Hello community, here is the log from the commit of package libav for openSUSE:Factory checked in at 2015-04-21 10:52:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libav (Old) and /work/SRC/openSUSE:Factory/.libav.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libav" Changes: -------- --- /work/SRC/openSUSE:Factory/libav/libav.changes 2015-03-28 18:38:23.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libav.new/libav.changes 2015-04-21 10:53:02.000000000 +0200 @@ -1,0 +2,32 @@ +Mon Apr 20 07:56:59 UTC 2015 - mplus...@suse.com + +- Update to 11.3 + * utvideodec: Handle slice_height being zero (CVE-2014-9604) + * adxdec: set avctx->channels in adx_read_header + * rmenc: limit packet size + * webp: validate the distance prefix code + * rv10: check size of s->mb_width * s->mb_height + * eamad: check for out of bounds read (CID/1257500) + * mdec: check for out of bounds read (CID/1257501) + * configure: Properly fail when libcdio/cdparanoia is not found + * tiff: Check that there is no aliasing in pixel format selection + (CVE-2014-8544) + * aic: Fix decoding files with odd dimensions + * vorbis: Check the vlc value in setup_classifs + * arm: Suppress tags about used cpu arch and extensions + * prores: Extend the padding check to 16bit + * icecast: Do not use chunked post, allows feeding to icecast + properly + * img2dec: correctly use the parsed value from -start_number + * h264_cabac: Break infinite loops + * hevc_deblock: Fix compilation with nasm (libav #795) + * h264: initialize H264Context.avctx in init_thread_copy + * h264: Do not share rbsp_buffer across threads + * h264: only ref cur_pic in update_thread_context if it is + initialized + * matroskadec: Fix read-after-free in matroska_read_seek() + (chromium #427266) + * log: Unbreak no-tty support on 256color terminals +- Swith to pkgconfig style dependencies + +------------------------------------------------------------------- Old: ---- libav-11.2.tar.xz New: ---- libav-11.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libav.spec ++++++ --- /var/tmp/diff_new_pack.cDJrmL/_old 2015-04-21 10:53:02.000000000 +0200 +++ /var/tmp/diff_new_pack.cDJrmL/_new 2015-04-21 10:53:02.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package libav # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,41 +24,40 @@ %define avutilso libavutil-libav54 %define swscaleso libswscale-libav3 Name: libav -Version: 11.2 +Version: 11.3 Release: 0 Summary: Library working with various multimedia formats License: GPL-2.0+ Group: Development/Libraries/C and C++ Url: https://libav.org/ Source: http://%{name}.org/releases/%{name}-%{version}.tar.xz -BuildRequires: alsa-devel -BuildRequires: freetype2-devel -BuildRequires: frei0r-plugins-devel -BuildRequires: gnutls-devel -BuildRequires: libSDL-devel -BuildRequires: libX11-devel -BuildRequires: libXext-devel -BuildRequires: libXfixes-devel -BuildRequires: libbz2-devel -BuildRequires: libcdio-paranoia-devel -BuildRequires: libdc1394-devel BuildRequires: libgsm-devel -BuildRequires: libjack-devel -BuildRequires: libopus-devel -BuildRequires: libpulse-devel -BuildRequires: libraw1394-devel -BuildRequires: libtheora-devel -BuildRequires: libva-devel -BuildRequires: libvdpau-devel -BuildRequires: libvorbis-devel -BuildRequires: libvpx-devel -BuildRequires: openjpeg-devel -BuildRequires: pkgconfig -BuildRequires: schroedinger-devel -BuildRequires: speex-devel -BuildRequires: xz +BuildRequires: pkg-config BuildRequires: yasm -BuildRequires: zlib-devel +BuildRequires: pkgconfig(alsa) +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(freetype2) +BuildRequires: pkgconfig(frei0r) +BuildRequires: pkgconfig(gnutls) +BuildRequires: pkgconfig(jack) +BuildRequires: pkgconfig(libcdio_paranoia) +BuildRequires: pkgconfig(libdc1394-2) +BuildRequires: pkgconfig(libopenjpeg) +BuildRequires: pkgconfig(libpulse) +BuildRequires: pkgconfig(libraw1394) +BuildRequires: pkgconfig(libva) +BuildRequires: pkgconfig(opus) +BuildRequires: pkgconfig(schroedinger-1.0) +BuildRequires: pkgconfig(sdl) +BuildRequires: pkgconfig(speex) +BuildRequires: pkgconfig(theora) +BuildRequires: pkgconfig(vdpau) +BuildRequires: pkgconfig(vorbis) +BuildRequires: pkgconfig(vpx) +BuildRequires: pkgconfig(x11) +BuildRequires: pkgconfig(xext) +BuildRequires: pkgconfig(xfixes) +BuildRequires: pkgconfig(zlib) BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -225,7 +224,7 @@ ./configure \ --prefix=%{_prefix} --libdir=%{_libdir} --shlibdir=%{_libdir} \ --extra-cflags='%{optflags}' --optflags='%{optflags}' \ - --incdir="%_includedir/libav" --build-suffix="-libav" --enable-pic \ + --incdir="%{_includedir}/libav" --build-suffix="-libav" --enable-pic \ --enable-shared --disable-static \ --enable-runtime-cpudetect \ --enable-gpl \ ++++++ libav-11.2.tar.xz -> libav-11.