avfilter/split: consume all frames before forwarding inlink status

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 28a7b9c863)

CREDITS

@@ -1,6 +1,6 @@
-See the Git history of the project (git://source.ffmpeg.org/ffmpeg) to
+See the Git history of the project (https://git.ffmpeg.org/ffmpeg) to
 get the names of people who have contributed to FFmpeg.
 
 To check the log, you can type the command "git log" in the FFmpeg
 source directory, or browse the online repository at
-http://source.ffmpeg.org.
+https://git.ffmpeg.org/ffmpeg

Changelog

@@ -1,6 +1,532 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+
+version 5.1.6:
+ avcodec/snow: Fix off by 1 error in run_buffer
+ avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
+ swsresample/swresample: error out on invalid layouts
+ Update for 5.1.6
+ avdevice/dshow: Don't skip audio devices if no video device is present
+ avcodec/cfhdenc: Height of 16 is not supported
+ avcodec/cfhdenc: Allocate more space
+ avcodec/vaapi_encode: Check hwctx
+ avcodec/proresdec: Consider negative bits left
+ avcodec/alsdec: Clear shift_value
+ avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices
+ avutil/slicethread: Check pthread_*_init() for failure
+ avutil/frame: Check log2_crop_align
+ avutil/buffer: Check ff_mutex_init() for failure
+ avformat/xmv: Check this_packet_size
+ avformat/ty: rec_size seems to only need 32bit
+ avformat/tty: Check avio_size()
+ avformat/siff: Basic pkt_size check
+ avformat/sauce: Check avio_size() for failure
+ avformat/sapdec: Check ffurl_get_file_handle() for error
+ avformat/nsvdec: Check asize for PCM
+ avformat/mp3dec: Check header_filesize
+ avformat/mp3dec; Check for avio_size() failure
+ avformat/mov: Use 64bit for str_size
+ avformat/mm: Check length
+ avformat/hnm: Check *chunk_size
+ avformat/hlsenc: Check ret
+ avformat/bintext: Check avio_size() return
+ avformat/asfdec_o: Check size of index object
+ avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure
+ avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions()
+ avfilter/vf_lut3d: Check av_scanf()
+ avfilter/vf_elbg: Use unsigned for shifting into the top bit
+ avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables
+ swscale/output: Fix integer overflows in yuv2rgba64_X_c_template
+ avformat/mxfdec: Reorder elements of expression in bisect loop
+ avutil/timecode: Use a 64bit framenum internally
+ avcodec/pnmdec: Use 64bit for input size check
+ avcodec/mpeg12enc: Use av_rescale() in vbv_buffer_size computation
+ avcodec/utvideoenc: Use unsigned shift to build flags
+ avcodec/vc2enc: Fix overflows with storing large values
+ avcodec/mpegvideo_enc: Do not duplicate pictures on shifting
+ avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
+ avcodec/tiff: Check value on positive signed targets
+ avfilter/vf_convolution_opencl: Assert that the filter name is one of the filters
+ avfilter/vf_bm3d: Dont round MSE2SSE to an integer
+ avdevice/dshow: Remove NULL check on pin
+ avdevice/dshow: check ff_dshow_pin_ConnectionMediaType() for failure
+ avdevice/dshow: Check device_filter_unique_name before use
+ avdevice/dshow: Cleanup also on av_log case
+ avdevice/dshow_filter: Use wcscpy_s()
+ avcodec/flac_parser: Assert that we do not overrun the link_penalty array
+ avcodec/pixlet: Simplify pfx computation
+ avcodec/motion_est: Fix score squaring overflow
+ avcodec/loco: Check loco_get_rice() for failure
+ avcodec/loco: check get_ur_golomb_jpegls() for failure
+ avcodec/imm4: check cbphi for error
+ avcodec/iff: Use signed count
+ avcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()
+ avcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()
+ avcodec/dxv: Fix type in get_opcodes()
+ avcodec/cri: Check length
+ avcodec/xsubdec: Check parse_timecode()
+ avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
+ doc/examples/mux: remove nop
+ avcodec/proresenc_kostya: use unsigned alpha for rotation
+ avformat/rtpenc_rfc4175: Use 64bit in computation if copy_offset
+ avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly
+ avformat/rmdec: use 64bit for audio_framesize checks
+ avutil/wchar_filename: Correct sizeof
+ avutil/hwcontext_d3d11va: correct sizeof IDirect3DSurface9
+ avutil/hwcontext_d3d11va: Free AVD3D11FrameDescriptor on error
+ avutil/hwcontext_d3d11va: correct sizeof AVD3D11FrameDescriptor
+ doc/examples/vaapi_encode: Try to check fwrite() for failure
+ avformat/tls_schannel: Initialize ret
+ avformat/subfile: Assert that whence is a known case
+ avformat/subfile: Merge if into switch()
+ avformat/rtsp: Check that lower transport is handled in one of the if()
+ avformat/rtsp: initialize reply1
+ avformat/rtsp: use < 0 for error check
+ avformat/rtpenc_vc2hq: Check sizes
+ avfilter/af_aderivative: Free out on error
+ swscale/swscale: Use ptrdiff_t for linesize computations
+ avfilter/af_pan: check nb_output_channels before use
+ cbs_av1: Reject thirty-two zero bits in uvlc code
+ avfilter/af_mcompand: compute half frequency in double
+ avfilter/af_channelsplit: Assert that av_channel_layout_channel_from_index() succeeds
+ avfilter/af_aresample: Cleanup on av_channel_layout_copy() failure
+ tools/coverity: Phase 1 study of anti-halicogenic for coverity av_rescale()
+ avfilter/vf_avgblur: Check plane instead of AVFrame
+ avfilter/drawutils: Fix depthb computation
+ avformat/rdt: Check pkt_len
+ avformat/mpeg: Check len in mpegps_probe()
+ avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
+ avcodec/mfenc: check IMFSample_ConvertToContiguousBuffer() for failure
+ avcodec/vc1_loopfilter: Factor duplicate code in vc1_b_h_intfi_loop_filter()
+ avformat/img2dec: assert no pipe on ts_from_file
+ avcodec/cbs_jpeg: Try to move the read entity to one side in a test
+ avformat/mov: Check edit list for overflow
+ fftools/ffmpeg: Check read() for failure
+ swscale/output: Avoid undefined overflow in yuv2rgb_write_full()
+ swscale/output: alpha can become negative after scaling, use multiply
+ avcodec/targaenc: Allocate space for the palette
+ avcodec/r210enc: Use av_rescale for bitrate
+ avcodec/jfdctint_template: Fewer integer anomalies
+ avcodec/snowenc: MV limits due to mv_penalty table size
+ avformat/mxfdec: Check container_ul->desc before use
+ MAINTAINERS: Update the entries for the release maintainer for FFmpeg
+
+version 5.1.5:
+ doc/developer: Provide information about git send-email and gmail
+ avfilter/vf_rotate: Check ff_draw_init2() return value
+ avformat/mov: Use int64_t in intermediate for corrected_dts
+ avformat/mov: Use 64bit in intermediate for current_dts
+ avformat/matroskadec: Assert that num_levels is non negative
+ avformat/libzmq: Check av_strstart()
+ avformat/img2dec: Little JFIF / Exif cleanup
+ avformat/img2dec: Move DQT after unrelated if()
+ avdevice/xcbgrab: Check sscanf() return
+ fftools/cmdutils: Add protective () to FLAGS
+ avformat/sdp: Check before appending ","
+ avcodec/ilbcdec: Remove dead code
+ avcodec/vp8: Check cond init
+ avcodec/vp8: Check mutex init
+ avcodec/pcm-dvdenc: 64bit pkt-size
+ avcodec/notchlc: Check init_get_bits8() for failure
+ avcodec/tests/dct: Use 64bit in intermediate for error computation
+ avcodec/scpr3: Check add_dec() for failure
+ avcodec/rv34: assert that size is not 0 in rv34_gen_vlc_ext()
+ avcodec/wavpackenc: Use unsigned for potential 31bit shift
+ avcodec/tests/jpeg2000dwt: Use 64bit in comparission
+ avcodec/tests/jpeg2000dwt: Use 64bit in err2 computation
+ avformat/fwse: Remove always false expression
+ avcodec/sga: Make it clear that the return is intentionally not checked
+ avformat/asfdec_f: Use 64bit for preroll computation
+ avformat/argo_asf: Use 64bit in offset intermediate
+ avformat/ape: Use 64bit for final frame size
+ avdevice/pulse_audio_enc: Use av_rescale() to avoid integer overflow
+ avcodec/tiff: Assert init_get_bits8() success in unpack_gray()
+ avcodec/tiff: Assert init_get_bits8() success in horizontal_fill()
+ swscale/yuv2rgb: Use 64bit for brightness computation
+ swscale/x86/swscale: use a clearer name for INPUT_PLANER_RGB_A_FUNC_CASE
+ avutil/tests/opt: Check av_set_options_string() for failure
+ avutil/tests/dict: Check av_dict_set() before get for failure
+ avdevice/dshow: fix badly indented line
+ avformat/demux: resurrect dead stores
+ avcodec/mscc & mwsc: Check loop counts before use
+ avcodec/mpegvideo_enc: Fix potential overflow in RD
+ avcodec/mpeg4videodec: assert impossible wrap points
+ avcodec/mpeg12dec: Use 64bit in bit computation
+ avcodec/vble: Check av_image_get_buffer_size() for failure
+ avcodec/vp3: Replace check by assert
+ avcodec/jpeg2000dec: remove ST=3 case
+ avcodec/qsvdec: Check av_image_get_buffer_size() for failure
+ avcodec/exr: Fix preview overflow
+ avcodec/fmvc: remove dead assignment
+ avcodec/h264_slice: Remove dead sps check
+ avcodec/lpc: copy levenson coeffs only when they have been computed
+ avutil/tests/base64: Check with too short output array
+ libavutil/base64: Try not to write over the array end
+ avcodec/cbs_av1: Avoid shift overflow
+ fftools/ffplay: Check return of swr_alloc_set_opts2()
+ tools/opt_common: Check for malloc failure
+ doc/examples/demux_decode: Simplify loop
+ avformat/concatdec: Check file
+ avcodec/mpegvideo_enc: Fix 1 line and one column images
+ swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
+ swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
+ avcodec/avs3_parser: assert the return value of init_get_bits()
+ avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
+ avformat/mxfdec: Check body_offset
+ avformat/kvag: Check sample_rate
+ avcodec/ac3_parser: Check init_get_bits8() for failure
+ avcodec/pngdec: Check last AVFrame before deref
+ avcodec/hevcdec: Check ref frame
+ doc/examples/vaapi_transcode: Simplify loop
+ avfilter/vf_thumbnail_cuda: Set ret before checking it
+ avfilter/signature_lookup: Dont copy uninitialized stuff around
+ avfilter/signature_lookup: Fix 2 differences to the refernce SW
+ (origin/release/5.1, github/release/5.1) lavc/vp9: reset segmentation fields when segmentation isn't enabled
+ configure: enable ffnvcodec, nvenc, nvdec for FreeBSD
+ avcodec/x86/vp3dsp_init: Set correct function pointer, fix crash
+ avutil/ppc/cpu: Also use the machdep.altivec sysctl on NetBSD
+ lavd/v4l2: Use proper field type for second parameter of ioctl() with BSD's
+ Update for 5.1.5
+ fate/subtitles: Ignore line endings for sub-scc test
+ avformat/mxfdec: Check index_edit_rate
+ swscale/utils: Fix xInc overflow
+ avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr()
+ avcodec/exr: Dont use 64bits to hold 6bits
+ avcodec/exr: Check for remaining bits in huf_unpack_enc_table()
+ avformat/mpegts: Reset local nb_prg on add_program() failure
+ avformat/aiffdec: Check for previously set channels
+ avformat/mxfdec: Make edit_unit_byte_count unsigned
+ avformat/movenc: Check that cts fits in 32bit
+ avformat/mxfdec: Check first case of offset_temp computation for overflow
+ avfilter/vf_signature: Dont crash on no frames
+ avformat/westwood_vqa: Fix 2g packets
+ avformat/matroskadec: Check timescale
+ avformat/wavdec: satuarte next_tag_ofs, data_end
+ avformat/sbgdec: Check for negative duration
+ avformat/rpl: Use 64bit for total_audio_size and check it
+ avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate()
+ avformat/mov: use 64bit for intermediate for rounding
+ avformat/jacosubdec: Use 64bit for abs
+ avformat/concatdec: Check user_duration sum
+ avcodec/truemotion1: Height not being a multiple of 4 is unsupported
+ avcodec/hcadec: do not set hfr_group_count to invalid values
+ avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration()
+ avformat/jacosubdec: clarify code
+ avformat/cafdec: Check that data chunk end fits within 64bit
+ avformat/iff: Saturate avio_tell() + 12
+ avformat/dxa: Adjust order of operations around block align
+ avformat/cafdec: dont seek beyond 64bit
+ avformat/id3v2: read_uslt() check for the amount read
+ avcodec/proresenc_kostya: Remove bug similarity text
+ avcodec/vorbisdec: Check remaining data in vorbis_residue_decode_internal()
+ avformat/concatdec: Check in and outpoints to be to produce a positive representable duration
+ libswscale/utils: Fix bayer to yuvj
+ swscale/swscale: Check srcSliceH for bayer
+ swscale/utils: Allocate more dithererror
+ avcodec/indeo3: Round dimensions up in allocate_frame_buffers()
+ avutil/rational: Document what is to be expected from av_d2q() of doubles representing rational numbers
+ avfilter/signature_lookup: Do not dereference NULL pointers after malloc failure
+ avfilter/signature_lookup: dont leave uncleared pointers in sll_free()
+ avcodec/mpegvideo_enc: Use ptrdiff_t for stride
+ libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr.
+ avcodec/mpegvideo_enc: Dont copy beyond the image
+ avfilter/vf_minterpolate: Check pts before division
+ avformat/flacdec: Avoid double AVERRORS
+ avfilter/vf_vidstabdetect: Avoid double AVERRORS
+ avfilter/vf_swaprect: round coordinates down
+ avfilter/vf_swaprect: Use height for vertical variables
+ avfilter/vf_swaprect: assert that rectangles are within memory
+ avfilter/af_alimiter: Check nextpos before use
+ avfilter/f_reverse: Apply PTS compensation only when pts is available
+ avfilter/af_stereowiden: Check length
+ avfilter/vf_weave: Fix odd height handling
+ avfilter/vf_gradfun: Do not overread last line
+ avfilter/avf_showspectrum: fix off by 1 error
+ avformat/mov: do not set sign bit for chunk_offsets
+ avcodec/jpeglsdec: Check Jpeg-LS LSE
+ configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm
+ avcodec/av1dec: Fix resolving zero divisor
+ avformat/mov: Ignore duplicate ftyp
+ avformat/mov: Fix integer overflow in mov_read_packet().
+ avformat/mov: Check if a key is longer than the atom containing it
+ avfilter/buffersrc: fix overriding unknown channel layouts with negotiated one
+ avfilter/af_channelmap: disallow channel index 64
+ avfilter/af_channelmap: fix mapping if in_channel was a string but out_channel was not specified
+ avfilter/af_channelmap: fix error message if FL source channel was missing
+ avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer
+ avformat/mov: don't abort on duplicate Mastering Display Metadata boxes
+ fftools/ffplay: use correct buffersink channel layout parameters
+ swresample/resample: fix rounding errors with filter_size=1 and phase_shift=0
+ avformat/mxfdec: remove resolve_strong_ref usage with AnyType
+ avformat/libsrt: use SRT_EPOLL_IN for waiting for an incoming connection
+ avformat/mxfdec: do not use AnyType when resolving Descriptors and MultipleDescriptors
+ avformat/mxfdec: move resolving Descriptors to the multi descriptor resolve function
+ avcodec/av1dec: fix matrix coefficients exposed by codec context
+ avformat/mov_chan: never override number of channels based on chan atom
+ avformat/mov_chan: do not assume channels are in native order
+ avcodec/nvdec: don't free NVDECContext->bitstream
+ fftools/ffmpeg_enc: apply -top to individual encoded frames
+ fftools/ffprobe: support 2D arrays in print_list_fmt()
+
+version 5.1.4:
+ avcodec/4xm: Check for cfrm exhaustion
+ avformat/mov: Disallow FTYP after streams
+ doc/html: fix styling issue with Texinfo 7.0
+ doc/html: support texinfo 7.0
+ avfilter/buffersink: fix order of operation with = and <0
+ tools/target_dec_fuzzer: Adjust threshold for CSCD
+ avcodec/dovi_rpu: Use 64 bit in get_us/se_coeff()
+ avformat/mov: Check that is_still_picture_avif has no trak based streams
+ avformat/matroskadec: Fix declaration-after-statement warnings
+ avformat/rtsp: Use rtsp_st->stream_index
+ avcodec/jpeg2000dec: Check image offset
+ avformat/mxfdec: Check klv offset
+ libavutil/ppc/cpu.c: check that AT_HWCAP2 is defined
+ avcodec/h2645_parse: Avoid EAGAIN
+ avcodec/xvididct: Make c* unsigned to avoid undefined overflows
+ avformat/tmv: Check video chunk size
+ avcodec/h264_parser: saturate dts a bit
+ avformat/asfdec_f: Saturate presentation time in marker
+ avformat/xwma: sanity check bits_per_coded_sample
+ avformat/matroskadec: Check prebuffered_ns for overflow
+ avformat/wavdec: Check left avio_tell for overflow
+ avformat/tta: Better totalframes check
+ avformat/rpl: Check for number_of_chunks overflow
+ avformat/mov: compute absolute dts difference without overflow in mov_find_next_sample()
+ avformat/jacosubdec: Check timeres
+ avformat/jacosubdec: avoid signed integer overflows in get_shift()
+ avformat/jacosubdec: Factorize code in get_shift() a bit
+ avformat/sbgdec: Check for negative duration or un-representable end pts
+ avcodec/escape124: Do not return random numbers
+ avcodec/apedec: Fix an integer overflow in predictor_update_filter()
+ tools/target_dec_fuzzer: Adjust wmapro threshold
+ avformat/avs: Check if return code is representable
+ avcodec/lcldec: Make PNG filter addressing match the code afterwards
+ avformat/westwood_vqa: Check chunk size
+ avformat/sbgdec: Check for period overflow
+ avformat/concatdec: Check in/outpoint for overflow
+ avformat/mxfdec: Remove this_partition
+ avcodec/xvididct: Fix integer overflow in idct_row()
+ avcodec/celp_math: avoid overflow in shift
+ tools/target_dec_fuzzer: Adjust threshold for rtv1
+ avformat/hls: reduce default max reload to 3
+ avformat/format: Stop reading data at EOF during probing
+ avcodec/jpeg2000dec: jpeg2000 has its own lowres option
+ avcodec/huffyuvdec: avoid undefined behavior with get_vlc2() failure
+ avcodec/cscd: Fix "CamStudio Lossless Codec 1.0" gzip files
+ avcodec/cscd: Check for CamStudio Lossless Codec 1.0 behavior in end check of LZO files
+ avcodec/mpeg4videodec: consider lowres in dest_pcm[]
+ avcodec/hevcdec: Fix undefined memcpy()
+ avcodec/mpeg4videodec: more unsigned in amv computation
+ avcodec/tta: fix signed overflow in decorrelate
+ avcodec/apedec: Fix 48khz 24bit below insane level
+ avcodec/apedec: Fix CRC for 24bps and bigendian
+ avcodec/xvididct: Fix integer overflow in idct_row()
+ avformat/avr: Check sample rate
+ avformat/imf_cpl: Replace NULL content_title_utf8 by ""
+ avformat/imf_cpl: xmlNodeListGetString() can return NULL
+ avcodec/pcm: allow Changing parameters
+ avcodec/jpeg2000dec: Check for reduction factor and image offset
+ avutil/softfloat: Basic documentation for av_sincos_sf()
+ avutil/softfloat: fix av_sincos_sf()
+ tools/target_dec_fuzzer: Adjust threshold for speex
+ avcodec/utils: fix 2 integer overflows in get_audio_frame_duration()
+ avcodec/hevcdec: Avoid null pointer dereferences in MC
+ avcodec/takdsp: Fix integer overflows
+ avcodec: Ignoring errors is only possible before the input end
+ avformat/jpegxl_probe: Forward error codes
+ avformat/jpegxl_probe: check length instead of blindly reading
+ avformat/jpegxl_probe: Remove intermediate macro obfuscation around get_bits*()
+ avcodec/noise_bsf: Check for wrapped frames
+ avformat/oggparsetheora: clip duration within 64bit
+ avformat/wavdec: Check that smv block fits in available space
+ avcodec/tiff: add a zero DNG_LINEARIZATION_TABLE check
+ avcodec/tak: Check remaining bits in ff_tak_decode_frame_header()
+ avcodec/sonic: Fix two undefined integer overflows
+ avcodec/utils: the IFF_ILBM implementation assumes that there are a multiple of 16 allocated
+ avcodec/exr: Cleanup befor return
+ avcodec/pngdec: Do not pass AVFrame into global header decode
+ avcodec/pngdec: remove AVFrame argument from decode_iccp_chunk()
+ avcodec/vorbisdec: Check codebook float values to be finite
+ avcodec/g2meet: Replace fake allocation avoidance for framebuf
+ avutil/tx_priv: Use unsigned in BF() to avoid signed overflows
+ avcodec/lcldec: More space for rgb24
+ avcodec/lcldec: Support 4:1:1 and 4:2:2 with odd width
+ libavcodec/lcldec: width and height should not be unsigned
+ avformat/imf: fix invalid resource handling
+ avcodec/escape124: Check that blocks are allocated before use
+ avcodec/huffyuvdec: Fix undefined behavior with shift
+ avcodec/j2kenc: Replace RGB24 special case by generic test
+ avcodec/j2kenc: Replace BGR48 / GRAY16 test by test for number of bits
+ avcodec/j2kenc: simplify pixel format setup
+ avcodec/j2kenc: Fix funky bpno errors on decoding
+ avcodec/j2kenc: remove misleading pred value
+ avcodec/j2kenc: fix 5/3 DWT identifer
+ avcodec/vp3: Check width to avoid assertion failure
+ avcodec/g729postfilter: Limit shift in long term filter
+ configure: update copyright year
+ Changelog: Add forgotten line
+ libavformat/riffec: Zero-initialize channels in ff_get_wav_header
+ avcodec/x86/mathops: clip constants used with shift instructions within inline assembly
+ avcodec/libsvtav1: use larger of bit rate and max rate for buffer size
+ avcodec/libsvtav1: only set max_buf_sz if both bitrate and rc_buf_sz is set
+ avcodec/libsvtav1: remove compressed_ten_bit_format and simplify alloc_buffer
+ avcodec/libsvtav1: replace vbv_bufsize with maximum_buffer_size_ms
+ avcodec/vdpau_mpeg4: fix order of quant matrix coefficients
+ avcodec/vdpau_mpeg12: fix order of quant matrix coefficients
+ avcodec/nvdec_mpeg4: fix order of quant matrix coefficients
+ avcodec/nvdec_mpeg2: fix order of quant matrix coefficients
+ fftools/ffmpeg: avoid possible invalid reads with short -tag values
+ avcodec/mp_cmp: reject invalid comparison function values
+ avcodec/aacpsy: clip global_quality within the psy_vbr_map array boundaries
+ avutil/wchar_filename: propagate MultiByteToWideChar() and WideCharToMultiByte() failures
+ avformat/concatf: check if any nodes were allocated
+ avcodec/nvenc: fix b-frame DTS behavior with fractional framerates
+
+version 5.1.3:
+- avcodec/tests/snowenc: Fix 2nd test
+- avcodec/tests/snowenc: return a failure if DWT/IDWT mismatches
+- avcodec/snowenc: Fix visual weight calculation
+- avcodec/tests/snowenc: unbreak DWT tests
+- avfilter/vf_untile: swap the chroma shift values used for plane offsets
+- update for 5.1.3
+- avcodec/mpeg12dec: Check input size
+- avcodec/escape124: Fix some return codes
+- avcodec/escape124: fix signdness of end of input check
+- Use https for repository links
+- avcodec/rpzaenc: stop accessing out of bounds frame
+- avcodec/smcenc: stop accessing out of bounds frame
+- avcodec/motionpixels: Mask pixels to valid values
+- avcodec/xpmdec: Check size before allocation to avoid truncation
+- avcodec/bink: Avoid undefined out of array end pointers in binkb_decode_plane()
+- avcodec/bink: Fix off by 1 error in ref end
+- avcodec/utils: Ensure linesize for SVQ3
+- avcodec/utils: allocate a line more for VC1 and WMV3
+- avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things
+- avcodec/pngdec: dont skip/read chunk twice
+- avcodec/pngdec: Check deloco index more exactly
+- avcodec/ffv1dec: Check that num h/v slices is supported
+- avformat/mov: Check samplesize and offset to avoid integer overflow
+- lavu/vulkan: fix handle type for 32-bit targets
+- vulkan: Fix win/i386 calling convention
+- avcodec/pictordec: Remove mid exit branch
+- avcodec/eac3dec: avoid float noise in fixed mode addition to overflow
+- avcodec/utils: use 32pixel alignment for bink
+- avcodec/scpr3: Check bx
+- avcodec/012v: Order operations for odd size handling
+- avcodec/eatgq: : Check index increments in tgq_decode_block()
+- avcodec/h274: fix include
+- avcodec/scpr: Test bx before use
+- avformat/mxfdec: Use 64bit in remainder
+- avcodec/sunrast: Fix maplength check
+- avcodec/wavpack: Avoid undefined shift in get_tail()
+- avcodec/wavpack: Check for end of input in wv_unpack_dsd_high()
+- avformat/id3v2: Check taglen in read_uslt()
+- avcodec/tiff: Ignore tile_count
+- avcodec/ffv1dec: restructure slice coordinate reading a bit
+- avcodec/mlpdec: Check max matrix instead of max channel in noise check
+- avutil/tx: Use unsigned in ff_tx_fft_sr_combine() to avoid undefined behavior
+- swscale/input: Use more unsigned intermediates
+- avcodec/alsdec: Check bits left before block decoding in non multi channel coding loop
+- avcodec/alsdec: The minimal block is at least 7 bits
+- avformat/replaygain: avoid undefined / negative abs
+- swscale/output: Bias 16bps output calculations to improve non overflowing range for GBRP16/GBRPF32
+- swscale/output: Bias 16bps output calculations to improve non overflowing range
+- avcodec/speedhq: Check buf_size to be big enough for DC
+- avcodec/ffv1dec: Fail earlier if prior context is corrupted
+- avcodec/speexdec: Check channels > 2
+- avformat/vividas: Check packet size
+- hwcontext_vulkan: remove optional encode/decode extensions from the list
+- avcodec/libjxldec: fix gamma22 and gamma28 recognition
+- avcodec/mpeg12dec: use init_get_bits8 and check the return value
+- avcodec/nvenc: fix vbv buffer size in cq mode
+- avcodec/mjpegenc: take into account component count when writing the SOF header size
+- swscale: aarch64: Fix yuv2rgb with negative strides
+- avcodec/atrac3plus: reorder channels to match the output layout
+- avcodec/aacdec: fix parsing streams with channel configuration 11
+- libswscale: force a minimum size of the slide for bayer sources
+- lavf/async: Fix ring_write return value
+- avcodec/audiotoolboxenc: return AVERROR_EXTERNAL immediately when encode error
+- avcodec/libjxlenc: avoid hard failure with unspecified primaries
+
+version 5.1.2:
+- avcodec/dstdec: Check for overflow in build_filter()
+- avformat/spdifdec: Use 64bit to compute bit rate
+- avformat/rpl: Use 64bit for duration computation
+- avformat/xwma: Use av_rescale() for duration computation
+- avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation
+- avformat/sbgdec: Check ts_int in genrate_intervals
+- avformat/sbgdec: clamp end_ts
+- avformat/rmdec: check tag_size
+- avformat/nutdec: Check fields
+- avformat/flvdec: Use 64bit for sum_flv_tag_size
+- avformat/jacosubdec: Fix overflow in get_shift()
+- avformat/genh: Check nb_channels for IMA ADPCM
+- avformat/dxa: avoid bpc overflows
+- avformat/dhav: Use 64bit seek_back
+- avformat/cafdec: Check that nb_frasmes fits within 64bit
+- avformat/asfdec_o: Limit packet offset
+- avformat/apm: Use 64bit for bit_rate computation
+- avformat/ape: Check frames size
+- avformat/icodec: Check nb_pal
+- avformat/aiffdec: Use 64bit for block_duration use
+- avformat/aiffdec: Check block_duration
+- avformat/mxfdec: only probe max run in
+- avformat/mxfdec: Check run_in is within 65536
+- avcodec/mjpegdec: Check for unsupported bayer case
+- avcodec/apedec: Fix integer overflow in filter_3800()
+- avcodec/tta: Check 24bit scaling for overflow
+- avcodec/mobiclip: Check quantizer for overflow
+- avcodec/exr: Check preview psize
+- avcodec/tiff: Fix loop detection
+- libavformat/hls: Free keys
+- avcodec/fmvc: Move frame allocation to a later stage
+- avfilter/vf_showinfo: remove backspaces
+- avcodec/speedhq: Check width
+- avcodec/bink: disallow odd positioned scaled blocks
+- avformat/cafenc: derive Opus frame size from the relevant stream parameters
+- avformat/dashdec: Fix crash on invalid input/ENOMEM, fix leak
+- lavc/videotoolbox: do not pass AVCodecContext to decoder output callback
+- lavc/pthread_frame: always transfer stashed hwaccel state
+- avcodec/arm/sbcenc: avoid callee preserved vfp registers
+- avformat/riffdec: don't unconditionally overwrite WAVEFORMATEXTENSIBLE layout
+- avfilter/vf_scale: overwrite the width and height expressions with the original values
+- lavc/pthread_frame: avoid leaving stale hwaccel state in worker threads
+- avutil/tests/.gitignore: Add channel_layout testtool
+
+
+version 5.1.1:
+- avformat/asfdec_o: limit recursion depth in asf_read_unknown()
+- avformat/mov: Check count sums in build_open_gop_key_points()
+- doc/git-howto.texi: Document commit signing
+- libavcodec/8bps: Check that line lengths fit within the buffer
+- avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer()
+- libavformat/iff: Check for overflow in body_end calculation
+- avformat/avidec: Prevent entity expansion attacks
+- avcodec/h263dec: Sanity check against minimal I/P frame size
+- avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel
+- avcodec/mpegaudiodec_template: use unsigned shift in handle_crc()
+- avformat/subviewerdec: Make read_ts() more flexible
+- avcodec/mjpegdec: bayer and rct are incompatible
+- MAINTAINERS: Add ED25519 key for signing my commits in the future
+- avcodec/pngdec: Fix APNG_DISPOSE_OP_BACKGROUND
+- avcodec/libvpx: fix assembling vp9 packets with alpha channel
+- fftools/ffmpeg_opt: try to propagate the requested output channel layout
+- avcodec/libsvtav1: properly initialize the flush EbBufferHeaderType struct
+- configure: enable the av1_frame_split bsf for the av1 decoder
+- swresample/swresample: fill the correct buffer to print the output layout string
+- ffprobe: restore reporting error code for failed inputs
+- ipfsgateway: Remove default gateway
+- avcodec/libspeexdec: Fix use of uninitialized value
+- avformat/avisynth: use ch_layout.nb_channels for channel count
+- fate/lavf-image: Disable file checksums for exr tests
+- tests/fate-run: Allow to skip file checksums for lavf_image
+- fate/imf: Rename IMF fate-target
+- avcodec/alac: don't fail if channels aren't set during init() when extradata is valid
+- configure: properly require libx264 if enabled
+
+
 version 5.1:
 - add ipfs/ipns protocol support
 - dialogue enhance audio filter

