fftools/ffmpeg_demux: don't flag timestamps as unreliable if they are generated

Regardless of the source being an AVFMT_NOTIMESTAMPS format, if the timestamps
are generated like when using the use_wallclock_as_timestamps demuxer option,
then they are reliable.

Fixes ticket #11268

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1787fade20)

Changelog

@@ -1,7 +1,383 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
-version <next>:
+version 6.1.2
+ avcodec/snow: Fix off by 1 error in run_buffer
+ avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
+ swscale: [loongarch] Fix checkasm-sw_yuv2rgb failure.
+ avcodec/pngenc: fix sBIT writing for indexed-color PNGs
+ avcodec/pngdec: use 8-bit sBIT cap for indexed PNGs per spec
+ avcodec/videotoolboxenc: Fix bitrate doesn't work as expected
+ Changelog: update
+ avdevice/dshow: Don't skip audio devices if no video device is present
+ avcodec/hdrenc: Allocate more space
+ avcodec/cfhdenc: Height of 16 is not supported
+ avcodec/cfhdenc: Allocate more space
+ avcodec/osq: fix integer overflow when applying factor
+ avcodec/osq: avoid using too large numbers for shifts and integers in update_residue_parameter()
+ avcodec/vaapi_encode: Check hwctx
+ avcodec/proresdec: Consider negative bits left
+ avcodec/alsdec: Clear shift_value
+ avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices
+ avfilter/vf_xfade: Check ff_inlink_consume_frame() for failure
+ avutil/slicethread: Check pthread_*_init() for failure
+ avutil/frame: Check log2_crop_align
+ avutil/buffer: Check ff_mutex_init() for failure
+ avformat/xmv: Check this_packet_size
+ avformat/ty: rec_size seems to only need 32bit
+ avformat/tty: Check avio_size()
+ avformat/siff: Basic pkt_size check
+ avformat/sauce: Check avio_size() for failure
+ avformat/sapdec: Check ffurl_get_file_handle() for error
+ avformat/nsvdec: Check asize for PCM
+ avformat/mp3dec: Check header_filesize
+ avformat/mp3dec; Check for avio_size() failure
+ avformat/mov: Use 64bit for str_size
+ avformat/mm: Check length
+ avformat/hnm: Check *chunk_size
+ avformat/hlsenc: Check ret
+ avformat/bintext: Check avio_size() return
+ avformat/asfdec_o: Check size of index object
+ avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure
+ avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions()
+ avfilter/vf_lut3d: Check av_scanf()
+ avfilter/vf_elbg: Use unsigned for shifting into the top bit
+ avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables
+ swscale/output: Fix integer overflows in yuv2rgba64_X_c_template
+ avformat/mxfdec: Reorder elements of expression in bisect loop
+ avutil/timecode: Use a 64bit framenum internally
+ avcodec/pnmdec: Use 64bit for input size check
+ avcodec/mpeg12enc: Use av_rescale() in vbv_buffer_size computation
+ avcodec/utvideoenc: Use unsigned shift to build flags
+ avcodec/j2kenc: Merge dwt_norm into lambda
+ avcodec/vc2enc: Fix overflows with storing large values
+ avcodec/mpegvideo_enc: Do not duplicate pictures on shifting
+ avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
+ avcodec/tiff: Check value on positive signed targets
+ avfilter/vf_convolution_opencl: Assert that the filter name is one of the filters
+ avfilter/vf_bm3d: Dont round MSE2SSE to an integer
+ avdevice/dshow: Remove NULL check on pin
+ avdevice/dshow: check ff_dshow_pin_ConnectionMediaType() for failure
+ avdevice/dshow: Check device_filter_unique_name before use
+ avdevice/dshow: Cleanup also on av_log case
+ avdevice/dshow_filter: Use wcscpy_s()
+ avcodec/flac_parser: Assert that we do not overrun the link_penalty array
+ avcodec/osq: avoid signed overflow in downsample path
+ avcodec/pixlet: Simplify pfx computation
+ avcodec/motion_est: Fix score squaring overflow
+ avcodec/mlpenc: Use 64 for ml, mr
+ avcodec/loco: Check loco_get_rice() for failure
+ avcodec/loco: check get_ur_golomb_jpegls() for failure
+ avcodec/imm4: check cbphi for error
+ avcodec/iff: Use signed count
+ avcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()
+ avcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()
+ avcodec/dxv: Fix type in get_opcodes()
+ avcodec/cri: Check length
+ avcodec/xsubdec: Check parse_timecode()
+ avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
+ doc/examples/mux: remove nop
+ avcodec/proresenc_kostya: use unsigned alpha for rotation
+ avformat/rtpenc_rfc4175: Use 64bit in computation if copy_offset
+ avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly
+ avformat/rmdec: use 64bit for audio_framesize checks
+ avutil/wchar_filename: Correct sizeof
+ avutil/hwcontext_d3d11va: correct sizeof IDirect3DSurface9
+ avutil/hwcontext_d3d11va: Free AVD3D11FrameDescriptor on error
+ avutil/hwcontext_d3d11va: correct sizeof AVD3D11FrameDescriptor
+ doc/examples/vaapi_encode: Try to check fwrite() for failure
+ avformat/usmdec: Initialize value
+ avformat/tls_schannel: Initialize ret
+ avformat/subfile: Assert that whence is a known case
+ avformat/subfile: Merge if into switch()
+ avformat/rtsp: Check that lower transport is handled in one of the if()
+ avformat/rtsp: initialize reply1
+ avformat/rtsp: use < 0 for error check
+ avformat/rtpenc_vc2hq: Check sizes
+ avfilter/af_aderivative: Free out on error
+ swscale/swscale: Use ptrdiff_t for linesize computations
+ avfilter/af_afir: Assert format
+ avfilter/af_afftdn: Assert format
+ avfilter/af_pan: check nb_output_channels before use
+ cbs_av1: Reject thirty-two zero bits in uvlc code
+ avfilter/af_mcompand: compute half frequency in double
+ avfilter/af_channelsplit: Assert that av_channel_layout_channel_from_index() succeeds
+ avfilter/af_aresample: Cleanup on av_channel_layout_copy() failure
+ tools/coverity: Phase 1 study of anti-halicogenic for coverity av_rescale()
+ avfilter/vf_avgblur: Check plane instead of AVFrame
+ avfilter/drawutils: Fix depthb computation
+ avfilter/avf_showcwt: Check av_parse_video_rate() for failure
+ avformat/rdt: Check pkt_len
+ avformat/mpeg: Check len in mpegps_probe()
+ avformat/mxfenc: resurrects the error print
+ avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
+ avcodec/mfenc: check IMFSample_ConvertToContiguousBuffer() for failure
+ avcodec/vc1_loopfilter: Factor duplicate code in vc1_b_h_intfi_loop_filter()
+ avformat/img2dec: assert no pipe on ts_from_file
+ avcodec/cbs_jpeg: Try to move the read entity to one side in a test
+ fftools/ffmpeg_enc: Initialize fd
+ fftools/ffmpeg_enc: simplify opaque_ref check
+ avformat/mov: Check edit list for overflow
+ fftools/ffmpeg: Check read() for failure
+ MAINTAINERS: Add Timo Rothenpieler to server admins
+ swscale/output: Avoid undefined overflow in yuv2rgb_write_full()
+ swscale/output: alpha can become negative after scaling, use multiply
+ avcodec/targaenc: Allocate space for the palette
+ avcodec/r210enc: Use av_rescale for bitrate
+ avcodec/jfdctint_template: Fewer integer anomalies
+ avcodec/snowenc: MV limits due to mv_penalty table size
+ tools/target_dec_fuzzer: Adjust threshold for MV30
+ tools/target_dec_fuzzer: Adjust threshold for jpeg2000
+ avformat/mxfdec: Check container_ul->desc before use
+ avcodec/libvpxenc: Cleanup on error
+ MAINTAINERS: Update the entries for the release maintainer for FFmpeg
+ configure: update copyright year
+ doc/developer: Provide information about git send-email and gmail
+ avfilter/vf_rotate: Check ff_draw_init2() return value
+ avformat/mov: Use int64_t in intermediate for corrected_dts
+ avformat/mov: Use 64bit in intermediate for current_dts
+ avformat/matroskadec: Assert that num_levels is non negative
+ avformat/libzmq: Check av_strstart()
+ avformat/img2dec: Little JFIF / Exif cleanup
+ avformat/img2dec: Move DQT after unrelated if()
+ avformat/imfdec: Simplify get_next_track_with_minimum_timestamp()
+ avdevice/xcbgrab: Check sscanf() return
+ fftools/cmdutils: Add protective () to FLAGS
+ avformat/sdp: Check before appending ","
+ avcodec/ilbcdec: Remove dead code
+ avcodec/vp8: Check cond init
+ avcodec/vp8: Check mutex init
+ avcodec/proresenc_anatoliy: Assert that AV_PROFILE_UNKNOWN is replaced
+ avcodec/pcm-dvdenc: 64bit pkt-size
+ avcodec/notchlc: Check init_get_bits8() for failure
+ avcodec/tests/dct: Use 64bit in intermediate for error computation
+ avcodec/scpr3: Check add_dec() for failure
+ avcodec/rv34: assert that size is not 0 in rv34_gen_vlc_ext()
+ avcodec/wavpackenc: Use unsigned for potential 31bit shift
+ avcodec/tests/jpeg2000dwt: Use 64bit in comparission
+ avcodec/tests/jpeg2000dwt: Use 64bit in err2 computation
+ avformat/fwse: Remove always false expression
+ avcodec/sga: Make it clear that the return is intentionally not checked
+ avformat/asfdec_f: Use 64bit for preroll computation
+ avformat/argo_asf: Use 64bit in offset intermediate
+ avformat/ape: Use 64bit for final frame size
+ avformat/ac4dec: Check remaining space in ac4_probe()
+ avdevice/pulse_audio_enc: Use av_rescale() to avoid integer overflow
+ avcodec/vlc: Cleanup on multi table alloc failure in ff_vlc_init_multi_from_lengths()
+ avcodec/tiff: Assert init_get_bits8() success in unpack_gray()
+ avcodec/tiff: Assert init_get_bits8() success in horizontal_fill()
+ tools/decode_simple: Check avcodec_send_packet() for errors on flushing
+ swscale/yuv2rgb: Use 64bit for brightness computation
+ swscale/x86/swscale: use a clearer name for INPUT_PLANER_RGB_A_FUNC_CASE
+ avutil/tests/opt: Check av_set_options_string() for failure
+ avutil/tests/dict: Check av_dict_set() before get for failure
+ avdevice/dshow: fix badly indented line
+ avformat/demux: resurrect dead stores
+ avcodec/tests/bitstream_template: Assert bits_init8() return
+ tools/enc_recon_frame_test: Assert that av_image_get_linesize() succeeds
+ fftools/ffmpeg: prefer real errors over EOF in err_merge()
+ avcodec/png: more informative error message for invalid sBIT size
+ avcodec/pngdec: avoid erroring with sBIT on indexed-color images
+ avcodec/nvenc: fix segfault in intra-only mode
+ aarch64: Add OpenBSD runtime detection of dotprod and i8mm using sysctl
+ qsv: Initialize impl_value
+ avutil/hwcontext_qsv: fix GCC 14.1 warnings
+ lavc/vp9: reset segmentation fields when segmentation isn't enabled
+ configure: enable ffnvcodec, nvenc, nvdec for FreeBSD
+ avcodec/mscc & mwsc: Check loop counts before use
+ avcodec/mpegvideo_enc: Fix potential overflow in RD
+ avcodec/mpeg4videodec: assert impossible wrap points
+ avcodec/mpeg12dec: Use 64bit in bit computation
+ avcodec/vqcdec: Check init_get_bits8() for failure
+ avcodec/vble: Check av_image_get_buffer_size() for failure
+ avcodec/vp3: Replace check by assert
+ avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
+ avcodec/jpeg2000dec: remove ST=3 case
+ avcodec/qsvdec: Check av_image_get_buffer_size() for failure
+ avcodec/exr: Fix preview overflow
+ avcodec/decode: decode_simple_internal() only implements audio and video
+ avcodec/fmvc: remove dead assignment
+ avcodec/h2645_sei: Remove dead checks
+ avcodec/h264_slice: Remove dead sps check
+ avcodec/lpc: copy levenson coeffs only when they have been computed
+ avutil/tests/base64: Check with too short output array
+ libavutil/base64: Try not to write over the array end
+ avcodec/cbs_av1: Avoid shift overflow
+ fftools/ffplay: Check return of swr_alloc_set_opts2()
+ tools/opt_common: Check for malloc failure
+ doc/examples/demux_decode: Simplify loop
+ avformat/concatdec: Check file
+ avcodec/mpegvideo_enc: Fix 1 line and one column images
+ avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector()
+ avcodec/wavarc: fix integer overflow in decode_5elp() block type 2
+ swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
+ swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
+ avcodec/av1dec: Change bit_depth to int
+ avcodec/av1dec: bit_depth cannot be another values than 8,10,12
+ avcodec/avs3_parser: assert the return value of init_get_bits()
+ avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
+ avformat/mxfdec: Check body_offset
+ avformat/kvag: Check sample_rate
+ avcodec/atrac9dec: Check init_get_bits8() for failure
+ avcodec/ac3_parser: Check init_get_bits8() for failure
+ avcodec/pngdec: Check last AVFrame before deref
+ avcodec/hevcdec: Check ref frame
+ doc/examples/qsv_transcode: Initialize pointer before free
+ doc/examples/qsv_transcode: Simplify str_to_dict() loop
+ doc/examples/vaapi_transcode: Simplify loop
+ doc/examples/qsv_transcode: Simplify loop
+ avcodec/cbs_h2645: Check NAL space
+ avfilter/vf_thumbnail_cuda: Set ret before checking it
+ avfilter/signature_lookup: Dont copy uninitialized stuff around
+ avfilter/signature_lookup: Fix 2 differences to the refernce SW
+ avcodec/x86/vp3dsp_init: Set correct function pointer, fix crash
+ avformat/mp3dec: change bogus error message if read_header encounters EOF
+ avformat/mp3dec: simplify inner frame size check in mp3_read_header
+ avformat/mp3dec: only call ffio_ensure_seekback once
+ avutil/thread: fix pthread_setname_np parameters for NetBSD and Apple
+ avutil/thread: add support for setting thread name on *bsd and solaris
+ avutil/ppc/cpu: Also use the machdep.altivec sysctl on NetBSD
+ lavd/v4l2: Use proper field type for second parameter of ioctl() with BSD's
+ avfilter/avfilter: fix OOM case for default activate
+ avfilter/buffersrc: switch to activate
+ avcodec/mediacodecenc: set quality in cq mode
+ Update for 6.1.2
+ fate/subtitles: Ignore line endings for sub-scc test
+ avformat/mxfdec: Check index_edit_rate
+ swscale/utils: Fix xInc overflow
+ avcodec/wavarc: fix signed integer overflow in block type 6/19
+ doc/developer: (security) researchers should be credited
+ avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr()
+ avcodec/exr: Dont use 64bits to hold 6bits
+ avcodec/exr: Check for remaining bits in huf_unpack_enc_table()
+ avcodec/apedec: Use NABS to avoid undefined negation
+ avformat/mpegts: Reset local nb_prg on add_program() failure
+ avformat/aiffdec: Check for previously set channels
+ avformat/mxfdec: Make edit_unit_byte_count unsigned
+ avformat/movenc: Check that cts fits in 32bit
+ avformat/mxfdec: Check first case of offset_temp computation for overflow
+ avcodec/jpeg2000htdec: warn about non zero roi shift
+ avcodec/jpeg2000htdec: Check magp before using it in a shift
+ avfilter/vf_signature: Dont crash on no frames
+ avformat/westwood_vqa: Fix 2g packets
+ avformat/matroskadec: Check timescale
+ avformat/wavdec: satuarte next_tag_ofs, data_end
+ avformat/wavdec: sanity check channels and bps before using them for block_align
+ avformat/sbgdec: Check for negative duration
+ avformat/rpl: Use 64bit for total_audio_size and check it
+ avformat/timecode: use 64bit for intermediate for rounding in fps_from_frame_rate()
+ avformat/mov: use 64bit for intermediate for rounding
+ avformat/jacosubdec: Use 64bit for abs
+ avformat/concatdec: Check user_duration sum
+ avcodec/wavarc: avoid signed integer overflow in AC code
+ avcodec/wavarc: Avoid signed integer overflow in sample
+ avcodec/truemotion1: Height not being a multiple of 4 is unsupported
+ avcodec/rtv1: fix undefined FFALIGN
+ avcodec/hcadec: do not allow code to continue after failed init
+ avcodec/hcadec: do not set hfr_group_count to invalid values
+ avformat/concatdec: clip outpoint - inpoint overflow in get_best_effort_duration()
+ avcodec/osq: avoid several signed integer overflows
+ avformat/jacosubdec: clarify code
+ avformat/cafdec: Check that data chunk end fits within 64bit
+ avformat/iff: Saturate avio_tell() + 12
+ avformat/dxa: Adjust order of operations around block align
+ avformat/cafdec: dont seek beyond 64bit
+ avformat/id3v2: read_uslt() check for the amount read
+ avcodec/vmixdec: Check shift before use
+ avformat/mov: Check sample_count and auxiliary_info_default_size to be 0
+ avformat/wady: Check >0 samplerate and channels 1 || 2.
+ avcodec/cbs_h266_syntax_template: Check tile_y
+ avcodec/proresenc_kostya: Remove bug similarity text
+ avcodec/vorbisdec: Check remaining data in vorbis_residue_decode_internal()
+ avformat/concatdec: Check in and outpoints to be to produce a positive representable duration
+ avcodec/8bps: Consider width in the minimal size check
+ libswscale/utils: Fix bayer to yuvj
+ swscale/swscale: Check srcSliceH for bayer
+ swscale/utils: Allocate more dithererror
+ avcodec/indeo3: Round dimensions up in allocate_frame_buffers()
+ avutil/rational: Document what is to be expected from av_d2q() of doubles representing rational numbers
+ avfilter/signature_lookup: Do not dereference NULL pointers after malloc failure
+ avfilter/signature_lookup: dont leave uncleared pointers in sll_free()
+ avcodec/mpegvideo_enc: Use ptrdiff_t for stride
+ libavformat/hlsenc.c: Populate OTI using AAC profile in write_codec_attr.
+ avformat/mov: Check if a key is longer than the atom containing it
+ avcodec/nvenc: support SDK 12.2 bit depth API
+ avcodec/nvenc: stop using long deprecated format specifiers
+ avfilter/buffersrc: fix overriding unknown channel layouts with negotiated one
+ avfilter/af_channelmap: disallow channel index 64
+ avfilter/af_channelmap: fix mapping if in_channel was a string but out_channel was not specified
+ avfilter/af_channelmap: fix error message if FL source channel was missing
+ avcodec/nvdec: reset bitstream_len/nb_slices when resetting bitstream pointer
+ avformat/mov: don't abort on duplicate Mastering Display Metadata boxes
+ fftools/ffplay: use correct buffersink channel layout parameters
+ avformat/mpegts: detect synchronous metadata KLV more reliably
+ swresample/resample: fix rounding errors with filter_size=1 and phase_shift=0
+ avformat/mxfdec: remove resolve_strong_ref usage with AnyType
+ avfilter/vf_convolution: add float user_rdiv[4] to allow user options to apply correctly
+ avformat/libsrt: use SRT_EPOLL_IN for waiting for an incoming connection
+ avformat/mxfdec: do not use AnyType when resolving Descriptors and MultipleDescriptors
+ avformat/mxfdec: move resolving Descriptors to the multi descriptor resolve function
+ avutil/hwcontext_d3d11va: prefer DXGI 1.1 factory when available
+ avcodec/libsvtav1: send the EOS signal without a one frame delay to allow for the library to operate in a low-delay mode
+ avcodec/libsvtav1: add version guard for external param
+ lavc/vvc: Read subpic ID when only one subpicture is present
+ lavc/vvc: Correct sps_num_subpics_minus1 minimum
+ avcodec/cbs_h2645: Avoid function pointer casts, fix UB
+ avcodec/cbs_h266_syntax_template: Don't omit unused function parameter
+ avcodec/cbs_h266_syntax_template: check aps_adaptation_parameter_set_id
+ lavc/vvc: Add check to num_multi_layer_olss
+ avcodec/cbs_h266: fix logic setting num_layers_in_ols when vps_ols_mode_idc is 2
+ avcodec/av1dec: fix matrix coefficients exposed by codec context
+ {avcodec,tests}: rename the bundled Mesa AV1 vulkan video headers
+ avformat/mov_chan: never override number of channels based on chan atom
+ avformat/mov_chan: do not assume channels are in native order
+ avfft: avoid overreads with RDFT API users
+ avcodec/nvdec: don't free NVDECContext->bitstream
+ avcodec/mediacodecdec: fix return EAGAIN after EOF
+
+
+version 6.1.1
+- avcodec/mpegvideo_enc: Dont copy beyond the image
+- avfilter/vf_minterpolate: Check pts before division
+- avfilter/avf_showwaves: Check history_nb_samples
+- avformat/flacdec: Avoid double AVERRORS
+- avfilter/vf_vidstabdetect: Avoid double AVERRORS
+- avcodec/vaapi_encode: Avoid double AVERRORS
+- avfilter/vf_swaprect: round coordinates down
+- avfilter/vf_swaprect: Use height for vertical variables
+- avfilter/vf_swaprect: assert that rectangles are within memory
+- avfilter/af_alimiter: Check nextpos before use
+- avfilter/f_reverse: Apply PTS compensation only when pts is available
+- avfilter/af_stereowiden: Check length
+- avformat/mov: Fix MSAN issue with stsd_id
+- avcodec/jpegxl_parser: Check get_vlc2()
+- avfilter/vf_weave: Fix odd height handling
+- avfilter/edge_template: Fix small inputs with gaussian_blur()
+- avfilter/vf_gradfun: Do not overread last line
+- avfilter/avf_showspectrum: fix off by 1 error
+- avcodec/jpegxl_parser: Add padding to cs_buffer
+- avformat/mov: do not set sign bit for chunk_offsets
+- avcodec/jpeglsdec: Check Jpeg-LS LSE
+- avcodec/osq: Implement flush()
+- configure: Enable section_data_rel_ro for FreeBSD and NetBSD aarch64 / arm
+- avcodec/cbs_h266: more restrictive check on pps_tile_idx_delta_val
+- avcodec/jpeg2000htdec: check if block decoding will exceed internal precision
+- tools/target_dec_fuzzer: Adjust threshold for VMIX
+- avcodec/av1dec: Fix resolving zero divisor
+- avformat/mov: Ignore duplicate ftyp
+- avformat/mov: Fix integer overflow in mov_read_packet().
+- lavc/qsvdec: return 0 if more data is required
+- avcodec/jpegxl_parser: check ANS cluster alphabet size vs bundle size
+- libavformat/vvc: Make probe more conservative
+- hwcontext_vulkan: guard unistd.h include
+- lavc/Makefile: build vulkan decode code if vulkan_av1 has been enabled
+- lavc/dvdsubenc: only check canvas size when it is actually set
+- avcodec/decode: validate hw_frames_ctx when AVHWAccel.free_frame_priv is used
+- avcoded/fft: Fix memory leak if ctx2 is used
+- avcodec/fft: Use av_mallocz to avoid invalid free/uninit
+
+
+version 6.1:
 - libaribcaption decoder
 - Playdate video decoder and demuxer
 - Extend VAAPI support for libva-win32 on Windows

INSTALL.md

@@ -15,3 +15,11 @@ NOTICE
 ------
 
  - Non system dependencies (e.g. libx264, libvpx) are disabled by default.
+
+NOTICE for Package Maintainers
+------------------------------
+
+ - It is recommended to build FFmpeg twice, first with minimal external dependencies so
+   that 3rd party packages, which depend on FFmpegs libavutil/libavfilter/libavcodec/libavformat
+   can then be built. And last build FFmpeg with full dependancies (which may in turn depend on
+   some of these 3rd party packages). This avoids circular dependencies during build.