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/Changelog new/libav-11.3/Changelog --- old/libav-11.2/Changelog 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/Changelog 2015-03-09 02:54:09.000000000 +0100 @@ -1,6 +1,31 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 11.3: + +- utvideodec: Handle slice_height being zero (CVE-2014-9604) +- adxdec: set avctx->channels in adx_read_header +- rmenc: limit packet size +- webp: validate the distance prefix code +- rv10: check size of s->mb_width * s->mb_height +- eamad: check for out of bounds read (CID/1257500) +- mdec: check for out of bounds read (CID/1257501) +- configure: Properly fail when libcdio/cdparanoia is not found +- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) +- aic: Fix decoding files with odd dimensions +- vorbis: Check the vlc value in setup_classifs +- arm: Suppress tags about used cpu arch and extensions +- prores: Extend the padding check to 16bit +- icecast: Do not use chunked post, allows feeding to icecast properly +- img2dec: correctly use the parsed value from -start_number +- h264_cabac: Break infinite loops +- hevc_deblock: Fix compilation with nasm (libav #795) +- h264: initialize H264Context.avctx in init_thread_copy +- h264: Do not share rbsp_buffer across threads +- h264: only ref cur_pic in update_thread_context if it is initialized +- matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266) +- log: Unbreak no-tty support on 256color terminals + version 11.2: - h264: restore a block mistakenly removed in e10fd08a (libav #781) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/RELEASE new/libav-11.3/RELEASE --- old/libav-11.2/RELEASE 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/RELEASE 2015-03-09 02:54:09.000000000 +0100 @@ -1 +1 @@ -11.2 +11.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/VERSION new/libav-11.3/VERSION --- old/libav-11.2/VERSION 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/VERSION 2015-03-09 02:54:09.000000000 +0100 @@ -1 +1 @@ -11.2 +11.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/configure new/libav-11.3/configure --- old/libav-11.2/configure 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/configure 2015-03-09 02:54:09.000000000 +0100 @@ -1477,6 +1477,7 @@ TOOLCHAIN_FEATURES=" as_dn_directive as_func + as_object_arch asm_mod_q attribute_may_alias attribute_packed @@ -3870,6 +3871,11 @@ .unreq ra EOF + # llvm's integrated assembler supports .object_arch from llvm 3.5 + [ "$objformat" = elf ] && check_as <<EOF && enable as_object_arch +.object_arch armv4 +EOF + [ $target_os != win32 ] && enabled_all armv6t2 shared !pic && enable_weak_pic elif enabled mips; then @@ -4242,7 +4248,8 @@ if enabled libcdio; then check_lib2 "cdio/cdda.h cdio/paranoia.h" cdio_cddap_open -lcdio_paranoia -lcdio_cdda -lcdio || - check_lib2 "cdio/paranoia/cdda.h cdio/paranoia/paranoia.h" cdio_cddap_open -lcdio_paranoia -lcdio_cdda -lcdio + check_lib2 "cdio/paranoia/cdda.h cdio/paranoia/paranoia.h" cdio_cddap_open -lcdio_paranoia -lcdio_cdda -lcdio || + die "ERROR: No usable libcdio/cdparanoia found" fi check_lib X11/Xlib.h XOpenDisplay -lX11 && enable xlib diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/aic.c new/libav-11.3/libavcodec/aic.c --- old/libav-11.2/libavcodec/aic.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/aic.c 2015-03-09 02:54:09.000000000 +0100 @@ -434,8 +434,8 @@ ctx->mb_width = FFALIGN(avctx->width, 16) >> 4; ctx->mb_height = FFALIGN(avctx->height, 16) >> 4; - ctx->num_x_slices = 16; - ctx->slice_width = ctx->mb_width / 16; + ctx->num_x_slices = (ctx->mb_width + 15) >> 4; + ctx->slice_width = 16; for (i = 1; i < 32; i++) { if (!(ctx->mb_width % i) && (ctx->mb_width / i < 32)) { ctx->slice_width = ctx->mb_width / i; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/eamad.c new/libav-11.3/libavcodec/eamad.c --- old/libav-11.2/libavcodec/eamad.