MAINTAINERS

@@ -591,10 +591,12 @@ wm4
 Releases
 ========
 
+7.0                                     Michael Niedermayer
+6.1                                     Michael Niedermayer
+5.1                                     Michael Niedermayer
+4.4                                     Michael Niedermayer
+3.4                                     Michael Niedermayer
 2.8                                     Michael Niedermayer
-2.7                                     Michael Niedermayer
-2.6                                     Michael Niedermayer
-2.5                                     Michael Niedermayer
 
 If you want to maintain an older release, please contact us
 
@@ -625,6 +627,7 @@ Leo Izen (thebombzen)         B6FD 3CFC 7ACF 83FC 9137 6945 5A71 C331 FD2F A19A
 Loren Merritt                 ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE
 Lynne                         FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464
 Michael Niedermayer           9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB
+                              DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64
 Nicolas George                24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93
 Niklas Haas (haasn)           1DDB 8076 B14D 5B48 32FC 99D9 EB52 DA9C 02BA 6FB4
 Nikolay Aleksandrov           8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1

RELEASE

@@ -1 +1 @@
-4.4.git
+5.1.6

RELEASE_NOTES

@@ -0,0 +1,18 @@
+
+            ┌────────────────────────────────────────────┐
+            │ RELEASE NOTES for FFmpeg 5.1 "Riemann" LTS │
+            └────────────────────────────────────────────┘
+
+   The FFmpeg Project proudly presents FFmpeg 5.1 "Riemann" LTS, about 6
+   months after the release of FFmpeg 5.0, our first Long Term Support
+   release. While several past FFmpeg releases have enjoyed long term
+   support, this is the first release where such an intention is made
+   clear at release.
+
+   A complete Changelog is available at the root of the project, and the
+   complete Git history on https://git.ffmpeg.org/gitweb/ffmpeg.git
+
+   We hope you will like this release as much as we enjoyed working on it, and
+   as usual, if you have any questions about it, or any FFmpeg related topic,
+   feel free to join us on the #ffmpeg IRC channel (on irc.libera.chat) or ask
+   on the mailing-lists.

configure

@@ -2121,6 +2121,7 @@ ARCH_EXT_LIST_PPC="
     ldbrx
     power8
     ppc4xx
+    vec_xl
     vsx
 "
 
@@ -2415,6 +2416,7 @@ HAVE_LIST="
     opencl_vaapi_intel_media
     perl
     pod2man
+    posix_ioctl
     texi2html
     xmllint
     zlib_gzip
@@ -2633,6 +2635,7 @@ altivec_deps="ppc"
 dcbzl_deps="ppc"
 ldbrx_deps="ppc"
 ppc4xx_deps="ppc"
+vec_xl_deps="altivec"
 vsx_deps="altivec"
 power8_deps="vsx"
 
@@ -2781,7 +2784,7 @@ atrac3al_decoder_select="mdct"
 atrac3p_decoder_select="mdct sinewin"
 atrac3pal_decoder_select="mdct sinewin"
 atrac9_decoder_select="mdct"
-av1_decoder_select="cbs_av1"
+av1_decoder_select="av1_frame_split_bsf cbs_av1"
 bink_decoder_select="blockdsp hpeldsp"
 binkaudio_dct_decoder_select="mdct rdft dct sinewin wma_freqs"
 binkaudio_rdft_decoder_select="mdct rdft sinewin wma_freqs"
@@ -5495,6 +5498,7 @@ case $target_os in
         ;;
     netbsd)
         disable symver
+        enable section_data_rel_ro
         oss_indev_extralibs="-lossaudio"
         oss_outdev_extralibs="-lossaudio"
         enabled gcc || check_ldflags -Wl,-zmuldefs
@@ -5513,6 +5517,7 @@ case $target_os in
         disable symver
         ;;
     freebsd)
+        enable section_data_rel_ro
         ;;
     bsd/os)
         add_extralibs -lpoll -lgnugetopt
@@ -6088,6 +6093,11 @@ elif enabled ppc; then
         check_cpp_condition power8 "altivec.h" "defined(_ARCH_PWR8)"
     fi
 
+    if enabled altivec; then
+        check_cc vec_xl altivec.h "const unsigned char *y1i = { 0 };
+                                   vector unsigned char y0 = vec_xl(0, y1i);"
+    fi
+
 elif enabled x86; then
 
     check_builtin rdtsc    intrin.h   "__rdtsc()"
@@ -6666,7 +6676,7 @@ enabled libvpx            && {
 enabled libwebp           && {
     enabled libwebp_encoder      && require_pkg_config libwebp "libwebp >= 0.2.0" webp/encode.h WebPGetEncoderVersion
     enabled libwebp_anim_encoder && check_pkg_config libwebp_anim_encoder "libwebpmux >= 0.4.0" webp/mux.h WebPAnimEncoderOptionsInit; }
-enabled libx264           && check_pkg_config libx264 x264 "stdint.h x264.h" x264_encoder_encode &&
+enabled libx264           && require_pkg_config libx264 x264 "stdint.h x264.h" x264_encoder_encode &&
                              require_cpp_condition libx264 x264.h "X264_BUILD >= 118" && {
                              [ "$toolchain" != "msvc" ] ||
                              require_cpp_condition libx264 x264.h "X264_BUILD >= 158"; } &&
@@ -6797,14 +6807,16 @@ enabled makeinfo \
 disabled makeinfo_html && texi2html --help 2> /dev/null | grep -q 'init-file' && enable texi2html || disable texi2html
 perl -v            > /dev/null 2>&1 && enable perl      || disable perl
 pod2man --help     > /dev/null 2>&1 && enable pod2man   || disable pod2man
-rsync --help 2> /dev/null | grep -q 'contimeout' && enable rsync_contimeout || disable rsync_contimeout
+rsync --help 2> /dev/null | grep -q 'contimeout=' && enable rsync_contimeout || disable rsync_contimeout
 xmllint --version  > /dev/null 2>&1 && enable xmllint   || disable xmllint
 
+check_headers linux/fb.h
+check_headers linux/videodev2.h
+test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete
+test_code cc sys/ioctl.h "int ioctl(int, int, ...)" && enable posix_ioctl
+
 # check V4L2 codecs available in the API
 if enabled v4l2_m2m; then
-    check_headers linux/fb.h
-    check_headers linux/videodev2.h
-    test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete
     check_cc v4l2_m2m linux/videodev2.h "int i = V4L2_CAP_VIDEO_M2M_MPLANE | V4L2_CAP_VIDEO_M2M | V4L2_BUF_FLAG_LAST;"
     check_cc vc1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_VC1_ANNEX_G;"
     check_cc mpeg1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_MPEG1;"
@@ -6849,8 +6861,7 @@ enabled alsa && { check_pkg_config alsa alsa "alsa/asoundlib.h" snd_pcm_htimesta
 enabled libjack &&
     require_pkg_config libjack jack jack/jack.h jack_port_get_latency_range
 
-enabled sndio && { check_pkg_config sndio sndio "sndio.h" sio_open ||
+enabled sndio && check_pkg_config sndio sndio sndio.h sio_open
-                   check_lib sndio sndio.h sio_open -lsndio; }
 
 if enabled libcdio; then
     check_pkg_config libcdio libcdio_paranoia "cdio/cdda.h cdio/paranoia.h" cdio_cddap_open ||
@@ -6957,7 +6968,7 @@ fi
 
 if enabled x86; then
     case $target_os in
-        mingw32*|mingw64*|win32|win64|linux|cygwin*)
+        freebsd|mingw32*|mingw64*|win32|win64|linux|cygwin*)
             ;;
         *)
             disable ffnvcodec cuvid nvdec nvenc
@@ -7538,6 +7549,7 @@ if enabled ppc; then
     echo "POWER8 enabled            ${power8-no}"
     echo "PPC 4xx optimizations     ${ppc4xx-no}"
     echo "dcbzl available           ${dcbzl-no}"
+    echo "vec_xl available          ${vec_xl-no}"
 fi
 if enabled loongarch; then
     echo "LSX enabled               ${lsx-no}"
@@ -7783,7 +7795,7 @@ cat > $TMPH <<EOF
 #define FFMPEG_CONFIG_H
 #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
 #define FFMPEG_LICENSE "$(c_escape $license)"
-#define CONFIG_THIS_YEAR 2022
+#define CONFIG_THIS_YEAR 2024
 #define FFMPEG_DATADIR "$(eval c_escape $datadir)"
 #define AVCONV_DATADIR "$(eval c_escape $datadir)"
 #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"

doc/Doxyfile

@@ -38,7 +38,7 @@ PROJECT_NAME           = FFmpeg
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         =
+PROJECT_NUMBER         = 5.1.6
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

doc/authors.texi

@@ -3,9 +3,9 @@
 The FFmpeg developers.
 
 For details about the authorship, see the Git history of the project
-(git://source.ffmpeg.org/ffmpeg), e.g. by typing the command
+(https://git.ffmpeg.org/ffmpeg), e.g. by typing the command
 @command{git log} in the FFmpeg source directory, or browsing the
-online repository at @url{http://source.ffmpeg.org}.
+online repository at @url{https://git.ffmpeg.org/ffmpeg}.
 
 Maintainers for the specific components are listed in the file
 @file{MAINTAINERS} in the source code tree.

doc/developer.texi

@@ -494,6 +494,11 @@ patch is inline or attached per mail.
 You can check @url{https://patchwork.ffmpeg.org}, if your patch does not show up, its mime type
 likely was wrong.
 
+@subheading How to setup git send-email?
+
+Please see @url{https://git-send-email.io/}.
+For gmail additionally see @url{https://shallowsky.com/blog/tech/email/gmail-app-passwds.html}.
+
 @subheading Sending patches from email clients
 Using @code{git send-email} might not be desirable for everyone. The
 following trick allows to send patches via email clients in a safe

doc/examples/demuxing_decoding.c

@@ -138,11 +138,9 @@ static int decode_packet(AVCodecContext *dec, const AVPacket *pkt)
             ret = output_audio_frame(frame);
 
         av_frame_unref(frame);
-        if (ret < 0)
-            return ret;
     }
 
-    return 0;
+    return ret;
 }
 
 static int open_codec_context(int *stream_idx,

doc/examples/muxing.c

@@ -351,8 +351,7 @@ static int write_audio_frame(AVFormatContext *oc, OutputStream *ost)
     if (frame) {
         /* convert samples from native format to destination codec format, using the resampler */
         /* compute destination number of samples */
-        dst_nb_samples = av_rescale_rnd(swr_get_delay(ost->swr_ctx, c->sample_rate) + frame->nb_samples,
+        dst_nb_samples = swr_get_delay(ost->swr_ctx, c->sample_rate) + frame->nb_samples;
-                                        c->sample_rate, c->sample_rate, AV_ROUND_UP);
         av_assert0(dst_nb_samples == frame->nb_samples);
 
         /* when we pass a frame to the encoder, it may keep a reference to it

doc/examples/vaapi_encode.c

@@ -91,6 +91,10 @@ static int encode_write(AVCodecContext *avctx, AVFrame *frame, FILE *fout)
         enc_pkt->stream_index = 0;
         ret = fwrite(enc_pkt->data, enc_pkt->size, 1, fout);
         av_packet_unref(enc_pkt);
+        if (ret != enc_pkt->size) {
+            ret = AVERROR(errno);
+            break;
+        }
     }
 
 end:

doc/examples/vaapi_transcode.c

@@ -218,10 +218,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec)
 
 fail:
         av_frame_free(&frame);
-        if (ret < 0)
-            return ret;
     }
-    return 0;
+    return ret;
 }
 
 int main(int argc, char **argv)

doc/ffmpeg.texi

@@ -518,6 +518,21 @@ see @ref{time duration syntax,,the Time duration section in the ffmpeg-utils(1)
 Like the @code{-ss} option but relative to the "end of file". That is negative
 values are earlier in the file, 0 is at EOF.
 
+@item -isync @var{input_index} (@emph{input})
+Assign an input as a sync source.
+
+This will take the difference between the start times of the target and reference inputs and
+offset the timestamps of the target file by that difference. The source timestamps of the two
+inputs should derive from the same clock source for expected results. If @code{copyts} is set
+then @code{start_at_zero} must also be set. If either of the inputs has no starting timestamp
+then no sync adjustment is made.
+
+Acceptable values are those that refer to a valid ffmpeg input index. If the sync reference is
+the target index itself or @var{-1}, then no adjustment is made to target timestamps. A sync
+reference may not itself be synced to any other input.
+
+Default value is @var{-1}.
+
 @item -itsoffset @var{offset} (@emph{input})
 Set the input time offset.
 

doc/git-howto.texi

@@ -53,7 +53,7 @@ Most distribution and operating system provide a package for it.
 @section Cloning the source tree
 
 @example
-git clone git://source.ffmpeg.org/ffmpeg <target>
+git clone https://git.ffmpeg.org/ffmpeg.git <target>
 @end example
 
 This will put the FFmpeg sources into the directory @var{<target>}.
@@ -187,11 +187,18 @@ to make sure you don't have untracked files or deletions.
 git add [-i|-p|-A] <filenames/dirnames>
 @end example
 
-Make sure you have told Git your name and email address
+Make sure you have told Git your name, email address and GPG key
 
 @example
 git config --global user.name "My Name"
 git config --global user.email my@@email.invalid
+git config --global user.signingkey ABCDEF0123245
+@end example
+
+Enable signing all commits or use -S
+
+@example
+git config --global commit.gpgsign true
 @end example
 
 Use @option{--global} to set the global configuration for all your Git checkouts.
@@ -423,6 +430,19 @@ git checkout -b svn_23456 $SHA1
 where @var{$SHA1} is the commit hash from the @command{git log} output.
 
 
+@chapter gpg key generation
+
+If you have no gpg key yet, we recommend that you create a ed25519 based key as it
+is small, fast and secure. Especially it results in small signatures in git.
+
+@example
+gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-generate-key "human@@server.com"
+@end example
+
+When generating a key, make sure the email specified matches the email used in git as some sites like
+github consider mismatches a reason to declare such commits unverified. After generating a key you
+can add it to the MAINTAINER file and upload it to a keyserver.
+
 @chapter Pre-push checklist
 
 Once you have a set of commits that you feel are ready for pushing,

doc/resampler.texi

@@ -11,16 +11,6 @@ programmatic use.
 
 @table @option
 
-@item ich, in_channel_count
-Set the number of input channels. Default value is 0. Setting this
-value is not mandatory if the corresponding channel layout
-@option{in_channel_layout} is set.
-
-@item och, out_channel_count
-Set the number of output channels. Default value is 0. Setting this
-value is not mandatory if the corresponding channel layout
-@option{out_channel_layout} is set.
-
 @item uch, used_channel_count
 Set the number of used input channels. Default value is 0. This option is
 only used for special remapping.
@@ -41,8 +31,8 @@ Specify the output sample format. It is set by default to @code{none}.
 Set the internal sample format. Default value is @code{none}.
 This will automatically be chosen when it is not explicitly set.
 
-@item icl, in_channel_layout
+@item ichl, in_chlayout
-@item ocl, out_channel_layout
+@item ochl, out_chlayout
 Set the input/output channel layout.
 
