806,7 @@ static int decode_header(EXRContext *s, AVFrame *frame)
             ymax   = bytestream2_get_le32(gb);
 
             if (xmin > xmax || ymin > ymax ||
+                ymax == INT_MAX || xmax == INT_MAX ||
                 (unsigned)xmax - xmin >= INT_MAX ||
                 (unsigned)ymax - ymin >= INT_MAX) {
                 ret = AVERROR_INVALIDDATA;
@@ -1817,8 +1834,8 @@ static int decode_header(EXRContext *s, AVFrame *frame)
             dx = bytestream2_get_le32(gb);
             dy = bytestream2_get_le32(gb);
 
-            s->w = dx - sx + 1;
-            s->h = dy - sy + 1;
+            s->w = (unsigned)dx - sx + 1;
+            s->h = (unsigned)dy - sy + 1;
 
             continue;
         } else if ((var_size = check_header_variable(s, "lineOrder",
@@ -1925,18 +1942,27 @@ static int decode_header(EXRContext *s, AVFrame *frame)
 
             bytestream2_get_buffer(gb, key, FFMIN(sizeof(key) - 1, var_size));
             if (strncmp("scanlineimage", key, var_size) &&
-                strncmp("tiledimage", key, var_size))
-                return AVERROR_PATCHWELCOME;
+                strncmp("tiledimage", key, var_size)) {
+                ret = AVERROR_PATCHWELCOME;
+                goto fail;
+            }
 
             continue;
         } else if ((var_size = check_header_variable(s, "preview",
                                                      "preview", 16)) >= 0) {
             uint32_t pw = bytestream2_get_le32(gb);
             uint32_t ph = bytestream2_get_le32(gb);
-            int64_t psize = 4LL * pw * ph;
+            uint64_t psize = pw * (uint64_t)ph;
+            if (psize > INT64_MAX / 4) {
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
+            psize *= 4;
 
-            if (psize >= bytestream2_get_bytes_left(gb))
-                return AVERROR_INVALIDDATA;
+            if ((int64_t)psize >= bytestream2_get_bytes_left(gb)) {
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
 
             bytestream2_skip(gb, psize);
 

libavcodec/faxcompr.c

@@ -144,6 +144,8 @@ static int decode_uncompressed(AVCodecContext *avctx, GetBitContext *gb,
                 return AVERROR_INVALIDDATA;
             }
             cwi = 10 - av_log2(cwi);
+            if (get_bits_left(gb) < cwi + 1)
+                return AVERROR_INVALIDDATA;
             skip_bits(gb, cwi + 1);
             if (cwi > 5) {
                 newmode = get_bits1(gb);
@@ -209,6 +211,8 @@ static int decode_group3_1d_line(AVCodecContext *avctx, GetBitContext *gb,
     unsigned int run = 0;
     unsigned int t;
     for (;;) {
+        if (get_bits_left(gb) <= 0)
+            return AVERROR_INVALIDDATA;
         t    = get_vlc2(gb, ccitt_vlc[mode].table, 9, 2);
         run += t;
         if (t < 64) {
@@ -227,7 +231,7 @@ static int decode_group3_1d_line(AVCodecContext *avctx, GetBitContext *gb,
             run       = 0;
             mode      = !mode;
         } else if ((int)t == -1) {
-            if (show_bits(gb, 12) == 15) {
+            if (get_bits_left(gb) > 12 && show_bits(gb, 12) == 15) {
                 int ret;
                 skip_bits(gb, 12);
                 ret = decode_uncompressed(avctx, gb, &pix_left, &runs, runend, &mode);
@@ -254,7 +258,10 @@ static int decode_group3_2d_line(AVCodecContext *avctx, GetBitContext *gb,
     unsigned int offs = 0, run = 0;
 