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/eamad.c 2015-03-09 02:54:09.000000000 +0100 @@ -145,6 +145,11 @@ break; } else if (level != 0) { i += run; + if (i > 63) { + av_log(s->avctx, AV_LOG_ERROR, + "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y); + return; + } j = scantable[i]; level = (level*quant_matrix[j]) >> 4; level = (level-1)|1; @@ -159,6 +164,11 @@ run = SHOW_UBITS(re, &s->gb, 6)+1; LAST_SKIP_BITS(re, &s->gb, 6); i += run; + if (i > 63) { + av_log(s->avctx, AV_LOG_ERROR, + "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y); + return; + } j = scantable[i]; if (level < 0) { level = -level; @@ -170,10 +180,6 @@ level = (level-1)|1; } } - if (i > 63) { - av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y); - return; - } block[j] = level; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/h264.c new/libav-11.3/libavcodec/h264.c --- old/libav-11.2/libavcodec/h264.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/h264.c 2015-03-09 02:54:09.000000000 +0100 @@ -686,6 +686,11 @@ memset(h->sps_buffers, 0, sizeof(h->sps_buffers)); memset(h->pps_buffers, 0, sizeof(h->pps_buffers)); + h->avctx = avctx; + h->rbsp_buffer[0] = NULL; + h->rbsp_buffer[1] = NULL; + h->rbsp_buffer_size[0] = 0; + h->rbsp_buffer_size[1] = 0; h->context_initialized = 0; return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/h264_cabac.c new/libav-11.3/libavcodec/h264_cabac.c --- old/libav-11.2/libavcodec/h264_cabac.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/h264_cabac.c 2015-03-09 02:54:09.000000000 +0100 @@ -1711,7 +1711,7 @@ \ if( coeff_abs >= 15 ) { \ int j = 0; \ - while( get_cabac_bypass( CC ) ) { \ + while (get_cabac_bypass(CC) && j < 30) { \ j++; \ } \ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/h264_slice.c new/libav-11.3/libavcodec/h264_slice.c --- old/libav-11.2/libavcodec/h264_slice.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/h264_slice.c 2015-03-09 02:54:09.000000000 +0100 @@ -589,8 +589,11 @@ h->cur_pic_ptr = REBASE_PICTURE(h1->cur_pic_ptr, h, h1); ff_h264_unref_picture(h, &h->cur_pic); - if ((ret = ff_h264_ref_picture(h, &h->cur_pic, &h1->cur_pic)) < 0) - return ret; + if (h1->cur_pic.f.buf[0]) { + ret = ff_h264_ref_picture(h, &h->cur_pic, &h1->cur_pic); + if (ret < 0) + return ret; + } h->workaround_bugs = h1->workaround_bugs; h->low_delay = h1->low_delay; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/mdec.c new/libav-11.3/libavcodec/mdec.c --- old/libav-11.2/libavcodec/mdec.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/mdec.c 2015-03-09 02:54:09.000000000 +0100 @@ -86,7 +86,12 @@ if (level == 127) { break; } else if (level != 0) { - i += run; + i += run; + if (i > 63) { + av_log(a->avctx, AV_LOG_ERROR, + "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y); + return AVERROR_INVALIDDATA; + } j = scantable[i]; level = (level * qscale * quant_matrix[j]) >> 3; level = (level ^ SHOW_SBITS(re, &a->gb, 1)) - SHOW_SBITS(re, &a->gb, 1); @@ -96,8 +101,13 @@ run = SHOW_UBITS(re, &a->gb, 6)+1; LAST_SKIP_BITS(re, &a->gb, 6); UPDATE_CACHE(re, &a->gb); level = SHOW_SBITS(re, &a->gb, 10); SKIP_BITS(re, &a->gb, 10); - i += run; - j = scantable[i]; + i += run; + if (i > 63) { + av_log(a->avctx, AV_LOG_ERROR, + "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y); + return AVERROR_INVALIDDATA; + } + j = scantable[i]; if (level < 0) { level = -level; level = (level * qscale * quant_matrix[j]) >> 3; @@ -108,10 +118,6 @@ level = (level - 1) | 1; } } - if (i > 63) { - av_log(a->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y); - return AVERROR_INVALIDDATA; - } block[j] = level; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/mpegvideo.h new/libav-11.3/libavcodec/mpegvideo.h --- old/libav-11.2/libavcodec/mpegvideo.h 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/mpegvideo.h 2015-03-09 02:54:09.000000000 +0100 @@ -816,7 +816,7 @@ extern const uint8_t ff_h263_chroma_qscale_table[32]; /* rv10.c */ -void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number); +int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number); int ff_rv_decode_dc(MpegEncContext *s, int n); void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/mpegvideo_enc.c new/libav-11.3/libavcodec/mpegvideo_enc.c --- old/libav-11.2/libavcodec/mpegvideo_enc.