 See @ref{channel layout syntax,,the Channel Layout section in the ffmpeg-utils(1) manual,ffmpeg-utils}

doc/t2h.pm

@@ -20,8 +20,45 @@
 # License along with FFmpeg; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
+# Texinfo 7.0 changed the syntax of various functions.
+# Provide a shim for older versions.
+sub ff_set_from_init_file($$) {
+    my $key = shift;
+    my $value = shift;
+    if (exists &{'texinfo_set_from_init_file'}) {
+        texinfo_set_from_init_file($key, $value);
+    } else {
+        set_from_init_file($key, $value);
+    }
+}
+
+sub ff_get_conf($) {
+    my $key = shift;
+    if (exists &{'texinfo_get_conf'}) {
+        texinfo_get_conf($key);
+    } else {
+        get_conf($key);
+    }
+}
+
+sub get_formatting_function($$) {
+    my $obj = shift;
+    my $func = shift;
+
+    my $sub = $obj->can('formatting_function');
+    if ($sub) {
+        return $obj->formatting_function($func);
+    } else {
+        return $obj->{$func};
+    }
+}
+
+# determine texinfo version
+my $program_version_num = version->declare(ff_get_conf('PACKAGE_VERSION'))->numify;
+my $program_version_6_8 = $program_version_num >= 6.008000;
+
 # no navigation elements
-set_from_init_file('HEADERS', 0);
+ff_set_from_init_file('HEADERS', 0);
 
 sub ffmpeg_heading_command($$$$$)
 {
@@ -55,7 +92,7 @@ sub ffmpeg_heading_command($$$$$)
         $element = $command->{'parent'};
     }
     if ($element) {
-        $result .= &{$self->{'format_element_header'}}($self, $cmdname,
+        $result .= &{get_formatting_function($self, 'format_element_header')}($self, $cmdname,
                                                        $command, $element);
     }
 
@@ -112,7 +149,11 @@ sub ffmpeg_heading_command($$$$$)
                 $cmdname
                     = $Texinfo::Common::level_to_structuring_command{$cmdname}->[$heading_level];
             }
-            $result .= &{$self->{'format_heading_text'}}(
+            # format_heading_text expects an array of headings for texinfo >= 7.0
+            if ($program_version_num >= 7.000000) {
+                $heading = [$heading];
+            }
+            $result .= &{get_formatting_function($self,'format_heading_text')}(
                         $self, $cmdname, $heading,
                         $heading_level +
                         $self->get_conf('CHAPTER_HEADER_LEVEL') - 1, $command);
@@ -126,23 +167,19 @@ foreach my $command (keys(%Texinfo::Common::sectioning_commands), 'node') {
     texinfo_register_command_formatting($command, \&ffmpeg_heading_command);
 }
 
-# determine if texinfo is at least version 6.8
-my $program_version_num = version->declare(get_conf('PACKAGE_VERSION'))->numify;
-my $program_version_6_8 = $program_version_num >= 6.008000;
-
 # print the TOC where @contents is used
 if ($program_version_6_8) {
-    set_from_init_file('CONTENTS_OUTPUT_LOCATION', 'inline');
+    ff_set_from_init_file('CONTENTS_OUTPUT_LOCATION', 'inline');
 } else {
-    set_from_init_file('INLINE_CONTENTS', 1);
+    ff_set_from_init_file('INLINE_CONTENTS', 1);
 }
 
 # make chapters <h2>
-set_from_init_file('CHAPTER_HEADER_LEVEL', 2);
+ff_set_from_init_file('CHAPTER_HEADER_LEVEL', 2);
 
 # Do not add <hr>
-set_from_init_file('DEFAULT_RULE', '');
+ff_set_from_init_file('DEFAULT_RULE', '');
-set_from_init_file('BIG_RULE', '');
+ff_set_from_init_file('BIG_RULE', '');
 
 # Customized file beginning
 sub ffmpeg_begin_file($$$)
@@ -159,7 +196,18 @@ sub ffmpeg_begin_file($$$)
     my ($title, $description, $encoding, $date, $css_lines,
         $doctype, $bodytext, $copying_comment, $after_body_open,
         $extra_head, $program_and_version, $program_homepage,
-        $program, $generator) = $self->_file_header_informations($command);
+        $program, $generator);
+    if ($program_version_num >= 7.000000) {
+        ($title, $description, $encoding, $date, $css_lines,
+         $doctype, $bodytext, $copying_comment, $after_body_open,
+         $extra_head, $program_and_version, $program_homepage,
+         $program, $generator) = $self->_file_header_information($command);
+    } else {
+        ($title, $description, $encoding, $date, $css_lines,
+         $doctype, $bodytext, $copying_comment, $after_body_open,
+         $extra_head, $program_and_version, $program_homepage,
+         $program, $generator) = $self->_file_header_informations($command);
+    }
 
     my $links = $self->_get_links ($filename, $element);
 
@@ -223,7 +271,7 @@ if ($program_version_6_8) {
 sub ffmpeg_end_file($)
 {
     my $self = shift;
-    my $program_string = &{$self->{'format_program_string'}}($self);
+    my $program_string = &{get_formatting_function($self,'format_program_string')}($self);
     my $program_text = <<EOT;
       <p style="font-size: small;">
         $program_string
@@ -244,7 +292,7 @@ if ($program_version_6_8) {
 
 # Dummy title command
 # Ignore title. Title is handled through ffmpeg_begin_file().
-set_from_init_file('USE_TITLEPAGE_FOR_TITLE', 1);
+ff_set_from_init_file('USE_TITLEPAGE_FOR_TITLE', 1);
 sub ffmpeg_title($$$$)
 {
     return '';
@@ -262,8 +310,14 @@ sub ffmpeg_float($$$$$)
     my $args = shift;
     my $content = shift;
 
-    my ($caption, $prepended) = Texinfo::Common::float_name_caption($self,
+    my ($caption, $prepended);
-                                                                $command);
+    if ($program_version_num >= 7.000000) {
+        ($caption, $prepended) = Texinfo::Convert::Converter::float_name_caption($self,
+                                                                                 $command);
+    } else {
+        ($caption, $prepended) = Texinfo::Common::float_name_caption($self,
+                                                                     $command);
+    }
     my $caption_text = '';
     my $prepended_text;
     my $prepended_save = '';
@@ -335,8 +389,13 @@ sub ffmpeg_float($$$$$)
             $caption->{'args'}->[0], 'float caption');
     }
     if ($prepended_text.$caption_text ne '') {
-        $prepended_text = $self->_attribute_class('div','float-caption'). '>'
+        if ($program_version_num >= 7.000000) {
-                . $prepended_text;
+            $prepended_text = $self->html_attribute_class('div',['float-caption']). '>'
+                    . $prepended_text;
+        } else {
+            $prepended_text = $self->_attribute_class('div','float-caption'). '>'
+                    . $prepended_text;
+        }
         $caption_text .= '</div>';
     }
     my $html_class = '';
@@ -349,8 +408,13 @@ sub ffmpeg_float($$$$$)
         $prepended_text = '';
         $caption_text   = '';
     }
-    return $self->_attribute_class('div', $html_class). '>' . "\n" .
+    if ($program_version_num >= 7.000000) {
-        $prepended_text . $caption_text . $content . '</div>';
+        return $self->html_attribute_class('div', [$html_class]). '>' . "\n" .
+            $prepended_text . $caption_text . $content . '</div>';
+    } else {
+        return $self->_attribute_class('div', $html_class). '>' . "\n" .
+            $prepended_text . $caption_text . $content . '</div>';
+    }
 }
 
 texinfo_register_command_formatting('float',

fftools/cmdutils.c

@@ -506,7 +506,7 @@ static const AVOption *opt_find(void *obj, const char *name, const char *unit,
     return o;
 }
 
-#define FLAGS (o->type == AV_OPT_TYPE_FLAGS && (arg[0]=='-' || arg[0]=='+')) ? AV_DICT_APPEND : 0
+#define FLAGS ((o->type == AV_OPT_TYPE_FLAGS && (arg[0]=='-' || arg[0]=='+')) ? AV_DICT_APPEND : 0)
 int opt_default(void *optctx, const char *opt, const char *arg)
 {
     const AVOption *o;

fftools/ffmpeg.c

@@ -491,8 +491,9 @@ static int read_key(void)
         }
         //Read it
         if(nchars != 0) {
-            read(0, &ch, 1);
+            if (read(0, &ch, 1) == 1)
-            return ch;
+                return ch;
+            return 0;
         }else{
             return -1;
         }
@@ -1278,6 +1279,9 @@ static void do_video_out(OutputFile *of,
             av_log(NULL, AV_LOG_DEBUG, "Forced keyframe at time %f\n", pts_time);
         }
 
+        if (ost->top_field_first >= 0)
+            in_picture->top_field_first = !!ost->top_field_first;
+
         ret = encode_frame(of, ost, in_picture);
         if (ret < 0)
             exit_program(1);

fftools/ffmpeg.h

@@ -118,6 +118,7 @@ typedef struct OptionsContext {
     float readrate;
     int accurate_seek;
     int thread_queue_size;
+    int input_sync_ref;
 
     SpecifierOpt *ts_scale;
     int        nb_ts_scale;
@@ -410,6 +411,7 @@ typedef struct InputFile {
                              at the moment when looping happens */
     AVRational time_base; /* time base of the duration */
     int64_t input_ts_offset;
+    int input_sync_ref;
 
     int64_t ts_offset;
     int64_t last_ts;

fftools/ffmpeg_opt.c

@@ -235,6 +235,7 @@ static void init_options(OptionsContext *o)
     o->chapters_input_file = INT_MAX;
     o->accurate_seek  = 1;
     o->thread_queue_size = -1;
+    o->input_sync_ref = -1;
 }
 
 static int show_hwaccels(void *optctx, const char *opt, const char *arg)
@@ -287,6 +288,58 @@ static int parse_and_set_vsync(const char *arg, int *vsync_var, int file_idx, in
     return 0;
 }
 
+static int apply_sync_offsets(void)
+{
+    for (int i = 0; i < nb_input_files; i++) {
+        InputFile *ref, *self = input_files[i];
+        int64_t adjustment;
+        int64_t self_start_time, ref_start_time, self_seek_start, ref_seek_start;
+        int start_times_set = 1;
+
+        if (self->input_sync_ref == -1 || self->input_sync_ref == i) continue;
+        if (self->input_sync_ref >= nb_input_files || self->input_sync_ref < -1) {
+            av_log(NULL, AV_LOG_FATAL, "-isync for input %d references non-existent input %d.\n", i, self->input_sync_ref);
+            exit_program(1);
+        }
+
+        if (copy_ts && !start_at_zero) {
+            av_log(NULL, AV_LOG_FATAL, "Use of -isync requires that start_at_zero be set if copyts is set.\n");
+            exit_program(1);
+        }
+
+        ref = input_files[self->input_sync_ref];
+        if (ref->input_sync_ref != -1 && ref->input_sync_ref != self->input_sync_ref) {
+            av_log(NULL, AV_LOG_ERROR, "-isync for input %d references a resynced input %d. Sync not set.\n", i, self->input_sync_ref);
+            continue;
+        }
+
+        if (self->ctx->start_time_realtime != AV_NOPTS_VALUE && ref->ctx->start_time_realtime != AV_NOPTS_VALUE) {
+            self_start_time = self->ctx->start_time_realtime;
+            ref_start_time  =  ref->ctx->start_time_realtime;
+        } else if (self->ctx->start_time != AV_NOPTS_VALUE && ref->ctx->start_time != AV_NOPTS_VALUE) {
+            self_start_time = self->ctx->start_time;
+            ref_start_time  =  ref->ctx->start_time;
+        } else {
+            start_times_set = 0;
+        }
+
+        if (start_times_set) {
+            self_seek_start = self->start_time == AV_NOPTS_VALUE ? 0 : self->start_time;
+            ref_seek_start  =  ref->start_time == AV_NOPTS_VALUE ? 0 :  ref->start_time;
+
+            adjustment = (self_start_time - ref_start_time) + !copy_ts*(self_seek_start - ref_seek_start) + ref->input_ts_offset;
+
+            self->ts_offset += adjustment;
+
+            av_log(NULL, AV_LOG_INFO, "Adjusted ts offset for Input #%d by %"PRId64" us to sync with Input #%d.\n", i, adjustment, self->input_sync_ref);
+        } else {
+            av_log(NULL, AV_LOG_INFO, "Unable to identify start times for Inputs #%d and %d both. No sync adjustment made.\n", i, self->input_sync_ref);
+        }
+    }
+
+    return 0;
+}
+
 static int opt_filter_threads(void *optctx, const char *opt, const char *arg)
 {
     av_free(filter_nbthreads);
@@ -845,8 +898,11 @@ static void add_input_streams(OptionsContext *o, AVFormatContext *ic)
         MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st);
         if (codec_tag) {
             uint32_t tag = strtol(codec_tag, &next, 0);
-            if (*next)
+            if (*next) {
-                tag = AV_RL32(codec_tag);
+                uint8_t buf[4] = { 0 };
+                memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag)));
+                tag = AV_RL32(buf);
+            }
             st->codecpar->codec_tag = tag;
         }
 
@@ -1305,6 +1361,7 @@ static int open_input_file(OptionsContext *o, const char *filename)
     f->ist_index  = nb_input_streams - ic->nb_streams;
     f->start_time = o->start_time;
     f->recording_time = o->recording_time;
+    f->input_sync_ref = o->input_sync_ref;
     f->input_ts_offset = o->input_ts_offset;
     f->ts_offset  = o->input_ts_offset - (copy_ts ? (start_at_zero && ic->start_time != AV_NOPTS_VALUE ? ic->start_time : 0) : timestamp);
     f->nb_streams = ic->nb_streams;
@@ -1606,8 +1663,11 @@ static OutputStream *new_output_stream(OptionsContext *o, AVFormatContext *oc, e
     MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st);
     if (codec_tag) {
         uint32_t tag = strtol(codec_tag, &next, 0);
-        if (*next)
+        if (*next) {
-            tag = AV_RL32(codec_tag);
+            uint8_t buf[4] = { 0 };
+            memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag)));
+            tag = AV_RL32(buf);
+        }
         ost->st->codecpar->codec_tag =
         ost->enc_ctx->codec_tag = tag;
     }
@@ -2318,6 +2378,43 @@ static int init_complex_filters(void)
     return 0;
 }
 
+static void set_channel_layout(OutputFilter *f, OutputStream *ost)
+{
+    int i, err;
+
+    if (ost->enc_ctx->ch_layout.order != AV_CHANNEL_ORDER_UNSPEC) {
+        /* Pass the layout through for all orders but UNSPEC */
+        err = av_channel_layout_copy(&f->ch_layout, &ost->enc_ctx->ch_layout);
+        if (err < 0)
+            exit_program(1);
+        return;
+    }
+
+    /* Requested layout is of order UNSPEC */
+    if (!ost->enc->ch_layouts) {
+        /* Use the default native layout for the requested amount of channels when the
+           encoder doesn't have a list of supported layouts */
+        av_channel_layout_default(&f->ch_layout, ost->enc_ctx->ch_layout.nb_channels);
+        return;
+    }
+    /* Encoder has a list of supported layouts. Pick the first layout in it with the
+       same amount of channels as the requested layout */
+    for (i = 0; ost->enc->ch_layouts[i].nb_channels; i++) {
+        if (ost->enc->ch_layouts[i].nb_channels == ost->enc_ctx->ch_layout.nb_channels)
+            break;
+    }
+    if (ost->enc->ch_layouts[i].nb_channels) {
+        /* Use it if one is found */
+        err = av_channel_layout_copy(&f->ch_layout, &ost->enc->ch_layouts[i]);
+        if (err < 0)
+            exit_program(1);
+        return;
+    }
+    /* If no layout for the amount of channels requested was found, use the default
+       native layout for it. */
+    av_channel_layout_default(&f->ch_layout, ost->enc_ctx->ch_layout.nb_channels);
+}
+
 static int open_output_file(OptionsContext *o, const char *filename)
 {
     AVFormatContext *oc;
@@ -2720,7 +2817,7 @@ loop_end:
                     f->sample_rates = ost->enc->supported_samplerates;
                 }
                 if (ost->enc_ctx->ch_layout.nb_channels) {
-                    av_channel_layout_default(&f->ch_layout, ost->enc_ctx->ch_layout.nb_channels);
+                    set_channel_layout(f, ost);
                 } else if (ost->enc->ch_layouts) {
                     f->ch_layouts = ost->enc->ch_layouts;
                 }
@@ -3489,6 +3586,8 @@ int ffmpeg_parse_options(int argc, char **argv)
         goto fail;
     }
 
+    apply_sync_offsets();
+
     /* create the complex filtergraphs */
     ret = init_complex_filters();
     if (ret < 0) {
@@ -3603,6 +3702,9 @@ const OptionDef options[] = {
     { "accurate_seek",  OPT_BOOL | OPT_OFFSET | OPT_EXPERT |
                         OPT_INPUT,                                   { .off = OFFSET(accurate_seek) },
         "enable/disable accurate seeking with -ss" },
+    { "isync",          HAS_ARG | OPT_INT | OPT_OFFSET |
+                        OPT_EXPERT | OPT_INPUT,                      { .off = OFFSET(input_sync_ref) },
+        "Indicate the input index for sync reference", "sync ref" },
     { "itsoffset",      HAS_ARG | OPT_TIME | OPT_OFFSET |
                         OPT_EXPERT | OPT_INPUT,                      { .off = OFFSET(input_ts_offset) },
         "set the input ts offset", "time_off" },

fftools/ffplay.c

@@ -1992,6 +1992,8 @@ static int configure_audio_filters(VideoState *is, const char *afilters, int for
         goto end;
 
     if (force_output_format) {
+        av_bprint_clear(&bp);
+        av_channel_layout_describe_bprint(&is->audio_tgt.ch_layout, &bp);
         sample_rates   [0] = is->audio_tgt.freq;
         if ((ret = av_opt_set_int(filt_asink, "all_channel_counts", 0, AV_OPT_SEARCH_CHILDREN)) < 0)
             goto end;
@@ -2356,12 +2358,13 @@ static int audio_decode_frame(VideoState *is)
         av_channel_layout_compare(&af->frame->ch_layout, &is->audio_src.ch_layout) ||
         af->frame->sample_rate   != is->audio_src.freq           ||
         (wanted_nb_samples       != af->frame->nb_samples && !is->swr_ctx)) {
+        int ret;
         swr_free(&is->swr_ctx);
-        swr_alloc_set_opts2(&is->swr_ctx,
+        ret = swr_alloc_set_opts2(&is->swr_ctx,
                             &is->audio_tgt.ch_layout, is->audio_tgt.fmt, is->audio_tgt.freq,
                             &af->frame->ch_layout, af->frame->format, af->frame->sample_rate,
                             0, NULL);
-        if (!is->swr_ctx || swr_init(is->swr_ctx) < 0) {
+        if (ret < 0 || swr_init(is->swr_ctx) < 0) {
             av_log(NULL, AV_LOG_ERROR,
                    "Cannot create sample rate converter for conversion of %d Hz %s %d channels to %d Hz %s %d channels!\n",
                     af->frame->sample_rate, av_get_sample_fmt_name(af->frame->format), af->frame->ch_layout.nb_channels,

fftools/ffprobe.c

@@ -1896,12 +1896,14 @@ static void writer_register_all(void)
     writer_print_string(w, k, pbuf.str, 0);    \
 } while (0)
 
-#define print_list_fmt(k, f, n, ...) do {       \
+#define print_list_fmt(k, f, n, m, ...) do {    \
     av_bprint_clear(&pbuf);                     \
     for (int idx = 0; idx < n; idx++) {         \
-        if (idx > 0)                            \
+        for (int idx2 = 0; idx2 < m; idx2++) {  \
-            av_bprint_chars(&pbuf, ' ', 1);     \
+            if (idx > 0 || idx2 > 0)            \
-        av_bprintf(&pbuf, f, __VA_ARGS__);      \
+                av_bprint_chars(&pbuf, ' ', 1); \
+            av_bprintf(&pbuf, f, __VA_ARGS__);  \
+        }                                       \
     }                                           \
     writer_print_string(w, k, pbuf.str, 0);     \
 } while (0)
@@ -2012,7 +2014,7 @@ static void print_dovi_metadata(WriterContext *w, const AVDOVIMetadata *dovi)
             const AVDOVIReshapingCurve *curve = &mapping->curves[c];
             writer_print_section_header(w, SECTION_ID_FRAME_SIDE_DATA_COMPONENT);
 
-            print_list_fmt("pivots", "%"PRIu16, curve->num_pivots, curve->pivots[idx]);
+            print_list_fmt("pivots", "%"PRIu16, curve->num_pivots, 1, curve->pivots[idx]);
 
             writer_print_section_header(w, SECTION_ID_FRAME_SIDE_DATA_PIECE_LIST);
             for (int i = 0; i < curve->num_pivots - 1; i++) {
@@ -2024,7 +2026,7 @@ static void print_dovi_metadata(WriterContext *w, const AVDOVIMetadata *dovi)
                     print_str("mapping_idc_name",   "polynomial");
                     print_int("poly_order",         curve->poly_order[i]);
                     print_list_fmt("poly_coef", "%"PRIi64,
-                                   curve->poly_order[i] + 1,
+                                   curve->poly_order[i] + 1, 1,
                                    curve->poly_coef[i][idx]);
                     break;
                 case AV_DOVI_MAPPING_MMR:
@@ -2032,8 +2034,8 @@ static void print_dovi_metadata(WriterContext *w, const AVDOVIMetadata *dovi)
                     print_int("mmr_order",          curve->mmr_order[i]);
                     print_int("mmr_constant",       curve->mmr_constant[i]);
                     print_list_fmt("mmr_coef", "%"PRIi64,
-                                   curve->mmr_order[i] * 7,
+                                   curve->mmr_order[i], 7,
-                                   curve->mmr_coef[i][0][idx]);
+                                   curve->mmr_coef[i][idx][idx2]);
                     break;
                 default:
                     print_str("mapping_idc_name",   "unknown");
@@ -2071,15 +2073,15 @@ static void print_dovi_metadata(WriterContext *w, const AVDOVIMetadata *dovi)
         print_int("dm_metadata_id",         color->dm_metadata_id);
         print_int("scene_refresh_flag",     color->scene_refresh_flag);
         print_list_fmt("ycc_to_rgb_matrix", "%d/%d",
-                       FF_ARRAY_ELEMS(color->ycc_to_rgb_matrix),
+                       FF_ARRAY_ELEMS(color->ycc_to_rgb_matrix), 1,
                        color->ycc_to_rgb_matrix[idx].num,
                        color->ycc_to_rgb_matrix[idx].den);
         print_list_fmt("ycc_to_rgb_offset", "%d/%d",
-                       FF_ARRAY_ELEMS(color->ycc_to_rgb_offset),
+                       FF_ARRAY_ELEMS(color->ycc_to_rgb_offset), 1,
                        color->ycc_to_rgb_offset[idx].num,
                        color->ycc_to_rgb_offset[idx].den);
         print_list_fmt("rgb_to_lms_matrix", "%d/%d",
-                       FF_ARRAY_ELEMS(color->rgb_to_lms_matrix),
+                       FF_ARRAY_ELEMS(color->rgb_to_lms_matrix), 1,
                        color->rgb_to_lms_matrix[idx].num,
                        color->rgb_to_lms_matrix[idx].den);
         print_int("signal_eotf",            color->signal_eotf);
@@ -4026,7 +4028,7 @@ int main(int argc, char **argv)
     WriterContext *wctx;
     char *buf;
     char *w_name = NULL, *w_args = NULL;
-    int ret, i;
+    int ret, input_ret, i;
 
     init_dynload();
 
@@ -4150,10 +4152,14 @@ int main(int argc, char **argv)
                 show_error(wctx, ret);
         }
 
+        input_ret = ret;
+
         writer_print_section_footer(wctx);
         ret = writer_close(&wctx);
         if (ret < 0)
             av_log(NULL, AV_LOG_ERROR, "Writing output failed: %s\n", av_err2str(ret));
+
+        ret = FFMIN(ret, input_ret);
     }
 
 end:

fftools/opt_common.c

@@ -722,10 +722,13 @@ int show_codecs(void *optctx, const char *opt, const char *arg)
     return 0;
 }
 
-static void print_codecs(int encoder)
+static int print_codecs(int encoder)
 {
     const AVCodecDescriptor **codecs;
-    unsigned i, nb_codecs = get_codecs_sorted(&codecs);
+    int i, nb_codecs = get_codecs_sorted(&codecs);
+
+    if (nb_codecs < 0)
+        return nb_codecs;
 
     printf("%s:\n"
            " V..... = Video\n"
@@ -759,18 +762,17 @@ static void print_codecs(int encoder)
         }
     }
     av_free(codecs);
+    return 0;
 }
 
 int show_decoders(void *optctx, const char *opt, const char *arg)
 {
-    print_codecs(0);
+    return print_codecs(0);
-    return 0;
 }
 
 int show_encoders(void *optctx, const char *opt, const char *arg)
 {
-    print_codecs(1);
+    return print_codecs(1);
-    return 0;
 }
 
 int show_bsfs(void *optctx, const char *opt, const char *arg)

libavcodec/012v.c

@@ -131,8 +131,8 @@ static int zero12v_decode_frame(AVCodecContext *avctx, AVFrame *pic,
             u = x/2 + (uint16_t *)(pic->data[1] + line * pic->linesize[1]);
             v = x/2 + (uint16_t *)(pic->data[2] + line * pic->linesize[2]);
             memcpy(y, y_temp, sizeof(*y) * (width - x));
-            memcpy(u, u_temp, sizeof(*u) * (width - x + 1) / 2);
+            memcpy(u, u_temp, sizeof(*u) * ((width - x + 1) / 2));
-            memcpy(v, v_temp, sizeof(*v) * (width - x + 1) / 2);
+            memcpy(v, v_temp, sizeof(*v) * ((width - x + 1) / 2));
         }
 
         line_end += stride;

libavcodec/4xm.c

@@ -887,6 +887,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *picture,
         }
 
         if (i >= CFRAME_BUFFER_COUNT) {
+            if (free_index < 0)
+                return AVERROR_INVALIDDATA;
             i             = free_index;
             f->cfrm[i].id = id;
         }

libavcodec/8bps.c

@@ -71,6 +71,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
     unsigned char *planemap = c->planemap;
     int ret;
 