MAINTAINERS

@@ -34,8 +34,8 @@ Miscellaneous Areas
 ===================
 
 documentation                           Stefano Sabatini, Mike Melanson, Timothy Gu, Gyan Doshi
-project server day to day operations    Árpád Gereöffy, Michael Niedermayer, Reimar Doeffinger, Alexander Strasser, Nikolay Aleksandrov
-project server emergencies              Árpád Gereöffy, Reimar Doeffinger, Alexander Strasser, Nikolay Aleksandrov
+project server day to day operations    Árpád Gereöffy, Michael Niedermayer, Reimar Doeffinger, Alexander Strasser, Nikolay Aleksandrov, Timo Rothenpieler
+project server emergencies              Árpád Gereöffy, Reimar Doeffinger, Alexander Strasser, Nikolay Aleksandrov, Timo Rothenpieler
 presets                                 Robert Swain
 metadata subsystem                      Aurelien Jacobs
 release management                      Michael Niedermayer
@@ -588,10 +588,12 @@ wm4
 Releases
 ========
 
+7.0                                     Michael Niedermayer
+6.1                                     Michael Niedermayer
+5.1                                     Michael Niedermayer
+4.4                                     Michael Niedermayer
+3.4                                     Michael Niedermayer
 2.8                                     Michael Niedermayer
-2.7                                     Michael Niedermayer
-2.6                                     Michael Niedermayer
-2.5                                     Michael Niedermayer
 
 If you want to maintain an older release, please contact us
 

Makefile

@@ -93,10 +93,10 @@ ffbuild/.config: $(CONFIGURABLE_COMPONENTS)
 SUBDIR_VARS := CLEANFILES FFLIBS HOSTPROGS TESTPROGS TOOLS               \
                HEADERS ARCH_HEADERS BUILT_HEADERS SKIPHEADERS            \
                ARMV5TE-OBJS ARMV6-OBJS ARMV8-OBJS VFP-OBJS NEON-OBJS     \
-               ALTIVEC-OBJS VSX-OBJS RVV-OBJS MMX-OBJS X86ASM-OBJS       \
+               ALTIVEC-OBJS VSX-OBJS MMX-OBJS X86ASM-OBJS                \
                MIPSFPU-OBJS MIPSDSPR2-OBJS MIPSDSP-OBJS MSA-OBJS         \
-               MMI-OBJS LSX-OBJS LASX-OBJS OBJS SLIBOBJS SHLIBOBJS       \
-               STLIBOBJS HOSTOBJS TESTOBJS
+               MMI-OBJS LSX-OBJS LASX-OBJS RV-OBJS RVV-OBJS              \
+               OBJS SLIBOBJS SHLIBOBJS STLIBOBJS HOSTOBJS TESTOBJS
 
 define RESET
 $(1) :=

RELEASE

@@ -1 +1 @@
-5.1.git
+6.1.2

RELEASE_NOTES

@@ -0,0 +1,15 @@
+
+            ┌──────────────────────────────────────────┐
+            │ RELEASE NOTES for FFmpeg 6.1 "Heaviside" │
+            └──────────────────────────────────────────┘
+
+   The FFmpeg Project proudly presents FFmpeg 6.1 "Heaviside", about 8
+   months after the release of FFmpeg 6.0.
+
+   A complete Changelog is available at the root of the project, and the
+   complete Git history on https://git.ffmpeg.org/gitweb/ffmpeg.git
+
+   We hope you will like this release as much as we enjoyed working on it, and
+   as usual, if you have any questions about it, or any FFmpeg related topic,
+   feel free to join us on the #ffmpeg IRC channel (on irc.libera.chat) or ask
+   on the mailing-lists.

configure

@@ -420,7 +420,9 @@ Advanced options (experts only):
   --enable-hardcoded-tables use hardcoded tables instead of runtime generation
   --disable-safe-bitstream-reader
                            disable buffer boundary checking in bitreaders
-                           (faster, but may crash)
+                           (This disables some security checks and can cause undefined behavior,
+                            crashes and arbitrary code execution, it may be faster, but
+                            should only be used with trusted input)
   --sws-max-filter-size=N  the max filter size swscale uses [$sws_max_filter_size_default]
 
 Optimization options (experts only):
@@ -2146,10 +2148,12 @@ ARCH_EXT_LIST_PPC="
     ldbrx
     power8
     ppc4xx
+    vec_xl
     vsx
 "
 
 ARCH_EXT_LIST_RISCV="
+    rv
     rvv
 "
 
@@ -2227,6 +2231,7 @@ HEADERS_LIST="
     opencv2_core_core_c_h
     OpenGL_gl3_h
     poll_h
+    pthread_np_h
     sys_param_h
     sys_resource_h
     sys_select_h
@@ -2329,6 +2334,8 @@ SYSTEM_FUNCS="
     posix_memalign
     prctl
     pthread_cancel
+    pthread_set_name_np
+    pthread_setname_np
     sched_getaffinity
     SecItemImport
     SetConsoleTextAttribute
@@ -2447,6 +2454,7 @@ HAVE_LIST="
     opencl_vaapi_intel_media
     perl
     pod2man
+    posix_ioctl
     texi2html
     xmllint
     zlib_gzip
@@ -2671,10 +2679,12 @@ altivec_deps="ppc"
 dcbzl_deps="ppc"
 ldbrx_deps="ppc"
 ppc4xx_deps="ppc"
+vec_xl_deps="altivec"
 vsx_deps="altivec"
 power8_deps="vsx"
 
-rvv_deps="riscv"
+rv_deps="riscv"
+rvv_deps="rv"
 
 loongson2_deps="mips"
 loongson3_deps="mips"
@@ -3957,6 +3967,8 @@ if test "$target_os_default" = aix; then
     arch_default=$(uname -p)
     strip_default="strip -X32_64"
     nm_default="nm -g -X32_64"
+elif test "$MSYSTEM_CARCH" != ""; then
+    arch_default="$MSYSTEM_CARCH"
 else
     arch_default=$(uname -m)
 fi
@@ -5585,6 +5597,7 @@ case $target_os in
         ;;
     netbsd)
         disable symver
+        enable section_data_rel_ro
         oss_indev_extralibs="-lossaudio"
         oss_outdev_extralibs="-lossaudio"
         enabled gcc || check_ldflags -Wl,-zmuldefs
@@ -5603,6 +5616,7 @@ case $target_os in
         disable symver
         ;;
     freebsd)
+        enable section_data_rel_ro
         ;;
     bsd/os)
         add_extralibs -lpoll -lgnugetopt
@@ -6210,8 +6224,14 @@ elif enabled ppc; then
         check_cpp_condition power8 "altivec.h" "defined(_ARCH_PWR8)"
     fi
 
+    if enabled altivec; then
+        check_cc vec_xl altivec.h "const unsigned char *y1i = { 0 };
+                                   vector unsigned char y0 = vec_xl(0, y1i);"
+    fi
+
 elif enabled riscv; then
 
+    enabled rv && check_inline_asm rv '".option arch, +zbb\nrev8 t0, t1"'
     enabled rvv && check_inline_asm rvv '".option arch, +v\nvsetivli zero, 0, e8, m1, ta, ma"'
 
 elif enabled x86; then
@@ -6458,6 +6478,7 @@ check_headers malloc.h
 check_headers mftransform.h
 check_headers net/udplite.h
 check_headers poll.h
+check_headers pthread_np.h
 check_headers sys/param.h
 check_headers sys/resource.h
 check_headers sys/select.h
@@ -6623,6 +6644,12 @@ if ! disabled pthreads && ! enabled w32threads && ! enabled os2threads; then
     if enabled pthreads; then
         check_builtin sem_timedwait semaphore.h "sem_t *s; sem_init(s,0,0); sem_timedwait(s,0); sem_destroy(s)" $pthreads_extralibs
         check_func pthread_cancel $pthreads_extralibs
+        hdrs=pthread.h
+        if enabled pthread_np_h; then
+            hdrs="$hdrs pthread_np.h"
+        fi
+        check_lib pthread_set_name_np "$hdrs" pthread_set_name_np -lpthread
+        check_lib pthread_setname_np "$hdrs" pthread_setname_np -lpthread
     fi
 fi
 
@@ -6677,7 +6704,7 @@ enabled libaom            && require_pkg_config libaom "aom >= 1.0.0" aom/aom_co
 enabled libaribb24        && { check_pkg_config libaribb24 "aribb24 > 1.0.3" "aribb24/aribb24.h" arib_instance_new ||
                                { enabled gpl && require_pkg_config libaribb24 aribb24 "aribb24/aribb24.h" arib_instance_new; } ||
                                die "ERROR: libaribb24 requires version higher than 1.0.3 or --enable-gpl."; }
-enabled libaribcaption    && require_pkg_config libaribcaption "libaribcaption >= 0.1.0" "aribcaption/aribcaption.h" aribcc_context_alloc
+enabled libaribcaption    && require_pkg_config libaribcaption "libaribcaption >= 1.1.1" "aribcaption/aribcaption.h" aribcc_context_alloc
 enabled lv2               && require_pkg_config lv2 lilv-0 "lilv/lilv.h" lilv_world_new
 enabled libiec61883       && require libiec61883 libiec61883/iec61883.h iec61883_cmp_connect -lraw1394 -lavc1394 -lrom1394 -liec61883
 enabled libass            && require_pkg_config libass "libass >= 0.11.0" ass/ass.h ass_library_init
@@ -6970,14 +6997,16 @@ enabled makeinfo \
 disabled makeinfo_html && texi2html --help 2> /dev/null | grep -q 'init-file' && enable texi2html || disable texi2html
 perl -v            > /dev/null 2>&1 && enable perl      || disable perl
 pod2man --help     > /dev/null 2>&1 && enable pod2man   || disable pod2man
-rsync --help 2> /dev/null | grep -q 'contimeout' && enable rsync_contimeout || disable rsync_contimeout
+rsync --help 2> /dev/null | grep -q 'contimeout=' && enable rsync_contimeout || disable rsync_contimeout
 xmllint --version  > /dev/null 2>&1 && enable xmllint   || disable xmllint
 
+check_headers linux/fb.h
+check_headers linux/videodev2.h
+test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete
+test_code cc sys/ioctl.h "int ioctl(int, int, ...)" && enable posix_ioctl
+
 # check V4L2 codecs available in the API
 if enabled v4l2_m2m; then
-    check_headers linux/fb.h
-    check_headers linux/videodev2.h
-    test_code cc linux/videodev2.h "struct v4l2_frmsizeenum vfse; vfse.discrete.width = 0;" && enable_sanitized struct_v4l2_frmivalenum_discrete
     check_cc v4l2_m2m linux/videodev2.h "int i = V4L2_CAP_VIDEO_M2M_MPLANE | V4L2_CAP_VIDEO_M2M | V4L2_BUF_FLAG_LAST;"
     check_cc vc1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_VC1_ANNEX_G;"
     check_cc mpeg1_v4l2_m2m linux/videodev2.h "int i = V4L2_PIX_FMT_MPEG1;"
@@ -7158,7 +7187,7 @@ fi
 
 if enabled x86; then
     case $target_os in
-        mingw32*|mingw64*|win32|win64|linux|cygwin*)
+        freebsd|mingw32*|mingw64*|win32|win64|linux|cygwin*)
             ;;
         *)
             disable ffnvcodec cuvid nvdec nvenc
@@ -7736,6 +7765,7 @@ if enabled ppc; then
     echo "POWER8 enabled            ${power8-no}"
     echo "PPC 4xx optimizations     ${ppc4xx-no}"
     echo "dcbzl available           ${dcbzl-no}"
+    echo "vec_xl available          ${vec_xl-no}"
 fi
 if enabled loongarch; then
     echo "LSX enabled               ${lsx-no}"
@@ -7984,7 +8014,7 @@ cat > $TMPH <<EOF
 #define FFMPEG_CONFIG_H
 #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
 #define FFMPEG_LICENSE "$(c_escape $license)"
-#define CONFIG_THIS_YEAR 2023
+#define CONFIG_THIS_YEAR 2025
 #define FFMPEG_DATADIR "$(eval c_escape $datadir)"
 #define AVCONV_DATADIR "$(eval c_escape $datadir)"
 #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"

doc/APIchanges

@@ -2,174 +2,176 @@ The last version increases of all libraries were on 2023-02-09
 
 API changes, most recent first:
 
-2023-10-27 - xxxxxxxxxx - lavu 58.28.100 - channel_layout.h
+-------- 8< --------- FFmpeg 6.1 was cut here -------- 8< ---------
+
+2023-10-27 - 52a97642604 - lavu 58.28.100 - channel_layout.h
   Add AV_CH_LAYOUT_3POINT1POINT2 and AV_CHANNEL_LAYOUT_3POINT1POINT2.
   Add AV_CH_LAYOUT_5POINT1POINT2_BACK and AV_CHANNEL_LAYOUT_5POINT1POINT2_BACK.
   Add AV_CH_LAYOUT_5POINT1POINT4_BACK and AV_CHANNEL_LAYOUT_5POINT1POINT4_BACK.
   Add AV_CH_LAYOUT_7POINT1POINT2 and AV_CHANNEL_LAYOUT_7POINT1POINT2.
   Add AV_CH_LAYOUT_7POINT1POINT4_BACK and AV_CHANNEL_LAYOUT_7POINT1POINT4_BACK.
 
-2023-10-06 - xxxxxxxxxx - lavc 60.30.101 - avcodec.h
+2023-10-06 - 804be7f9e3c - lavc 60.30.101 - avcodec.h
   AVCodecContext.coded_side_data may now be used during decoding, to be set
   by user before calling avcodec_open2() for initialization.
 
-2023-10-06 - xxxxxxxxxx - lavc 60.15.100 - avformat.h
+2023-10-06 - 5432d2aacad - lavc 60.15.100 - avformat.h
   Deprecate AVFormatContext.{nb_,}side_data, av_stream_add_side_data(),
   av_stream_new_side_data(), and av_stream_get_side_data(). Side data fields
   from AVFormatContext.codecpar should be used from now on.
 
-2023-10-06 - xxxxxxxxxx - lavc 60.30.100 - codec_par.h
+2023-10-06 - 21d7cc6fa9a - lavc 60.30.100 - codec_par.h
   Added {nb_,}coded_side_data to AVCodecParameters.
   The AVCodecParameters helpers will copy it to and from its AVCodecContext
   namesake.
 
-2023-10-06 - xxxxxxxxxx - lavc 60.29.100 - packet.h
+2023-10-06 - 74279227dd2 - lavc 60.29.100 - packet.h
   Added av_packet_side_data_new(), av_packet_side_data_add(),
   av_packet_side_data_get(), av_packet_side_data_remove, and
   av_packet_side_data_free().
 
-2023-10-03 - xxxxxxxxxx - lavc 60.28.100 - codec_par.h defs.h
+2023-10-03 - ea14e8bc302 - lavc 60.28.100 - codec_par.h defs.h
   Move the definition of enum AVFieldOrder from codec_par.h to defs.h.
 
-2023-10-03 - xxxxxxxxxx - lavf 60.14.100 - avformat.h
+2023-10-03 - dd48e49d547 - lavf 60.14.100 - avformat.h
   Deprecate AVFMT_ALLOW_FLUSH without replacement. Users can always
   flush any muxer by sending a NULL packet.
 
-2023-09-28 - xxxxxxxxxx - lavu 58.27.100 - pixfmt.h
+2023-09-28 - 8e1ef7c38f6 - lavu 58.27.100 - pixfmt.h
   Add AV_PIX_FMT_GBRAP14BE, AV_PIX_FMT_GBRAP14LE pixel formats.
 
-2023-09-28 - xxxxxxxxxx - lavu 58.26.100 - hwcontext_cuda.h
+2023-09-28 - 05f8b2ca0f7 - lavu 58.26.100 - hwcontext_cuda.h
   Add AV_CUDA_USE_CURRENT_CONTEXT.
 
-2023-09-19 - xxxxxxxxxx - lavu 58.25.100 - avutil.h
+2023-09-19 - ba9cd06c763 - lavu 58.25.100 - avutil.h
   Make AV_TIME_BASE_Q compatible with C++.
 
-2023-09-xx - xxxxxxxxxx - lavf 60 - avformat.h
+2023-09-18 - 85e075587dc - lavf 60 - avformat.h
   Deprecate AVFMT_FLAG_SHORTEST without replacement.
 
-2023-09-07 - xxxxxxxxxx - lavu 58.24.100 - imgutils.h
+2023-09-07 - 423b6a7e493 - lavu 58.24.100 - imgutils.h
   Add av_image_copy2(), a wrapper around the av_image_copy()
   to overcome limitations of automatic conversions.
 
-2023-09-07 - xxxxxxxxxx - lavu 58.23.100 - fifo.h
+2023-09-07 - 5094d1f429e - lavu 58.23.100 - fifo.h
   Constify the AVFifo pointees in av_fifo_peek() and av_fifo_peek_to_cb().
 
-2023-09-07 - xxxxxxxxxx - lavu 58.22.100 - audio_fifo.h
+2023-09-07 - fa4bf5793a0 - lavu 58.22.100 - audio_fifo.h
   Constify some pointees in av_audio_fifo_write(), av_audio_fifo_read(),
   av_audio_fifo_peek() and av_audio_fifo_peek_at().
 
-2023-09-07 - xxxxxxxxxx - lavu 58.21.100 - samplefmt.h
+2023-09-07 - 9bf31f60960 - lavu 58.21.100 - samplefmt.h
   Constify some pointees in av_samples_copy() and av_samples_set_silence().
 
-2023-09-07 - xxxxxxxxxx - lavu 58.20.100 - imgutils.h
+2023-09-07 - 41285890e03 - lavu 58.20.100 - imgutils.h
   Constify some pointees in av_image_copy(), av_image_copy_uc_from() and
   av_image_fill_black().
 
-2023-09-07 - xxxxxxxxxx - lavf 60.12.100 - avio.h
+2023-09-07 - 2a68d945cd7 - lavf 60.12.100 - avio.h
   Constify the buffer pointees in the write_packet and write_data_type
   callbacks of AVIOContext on the next major bump.
 
-2023-09-07 - xxxxxxxxxx - lavc 60.26.100 - defs.h
+2023-09-07 - 8238bc0b5e3 - lavc 60.26.100 - defs.h
   Add AV_PROFILE_* and AV_LEVEL_* replacements in defs.h for the
   defines from avcodec.h. The latter are deprecated.
 
-2023-09-06 - xxxxxxxxxx - lavc 60.25.101 - avcodec.h
+2023-09-06 - b6627a57f41 - lavc 60.25.101 - avcodec.h
   AVCodecContext.rc_buffer_size may now be set by decoders.
 
-2023-09-02 - xxxxxxxxxx - lavu 58.19.100 - executor.h
+2023-09-02 - 25ecc94d58f - lavu 58.19.100 - executor.h
   Add AVExecutor API
 
-2023-09-xx - xxxxxxxxxx - lavc 60.25.100 - avfft.h
+2023-09-01 - 139e54911c8 - lavc 60.25.100 - avfft.h
   The entire header will be deprecated and removed in two major bumps.
   For a replacement to av_dct, av_rdft, av_fft and av_mdct, use
   the new API from libavutil/tx.h.
 
-2023-07-xx - xxxxxxxxxx - lavu 58.18.100 - tx.h
+2023-09-01 - 11e22730e1e - lavu 58.18.100 - tx.h
   Add AV_TX_REAL_TO_REAL and AV_TX_REAL_TO_IMAGINARY
 
-2023-08-18 - xxxxxxxxxx - lavu 58.17.100 - channel_layout.h
+2023-08-18 - ff094f5ebbd - lavu 58.17.100 - channel_layout.h
   All AV_CHANNEL_LAYOUT_* macros are now compatible with C++ 17 and older.
 
-2023-08-08 - xxxxxxxxxx - lavu 58.15.100 - video_hint.h
+2023-08-08 - 5012b4ab4ca - lavu 58.15.100 - video_hint.h
   Add AVVideoHint API.
 
-2023-07-xx - xxxxxxxxxx - lavc 60 - avcodec.h
+2023-08-08 - 5012b4ab4ca - lavc 60 - avcodec.h
   Deprecate AV_CODEC_FLAG_DROPCHANGED without replacement.
 
-2023-07-05 - xxxxxxxxxx - lavu 58.14.100 - random_seed.h
+2023-07-05 - d694c25b44c - lavu 58.14.100 - random_seed.h
   Add av_random_bytes()
 
-2023-05-29 - xxxxxxxxxx - lavc 60.16.100 - avcodec.h codec_id.h
+2023-05-29 - 637afea88ed - lavc 60.16.100 - avcodec.h codec_id.h
   Add AV_CODEC_ID_EVC, FF_PROFILE_EVC_BASELINE, and FF_PROFILE_EVC_MAIN.
 
-2023-05-29 - xxxxxxxxxx - lavu 58.12.100 - mathematics.h
+2023-05-29 - 75918016ab1 - lavu 58.12.100 - mathematics.h
   Add av_bessel_i0()
 
-2023-05-xx - xxxxxxxxxx - lavc 60.15.100 - avcodec.h
+2023-05-29 - f3795e18574 - lavc 60.15.100 - avcodec.h
   Add AVHWAccel.update_thread_context, AVHWAccel.free_frame_priv,
   AVHWAccel.flush.
 