     while (offs < width) {
-        int cmode = get_vlc2(gb, ccitt_group3_2d_vlc.table, 9, 1);
+        int cmode;
+        if (get_bits_left(gb) <= 0)
+            return AVERROR_INVALIDDATA;
+        cmode = get_vlc2(gb, ccitt_group3_2d_vlc.table, 9, 1);
         if (cmode == -1) {
             av_log(avctx, AV_LOG_ERROR, "Incorrect mode VLC\n");
             return AVERROR_INVALIDDATA;
@@ -276,6 +283,8 @@ static int decode_group3_2d_line(AVCodecContext *avctx, GetBitContext *gb,
             for (k = 0; k < 2; k++) {
                 run = 0;
                 for (;;) {
+                    if (get_bits_left(gb) <= 0)
+                        return AVERROR_INVALIDDATA;
                     t = get_vlc2(gb, ccitt_vlc[mode].table, 9, 2);
                     if (t == -1) {
                         av_log(avctx, AV_LOG_ERROR, "Incorrect code\n");
@@ -299,7 +308,10 @@ static int decode_group3_2d_line(AVCodecContext *avctx, GetBitContext *gb,
                 mode = !mode;
             }
         } else if (cmode == 9 || cmode == 10) {
-            int xxx = get_bits(gb, 3);
+            int xxx;
+            if (get_bits_left(gb) < 3)
+                return AVERROR_INVALIDDATA;
+            xxx = get_bits(gb, 3);
             if (cmode == 9 && xxx == 7) {
                 int ret;
                 int pix_left = width - offs;

libavcodec/ffv1.c

@@ -113,6 +113,13 @@ av_cold int ff_ffv1_init_slices_state(FFV1Context *f)
     return 0;
 }
 
+int ff_need_new_slices(int width, int num_h_slices, int chroma_shift) {
+    int mpw = 1<<chroma_shift;
+    int i = width * (int64_t)(num_h_slices - 1) / num_h_slices;
+
+    return width % mpw && (width - i) % mpw == 0;
+}
+
 av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f)
 {
     int i, max_slice_count = f->num_h_slices * f->num_v_slices;

libavcodec/ffv1.h

@@ -146,6 +146,7 @@ int ff_ffv1_init_slice_contexts(FFV1Context *f);
 int ff_ffv1_allocate_initial_states(FFV1Context *f);
 void ff_ffv1_clear_slice_state(FFV1Context *f, FFV1Context *fs);
 int ff_ffv1_close(AVCodecContext *avctx);
+int ff_need_new_slices(int width, int num_h_slices, int chroma_shift);
 
 static av_always_inline int fold(int diff, int bits)
 {

libavcodec/ffv1dec.c

@@ -166,24 +166,34 @@ static int decode_slice_header(FFV1Context *f, FFV1Context *fs)
     RangeCoder *c = &fs->c;
     uint8_t state[CONTEXT_SIZE];
     unsigned ps, i, context_count;
+    int sx, sy, sw, sh;
+
     memset(state, 128, sizeof(state));
+    sx = get_symbol(c, state, 0);
+    sy = get_symbol(c, state, 0);
+    sw = get_symbol(c, state, 0) + 1U;
+    sh = get_symbol(c, state, 0) + 1U;
 
     av_assert0(f->version > 2);
 
-    fs->slice_x      =  get_symbol(c, state, 0)      * f->width ;
-    fs->slice_y      =  get_symbol(c, state, 0)      * f->height;
-    fs->slice_width  = (get_symbol(c, state, 0) + 1) * f->width  + fs->slice_x;
-    fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y;
 
-    fs->slice_x /= f->num_h_slices;
-    fs->slice_y /= f->num_v_slices;
-    fs->slice_width  = fs->slice_width /f->num_h_slices - fs->slice_x;
-    fs->slice_height = fs->slice_height/f->num_v_slices - fs->slice_y;
-    if ((unsigned)fs->slice_width > f->width || (unsigned)fs->slice_height > f->height)
-        return -1;
-    if (    (unsigned)fs->slice_x + (uint64_t)fs->slice_width  > f->width
-         || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
-        return -1;
+    if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0)
+        return AVERROR_INVALIDDATA;
+    if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh)
+        return AVERROR_INVALIDDATA;
+
+    fs->slice_x      =  sx       * (int64_t)f->width  / f->num_h_slices;
+    fs->slice_y      =  sy       * (int64_t)f->height / f->num_v_slices;
+    fs->slice_width  = (sx + sw) * (int64_t)f->width  / f->num_h_slices - fs->slice_x;
+    fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y;
+
+    av_assert0((unsigned)fs->slice_width  <= f->width &&
+                (unsigned)fs->slice_height <= f->height);
+    av_assert0 (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  <= f->width
+                && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height);
+
+    if (fs->ac == AC_GOLOMB_RICE && fs->slice_width >= (1<<23))
+        return AVERROR_INVALIDDATA;
 