+    if (buf_size < planes * height *2)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
         return ret;
 

libavcodec/aacdec_template.c

@@ -730,9 +730,7 @@ static ChannelElement *get_che(AACContext *ac, int type, int elem_id)
             return ac->tag_che_map[TYPE_CPE][elem_id] = ac->che[TYPE_CPE][2];
         }
     case 11:
-        if (ac->tags_mapped == 2 &&
+        if (ac->tags_mapped == 3 && type == TYPE_SCE) {
-            ac->oc[1].m4ac.chan_config == 11 &&
-            type == TYPE_SCE) {
             ac->tags_mapped++;
             return ac->tag_che_map[TYPE_SCE][elem_id] = ac->che[TYPE_SCE][1];
         }

libavcodec/aacdectab.h

@@ -35,7 +35,7 @@
 
 #include <stdint.h>
 
-static const int8_t tags_per_config[16] = { 0, 1, 1, 2, 3, 3, 4, 5, 0, 0, 0, 4, 5, 16, 5, 0 };
+static const int8_t tags_per_config[16] = { 0, 1, 1, 2, 3, 3, 4, 5, 0, 0, 0, 5, 5, 16, 5, 0 };
 
 static const uint8_t aac_channel_layout_map[16][16][3] = {
     { { TYPE_SCE, 0, AAC_CHANNEL_FRONT }, },
@@ -84,7 +84,7 @@ static const uint64_t aac_channel_layout[16] = {
     0,
     0,
     0,
-    AV_CH_LAYOUT_6POINT1,
+    AV_CH_LAYOUT_6POINT1_BACK,
     AV_CH_LAYOUT_7POINT1,
     AV_CH_LAYOUT_22POINT2,
     0,
@@ -103,7 +103,7 @@ static const AVChannelLayout aac_ch_layout[16] = {
     { 0 },
     { 0 },
     { 0 },
-    AV_CHANNEL_LAYOUT_6POINT1,
+    AV_CHANNEL_LAYOUT_6POINT1_BACK,
     AV_CHANNEL_LAYOUT_7POINT1,
     AV_CHANNEL_LAYOUT_22POINT2,
     { 0 },

libavcodec/aacpsy.c

@@ -267,7 +267,7 @@ static av_cold void lame_window_init(AacPsyContext *ctx, AVCodecContext *avctx)
         AacPsyChannel *pch = &ctx->ch[i];
 
         if (avctx->flags & AV_CODEC_FLAG_QSCALE)
-            pch->attack_threshold = psy_vbr_map[avctx->global_quality / FF_QP2LAMBDA].st_lrm;
+            pch->attack_threshold = psy_vbr_map[av_clip(avctx->global_quality / FF_QP2LAMBDA, 0, 10)].st_lrm;
         else
             pch->attack_threshold = lame_calc_attack_threshold(avctx->bit_rate / avctx->ch_layout.nb_channels / 1000);
 

libavcodec/aarch64/h264pred_neon.S

@@ -502,28 +502,27 @@ function ff_pred16x16_plane_neon_10, export=1
         add             v7.4h,  v7.4h,  v0.4h
         shl             v2.4h,  v7.4h,  #4
         ssubl           v2.4s,  v2.4h,  v3.4h
-        shl             v3.4h,  v4.4h,  #4
         ext             v0.16b, v0.16b, v0.16b, #14
-        ssubl           v6.4s,  v5.4h,  v3.4h
+        sxtl            v6.4s,  v5.4h          // c
 
         mov             v0.h[0],  wzr
         mul             v0.8h,  v0.8h,  v4.h[0]
         dup             v16.4s, v2.s[0]
         dup             v17.4s, v2.s[0]
-        dup             v2.8h,  v4.h[0]
+        dup             v2.8h,  v4.h[0]        // b
-        dup             v3.4s,  v6.s[0]
+        dup             v3.4s,  v6.s[0]        // c
-        shl             v2.8h,  v2.8h,  #3
+        sshll           v2.4s,  v2.4h,  #3     // b * 8
         saddw           v16.4s, v16.4s, v0.4h
         saddw2          v17.4s, v17.4s, v0.8h
-        saddw           v3.4s,  v3.4s,  v2.4h
+        sub             v3.4s,  v3.4s,  v2.4s
 
         mov             w3,      #16
         mvni            v4.8h,   #0xFC, lsl #8 // 1023 for clipping
 1:
         sqshrun         v0.4h,  v16.4s, #5
         sqshrun2        v0.8h,  v17.4s, #5
-        saddw           v16.4s, v16.4s, v2.4h
+        add             v16.4s, v16.4s, v2.4s
-        saddw           v17.4s, v17.4s, v2.4h
+        add             v17.4s, v17.4s, v2.4s
         sqshrun         v1.4h,  v16.4s, #5
         sqshrun2        v1.8h,  v17.4s, #5
         add             v16.4s, v16.4s, v3.4s
@@ -595,12 +594,11 @@ function ff_pred8x8_plane_neon_10, export=1
         ssubl           v2.4s,  v2.4h,  v3.4h
         ext             v0.16b, v0.16b, v0.16b, #14
         mov             v0.h[0],  wzr
-        mul             v0.8h,  v0.8h,  v5.h[0]
         dup             v1.4s,  v2.s[0]
         dup             v2.4s,  v2.s[0]
         dup             v3.8h,  v5.h[1]
-        saddw           v1.4s,  v1.4s,  v0.4h
+        smlal           v1.4s,  v0.4h,  v5.h[0]
-        saddw2          v2.4s,  v2.4s,  v0.8h
+        smlal2          v2.4s,  v0.8h,  v5.h[0]
         mov             w3,  #8
         mvni            v4.8h,  #0xFC,  lsl #8 // 1023 for clipping
 1:

libavcodec/aarch64/vp9mc_neon.S

@@ -230,6 +230,9 @@ function \type\()_8tap_\size\()h_\idx1\idx2
         // reduced dst stride
 .if \size >= 16
         sub             x1,  x1,  x5
+.elseif \size == 4
+        add             x12, x2,  #8
+        add             x13, x7,  #8
 .endif
         // size >= 16 loads two qwords and increments x2,
         // for size 4/8 it's enough with one qword and no
@@ -248,9 +251,14 @@ function \type\()_8tap_\size\()h_\idx1\idx2
 .if \size >= 16
         ld1             {v4.8b,  v5.8b,  v6.8b},  [x2], #24
         ld1             {v16.8b, v17.8b, v18.8b}, [x7], #24
-.else
+.elseif \size == 8
         ld1             {v4.8b,  v5.8b},  [x2]
         ld1             {v16.8b, v17.8b}, [x7]
+.else // \size == 4
+        ld1             {v4.8b},  [x2]
+        ld1             {v16.8b}, [x7]
+        ld1             {v5.s}[0],  [x12], x3
+        ld1             {v17.s}[0], [x13], x3
 .endif
         uxtl            v4.8h,  v4.8b
         uxtl            v5.8h,  v5.8b

libavcodec/ac3.h

@@ -55,6 +55,7 @@
 #define AC3_DYNAMIC_RANGE1      0
 
 typedef int                     INTFLOAT;
+typedef unsigned int            UINTFLOAT;
 typedef int16_t                 SHORTFLOAT;
 
 #else /* USE_FIXED */
@@ -75,6 +76,7 @@ typedef int16_t                 SHORTFLOAT;
 #define AC3_DYNAMIC_RANGE1      1.0f
 
 typedef float                   INTFLOAT;
+typedef float                   UINTFLOAT;
 typedef float                   SHORTFLOAT;
 
 #endif /* USE_FIXED */

libavcodec/ac3_parser.c

@@ -185,7 +185,9 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size,
     AC3HeaderInfo hdr;
     int err;
 
-    init_get_bits8(&gb, buf, size);
+    err = init_get_bits8(&gb, buf, size);
+    if (err < 0)
+        return AVERROR_INVALIDDATA;
     err = ff_ac3_parse_header(&gb, &hdr);
     if (err < 0)
         return AVERROR_INVALIDDATA;

libavcodec/alac.c

@@ -574,13 +574,15 @@ static av_cold int alac_decode_init(AVCodecContext * avctx)
     avctx->bits_per_raw_sample = alac->sample_size;
     avctx->sample_rate         = alac->sample_rate;
 
-    if (alac->channels < 1 || alac->channels > ALAC_MAX_CHANNELS) {
+    if (alac->channels < 1) {
         av_log(avctx, AV_LOG_WARNING, "Invalid channel count\n");
+        if (avctx->ch_layout.nb_channels < 1)
+            return AVERROR(EINVAL);
         alac->channels = avctx->ch_layout.nb_channels;
     }
-    if (avctx->ch_layout.nb_channels > ALAC_MAX_CHANNELS || avctx->ch_layout.nb_channels <= 0 ) {
+    if (alac->channels > ALAC_MAX_CHANNELS) {
         avpriv_report_missing_feature(avctx, "Channel count %d",
-                                      avctx->ch_layout.nb_channels);
+                                      alac->channels);
         return AVERROR_PATCHWELCOME;
     }
     av_channel_layout_uninit(&avctx->ch_layout);

libavcodec/alsdec.c

@@ -1027,7 +1027,7 @@ static int read_block(ALSDecContext *ctx, ALSBlockData *bd)
 
     *bd->shift_lsbs = 0;
 
-    if (get_bits_left(gb) < 1)
+    if (get_bits_left(gb) < 7)
         return AVERROR_INVALIDDATA;
 
     // read block type flag and read the samples accordingly
@@ -1659,7 +1659,8 @@ static int read_frame_data(ALSDecContext *ctx, unsigned int ra_frame)
 
     if (!sconf->mc_coding || ctx->js_switch) {
         int independent_bs = !sconf->joint_stereo;
-
+        if (get_bits_left(gb) < 7*channels*ctx->num_blocks)
+            return AVERROR_INVALIDDATA;
         for (c = 0; c < channels; c++) {
             js_blocks[0] = 0;
             js_blocks[1] = 0;
@@ -2108,8 +2109,8 @@ static av_cold int decode_init(AVCodecContext *avctx)
 
     if (sconf->floating) {
         ctx->acf               = av_malloc_array(channels, sizeof(*ctx->acf));
-        ctx->shift_value       = av_malloc_array(channels, sizeof(*ctx->shift_value));
+        ctx->shift_value       = av_calloc(channels, sizeof(*ctx->shift_value));
-        ctx->last_shift_value  = av_malloc_array(channels, sizeof(*ctx->last_shift_value));
+        ctx->last_shift_value  = av_calloc(channels, sizeof(*ctx->last_shift_value));
         ctx->last_acf_mantissa = av_malloc_array(channels, sizeof(*ctx->last_acf_mantissa));
         ctx->raw_mantissa      = av_calloc(channels, sizeof(*ctx->raw_mantissa));
 

libavcodec/apedec.c

@@ -934,7 +934,7 @@ static av_always_inline int filter_3800(APEPredictor *p,
     p->coeffsB[filter][0] += (((d3 >> 29) & 4) - 2) * sign;
     p->coeffsB[filter][1] -= (((d4 >> 30) & 2) - 1) * sign;
 
-    p->filterB[filter] = p->lastA[filter] + (predictionB >> shift);
+    p->filterB[filter] = p->lastA[filter] + (unsigned)(predictionB >> shift);
     p->filterA[filter] = p->filterB[filter] + (unsigned)((int)(p->filterA[filter] * 31U) >> 5);
 
     return p->filterA[filter];
@@ -1170,7 +1170,8 @@ static void predictor_decode_mono_3930(APEContext *ctx, int count)
 static av_always_inline int predictor_update_filter(APEPredictor64 *p,
                                                     const int decoded, const int filter,
                                                     const int delayA,  const int delayB,
-                                                    const int adaptA,  const int adaptB)
+                                                    const int adaptA,  const int adaptB,
+                                                    int compression_level)
 {
     int64_t predictionA, predictionB;
     int32_t sign;
@@ -1198,7 +1199,13 @@ static av_always_inline int predictor_update_filter(APEPredictor64 *p,
                   p->buf[delayB - 3] * p->coeffsB[filter][3] +
                   p->buf[delayB - 4] * p->coeffsB[filter][4];
 
-    p->lastA[filter] = decoded + ((int64_t)((uint64_t)predictionA + (predictionB >> 1)) >> 10);
+    if (compression_level < COMPRESSION_LEVEL_INSANE) {
+        predictionA = (int32_t)predictionA;
+        predictionB = (int32_t)predictionB;
+        p->lastA[filter] = (int32_t)(decoded + (unsigned)((int32_t)(predictionA + (predictionB >> 1)) >> 10));
+    } else {
+        p->lastA[filter] = decoded + ((int64_t)((uint64_t)predictionA + (predictionB >> 1)) >> 10);
+    }
     p->filterA[filter] = p->lastA[filter] + ((int64_t)(p->filterA[filter] * 31ULL) >> 5);
 
     sign = APESIGN(decoded);
@@ -1226,10 +1233,12 @@ static void predictor_decode_stereo_3950(APEContext *ctx, int count)
     while (count--) {
         /* Predictor Y */
         *decoded0 = predictor_update_filter(p, *decoded0, 0, YDELAYA, YDELAYB,
-                                            YADAPTCOEFFSA, YADAPTCOEFFSB);
+                                            YADAPTCOEFFSA, YADAPTCOEFFSB,
+                                            ctx->compression_level);
         decoded0++;
         *decoded1 = predictor_update_filter(p, *decoded1, 1, XDELAYA, XDELAYB,
-                                            XADAPTCOEFFSA, XADAPTCOEFFSB);
+                                            XADAPTCOEFFSA, XADAPTCOEFFSB,
+                                            ctx->compression_level);
         decoded1++;
 
         /* Combined */
@@ -1612,13 +1621,24 @@ static int ape_decode_frame(AVCodecContext *avctx, AVFrame *frame,
     s->samples -= blockstodecode;
 
     if (avctx->err_recognition & AV_EF_CRCCHECK &&
-        s->fileversion >= 3900 && s->bps < 24) {
+        s->fileversion >= 3900) {
         uint32_t crc = s->CRC_state;
         const AVCRC *crc_tab = av_crc_get_table(AV_CRC_32_IEEE_LE);
+        int stride = s->bps == 24 ? 4 : (s->bps>>3);
+        int offset = s->bps == 24;
+        int bytes  = s->bps >> 3;
+
         for (i = 0; i < blockstodecode; i++) {
             for (ch = 0; ch < s->channels; ch++) {
-                uint8_t *smp = frame->data[ch] + (i*(s->bps >> 3));
+#if HAVE_BIGENDIAN
-                crc = av_crc(crc_tab, crc, smp, s->bps >> 3);
+                uint8_t *smp_native = frame->data[ch] + i*stride;
+                uint8_t smp[4];
+                for(int j = 0; j<stride; j++)
+                    smp[j] = smp_native[stride-j-1];
+#else
+                uint8_t *smp = frame->data[ch] + i*stride;
+#endif
+                crc = av_crc(crc_tab, crc, smp+offset, bytes);
             }
         }
 

libavcodec/arm/mlpdsp_armv5te.S

@@ -229,7 +229,7 @@ A .endif
   .endif
 
         // Begin loop
-01:
+1:
   .if TOTAL_TAPS == 0
         // Things simplify a lot in this case
         // In fact this could be pipelined further if it's worth it...
@@ -241,7 +241,7 @@ A .endif
         str     ST0, [PST, #-4]!
         str     ST0, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
         str     ST0, [PSAMP], #4 * MAX_CHANNELS
-        bne     01b
+        bne     1b
   .else
     .if \fir_taps & 1
       .set LOAD_REG, 1
@@ -333,7 +333,7 @@ T       orr     AC0, AC0, AC1
         str     ST3, [PST, #-4]!
         str     ST2, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
         str     ST3, [PSAMP], #4 * MAX_CHANNELS
-        bne     01b
+        bne     1b
   .endif
         b       99f
 

libavcodec/arm/sbcdsp_neon.S

@@ -38,49 +38,49 @@ function ff_sbc_analyze_4_neon, export=1
         /* TODO: merge even and odd cases (or even merge all four calls to this
          * function) in order to have only aligned reads from 'in' array
          * and reduce number of load instructions */
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmull.s16       q0, d4, d8
+        vmull.s16       q0, d16, d20
-        vld1.16         {d6,  d7}, [r0, :64]!
+        vld1.16         {d18, d19}, [r0, :64]!
-        vmull.s16       q1, d5, d9
+        vmull.s16       q1, d17, d21
-        vld1.16         {d10, d11}, [r2, :128]!
+        vld1.16         {d22, d23}, [r2, :128]!
 
-        vmlal.s16       q0, d6, d10
+        vmlal.s16       q0, d18, d22
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vmlal.s16       q1, d7, d11
+        vmlal.s16       q1, d19, d23
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q0, d4, d8
+        vmlal.s16       q0, d16, d20
-        vld1.16         {d6,  d7}, [r0, :64]!
+        vld1.16         {d18, d19}, [r0, :64]!
-        vmlal.s16       q1, d5, d9
+        vmlal.s16       q1, d17, d21
-        vld1.16         {d10, d11}, [r2, :128]!
+        vld1.16         {d22, d23}, [r2, :128]!
 
-        vmlal.s16       q0, d6, d10
+        vmlal.s16       q0, d18, d22
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vmlal.s16       q1, d7, d11
+        vmlal.s16       q1, d19, d23
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q0, d4, d8
+        vmlal.s16       q0, d16, d20
-        vmlal.s16       q1, d5, d9
+        vmlal.s16       q1, d17, d21
 
         vpadd.s32       d0, d0, d1
         vpadd.s32       d1, d2, d3
 
         vrshrn.s32      d0, q0, SBC_PROTO_FIXED_SCALE
 
-        vld1.16         {d2, d3, d4, d5}, [r2, :128]!
+        vld1.16         {d16, d17, d18, d19}, [r2, :128]!
 
         vdup.i32        d1, d0[1]  /* TODO: can be eliminated */
         vdup.i32        d0, d0[0]  /* TODO: can be eliminated */
 
-        vmull.s16       q3, d2, d0
+        vmull.s16       q10, d16, d0
-        vmull.s16       q4, d3, d0
+        vmull.s16       q11, d17, d0
-        vmlal.s16       q3, d4, d1
+        vmlal.s16       q10, d18, d1
-        vmlal.s16       q4, d5, d1
+        vmlal.s16       q11, d19, d1
 
-        vpadd.s32       d0, d6, d7 /* TODO: can be eliminated */
+        vpadd.s32       d0, d20, d21 /* TODO: can be eliminated */
-        vpadd.s32       d1, d8, d9 /* TODO: can be eliminated */
+        vpadd.s32       d1, d22, d23 /* TODO: can be eliminated */
 
         vst1.32         {d0, d1}, [r1, :128]
 
@@ -91,57 +91,57 @@ function ff_sbc_analyze_8_neon, export=1
         /* TODO: merge even and odd cases (or even merge all four calls to this
          * function) in order to have only aligned reads from 'in' array
          * and reduce number of load instructions */
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmull.s16       q6, d4, d8
+        vmull.s16       q12, d16, d20
-        vld1.16         {d6,  d7}, [r0, :64]!
+        vld1.16         {d18, d19}, [r0, :64]!
-        vmull.s16       q7, d5, d9
+        vmull.s16       q13, d17, d21
-        vld1.16         {d10, d11}, [r2, :128]!
+        vld1.16         {d22, d23}, [r2, :128]!
-        vmull.s16       q8, d6, d10
+        vmull.s16       q14, d18, d22
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vmull.s16       q9, d7, d11
+        vmull.s16       q15, d19, d23
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
+        vmlal.s16       q12, d16, d20
-        vld1.16         {d6,  d7}, [r0, :64]!
+        vld1.16         {d18, d19}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
+        vmlal.s16       q13, d17, d21
-        vld1.16         {d10, d11}, [r2, :128]!
+        vld1.16         {d22, d23}, [r2, :128]!
-        vmlal.s16       q8, d6, d10
+        vmlal.s16       q14, d18, d22
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vmlal.s16       q9, d7, d11
+        vmlal.s16       q15, d19, d23
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
+        vmlal.s16       q12, d16, d20
-        vld1.16         {d6,  d7}, [r0, :64]!
+        vld1.16         {d18, d19}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
+        vmlal.s16       q13, d17, d21
-        vld1.16         {d10, d11}, [r2, :128]!
+        vld1.16         {d22, d23}, [r2, :128]!
-        vmlal.s16       q8, d6, d10
+        vmlal.s16       q14, d18, d22
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vmlal.s16       q9, d7, d11
+        vmlal.s16       q15, d19, d23
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
+        vmlal.s16       q12, d16, d20
-        vld1.16         {d6,  d7}, [r0, :64]!
+        vld1.16         {d18, d19}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
+        vmlal.s16       q13, d17, d21
-        vld1.16         {d10, d11}, [r2, :128]!
+        vld1.16         {d22, d23}, [r2, :128]!
-        vmlal.s16       q8, d6, d10
+        vmlal.s16       q14, d18, d22
-        vld1.16         {d4, d5}, [r0, :64]!
+        vld1.16         {d16, d17}, [r0, :64]!
-        vmlal.s16       q9, d7, d11
+        vmlal.s16       q15, d19, d23
-        vld1.16         {d8, d9}, [r2, :128]!
+        vld1.16         {d20, d21}, [r2, :128]!
 
-        vmlal.s16       q6, d4, d8
+        vmlal.s16       q12, d16, d20
-        vld1.16         {d6,  d7}, [r0, :64]!
+        vld1.16         {d18, d19}, [r0, :64]!
-        vmlal.s16       q7, d5, d9
+        vmlal.s16       q13, d17, d21
-        vld1.16         {d10, d11}, [r2, :128]!
+        vld1.16         {d22, d23}, [r2, :128]!
 