-2023-05-xx - xxxxxxxxxx - lavu 58.11.100 - hwcontext_vulkan.h
+2023-05-29 - db1d0227812 - lavu 58.11.100 - hwcontext_vulkan.h
   Add AVVulkanDeviceContext.lock_queue, AVVulkanDeviceContext.unlock_queue,
   AVVulkanFramesContext.format, AVVulkanFramesContext.lock_frame,
   AVVulkanFramesContext.unlock_frame, AVVkFrame.queue_family.
   Deprecate AV_VK_FRAME_FLAG_CONTIGUOUS_MEMORY (use multiplane images instead).
 
-2023-05-xx - xxxxxxxxxx - lavu 58.10.100 - pixfmt.h
+2023-05-29 - bef86ba86cc - lavu 58.10.100 - pixfmt.h
   Add AV_PIX_FMT_P212BE, AV_PIX_FMT_P212LE, AV_PIX_FMT_P412BE,
   AV_PIX_FMT_P412LE.
 
-2023-05-xx - xxxxxxxxxx - lavu 58.8.100 - frame.h
+2023-05-18 - 01d444c077e - lavu 58.8.100 - frame.h
   Add av_frame_replace().
 
-2023-05-xx - xxxxxxxxxx - lavu 58 - frame.h
+2023-05-18 - 63767b79a57 - lavu 58 - frame.h
   Deprecate AVFrame.palette_has_changed without replacement.
 
-2023-05-xx - xxxxxxxxxx - lavc 60 - avcodec.h
+2023-05-15 - 7d1d61cc5f5 - lavc 60 - avcodec.h
   Depreate AVCodecContext.ticks_per_frame in favor of
   AVCodecContext.framerate (encoding) and
   AV_CODEC_PROP_FIELDS (decoding).
 
-2023-05-xx - xxxxxxxxxx - lavc 60.12.100 - codec_desc.h
+2023-05-15 - 70433abf7fb - lavc 60.12.100 - codec_desc.h
   Add AV_CODEC_PROP_FIELDS.
 
-2023-05-xx - xxxxxxxxxx - lavc 60 - codec.h
+2023-05-15 - 8b20d0dcb5c - lavc 60 - codec.h
   Depreate AV_CODEC_CAP_SUBFRAMES without replacement.
 
-2023-05-xx - xxxxxxxxxx - lavc 60.11.100 - codec_par.h
+2023-05-07 - c2ae8e30b7f - lavc 60.11.100 - codec_par.h
   Add AVCodecParameters.framerate.
 
-2023-05-04 - xxxxxxxxxx - lavu 58.7.100 - frame.h
+2023-05-04 - 0fc9c1f6828 - lavu 58.7.100 - frame.h
   Deprecate AVFrame.interlaced_frame, AVFrame.top_field_first, and
   AVFrame.key_frame.
   Add AV_FRAME_FLAG_INTERLACED, AV_FRAME_FLAG_TOP_FIELD_FIRST, and
   AV_FRAME_FLAG_KEY flags as replacement.
 
-2023-04-10 - xxxxxxxxxx - lavu 58.6.100 - frame.h
+2023-04-10 - 4eaaa38d3df - lavu 58.6.100 - frame.h
   av_frame_get_plane_buffer() now accepts const AVFrame*.
 
-2023-04-04 - xxxxxxxxxx - lavu 58.6.100 - hdr_dynamic_metadata.h
+2023-04-04 - 61b27b15fc9 - lavu 58.6.100 - hdr_dynamic_metadata.h
   Add AV_HDR_PLUS_MAX_PAYLOAD_SIZE.
   av_dynamic_hdr_plus_create_side_data() now accepts a user provided
   buffer.
 
-2023-03-xx - xxxxxxxxxx - lavfi 9.5.100 - avfilter.h
+2023-03-24 - 632c3499319 - lavfi 9.5.100 - avfilter.h
   Add AVFILTER_FLAG_HWDEVICE.
 
-2023-03-21 - xxxxxxxxxx - lavu 58.5.100 - hdr_dynamic_metadata.h
+2023-03-21 - 0a3ce5f7384 - lavu 58.5.100 - hdr_dynamic_metadata.h
   Add av_dynamic_hdr_plus_from_t35() and av_dynamic_hdr_plus_to_t35()
   functions to convert between raw T.35 payloads containing dynamic
   HDR10+ metadata and their parsed representations as AVDynamicHDRPlus.
 
-2023-03-17 - xxxxxxxxxx - lavu 58.4.100 - hdr_dynamic_vivid_metadata.h
+2023-03-17 - 3be46ee7672 - lavu 58.4.100 - hdr_dynamic_vivid_metadata.h
   Add two group of three spline params.
   Deprecate previous define which only supports one group of params.
 
-2023-03-02 - xxxxxxxxxx - lavc 60.6.100 - avcodec.h
+2023-03-02 - 373ef1c4fae - lavc 60.6.100 - avcodec.h
   Add FF_PROFILE_EAC3_DDP_ATMOS, FF_PROFILE_TRUEHD_ATMOS,
   FF_PROFILE_DTS_HD_MA_X and FF_PROFILE_DTS_HD_MA_X_IMAX.
 
-2023-02-25 - xxxxxxxxxx - lavc 60.5.100 - avcodec.h
+2023-02-25 - f4593775436 - lavc 60.5.100 - avcodec.h
   Add FF_PROFILE_HEVC_SCC.
 
 -------- 8< --------- FFmpeg 6.0 was cut here -------- 8< ---------

doc/Doxyfile

@@ -38,7 +38,7 @@ PROJECT_NAME           = FFmpeg
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         =
+PROJECT_NUMBER         = 6.1.2
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

doc/decoders.texi

@@ -391,7 +391,7 @@ Specifies the encoding scheme of input subtitle text.
 
 @table @samp
 @item auto
-Automatically detect text encoding.
+Automatically detect text encoding (default).
 @item jis
 8bit-char JIS encoding defined in ARIB STD B24.
 This encoding used in Japan for ISDB captions.
@@ -403,9 +403,6 @@ Latin character encoding defined in ABNT NBR 15606-1.
 This encoding is used in South America for SBTVD / ISDB-Tb captions.
 @end table
 
-The default is @dfn{ass} as same as @dfn{libaribb24} decoder.
-Some present players (e.g., @dfn{mpv}) expect ASS format for ARIB caption.
-
 @item -font @var{font_name[,font_name2,...]}
 Specify comma-separated list of font family names to be used for @dfn{bitmap}
 or @dfn{ass} type subtitle rendering.
@@ -427,12 +424,6 @@ If your player cannot handle AVSubtitles with multiple ASS rectangles properly,
 set this option to @var{true} or define @env{ASS_SINGLE_RECT=1} to change
 default behavior at compilation.
 
-@item -replace_fullwidth_ascii @var{boolean}
-Specify whether to replace MSZ (Middle Size, half width) fullwidth
-alphanumerics with halfwidth alphanumerics.
-
-The default is @var{true}.
-
 @item -force_outline_text @var{boolean}
 Specify whether always render outline text for all characters regardless of
 the indication by charactor style.
@@ -459,6 +450,28 @@ Specify whether to render replaced DRCS characters as Unicode characters.
 
 The default is @var{true}.
 
+@item -replace_msz_ascii @var{boolean}
+Specify whether to replace MSZ (Middle Size; half width) fullwidth
+alphanumerics with halfwidth alphanumerics.
+
+The default is @var{true}.
+
+@item -replace_msz_japanese @var{boolean}
+Specify whether to replace some MSZ (Middle Size; half width) fullwidth
+japanese special characters with halfwidth ones.
+
+The default is @var{true}.
+
+@item -replace_msz_glyph @var{boolean}
+Specify whether to replace MSZ (Middle Size; half width) characters
+with halfwidth glyphs if the fonts supports it.
+This option works under FreeType or DirectWrite renderer
+with Adobe-Japan1 compliant fonts.
+e.g., IBM Plex Sans JP, Morisawa BIZ UDGothic, Morisawa BIZ UDMincho,
+Yu Gothic, Yu Mincho, and Meiryo.
+
+The default is @var{true}.
+
 @item -canvas_size @var{image_size}
 Specify the resolution of the canvas to render subtitles to; usually, this
 should be frame size of input video.

doc/demuxers.texi

@@ -405,6 +405,13 @@ prefer to use #EXT-X-START if it's in playlist instead of live_start_index.
 @item allowed_extensions
 ',' separated list of file extensions that hls is allowed to access.
 
+@item extension_picky
+This blocks disallowed extensions from probing
+It also requires all available segments to have matching extensions to the format
+except mpegts, which is always allowed.
+It is recommended to set the whitelists correctly instead of depending on extensions
+Enabled by default.
+
 @item max_reload
 Maximum number of times a insufficient list is attempted to be reloaded.
 Default value is 1000.

doc/developer.texi

@@ -396,6 +396,10 @@ If you apply a patch, send an
 answer to ffmpeg-devel (or wherever you got the patch from) saying that
 you applied the patch.
 
+@subheading Credit any researchers
+If a commit/patch fixes an issues found by some researcher, always credit the
+researcher in the commit message for finding/reporting the issue.
+
 @subheading Always wait long enough before pushing changes
 Do NOT commit to code actively maintained by others without permission.
 Send a patch to ffmpeg-devel. If no one answers within a reasonable
@@ -640,6 +644,11 @@ patch is inline or attached per mail.
 You can check @url{https://patchwork.ffmpeg.org}, if your patch does not show up, its mime type
 likely was wrong.
 
+@subheading How to setup git send-email?
+
+Please see @url{https://git-send-email.io/}.
+For gmail additionally see @url{https://shallowsky.com/blog/tech/email/gmail-app-passwds.html}.
+
 @subheading Sending patches from email clients
 Using @code{git send-email} might not be desirable for everyone. The
 following trick allows to send patches via email clients in a safe
@@ -924,6 +933,25 @@ In case you need finer control over how valgrind is invoked, use the
 @code{--target-exec='valgrind <your_custom_valgrind_options>} option in
 your configure line instead.
 
+@anchor{Maintenance}
+@chapter Maintenance process
+
+@anchor{MAINTAINERS}
+@section MAINTAINERS
+
+The developers maintaining each part of the codebase are listed in @file{MAINTAINERS}.
+Being listed in @file{MAINTAINERS}, gives one the right to have git write access to
+the specific repository.
+
+@anchor{Becoming a maintainer}
+@section Becoming a maintainer
+
+People add themselves to @file{MAINTAINERS} by sending a patch like any other code
+change. These get reviewed by the community like any other patch. It is expected
+that, if someone has an objection to a new maintainer, she is willing to object
+in public with her full name and is willing to take over maintainership for the area.
+
+
 @anchor{Release process}
 @chapter Release process
 

doc/examples/demux_decode.c

@@ -138,11 +138,9 @@ static int decode_packet(AVCodecContext *dec, const AVPacket *pkt)
             ret = output_audio_frame(frame);
 
         av_frame_unref(frame);
-        if (ret < 0)
-            return ret;
     }
 
-    return 0;
+    return ret;
 }
 
 static int open_codec_context(int *stream_idx,

doc/examples/mux.c

@@ -347,8 +347,7 @@ static int write_audio_frame(AVFormatContext *oc, OutputStream *ost)
     if (frame) {
         /* convert samples from native format to destination codec format, using the resampler */
         /* compute destination number of samples */
-        dst_nb_samples = av_rescale_rnd(swr_get_delay(ost->swr_ctx, c->sample_rate) + frame->nb_samples,
-                                        c->sample_rate, c->sample_rate, AV_ROUND_UP);
+        dst_nb_samples = swr_get_delay(ost->swr_ctx, c->sample_rate) + frame->nb_samples;
         av_assert0(dst_nb_samples == frame->nb_samples);
 
         /* when we pass a frame to the encoder, it may keep a reference to it

doc/examples/qsv_transcode.c

@@ -75,8 +75,7 @@ static int str_to_dict(char* optstr, AVDictionary **opt)
         if (value == NULL)
             return AVERROR(ENAVAIL);
         av_dict_set(opt, key, value, 0);
-    } while(key != NULL);
-    return 0;
+    } while(1);
 }
 
 static int dynamic_set_parameter(AVCodecContext *avctx)
@@ -334,17 +333,15 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec, char *optstr)
 
 fail:
         av_frame_free(&frame);
-        if (ret < 0)
-            return ret;
     }
-    return 0;
+    return ret;
 }
 
 int main(int argc, char **argv)
 {
     const AVCodec *enc_codec;
     int ret = 0;
-    AVPacket *dec_pkt;
+    AVPacket *dec_pkt = NULL;
 
     if (argc < 5 || (argc - 5) % 2) {
         av_log(NULL, AV_LOG_ERROR, "Usage: %s <input file> <encoder> <output file>"

doc/examples/vaapi_encode.c

@@ -88,6 +88,10 @@ static int encode_write(AVCodecContext *avctx, AVFrame *frame, FILE *fout)
         enc_pkt->stream_index = 0;
         ret = fwrite(enc_pkt->data, enc_pkt->size, 1, fout);
         av_packet_unref(enc_pkt);
+        if (ret != enc_pkt->size) {
+            ret = AVERROR(errno);
+            break;
+        }
     }
 
 end:

doc/examples/vaapi_transcode.c

@@ -215,10 +215,8 @@ static int dec_enc(AVPacket *pkt, const AVCodec *enc_codec)
 
 fail:
         av_frame_free(&frame);
-        if (ret < 0)
-            return ret;
     }
-    return 0;
+    return ret;
 }
 
 int main(int argc, char **argv)

doc/fate_config.sh.template

@@ -1,5 +1,5 @@
 slot=                                    # some unique identifier
-repo=git://source.ffmpeg.org/ffmpeg.git  # the source repository
+repo=https://git.ffmpeg.org/ffmpeg.git   # the source repository
 #branch=release/2.6                       # the branch to test
 samples=                                 # path to samples directory
 workdir=                                 # directory in which to do all the work

doc/git-howto.texi

@@ -143,7 +143,7 @@ git log <filename(s)>
 @end example
 
 You may also use the graphical tools like @command{gitview} or @command{gitk}
-or the web interface available at @url{http://source.ffmpeg.org/}.
+or the web interface available at @url{https://git.ffmpeg.org/ffmpeg.git}.
 
 @section Checking source tree status
 

doc/t2h.pm

@@ -20,8 +20,45 @@
 # License along with FFmpeg; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
+# Texinfo 7.0 changed the syntax of various functions.
+# Provide a shim for older versions.
+sub ff_set_from_init_file($$) {
+    my $key = shift;
+    my $value = shift;
+    if (exists &{'texinfo_set_from_init_file'}) {
+        texinfo_set_from_init_file($key, $value);
+    } else {
+        set_from_init_file($key, $value);
+    }
+}
+
+sub ff_get_conf($) {
+    my $key = shift;
+    if (exists &{'texinfo_get_conf'}) {
+        texinfo_get_conf($key);
+    } else {
+        get_conf($key);
+    }
+}
+
+sub get_formatting_function($$) {
+    my $obj = shift;
+    my $func = shift;
+
+    my $sub = $obj->can('formatting_function');
+    if ($sub) {
+        return $obj->formatting_function($func);
+    } else {
+        return $obj->{$func};
+    }
+}
+
+# determine texinfo version
+my $program_version_num = version->declare(ff_get_conf('PACKAGE_VERSION'))->numify;
+my $program_version_6_8 = $program_version_num >= 6.008000;
+
 # no navigation elements
-set_from_init_file('HEADERS', 0);
+ff_set_from_init_file('HEADERS', 0);
 
 sub ffmpeg_heading_command($$$$$)
 {
@@ -55,7 +92,7 @@ sub ffmpeg_heading_command($$$$$)
         $element = $command->{'parent'};
     }
     if ($element) {
-        $result .= &{$self->{'format_element_header'}}($self, $cmdname,
+        $result .= &{get_formatting_function($self, 'format_element_header')}($self, $cmdname,
                                                        $command, $element);
     }
 
@@ -112,7 +149,11 @@ sub ffmpeg_heading_command($$$$$)
                 $cmdname
                     = $Texinfo::Common::level_to_structuring_command{$cmdname}->[$heading_level];
             }
-            $result .= &{$self->{'format_heading_text'}}(
+            # format_heading_text expects an array of headings for texinfo >= 7.0
+            if ($program_version_num >= 7.000000) {
+                $heading = [$heading];
+            }
+            $result .= &{get_formatting_function($self,'format_heading_text')}(
                         $self, $cmdname, $heading,
                         $heading_level +
                         $self->get_conf('CHAPTER_HEADER_LEVEL') - 1, $command);
@@ -126,23 +167,19 @@ foreach my $command (keys(%Texinfo::Common::sectioning_commands), 'node') {
     texinfo_register_command_formatting($command, \&ffmpeg_heading_command);
 }
 
-# determine if texinfo is at least version 6.8
-my $program_version_num = version->declare(get_conf('PACKAGE_VERSION'))->numify;
-my $program_version_6_8 = $program_version_num >= 6.008000;
-
 # print the TOC where @contents is used
 if ($program_version_6_8) {
-    set_from_init_file('CONTENTS_OUTPUT_LOCATION', 'inline');
+    ff_set_from_init_file('CONTENTS_OUTPUT_LOCATION', 'inline');
 } else {
-    set_from_init_file('INLINE_CONTENTS', 1);
+    ff_set_from_init_file('INLINE_CONTENTS', 1);
 }
 
 # make chapters <h2>
-set_from_init_file('CHAPTER_HEADER_LEVEL', 2);
+ff_set_from_init_file('CHAPTER_HEADER_LEVEL', 2);
 
 # Do not add <hr>
-set_from_init_file('DEFAULT_RULE', '');
-set_from_init_file('BIG_RULE', '');
+ff_set_from_init_file('DEFAULT_RULE', '');
+ff_set_from_init_file('BIG_RULE', '');
 
 # Customized file beginning
 sub ffmpeg_begin_file($$$)
@@ -159,7 +196,18 @@ sub ffmpeg_begin_file($$$)
     my ($title, $description, $encoding, $date, $css_lines,
         $doctype, $bodytext, $copying_comment, $after_body_open,
         $extra_head, $program_and_version, $program_homepage,
-        $program, $generator) = $self->_file_header_informations($command);
+        $program, $generator);
+    if ($program_version_num >= 7.000000) {
+        ($title, $description, $encoding, $date, $css_lines,
+         $doctype, $bodytext, $copying_comment, $after_body_open,
+         $extra_head, $program_and_version, $program_homepage,
+         $program, $generator) = $self->_file_header_information($command);
+    } else {
+        ($title, $description, $encoding, $date, $css_lines,
+         $doctype, $bodytext, $copying_comment, $after_body_open,
+         $extra_head, $program_and_version, $program_homepage,
+         $program, $generator) = $self->_file_header_informations($command);
+    }
 
     my $links = $self->_get_links ($filename, $element);
 
@@ -223,7 +271,7 @@ if ($program_version_6_8) {
 sub ffmpeg_end_file($)
 {
     my $self = shift;
-    my $program_string = &{$self->{'format_program_string'}}($self);
+    my $program_string = &{get_formatting_function($self,'format_program_string')}($self);
     my $program_text = <<EOT;
       <p style="font-size: small;">
         $program_string
@@ -244,7 +292,7 @@ if ($program_version_6_8) {
 
 # Dummy title command
 # Ignore title. Title is handled through ffmpeg_begin_file().
-set_from_init_file('USE_TITLEPAGE_FOR_TITLE', 1);
+ff_set_from_init_file('USE_TITLEPAGE_FOR_TITLE', 1);
 sub ffmpeg_title($$$$)
 {
     return '';
@@ -262,8 +310,14 @@ sub ffmpeg_float($$$$$)
     my $args = shift;
     my $content = shift;
 
-    my ($caption, $prepended) = Texinfo::Common::float_name_caption($self,
-                                                                $command);
+    my ($caption, $prepended);
+    if ($program_version_num >= 7.000000) {
+        ($caption, $prepended) = Texinfo::Convert::Converter::float_name_caption($self,
+                                                                                 $command);
+    } else {
+        ($caption, $prepended) = Texinfo::Common::float_name_caption($self,
+                                                                     $command);
+    }
     my $caption_text = '';
     my $prepended_text;
     my $prepended_save = '';
@@ -335,8 +389,13 @@ sub ffmpeg_float($$$$$)
             $caption->{'args'}->[0], 'float caption');
     }
     if ($prepended_text.$caption_text ne '') {
-        $prepended_text = $self->_attribute_class('div','float-caption'). '>'
-                . $prepended_text;
+        if ($program_version_num >= 7.000000) {
+            $prepended_text = $self->html_attribute_class('div',['float-caption']). '>'
+                    . $prepended_text;
+        } else {
+            $prepended_text = $self->_attribute_class('div','float-caption'). '>'
+                    . $prepended_text;
+        }
         $caption_text .= '</div>';
     }
     my $html_class = '';
@@ -349,8 +408,13 @@ sub ffmpeg_float($$$$$)
         $prepended_text = '';
         $caption_text   = '';
     }
-    return $self->_attribute_class('div', $html_class). '>' . "\n" .
-        $prepended_text . $caption_text . $content . '</div>';
+    if ($program_version_num >= 7.000000) {
+        return $self->html_attribute_class('div', [$html_class]). '>' . "\n" .
+            $prepended_text . $caption_text . $content . '</div>';
+    } else {
+        return $self->_attribute_class('div', $html_class). '>' . "\n" .
+            $prepended_text . $caption_text . $content . '</div>';
+    }
 }
 
 texinfo_register_command_formatting('float',

ffbuild/arch.mak

@@ -15,6 +15,7 @@ OBJS-$(HAVE_LASX)      += $(LASX-OBJS)       $(LASX-OBJS-yes)
 OBJS-$(HAVE_ALTIVEC) += $(ALTIVEC-OBJS) $(ALTIVEC-OBJS-yes)
 OBJS-$(HAVE_VSX)     += $(VSX-OBJS) $(VSX-OBJS-yes)
 
+OBJS-$(HAVE_RV)      += $(RV-OBJS)      $(RV-OBJS-yes)
 OBJS-$(HAVE_RVV)     += $(RVV-OBJS)     $(RVV-OBJS-yes)
 