     for (i = 0; i < f->plane_count; i++) {
         PlaneContext * const p = &fs->plane[i];
@@ -298,8 +308,11 @@ static int decode_slice(AVCodecContext *c, void *arg)
     }
     if ((ret = ff_ffv1_init_slice_state(f, fs)) < 0)
         return ret;
-    if (f->cur->key_frame || fs->slice_reset_contexts)
+    if (f->cur->key_frame || fs->slice_reset_contexts) {
         ff_ffv1_clear_slice_state(f, fs);
+    } else if (fs->slice_damaged) {
+        return AVERROR_INVALIDDATA;
+    }
 
     width  = fs->slice_width;
     height = fs->slice_height;
@@ -348,7 +361,7 @@ static int decode_slice(AVCodecContext *c, void *arg)
     if (fs->ac != AC_GOLOMB_RICE && f->version > 2) {
         int v;
         get_rac(&fs->c, (uint8_t[]) { 129 });
-        v = fs->c.bytestream_end - fs->c.bytestream - 2 - 5*f->ec;
+        v = fs->c.bytestream_end - fs->c.bytestream - 2 - 5*!!f->ec;
         if (v) {
             av_log(f->avctx, AV_LOG_ERROR, "bytestream end mismatching by %d\n", v);
             fs->slice_damaged = 1;
@@ -462,6 +475,11 @@ static int read_extra_header(FFV1Context *f)
         return AVERROR_INVALIDDATA;
     }
 
+    if (f->num_h_slices > MAX_SLICES / f->num_v_slices) {
+        av_log(f->avctx, AV_LOG_ERROR, "slice count unsupported\n");
+        return AVERROR_PATCHWELCOME;
+    }
+
     f->quant_table_count = get_symbol(c, state, 0);
     if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) {
         av_log(f->avctx, AV_LOG_ERROR, "quant table count %d is invalid\n", f->quant_table_count);
@@ -764,21 +782,25 @@ static int read_header(FFV1Context *f)
         fs->slice_damaged = 0;
 
         if (f->version == 2) {
-            fs->slice_x      =  get_symbol(c, state, 0)      * f->width ;
-            fs->slice_y      =  get_symbol(c, state, 0)      * f->height;
-            fs->slice_width  = (get_symbol(c, state, 0) + 1) * f->width  + fs->slice_x;
-            fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y;
+            int sx = get_symbol(c, state, 0);
+            int sy = get_symbol(c, state, 0);
+            int sw = get_symbol(c, state, 0) + 1U;
+            int sh = get_symbol(c, state, 0) + 1U;
 
-            fs->slice_x     /= f->num_h_slices;
-            fs->slice_y     /= f->num_v_slices;
-            fs->slice_width  = fs->slice_width  / f->num_h_slices - fs->slice_x;
-            fs->slice_height = fs->slice_height / f->num_v_slices - fs->slice_y;
-            if ((unsigned)fs->slice_width  > f->width ||
-                (unsigned)fs->slice_height > f->height)
+            if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0)
                 return AVERROR_INVALIDDATA;
-            if (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  > f->width
-                || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
+            if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh)
                 return AVERROR_INVALIDDATA;
+
+            fs->slice_x      =  sx       * (int64_t)f->width  / f->num_h_slices;
+            fs->slice_y      =  sy       * (int64_t)f->height / f->num_v_slices;
+            fs->slice_width  = (sx + sw) * (int64_t)f->width  / f->num_h_slices - fs->slice_x;
+            fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y;
+
+            av_assert0((unsigned)fs->slice_width  <= f->width &&
+                       (unsigned)fs->slice_height <= f->height);
+            av_assert0 (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  <= f->width
+                        && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height);
         }
 