-        vmlal.s16       q8, d6, d10
+        vmlal.s16       q14, d18, d22
-        vmlal.s16       q9, d7, d11
+        vmlal.s16       q15, d19, d23
 
-        vpadd.s32       d0, d12, d13
+        vpadd.s32       d0, d24, d25
-        vpadd.s32       d1, d14, d15
+        vpadd.s32       d1, d26, d27
-        vpadd.s32       d2, d16, d17
+        vpadd.s32       d2, d28, d29
-        vpadd.s32       d3, d18, d19
+        vpadd.s32       d3, d30, d31
 
         vrshr.s32       q0, q0, SBC_PROTO_FIXED_SCALE
         vrshr.s32       q1, q1, SBC_PROTO_FIXED_SCALE
@@ -153,38 +153,38 @@ function ff_sbc_analyze_8_neon, export=1
         vdup.i32        d1, d0[1]  /* TODO: can be eliminated */
         vdup.i32        d0, d0[0]  /* TODO: can be eliminated */
 
-        vld1.16         {d4, d5}, [r2, :128]!
+        vld1.16         {d16, d17}, [r2, :128]!
-        vmull.s16       q6, d4, d0
+        vmull.s16       q12, d16, d0
-        vld1.16         {d6, d7}, [r2, :128]!
+        vld1.16         {d18, d19}, [r2, :128]!
-        vmull.s16       q7, d5, d0
+        vmull.s16       q13, d17, d0
-        vmull.s16       q8, d6, d0
+        vmull.s16       q14, d18, d0
-        vmull.s16       q9, d7, d0
+        vmull.s16       q15, d19, d0
 
-        vld1.16         {d4, d5}, [r2, :128]!
+        vld1.16         {d16, d17}, [r2, :128]!
-        vmlal.s16       q6, d4, d1
+        vmlal.s16       q12, d16, d1
-        vld1.16         {d6, d7}, [r2, :128]!
+        vld1.16         {d18, d19}, [r2, :128]!
-        vmlal.s16       q7, d5, d1
+        vmlal.s16       q13, d17, d1
-        vmlal.s16       q8, d6, d1
+        vmlal.s16       q14, d18, d1
-        vmlal.s16       q9, d7, d1
+        vmlal.s16       q15, d19, d1
 
-        vld1.16         {d4, d5}, [r2, :128]!
+        vld1.16         {d16, d17}, [r2, :128]!
-        vmlal.s16       q6, d4, d2
+        vmlal.s16       q12, d16, d2
-        vld1.16         {d6, d7}, [r2, :128]!
+        vld1.16         {d18, d19}, [r2, :128]!
-        vmlal.s16       q7, d5, d2
+        vmlal.s16       q13, d17, d2
-        vmlal.s16       q8, d6, d2
+        vmlal.s16       q14, d18, d2
-        vmlal.s16       q9, d7, d2
+        vmlal.s16       q15, d19, d2
 
-        vld1.16         {d4, d5}, [r2, :128]!
+        vld1.16         {d16, d17}, [r2, :128]!
-        vmlal.s16       q6, d4, d3
+        vmlal.s16       q12, d16, d3
-        vld1.16         {d6, d7}, [r2, :128]!
+        vld1.16         {d18, d19}, [r2, :128]!
-        vmlal.s16       q7, d5, d3
+        vmlal.s16       q13, d17, d3
-        vmlal.s16       q8, d6, d3
+        vmlal.s16       q14, d18, d3
-        vmlal.s16       q9, d7, d3
+        vmlal.s16       q15, d19, d3
 
-        vpadd.s32       d0, d12, d13 /* TODO: can be eliminated */
+        vpadd.s32       d0, d24, d25 /* TODO: can be eliminated */
-        vpadd.s32       d1, d14, d15 /* TODO: can be eliminated */
+        vpadd.s32       d1, d26, d27 /* TODO: can be eliminated */
-        vpadd.s32       d2, d16, d17 /* TODO: can be eliminated */
+        vpadd.s32       d2, d28, d29 /* TODO: can be eliminated */
-        vpadd.s32       d3, d18, d19 /* TODO: can be eliminated */
+        vpadd.s32       d3, d30, d31 /* TODO: can be eliminated */
 
         vst1.32         {d0, d1, d2, d3}, [r1, :128]
 

libavcodec/arm/vp9mc_neon.S

@@ -279,11 +279,13 @@ function \type\()_8tap_\size\()h_\idx1\idx2
         sub             r1,  r1,  r5
 .endif
         @ size >= 16 loads two qwords and increments r2,
-        @ for size 4/8 it's enough with one qword and no
+        @ size 4 loads 1 d word, increments r2 and loads 1 32-bit lane
-        @ postincrement
+        @ for size 8 it's enough with one qword and no postincrement
 .if \size >= 16
         sub             r3,  r3,  r5
         sub             r3,  r3,  #8
+.elseif \size == 4
+        sub             r3,  r3,  #8
 .endif
         @ Load the filter vector
         vld1.16         {q0},  [r12,:128]
@@ -295,9 +297,14 @@ function \type\()_8tap_\size\()h_\idx1\idx2
 .if \size >= 16
         vld1.8          {d18, d19, d20}, [r2]!
         vld1.8          {d24, d25, d26}, [r7]!
-.else
+.elseif \size == 8
         vld1.8          {q9},  [r2]
         vld1.8          {q12}, [r7]
+.else @ size == 4
+        vld1.8          {d18}, [r2]!
+        vld1.8          {d24}, [r7]!
+        vld1.32         {d19[0]}, [r2]
+        vld1.32         {d25[0]}, [r7]
 .endif
         vmovl.u8        q8,  d18
         vmovl.u8        q9,  d19

libavcodec/atrac3plusdec.c

@@ -48,6 +48,17 @@
 #include "atrac.h"
 #include "atrac3plus.h"
 
+static const uint8_t channel_map[8][8] = {
+    { 0, },
+    { 0, 1, },
+    { 0, 1, 2, },
+    { 0, 1, 2, 3, },
+    { 0, },
+    { 0, 1, 2, 4, 5, 3, },
+    { 0, 1, 2, 4, 5, 6, 3, },
+    { 0, 1, 2, 4, 5, 6, 7, 3, },
+};
+
 typedef struct ATRAC3PContext {
     GetBitContext gb;
     AVFloatDSPContext *fdsp;
@@ -65,6 +76,7 @@ typedef struct ATRAC3PContext {
 
     int num_channel_blocks;     ///< number of channel blocks
     uint8_t channel_blocks[5];  ///< channel configuration descriptor
+    const uint8_t *channel_map; ///< channel layout map
 } ATRAC3PContext;
 
 static av_cold int atrac3p_decode_close(AVCodecContext *avctx)
@@ -143,6 +155,8 @@ static av_cold int set_channel_params(ATRAC3PContext *ctx,
         return AVERROR_INVALIDDATA;
     }
 
+    ctx->channel_map = channel_map[channels - 1];
+
     return 0;
 }
 
@@ -378,7 +392,7 @@ static int atrac3p_decode_frame(AVCodecContext *avctx, AVFrame *frame,
                           channels_to_process, avctx);
 
         for (i = 0; i < channels_to_process; i++)
-            memcpy(samples_p[out_ch_index + i], ctx->outp_buf[i],
+            memcpy(samples_p[ctx->channel_map[out_ch_index + i]], ctx->outp_buf[i],
                    ATRAC3P_FRAME_SAMPLES * sizeof(**samples_p));
 
         ch_block++;

libavcodec/audiotoolboxenc.c

@@ -554,13 +554,12 @@ static int ffat_encode(AVCodecContext *avctx, AVPacket *avpkt,
                                      avctx->frame_size,
                            &avpkt->pts,
                            &avpkt->duration);
-        ret = 0;
     } else if (ret && ret != 1) {
         av_log(avctx, AV_LOG_ERROR, "Encode error: %i\n", ret);
-        ret = AVERROR_EXTERNAL;
+        return AVERROR_EXTERNAL;
     }
 
-    return ret;
+    return 0;
 }
 
 static av_cold void ffat_encode_flush(AVCodecContext *avctx)

libavcodec/av1dec.c

@@ -170,7 +170,7 @@ static uint8_t get_shear_params_valid(AV1DecContext *s, int idx)
     int16_t alpha, beta, gamma, delta, divf, divs;
     int64_t v, w;
     int32_t *param = &s->cur_frame.gm_params[idx][0];
-    if (param[2] < 0)
+    if (param[2] <= 0)
         return 0;
 
     alpha = av_clip_int16(param[2] - (1 << AV1_WARPEDMODEL_PREC_BITS));
@@ -675,7 +675,7 @@ static int set_context_with_sequence(AVCodecContext *avctx,
     avctx->color_range =
         seq->color_config.color_range ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
     avctx->color_primaries = seq->color_config.color_primaries;
-    avctx->colorspace = seq->color_config.color_primaries;
+    avctx->colorspace = seq->color_config.matrix_coefficients;
     avctx->color_trc = seq->color_config.transfer_characteristics;
 
     switch (seq->color_config.chroma_sample_position) {

libavcodec/avs2_parser.c

@@ -72,13 +72,15 @@ static void parse_avs2_seq_header(AVCodecParserContext *s, const uint8_t *buf,
     unsigned aspect_ratio;
     unsigned frame_rate_code;
     int low_delay;
+    av_unused int ret;
     // update buf_size_min if parse more deeper
     const int buf_size_min = 15;
 
     if (buf_size < buf_size_min)
         return;
 
-    init_get_bits8(&gb, buf, buf_size_min);
+    ret = init_get_bits8(&gb, buf, buf_size_min);
+    av_assert1(ret >= 0);
 
     s->key_frame = 1;
     s->pict_type = AV_PICTURE_TYPE_I;

libavcodec/avs3_parser.c

@@ -73,7 +73,8 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf,
             GetBitContext gb;
             int profile, ratecode, low_delay;
 
-            init_get_bits8(&gb, buf + 4, buf_size - 4);
+            av_unused int ret = init_get_bits(&gb, buf + 4, 100);
+            av_assert1(ret >= 0);
 
             s->key_frame = 1;
             s->pict_type = AV_PICTURE_TYPE_I;

libavcodec/bink.c

@@ -871,7 +871,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
 
     binkb_init_bundles(c);
     ref_start = frame->data[plane_idx];
-    ref_end   = frame->data[plane_idx] + (bh * frame->linesize[plane_idx] + bw) * 8;
+    ref_end   = frame->data[plane_idx] + ((bh - 1) * frame->linesize[plane_idx] + bw - 1) * 8;
 
     for (i = 0; i < 64; i++)
         coordmap[i] = (i & 7) + (i >> 3) * stride;
@@ -927,7 +927,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
                 xoff = binkb_get_value(c, BINKB_SRC_X_OFF);
                 yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias;
                 ref = dst + xoff + yoff * stride;
-                if (ref < ref_start || ref + 8*stride > ref_end) {
+                if (ref < ref_start || ref > ref_end) {
                     av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n");
                 } else if (ref + 8*stride < dst || ref >= dst + 8*stride) {
                     c->put_pixels_tab(dst, ref, stride, 8);
@@ -943,7 +943,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
                 xoff = binkb_get_value(c, BINKB_SRC_X_OFF);
                 yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias;
                 ref = dst + xoff + yoff * stride;
-                if (ref < ref_start || ref + 8 * stride > ref_end) {
+                if (ref < ref_start || ref > ref_end) {
                     av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n");
                 } else if (ref + 8*stride < dst || ref >= dst + 8*stride) {
                     c->put_pixels_tab(dst, ref, stride, 8);
@@ -975,7 +975,7 @@ static int binkb_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
                 xoff = binkb_get_value(c, BINKB_SRC_X_OFF);
                 yoff = binkb_get_value(c, BINKB_SRC_Y_OFF) + ybias;
                 ref = dst + xoff + yoff * stride;
-                if (ref < ref_start || ref + 8 * stride > ref_end) {
+                if (ref < ref_start || ref > ref_end) {
                     av_log(c->avctx, AV_LOG_WARNING, "Reference block is out of bounds\n");
                 } else if (ref + 8*stride < dst || ref >= dst + 8*stride) {
                     c->put_pixels_tab(dst, ref, stride, 8);
@@ -1088,7 +1088,7 @@ static int bink_decode_plane(BinkContext *c, AVFrame *frame, GetBitContext *gb,
         for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
             blk = get_value(c, BINK_SRC_BLOCK_TYPES);
             // 16x16 block type on odd line means part of the already decoded block, so skip it
-            if ((by & 1) && blk == SCALED_BLOCK) {
+            if (((by & 1) || (bx & 1)) && blk == SCALED_BLOCK) {
                 bx++;
                 dst  += 8;
                 prev += 8;

libavcodec/cbs_av1.c

@@ -37,7 +37,7 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
         position = get_bits_count(gbc);
 
     zeroes = 0;
-    while (1) {
+    while (zeroes < 32) {
         if (get_bits_left(gbc) < 1) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
                    "%s: bitstream ended.\n", name);
@@ -50,7 +50,18 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
     }
 
     if (zeroes >= 32) {
-        value = MAX_UINT_BITS(32);
+        // The spec allows at least thirty-two zero bits followed by a
+        // one to mean 2^32-1, with no constraint on the number of
+        // zeroes.  The libaom reference decoder does not match this,
+        // instead reading thirty-two zeroes but not the following one
+        // to mean 2^32-1.  These two interpretations are incompatible
+        // and other implementations may follow one or the other.
+        // Therefore we reject thirty-two zeroes because the intended
+        // behaviour is not clear.
+        av_log(ctx->log_ctx, AV_LOG_ERROR, "Thirty-two zero bits in "
+               "%s uvlc code: considered invalid due to conflicting "
+               "standard and reference decoder behaviour.\n", name);
+        return AVERROR_INVALIDDATA;
     } else {
         if (get_bits_left(gbc) < zeroes) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
@@ -379,7 +390,7 @@ static int cbs_av1_write_increment(CodedBitstreamContext *ctx, PutBitContext *pb
     }
 
     if (len > 0)
-        put_bits(pbc, len, (1 << len) - 1 - (value != range_max));
+        put_bits(pbc, len, (1U << len) - 1 - (value != range_max));
 
     return 0;
 }

libavcodec/cbs_jpeg.c

@@ -166,13 +166,13 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
             }
         } else {
             i = start;
-            if (i + 2 > frag->data_size) {
+            if (i > frag->data_size - 2) {
                 av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: "
                        "truncated at %02x marker.\n", marker);
                 return AVERROR_INVALIDDATA;
             }
             length = AV_RB16(frag->data + i);
-            if (i + length > frag->data_size) {
+            if (length > frag->data_size - i) {
                 av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: "
                        "truncated at %02x marker segment.\n", marker);
                 return AVERROR_INVALIDDATA;

libavcodec/celp_math.h

@@ -78,7 +78,7 @@ int64_t ff_dot_product(const int16_t *a, const int16_t *b, int length);
  *
  * @return value << offset, if offset>=0; value >> -offset - otherwise
  */
-static inline int bidir_sal(int value, int offset)
+static inline unsigned bidir_sal(unsigned value, int offset)
 {
     if(offset < 0) return value >> -offset;
     else           return value <<  offset;

libavcodec/cfhdenc.c

@@ -258,6 +258,11 @@ static av_cold int cfhd_encode_init(AVCodecContext *avctx)
     if (ret < 0)
         return ret;
 
+    if (avctx->height < 32) {
+        av_log(avctx, AV_LOG_ERROR, "Height must be >= 32.\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     if (avctx->width & 15) {
         av_log(avctx, AV_LOG_ERROR, "Width must be multiple of 16.\n");
         return AVERROR_INVALIDDATA;
@@ -547,7 +552,7 @@ static int cfhd_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
                          width, height * 2);
     }
 
-    ret = ff_alloc_packet(avctx, pkt, 64LL + s->planes * (2LL * avctx->width * avctx->height + 1000LL));
+    ret = ff_alloc_packet(avctx, pkt, 256LL + s->planes * (4LL * avctx->width * (avctx->height + 15) + 2048LL));
     if (ret < 0)
         return ret;
 

libavcodec/cri.c

@@ -235,10 +235,14 @@ static int cri_decode_frame(AVCodecContext *avctx, AVFrame *p,
             s->data_size = length;
             goto skip;
         case 105:
+            if (length <= 0)
+                return AVERROR_INVALIDDATA;
             hflip = bytestream2_get_byte(gb) != 0;
             length--;
             goto skip;
         case 106:
+            if (length <= 0)
+                return AVERROR_INVALIDDATA;
             vflip = bytestream2_get_byte(gb) != 0;
             length--;
             goto skip;

libavcodec/cscd.c

@@ -72,6 +72,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
     int buf_size = avpkt->size;
     CamStudioContext *c = avctx->priv_data;
     int ret;
+    int bpp = avctx->bits_per_coded_sample / 8;
+    int bugdelta = FFALIGN(avctx->width * bpp, 4)       * avctx->height
+                 -        (avctx->width     & ~3) * bpp * avctx->height;
 
     if (buf_size < 2) {
         av_log(avctx, AV_LOG_ERROR, "coded frame too small\n");
@@ -85,7 +88,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
     switch ((buf[0] >> 1) & 7) {
     case 0: { // lzo compression
         int outlen = c->decomp_size, inlen = buf_size - 2;
-        if (av_lzo1x_decode(c->decomp_buf, &outlen, &buf[2], &inlen) || outlen) {
+        if (av_lzo1x_decode(c->decomp_buf, &outlen, &buf[2], &inlen) || (outlen && outlen != bugdelta)) {
             av_log(avctx, AV_LOG_ERROR, "error during lzo decompression\n");
             return AVERROR_INVALIDDATA;
         }
@@ -94,7 +97,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
     case 1: { // zlib compression
 #if CONFIG_ZLIB
         unsigned long dlen = c->decomp_size;
-        if (uncompress(c->decomp_buf, &dlen, &buf[2], buf_size - 2) != Z_OK || dlen != c->decomp_size) {
+        if (uncompress(c->decomp_buf, &dlen, &buf[2], buf_size - 2) != Z_OK || (dlen != c->decomp_size && dlen != c->decomp_size - bugdelta)) {
             av_log(avctx, AV_LOG_ERROR, "error during zlib decompression\n");
             return AVERROR_INVALIDDATA;
         }

libavcodec/dovi_rpu.c

@@ -157,7 +157,7 @@ static inline uint64_t get_ue_coef(GetBitContext *gb, const AVDOVIRpuDataHeader
 
     case RPU_COEFF_FLOAT:
         fpart.u32 = get_bits_long(gb, 32);
-        return fpart.f32 * (1 << hdr->coef_log2_denom);
+        return fpart.f32 * (1LL << hdr->coef_log2_denom);
     }
 
     return 0; /* unreachable */
@@ -176,7 +176,7 @@ static inline int64_t get_se_coef(GetBitContext *gb, const AVDOVIRpuDataHeader *
 
     case RPU_COEFF_FLOAT:
         fpart.u32 = get_bits_long(gb, 32);
-        return fpart.f32 * (1 << hdr->coef_log2_denom);
+        return fpart.f32 * (1LL << hdr->coef_log2_denom);
     }
 
     return 0; /* unreachable */

libavcodec/dstdec.c

@@ -216,7 +216,7 @@ static uint8_t prob_dst_x_bit(int c)
     return (ff_reverse[c & 127] >> 1) + 1;
 }
 
-static void build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table *fsets)
+static int build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table *fsets)
 {
     int i, j, k, l;
 
@@ -227,14 +227,17 @@ static void build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table *
             int total = av_clip(length - j * 8, 0, 8);
 
             for (k = 0; k < 256; k++) {
-                int v = 0;
+                int64_t v = 0;
 
                 for (l = 0; l < total; l++)
                     v += (((k >> l) & 1) * 2 - 1) * fsets->coeff[i][j * 8 + l];
+                if ((int16_t)v != v)
+                    return AVERROR_INVALIDDATA;
                 table[i][j][k] = v;
             }
         }
     }
+    return 0;
 }
 
 static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
@@ -329,7 +332,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
         return AVERROR_INVALIDDATA;
     ac_init(ac, gb);
 
-    build_filter(s->filter, &s->fsets);
+    ret = build_filter(s->filter, &s->fsets);
+    if (ret < 0)
+        return ret;
 
     memset(s->status, 0xAA, sizeof(s->status));
     memset(dsd, 0, frame->nb_samples * 4 * channels);

libavcodec/dvenc.c

@@ -76,7 +76,9 @@ static av_cold int dvvideo_encode_init(AVCodecContext *avctx)
     ff_fdctdsp_init(&fdsp, avctx);
     ff_me_cmp_init(&mecc, avctx);
     ff_pixblockdsp_init(&pdsp, avctx);
-    ff_set_cmp(&mecc, mecc.ildct_cmp, avctx->ildct_cmp);
+    ret = ff_set_cmp(&mecc, mecc.ildct_cmp, avctx->ildct_cmp);
+    if (ret < 0)
+        return AVERROR(EINVAL);
 
     s->get_pixels = pdsp.get_pixels;
     s->ildct_cmp  = mecc.ildct_cmp[5];

libavcodec/dxv.c

@@ -440,7 +440,7 @@ static int get_opcodes(GetByteContext *gb, uint32_t *table, uint8_t *dst, int op
 
     size_in_bits = bytestream2_get_le32(gb);
     endoffset = ((size_in_bits + 7) >> 3) - 4;
-    if (endoffset <= 0 || bytestream2_get_bytes_left(gb) < endoffset)
+    if ((int)endoffset <= 0 || bytestream2_get_bytes_left(gb) < endoffset)
         return AVERROR_INVALIDDATA;
 
     offset = endoffset;

libavcodec/eac3dec.c

@@ -138,9 +138,11 @@ static void ff_eac3_apply_spectral_extension(AC3DecodeContext *s)
             // spx_noise_blend and spx_signal_blend are both FP.23
             nscale *= 1.0 / (1<<23);
             sscale *= 1.0 / (1<<23);
+            if (nscale < -1.0)
+                nscale = -1.0;
 #endif
             for (i = 0; i < s->spx_band_sizes[bnd]; i++) {
-                float noise  = nscale * (int32_t)av_lfg_get(&s->dith_state);
+                UINTFLOAT noise = (INTFLOAT)(nscale * (int32_t)av_lfg_get(&s->dith_state));
                 s->transform_coeffs[ch][bin]   *= sscale;
                 s->transform_coeffs[ch][bin++] += noise;
             }

libavcodec/eatgq.c

@@ -62,7 +62,7 @@ static av_cold int tgq_decode_init(AVCodecContext *avctx)
     return 0;
 }
 
-static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb)
+static int tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb)
 {
     uint8_t *perm = s->scantable.permutated;
     int i, j, value;
@@ -70,6 +70,8 @@ static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb
     for (i = 1; i < 64;) {
         switch (show_bits(gb, 3)) {
         case 4:
+            if (i >= 63)
+                return AVERROR_INVALIDDATA;
             block[perm[i++]] = 0;
         case 0:
             block[perm[i++]] = 0;
@@ -79,6 +81,8 @@ static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb
         case 1:
             skip_bits(gb, 2);
             value = get_bits(gb, 6);
+            if (value > 64 - i)
+                return AVERROR_INVALIDDATA;
             for (j = 0; j < value; j++)
                 block[perm[i++]] = 0;
             break;
@@ -106,6 +110,7 @@ static void tgq_decode_block(TgqContext *s, int16_t block[64], GetBitContext *gb
         }
     }
     block[0] += 128 << 4;
+    return 0;
 }
 
 static void tgq_idct_put_mb(TgqContext *s, int16_t (*block)[64], AVFrame *frame,
@@ -165,8 +170,11 @@ static int tgq_decode_mb(TgqContext *s, AVFrame *frame, int mb_y, int mb_x)
         if (ret < 0)
             return ret;
 
-        for (i = 0; i < 6; i++)
+        for (i = 0; i < 6; i++) {
-            tgq_decode_block(s, s->block[i], &gb);
+            int ret = tgq_decode_block(s, s->block[i], &gb);
+            if (ret < 0)
+                return ret;
+        }
         tgq_idct_put_mb(s, s->block, frame, mb_x, mb_y);
         bytestream2_skip(&s->gb, mode);
     } else {

libavcodec/escape124.c

@@ -89,11 +89,6 @@ static CodeBook unpack_codebook(GetBitContext* gb, unsigned depth,
     unsigned i, j;
     CodeBook cb = { 0 };
 
-    if (size >= INT_MAX / 34 || get_bits_left(gb) < size * 34)
-        return cb;
-
-    if (size >= INT_MAX / sizeof(MacroBlock))
-        return cb;
     cb.blocks = av_malloc(size ? size * sizeof(MacroBlock) : 1);
     if (!cb.blocks)
         return cb;
@@ -163,7 +158,7 @@ static MacroBlock decode_macroblock(Escape124Context* s, GetBitContext* gb,
 
     // This condition can occur with invalid bitstreams and
     // *codebook_index == 2
-    if (block_index >= s->codebooks[*codebook_index].size)
+    if (block_index >= s->codebooks[*codebook_index].size || !s->codebooks[*codebook_index].blocks)
         return (MacroBlock) { { 0 } };
 
     return s->codebooks[*codebook_index].blocks[block_index];
@@ -225,7 +220,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, AVFrame *frame,
     // represent a lower bound of the space needed for skipped superblocks. Non
     // skipped SBs need more space.
     if (get_bits_left(&gb) < 64 + s->num_superblocks * 23LL / 4320)
-        return -1;
+        return AVERROR_INVALIDDATA;
 
     frame_flags = get_bits_long(&gb, 32);
     frame_size  = get_bits_long(&gb, 32);
@@ -242,7 +237,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, AVFrame *frame,
         if ((ret = av_frame_ref(frame, s->frame)) < 0)
             return ret;
 
-        return frame_size;
+        return 0;
     }
 
     for (i = 0; i < 3; i++) {
@@ -276,9 +271,14 @@ static int escape124_decode_frame(AVCodecContext *avctx, AVFrame *frame,
             }
 
             av_freep(&s->codebooks[i].blocks);
+            if (cb_size >= INT_MAX / 34 || get_bits_left(&gb) < (int)cb_size * 34)
+                return AVERROR_INVALIDDATA;
+
+            if (cb_size >= INT_MAX / sizeof(MacroBlock))
+                return AVERROR_INVALIDDATA;
             s->codebooks[i] = unpack_codebook(&gb, cb_depth, cb_size);
             if (!s->codebooks[i].blocks)
-                return -1;
+                return AVERROR(ENOMEM);
         }
     }
 
@@ -371,7 +371,7 @@ static int escape124_decode_frame(AVCodecContext *avctx, AVFrame *frame,
 
     *got_frame = 1;
 
-    return frame_size;
+    return 0;
 }
 
 

libavcodec/exr.c

@@ -334,7 +334,10 @@ static int huf_unpack_enc_table(GetByteContext *gb,
         return ret;
 
     for (; im <= iM; im++) {
-        uint64_t l = freq[im] = get_bits(&gbit, 6);
+        int l;
+        if (get_bits_left(&gbit) < 6)
+            return AVERROR_INVALIDDATA;
+        l = freq[im] = get_bits(&gbit, 6);
 
         if (l == LONG_ZEROCODE_RUN) {
             int zerun = get_bits(&gbit, 8) + SHORTEST_LONG_RUN;
@@ -1241,7 +1244,8 @@ static int decode_block(AVCodecContext *avctx, void *tdata,
         td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tile_y * s->tile_attr.ySize);
         td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tile_x * s->tile_attr.xSize);
 