 OBJS-$(HAVE_MMX)     += $(MMX-OBJS)     $(MMX-OBJS-yes)

fftools/cmdutils.c

@@ -512,7 +512,7 @@ static const AVOption *opt_find(void *obj, const char *name, const char *unit,
     return o;
 }
 
-#define FLAGS (o->type == AV_OPT_TYPE_FLAGS && (arg[0]=='-' || arg[0]=='+')) ? AV_DICT_APPEND : 0
+#define FLAGS ((o->type == AV_OPT_TYPE_FLAGS && (arg[0]=='-' || arg[0]=='+')) ? AV_DICT_APPEND : 0)
 int opt_default(void *optctx, const char *opt, const char *arg)
 {
     const AVOption *o;

fftools/ffmpeg.c

@@ -325,8 +325,9 @@ static int read_key(void)
         }
         //Read it
         if(nchars != 0) {
-            read(0, &ch, 1);
-            return ch;
+            if (read(0, &ch, 1) == 1)
+                return ch;
+            return 0;
         }else{
             return -1;
         }

fftools/ffmpeg.h

@@ -883,11 +883,12 @@ void update_benchmark(const char *fmt, ...);
 /**
  * Merge two return codes - return one of the error codes if at least one of
  * them was negative, 0 otherwise.
- * Currently just picks the first one, eventually we might want to do something
- * more sophisticated, like sorting them by priority.
  */
 static inline int err_merge(int err0, int err1)
 {
+    // prefer "real" errors over EOF
+    if ((err0 >= 0 || err0 == AVERROR_EOF) && err1 < 0)
+        return err1;
     return (err0 < 0) ? err0 : FFMIN(err1, 0);
 }
 

fftools/ffmpeg_demux.c

@@ -1363,6 +1363,8 @@ int ifile_open(const OptionsContext *o, const char *filename)
     char *    data_codec_name = NULL;
     int scan_all_pmts_set = 0;
 
+    int64_t use_wallclock_as_timestamps;
+
     int64_t start_time     = o->start_time;
     int64_t start_time_eof = o->start_time_eof;
     int64_t stop_time      = o->stop_time;
@@ -1595,6 +1597,12 @@ int ifile_open(const OptionsContext *o, const char *filename)
     d->nb_streams_warn = ic->nb_streams;
 
     f->format_nots = !!(ic->iformat->flags & AVFMT_NOTIMESTAMPS);
+    ret = av_opt_get_int(ic, "use_wallclock_as_timestamps", 0, &use_wallclock_as_timestamps);
+    if (ret < 0)
+        return ret;
+
+    if (use_wallclock_as_timestamps)
+        f->format_nots = 0;
 
     f->readrate = o->readrate ? o->readrate : 0.0;
     if (f->readrate < 0.0f) {

fftools/ffmpeg_enc.c

@@ -490,9 +490,9 @@ void enc_stats_write(OutputStream *ost, EncStats *es,
     AVRational  tbi = (AVRational){ 0, 1};
     int64_t    ptsi = INT64_MAX;
 
-    const FrameData *fd;
+    const FrameData *fd = NULL;
 
-    if ((frame && frame->opaque_ref) || (pkt && pkt->opaque_ref)) {
+    if (frame ? frame->opaque_ref : pkt->opaque_ref) {
         fd   = (const FrameData*)(frame ? frame->opaque_ref->data : pkt->opaque_ref->data);
         tbi  = fd->dec.tb;
         ptsi = fd->dec.pts;

fftools/ffmpeg_mux_init.c

@@ -2182,11 +2182,11 @@ static int copy_metadata(Muxer *mux, AVFormatContext *ic,
     if (ret < 0)
         return ret;
 
-    if (type_in == 'g' || type_out == 'g' || !*outspec)
+    if (type_in == 'g' || type_out == 'g' || (!*outspec && !ic))
         *metadata_global_manual = 1;
-    if (type_in == 's' || type_out == 's' || !*outspec)
+    if (type_in == 's' || type_out == 's' || (!*outspec && !ic))
         *metadata_streams_manual = 1;
-    if (type_in == 'c' || type_out == 'c' || !*outspec)
+    if (type_in == 'c' || type_out == 'c' || (!*outspec && !ic))
         *metadata_chapters_manual = 1;
 
     /* ic is NULL when just disabling automatic mappings */

fftools/ffplay.c

@@ -1999,6 +1999,8 @@ static int configure_audio_filters(VideoState *is, const char *afilters, int for
         goto end;
 
     if (force_output_format) {
+        av_bprint_clear(&bp);
+        av_channel_layout_describe_bprint(&is->audio_tgt.ch_layout, &bp);
         sample_rates   [0] = is->audio_tgt.freq;
         if ((ret = av_opt_set_int(filt_asink, "all_channel_counts", 0, AV_OPT_SEARCH_CHILDREN)) < 0)
             goto end;
@@ -2351,12 +2353,13 @@ static int audio_decode_frame(VideoState *is)
         av_channel_layout_compare(&af->frame->ch_layout, &is->audio_src.ch_layout) ||
         af->frame->sample_rate   != is->audio_src.freq           ||
         (wanted_nb_samples       != af->frame->nb_samples && !is->swr_ctx)) {
+        int ret;
         swr_free(&is->swr_ctx);
-        swr_alloc_set_opts2(&is->swr_ctx,
+        ret = swr_alloc_set_opts2(&is->swr_ctx,
                             &is->audio_tgt.ch_layout, is->audio_tgt.fmt, is->audio_tgt.freq,
                             &af->frame->ch_layout, af->frame->format, af->frame->sample_rate,
                             0, NULL);
-        if (!is->swr_ctx || swr_init(is->swr_ctx) < 0) {
+        if (ret < 0 || swr_init(is->swr_ctx) < 0) {
             av_log(NULL, AV_LOG_ERROR,
                    "Cannot create sample rate converter for conversion of %d Hz %s %d channels to %d Hz %s %d channels!\n",
                     af->frame->sample_rate, av_get_sample_fmt_name(af->frame->format), af->frame->ch_layout.nb_channels,

fftools/opt_common.c

@@ -724,10 +724,13 @@ int show_codecs(void *optctx, const char *opt, const char *arg)
     return 0;
 }
 
-static void print_codecs(int encoder)
+static int print_codecs(int encoder)
 {
     const AVCodecDescriptor **codecs;
-    unsigned i, nb_codecs = get_codecs_sorted(&codecs);
+    int i, nb_codecs = get_codecs_sorted(&codecs);
+
+    if (nb_codecs < 0)
+        return nb_codecs;
 
     printf("%s:\n"
            " V..... = Video\n"
@@ -762,18 +765,17 @@ static void print_codecs(int encoder)
         }
     }
     av_free(codecs);
+    return 0;
 }
 
 int show_decoders(void *optctx, const char *opt, const char *arg)
 {
-    print_codecs(0);
-    return 0;
+    return print_codecs(0);
 }
 
 int show_encoders(void *optctx, const char *opt, const char *arg)
 {
-    print_codecs(1);
-    return 0;
+    return print_codecs(1);
 }
 
 int show_bsfs(void *optctx, const char *opt, const char *arg)

libavcodec/4xm.c

@@ -887,6 +887,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *picture,
         }
 
         if (i >= CFRAME_BUFFER_COUNT) {
+            if (free_index < 0)
+                return AVERROR_INVALIDDATA;
             i             = free_index;
             f->cfrm[i].id = id;
         }

libavcodec/8bps.c

@@ -61,7 +61,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
     unsigned int planes = c->planes;
     int ret;
 
-    if (buf_size < planes * height * 2)
+    if (buf_size < planes * height * (2 + 2*((avctx->width+128)/129)))
         return AVERROR_INVALIDDATA;
 
     if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)

libavcodec/Makefile

@@ -993,7 +993,7 @@ OBJS-$(CONFIG_AV1_DXVA2_HWACCEL)          += dxva2_av1.o
 OBJS-$(CONFIG_AV1_NVDEC_HWACCEL)          += nvdec_av1.o
 OBJS-$(CONFIG_AV1_VAAPI_HWACCEL)          += vaapi_av1.o
 OBJS-$(CONFIG_AV1_VDPAU_HWACCEL)          += vdpau_av1.o
-OBJS-$(CONFIG_AV1_VULKAN_HWACCEL)         += vulkan_av1.o
+OBJS-$(CONFIG_AV1_VULKAN_HWACCEL)         += vulkan_decode.o vulkan_av1.o
 OBJS-$(CONFIG_H263_VAAPI_HWACCEL)         += vaapi_mpeg4.o
 OBJS-$(CONFIG_H263_VIDEOTOOLBOX_HWACCEL)  += videotoolbox.o
 OBJS-$(CONFIG_H264_D3D11VA_HWACCEL)       += dxva2_h264.o
@@ -1284,7 +1284,7 @@ SKIPHEADERS                            += %_tablegen.h                  \
                                           aacenc_quantization.h         \
                                           aacenc_quantization_misc.h    \
                                           bitstream_template.h          \
-                                          vulkan_video_codec_av1std.h   \
+                                          vulkan_video_codec_av1std_mesa.h \
                                           $(ARCH)/vpx_arith.h          \
 
 SKIPHEADERS-$(CONFIG_AMF)              += amfenc.h
@@ -1306,7 +1306,7 @@ SKIPHEADERS-$(CONFIG_XVMC)             += xvmc.h
 SKIPHEADERS-$(CONFIG_VAAPI)            += vaapi_decode.h vaapi_hevc.h vaapi_encode.h
 SKIPHEADERS-$(CONFIG_VDPAU)            += vdpau.h vdpau_internal.h
 SKIPHEADERS-$(CONFIG_VIDEOTOOLBOX)     += videotoolbox.h vt_internal.h
-SKIPHEADERS-$(CONFIG_VULKAN)           += vulkan.h vulkan_video.h vulkan_decode.h vulkan_video_codec_av1std_decode.h
+SKIPHEADERS-$(CONFIG_VULKAN)           += vulkan.h vulkan_video.h vulkan_decode.h vulkan_video_codec_av1std_decode_mesa.h
 SKIPHEADERS-$(CONFIG_V4L2_M2M)         += v4l2_buffers.h v4l2_context.h v4l2_m2m.h
 SKIPHEADERS-$(CONFIG_ZLIB)             += zlib_wrapper.h
 

libavcodec/aacsbr_template.c

@@ -607,6 +607,7 @@ static int sbr_make_f_derived(AACContext *ac, SpectralBandReplication *sbr)
 
     if (sbr->n_q > 5) {
         av_log(ac->avctx, AV_LOG_ERROR, "Too many noise floor scale factors: %d\n", sbr->n_q);
+        sbr->n_q = 1;
         return -1;
     }
 

libavcodec/aarch64/h264pred_neon.S

@@ -502,28 +502,27 @@ function ff_pred16x16_plane_neon_10, export=1
         add             v7.4h,  v7.4h,  v0.4h
         shl             v2.4h,  v7.4h,  #4
         ssubl           v2.4s,  v2.4h,  v3.4h
-        shl             v3.4h,  v4.4h,  #4
         ext             v0.16b, v0.16b, v0.16b, #14
-        ssubl           v6.4s,  v5.4h,  v3.4h
+        sxtl            v6.4s,  v5.4h          // c
 
         mov             v0.h[0],  wzr
         mul             v0.8h,  v0.8h,  v4.h[0]
         dup             v16.4s, v2.s[0]
         dup             v17.4s, v2.s[0]
-        dup             v2.8h,  v4.h[0]
-        dup             v3.4s,  v6.s[0]
-        shl             v2.8h,  v2.8h,  #3
+        dup             v2.8h,  v4.h[0]        // b
+        dup             v3.4s,  v6.s[0]        // c
+        sshll           v2.4s,  v2.4h,  #3     // b * 8
         saddw           v16.4s, v16.4s, v0.4h
         saddw2          v17.4s, v17.4s, v0.8h
-        saddw           v3.4s,  v3.4s,  v2.4h
+        sub             v3.4s,  v3.4s,  v2.4s
 
         mov             w3,      #16
         mvni            v4.8h,   #0xFC, lsl #8 // 1023 for clipping
 1:
         sqshrun         v0.4h,  v16.4s, #5
         sqshrun2        v0.8h,  v17.4s, #5
-        saddw           v16.4s, v16.4s, v2.4h
-        saddw           v17.4s, v17.4s, v2.4h
+        add             v16.4s, v16.4s, v2.4s
+        add             v17.4s, v17.4s, v2.4s
         sqshrun         v1.4h,  v16.4s, #5
         sqshrun2        v1.8h,  v17.4s, #5
         add             v16.4s, v16.4s, v3.4s
@@ -595,12 +594,11 @@ function ff_pred8x8_plane_neon_10, export=1
         ssubl           v2.4s,  v2.4h,  v3.4h
         ext             v0.16b, v0.16b, v0.16b, #14
         mov             v0.h[0],  wzr
-        mul             v0.8h,  v0.8h,  v5.h[0]
         dup             v1.4s,  v2.s[0]
         dup             v2.4s,  v2.s[0]
         dup             v3.8h,  v5.h[1]
-        saddw           v1.4s,  v1.4s,  v0.4h
-        saddw2          v2.4s,  v2.4s,  v0.8h
+        smlal           v1.4s,  v0.4h,  v5.h[0]
+        smlal2          v2.4s,  v0.8h,  v5.h[0]
         mov             w3,  #8
         mvni            v4.8h,  #0xFC,  lsl #8 // 1023 for clipping
 1:

libavcodec/aarch64/vp9mc_neon.S

@@ -230,6 +230,9 @@ function \type\()_8tap_\size\()h_\idx1\idx2
         // reduced dst stride
 .if \size >= 16
         sub             x1,  x1,  x5
+.elseif \size == 4
+        add             x12, x2,  #8
+        add             x13, x7,  #8
 .endif
         // size >= 16 loads two qwords and increments x2,
         // for size 4/8 it's enough with one qword and no
@@ -248,9 +251,14 @@ function \type\()_8tap_\size\()h_\idx1\idx2
 .if \size >= 16
         ld1             {v4.8b,  v5.8b,  v6.8b},  [x2], #24
         ld1             {v16.8b, v17.8b, v18.8b}, [x7], #24
-.else
+.elseif \size == 8
         ld1             {v4.8b,  v5.8b},  [x2]
         ld1             {v16.8b, v17.8b}, [x7]
+.else // \size == 4
+        ld1             {v4.8b},  [x2]
+        ld1             {v16.8b}, [x7]
+        ld1             {v5.s}[0],  [x12], x3
+        ld1             {v17.s}[0], [x13], x3
 .endif
         uxtl            v4.8h,  v4.8b
         uxtl            v5.8h,  v5.8b

libavcodec/ac3_parser.c

@@ -204,7 +204,9 @@ int av_ac3_parse_header(const uint8_t *buf, size_t size,
     AC3HeaderInfo hdr;
     int err;
 
-    init_get_bits8(&gb, buf, size);
+    err = init_get_bits8(&gb, buf, size);
+    if (err < 0)
+        return AVERROR_INVALIDDATA;
     err = ff_ac3_parse_header(&gb, &hdr);
     if (err < 0)
         return AVERROR_INVALIDDATA;

libavcodec/aic.c

@@ -466,8 +466,7 @@ static av_cold int aic_decode_init(AVCodecContext *avctx)
         }
     }
 
-    ctx->slice_data = av_malloc_array(ctx->slice_width, AIC_BAND_COEFFS
-                                * sizeof(*ctx->slice_data));
+    ctx->slice_data = av_calloc(ctx->slice_width, AIC_BAND_COEFFS * sizeof(*ctx->slice_data));
     if (!ctx->slice_data) {
         av_log(avctx, AV_LOG_ERROR, "Error allocating slice buffer\n");
 

libavcodec/alsdec.c

@@ -2110,9 +2110,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
 
     if (sconf->floating) {
         ctx->acf               = av_malloc_array(channels, sizeof(*ctx->acf));
-        ctx->shift_value       = av_malloc_array(channels, sizeof(*ctx->shift_value));
-        ctx->last_shift_value  = av_malloc_array(channels, sizeof(*ctx->last_shift_value));
-        ctx->last_acf_mantissa = av_malloc_array(channels, sizeof(*ctx->last_acf_mantissa));
+        ctx->shift_value       = av_calloc(channels, sizeof(*ctx->shift_value));
+        ctx->last_shift_value  = av_calloc(channels, sizeof(*ctx->last_shift_value));
+        ctx->last_acf_mantissa = av_calloc(channels, sizeof(*ctx->last_acf_mantissa));
         ctx->raw_mantissa      = av_calloc(channels, sizeof(*ctx->raw_mantissa));
 
         ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, sizeof(*ctx->larray));

libavcodec/amrwbdec.c

@@ -26,6 +26,7 @@
 
 #include "config.h"
 
+#include "libavutil/avassert.h"
 #include "libavutil/channel_layout.h"
 #include "libavutil/common.h"
 #include "libavutil/lfg.h"
@@ -554,6 +555,8 @@ static void decode_fixed_vector(float *fixed_vector, const uint16_t *pulse_hi,
             decode_6p_track(sig_pos[i], (int) pulse_lo[i] +
                            ((int) pulse_hi[i] << 11), 4, 1);
         break;
+    default:
+        av_assert2(0);
     }
 
     memset(fixed_vector, 0, sizeof(float) * AMRWB_SFR_SIZE);

libavcodec/apac.c

@@ -130,7 +130,7 @@ static int apac_decode(AVCodecContext *avctx, AVFrame *frame,
     APACContext *s = avctx->priv_data;
     GetBitContext *gb = &s->gb;
     int ret, n, buf_size, input_buf_size;
-    const uint8_t *buf;
+    uint8_t *buf;
     int nb_samples;
 
     if (!pkt->size && s->bitstream_size <= 0) {
@@ -160,6 +160,7 @@ static int apac_decode(AVCodecContext *avctx, AVFrame *frame,
     buf                = &s->bitstream[s->bitstream_index];
     buf_size          += s->bitstream_size;
     s->bitstream_size  = buf_size;
+    memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
 
     frame->nb_samples = s->bitstream_size * 16 * 8;
     if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)

libavcodec/apedec.c

@@ -1284,9 +1284,9 @@ static void predictor_decode_stereo_3950(APEContext *ctx, int count)
             *decoded1++ = a1;
             if (num_passes > 1) {
                 int32_t left  = a1 - (unsigned)(a0 / 2);
-                int32_t right = left + a0;
+                int32_t right = left + (unsigned)a0;
 
-                if (FFMAX(FFABS(left), FFABS(right)) > (1<<23)) {
+                if (FFMIN(FFNABS(left), FFNABS(right)) < -(1<<23)) {
                     ctx->interim_mode = !interim_mode;
                     av_log(ctx->avctx, AV_LOG_VERBOSE, "Interim mode: %d\n", ctx->interim_mode);
                     break;

libavcodec/arm/mlpdsp_armv5te.S

@@ -229,7 +229,7 @@ A .endif
   .endif
 
         // Begin loop
-01:
+1:
   .if TOTAL_TAPS == 0
         // Things simplify a lot in this case
         // In fact this could be pipelined further if it's worth it...
@@ -241,7 +241,7 @@ A .endif
         str     ST0, [PST, #-4]!
         str     ST0, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
         str     ST0, [PSAMP], #4 * MAX_CHANNELS
-        bne     01b
+        bne     1b
   .else
     .if \fir_taps & 1
       .set LOAD_REG, 1
@@ -333,7 +333,7 @@ T       orr     AC0, AC0, AC1
         str     ST3, [PST, #-4]!
         str     ST2, [PST, #4 * (MAX_BLOCKSIZE + MAX_FIR_ORDER)]
         str     ST3, [PSAMP], #4 * MAX_CHANNELS
-        bne     01b
+        bne     1b
   .endif
         b       99f
 

libavcodec/arm/vp9mc_neon.S

@@ -279,11 +279,13 @@ function \type\()_8tap_\size\()h_\idx1\idx2
         sub             r1,  r1,  r5
 .endif
         @ size >= 16 loads two qwords and increments r2,
-        @ for size 4/8 it's enough with one qword and no
-        @ postincrement
+        @ size 4 loads 1 d word, increments r2 and loads 1 32-bit lane
+        @ for size 8 it's enough with one qword and no postincrement
 .if \size >= 16
         sub             r3,  r3,  r5
         sub             r3,  r3,  #8
+.elseif \size == 4
+        sub             r3,  r3,  #8
 .endif
         @ Load the filter vector
         vld1.16         {q0},  [r12,:128]
@@ -295,9 +297,14 @@ function \type\()_8tap_\size\()h_\idx1\idx2
 .if \size >= 16
         vld1.8          {d18, d19, d20}, [r2]!
         vld1.8          {d24, d25, d26}, [r7]!
-.else
+.elseif \size == 8
         vld1.8          {q9},  [r2]
         vld1.8          {q12}, [r7]
+.else @ size == 4
+        vld1.8          {d18}, [r2]!
+        vld1.8          {d24}, [r7]!
+        vld1.32         {d19[0]}, [r2]
+        vld1.32         {d25[0]}, [r7]
 .endif
         vmovl.u8        q8,  d18
         vmovl.u8        q9,  d19

libavcodec/atrac9dec.c

@@ -801,7 +801,9 @@ static int atrac9_decode_frame(AVCodecContext *avctx, AVFrame *frame,
     if (ret < 0)
         return ret;
 
-    init_get_bits8(&gb, avpkt->data, avpkt->size);
+    ret = init_get_bits8(&gb, avpkt->data, avpkt->size);
+    if (ret < 0)
+        return ret;
 
     for (int i = 0; i < frames; i++) {
         for (int j = 0; j < s->block_config->count; j++) {
@@ -923,7 +925,9 @@ static av_cold int atrac9_decode_init(AVCodecContext *avctx)
         return AVERROR_INVALIDDATA;
     }
 