         for (i = 0; i < f->plane_count; i++) {

libavcodec/ffv1dec_template.c

@@ -93,11 +93,11 @@ static av_always_inline int RENAME(decode_line)(FFV1Context *s, int w,
                         run_count--;
                     }
                 } else {
-                while (run_count > 1 && w-x > 1) {
-                    sample[1][x] = RENAME(predict)(sample[1] + x, sample[0] + x);
-                    x++;
-                    run_count--;
-                }
+                    while (run_count > 1 && w-x > 1) {
+                        sample[1][x] = RENAME(predict)(sample[1] + x, sample[0] + x);
+                        x++;
+                        run_count--;
+                    }
                 }
                 run_count--;
                 if (run_count < 0) {

libavcodec/ffv1enc.c

@@ -199,7 +199,7 @@ static av_always_inline av_flatten void put_symbol_inline(RangeCoder *c,
     } while (0)
 
     if (v) {
-        const int a = FFABS(v);
+        const unsigned a = is_signed ? FFABS(v) : v;
         const int e = av_log2(a);
         put_rac(c, state + 0, 0);
         if (e <= 9) {
@@ -526,6 +526,11 @@ static av_cold int encode_init(AVCodecContext *avctx)
         avctx->slices > 1)
         s->version = FFMAX(s->version, 2);
 
+    if ((avctx->flags & (AV_CODEC_FLAG_PASS1 | AV_CODEC_FLAG_PASS2)) && s->ac == AC_GOLOMB_RICE) {
+        av_log(avctx, AV_LOG_ERROR, "2 Pass mode is not possible with golomb coding\n");
+        return AVERROR(EINVAL);
+    }
+
     // Unspecified level & slices, we choose version 1.2+ to ensure multithreaded decodability
     if (avctx->slices == 0 && avctx->level < 0 && avctx->width * avctx->height > 720*576)
         s->version = FFMAX(s->version, 2);
@@ -550,7 +555,7 @@ static av_cold int encode_init(AVCodecContext *avctx)
         s->version = FFMAX(s->version, 3);
 
     if ((s->version == 2 || s->version>3) && avctx->strict_std_compliance > FF_COMPLIANCE_EXPERIMENTAL) {
-        av_log(avctx, AV_LOG_ERROR, "Version 2 needed for requested features but version 2 is experimental and not enabled\n");
+        av_log(avctx, AV_LOG_ERROR, "Version 2 or 4 needed for requested features but version 2 or 4 is experimental and not enabled\n");
         return AVERROR_INVALIDDATA;
     }
 
@@ -735,19 +740,21 @@ FF_ENABLE_DEPRECATION_WARNINGS
             s->quant_tables[1][2][i]=     11*11*quant5 [i];
             s->quant_tables[1][3][i]=   5*11*11*quant5 [i];
             s->quant_tables[1][4][i]= 5*5*11*11*quant5 [i];
+            s->context_count[0] = (11 * 11 * 11        + 1) / 2;
+            s->context_count[1] = (11 * 11 * 5 * 5 * 5 + 1) / 2;
         } else {
             s->quant_tables[0][0][i]=           quant9_10bit[i];
-            s->quant_tables[0][1][i]=        11*quant9_10bit[i];
-            s->quant_tables[0][2][i]=     11*11*quant9_10bit[i];
+            s->quant_tables[0][1][i]=         9*quant9_10bit[i];
+            s->quant_tables[0][2][i]=       9*9*quant9_10bit[i];
             s->quant_tables[1][0][i]=           quant9_10bit[i];
-            s->quant_tables[1][1][i]=        11*quant9_10bit[i];
-            s->quant_tables[1][2][i]=     11*11*quant5_10bit[i];
-            s->quant_tables[1][3][i]=   5*11*11*quant5_10bit[i];
-            s->quant_tables[1][4][i]= 5*5*11*11*quant5_10bit[i];
+            s->quant_tables[1][1][i]=         9*quant9_10bit[i];
+            s->quant_tables[1][2][i]=       9*9*quant5_10bit[i];
+            s->quant_tables[1][3][i]=     5*9*9*quant5_10bit[i];
+            s->quant_tables[1][4][i]=   5*5*9*9*quant5_10bit[i];
+            s->context_count[0] = (9 * 9 * 9         + 1) / 2;
+            s->context_count[1] = (9 * 9 * 5 * 5 * 5 + 1) / 2;
         }
     }
-    s->context_count[0] = (11 * 11 * 11        + 1) / 2;
-    s->context_count[1] = (11 * 11 * 5 * 5 * 5 + 1) / 2;
     memcpy(s->quant_table, s->quant_tables[s->context_model],
            sizeof(s->quant_table));
 