-        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
+        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX ||
+            av_image_check_size2(td->xsize, td->ysize, s->avctx->max_pixels, AV_PIX_FMT_NONE, 0, s->avctx) < 0)
             return AVERROR_INVALIDDATA;
 
         td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */
@@ -1265,7 +1269,8 @@ static int decode_block(AVCodecContext *avctx, void *tdata,
         td->ysize          = FFMIN(s->scan_lines_per_block, s->ymax - line + 1); /* s->ydelta - line ?? */
         td->xsize          = s->xdelta;
 
-        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
+        if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX ||
+            av_image_check_size2(td->xsize, td->ysize, s->avctx->max_pixels, AV_PIX_FMT_NONE, 0, s->avctx) < 0)
             return AVERROR_INVALIDDATA;
 
         td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */
@@ -1941,18 +1946,27 @@ static int decode_header(EXRContext *s, AVFrame *frame)
 
             bytestream2_get_buffer(gb, key, FFMIN(sizeof(key) - 1, var_size));
             if (strncmp("scanlineimage", key, var_size) &&
-                strncmp("tiledimage", key, var_size))
+                strncmp("tiledimage", key, var_size)) {
-                return AVERROR_PATCHWELCOME;
+                ret = AVERROR_PATCHWELCOME;
+                goto fail;
+            }
 
             continue;
         } else if ((var_size = check_header_variable(s, "preview",
                                                      "preview", 16)) >= 0) {
             uint32_t pw = bytestream2_get_le32(gb);
             uint32_t ph = bytestream2_get_le32(gb);
-            int64_t psize = 4LL * pw * ph;
+            uint64_t psize = pw * (uint64_t)ph;
+            if (psize > INT64_MAX / 4) {
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
+            psize *= 4;
 
-            if (psize >= bytestream2_get_bytes_left(gb))
+            if ((int64_t)psize >= bytestream2_get_bytes_left(gb)) {
-                return AVERROR_INVALIDDATA;
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
 
             bytestream2_skip(gb, psize);
 

libavcodec/ffv1dec.c

@@ -168,24 +168,31 @@ static int decode_slice_header(const FFV1Context *f, FFV1Context *fs)
     RangeCoder *c = &fs->c;
     uint8_t state[CONTEXT_SIZE];
     unsigned ps, i, context_count;
+    int sx, sy, sw, sh;
+
     memset(state, 128, sizeof(state));
+    sx = get_symbol(c, state, 0);
+    sy = get_symbol(c, state, 0);
+    sw = get_symbol(c, state, 0) + 1U;
+    sh = get_symbol(c, state, 0) + 1U;
 
     av_assert0(f->version > 2);
 
-    fs->slice_x      =  get_symbol(c, state, 0)      * f->width ;
-    fs->slice_y      =  get_symbol(c, state, 0)      * f->height;
-    fs->slice_width  = (get_symbol(c, state, 0) + 1) * f->width  + fs->slice_x;
-    fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y;
 
-    fs->slice_x /= f->num_h_slices;
+    if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0)
-    fs->slice_y /= f->num_v_slices;
+        return AVERROR_INVALIDDATA;
-    fs->slice_width  = fs->slice_width /f->num_h_slices - fs->slice_x;
+    if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh)
-    fs->slice_height = fs->slice_height/f->num_v_slices - fs->slice_y;
+        return AVERROR_INVALIDDATA;
-    if ((unsigned)fs->slice_width > f->width || (unsigned)fs->slice_height > f->height)
+
-        return -1;
+    fs->slice_x      =  sx       * (int64_t)f->width  / f->num_h_slices;
-    if (    (unsigned)fs->slice_x + (uint64_t)fs->slice_width  > f->width
+    fs->slice_y      =  sy       * (int64_t)f->height / f->num_v_slices;
-         || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
+    fs->slice_width  = (sx + sw) * (int64_t)f->width  / f->num_h_slices - fs->slice_x;
-        return -1;
+    fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y;
+
+    av_assert0((unsigned)fs->slice_width  <= f->width &&
+                (unsigned)fs->slice_height <= f->height);
+    av_assert0 (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  <= f->width
+                && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height);
 
     if (fs->ac == AC_GOLOMB_RICE && fs->slice_width >= (1<<23))
         return AVERROR_INVALIDDATA;
@@ -303,8 +310,11 @@ static int decode_slice(AVCodecContext *c, void *arg)
     }
     if ((ret = ff_ffv1_init_slice_state(f, fs)) < 0)
         return ret;
-    if (f->cur->key_frame || fs->slice_reset_contexts)
+    if (f->cur->key_frame || fs->slice_reset_contexts) {
         ff_ffv1_clear_slice_state(f, fs);
+    } else if (fs->slice_damaged) {
+        return AVERROR_INVALIDDATA;
+    }
 
     width  = fs->slice_width;
     height = fs->slice_height;
@@ -467,6 +477,11 @@ static int read_extra_header(FFV1Context *f)
         return AVERROR_INVALIDDATA;
     }
 
+    if (f->num_h_slices > MAX_SLICES / f->num_v_slices) {
+        av_log(f->avctx, AV_LOG_ERROR, "slice count unsupported\n");
+        return AVERROR_PATCHWELCOME;
+    }
+
     f->quant_table_count = get_symbol(c, state, 0);
     if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count) {
         av_log(f->avctx, AV_LOG_ERROR, "quant table count %d is invalid\n", f->quant_table_count);
@@ -769,21 +784,25 @@ static int read_header(FFV1Context *f)
         fs->slice_damaged = 0;
 
         if (f->version == 2) {
-            fs->slice_x      =  get_symbol(c, state, 0)      * f->width ;
+            int sx = get_symbol(c, state, 0);
-            fs->slice_y      =  get_symbol(c, state, 0)      * f->height;
+            int sy = get_symbol(c, state, 0);
-            fs->slice_width  = (get_symbol(c, state, 0) + 1) * f->width  + fs->slice_x;
+            int sw = get_symbol(c, state, 0) + 1U;
-            fs->slice_height = (get_symbol(c, state, 0) + 1) * f->height + fs->slice_y;
+            int sh = get_symbol(c, state, 0) + 1U;
 
-            fs->slice_x     /= f->num_h_slices;
+            if (sx < 0 || sy < 0 || sw <= 0 || sh <= 0)
-            fs->slice_y     /= f->num_v_slices;
-            fs->slice_width  = fs->slice_width  / f->num_h_slices - fs->slice_x;
-            fs->slice_height = fs->slice_height / f->num_v_slices - fs->slice_y;
-            if ((unsigned)fs->slice_width  > f->width ||
-                (unsigned)fs->slice_height > f->height)
                 return AVERROR_INVALIDDATA;
-            if (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  > f->width
+            if (sx > f->num_h_slices - sw || sy > f->num_v_slices - sh)
-                || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
                 return AVERROR_INVALIDDATA;
+
+            fs->slice_x      =  sx       * (int64_t)f->width  / f->num_h_slices;
+            fs->slice_y      =  sy       * (int64_t)f->height / f->num_v_slices;
+            fs->slice_width  = (sx + sw) * (int64_t)f->width  / f->num_h_slices - fs->slice_x;
+            fs->slice_height = (sy + sh) * (int64_t)f->height / f->num_v_slices - fs->slice_y;
+
+            av_assert0((unsigned)fs->slice_width  <= f->width &&
+                       (unsigned)fs->slice_height <= f->height);
+            av_assert0 (   (unsigned)fs->slice_x + (uint64_t)fs->slice_width  <= f->width
+                        && (unsigned)fs->slice_y + (uint64_t)fs->slice_height <= f->height);
         }
 
         for (i = 0; i < f->plane_count; i++) {
@@ -883,7 +902,14 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
         if (buf_size < avctx->width * avctx->height / (128*8))
             return AVERROR_INVALIDDATA;
     } else {
-        if (buf_size < avctx->height / 8)
+        int w = avctx->width;
+        int s = 1 + w / (1<<23);
+
+        w /= s;
+
+        for (i = 0; w > (1<<ff_log2_run[i]); i++)
+            w -= ff_log2_run[i];
+        if (buf_size < (avctx->height + i + 6) / 8 * s)
             return AVERROR_INVALIDDATA;
     }
 

libavcodec/flac_parser.c

@@ -505,6 +505,8 @@ static int check_header_mismatch(FLACParseContext  *fpc,
         for (i = 0; i < FLAC_MAX_SEQUENTIAL_HEADERS && curr != child; i++)
             curr = curr->next;
 
+        av_assert0(i < FLAC_MAX_SEQUENTIAL_HEADERS);
+
         if (header->link_penalty[i] < FLAC_HEADER_CRC_FAIL_PENALTY ||
             header->link_penalty[i] == FLAC_HEADER_NOT_PENALIZED_YET) {
             FLACHeaderMarker *start, *end;

libavcodec/fmvc.c

@@ -101,7 +101,6 @@ static int decode_type2(GetByteContext *gb, PutByteContext *pb)
                             continue;
                         }
                     }
-                    repeat = 0;
                 }
                 repeat = 1;
             }
@@ -401,20 +400,17 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
     GetByteContext *gb = &s->gb;
     PutByteContext *pb = &s->pb;
     int ret, y, x;
+    int key_frame;
 
     if (avpkt->size < 8)
         return AVERROR_INVALIDDATA;
 
-    if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
-        return ret;
-
     bytestream2_init(gb, avpkt->data, avpkt->size);
     bytestream2_skip(gb, 2);
 
-    frame->key_frame = !!bytestream2_get_le16(gb);
+    key_frame = !!bytestream2_get_le16(gb);
-    frame->pict_type = frame->key_frame ? AV_PICTURE_TYPE_I : AV_PICTURE_TYPE_P;
 
-    if (frame->key_frame) {
+    if (key_frame) {
         const uint8_t *src;
         unsigned type, size;
         uint8_t *dst;
@@ -434,6 +430,12 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
             return AVERROR_PATCHWELCOME;
         }
 
+        if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+            return ret;
+
+        frame->key_frame = 1;
+        frame->pict_type = AV_PICTURE_TYPE_I;
+
         src = s->buffer;
         dst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
         for (y = 0; y < avctx->height; y++) {
@@ -514,6 +516,12 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
             dst = &rect[block_h * s->stride];
         }
 
+        if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+            return ret;
+
+        frame->key_frame = 0;
+        frame->pict_type = AV_PICTURE_TYPE_P;
+
         ssrc = s->buffer;
         ddst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
         for (y = 0; y < avctx->height; y++) {

libavcodec/g2meet.c

@@ -146,7 +146,8 @@ typedef struct G2MContext {
     int        got_header;
 
     uint8_t    *framebuf;
-    int        framebuf_stride, old_width, old_height;
+    int        framebuf_stride;
+    unsigned int framebuf_allocated;
 
     uint8_t    *synth_tile, *jpeg_tile, *epic_buf, *epic_buf_base;
     int        tile_stride, epic_buf_stride, old_tile_w, old_tile_h;
@@ -1161,14 +1162,13 @@ static int g2m_init_buffers(G2MContext *c)
 {
     int aligned_height;
 
-    if (!c->framebuf || c->old_width < c->width || c->old_height < c->height) {
+    c->framebuf_stride = FFALIGN(c->width + 15, 16) * 3;
-        c->framebuf_stride = FFALIGN(c->width + 15, 16) * 3;
+    aligned_height = c->height + 15;
-        aligned_height     = c->height + 15;
+
-        av_free(c->framebuf);
+    av_fast_mallocz(&c->framebuf, &c->framebuf_allocated, c->framebuf_stride * aligned_height);
-        c->framebuf = av_calloc(c->framebuf_stride, aligned_height);
+    if (!c->framebuf)
-        if (!c->framebuf)
+        return AVERROR(ENOMEM);
-            return AVERROR(ENOMEM);
+
-    }
     if (!c->synth_tile || !c->jpeg_tile ||
         (c->compression == 2 && !c->epic_buf_base) ||
         c->old_tile_w < c->tile_width ||
@@ -1618,6 +1618,7 @@ static av_cold int g2m_decode_end(AVCodecContext *avctx)
     av_freep(&c->jpeg_tile);
     av_freep(&c->cursor);
     av_freep(&c->framebuf);
+    c->framebuf_allocated = 0;
 
     return 0;
 }

libavcodec/g729postfilter.c

@@ -353,7 +353,7 @@ static int16_t long_term_filter(AudioDSPContext *adsp, int pitch_delay_int,
         if (tmp > 0)
             L_temp0 >>= tmp;
         else
-            L_temp1 >>= -tmp;
+            L_temp1 >>= FFMIN(-tmp, 31);
 
         /* Check if longer filter increases the values of R'(k). */
         if (L_temp1 > L_temp0) {
@@ -581,7 +581,7 @@ void ff_g729_postfilter(AudioDSPContext *adsp, int16_t* ht_prev_data, int* voici
 int16_t ff_g729_adaptive_gain_control(int gain_before, int gain_after, int16_t *speech,
                                    int subframe_size, int16_t gain_prev)
 {
-    int gain; // (3.12)
+    unsigned gain; // (3.12)
     int n;
     int exp_before, exp_after;
 
@@ -603,7 +603,7 @@ int16_t ff_g729_adaptive_gain_control(int gain_before, int gain_after, int16_t *
             gain = ((gain_before - gain_after) << 14) / gain_after + 0x4000;
             gain = bidir_sal(gain, exp_after - exp_before);
         }
-        gain = av_clip_int16(gain);
+        gain = FFMIN(gain, 32767);
         gain = (gain * G729_AGC_FAC1 + 0x4000) >> 15; // gain * (1-0.9875)
     } else
         gain = 0;

libavcodec/golomb.h

@@ -402,6 +402,7 @@ static inline int get_ur_golomb(GetBitContext *gb, int k, int limit,
     log = av_log2(buf);
 
     if (log > 31 - limit) {
+        av_assert2(log >= k);
         buf >>= log - k;
         buf  += (30U - log) << k;
         LAST_SKIP_BITS(re, gb, 32 + k - log);
@@ -424,6 +425,8 @@ static inline int get_ur_golomb(GetBitContext *gb, int k, int limit,
 
 /**
  * read unsigned golomb rice code (jpegls).
+ *
+ * @returns -1 on error
  */
 static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
                                        int esc_len)
@@ -535,6 +538,8 @@ static inline int get_sr_golomb(GetBitContext *gb, int k, int limit,
 
 /**
  * read signed golomb rice code (flac).
+ *
+ * @returns INT_MIN on error
  */
 static inline int get_sr_golomb_flac(GetBitContext *gb, int k, int limit,
                                      int esc_len)

libavcodec/h263dec.c

@@ -307,7 +307,7 @@ static int decode_slice(MpegEncContext *s)
                 ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y,
                                 s->mb_x, s->mb_y, ER_MB_ERROR & part_mask);
 
-                if (s->avctx->err_recognition & AV_EF_IGNORE_ERR)
+                if ((s->avctx->err_recognition & AV_EF_IGNORE_ERR) && get_bits_left(&s->gb) > 0)
                     continue;
                 return AVERROR_INVALIDDATA;
             }
@@ -552,6 +552,8 @@ retry:
     avctx->has_b_frames = !s->low_delay;
 
     if (CONFIG_MPEG4_DECODER && avctx->codec_id == AV_CODEC_ID_MPEG4) {
+        if (s->pict_type != AV_PICTURE_TYPE_B && s->mb_num/2 > get_bits_left(&s->gb))
+            return AVERROR_INVALIDDATA;
         if (ff_mpeg4_workaround_bugs(avctx) == 1)
             goto retry;
         if (s->studio_profile != (s->idsp.idct == NULL))

libavcodec/h2645_parse.h

@@ -123,7 +123,7 @@ static inline int get_nalsize(int nal_length_size, const uint8_t *buf,
 
     if (*buf_index >= buf_size - nal_length_size) {
         // the end of the buffer is reached, refill it
-        return AVERROR(EAGAIN);
+        return AVERROR_INVALIDDATA;
     }
 
     for (i = 0; i < nal_length_size; i++)

libavcodec/h264_parser.c

@@ -645,10 +645,10 @@ static int h264_parse(AVCodecParserContext *s,
             int64_t num = avctx->time_base.num * (int64_t)avctx->pkt_timebase.den;
             if (s->dts != AV_NOPTS_VALUE) {
                 // got DTS from the stream, update reference timestamp
-                p->reference_dts = s->dts - av_rescale(s->dts_ref_dts_delta, num, den);
+                p->reference_dts = av_sat_sub64(s->dts, av_rescale(s->dts_ref_dts_delta, num, den));
             } else if (p->reference_dts != AV_NOPTS_VALUE) {
                 // compute DTS based on reference timestamp
-                s->dts = p->reference_dts + av_rescale(s->dts_ref_dts_delta, num, den);
+                s->dts = av_sat_add64(p->reference_dts, av_rescale(s->dts_ref_dts_delta, num, den));
             }
 
             if (p->reference_dts != AV_NOPTS_VALUE && s->pts == AV_NOPTS_VALUE)

libavcodec/h264_slice.c

@@ -1551,7 +1551,7 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl,
 
     sps = h->ps.sps;
 
-    if (sps && sps->bitstream_restriction_flag &&
+    if (sps->bitstream_restriction_flag &&
         h->avctx->has_b_frames < sps->num_reorder_frames) {
         h->avctx->has_b_frames = sps->num_reorder_frames;
     }

libavcodec/h274.h

@@ -28,7 +28,7 @@
 #ifndef AVCODEC_H274_H
 #define AVCODEC_H274_H
 
-#include <libavutil/film_grain_params.h>
+#include "libavutil/film_grain_params.h"
 
 // Must be initialized to {0} prior to first usage
 typedef struct H274FilmGrainDatabase {

libavcodec/hcadec.c

@@ -110,6 +110,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
     float scale = 1.f / 8.f;
     unsigned b, chunk;
     int version, ret;
+    unsigned hfr_group_count;
 
     avctx->sample_fmt = AV_SAMPLE_FMT_FLTP;
     c->crc_table = av_crc_get_table(AV_CRC_16_ANSI);
@@ -230,11 +231,12 @@ static av_cold int decode_init(AVCodecContext *avctx)
     if (c->total_band_count < c->base_band_count)
         return AVERROR_INVALIDDATA;
 
-    c->hfr_group_count = ceil2(c->total_band_count - (c->base_band_count + c->stereo_band_count),
+    hfr_group_count = ceil2(c->total_band_count - (c->base_band_count + c->stereo_band_count),
                                c->bands_per_hfr_group);
 
-    if (c->base_band_count + c->stereo_band_count + (unsigned long)c->hfr_group_count > 128ULL)
+    if (c->base_band_count + c->stereo_band_count + (uint64_t)hfr_group_count > 128ULL)
         return AVERROR_INVALIDDATA;
+    c->hfr_group_count = hfr_group_count;
 
     for (int i = 0; i < avctx->ch_layout.nb_channels; i++) {
         c->ch[i].chan_type = r[i];

libavcodec/hevc_filter.c

@@ -143,11 +143,22 @@ static void copy_CTB(uint8_t *dst, const uint8_t *src, int width, int height,
 
     if (((intptr_t)dst | (intptr_t)src | stride_dst | stride_src) & 15) {
         for (i = 0; i < height; i++) {
-            for (j = 0; j < width; j+=8)
+            for (j = 0; j < width - 7; j+=8)
                 AV_COPY64U(dst+j, src+j);
             dst += stride_dst;
             src += stride_src;
         }
+        if (width&7) {
+            dst += ((width>>3)<<3) - stride_dst * height;
+            src += ((width>>3)<<3) - stride_src * height;
+            width &= 7;
+            for (i = 0; i < height; i++) {
+                for (j = 0; j < width; j++)
+                    dst[j] = src[j];
+                dst += stride_dst;
+                src += stride_src;
+            }
+        }
     } else {
         for (i = 0; i < height; i++) {
             for (j = 0; j < width; j+=16)

libavcodec/hevcdec.c

@@ -628,6 +628,10 @@ static int hls_slice_header(HEVCContext *s)
 
         if (s->ps.pps->dependent_slice_segments_enabled_flag)
             sh->dependent_slice_segment_flag = get_bits1(gb);
+        if (sh->dependent_slice_segment_flag && !s->slice_initialized) {
+            av_log(s->avctx, AV_LOG_ERROR, "Independent slice segment missing.\n");
+            return AVERROR_INVALIDDATA;
+        }
 
         slice_address_length = av_ceil_log2(s->ps.sps->ctb_width *
                                             s->ps.sps->ctb_height);
@@ -896,9 +900,6 @@ static int hls_slice_header(HEVCContext *s)
         } else {
             sh->slice_loop_filter_across_slices_enabled_flag = s->ps.pps->seq_loop_filter_across_slices_enabled_flag;
         }
-    } else if (!s->slice_initialized) {
-        av_log(s->avctx, AV_LOG_ERROR, "Independent slice segment missing.\n");
-        return AVERROR_INVALIDDATA;
     }
 
     sh->num_entry_point_offsets = 0;
@@ -1517,7 +1518,8 @@ static void luma_mc_uni(HEVCContext *s, uint8_t *dst, ptrdiff_t dststride,
 
     if (x_off < QPEL_EXTRA_BEFORE || y_off < QPEL_EXTRA_AFTER ||
         x_off >= pic_width - block_w - QPEL_EXTRA_AFTER ||
-        y_off >= pic_height - block_h - QPEL_EXTRA_AFTER) {
+        y_off >= pic_height - block_h - QPEL_EXTRA_AFTER ||
+        ref == s->frame) {
         const ptrdiff_t edge_emu_stride = EDGE_EMU_BUFFER_STRIDE << s->ps.sps->pixel_shift;
         int offset     = QPEL_EXTRA_BEFORE * srcstride       + (QPEL_EXTRA_BEFORE << s->ps.sps->pixel_shift);
         int buf_offset = QPEL_EXTRA_BEFORE * edge_emu_stride + (QPEL_EXTRA_BEFORE << s->ps.sps->pixel_shift);
@@ -1665,6 +1667,7 @@ static void chroma_mc_uni(HEVCContext *s, uint8_t *dst0,
     intptr_t my          = av_mod_uintp2(mv->y, 2 + vshift);
     intptr_t _mx         = mx << (1 - hshift);
     intptr_t _my         = my << (1 - vshift);
+    int emu              = src0 == s->frame->data[1] || src0 == s->frame->data[2];
 
     x_off += mv->x >> (2 + hshift);
     y_off += mv->y >> (2 + vshift);
@@ -1672,7 +1675,8 @@ static void chroma_mc_uni(HEVCContext *s, uint8_t *dst0,
 
     if (x_off < EPEL_EXTRA_BEFORE || y_off < EPEL_EXTRA_AFTER ||
         x_off >= pic_width - block_w - EPEL_EXTRA_AFTER ||
-        y_off >= pic_height - block_h - EPEL_EXTRA_AFTER) {
+        y_off >= pic_height - block_h - EPEL_EXTRA_AFTER ||
+        emu) {
         const int edge_emu_stride = EDGE_EMU_BUFFER_STRIDE << s->ps.sps->pixel_shift;
         int offset0 = EPEL_EXTRA_BEFORE * (srcstride + (1 << s->ps.sps->pixel_shift));
         int buf_offset0 = EPEL_EXTRA_BEFORE *
@@ -1911,13 +1915,13 @@ static void hls_prediction_unit(HEVCContext *s, int x0, int y0,
 
     if (current_mv.pred_flag & PF_L0) {
         ref0 = refPicList[0].ref[current_mv.ref_idx[0]];
-        if (!ref0)
+        if (!ref0 || !ref0->frame)
             return;
         hevc_await_progress(s, ref0, &current_mv.mv[0], y0, nPbH);
     }
     if (current_mv.pred_flag & PF_L1) {
         ref1 = refPicList[1].ref[current_mv.ref_idx[1]];
-        if (!ref1)
+        if (!ref1 || !ref1->frame)
             return;
         hevc_await_progress(s, ref1, &current_mv.mv[1], y0, nPbH);
     }
@@ -3176,8 +3180,11 @@ static int decode_nal_unit(HEVCContext *s, const H2645NAL *nal)
     case HEVC_NAL_RASL_N:
     case HEVC_NAL_RASL_R:
         ret = hls_slice_header(s);
-        if (ret < 0)
+        if (ret < 0) {
+            // hls_slice_header() does not cleanup on failure thus the state now is inconsistant so we cannot use it on depandant slices
+            s->slice_initialized = 0;
             return ret;
+        }
         if (ret == 1) {
             ret = AVERROR_INVALIDDATA;
             goto fail;
@@ -3516,7 +3523,7 @@ static int hevc_decode_frame(AVCodecContext *avctx, AVFrame *rframe,
         }
     } else {
         /* verify the SEI checksum */
-        if (avctx->err_recognition & AV_EF_CRCCHECK && s->is_decoded &&
+        if (avctx->err_recognition & AV_EF_CRCCHECK && s->ref && s->is_decoded &&
             s->sei.picture_hash.is_md5) {
             ret = verify_md5(s, s->ref->frame);
             if (ret < 0 && avctx->err_recognition & AV_EF_EXPLODE) {

libavcodec/huffyuvdec.c

@@ -656,9 +656,9 @@ static void decode_422_bitstream(HYuvContext *s, int count)
 /* TODO instead of restarting the read when the code isn't in the first level
  * of the joint table, jump into the 2nd level of the individual table. */
 #define READ_2PIX_PLANE16(dst0, dst1, plane){\
-    dst0 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;\
+    dst0 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)*4;\
     dst0 += get_bits(&s->gb, 2);\
-    dst1 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;\
+    dst1 = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)*4;\
     dst1 += get_bits(&s->gb, 2);\
 }
 static void decode_plane_bitstream(HYuvContext *s, int width, int plane)
@@ -716,7 +716,7 @@ static void decode_plane_bitstream(HYuvContext *s, int width, int plane)
             }
         }
         if( width&1 && get_bits_left(&s->gb)>0 ) {
-            int dst = get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;
+            int dst = (unsigned)get_vlc2(&s->gb, s->vlc[plane].table, VLC_BITS, 3)<<2;
             s->temp16[0][width-1] = dst + get_bits(&s->gb, 2);
         }
     }

libavcodec/iff.c

@@ -583,7 +583,7 @@ static int decode_byterun2(uint8_t *dst, int height, int line_size,
                            GetByteContext *gb)
 {
     GetByteContext cmds;
-    unsigned count;
+    int count;
     int i, y_pos = 0, x_pos = 0;
 
     if (bytestream2_get_be32(gb) != MKBETAG('V', 'D', 'A', 'T'))
@@ -591,7 +591,7 @@ static int decode_byterun2(uint8_t *dst, int height, int line_size,
 
     bytestream2_skip(gb, 4);
     count = bytestream2_get_be16(gb) - 2;
-    if (bytestream2_get_bytes_left(gb) < count)
+    if (count < 0 || bytestream2_get_bytes_left(gb) < count)
         return 0;
 
     bytestream2_init(&cmds, gb->buffer, count);

libavcodec/ilbcdec.c

@@ -1094,12 +1094,6 @@ static void do_plc(int16_t *plc_residual,      /* (o) concealed residual */
 
         if (s->consPLICount * s->block_samples > 320) {
             use_gain = 29491;   /* 0.9 in Q15 */
-        } else if (s->consPLICount * s->block_samples > 640) {
-            use_gain = 22938;   /* 0.7 in Q15 */
-        } else if (s->consPLICount * s->block_samples > 960) {
-            use_gain = 16384;   /* 0.5 in Q15 */
-        } else if (s->consPLICount * s->block_samples > 1280) {
-            use_gain = 0;       /* 0.0 in Q15 */
         }
 