-    init_get_bits8(&gb, avctx->extradata + 4, avctx->extradata_size);
+    err = init_get_bits8(&gb, avctx->extradata + 4, avctx->extradata_size);
+    if (err < 0)
+        return err;
 
     if (get_bits(&gb, 8) != 0xFE) {
         av_log(avctx, AV_LOG_ERROR, "Incorrect magic byte!\n");

libavcodec/av1dec.c

@@ -177,7 +177,7 @@ static uint8_t get_shear_params_valid(AV1DecContext *s, int idx)
     int16_t alpha, beta, gamma, delta, divf, divs;
     int64_t v, w;
     int32_t *param = &s->cur_frame.gm_params[idx][0];
-    if (param[2] < 0)
+    if (param[2] <= 0)
         return 0;
 
     alpha = av_clip_int16(param[2] - (1 << AV1_WARPEDMODEL_PREC_BITS));
@@ -443,7 +443,7 @@ static int get_tiles_info(AVCodecContext *avctx, const AV1RawTileGroup *tile_gro
 static enum AVPixelFormat get_sw_pixel_format(void *logctx,
                                               const AV1RawSequenceHeader *seq)
 {
-    uint8_t bit_depth;
+    int bit_depth;
     enum AVPixelFormat pix_fmt = AV_PIX_FMT_NONE;
 
     if (seq->seq_profile == 2 && seq->color_config.high_bitdepth)
@@ -467,7 +467,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
             else if (bit_depth == 12)
                 pix_fmt = AV_PIX_FMT_YUV444P12;
             else
-                av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+                av_assert0(0);
         } else if (seq->color_config.subsampling_x == 1 &&
                    seq->color_config.subsampling_y == 0) {
             if (bit_depth == 8)
@@ -477,7 +477,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
             else if (bit_depth == 12)
                 pix_fmt = AV_PIX_FMT_YUV422P12;
             else
-                av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+                av_assert0(0);
         } else if (seq->color_config.subsampling_x == 1 &&
                    seq->color_config.subsampling_y == 1) {
             if (bit_depth == 8)
@@ -487,7 +487,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
             else if (bit_depth == 12)
                 pix_fmt = AV_PIX_FMT_YUV420P12;
             else
-                av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+                av_assert0(0);
         }
     } else {
         if (bit_depth == 8)
@@ -497,7 +497,7 @@ static enum AVPixelFormat get_sw_pixel_format(void *logctx,
         else if (bit_depth == 12)
             pix_fmt = AV_PIX_FMT_GRAY12;
         else
-            av_log(logctx, AV_LOG_WARNING, "Unknown AV1 pixel format.\n");
+            av_assert0(0);
     }
 
     return pix_fmt;
@@ -736,7 +736,7 @@ static int set_context_with_sequence(AVCodecContext *avctx,
     avctx->color_range =
         seq->color_config.color_range ? AVCOL_RANGE_JPEG : AVCOL_RANGE_MPEG;
     avctx->color_primaries = seq->color_config.color_primaries;
-    avctx->colorspace = seq->color_config.color_primaries;
+    avctx->colorspace = seq->color_config.matrix_coefficients;
     avctx->color_trc = seq->color_config.transfer_characteristics;
 
     switch (seq->color_config.chroma_sample_position) {

libavcodec/avcodec.h

@@ -1190,6 +1190,10 @@ typedef struct AVCodecContext {
      *   this callback and filled with the extra buffers if there are more
      *   buffers than buf[] can hold. extended_buf will be freed in
      *   av_frame_unref().
+     *   Decoders will generally initialize the whole buffer before it is output
+     *   but it can in rare error conditions happen that uninitialized data is passed
+     *   through. \important The buffers returned by get_buffer* should thus not contain sensitive
+     *   data.
      *
      * If AV_CODEC_CAP_DR1 is not set then get_buffer2() must call
      * avcodec_default_get_buffer2() instead of providing buffers allocated by

libavcodec/avfft.c

@@ -46,7 +46,7 @@ FFTContext *av_fft_init(int nbits, int inverse)
 {
     int ret;
     float scale = 1.0f;
-    AVTXWrapper *s = av_malloc(sizeof(*s));
+    AVTXWrapper *s = av_mallocz(sizeof(*s));
     if (!s)
         return NULL;
 
@@ -85,7 +85,7 @@ FFTContext *av_mdct_init(int nbits, int inverse, double scale)
 {
     int ret;
     float scale_f = scale;
-    AVTXWrapper *s = av_malloc(sizeof(*s));
+    AVTXWrapper *s = av_mallocz(sizeof(*s));
     if (!s)
         return NULL;
 
@@ -130,6 +130,7 @@ av_cold void av_mdct_end(FFTContext *s)
 {
     if (s) {
         AVTXWrapper *w = (AVTXWrapper *)s;
+        av_tx_uninit(&w->ctx2);
         av_tx_uninit(&w->ctx);
         av_free(w);
     }
@@ -146,12 +147,12 @@ RDFTContext *av_rdft_init(int nbits, enum RDFTransformType trans)
     if (trans != IDFT_C2R && trans != DFT_R2C)
         return NULL;
 
-    s = av_malloc(sizeof(*s));
+    s = av_mallocz(sizeof(*s));
     if (!s)
         return NULL;
 
     ret = av_tx_init(&s->ctx, &s->fn, AV_TX_FLOAT_RDFT, trans == IDFT_C2R,
-                     1 << nbits, &scale, AV_TX_INPLACE);
+                     1 << nbits, &scale, 0x0);
     if (ret < 0) {
         av_free(s);
         return NULL;
@@ -161,17 +162,35 @@ RDFTContext *av_rdft_init(int nbits, enum RDFTransformType trans)
     s->len = 1 << nbits;
     s->inv = trans == IDFT_C2R;
 
+    s->tmp = av_malloc((s->len + 2)*sizeof(float));
+    if (!s->tmp) {
+        av_tx_uninit(&s->ctx);
+        av_free(s);
+        return NULL;
+    }
+
     return (RDFTContext *)s;
 }
 
 void av_rdft_calc(RDFTContext *s, FFTSample *data)
 {
     AVTXWrapper *w = (AVTXWrapper *)s;
-    if (w->inv)
-        FFSWAP(float, data[1], data[w->len]);
-    w->fn(w->ctx, data, (void *)data, w->stride);
-    if (!w->inv)
-        FFSWAP(float, data[1], data[w->len]);
+    float *src = w->inv ? w->tmp : (float *)data;
+    float *dst = w->inv ? (float *)data : w->tmp;
+
+    if (w->inv) {
+        memcpy(src, data, w->len*sizeof(float));
+
+        src[w->len] = src[1];
+        src[1] = 0.0f;
+    }
+
+    w->fn(w->ctx, dst, (void *)src, w->stride);
+
+    if (!w->inv) {
+        dst[1] = dst[w->len];
+        memcpy(data, dst, w->len*sizeof(float));
+    }
 }
 
 av_cold void av_rdft_end(RDFTContext *s)
@@ -179,6 +198,7 @@ av_cold void av_rdft_end(RDFTContext *s)
     if (s) {
         AVTXWrapper *w = (AVTXWrapper *)s;
         av_tx_uninit(&w->ctx);
+        av_free(w->tmp);
         av_free(w);
     }
 }
@@ -199,7 +219,7 @@ DCTContext *av_dct_init(int nbits, enum DCTTransformType inverse)
         [DST_I] = AV_TX_FLOAT_DST_I,
     };
 
-    AVTXWrapper *s = av_malloc(sizeof(*s));
+    AVTXWrapper *s = av_mallocz(sizeof(*s));
     if (!s)
         return NULL;
 

libavcodec/avs2_parser.c

@@ -72,13 +72,15 @@ static void parse_avs2_seq_header(AVCodecParserContext *s, const uint8_t *buf,
     unsigned aspect_ratio;
     unsigned frame_rate_code;
     int low_delay;
+    av_unused int ret;
     // update buf_size_min if parse more deeper
     const int buf_size_min = 15;
 
     if (buf_size < buf_size_min)
         return;
 
-    init_get_bits8(&gb, buf, buf_size_min);
+    ret = init_get_bits8(&gb, buf, buf_size_min);
+    av_assert1(ret >= 0);
 
     s->key_frame = 1;
     s->pict_type = AV_PICTURE_TYPE_I;

libavcodec/avs3_parser.c

@@ -73,7 +73,8 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf,
             GetBitContext gb;
             int profile, ratecode, low_delay;
 
-            init_get_bits8(&gb, buf + 4, buf_size - 4);
+            av_unused int ret = init_get_bits(&gb, buf + 4, 100);
+            av_assert1(ret >= 0);
 
             s->key_frame = 1;
             s->pict_type = AV_PICTURE_TYPE_I;

libavcodec/cbs_av1.c

@@ -36,7 +36,7 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
     CBS_TRACE_READ_START();
 
     zeroes = 0;
-    while (1) {
+    while (zeroes < 32) {
         if (get_bits_left(gbc) < 1) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
                    "%s: bitstream ended.\n", name);
@@ -49,10 +49,18 @@ static int cbs_av1_read_uvlc(CodedBitstreamContext *ctx, GetBitContext *gbc,
     }
 
     if (zeroes >= 32) {
-        // Note that the spec allows an arbitrarily large number of
-        // zero bits followed by a one bit in this case, but the
-        // libaom implementation does not support it.
-        value = MAX_UINT_BITS(32);
+        // The spec allows at least thirty-two zero bits followed by a
+        // one to mean 2^32-1, with no constraint on the number of
+        // zeroes.  The libaom reference decoder does not match this,
+        // instead reading thirty-two zeroes but not the following one
+        // to mean 2^32-1.  These two interpretations are incompatible
+        // and other implementations may follow one or the other.
+        // Therefore we reject thirty-two zeroes because the intended
+        // behaviour is not clear.
+        av_log(ctx->log_ctx, AV_LOG_ERROR, "Thirty-two zero bits in "
+               "%s uvlc code: considered invalid due to conflicting "
+               "standard and reference decoder behaviour.\n", name);
+        return AVERROR_INVALIDDATA;
     } else {
         if (get_bits_left(gbc) < zeroes) {
             av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid uvlc code at "
@@ -301,7 +309,7 @@ static int cbs_av1_write_increment(CodedBitstreamContext *ctx, PutBitContext *pb
         return AVERROR(ENOSPC);
 
     if (len > 0)
-        put_bits(pbc, len, (1 << len) - 1 - (value != range_max));
+        put_bits(pbc, len, (1U << len) - 1 - (value != range_max));
 
     CBS_TRACE_WRITE_END_NO_SUBSCRIPTS();
 

libavcodec/cbs_h2645.c

@@ -235,6 +235,16 @@ static int cbs_h265_payload_extension_present(GetBitContext *gbc, uint32_t paylo
 #define FUNC_H266(name) FUNC_NAME1(READWRITE, h266, name)
 #define FUNC_SEI(name)  FUNC_NAME1(READWRITE, sei,  name)
 
+#define SEI_FUNC(name, args) \
+static int FUNC(name) args;  \
+static int FUNC(name ## _internal)(CodedBitstreamContext *ctx, \
+                                   RWContext *rw, void *cur,   \
+                                   SEIMessageState *state)     \
+{ \
+    return FUNC(name)(ctx, rw, cur, state); \
+} \
+static int FUNC(name) args
+
 #define SUBSCRIPTS(subs, ...) (subs > 0 ? ((int[subs + 1]){ subs, __VA_ARGS__ }) : NULL)
 
 #define u(width, name, range_min, range_max) \
@@ -698,7 +708,11 @@ static int cbs_h2645_split_fragment(CodedBitstreamContext *ctx,
 
             start = bytestream2_tell(&gbc);
             for(i = 0; i < num_nalus; i++) {
+                if (bytestream2_get_bytes_left(&gbc) < 2)
+                    return AVERROR_INVALIDDATA;
                 size = bytestream2_get_be16(&gbc);
+                if (bytestream2_get_bytes_left(&gbc) < size)
+                    return AVERROR_INVALIDDATA;
                 bytestream2_skip(&gbc, size);
             }
             end = bytestream2_tell(&gbc);
@@ -1989,7 +2003,17 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h266_unit_types[] = {
     CBS_UNIT_TYPE_INTERNAL_REF(VVC_DCI_NUT, H266RawDCI, extension_data.data),
     CBS_UNIT_TYPE_INTERNAL_REF(VVC_OPI_NUT, H266RawOPI, extension_data.data),
     CBS_UNIT_TYPE_INTERNAL_REF(VVC_VPS_NUT, H266RawVPS, extension_data.data),
-    CBS_UNIT_TYPE_INTERNAL_REF(VVC_SPS_NUT, H266RawSPS, extension_data.data),
+    {
+        .nb_unit_types     = 1,
+        .unit_type.list[0] = VVC_SPS_NUT,
+        .content_type      = CBS_CONTENT_TYPE_INTERNAL_REFS,
+        .content_size      = sizeof(H266RawSPS),
+        .type.ref          = {
+            .nb_offsets = 2,
+            .offsets    = { offsetof(H266RawSPS, extension_data.data),
+                            offsetof(H266RawSPS, vui.extension_data.data) }
+        },
+    },
     CBS_UNIT_TYPE_INTERNAL_REF(VVC_PPS_NUT, H266RawPPS, extension_data.data),
     CBS_UNIT_TYPE_INTERNAL_REF(VVC_PREFIX_APS_NUT, H266RawAPS, extension_data.data),
     CBS_UNIT_TYPE_INTERNAL_REF(VVC_SUFFIX_APS_NUT, H266RawAPS, extension_data.data),
@@ -2059,6 +2083,11 @@ const CodedBitstreamType ff_cbs_type_h266 = {
     .close             = &cbs_h266_close,
 };
 
+// Macro for the read/write pair.
+#define SEI_MESSAGE_RW(codec, name) \
+    .read  = cbs_ ## codec ## _read_  ## name ## _internal, \
+    .write = cbs_ ## codec ## _write_ ## name ## _internal
+
 static const SEIMessageTypeDescriptor cbs_sei_common_types[] = {
     {
         SEI_TYPE_FILLER_PAYLOAD,

libavcodec/cbs_h264_syntax_template.c

@@ -510,9 +510,9 @@ static int FUNC(pps)(CodedBitstreamContext *ctx, RWContext *rw,
     return 0;
 }
 
-static int FUNC(sei_buffering_period)(CodedBitstreamContext *ctx, RWContext *rw,
-                                      H264RawSEIBufferingPeriod *current,
-                                      SEIMessageState *sei)
+SEI_FUNC(sei_buffering_period, (CodedBitstreamContext *ctx, RWContext *rw,
+                                H264RawSEIBufferingPeriod *current,
+                                SEIMessageState *sei))
 {
     CodedBitstreamH264Context *h264 = ctx->priv_data;
     const H264RawSPS *sps;
@@ -604,9 +604,8 @@ static int FUNC(sei_pic_timestamp)(CodedBitstreamContext *ctx, RWContext *rw,
     return 0;
 }
 
-static int FUNC(sei_pic_timing)(CodedBitstreamContext *ctx, RWContext *rw,
-                                H264RawSEIPicTiming *current,
-                                SEIMessageState *sei)
+SEI_FUNC(sei_pic_timing, (CodedBitstreamContext *ctx, RWContext *rw,
+                          H264RawSEIPicTiming *current, SEIMessageState *sei))
 {
     CodedBitstreamH264Context *h264 = ctx->priv_data;
     const H264RawSPS *sps;
@@ -676,9 +675,9 @@ static int FUNC(sei_pic_timing)(CodedBitstreamContext *ctx, RWContext *rw,
     return 0;
 }
 
-static int FUNC(sei_pan_scan_rect)(CodedBitstreamContext *ctx, RWContext *rw,
-                                   H264RawSEIPanScanRect *current,
-                                   SEIMessageState *sei)
+SEI_FUNC(sei_pan_scan_rect, (CodedBitstreamContext *ctx, RWContext *rw,
+                             H264RawSEIPanScanRect *current,
+                             SEIMessageState *sei))
 {
     int err, i;
 
@@ -703,9 +702,9 @@ static int FUNC(sei_pan_scan_rect)(CodedBitstreamContext *ctx, RWContext *rw,
     return 0;
 }
 
-static int FUNC(sei_recovery_point)(CodedBitstreamContext *ctx, RWContext *rw,
-                                    H264RawSEIRecoveryPoint *current,
-                                    SEIMessageState *sei)
+SEI_FUNC(sei_recovery_point, (CodedBitstreamContext *ctx, RWContext *rw,
+                              H264RawSEIRecoveryPoint *current,
+                              SEIMessageState *sei))
 {
     int err;
 
@@ -719,9 +718,9 @@ static int FUNC(sei_recovery_point)(CodedBitstreamContext *ctx, RWContext *rw,
     return 0;
 }
 
-static int FUNC(film_grain_characteristics)(CodedBitstreamContext *ctx, RWContext *rw,
-                                            H264RawFilmGrainCharacteristics *current,
-                                            SEIMessageState *state)
+SEI_FUNC(film_grain_characteristics, (CodedBitstreamContext *ctx, RWContext *rw,
+                                      H264RawFilmGrainCharacteristics *current,
+                                      SEIMessageState *state))
 {
     CodedBitstreamH264Context *h264 = ctx->priv_data;
     const H264RawSPS *sps;
@@ -802,9 +801,9 @@ static int FUNC(film_grain_characteristics)(CodedBitstreamContext *ctx, RWContex
     return 0;
 }
 
-static int FUNC(sei_display_orientation)(CodedBitstreamContext *ctx, RWContext *rw,
-                                         H264RawSEIDisplayOrientation *current,
-                                         SEIMessageState *sei)
+SEI_FUNC(sei_display_orientation, (CodedBitstreamContext *ctx, RWContext *rw,
+                                   H264RawSEIDisplayOrientation *current,
+                                   SEIMessageState *sei))
 {
     int err;
 

libavcodec/cbs_h265_syntax_template.c

@@ -1618,9 +1618,9 @@ static int FUNC(slice_segment_header)(CodedBitstreamContext *ctx, RWContext *rw,
     return 0;
 }
 
-static int FUNC(sei_buffering_period)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIBufferingPeriod *current, SEIMessageState *sei)
+SEI_FUNC(sei_buffering_period, (CodedBitstreamContext *ctx, RWContext *rw,
+                                H265RawSEIBufferingPeriod *current,
+                                SEIMessageState *sei))
 {
     CodedBitstreamH265Context *h265 = ctx->priv_data;
     const H265RawSPS *sps;
@@ -1728,9 +1728,8 @@ static int FUNC(sei_buffering_period)
     return 0;
 }
 
-static int FUNC(sei_pic_timing)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIPicTiming *current, SEIMessageState *sei)
+SEI_FUNC(sei_pic_timing, (CodedBitstreamContext *ctx, RWContext *rw,
+                          H265RawSEIPicTiming *current, SEIMessageState *sei))
 {
     CodedBitstreamH265Context *h265 = ctx->priv_data;
     const H265RawSPS *sps;
@@ -1804,9 +1803,9 @@ static int FUNC(sei_pic_timing)
     return 0;
 }
 
-static int FUNC(sei_pan_scan_rect)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIPanScanRect *current, SEIMessageState *sei)
+SEI_FUNC(sei_pan_scan_rect, (CodedBitstreamContext *ctx, RWContext *rw,
+                             H265RawSEIPanScanRect *current,
+                             SEIMessageState *sei))
 {
     int err, i;
 
@@ -1831,9 +1830,9 @@ static int FUNC(sei_pan_scan_rect)
     return 0;
 }
 
-static int FUNC(sei_recovery_point)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIRecoveryPoint *current, SEIMessageState *sei)
+SEI_FUNC(sei_recovery_point, (CodedBitstreamContext *ctx, RWContext *rw,
+                              H265RawSEIRecoveryPoint *current,
+                              SEIMessageState *sei))
 {
     int err;
 
@@ -1847,9 +1846,9 @@ static int FUNC(sei_recovery_point)
     return 0;
 }
 
-static int FUNC(film_grain_characteristics)(CodedBitstreamContext *ctx, RWContext *rw,
-                                            H265RawFilmGrainCharacteristics *current,
-                                            SEIMessageState *state)
+SEI_FUNC(film_grain_characteristics, (CodedBitstreamContext *ctx, RWContext *rw,
+                                      H265RawFilmGrainCharacteristics *current,
+                                      SEIMessageState *state))
 {
     CodedBitstreamH265Context *h265 = ctx->priv_data;
     const H265RawSPS *sps = h265->active_sps;
@@ -1912,9 +1911,9 @@ static int FUNC(film_grain_characteristics)(CodedBitstreamContext *ctx, RWContex
     return 0;
 }
 
-static int FUNC(sei_display_orientation)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIDisplayOrientation *current, SEIMessageState *sei)
+SEI_FUNC(sei_display_orientation, (CodedBitstreamContext *ctx, RWContext *rw,
+                                   H265RawSEIDisplayOrientation *current,
+                                   SEIMessageState *sei))
 {
     int err;
 
@@ -1931,9 +1930,9 @@ static int FUNC(sei_display_orientation)
     return 0;
 }
 
-static int FUNC(sei_active_parameter_sets)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIActiveParameterSets *current, SEIMessageState *sei)
+SEI_FUNC(sei_active_parameter_sets, (CodedBitstreamContext *ctx, RWContext *rw,
+                                     H265RawSEIActiveParameterSets *current,
+                                     SEIMessageState *sei))
 {
     CodedBitstreamH265Context *h265 = ctx->priv_data;
     const H265RawVPS *vps;
@@ -1968,9 +1967,9 @@ static int FUNC(sei_active_parameter_sets)
     return 0;
 }
 
-static int FUNC(sei_decoded_picture_hash)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIDecodedPictureHash *current, SEIMessageState *sei)
+SEI_FUNC(sei_decoded_picture_hash, (CodedBitstreamContext *ctx, RWContext *rw,
+                                    H265RawSEIDecodedPictureHash *current,
+                                    SEIMessageState *sei))
 {
     CodedBitstreamH265Context *h265 = ctx->priv_data;
     const H265RawSPS *sps = h265->active_sps;
@@ -2000,9 +1999,8 @@ static int FUNC(sei_decoded_picture_hash)
     return 0;
 }
 
-static int FUNC(sei_time_code)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEITimeCode *current, SEIMessageState *sei)
+SEI_FUNC(sei_time_code, (CodedBitstreamContext *ctx, RWContext *rw,
+                         H265RawSEITimeCode *current, SEIMessageState *sei))
 {
     int err, i;
 