@@ -885,6 +892,10 @@ FF_ENABLE_DEPRECATION_WARNINGS
                     continue;
                 if (maxw * maxh * (int64_t)(s->bits_per_raw_sample+1) * plane_count > 8<<24)
                     continue;
+                if (s->version < 4)
+                    if (  ff_need_new_slices(avctx->width , s->num_h_slices, s->chroma_h_shift)
+                        ||ff_need_new_slices(avctx->height, s->num_v_slices, s->chroma_v_shift))
+                        continue;
                 if (avctx->slices == s->num_h_slices * s->num_v_slices && avctx->slices <= MAX_SLICES || !avctx->slices)
                     goto slices_ok;
             }
@@ -933,8 +944,8 @@ static void encode_slice_header(FFV1Context *f, FFV1Context *fs)
 
     put_symbol(c, state, (fs->slice_x     +1)*f->num_h_slices / f->width   , 0);
     put_symbol(c, state, (fs->slice_y     +1)*f->num_v_slices / f->height  , 0);
-    put_symbol(c, state, (fs->slice_width +1)*f->num_h_slices / f->width -1, 0);
-    put_symbol(c, state, (fs->slice_height+1)*f->num_v_slices / f->height-1, 0);
+    put_symbol(c, state, 0, 0);
+    put_symbol(c, state, 0, 0);
     for (j=0; j<f->plane_count; j++) {
         put_symbol(c, state, f->plane[j].quant_table_index, 0);
         av_assert0(f->plane[j].quant_table_index == f->context_model);

libavcodec/ffwavesynth.c

@@ -188,7 +188,7 @@ static uint64_t frac64(uint64_t a, uint64_t b)
 
 static uint64_t phi_at(struct ws_interval *in, int64_t ts)
 {
-    uint64_t dt = ts - in->ts_start;
+    uint64_t dt = ts - (uint64_t)in->ts_start;
     uint64_t dt2 = dt & 1 ? /* dt * (dt - 1) / 2 without overflow */
                    dt * ((dt - 1) >> 1) : (dt >> 1) * (dt - 1);
     return in->phi0 + dt * in->dphi0 + dt2 * in->ddphi;

libavcodec/flac_parser.c

@@ -55,6 +55,7 @@
 
 /** largest possible size of flac header */
 #define MAX_FRAME_HEADER_SIZE 16
+#define MAX_FRAME_VERIFY_SIZE (MAX_FRAME_HEADER_SIZE)
 
 typedef struct FLACHeaderMarker {
     int offset;       /**< byte offset from start of FLACParseContext->buffer */
@@ -170,7 +171,7 @@ static int find_headers_search_validate(FLACParseContext *fpc, int offset)
     uint8_t *header_buf;
     int size = 0;
     header_buf = flac_fifo_read_wrap(fpc, offset,
-                                     MAX_FRAME_HEADER_SIZE,
+                                     MAX_FRAME_VERIFY_SIZE + AV_INPUT_BUFFER_PADDING_SIZE,
                                      &fpc->wrap_buf,
                                      &fpc->wrap_buf_allocated_size);
     if (frame_header_is_valid(fpc->avctx, header_buf, &fi)) {
@@ -358,6 +359,8 @@ static int check_header_mismatch(FLACParseContext  *fpc,
         for (i = 0; i < FLAC_MAX_SEQUENTIAL_HEADERS && curr != child; i++)
             curr = curr->next;
 
+        av_assert0(i < FLAC_MAX_SEQUENTIAL_HEADERS);
+
         if (header->link_penalty[i] < FLAC_HEADER_CRC_FAIL_PENALTY ||
             header->link_penalty[i] == FLAC_HEADER_NOT_PENALIZED_YET) {
             FLACHeaderMarker *start, *end;