         /* Compute mixing factor of picth repeatition and noise:

libavcodec/imm4.c

@@ -221,12 +221,15 @@ static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame
 
     for (y = 0; y < avctx->height; y += 16) {
         for (x = 0; x < avctx->width; x += 16) {
-            unsigned flag, cbphi, cbplo;
+            unsigned flag, cbplo;
+            int cbphi;
 
             cbplo = get_vlc2(gb, cbplo_tab.table, CBPLO_VLC_BITS, 1);
             flag = get_bits1(gb);
 
             cbphi = get_cbphi(gb, 1);
+            if (cbphi < 0)
+                return cbphi;
 
             ret = decode_blocks(avctx, gb, cbplo | (cbphi << 2), 0, offset, flag);
             if (ret < 0)
@@ -274,7 +277,8 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
     for (y = 0; y < avctx->height; y += 16) {
         for (x = 0; x < avctx->width; x += 16) {
             int reverse, intra_block, value;
-            unsigned cbphi, cbplo, flag2 = 0;
+            unsigned cbplo, flag2 = 0;
+            int cbphi;
 
             if (get_bits1(gb)) {
                 copy_block16(frame->data[0] + y * frame->linesize[0] + x,
@@ -300,6 +304,9 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
 
             cbplo = value >> 4;
             cbphi = get_cbphi(gb, reverse);
+            if (cbphi < 0)
+                return cbphi;
+
             if (intra_block) {
                 ret = decode_blocks(avctx, gb, cbplo | (cbphi << 2), 0, offset, flag2);
                 if (ret < 0)

libavcodec/indeo3.c

@@ -171,6 +171,9 @@ static av_cold int allocate_frame_buffers(Indeo3DecodeContext *ctx,
     int luma_size, chroma_size;
     ptrdiff_t luma_pitch, chroma_pitch;
 
+    luma_width  = FFALIGN(luma_width , 2);
+    luma_height = FFALIGN(luma_height, 2);
+
     if (luma_width  < 16 || luma_width  > 640 ||
         luma_height < 16 || luma_height > 480 ||
         luma_width  &  1 || luma_height &   1) {

libavcodec/j2kenc.c

@@ -721,11 +721,10 @@ static void encode_cblk(Jpeg2000EncoderContext *s, Jpeg2000T1Context *t1, Jpeg20
 
     if (max == 0){
         cblk->nonzerobits = 0;
-        bpno = 0;
     } else{
         cblk->nonzerobits = av_log2(max) + 1 - NMSEDEC_FRACBITS;
-        bpno = cblk->nonzerobits - 1;
     }
+    bpno = cblk->nonzerobits - 1;
 
     cblk->data[0] = 0;
     ff_mqc_initenc(&t1->mqc, cblk->data + 1);
@@ -1531,6 +1530,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt,
     int tileno, ret;
     Jpeg2000EncoderContext *s = avctx->priv_data;
     uint8_t *chunkstart, *jp2cstart, *jp2hstart;
+    const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(avctx->pix_fmt);
 
     if ((ret = ff_alloc_packet(avctx, pkt, avctx->width*avctx->height*9 + AV_INPUT_BUFFER_MIN_SIZE)) < 0)
         return ret;
@@ -1543,7 +1543,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt,
 
     s->lambda = s->picture->quality * LAMBDA_SCALE;
 
-    if (avctx->pix_fmt == AV_PIX_FMT_BGR48 || avctx->pix_fmt == AV_PIX_FMT_GRAY16)
+    if (s->cbps[0] > 8)
         copy_frame_16(s);
     else
         copy_frame_8(s);
@@ -1587,7 +1587,7 @@ static int encode_frame(AVCodecContext *avctx, AVPacket *pkt,
         bytestream_put_byte(&s->buf, 1);
         bytestream_put_byte(&s->buf, 0);
         bytestream_put_byte(&s->buf, 0);
-        if (avctx->pix_fmt == AV_PIX_FMT_RGB24 || avctx->pix_fmt == AV_PIX_FMT_PAL8) {
+        if ((desc->flags & AV_PIX_FMT_FLAG_RGB) || avctx->pix_fmt == AV_PIX_FMT_PAL8) {
             bytestream_put_be32(&s->buf, 16);
         } else if (s->ncomponents == 1) {
             bytestream_put_be32(&s->buf, 17);
@@ -1717,6 +1717,7 @@ static av_cold int j2kenc_init(AVCodecContext *avctx)
     Jpeg2000EncoderContext *s = avctx->priv_data;
     Jpeg2000CodingStyle *codsty = &s->codsty;
     Jpeg2000QuantStyle  *qntsty = &s->qntsty;
+    const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(avctx->pix_fmt);
 
     s->avctx = avctx;
     av_log(s->avctx, AV_LOG_DEBUG, "init\n");
@@ -1729,7 +1730,7 @@ static av_cold int j2kenc_init(AVCodecContext *avctx)
 
     if (avctx->pix_fmt == AV_PIX_FMT_PAL8 && (s->pred != FF_DWT97_INT || s->format != CODEC_JP2)) {
         av_log(s->avctx, AV_LOG_WARNING, "Forcing lossless jp2 for pal8\n");
-        s->pred = FF_DWT97_INT;
+        s->pred = 1;
         s->format = CODEC_JP2;
     }
 
@@ -1759,20 +1760,13 @@ static av_cold int j2kenc_init(AVCodecContext *avctx)
     s->width = avctx->width;
     s->height = avctx->height;
 
+    s->ncomponents = desc->nb_components;
     for (i = 0; i < 3; i++) {
-        if (avctx->pix_fmt == AV_PIX_FMT_GRAY16 || avctx->pix_fmt == AV_PIX_FMT_RGB48)
+        s->cbps[i] = desc->comp[i].depth;
-            s->cbps[i] = 16;
-        else
-            s->cbps[i] = 8;
     }
 
-    if (avctx->pix_fmt == AV_PIX_FMT_RGB24 || avctx->pix_fmt == AV_PIX_FMT_RGB48){
+    if ((desc->flags & AV_PIX_FMT_FLAG_PLANAR) && s->ncomponents > 1) {
-        s->ncomponents = 3;
-    } else if (avctx->pix_fmt == AV_PIX_FMT_GRAY8 || avctx->pix_fmt == AV_PIX_FMT_PAL8 || avctx->pix_fmt == AV_PIX_FMT_GRAY16){
-        s->ncomponents = 1;
-    } else{ // planar YUV
         s->planar = 1;
-        s->ncomponents = 3;
         ret = av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt,
                                                s->chroma_shift, s->chroma_shift + 1);
         if (ret)
@@ -1810,7 +1804,7 @@ static const AVOption options[] = {
     { "tile_height",   "Tile Height",       OFFSET(tile_height),   AV_OPT_TYPE_INT,   { .i64 = 256         }, 1,     1<<30,           VE, },
     { "pred",          "DWT Type",          OFFSET(pred),          AV_OPT_TYPE_INT,   { .i64 = 0           }, 0,         1,           VE, "pred"        },
     { "dwt97int",      NULL,                0,                     AV_OPT_TYPE_CONST, { .i64 = 0           }, INT_MIN, INT_MAX,       VE, "pred"        },
-    { "dwt53",         NULL,                0,                     AV_OPT_TYPE_CONST, { .i64 = 0           }, INT_MIN, INT_MAX,       VE, "pred"        },
+    { "dwt53",         NULL,                0,                     AV_OPT_TYPE_CONST, { .i64 = 1           }, INT_MIN, INT_MAX,       VE, "pred"        },
     { "sop",           "SOP marker",        OFFSET(sop),           AV_OPT_TYPE_INT,   { .i64 = 0           }, 0,         1,           VE, },
     { "eph",           "EPH marker",        OFFSET(eph),           AV_OPT_TYPE_INT,   { .i64 = 0           }, 0,         1,           VE, },
     { "prog",          "Progression Order", OFFSET(prog),          AV_OPT_TYPE_INT,   { .i64 = 0           }, JPEG2000_PGOD_LRCP,         JPEG2000_PGOD_CPRL,           VE, "prog" },

libavcodec/jfdctint_template.c

@@ -69,7 +69,7 @@
 #define GLOBAL(x) x
 #define RIGHT_SHIFT(x, n) ((x) >> (n))
 #define MULTIPLY16C16(var,const) ((var)*(const))
-#define DESCALE(x,n)  RIGHT_SHIFT((x) + (1 << ((n) - 1)), n)
+#define DESCALE(x,n)  RIGHT_SHIFT((int)(x) + (1 << ((n) - 1)), n)
 
 
 /*
@@ -175,7 +175,7 @@
 #if BITS_IN_JSAMPLE == 8 && CONST_BITS<=13 && PASS1_BITS<=2
 #define MULTIPLY(var,const)  MULTIPLY16C16(var,const)
 #else
-#define MULTIPLY(var,const)  ((var) * (const))
+#define MULTIPLY(var,const)  (int)((var) * (unsigned)(const))
 #endif
 
 
@@ -261,7 +261,7 @@ FUNC(ff_jpeg_fdct_islow)(int16_t *data)
 {
   int tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7;
   int tmp10, tmp11, tmp12, tmp13;
-  int z1, z2, z3, z4, z5;
+  unsigned z1, z2, z3, z4, z5;
   int16_t *dataptr;
   int ctr;
 

libavcodec/jpeg2000dec.c

@@ -323,6 +323,16 @@ static int get_siz(Jpeg2000DecoderContext *s)
         return AVERROR_INVALIDDATA;
     }
 
+    if (s->image_offset_x >= s->width || s->image_offset_y >= s->height) {
+        av_log(s->avctx, AV_LOG_ERROR, "image offsets outside image");
+        return AVERROR_INVALIDDATA;
+    }
+
+    if (s->reduction_factor && (s->image_offset_x || s->image_offset_y) ){
+        av_log(s->avctx, AV_LOG_ERROR, "reduction factor with image offsets is not fully implemented");
+        return AVERROR_PATCHWELCOME;
+    }
+
     s->ncomponents = ncomponents;
 
     if (s->tile_width <= 0 || s->tile_height <= 0) {
@@ -388,7 +398,7 @@ static int get_siz(Jpeg2000DecoderContext *s)
         dimy = FFMAX(dimy, ff_jpeg2000_ceildiv(o_dimy, s->cdy[i]));
     }
 
-    ret = ff_set_dimensions(s->avctx, dimx, dimy);
+    ret = ff_set_dimensions(s->avctx, dimx << s->avctx->lowres, dimy << s->avctx->lowres);
     if (ret < 0)
         return ret;
 
@@ -901,9 +911,6 @@ static int get_tlm(Jpeg2000DecoderContext *s, int n)
         case 2:
             bytestream2_get_be16(&s->g);
             break;
-        case 3:
-            bytestream2_get_be32(&s->g);
-            break;
         }
         if (SP == 0) {
             bytestream2_get_be16(&s->g);
@@ -2467,6 +2474,14 @@ static av_cold int jpeg2000_decode_init(AVCodecContext *avctx)
 {
     Jpeg2000DecoderContext *s = avctx->priv_data;
 
+    if (avctx->lowres)
+        av_log(avctx, AV_LOG_WARNING, "lowres is overriden by reduction_factor but set anyway\n");
+    if (!s->reduction_factor && avctx->lowres < JPEG2000_MAX_RESLEVELS) {
+        s->reduction_factor = avctx->lowres;
+    }
+    if (avctx->lowres != s->reduction_factor && avctx->lowres)
+        return AVERROR(EINVAL);
+
     ff_jpeg2000dsp_init(&s->dsp);
     ff_jpeg2000_init_tier1_luts();
 

libavcodec/jpeglsdec.c

@@ -382,6 +382,19 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
     state->T3     = s->t3;
     state->reset  = s->reset;
     ff_jpegls_reset_coding_parameters(state, 0);
+
+    /* Testing parameters here, we cannot test in LSE or SOF because
+     * these interdepend and are allowed in either order
+     */
+    if (state->maxval >= (1<<state->bpp) ||
+        state->T1 > state->T2 ||
+        state->T2 > state->T3 ||
+        state->T3 > state->maxval ||
+        state->reset > FFMAX(255, state->maxval)) {
+        ret = AVERROR_INVALIDDATA;
+        goto end;
+    }
+
     ff_jpegls_init_state(state);
 
     if (s->bits <= 8)

libavcodec/lagarith.c

@@ -409,6 +409,9 @@ output_zeros:
         if (zero_run) {
             zero_run = 0;
             i += esc_count;
+            if (i >  end - dst ||
+                i >= src_end - src)
+                return AVERROR_INVALIDDATA;
             memcpy(dst, src, i);
             dst += i;
             l->zeros_rem = lag_calc_zero_run(src[i]);

libavcodec/lcldec.c

@@ -152,6 +152,8 @@ static int zlib_decomp(AVCodecContext *avctx, const uint8_t *src, int src_len, i
     if (expected != (unsigned int)zstream->total_out) {
         av_log(avctx, AV_LOG_ERROR, "Decoded size differs (%d != %lu)\n",
                expected, zstream->total_out);
+        if (expected > (unsigned int)zstream->total_out)
+            return (unsigned int)zstream->total_out;
         return AVERROR_UNKNOWN;
     }
     return zstream->total_out;
@@ -169,8 +171,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
     int row, col;
     unsigned char *encoded = avpkt->data, *outptr;
     uint8_t *y_out, *u_out, *v_out;
-    unsigned int width = avctx->width; // Real image width
+    int width = avctx->width; // Real image width
-    unsigned int height = avctx->height; // Real image height
+    int height = avctx->height; // Real image height
     unsigned int mszh_dlen;
     unsigned char yq, y1q, uq, vq;
     int uqvq, ret;
@@ -227,16 +229,19 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
             break;
         case COMP_MSZH_NOCOMP: {
             int bppx2;
+            int aligned_width = width;
             switch (c->imgtype) {
             case IMGTYPE_YUV111:
             case IMGTYPE_RGB24:
                 bppx2 = 6;
                 break;
             case IMGTYPE_YUV422:
+                aligned_width &= ~3;
             case IMGTYPE_YUV211:
                 bppx2 = 4;
                 break;
             case IMGTYPE_YUV411:
+                aligned_width &= ~3;
             case IMGTYPE_YUV420:
                 bppx2 = 3;
                 break;
@@ -244,7 +249,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
                 bppx2 = 0; // will error out below
                 break;
             }
-            if (len < ((width * height * bppx2) >> 1))
+            if (len < ((aligned_width * height * bppx2) >> 1))
                 return AVERROR_INVALIDDATA;
             break;
         }
@@ -276,12 +281,13 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
             ret = zlib_decomp(avctx, buf + 8 + mthread_inlen, len - 8 - mthread_inlen,
                               mthread_outlen, mthread_outlen);
             if (ret < 0) return ret;
+            len = c->decomp_size;
         } else {
             int ret = zlib_decomp(avctx, buf, len, 0, c->decomp_size);
             if (ret < 0) return ret;
+            len = ret;
         }
         encoded = c->decomp_buf;
-        len = c->decomp_size;
         break;
 #endif
     default:
@@ -309,8 +315,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
             }
             break;
         case IMGTYPE_YUV422:
+            pixel_ptr = 0;
             for (row = 0; row < height; row++) {
-                pixel_ptr = row * width * 2;
                 yq = uq = vq =0;
                 for (col = 0; col < width/4; col++) {
                     encoded[pixel_ptr] = yq -= encoded[pixel_ptr];
@@ -326,8 +332,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
             }
             break;
         case IMGTYPE_YUV411:
+            pixel_ptr = 0;
             for (row = 0; row < height; row++) {
-                pixel_ptr = row * width / 2 * 3;
                 yq = uq = vq =0;
                 for (col = 0; col < width/4; col++) {
                     encoded[pixel_ptr] = yq -= encoded[pixel_ptr];
@@ -403,6 +409,11 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
                 v_out[ col >> 1     ] = *encoded++ + 128;
                 v_out[(col >> 1) + 1] = *encoded++ + 128;
             }
+            if (col && col < width) {
+                u_out[ col >> 1     ] = u_out[(col>>1) - 1];
+                v_out[ col >> 1     ] = v_out[(col>>1) - 1];
+            }
+
             y_out -= frame->linesize[0];
             u_out -= frame->linesize[1];
             v_out -= frame->linesize[2];
@@ -424,6 +435,10 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
                 u_out[col >> 2] = *encoded++ + 128;
                 v_out[col >> 2] = *encoded++ + 128;
             }
+            if (col && col < width) {
+                u_out[col >> 2] = u_out[(col>>2) - 1];
+                v_out[col >> 2] = v_out[(col>>2) - 1];
+            }
             y_out -= frame->linesize[0];
             u_out -= frame->linesize[1];
             v_out -= frame->linesize[2];
@@ -481,6 +496,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
                                 FFALIGN(avctx->height, 4);
     unsigned int max_decomp_size;
     int subsample_h, subsample_v;
+    int partial_h_supported = 0;
 
     if (avctx->extradata_size < 8) {
         av_log(avctx, AV_LOG_ERROR, "Extradata size too small.\n");
@@ -502,26 +518,24 @@ static av_cold int decode_init(AVCodecContext *avctx)
         av_log(avctx, AV_LOG_DEBUG, "Image type is YUV 1:1:1.\n");
         break;
     case IMGTYPE_YUV422:
-        c->decomp_size = basesize * 2;
+        c->decomp_size = (avctx->width & ~3) * avctx->height * 2;
         max_decomp_size = max_basesize * 2;
         avctx->pix_fmt = AV_PIX_FMT_YUV422P;
         av_log(avctx, AV_LOG_DEBUG, "Image type is YUV 4:2:2.\n");
-        if (avctx->width % 4) {
+        partial_h_supported = 1;
-            avpriv_request_sample(avctx, "Unsupported dimensions");
-            return AVERROR_INVALIDDATA;
-        }
         break;
     case IMGTYPE_RGB24:
-        c->decomp_size = basesize * 3;
+        c->decomp_size = FFALIGN(avctx->width*3, 4) * avctx->height;
         max_decomp_size = max_basesize * 3;
         avctx->pix_fmt = AV_PIX_FMT_BGR24;
         av_log(avctx, AV_LOG_DEBUG, "Image type is RGB 24.\n");
         break;
     case IMGTYPE_YUV411:
-        c->decomp_size = basesize / 2 * 3;
+        c->decomp_size = (avctx->width & ~3) * avctx->height / 2 * 3;
         max_decomp_size = max_basesize / 2 * 3;
         avctx->pix_fmt = AV_PIX_FMT_YUV411P;
         av_log(avctx, AV_LOG_DEBUG, "Image type is YUV 4:1:1.\n");
+        partial_h_supported = 1;
         break;
     case IMGTYPE_YUV211:
         c->decomp_size = basesize * 2;
@@ -541,7 +555,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
     }
 
     av_pix_fmt_get_chroma_sub_sample(avctx->pix_fmt, &subsample_h, &subsample_v);
-    if (avctx->width % (1<<subsample_h) || avctx->height % (1<<subsample_v)) {
+    if ((avctx->width % (1<<subsample_h) && !partial_h_supported) || avctx->height % (1<<subsample_v)) {
         avpriv_request_sample(avctx, "Unsupported dimensions");
         return AVERROR_INVALIDDATA;
     }

libavcodec/libjxldec.c

@@ -167,9 +167,9 @@ static enum AVColorTransferCharacteristic libjxl_get_trc(void *avctx, const JxlC
     case JXL_TRANSFER_FUNCTION_DCI: return AVCOL_TRC_SMPTE428;
     case JXL_TRANSFER_FUNCTION_HLG: return AVCOL_TRC_ARIB_STD_B67;
     case JXL_TRANSFER_FUNCTION_GAMMA:
-        if (jxl_color->gamma > 2.199 && jxl_color->gamma < 2.201)
+        if (jxl_color->gamma > 0.45355 && jxl_color->gamma < 0.45555)
             return AVCOL_TRC_GAMMA22;
-        else if (jxl_color->gamma > 2.799 && jxl_color->gamma < 2.801)
+        else if (jxl_color->gamma > 0.35614 && jxl_color->gamma < 0.35814)
             return AVCOL_TRC_GAMMA28;
         else
             av_log(avctx, AV_LOG_WARNING, "Unsupported gamma transfer: %f\n", jxl_color->gamma);

libavcodec/libjxlenc.c

@@ -190,7 +190,7 @@ static av_cold int libjxl_encode_init(AVCodecContext *avctx)
  * Populate a JxlColorEncoding with the given enum AVColorPrimaries.
  * @return < 0 upon failure, >= 0 upon success
  */
-static int libjxl_populate_primaries(JxlColorEncoding *jxl_color, enum AVColorPrimaries prm)
+static int libjxl_populate_primaries(void *avctx, JxlColorEncoding *jxl_color, enum AVColorPrimaries prm)
 {
     const AVColorPrimariesDesc *desc;
 
@@ -211,6 +211,11 @@ static int libjxl_populate_primaries(JxlColorEncoding *jxl_color, enum AVColorPr
         jxl_color->primaries = JXL_PRIMARIES_P3;
         jxl_color->white_point = JXL_WHITE_POINT_D65;
         return 0;
+    case AVCOL_PRI_UNSPECIFIED:
+        av_log(avctx, AV_LOG_WARNING, "Unknown primaries, assuming BT.709/sRGB. Colors may be wrong.\n");
+        jxl_color->primaries = JXL_PRIMARIES_SRGB;
+        jxl_color->white_point = JXL_WHITE_POINT_D65;
+        return 0;
     }
 
     desc = av_csp_primaries_desc_from_id(prm);
@@ -340,7 +345,7 @@ static int libjxl_encode_frame(AVCodecContext *avctx, AVPacket *pkt, const AVFra
     else
         jxl_color.color_space = JXL_COLOR_SPACE_RGB;
 