@@ -2051,9 +2049,9 @@ static int FUNC(sei_time_code)
     return 0;
 }
 
-static int FUNC(sei_alpha_channel_info)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     H265RawSEIAlphaChannelInfo *current, SEIMessageState *sei)
+SEI_FUNC(sei_alpha_channel_info, (CodedBitstreamContext *ctx, RWContext *rw,
+                                  H265RawSEIAlphaChannelInfo *current,
+                                  SEIMessageState *sei))
 {
     int err, length;
 

libavcodec/cbs_h266_syntax_template.c

@@ -902,16 +902,17 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, RWContext *rw,
                        current->vps_ols_mode_idc == 1) {
                 num_layers_in_ols = i + 1;
             } else if (current->vps_ols_mode_idc == 2) {
-                for (k = 0, j = 0; k <= current->vps_max_layers_minus1; k++) {
+                for (k = 0, j = 0; k <= current->vps_max_layers_minus1; k++)
                     if (layer_included_in_ols_flag[i][k])
                         j++;
-                    num_layers_in_ols = j;
-                }
+                num_layers_in_ols = j;
             }
             if (num_layers_in_ols > 1) {
                 num_multi_layer_olss++;
             }
         }
+        if (!current->vps_each_layer_is_an_ols_flag && num_multi_layer_olss == 0)
+            return AVERROR_INVALIDDATA;
     }
 
     for (i = 0; i <= current->vps_num_ptls_minus1; i++) {
@@ -1129,7 +1130,7 @@ static int FUNC(sps)(CodedBitstreamContext *ctx, RWContext *rw,
 
     flag(sps_subpic_info_present_flag);
     if (current->sps_subpic_info_present_flag) {
-        ue(sps_num_subpics_minus1, 1, VVC_MAX_SLICES - 1);
+        ue(sps_num_subpics_minus1, 0, VVC_MAX_SLICES - 1);
         if (current->sps_num_subpics_minus1 > 0) {
             flag(sps_independent_subpics_flag);
             flag(sps_subpic_same_size_flag);
@@ -1212,30 +1213,30 @@ static int FUNC(sps)(CodedBitstreamContext *ctx, RWContext *rw,
                     infer(sps_loop_filter_across_subpic_enabled_flag[i], 0);
                 }
             }
-            ue(sps_subpic_id_len_minus1, 0, 15);
-            if ((1 << (current->sps_subpic_id_len_minus1 + 1)) <
-                current->sps_num_subpics_minus1 + 1) {
-                av_log(ctx->log_ctx, AV_LOG_ERROR,
-                       "sps_subpic_id_len_minus1(%d) is too small\n",
-                       current->sps_subpic_id_len_minus1);
-                return AVERROR_INVALIDDATA;
-            }
-            flag(sps_subpic_id_mapping_explicitly_signalled_flag);
-            if (current->sps_subpic_id_mapping_explicitly_signalled_flag) {
-                flag(sps_subpic_id_mapping_present_flag);
-                if (current->sps_subpic_id_mapping_present_flag) {
-                    for (i = 0; i <= current->sps_num_subpics_minus1; i++) {
-                        ubs(current->sps_subpic_id_len_minus1 + 1,
-                            sps_subpic_id[i], 1, i);
-                    }
-                }
-            }
         } else {
             infer(sps_subpic_ctu_top_left_x[0], 0);
             infer(sps_subpic_ctu_top_left_y[0], 0);
             infer(sps_subpic_width_minus1[0], tmp_width_val - 1);
             infer(sps_subpic_height_minus1[0], tmp_height_val - 1);
         }
+        ue(sps_subpic_id_len_minus1, 0, 15);
+        if ((1 << (current->sps_subpic_id_len_minus1 + 1)) <
+            current->sps_num_subpics_minus1 + 1) {
+            av_log(ctx->log_ctx, AV_LOG_ERROR,
+                   "sps_subpic_id_len_minus1(%d) is too small\n",
+                   current->sps_subpic_id_len_minus1);
+            return AVERROR_INVALIDDATA;
+        }
+        flag(sps_subpic_id_mapping_explicitly_signalled_flag);
+        if (current->sps_subpic_id_mapping_explicitly_signalled_flag) {
+            flag(sps_subpic_id_mapping_present_flag);
+            if (current->sps_subpic_id_mapping_present_flag) {
+                for (i = 0; i <= current->sps_num_subpics_minus1; i++) {
+                    ubs(current->sps_subpic_id_len_minus1 + 1,
+                        sps_subpic_id[i], 1, i);
+                }
+            }
+        }
     } else {
         infer(sps_num_subpics_minus1, 0);
         infer(sps_independent_subpics_flag, 1);
@@ -1615,6 +1616,8 @@ static int FUNC(sps)(CodedBitstreamContext *ctx, RWContext *rw,
         ub(7, sps_extension_7bits);
 
         if (current->sps_range_extension_flag) {
+            if (current->sps_bitdepth_minus8 <= 10 - 8)
+                return AVERROR_INVALIDDATA;
             CHECK(FUNC(sps_range_extension)(ctx, rw, current));
         } else {
             infer(sps_extended_precision_flag, 0);
@@ -2043,9 +2046,12 @@ static int FUNC(pps) (CodedBitstreamContext *ctx, RWContext *rw,
                 }
                 if (i < current->pps_num_slices_in_pic_minus1) {
                     if (current->pps_tile_idx_delta_present_flag) {
+                        // Two conditions must be met:
+                        // 1. −NumTilesInPic + 1 <= pps_tile_idx_delta_val[i] <= NumTilesInPic − 1
+                        // 2. 0 <= tile_idx + pps_tile_idx_delta_val[i] <= NumTilesInPic − 1
+                        // Combining these conditions yields: -tile_idx <= pps_tile_idx_delta_val[i] <= NumTilesInPic - 1 - tile_idx
                         ses(pps_tile_idx_delta_val[i],
-                            -current->num_tiles_in_pic + 1,
-                            current->num_tiles_in_pic - 1, 1, i);
+                            -tile_idx, current->num_tiles_in_pic - 1 - tile_idx, 1, i);
                         if (current->pps_tile_idx_delta_val[i] == 0) {
                             av_log(ctx->log_ctx, AV_LOG_ERROR,
                                    "pps_tile_idx_delta_val[i] shall not be equal to 0.\n");
@@ -2068,6 +2074,8 @@ static int FUNC(pps) (CodedBitstreamContext *ctx, RWContext *rw,
 
                 tile_x = tile_idx % current->num_tile_columns;
                 tile_y = tile_idx / current->num_tile_columns;
+                if (tile_y >= current->num_tile_rows)
+                    return AVERROR_INVALIDDATA;
 
                 ctu_x = 0, ctu_y = 0;
                 for (j = 0; j < tile_x; j++) {
@@ -2452,6 +2460,7 @@ static int FUNC(scaling_list_data)(CodedBitstreamContext *ctx, RWContext *rw,
 static int FUNC(aps)(CodedBitstreamContext *ctx, RWContext *rw,
                      H266RawAPS *current, int prefix)
 {
+    int aps_id_max = MAX_UINT_BITS(5);
     int err;
 
     if (prefix)
@@ -2464,7 +2473,12 @@ static int FUNC(aps)(CodedBitstreamContext *ctx, RWContext *rw,
                                        : VVC_SUFFIX_APS_NUT));
 
     ub(3, aps_params_type);
-    ub(5, aps_adaptation_parameter_set_id);
+    if (current->aps_params_type == VVC_ASP_TYPE_ALF ||
+        current->aps_params_type == VVC_ASP_TYPE_SCALING)
+        aps_id_max = 7;
+    else if (current->aps_params_type == VVC_ASP_TYPE_LMCS)
+        aps_id_max = 3;
+    u(5, aps_adaptation_parameter_set_id, 0, aps_id_max);
     flag(aps_chroma_present_flag);
     if (current->aps_params_type == VVC_ASP_TYPE_ALF)
         CHECK(FUNC(alf_data)(ctx, rw, current));
@@ -3418,10 +3432,10 @@ static int FUNC(slice_header) (CodedBitstreamContext *ctx, RWContext *rw,
     return 0;
 }
 
-static int FUNC(sei_decoded_picture_hash) (CodedBitstreamContext *ctx,
-                                           RWContext *rw,
-                                           H266RawSEIDecodedPictureHash *
-                                           current)
+SEI_FUNC(sei_decoded_picture_hash, (CodedBitstreamContext *ctx,
+                                    RWContext *rw,
+                                    H266RawSEIDecodedPictureHash *current,
+                                    SEIMessageState *unused))
 {
     int err, c_idx, i;
 

libavcodec/cbs_jpeg.c

@@ -145,13 +145,13 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
             }
         } else {
             i = start;
-            if (i + 2 > frag->data_size) {
+            if (i > frag->data_size - 2) {
                 av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: "
                        "truncated at %02x marker.\n", marker);
                 return AVERROR_INVALIDDATA;
             }
             length = AV_RB16(frag->data + i);
-            if (i + length > frag->data_size) {
+            if (length > frag->data_size - i) {
                 av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: "
                        "truncated at %02x marker segment.\n", marker);
                 return AVERROR_INVALIDDATA;

libavcodec/cbs_sei.h

@@ -126,13 +126,6 @@ typedef struct SEIMessageTypeDescriptor {
     SEIMessageWriteFunction write;
 } SEIMessageTypeDescriptor;
 
-// Macro for the read/write pair.  The clumsy cast is needed because the
-// current pointer is typed in all of the read/write functions but has to
-// be void here to fit all cases.
-#define SEI_MESSAGE_RW(codec, name) \
-    .read  = (SEIMessageReadFunction) cbs_ ## codec ## _read_  ## name, \
-    .write = (SEIMessageWriteFunction)cbs_ ## codec ## _write_ ## name
-
 // End-of-list sentinel element.
 #define SEI_MESSAGE_TYPE_END { .type = -1 }
 

libavcodec/cbs_sei_syntax_template.c

@@ -16,9 +16,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
-static int FUNC(filler_payload)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     SEIRawFillerPayload *current, SEIMessageState *state)
+SEI_FUNC(filler_payload, (CodedBitstreamContext *ctx, RWContext *rw,
+                          SEIRawFillerPayload *current,
+                          SEIMessageState *state))
 {
     int err, i;
 
@@ -34,9 +34,9 @@ static int FUNC(filler_payload)
     return 0;
 }
 
-static int FUNC(user_data_registered)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     SEIRawUserDataRegistered *current, SEIMessageState *state)
+SEI_FUNC(user_data_registered, (CodedBitstreamContext *ctx, RWContext *rw,
+                                SEIRawUserDataRegistered *current,
+                                SEIMessageState *state))
 {
     int err, i, j;
 
@@ -66,9 +66,9 @@ static int FUNC(user_data_registered)
     return 0;
 }
 
-static int FUNC(user_data_unregistered)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     SEIRawUserDataUnregistered *current, SEIMessageState *state)
+SEI_FUNC(user_data_unregistered, (CodedBitstreamContext *ctx, RWContext *rw,
+                                  SEIRawUserDataUnregistered *current,
+                                  SEIMessageState *state))
 {
     int err, i;
 
@@ -94,9 +94,10 @@ static int FUNC(user_data_unregistered)
     return 0;
 }
 
-static int FUNC(mastering_display_colour_volume)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     SEIRawMasteringDisplayColourVolume *current, SEIMessageState *state)
+SEI_FUNC(mastering_display_colour_volume,
+         (CodedBitstreamContext *ctx, RWContext *rw,
+          SEIRawMasteringDisplayColourVolume *current,
+          SEIMessageState *state))
 {
     int err, c;
 
@@ -116,9 +117,9 @@ static int FUNC(mastering_display_colour_volume)
     return 0;
 }
 
-static int FUNC(content_light_level_info)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     SEIRawContentLightLevelInfo *current, SEIMessageState *state)
+SEI_FUNC(content_light_level_info, (CodedBitstreamContext *ctx, RWContext *rw,
+                                    SEIRawContentLightLevelInfo *current,
+                                    SEIMessageState *state))
 {
     int err;
 
@@ -130,10 +131,10 @@ static int FUNC(content_light_level_info)
     return 0;
 }
 
-static int FUNC(alternative_transfer_characteristics)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     SEIRawAlternativeTransferCharacteristics *current,
-     SEIMessageState *state)
+SEI_FUNC(alternative_transfer_characteristics,
+         (CodedBitstreamContext *ctx, RWContext *rw,
+          SEIRawAlternativeTransferCharacteristics *current,
+          SEIMessageState *state))
 {
     int err;
 
@@ -144,10 +145,10 @@ static int FUNC(alternative_transfer_characteristics)
     return 0;
 }
 
-static int FUNC(ambient_viewing_environment)
-    (CodedBitstreamContext *ctx, RWContext *rw,
-     SEIRawAmbientViewingEnvironment *current,
-     SEIMessageState *state)
+SEI_FUNC(ambient_viewing_environment,
+         (CodedBitstreamContext *ctx, RWContext *rw,
+          SEIRawAmbientViewingEnvironment *current,
+          SEIMessageState *state))
 {
     static const uint16_t max_ambient_light_value = 50000;
     int err;

libavcodec/cbs_vp9.c

@@ -375,7 +375,7 @@ static int cbs_vp9_split_fragment(CodedBitstreamContext *ctx,
     superframe_header = frag->data[frag->data_size - 1];
 
     if ((superframe_header & 0xe0) == 0xc0) {
-        VP9RawSuperframeIndex sfi;
+        VP9RawSuperframeIndex sfi = {0};
         GetBitContext gbc;
         size_t index_size, pos;
         int i;

libavcodec/cfhdenc.c

@@ -258,8 +258,8 @@ static av_cold int cfhd_encode_init(AVCodecContext *avctx)
     if (ret < 0)
         return ret;
 
-    if (avctx->height < 4) {
-        av_log(avctx, AV_LOG_ERROR, "Height must be >= 4.\n");
+    if (avctx->height < 32) {
+        av_log(avctx, AV_LOG_ERROR, "Height must be >= 32.\n");
         return AVERROR_INVALIDDATA;
     }
 
@@ -286,7 +286,7 @@ static av_cold int cfhd_encode_init(AVCodecContext *avctx)
         s->plane[i].dwt_buf =
             av_calloc(h8 * 8 * w8 * 8, sizeof(*s->plane[i].dwt_buf));
         s->plane[i].dwt_tmp =
-            av_malloc_array(h8 * 8 * w8 * 8, sizeof(*s->plane[i].dwt_tmp));
+            av_calloc(h8 * 8 * w8 * 8, sizeof(*s->plane[i].dwt_tmp));
         if (!s->plane[i].dwt_buf || !s->plane[i].dwt_tmp)
             return AVERROR(ENOMEM);
 
@@ -553,7 +553,7 @@ static int cfhd_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
                          width, height * 2);
     }
 
-    ret = ff_alloc_packet(avctx, pkt, 256LL + s->planes * (2LL * avctx->width * (avctx->height + 15) + 2048LL));
+    ret = ff_alloc_packet(avctx, pkt, 256LL + s->planes * (4LL * avctx->width * (avctx->height + 15) + 2048LL));
     if (ret < 0)
         return ret;
 
@@ -761,7 +761,6 @@ static int cfhd_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
                         } else if (count > 0) {
                             count = put_runcode(pb, count, rb);
                         }
-
                         put_bits(pb, cb[index].size, cb[index].bits);
                     }
 

libavcodec/cri.c

@@ -235,10 +235,14 @@ static int cri_decode_frame(AVCodecContext *avctx, AVFrame *p,
             s->data_size = length;
             goto skip;
         case 105:
+            if (length <= 0)
+                return AVERROR_INVALIDDATA;
             hflip = bytestream2_get_byte(gb) != 0;
             length--;
             goto skip;
         case 106:
+            if (length <= 0)
+                return AVERROR_INVALIDDATA;
             vflip = bytestream2_get_byte(gb) != 0;
             length--;
             goto skip;

libavcodec/decode.c

@@ -449,7 +449,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
     } else if (avctx->codec->type == AVMEDIA_TYPE_AUDIO) {
         ret =  !got_frame ? AVERROR(EAGAIN)
                           : discard_samples(avctx, frame, discarded_samples);
-    }
+    } else
+        av_assert0(0);
 
     if (ret == AVERROR(EAGAIN))
         av_frame_unref(frame);
@@ -1838,17 +1839,26 @@ int ff_copy_palette(void *dst, const AVPacket *src, void *logctx)
 int ff_hwaccel_frame_priv_alloc(AVCodecContext *avctx, void **hwaccel_picture_private)
 {
     const FFHWAccel *hwaccel = ffhwaccel(avctx->hwaccel);
-    AVHWFramesContext *frames_ctx;
 
     if (!hwaccel || !hwaccel->frame_priv_data_size)
         return 0;
 
     av_assert0(!*hwaccel_picture_private);
 
-    frames_ctx = (AVHWFramesContext *)avctx->hw_frames_ctx->data;
-    *hwaccel_picture_private = ff_refstruct_alloc_ext(hwaccel->frame_priv_data_size, 0,
-                                                      frames_ctx->device_ctx,
-                                                      hwaccel->free_frame_priv);
+    if (hwaccel->free_frame_priv) {
+        AVHWFramesContext *frames_ctx;
+
+        if (!avctx->hw_frames_ctx)
+            return AVERROR(EINVAL);
+
+        frames_ctx = (AVHWFramesContext *) avctx->hw_frames_ctx->data;
+        *hwaccel_picture_private = ff_refstruct_alloc_ext(hwaccel->frame_priv_data_size, 0,
+                                                          frames_ctx->device_ctx,
+                                                          hwaccel->free_frame_priv);
+    } else {
+        *hwaccel_picture_private = ff_refstruct_allocz(hwaccel->frame_priv_data_size);
+    }
+
     if (!*hwaccel_picture_private)
         return AVERROR(ENOMEM);
 

libavcodec/dovi_rpu.c

@@ -149,7 +149,7 @@ static inline uint64_t get_ue_coef(GetBitContext *gb, const AVDOVIRpuDataHeader
 
     case RPU_COEFF_FLOAT:
         fpart.u32 = get_bits_long(gb, 32);
-        return fpart.f32 * (1 << hdr->coef_log2_denom);
+        return fpart.f32 * (1LL << hdr->coef_log2_denom);
     }
 
     return 0; /* unreachable */
@@ -168,7 +168,7 @@ static inline int64_t get_se_coef(GetBitContext *gb, const AVDOVIRpuDataHeader *
 
     case RPU_COEFF_FLOAT:
         fpart.u32 = get_bits_long(gb, 32);
-        return fpart.f32 * (1 << hdr->coef_log2_denom);
+        return fpart.f32 * (1LL << hdr->coef_log2_denom);
     }
 
     return 0; /* unreachable */

libavcodec/dvdsubenc.c

@@ -376,7 +376,8 @@ static int encode_dvd_subtitles(AVCodecContext *avctx,
     x2 = vrect.x + vrect.w - 1;
     y2 = vrect.y + vrect.h - 1;
 
-    if (x2 > avctx->width || y2 > avctx->height) {
+    if ((avctx->width  > 0 && x2 > avctx->width) ||
+        (avctx->height > 0 && y2 > avctx->height)) {
         av_log(avctx, AV_LOG_ERROR, "canvas_size(%d:%d) is too small(%d:%d) for render\n",
                avctx->width, avctx->height, x2, y2);
         ret = AVERROR(EINVAL);

libavcodec/dxv.c

@@ -440,7 +440,7 @@ static int get_opcodes(GetByteContext *gb, uint32_t *table, uint8_t *dst, int op
 
     size_in_bits = bytestream2_get_le32(gb);
     endoffset = ((size_in_bits + 7) >> 3) - 4;
-    if (endoffset <= 0 || bytestream2_get_bytes_left(gb) < endoffset)
+    if ((int)endoffset <= 0 || bytestream2_get_bytes_left(gb) < endoffset)
         return AVERROR_INVALIDDATA;
 
     offset = endoffset;

libavcodec/dxva2.c

@@ -117,7 +117,7 @@ static int dxva_get_decoder_configuration(AVCodecContext *avctx,
 
     for (i = 0; i < cfg_count; i++) {
         unsigned score;
-        UINT ConfigBitstreamRaw;
+        UINT ConfigBitstreamRaw = 0;
         GUID guidConfigBitstreamEncryption;
 
 #if CONFIG_D3D11VA
@@ -268,7 +268,7 @@ static int dxva_get_decoder_guid(AVCodecContext *avctx, void *service, void *sur
     *decoder_guid = ff_GUID_NULL;
     for (i = 0; dxva_modes[i].guid; i++) {
         const dxva_mode *mode = &dxva_modes[i];
-        int validate;
+        int validate = 0;
         if (!dxva_check_codec_compatibility(avctx, mode))
             continue;
 
@@ -800,7 +800,7 @@ int ff_dxva2_commit_buffer(AVCodecContext *avctx,
                            unsigned type, const void *data, unsigned size,
                            unsigned mb_count)
 {
-    void     *dxva_data;
+    void     *dxva_data = NULL;
     unsigned dxva_size;
     int      result;
     HRESULT hr = 0;
@@ -822,7 +822,7 @@ int ff_dxva2_commit_buffer(AVCodecContext *avctx,
                type, (unsigned)hr);
         return -1;
     }
-    if (size <= dxva_size) {
+    if (dxva_data && size <= dxva_size) {
         memcpy(dxva_data, data, size);
 
 #if CONFIG_D3D11VA
@@ -900,7 +900,7 @@ int ff_dxva2_common_end_frame(AVCodecContext *avctx, AVFrame *frame,
 #endif
     DECODER_BUFFER_DESC             *buffer = NULL, *buffer_slice = NULL;
     int result, runs = 0;
-    HRESULT hr;
+    HRESULT hr = -1;
     unsigned type;
     FFDXVASharedContext *sctx = DXVA_SHARED_CONTEXT(avctx);
 

libavcodec/eacmv.c

@@ -194,12 +194,15 @@ static int cmv_decode_frame(AVCodecContext *avctx, AVFrame *frame,
     if ((ret = av_image_check_size(s->width, s->height, 0, s->avctx)) < 0)
         return ret;
 
+    buf += EA_PREAMBLE_SIZE;
+    if (!(buf[0]&1) && buf_end - buf < s->width * s->height * (int64_t)(100 - s->avctx->discard_damaged_percentage) / 100)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
         return ret;
 
     memcpy(frame->data[1], s->palette, AVPALETTE_SIZE);
 
-    buf += EA_PREAMBLE_SIZE;
     if ((buf[0]&1)) {  // subtype
         cmv_decode_inter(s, frame, buf+2, buf_end);
         frame->flags &= ~AV_FRAME_FLAG_KEY;

libavcodec/eatgq.c

@@ -178,7 +178,8 @@ static int tgq_decode_mb(TgqContext *s, GetByteContext *gbyte,
             dc[4] = bytestream2_get_byte(gbyte);
             dc[5] = bytestream2_get_byte(gbyte);
         } else if (mode == 6) {
-            bytestream2_get_buffer(gbyte, dc, 6);
+            if (bytestream2_get_buffer(gbyte, dc, 6) != 6)
+                return AVERROR_INVALIDDATA;
         } else if (mode == 12) {
             for (i = 0; i < 6; i++) {
                 dc[i] = bytestream2_get_byte(gbyte);

libavcodec/encode.c

@@ -753,6 +753,11 @@ int ff_encode_preinit(AVCodecContext *avctx)
         return AVERROR(EINVAL);
     }
 