-    ret = libjxl_populate_primaries(&jxl_color,
+    ret = libjxl_populate_primaries(avctx, &jxl_color,
             frame->color_primaries && frame->color_primaries != AVCOL_PRI_UNSPECIFIED
             ? frame->color_primaries : avctx->color_primaries);
     if (ret < 0)

libavcodec/libspeexdec.c

@@ -43,7 +43,7 @@ static av_cold int libspeex_decode_init(AVCodecContext *avctx)
     LibSpeexContext *s = avctx->priv_data;
     const SpeexMode *mode;
     SpeexHeader *header = NULL;
-    int spx_mode, channels;
+    int spx_mode, channels = avctx->ch_layout.nb_channels;
 
     if (avctx->extradata && avctx->extradata_size >= 80) {
         header = speex_packet_to_header(avctx->extradata,

libavcodec/libsvtav1.c

@@ -124,16 +124,12 @@ static int svt_print_error(void *log_ctx, EbErrorType err,
 
 static int alloc_buffer(EbSvtAv1EncConfiguration *config, SvtContext *svt_enc)
 {
-    const int    pack_mode_10bit =
+    const size_t luma_size = config->source_width * config->source_height *
-        (config->encoder_bit_depth > 8) && (config->compressed_ten_bit_format == 0) ? 1 : 0;
+        (config->encoder_bit_depth > 8 ? 2 : 1);
-    const size_t luma_size_8bit  =
-        config->source_width * config->source_height * (1 << pack_mode_10bit);
-    const size_t luma_size_10bit =
-        (config->encoder_bit_depth > 8 && pack_mode_10bit == 0) ? luma_size_8bit : 0;
 
     EbSvtIOFormat *in_data;
 
-    svt_enc->raw_size = (luma_size_8bit + luma_size_10bit) * 3 / 2;
+    svt_enc->raw_size = luma_size * 3 / 2;
 
     // allocate buffer for in and out
     svt_enc->in_buf           = av_mallocz(sizeof(*svt_enc->in_buf));
@@ -183,7 +179,10 @@ static int config_enc_params(EbSvtAv1EncConfiguration *param,
         param->min_qp_allowed       = avctx->qmin;
     }
     param->max_bit_rate             = avctx->rc_max_rate;
-    param->vbv_bufsize              = avctx->rc_buffer_size;
+    if ((avctx->bit_rate > 0 || avctx->rc_max_rate > 0) && avctx->rc_buffer_size)
+        param->maximum_buffer_size_ms =
+            avctx->rc_buffer_size * 1000LL /
+            FFMAX(avctx->bit_rate, avctx->rc_max_rate);
 
     if (svt_enc->crf > 0) {
         param->qp                   = svt_enc->crf;
@@ -300,7 +299,8 @@ static int config_enc_params(EbSvtAv1EncConfiguration *param,
     avctx->bit_rate       = param->rate_control_mode > 0 ?
                             param->target_bit_rate : 0;
     avctx->rc_max_rate    = param->max_bit_rate;
-    avctx->rc_buffer_size = param->vbv_bufsize;
+    avctx->rc_buffer_size = param->maximum_buffer_size_ms *
+                            FFMAX(avctx->bit_rate, avctx->rc_max_rate) / 1000LL;
 
     if (avctx->bit_rate || avctx->rc_max_rate || avctx->rc_buffer_size) {
         AVCPBProperties *cpb_props = ff_add_cpb_side_data(avctx);
@@ -424,11 +424,8 @@ static int eb_send_frame(AVCodecContext *avctx, const AVFrame *frame)
         if (svt_enc->eos_flag == EOS_SENT)
             return 0;
 
-        headerPtrLast.n_alloc_len   = 0;
+        memset(&headerPtrLast, 0, sizeof(headerPtrLast));
-        headerPtrLast.n_filled_len  = 0;
+        headerPtrLast.pic_type      = EB_AV1_INVALID_PICTURE;
-        headerPtrLast.n_tick_count  = 0;
-        headerPtrLast.p_app_private = NULL;
-        headerPtrLast.p_buffer      = NULL;
         headerPtrLast.flags         = EB_BUFFERFLAG_EOS;
 
         svt_av1_enc_send_picture(svt_enc->svt_handle, &headerPtrLast);

libavcodec/libvpxenc.c

@@ -56,8 +56,6 @@
 struct FrameListData {
     void *buf;                       /**< compressed data buffer */
     size_t sz;                       /**< length of compressed data */
-    void *buf_alpha;
-    size_t sz_alpha;
     int64_t pts;                     /**< time stamp to show frame
                                           (in timebase units) */
     unsigned long duration;          /**< duration to show frame
@@ -87,6 +85,7 @@ typedef struct VPxEncoderContext {
     int have_sse; /**< true if we have pending sse[] */
     uint64_t frame_number;
     struct FrameListData *coded_frame_list;
+    struct FrameListData *alpha_coded_frame_list;
 
     int cpu_used;
     int sharpness;
@@ -311,8 +310,6 @@ static void coded_frame_add(void *list, struct FrameListData *cx_frame)
 static av_cold void free_coded_frame(struct FrameListData *cx_frame)
 {
     av_freep(&cx_frame->buf);
-    if (cx_frame->buf_alpha)
-        av_freep(&cx_frame->buf_alpha);
     av_freep(&cx_frame);
 }
 
@@ -446,6 +443,7 @@ static av_cold int vpx_free(AVCodecContext *avctx)
     av_freep(&ctx->twopass_stats.buf);
     av_freep(&avctx->stats_out);
     free_frame_list(ctx->coded_frame_list);
+    free_frame_list(ctx->alpha_coded_frame_list);
     if (ctx->hdr10_plus_fifo)
         free_hdr10_plus_fifo(&ctx->hdr10_plus_fifo);
     return 0;
@@ -1205,7 +1203,6 @@ static av_cold int vpx_init(AVCodecContext *avctx,
 
 static inline void cx_pktcpy(struct FrameListData *dst,
                              const struct vpx_codec_cx_pkt *src,
-                             const struct vpx_codec_cx_pkt *src_alpha,
                              VPxContext *ctx)
 {
     dst->pts      = src->data.frame.pts;
@@ -1229,13 +1226,6 @@ static inline void cx_pktcpy(struct FrameListData *dst,
     } else {
         dst->frame_number = -1;   /* sanity marker */
     }
-    if (src_alpha) {
-        dst->buf_alpha = src_alpha->data.frame.buf;
-        dst->sz_alpha = src_alpha->data.frame.sz;
-    } else {
-        dst->buf_alpha = NULL;
-        dst->sz_alpha = 0;
-    }
 }
 
 /**
@@ -1246,7 +1236,7 @@ static inline void cx_pktcpy(struct FrameListData *dst,
  * @return a negative AVERROR on error
  */
 static int storeframe(AVCodecContext *avctx, struct FrameListData *cx_frame,
-                      AVPacket *pkt)
+                      struct FrameListData *alpha_cx_frame, AVPacket *pkt)
 {
     VPxContext *ctx = avctx->priv_data;
     int ret = ff_get_encode_buffer(avctx, pkt, cx_frame->sz, 0);
@@ -1279,16 +1269,16 @@ static int storeframe(AVCodecContext *avctx, struct FrameListData *cx_frame,
             avctx->error[i] += cx_frame->sse[i + 1];
         cx_frame->have_sse = 0;
     }
-    if (cx_frame->sz_alpha > 0) {
+    if (alpha_cx_frame) {
         side_data = av_packet_new_side_data(pkt,
                                             AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL,
-                                            cx_frame->sz_alpha + 8);
+                                            alpha_cx_frame->sz + 8);
         if (!side_data) {
             av_packet_unref(pkt);
             return AVERROR(ENOMEM);
         }
         AV_WB64(side_data, 1);
-        memcpy(side_data + 8, cx_frame->buf_alpha, cx_frame->sz_alpha);
+        memcpy(side_data + 8, alpha_cx_frame->buf, alpha_cx_frame->sz);
     }
     if (cx_frame->frame_number != -1) {
         if (ctx->hdr10_plus_fifo) {
@@ -1309,40 +1299,37 @@ static int storeframe(AVCodecContext *avctx, struct FrameListData *cx_frame,
  * @return AVERROR(EINVAL) on output size error
  * @return AVERROR(ENOMEM) on coded frame queue data allocation error
  */
-static int queue_frames(AVCodecContext *avctx, AVPacket *pkt_out)
+static int queue_frames(AVCodecContext *avctx, struct vpx_codec_ctx *encoder,
+                        struct FrameListData **frame_list, AVPacket *pkt_out)
 {
     VPxContext *ctx = avctx->priv_data;
     const struct vpx_codec_cx_pkt *pkt;
-    const struct vpx_codec_cx_pkt *pkt_alpha = NULL;
     const void *iter = NULL;
-    const void *iter_alpha = NULL;
     int size = 0;
 
-    if (ctx->coded_frame_list) {
+    if (!ctx->is_alpha && *frame_list) {
-        struct FrameListData *cx_frame = ctx->coded_frame_list;
+        struct FrameListData *cx_frame = *frame_list;
         /* return the leading frame if we've already begun queueing */
-        size = storeframe(avctx, cx_frame, pkt_out);
+        size = storeframe(avctx, cx_frame, NULL, pkt_out);
         if (size < 0)
             return size;
-        ctx->coded_frame_list = cx_frame->next;
+        *frame_list = cx_frame->next;
         free_coded_frame(cx_frame);
     }
 
     /* consume all available output from the encoder before returning. buffers
        are only good through the next vpx_codec call */
-    while ((pkt = vpx_codec_get_cx_data(&ctx->encoder, &iter)) &&
+    while (pkt = vpx_codec_get_cx_data(encoder, &iter)) {
-           (!ctx->is_alpha ||
-            (pkt_alpha = vpx_codec_get_cx_data(&ctx->encoder_alpha, &iter_alpha)))) {
         switch (pkt->kind) {
         case VPX_CODEC_CX_FRAME_PKT:
-            if (!size) {
+            if (!ctx->is_alpha && !size) {
                 struct FrameListData cx_frame;
 
                 /* avoid storing the frame when the list is empty and we haven't yet
                    provided a frame for output */
                 av_assert0(!ctx->coded_frame_list);
-                cx_pktcpy(&cx_frame, pkt, pkt_alpha, ctx);
+                cx_pktcpy(&cx_frame, pkt, ctx);
-                size = storeframe(avctx, &cx_frame, pkt_out);
+                size = storeframe(avctx, &cx_frame, NULL, pkt_out);
                 if (size < 0)
                     return size;
             } else {
@@ -1353,7 +1340,7 @@ static int queue_frames(AVCodecContext *avctx, AVPacket *pkt_out)
                            "Frame queue element alloc failed\n");
                     return AVERROR(ENOMEM);
                 }
-                cx_pktcpy(cx_frame, pkt, pkt_alpha, ctx);
+                cx_pktcpy(cx_frame, pkt, ctx);
                 cx_frame->buf = av_malloc(cx_frame->sz);
 
                 if (!cx_frame->buf) {
@@ -1364,23 +1351,14 @@ static int queue_frames(AVCodecContext *avctx, AVPacket *pkt_out)
                     return AVERROR(ENOMEM);
                 }
                 memcpy(cx_frame->buf, pkt->data.frame.buf, pkt->data.frame.sz);
-                if (ctx->is_alpha) {
+                coded_frame_add(frame_list, cx_frame);
-                    cx_frame->buf_alpha = av_malloc(cx_frame->sz_alpha);
-                    if (!cx_frame->buf_alpha) {
-                        av_log(avctx, AV_LOG_ERROR,
-                               "Data buffer alloc (%"SIZE_SPECIFIER" bytes) failed\n",
-                               cx_frame->sz_alpha);
-                        av_free(cx_frame);
-                        return AVERROR(ENOMEM);
-                    }
-                    memcpy(cx_frame->buf_alpha, pkt_alpha->data.frame.buf, pkt_alpha->data.frame.sz);
-                }
-                coded_frame_add(&ctx->coded_frame_list, cx_frame);
             }
             break;
         case VPX_CODEC_STATS_PKT: {
             struct vpx_fixed_buf *stats = &ctx->twopass_stats;
             int err;
+            if (!pkt_out)
+                break;
             if ((err = av_reallocp(&stats->buf,
                                    stats->sz +
                                    pkt->data.twopass_stats.sz)) < 0) {
@@ -1394,6 +1372,8 @@ static int queue_frames(AVCodecContext *avctx, AVPacket *pkt_out)
             break;
         }
         case VPX_CODEC_PSNR_PKT:
+            if (!pkt_out)
+                break;
             av_assert0(!ctx->have_sse);
             ctx->sse[0] = pkt->data.psnr.sse[0];
             ctx->sse[1] = pkt->data.psnr.sse[1];
@@ -1788,7 +1768,24 @@ static int vpx_encode(AVCodecContext *avctx, AVPacket *pkt,
         }
     }
 
-    coded_size = queue_frames(avctx, pkt);
+    coded_size = queue_frames(avctx, &ctx->encoder, &ctx->coded_frame_list, pkt);
+    if (ctx->is_alpha) {
+        queue_frames(avctx, &ctx->encoder_alpha, &ctx->alpha_coded_frame_list, NULL);
+
+        if (ctx->coded_frame_list && ctx->alpha_coded_frame_list) {
+            struct FrameListData *cx_frame = ctx->coded_frame_list;
+            struct FrameListData *alpha_cx_frame = ctx->alpha_coded_frame_list;
+            av_assert0(!coded_size);
+            /* return the leading frame if we've already begun queueing */
+            coded_size = storeframe(avctx, cx_frame, alpha_cx_frame, pkt);
+            if (coded_size < 0)
+                return coded_size;
+            ctx->coded_frame_list = cx_frame->next;
+            ctx->alpha_coded_frame_list = alpha_cx_frame->next;
+            free_coded_frame(cx_frame);
+            free_coded_frame(alpha_cx_frame);
+        }
+    }
 
     if (!frame && avctx->flags & AV_CODEC_FLAG_PASS1) {
         unsigned int b64_size = AV_BASE64_SIZE(ctx->twopass_stats.sz);

libavcodec/libx265.c

@@ -504,7 +504,13 @@ static int libx265_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
 {
     libx265Context *ctx = avctx->priv_data;
     x265_picture x265pic;
-    x265_picture x265pic_out = { 0 };
+#if (X265_BUILD >= 210) && (X265_BUILD < 213)
+    x265_picture x265pic_layers_out[MAX_SCALABLE_LAYERS];
+    x265_picture* x265pic_lyrptr_out[MAX_SCALABLE_LAYERS];
+#else
+    x265_picture x265pic_solo_out = { 0 };
+#endif
+    x265_picture* x265pic_out;
     x265_nal *nal;
     uint8_t *dst;
     int pict_type;
@@ -575,8 +581,16 @@ static int libx265_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
         }
     }
 
+#if (X265_BUILD >= 210) && (X265_BUILD < 213)
+    for (i = 0; i < MAX_SCALABLE_LAYERS; i++)
+        x265pic_lyrptr_out[i] = &x265pic_layers_out[i];
+
     ret = ctx->api->encoder_encode(ctx->encoder, &nal, &nnal,
-                                   pic ? &x265pic : NULL, &x265pic_out);
+                                   pic ? &x265pic : NULL, x265pic_lyrptr_out);
+#else
+    ret = ctx->api->encoder_encode(ctx->encoder, &nal, &nnal,
+                                   pic ? &x265pic : NULL, &x265pic_solo_out);
+#endif
 
     av_freep(&x265pic.quantOffsets);
 
@@ -604,10 +618,16 @@ static int libx265_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
             pkt->flags |= AV_PKT_FLAG_KEY;
     }
 
-    pkt->pts = x265pic_out.pts;
+#if (X265_BUILD >= 210) && (X265_BUILD < 213)
-    pkt->dts = x265pic_out.dts;
+    x265pic_out = x265pic_lyrptr_out[0];
+#else
+    x265pic_out = &x265pic_solo_out;
+#endif
 
-    switch (x265pic_out.sliceType) {
+    pkt->pts = x265pic_out->pts;
+    pkt->dts = x265pic_out->dts;
+
+    switch (x265pic_out->sliceType) {
     case X265_TYPE_IDR:
     case X265_TYPE_I:
         pict_type = AV_PICTURE_TYPE_I;
@@ -625,17 +645,17 @@ static int libx265_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
     }
 
 #if X265_BUILD >= 130
-    if (x265pic_out.sliceType == X265_TYPE_B)
+    if (x265pic_out->sliceType == X265_TYPE_B)
 #else
-    if (x265pic_out.frameData.sliceType == 'b')
+    if (x265pic_out->frameData.sliceType == 'b')
 #endif
         pkt->flags |= AV_PKT_FLAG_DISPOSABLE;
 
-    ff_side_data_set_encoder_stats(pkt, x265pic_out.frameData.qp * FF_QP2LAMBDA, NULL, 0, pict_type);
+    ff_side_data_set_encoder_stats(pkt, x265pic_out->frameData.qp * FF_QP2LAMBDA, NULL, 0, pict_type);
 
-    if (x265pic_out.userData) {
+    if (x265pic_out->userData) {
-        memcpy(&avctx->reordered_opaque, x265pic_out.userData, sizeof(avctx->reordered_opaque));
+        memcpy(&avctx->reordered_opaque, x265pic_out->userData, sizeof(avctx->reordered_opaque));
-        av_freep(&x265pic_out.userData);
+        av_freep(&x265pic_out->userData);
     } else
         avctx->reordered_opaque = 0;
 

libavcodec/loco.c

@@ -92,10 +92,15 @@ static inline int loco_get_rice(RICEContext *r)
     if (get_bits_left(&r->gb) < 1)
         return INT_MIN;
     v = get_ur_golomb_jpegls(&r->gb, loco_get_rice_param(r), INT_MAX, 0);
+    if (v == -1)
+        return INT_MIN;
     loco_update_rice_param(r, (v + 1) >> 1);
     if (!v) {
         if (r->save >= 0) {
-            r->run = get_ur_golomb_jpegls(&r->gb, 2, INT_MAX, 0);
+            int run = get_ur_golomb_jpegls(&r->gb, 2, INT_MAX, 0);
+            if (run == -1)
+                return INT_MIN;
+            r->run = run;
             if (r->run > 1)
                 r->save += r->run + 1;
             else
@@ -152,6 +157,8 @@ static int loco_decode_plane(LOCOContext *l, uint8_t *data, int width, int heigh
 
     /* restore top left pixel */
     val     = loco_get_rice(&rc);
+    if (val == INT_MIN)
+        return AVERROR_INVALIDDATA;
     data[0] = 128 + val;
     /* restore top line */
     for (i = 1; i < width; i++) {

libavcodec/lpc.c

@@ -244,8 +244,10 @@ int ff_lpc_calc_coefs(LPCContext *s,
         double av_uninit(weight);
         memset(var, 0, FFALIGN(MAX_LPC_ORDER+1,4)*sizeof(*var));
 
-        for(j=0; j<max_order; j++)
+        /* Avoids initializing with an unused value when lpc_passes == 1 */
-            m[0].coeff[max_order-1][j] = -lpc[max_order-1][j];
+        if (lpc_passes > 1)
+            for(j=0; j<max_order; j++)
+                m[0].coeff[max_order-1][j] = -lpc[max_order-1][j];
 
         for(; pass<lpc_passes; pass++){
             avpriv_init_lls(&m[pass&1], max_order);

libavcodec/me_cmp.c

@@ -473,8 +473,9 @@ static int zero_cmp(MpegEncContext *s, uint8_t *a, uint8_t *b,
     return 0;
 }
 
-void ff_set_cmp(MECmpContext *c, me_cmp_func *cmp, int type)
+int ff_set_cmp(MECmpContext *c, me_cmp_func *cmp, int type)
 {
+    int ret = 0;
     int i;
 
     memset(cmp, 0, sizeof(void *) * 6);
@@ -533,9 +534,13 @@ void ff_set_cmp(MECmpContext *c, me_cmp_func *cmp, int type)
 #endif
         default:
             av_log(NULL, AV_LOG_ERROR,
-                   "internal error in cmp function selection\n");
+                   "invalid cmp function selection\n");
+            ret = -1;
+            break;
         }
     }
+
+    return ret;
 }
 
 #define BUTTERFLY2(o1, o2, i1, i2)              \

libavcodec/me_cmp.h

@@ -87,7 +87,7 @@ void ff_me_cmp_init_ppc(MECmpContext *c, AVCodecContext *avctx);
 void ff_me_cmp_init_x86(MECmpContext *c, AVCodecContext *avctx);
 void ff_me_cmp_init_mips(MECmpContext *c, AVCodecContext *avctx);
 
-void ff_set_cmp(MECmpContext *c, me_cmp_func *cmp, int type);
+int ff_set_cmp(MECmpContext *c, me_cmp_func *cmp, int type);
 
 void ff_dsputil_init_dwt(MECmpContext *c);
 

libavcodec/mfenc.c

@@ -248,7 +248,7 @@ static int mf_sample_to_avpacket(AVCodecContext *avctx, IMFSample *sample, AVPac
     if ((ret = ff_get_encode_buffer(avctx, avpkt, len, 0)) < 0)
         return ret;
 
-    IMFSample_ConvertToContiguousBuffer(sample, &buffer);
+    hr = IMFSample_ConvertToContiguousBuffer(sample, &buffer);
     if (FAILED(hr))
         return AVERROR_EXTERNAL;
 

libavcodec/midivid.c

@@ -203,12 +203,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
     bytestream2_skip(gb, 8);
     uncompressed = bytestream2_get_le32(gb);
 
-    if ((ret = ff_reget_buffer(avctx, s->frame, 0)) < 0)
+    if (!uncompressed) {
-        return ret;
-
-    if (uncompressed) {
-        ret = decode_mvdv(s, avctx, frame);
-    } else {
         av_fast_padded_malloc(&s->uncompressed, &s->uncompressed_size, 16LL * (avpkt->size - 12));
         if (!s->uncompressed)
             return AVERROR(ENOMEM);
@@ -217,9 +212,13 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
         if (ret < 0)
             return ret;
         bytestream2_init(gb, s->uncompressed, ret);
-        ret = decode_mvdv(s, avctx, frame);
     }
 
+    if ((ret = ff_reget_buffer(avctx, s->frame, 0)) < 0)
+        return ret;
+
+    ret = decode_mvdv(s, avctx, frame);
+
     if (ret < 0)
         return ret;
     key = ret;

libavcodec/mjpegdec.c

@@ -1092,6 +1092,10 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int nb_components, int p
         return AVERROR_INVALIDDATA;
     if (s->v_max != 1 || s->h_max != 1 || !s->lossless)
         return AVERROR_INVALIDDATA;
+    if (s->bayer) {
+        if (s->rct || s->pegasus_rct)
+            return AVERROR_INVALIDDATA;
+    }
 
 
     s->restart_count = s->restart_interval;
@@ -1208,6 +1212,8 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int nb_components, int p
                 ptr[3*mb_x + 2] = buffer[mb_x][2] + ptr[3*mb_x + 1];
             }
         } else if (s->bayer) {
+            if (s->bits <= 8)
+                return AVERROR_PATCHWELCOME;
             if (nb_components == 1) {
                 /* Leave decoding to the TIFF/DNG decoder (see comment in ff_mjpeg_decode_sof) */
                 for (mb_x = 0; mb_x < width; mb_x++)
@@ -1942,6 +1948,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
         }
 
         len -= 9;
+        if (s->bayer)
+            goto out;
         if (s->got_picture)
             if (rgb != s->rgb || pegasus_rct != s->pegasus_rct) {
                 av_log(s->avctx, AV_LOG_WARNING, "Mismatching LJIF tag\n");

libavcodec/mjpegenc_common.c

@@ -309,7 +309,7 @@ void ff_mjpeg_encode_picture_header(AVCodecContext *avctx, PutBitContext *pb,
     default: av_assert0(0);
     }
 
-    put_bits(pb, 16, 17);
+    put_bits(pb, 16, 8 + 3 * components);
     if (lossless && (  avctx->pix_fmt == AV_PIX_FMT_BGR0
                     || avctx->pix_fmt == AV_PIX_FMT_BGRA
                     || avctx->pix_fmt == AV_PIX_FMT_BGR24))