+    if (avctx->bit_rate < 0) {
+        av_log(avctx, AV_LOG_ERROR, "The encoder bitrate is negative.\n");
+        return AVERROR(EINVAL);
+    }
+
     if (avctx->flags & AV_CODEC_FLAG_COPY_OPAQUE &&
         !(avctx->codec->capabilities & AV_CODEC_CAP_ENCODER_REORDERED_OPAQUE)) {
         av_log(avctx, AV_LOG_ERROR, "The copy_opaque flag is set, but the "

libavcodec/evc_parse.c

@@ -58,8 +58,12 @@ int ff_evc_parse_slice_header(GetBitContext *gb, EVCParserSliceHeader *sh,
         if (!sh->arbitrary_slice_flag)
             sh->last_tile_id = get_bits(gb, pps->tile_id_len_minus1 + 1);
         else {
-            sh->num_remaining_tiles_in_slice_minus1 = get_ue_golomb_long(gb);
-            num_tiles_in_slice = sh->num_remaining_tiles_in_slice_minus1 + 2;
+            unsigned num_remaining_tiles_in_slice_minus1 = get_ue_golomb_long(gb);
+            if (num_remaining_tiles_in_slice_minus1 > EVC_MAX_TILE_ROWS * EVC_MAX_TILE_COLUMNS - 2)
+                return AVERROR_INVALIDDATA;
+
+            num_tiles_in_slice = num_remaining_tiles_in_slice_minus1 + 2;
+            sh->num_remaining_tiles_in_slice_minus1 = num_remaining_tiles_in_slice_minus1;
             for (int i = 0; i < num_tiles_in_slice - 1; ++i)
                 sh->delta_tile_id_minus1[i] = get_ue_golomb_long(gb);
         }
@@ -172,7 +176,11 @@ int ff_evc_derive_poc(const EVCParamSets *ps, const EVCParserSliceHeader *sh,
             poc->PicOrderCntVal = 0;
             poc->DocOffset = -1;
         } else {
-            int SubGopLength = (int)pow(2.0, sps->log2_sub_gop_length);
+            int SubGopLength = 1 << sps->log2_sub_gop_length;
+
+            if (tid > (SubGopLength > 1 ? 1 + av_log2(SubGopLength - 1) : 0))
+                return AVERROR_INVALIDDATA;
+
             if (tid == 0) {
                 poc->PicOrderCntVal = poc->prevPicOrderCntVal + SubGopLength;
                 poc->DocOffset = 0;
@@ -187,15 +195,16 @@ int ff_evc_derive_poc(const EVCParamSets *ps, const EVCParserSliceHeader *sh,
                     poc->prevPicOrderCntVal += SubGopLength;
                     ExpectedTemporalId = 0;
                 } else
-                    ExpectedTemporalId = 1 + (int)log2(poc->DocOffset);
+                    ExpectedTemporalId = 1 + av_log2(poc->DocOffset);
+
                 while (tid != ExpectedTemporalId) {
                     poc->DocOffset = (poc->DocOffset + 1) % SubGopLength;
                     if (poc->DocOffset == 0)
                         ExpectedTemporalId = 0;
                     else
-                        ExpectedTemporalId = 1 + (int)log2(poc->DocOffset);
+                        ExpectedTemporalId = 1 + av_log2(poc->DocOffset);
                 }
-                PocOffset = (int)(SubGopLength * ((2.0 * poc->DocOffset + 1) / (int)pow(2.0, tid) - 2));
+                PocOffset = (int)(SubGopLength * ((2.0 * poc->DocOffset + 1) / (1 << tid) - 2));
                 poc->PicOrderCntVal = poc->prevPicOrderCntVal + PocOffset;
             }
         }

libavcodec/exr.c

@@ -334,7 +334,10 @@ static int huf_unpack_enc_table(GetByteContext *gb,
         return ret;
 
     for (; im <= iM; im++) {
-        uint64_t l = freq[im] = get_bits(&gbit, 6);
+        int l;
+        if (get_bits_left(&gbit) < 6)
+            return AVERROR_INVALIDDATA;
+        l = freq[im] = get_bits(&gbit, 6);
 
         if (l == LONG_ZEROCODE_RUN) {
             int zerun = get_bits(&gbit, 8) + SHORTEST_LONG_RUN;
@@ -1939,7 +1942,7 @@ static int decode_header(EXRContext *s, AVFrame *frame)
                                                      "preview", 16)) >= 0) {
             uint32_t pw = bytestream2_get_le32(gb);
             uint32_t ph = bytestream2_get_le32(gb);
-            uint64_t psize = pw * ph;
+            uint64_t psize = pw * (uint64_t)ph;
             if (psize > INT64_MAX / 4) {
                 ret = AVERROR_INVALIDDATA;
                 goto fail;

libavcodec/ffv1.c

@@ -103,6 +103,13 @@ av_cold int ff_ffv1_init_slices_state(FFV1Context *f)
     return 0;
 }
 
+int ff_need_new_slices(int width, int num_h_slices, int chroma_shift) {
+    int mpw = 1<<chroma_shift;
+    int i = width * (int64_t)(num_h_slices - 1) / num_h_slices;
+
+    return width % mpw && (width - i) % mpw == 0;
+}
+
 av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f)
 {
     int i, max_slice_count = f->num_h_slices * f->num_v_slices;

libavcodec/ffv1.h

@@ -142,6 +142,7 @@ int ff_ffv1_init_slice_contexts(FFV1Context *f);
 int ff_ffv1_allocate_initial_states(FFV1Context *f);
 void ff_ffv1_clear_slice_state(const FFV1Context *f, FFV1Context *fs);
 int ff_ffv1_close(AVCodecContext *avctx);
+int ff_need_new_slices(int width, int num_h_slices, int chroma_shift);
 
 static av_always_inline int fold(int diff, int bits)
 {

libavcodec/ffv1dec.c

@@ -363,7 +363,7 @@ static int decode_slice(AVCodecContext *c, void *arg)
     if (fs->ac != AC_GOLOMB_RICE && f->version > 2) {
         int v;
         get_rac(&fs->c, (uint8_t[]) { 129 });
-        v = fs->c.bytestream_end - fs->c.bytestream - 2 - 5*f->ec;
+        v = fs->c.bytestream_end - fs->c.bytestream - 2 - 5*!!f->ec;
         if (v) {
             av_log(f->avctx, AV_LOG_ERROR, "bytestream end mismatching by %d\n", v);
             fs->slice_damaged = 1;

libavcodec/ffv1enc.c

@@ -199,7 +199,7 @@ static av_always_inline av_flatten void put_symbol_inline(RangeCoder *c,
     } while (0)
 
     if (v) {
-        const int a = FFABS(v);
+        const unsigned a = is_signed ? FFABS(v) : v;
         const int e = av_log2(a);
         put_rac(c, state + 0, 0);
         if (e <= 9) {
@@ -526,6 +526,11 @@ static av_cold int encode_init(AVCodecContext *avctx)
         avctx->slices > 1)
         s->version = FFMAX(s->version, 2);
 
+    if ((avctx->flags & (AV_CODEC_FLAG_PASS1 | AV_CODEC_FLAG_PASS2)) && s->ac == AC_GOLOMB_RICE) {
+        av_log(avctx, AV_LOG_ERROR, "2 Pass mode is not possible with golomb coding\n");
+        return AVERROR(EINVAL);
+    }
+
     // Unspecified level & slices, we choose version 1.2+ to ensure multithreaded decodability
     if (avctx->slices == 0 && avctx->level < 0 && avctx->width * avctx->height > 720*576)
         s->version = FFMAX(s->version, 2);
@@ -550,7 +555,7 @@ static av_cold int encode_init(AVCodecContext *avctx)
         s->version = FFMAX(s->version, 3);
 
     if ((s->version == 2 || s->version>3) && avctx->strict_std_compliance > FF_COMPLIANCE_EXPERIMENTAL) {
-        av_log(avctx, AV_LOG_ERROR, "Version 2 needed for requested features but version 2 is experimental and not enabled\n");
+        av_log(avctx, AV_LOG_ERROR, "Version 2 or 4 needed for requested features but version 2 or 4 is experimental and not enabled\n");
         return AVERROR_INVALIDDATA;
     }
 
@@ -722,19 +727,21 @@ static av_cold int encode_init(AVCodecContext *avctx)
             s->quant_tables[1][2][i]=     11*11*quant5 [i];
             s->quant_tables[1][3][i]=   5*11*11*quant5 [i];
             s->quant_tables[1][4][i]= 5*5*11*11*quant5 [i];
+            s->context_count[0] = (11 * 11 * 11        + 1) / 2;
+            s->context_count[1] = (11 * 11 * 5 * 5 * 5 + 1) / 2;
         } else {
             s->quant_tables[0][0][i]=           quant9_10bit[i];
-            s->quant_tables[0][1][i]=        11*quant9_10bit[i];
-            s->quant_tables[0][2][i]=     11*11*quant9_10bit[i];
+            s->quant_tables[0][1][i]=         9*quant9_10bit[i];
+            s->quant_tables[0][2][i]=       9*9*quant9_10bit[i];
             s->quant_tables[1][0][i]=           quant9_10bit[i];
-            s->quant_tables[1][1][i]=        11*quant9_10bit[i];
-            s->quant_tables[1][2][i]=     11*11*quant5_10bit[i];
-            s->quant_tables[1][3][i]=   5*11*11*quant5_10bit[i];
-            s->quant_tables[1][4][i]= 5*5*11*11*quant5_10bit[i];
+            s->quant_tables[1][1][i]=         9*quant9_10bit[i];
+            s->quant_tables[1][2][i]=       9*9*quant5_10bit[i];
+            s->quant_tables[1][3][i]=     5*9*9*quant5_10bit[i];
+            s->quant_tables[1][4][i]=   5*5*9*9*quant5_10bit[i];
+            s->context_count[0] = (9 * 9 * 9         + 1) / 2;
+            s->context_count[1] = (9 * 9 * 5 * 5 * 5 + 1) / 2;
         }
     }
-    s->context_count[0] = (11 * 11 * 11        + 1) / 2;
-    s->context_count[1] = (11 * 11 * 5 * 5 * 5 + 1) / 2;
     memcpy(s->quant_table, s->quant_tables[s->context_model],
            sizeof(s->quant_table));
 
@@ -866,6 +873,10 @@ static av_cold int encode_init(AVCodecContext *avctx)
                     continue;
                 if (maxw * maxh * (int64_t)(s->bits_per_raw_sample+1) * plane_count > 8<<24)
                     continue;
+                if (s->version < 4)
+                    if (  ff_need_new_slices(avctx->width , s->num_h_slices, s->chroma_h_shift)
+                        ||ff_need_new_slices(avctx->height, s->num_v_slices, s->chroma_v_shift))
+                        continue;
                 if (avctx->slices == s->num_h_slices * s->num_v_slices && avctx->slices <= MAX_SLICES || !avctx->slices)
                     goto slices_ok;
             }
@@ -914,8 +925,8 @@ static void encode_slice_header(FFV1Context *f, FFV1Context *fs)
 
     put_symbol(c, state, (fs->slice_x     +1)*f->num_h_slices / f->width   , 0);
     put_symbol(c, state, (fs->slice_y     +1)*f->num_v_slices / f->height  , 0);
-    put_symbol(c, state, (fs->slice_width +1)*f->num_h_slices / f->width -1, 0);
-    put_symbol(c, state, (fs->slice_height+1)*f->num_v_slices / f->height-1, 0);
+    put_symbol(c, state, 0, 0);
+    put_symbol(c, state, 0, 0);
     for (j=0; j<f->plane_count; j++) {
         put_symbol(c, state, f->plane[j].quant_table_index, 0);
         av_assert0(f->plane[j].quant_table_index == f->context_model);

libavcodec/flac_parser.c

@@ -519,6 +519,8 @@ static int check_header_mismatch(FLACParseContext  *fpc,
         for (i = 0; i < FLAC_MAX_SEQUENTIAL_HEADERS && curr != child; i++)
             curr = curr->next;
 
+        av_assert0(i < FLAC_MAX_SEQUENTIAL_HEADERS);
+
         if (header->link_penalty[i] < FLAC_HEADER_CRC_FAIL_PENALTY ||
             header->link_penalty[i] == FLAC_HEADER_NOT_PENALIZED_YET) {
             FLACHeaderMarker *start, *end;

libavcodec/flicvideo.c

@@ -642,7 +642,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
                        "has incorrect size, skipping chunk\n", chunk_size - 6);
                 bytestream2_skip(&g2, chunk_size - 6);
             } else {
-                for (y_ptr = 0; check_pixel_ptr(y_ptr, 0, pixel_limit, direction) == 0;
+                for (y_ptr = 0; check_pixel_ptr(y_ptr, s->avctx->width, pixel_limit, direction) == 0;
                      y_ptr += s->frame->linesize[0]) {
                     bytestream2_get_buffer(&g2, &pixels[y_ptr],
                                            s->avctx->width);
@@ -949,7 +949,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
 
                 if (bytestream2_get_bytes_left(&g2) < 2 * s->avctx->width * s->avctx->height )
                     return AVERROR_INVALIDDATA;
-                for (y_ptr = 0; check_pixel_ptr(y_ptr, 0, pixel_limit, direction) == 0;
+                for (y_ptr = 0; check_pixel_ptr(y_ptr, 2*s->avctx->width, pixel_limit, direction) == 0;
                      y_ptr += s->frame->linesize[0]) {
 
                     pixel_countdown = s->avctx->width;
@@ -1235,7 +1235,7 @@ static int flic_decode_frame_24BPP(AVCodecContext *avctx,
                        "bigger than image, skipping chunk\n", chunk_size - 6);
                 bytestream2_skip(&g2, chunk_size - 6);
             } else {
-                for (y_ptr = 0; check_pixel_ptr(y_ptr, 0, pixel_limit, direction) == 0;
+                for (y_ptr = 0; check_pixel_ptr(y_ptr, 3*s->avctx->width, pixel_limit, direction) == 0;
                      y_ptr += s->frame->linesize[0]) {
 
                     bytestream2_get_buffer(&g2, pixels + y_ptr, 3*s->avctx->width);

libavcodec/fmvc.c

@@ -100,7 +100,6 @@ static int decode_type2(GetByteContext *gb, PutByteContext *pb)
                             continue;
                         }
                     }
-                    repeat = 0;
                 }
                 repeat = 1;
             }

libavcodec/get_buffer.c

@@ -152,7 +152,10 @@ FF_ENABLE_DEPRECATION_WARNINGS
         if (ret < 0)
             goto fail;
 
-        pool->pools[0] = av_buffer_pool_init(pool->linesize[0], NULL);
+        pool->pools[0] = av_buffer_pool_init(pool->linesize[0],
+                                             CONFIG_MEMORY_POISONING ?
+                                                NULL :
+                                                av_buffer_allocz);
         if (!pool->pools[0]) {
             ret = AVERROR(ENOMEM);
             goto fail;

libavcodec/golomb.h

@@ -402,6 +402,7 @@ static inline int get_ur_golomb(GetBitContext *gb, int k, int limit,
     log = av_log2(buf);
 
     if (log > 31 - limit) {
+        av_assert2(log >= k);
         buf >>= log - k;
         buf  += (30U - log) << k;
         LAST_SKIP_BITS(re, gb, 32 + k - log);
@@ -424,6 +425,8 @@ static inline int get_ur_golomb(GetBitContext *gb, int k, int limit,
 
 /**
  * read unsigned golomb rice code (jpegls).
+ *
+ * @returns -1 on error
  */
 static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
                                        int esc_len)
@@ -535,6 +538,8 @@ static inline int get_sr_golomb(GetBitContext *gb, int k, int limit,
 
 /**
  * read signed golomb rice code (flac).
+ *
+ * @returns INT_MIN on error
  */
 static inline int get_sr_golomb_flac(GetBitContext *gb, int k, int limit,
                                      int esc_len)

libavcodec/h263dec.c

@@ -407,6 +407,7 @@ int ff_h263_decode_frame(AVCodecContext *avctx, AVFrame *pict,
     MpegEncContext *s  = avctx->priv_data;
     int ret;
     int slice_ret = 0;
+    int bak_width, bak_height;
 
     /* no supplementary picture */
     if (buf_size == 0) {
@@ -458,6 +459,9 @@ retry:
     if (ret < 0)
         return ret;
 
+    bak_width  = s->width;
+    bak_height = s->height;
+
     /* let's go :-) */
     if (CONFIG_WMV2_DECODER && s->msmpeg4_version == 5) {
         ret = ff_wmv2_decode_picture_header(s);
@@ -475,11 +479,12 @@ retry:
     }
 
     if (ret < 0 || ret == FRAME_SKIPPED) {
-        if (   s->width  != avctx->coded_width
-            || s->height != avctx->coded_height) {
+        if (   s->width  != bak_width
+            || s->height != bak_height) {
                 av_log(s->avctx, AV_LOG_WARNING, "Reverting picture dimensions change due to header decoding failure\n");
-                s->width = avctx->coded_width;
-                s->height= avctx->coded_height;
+                s->width = bak_width;
+                s->height= bak_height;
+
         }
     }
     if (ret == FRAME_SKIPPED)

libavcodec/h2645_parse.c

@@ -578,9 +578,11 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length,
 
         if (codec_id == AV_CODEC_ID_VVC)
             ret = vvc_parse_nal_header(nal, logctx);
-        else if (codec_id == AV_CODEC_ID_HEVC)
+        else if (codec_id == AV_CODEC_ID_HEVC) {
             ret = hevc_parse_nal_header(nal, logctx);
-        else
+            if (nal->nuh_layer_id == 63)
+                continue;
+        } else
             ret = h264_parse_nal_header(nal, logctx);
         if (ret < 0) {
             av_log(logctx, AV_LOG_WARNING, "Invalid NAL unit %d, skipping.\n",

libavcodec/h2645_sei.c

@@ -599,8 +599,7 @@ int ff_h2645_sei_to_frame(AVFrame *frame, H2645SEI *sei,
         if (!sd)
             av_buffer_unref(&a53->buf_ref);
         a53->buf_ref = NULL;
-        if (avctx)
-            avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
+        avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
     }
 
     for (unsigned i = 0; i < sei->unregistered.nb_buf_ref; i++) {
@@ -686,8 +685,7 @@ int ff_h2645_sei_to_frame(AVFrame *frame, H2645SEI *sei,
         else
             fgc->present = fgc->persistence_flag;
 
-        if (avctx)
-            avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN;
+        avctx->properties |= FF_CODEC_PROPERTY_FILM_GRAIN;
     }
 
     if (sei->ambient_viewing_environment.present) {

libavcodec/h264_mb.c

@@ -407,7 +407,7 @@ static av_always_inline void mc_part_weighted(const H264Context *h, H264SliceCon
         /* don't optimize for luma-only case, since B-frames usually
          * use implicit weights => chroma too. */
         uint8_t *tmp_cb = sl->bipred_scratchpad;
-        uint8_t *tmp_cr = sl->bipred_scratchpad + (16 << pixel_shift);
+        uint8_t *tmp_cr = sl->bipred_scratchpad + (8 << pixel_shift + (chroma_idc == 3));
         uint8_t *tmp_y  = sl->bipred_scratchpad + 16 * sl->mb_uvlinesize;
         int refn0       = sl->ref_cache[0][scan8[n]];
         int refn1       = sl->ref_cache[1][scan8[n]];

libavcodec/h264_slice.c

@@ -1398,7 +1398,7 @@ static int h264_field_start(H264Context *h, const H264SliceContext *sl,
 
     sps = h->ps.sps;
 
-    if (sps && sps->bitstream_restriction_flag &&
+    if (sps->bitstream_restriction_flag &&
         h->avctx->has_b_frames < sps->num_reorder_frames) {
         h->avctx->has_b_frames = sps->num_reorder_frames;
     }

libavcodec/hapdec.c

@@ -309,6 +309,7 @@ static int hap_decode(AVCodecContext *avctx, AVFrame *frame,
             ret = av_reallocp(&ctx->tex_buf, ctx->tex_size);
             if (ret < 0)
                 return ret;
+            memset(ctx->tex_buf, 0, ctx->tex_size);
 
             avctx->execute2(avctx, decompress_chunks_thread, NULL,
                             ctx->chunk_results, ctx->chunk_count);

libavcodec/hcadec.c

@@ -212,6 +212,7 @@ static int init_hca(AVCodecContext *avctx, const uint8_t *extradata,
     int8_t r[16] = { 0 };
     unsigned b, chunk;
     int version, ret;
+    unsigned hfr_group_count;
 
     init_flush(avctx);
 
@@ -336,11 +337,12 @@ static int init_hca(AVCodecContext *avctx, const uint8_t *extradata,
     if (c->total_band_count < c->base_band_count)
         return AVERROR_INVALIDDATA;
 
-    c->hfr_group_count = ceil2(c->total_band_count - (c->base_band_count + c->stereo_band_count),
+    hfr_group_count = ceil2(c->total_band_count - (c->base_band_count + c->stereo_band_count),
                                c->bands_per_hfr_group);
 
-    if (c->base_band_count + c->stereo_band_count + (unsigned long)c->hfr_group_count > 128ULL)
+    if (c->base_band_count + c->stereo_band_count + (uint64_t)hfr_group_count > 128ULL)
         return AVERROR_INVALIDDATA;
+    c->hfr_group_count = hfr_group_count;
 
     for (int i = 0; i < avctx->ch_layout.nb_channels; i++) {
         c->ch[i].chan_type = r[i];
@@ -536,8 +538,10 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
             return AVERROR_INVALIDDATA;
         } else if (AV_RB16(avpkt->data + 6) <= avpkt->size) {
             ret = init_hca(avctx, avpkt->data, AV_RB16(avpkt->data + 6));
-            if (ret < 0)
+            if (ret < 0) {
+                c->crc_table = NULL; // signal that init has not finished
                 return ret;
+            }
             offset = AV_RB16(avpkt->data + 6);
             if (offset == avpkt->size)
                 return avpkt->size;

libavcodec/hdrenc.c

@@ -124,7 +124,7 @@ static int hdr_encode_frame(AVCodecContext *avctx, AVPacket *pkt,
     uint8_t *buf;
     int ret;
 
-    packet_size = avctx->width * avctx->height * 4LL + 1024LL;
+    packet_size = avctx->height * 4LL + avctx->width * avctx->height * 8LL + 1024LL;
     if ((ret = ff_get_encode_buffer(avctx, pkt, packet_size, 0)) < 0)
         return ret;
 

libavcodec/hevc_parser.c

@@ -105,7 +105,7 @@ static int hevc_parse_slice_header(AVCodecParserContext *s, H2645NAL *nal,
         den = ps->sps->vui.vui_time_scale;
     }
 
-    if (num != 0 && den != 0)
+    if (num > 0 && den > 0)
         av_reduce(&avctx->framerate.den, &avctx->framerate.num,
                   num, den, 1 << 30);
 

libavcodec/hevcdec.c

@@ -372,7 +372,7 @@ static void export_stream_params(HEVCContext *s, const HEVCSPS *sps)
         den = sps->vui.vui_time_scale;
     }
 
-    if (num != 0 && den != 0)
+    if (num > 0 && den > 0)
         av_reduce(&avctx->framerate.den, &avctx->framerate.num,
                   num, den, 1 << 30);
 }
@@ -651,6 +651,10 @@ static int hls_slice_header(HEVCContext *s)
 
         if (s->ps.pps->dependent_slice_segments_enabled_flag)
             sh->dependent_slice_segment_flag = get_bits1(gb);
+        if (sh->dependent_slice_segment_flag && !s->slice_initialized) {
+            av_log(s->avctx, AV_LOG_ERROR, "Independent slice segment missing.\n");
+            return AVERROR_INVALIDDATA;
+        }
 
         slice_address_length = av_ceil_log2(s->ps.sps->ctb_width *
                                             s->ps.sps->ctb_height);
@@ -939,9 +943,6 @@ static int hls_slice_header(HEVCContext *s)
         } else {
             sh->slice_loop_filter_across_slices_enabled_flag = s->ps.pps->seq_loop_filter_across_slices_enabled_flag;
         }
-    } else if (!s->slice_initialized) {
-        av_log(s->avctx, AV_LOG_ERROR, "Independent slice segment missing.\n");
-        return AVERROR_INVALIDDATA;
     }
 
     sh->num_entry_point_offsets = 0;
@@ -1961,13 +1962,13 @@ static void hls_prediction_unit(HEVCLocalContext *lc, int x0, int y0,
 
     if (current_mv.pred_flag & PF_L0) {
         ref0 = refPicList[0].ref[current_mv.ref_idx[0]];
-        if (!ref0 || !ref0->frame->data[0])
+        if (!ref0 || !ref0->frame)
             return;
         hevc_await_progress(s, ref0, &current_mv.mv[0], y0, nPbH);
     }
     if (current_mv.pred_flag & PF_L1) {
         ref1 = refPicList[1].ref[current_mv.ref_idx[1]];
-        if (!ref1 || !ref1->frame->data[0])
+        if (!ref1 || !ref1->frame)
             return;
         hevc_await_progress(s, ref1, &current_mv.mv[1], y0, nPbH);
     }
@@ -2627,6 +2628,11 @@ static int hls_decode_entry_wpp(AVCodecContext *avctxt, void *hevc_lclist,
         if (ret < 0)
             goto error;
         hls_sao_param(lc, x_ctb >> s->ps.sps->log2_ctb_size, y_ctb >> s->ps.sps->log2_ctb_size);
+
+        s->deblock[ctb_addr_rs].beta_offset = s->sh.beta_offset;
+        s->deblock[ctb_addr_rs].tc_offset   = s->sh.tc_offset;
+        s->filter_slice_edges[ctb_addr_rs]  = s->sh.slice_loop_filter_across_slices_enabled_flag;
+
         more_data = hls_coding_quadtree(lc, x_ctb, y_ctb, s->ps.sps->log2_ctb_size, 0);
 
         if (more_data < 0) {
@@ -2773,7 +2779,7 @@ static int set_side_data(HEVCContext *s)
             s->sei.common.content_light.present--;
     }
 
-    ret = ff_h2645_sei_to_frame(out, &s->sei.common, AV_CODEC_ID_HEVC, NULL,
+    ret = ff_h2645_sei_to_frame(out, &s->sei.common, AV_CODEC_ID_HEVC, s->avctx,
                                 &s->ps.sps->vui.common,
                                 s->ps.sps->bit_depth, s->ps.sps->bit_depth_chroma,
                                 s->ref->poc /* no poc_offset in HEVC */);
@@ -3015,8 +3021,11 @@ static int decode_nal_unit(HEVCContext *s, const H2645NAL *nal)
     case HEVC_NAL_RASL_N:
     case HEVC_NAL_RASL_R:
         ret = hls_slice_header(s);
-        if (ret < 0)
+        if (ret < 0) {
+            // hls_slice_header() does not cleanup on failure thus the state now is inconsistant so we cannot use it on depandant slices
+            s->slice_initialized = 0;
             return ret;
+        }
         if (ret == 1) {
             ret = AVERROR_INVALIDDATA;
             goto fail;

libavcodec/huffyuvdec.c

@@ -773,6 +773,8 @@ static void decode_gray_bitstream(HYuvDecContext *s, int count)
         for (i = 0; i < count && BITS_LEFT(re, &s->gb) > 0; i++) {
             READ_2PIX(s->temp[0][2 * i], s->temp[0][2 * i + 1], 0);
         }
+        for (; i < count; i++)
+            s->temp[0][2 * i] = s->temp[0][2 * i + 1] = 0;
     } else {
         for (i = 0; i < count; i++) {
             READ_2PIX(s->temp[0][2 * i], s->temp[0][2 * i + 1], 0);

libavcodec/iff.c

@@ -522,7 +522,7 @@ static int decode_byterun2(uint8_t *dst, int height, int line_size,
                            GetByteContext *gb)
 {
     GetByteContext cmds;
-    unsigned count;
+    int count;
     int i, y_pos = 0, x_pos = 0;
 
     if (bytestream2_get_be32(gb) != MKBETAG('V', 'D', 'A', 'T'))
@@ -530,7 +530,7 @@ static int decode_byterun2(uint8_t *dst, int height, int line_size,
 
     bytestream2_skip(gb, 4);
     count = bytestream2_get_be16(gb) - 2;
-    if (bytestream2_get_bytes_left(gb) < count)
+    if (count < 0 || bytestream2_get_bytes_left(gb) < count)
         return 0;
 
     bytestream2_init(&cmds, gb->buffer, count);

libavcodec/ilbcdec.c

@@ -658,7 +658,7 @@ static void get_codebook(int16_t * cbvec,   /* (o) Constructed codebook vector *
     int16_t k, base_size;
     int16_t lag;
     /* Stack based */
-    int16_t tempbuff2[SUBL + 5];
+    int16_t tempbuff2[SUBL + 5] = {0};
 
     /* Determine size of codebook sections */
     base_size = lMem - cbveclen + 1;
@@ -1095,12 +1095,6 @@ static void do_plc(int16_t *plc_residual,      /* (o) concealed residual */
 
         if (s->consPLICount * s->block_samples > 320) {
             use_gain = 29491;   /* 0.9 in Q15 */
-        } else if (s->consPLICount * s->block_samples > 640) {
-            use_gain = 22938;   /* 0.7 in Q15 */
-        } else if (s->consPLICount * s->block_samples > 960) {
-            use_gain = 16384;   /* 0.5 in Q15 */
-        } else if (s->consPLICount * s->block_samples > 1280) {
-            use_gain = 0;       /* 0.0 in Q15 */
         }
 
         /* Compute mixing factor of picth repeatition and noise:

libavcodec/imm4.c

@@ -219,12 +219,15 @@ static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame
 
     for (y = 0; y < avctx->height; y += 16) {
         for (x = 0; x < avctx->width; x += 16) {
-            unsigned flag, cbphi, cbplo;
+            unsigned flag, cbplo;
+            int cbphi;
 
             cbplo = get_vlc2(gb, cbplo_tab.table, CBPLO_VLC_BITS, 1);
             flag = get_bits1(gb);
 
             cbphi = get_cbphi(gb, 1);
+            if (cbphi < 0)
+                return cbphi;
 
             ret = decode_blocks(avctx, gb, cbplo | (cbphi << 2), 0, offset, flag);
             if (ret < 0)
@@ -272,7 +275,8 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
     for (y = 0; y < avctx->height; y += 16) {
         for (x = 0; x < avctx->width; x += 16) {
             int reverse, intra_block, value;
-            unsigned cbphi, cbplo, flag2 = 0;
+            unsigned cbplo, flag2 = 0;
+            int cbphi;
 
             if (get_bits1(gb)) {
                 copy_block16(frame->data[0] + y * frame->linesize[0] + x,
@@ -298,6 +302,9 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
 
             cbplo = value >> 4;
             cbphi = get_cbphi(gb, reverse);
+            if (cbphi < 0)
+                return cbphi;
+
             if (intra_block) {
                 ret = decode_blocks(avctx, gb, cbplo | (cbphi << 2), 0, offset, flag2);
                 if (ret < 0)
@@ -445,6 +452,10 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
     if (ret < 0)
         return ret;
 
+    if (((avctx->width + 15) / 16) * ((avctx->height + 15) / 16) > get_bits_left(gb))
+        return AVERROR_INVALIDDATA;
+
+
     if ((ret = ff_get_buffer(avctx, frame, (frame->flags & AV_FRAME_FLAG_KEY) ? AV_GET_BUFFER_FLAG_REF : 0)) < 0)
         return ret;
 

libavcodec/indeo3.c

@@ -171,6 +171,9 @@ static av_cold int allocate_frame_buffers(Indeo3DecodeContext *ctx,
     int luma_size, chroma_size;
     ptrdiff_t luma_pitch, chroma_pitch;
 
+    luma_width  = FFALIGN(luma_width , 2);
+    luma_height = FFALIGN(luma_height, 2);
+
     if (luma_width  < 16 || luma_width  > 640 ||
         luma_height < 16 || luma_height > 480 ||
         luma_width  &  1 || luma_height &   1) {

libavcodec/j2kenc.c

@@ -1348,7 +1348,7 @@ static void makelayers(Jpeg2000EncoderContext *s, Jpeg2000Tile *tile)
     }
 }
 
-static int getcut(Jpeg2000Cblk *cblk, uint64_t lambda, int dwt_norm)
+static int getcut(Jpeg2000Cblk *cblk, uint64_t lambda)
 {
     int passno, res = 0;
     for (passno = 0; passno < cblk->npasses; passno++){
@@ -1360,7 +1360,7 @@ static int getcut(Jpeg2000Cblk *cblk, uint64_t lambda, int dwt_norm)
         dd = cblk->passes[passno].disto
            - (res ? cblk->passes[res-1].disto : 0);
 
-        if (((dd * dwt_norm) >> WMSEDEC_SHIFT) * dwt_norm >= dr * lambda)
+        if (dd  >= dr * lambda)
             res = passno+1;
     }
     return res;
@@ -1383,11 +1383,12 @@ static void truncpasses(Jpeg2000EncoderContext *s, Jpeg2000Tile *tile)
                     Jpeg2000Band *band = reslevel->band + bandno;
                     Jpeg2000Prec *prec = band->prec + precno;
 
+                    int64_t dwt_norm = dwt_norms[codsty->transform == FF_DWT53][bandpos][lev] * (int64_t)band->i_stepsize >> 15;
+                    int64_t lambda_prime = av_rescale(s->lambda, 1 << WMSEDEC_SHIFT, dwt_norm * dwt_norm);
                     for (cblkno = 0; cblkno < prec->nb_codeblocks_height * prec->nb_codeblocks_width; cblkno++){
                         Jpeg2000Cblk *cblk = prec->cblk + cblkno;
 
-                        cblk->ninclpasses = getcut(cblk, s->lambda,
-                                (int64_t)dwt_norms[codsty->transform == FF_DWT53][bandpos][lev] * (int64_t)band->i_stepsize >> 15);
+                        cblk->ninclpasses = getcut(cblk, lambda_prime);
                         cblk->layers[0].data_start = cblk->data;
                         cblk->layers[0].cum_passes = cblk->ninclpasses;
                         cblk->layers[0].npasses = cblk->ninclpasses;

libavcodec/jfdctint_template.c

@@ -69,7 +69,7 @@
 #define GLOBAL(x) x
 #define RIGHT_SHIFT(x, n) ((x) >> (n))
 #define MULTIPLY16C16(var,const) ((var)*(const))
-#define DESCALE(x,n)  RIGHT_SHIFT((x) + (1 << ((n) - 1)), n)
+#define DESCALE(x,n)  RIGHT_SHIFT((int)(x) + (1 << ((n) - 1)), n)
 
 
 /*
@@ -175,7 +175,7 @@
 #if BITS_IN_JSAMPLE == 8 && CONST_BITS<=13 && PASS1_BITS<=2
 #define MULTIPLY(var,const)  MULTIPLY16C16(var,const)
 #else
-#define MULTIPLY(var,const)  ((var) * (const))
+#define MULTIPLY(var,const)  (int)((var) * (unsigned)(const))
 #endif
 
 
@@ -183,7 +183,7 @@ static av_always_inline void FUNC(row_fdct)(int16_t *data)
 {
   int tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7;
   int tmp10, tmp11, tmp12, tmp13;
-  int z1, z2, z3, z4, z5;
+  unsigned z1, z2, z3, z4, z5;
   int16_t *dataptr;
   int ctr;
 
@@ -261,7 +261,7 @@ FUNC(ff_jpeg_fdct_islow)(int16_t *data)
 {
   int tmp0, tmp1, tmp2, tmp3, tmp4, tmp5, tmp6, tmp7;
   int tmp10, tmp11, tmp12, tmp13;
-  int z1, z2, z3, z4, z5;
+  unsigned z1, z2, z3, z4, z5;
   int16_t *dataptr;
   int ctr;
 

libavcodec/jpeg2000dec.c

@@ -834,9 +834,6 @@ static int get_tlm(Jpeg2000DecoderContext *s, int n)
         case 2:
             bytestream2_get_be16(&s->g);
             break;
-        case 3:
-            bytestream2_get_be32(&s->g);
-            break;
         }
         if (SP == 0) {
             bytestream2_get_be16(&s->g);
@@ -1887,7 +1884,7 @@ static inline void roi_scale_cblk(Jpeg2000Cblk *cblk,
     }
 }
 
-static inline void tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile *tile)
+static inline int tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile *tile)
 {
     Jpeg2000T1Context t1;
 
@@ -1912,6 +1909,8 @@ static inline void tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile
                 int nb_precincts, precno;
                 Jpeg2000Band *band = rlevel->band + bandno;
                 int cblkno = 0, bandpos;
+                /* See Rec. ITU-T T.800, Equation E-2 */
+                int magp = quantsty->expn[subbandno] + quantsty->nguardbits - 1;
 
                 bandpos = bandno + (reslevelno > 0);
 
@@ -1919,6 +1918,11 @@ static inline void tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile
                     band->coord[1][0] == band->coord[1][1])
                     continue;
 
+                if ((codsty->cblk_style & JPEG2000_CTSY_HTJ2K_F) && magp >= 31) {
+                    avpriv_request_sample(s->avctx, "JPEG2000_CTSY_HTJ2K_F and magp >= 31");
+                    return AVERROR_PATCHWELCOME;
+                }
+
                 nb_precincts = rlevel->num_precincts_x * rlevel->num_precincts_y;
                 /* Loop on precincts */
                 for (precno = 0; precno < nb_precincts; precno++) {
@@ -1929,8 +1933,6 @@ static inline void tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile
                          cblkno < prec->nb_codeblocks_width * prec->nb_codeblocks_height;
                          cblkno++) {
                         int x, y, ret;
-                        /* See Rec. ITU-T T.800, Equation E-2 */
-                        int magp = quantsty->expn[subbandno] + quantsty->nguardbits - 1;
 
                         Jpeg2000Cblk *cblk = prec->cblk + cblkno;
 
@@ -1970,6 +1972,7 @@ static inline void tile_codeblocks(const Jpeg2000DecoderContext *s, Jpeg2000Tile
             ff_dwt_decode(&comp->dwt, codsty->transform == FF_DWT97 ? (void*)comp->f_data : (void*)comp->i_data);
 
     } /*end comp */
+    return 0;
 }
 
 #define WRITE_FRAME(D, PIXEL)                                                                     \
@@ -2046,7 +2049,9 @@ static int jpeg2000_decode_tile(AVCodecContext *avctx, void *td,
     AVFrame *picture = td;
     Jpeg2000Tile *tile = s->tile + jobnr;
 
-    tile_codeblocks(s, tile);
+    int ret = tile_codeblocks(s, tile);
+    if (ret < 0)
+        return ret;
 
     /* inverse MCT transformation */
     if (tile->codsty[0].mct)

libavcodec/jpeg2000htdec.c

@@ -567,11 +567,19 @@ static int jpeg2000_decode_ht_cleanup_segment(const Jpeg2000DecoderContext *s,
 
     uint64_t c;
 
-    uint8_t *sigma;
-    uint32_t *mu;
+    uint8_t *sigma, *sigma_n, *E;
+    uint32_t *mu, *mu_n;
 
     const uint8_t *vlc_buf = Dcup + Pcup;
 
+    /*
+     * Bound on the precision needed to process the codeblock. The number of
+     * decoded bit planes is equal to at most cblk->zbp + 2 since S_blk = P if
+     * there are no placeholder passes or HT Sets and P = cblk->zbp. See Rec.
+     * ITU-T T.814, 7.6.
+     */
+    int maxbp = cblk->zbp + 2;
+
     /* convert to raster-scan */
     const uint16_t is_border_x = width % 2;
     const uint16_t is_border_y = height % 2;
@@ -581,9 +589,13 @@ static int jpeg2000_decode_ht_cleanup_segment(const Jpeg2000DecoderContext *s,
 
     size_t buf_size = 4 * quad_width * quad_height;
 
-    uint8_t *sigma_n = av_calloc(buf_size, sizeof(uint8_t));
-    uint8_t *E       = av_calloc(buf_size, sizeof(uint8_t));
-    uint32_t *mu_n   = av_calloc(buf_size, sizeof(uint32_t));
+    /* do we have enough precision, assuming a 32-bit decoding path */
+    if (maxbp >= 32)
+        return AVERROR_INVALIDDATA;
+
+    sigma_n = av_calloc(buf_size, sizeof(uint8_t));
+    E       = av_calloc(buf_size, sizeof(uint8_t));
+    mu_n    = av_calloc(buf_size, sizeof(uint32_t));
 
     if (!sigma_n || !E || !mu_n) {
         ret = AVERROR(ENOMEM);
@@ -676,6 +688,10 @@ static int jpeg2000_decode_ht_cleanup_segment(const Jpeg2000DecoderContext *s,
         }
         U[J2K_Q1] = kappa[J2K_Q1] + u[J2K_Q1];
         U[J2K_Q2] = kappa[J2K_Q2] + u[J2K_Q2];
+        if (U[J2K_Q1] > maxbp || U[J2K_Q2] > maxbp) {
+            ret = AVERROR_INVALIDDATA;
+            goto free;
+        }
 
         for (int i = 0; i < 4; i++) {
             m[J2K_Q1][i] = sigma_n[4 * q1 + i] * U[J2K_Q1] - ((emb_pat_k[J2K_Q1] >> i) & 1);
@@ -713,6 +729,10 @@ static int jpeg2000_decode_ht_cleanup_segment(const Jpeg2000DecoderContext *s,
         }
 
         U[J2K_Q1] = kappa[J2K_Q1] + u[J2K_Q1];
+        if (U[J2K_Q1] > maxbp) {
+            ret = AVERROR_INVALIDDATA;
+            goto free;
+        }
 
         for (int i = 0; i < 4; i++)
             m[J2K_Q1][i] = sigma_n[4 * q1 + i] * U[J2K_Q1] - ((emb_pat_k[J2K_Q1] >> i) & 1);
@@ -842,6 +862,10 @@ static int jpeg2000_decode_ht_cleanup_segment(const Jpeg2000DecoderContext *s,
 
             U[J2K_Q1] = kappa[J2K_Q1] + u[J2K_Q1];
             U[J2K_Q2] = kappa[J2K_Q2] + u[J2K_Q2];
+            if (U[J2K_Q1] > maxbp || U[J2K_Q2] > maxbp) {
+                ret = AVERROR_INVALIDDATA;
+                goto free;
+            }
 
             for (int i = 0; i < 4; i++) {
                 m[J2K_Q1][i] = sigma_n[4 * q1 + i] * U[J2K_Q1] - ((emb_pat_k[J2K_Q1] >> i) & 1);
@@ -910,6 +934,10 @@ static int jpeg2000_decode_ht_cleanup_segment(const Jpeg2000DecoderContext *s,
             kappa[J2K_Q1] = FFMAX(1, gamma[J2K_Q1] * (max_e[J2K_Q1] - 1));
 
             U[J2K_Q1] = kappa[J2K_Q1] + u[J2K_Q1];
+            if (U[J2K_Q1] > maxbp) {
+                ret = AVERROR_INVALIDDATA;
+                goto free;
+            }
 
             for (int i = 0; i < 4; i++)
                 m[J2K_Q1][i] = sigma_n[4 * q1 + i] * U[J2K_Q1] - ((emb_pat_k[J2K_Q1] >> i) & 1);
@@ -1170,6 +1198,9 @@ ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c
     av_assert0(width * height <= 4096);
     av_assert0(width * height > 0);
 
+    if (roi_shift)
+        avpriv_report_missing_feature(s->avctx, "ROI shift");
+
     memset(t1->data, 0, t1->stride * height * sizeof(*t1->data));
     memset(t1->flags, 0, t1->stride * (height + 2) * sizeof(*t1->flags));
 
@@ -1238,8 +1269,10 @@ ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c
     }
     if ((ret = jpeg2000_decode_ht_cleanup_segment(s, cblk, t1, &mel_state, &mel, &vlc,
                                           &mag_sgn, Dcup, Lcup, Pcup, pLSB, width,
-                                          height, sample_buf, block_states)) < 0)
+                                          height, sample_buf, block_states)) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR, "Bad HT cleanup segment\n");
         goto free;
+    }
 
     if (cblk->npasses > 1)
         jpeg2000_decode_sigprop_segment(cblk, width, height, Dref, Lref,

libavcodec/jpeglsdec.c

@@ -382,6 +382,19 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int near,
     state->T3     = s->t3;
     state->reset  = s->reset;
     ff_jpegls_reset_coding_parameters(state, 0);
+
+    /* Testing parameters here, we cannot test in LSE or SOF because
+     * these interdepend and are allowed in either order
+     */
+    if (state->maxval >= (1<<state->bpp) ||
+        state->T1 > state->T2 ||
+        state->T2 > state->T3 ||
+        state->T3 > state->maxval ||
+        state->reset > FFMAX(255, state->maxval)) {
+        ret = AVERROR_INVALIDDATA;
+        goto end;
+    }
+
     ff_jpegls_init_state(state);
 
     if (s->bits <= 8)