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/mpegvideo_enc.c 2015-03-09 02:54:09.000000000 +0100 @@ -3412,8 +3412,11 @@ ff_msmpeg4_encode_picture_header(s, picture_number); else if (CONFIG_MPEG4_ENCODER && s->h263_pred) ff_mpeg4_encode_picture_header(s, picture_number); - else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) - ff_rv10_encode_picture_header(s, picture_number); + else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) { + ret = ff_rv10_encode_picture_header(s, picture_number); + if (ret < 0) + return ret; + } else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20) ff_rv20_encode_picture_header(s, picture_number); else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/proresdec.c new/libav-11.3/libavcodec/proresdec.c --- old/libav-11.2/libavcodec/proresdec.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/proresdec.c 2015-03-09 02:54:09.000000000 +0100 @@ -365,6 +365,7 @@ } } +#define MAX_PADDING 16 /** * Decode AC coefficients for all blocks in a slice. @@ -389,7 +390,7 @@ lev_cb_index = ff_prores_lev_to_cb_index[FFMIN(level, 9)]; bits_left = get_bits_left(gb); - if (bits_left <= 0 || (bits_left <= 8 && !show_bits(gb, bits_left))) + if (bits_left <= 0 || (bits_left <= MAX_PADDING && !show_bits(gb, bits_left))) return 0; run = decode_vlc_codeword(gb, ff_prores_ac_codebook[run_cb_index]); @@ -397,7 +398,7 @@ return AVERROR_INVALIDDATA; bits_left = get_bits_left(gb); - if (bits_left <= 0 || (bits_left <= 8 && !show_bits(gb, bits_left))) + if (bits_left <= 0 || (bits_left <= MAX_PADDING && !show_bits(gb, bits_left))) return AVERROR_INVALIDDATA; level = decode_vlc_codeword(gb, ff_prores_ac_codebook[lev_cb_index]) + 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/rv10enc.c new/libav-11.3/libavcodec/rv10enc.c --- old/libav-11.2/libavcodec/rv10enc.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/rv10enc.c 2015-03-09 02:54:09.000000000 +0100 @@ -28,7 +28,7 @@ #include "mpegvideo.h" #include "put_bits.h" -void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) +int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number) { int full_frame= 0; @@ -48,12 +48,18 @@ /* if multiple packets per frame are sent, the position at which to display the macroblocks is coded here */ if(!full_frame){ + if (s->mb_width * s->mb_height >= (1U << 12)) { + avpriv_report_missing_feature(s->avctx, "Encoding frames with %d (>= 4096) macroblocks", + s->mb_width * s->mb_height); + return AVERROR(ENOSYS); + } put_bits(&s->pb, 6, 0); /* mb_x */ put_bits(&s->pb, 6, 0); /* mb_y */ put_bits(&s->pb, 12, s->mb_width * s->mb_height); } put_bits(&s->pb, 3, 0); /* ignored */ + return 0; } FF_MPV_GENERIC_CLASS(rv10) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/tiff.c new/libav-11.3/libavcodec/tiff.c --- old/libav-11.2/libavcodec/tiff.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/tiff.c 2015-03-09 02:54:09.000000000 +0100 @@ -248,6 +248,14 @@ { int ret; + // make sure there is no aliasing in the following switch + if (s->bpp >= 100 || s->bppcount >= 10) { + av_log(s->avctx, AV_LOG_ERROR, + "Unsupported image parameters: bpp=%d, bppcount=%d\n", + s->bpp, s->bppcount); + return AVERROR_INVALIDDATA; + } + switch (s->bpp * 10 + s->bppcount) { case 11: s->avctx->pix_fmt = AV_PIX_FMT_MONOBLACK; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/utvideodec.c new/libav-11.3/libavcodec/utvideodec.c --- old/libav-11.2/libavcodec/utvideodec.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/utvideodec.c 2015-03-09 02:54:09.000000000 +0100 @@ -213,6 +213,8 @@ slice_start = ((slice * height) / slices) & cmask; slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; + if (!slice_height) + continue; bsrc = src + slice_start * stride; @@ -269,6 +271,8 @@ slice_height = ((((slice + 1) * height) / slices) & cmask) - slice_start; slice_height >>= 1; + if (!slice_height) + continue; bsrc = src + slice_start * stride; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/vorbisdec.c new/libav-11.3/libavcodec/vorbisdec.c --- old/libav-11.2/libavcodec/vorbisdec.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/vorbisdec.c 2015-03-09 02:54:09.000000000 +0100 @@ -1308,7 +1308,7 @@ int p, j, i; unsigned c_p_c = vc->codebooks[vr->classbook].dimensions; unsigned inverse_class = ff_inverse[vr->classifications]; - unsigned temp, temp2; + int temp, temp2; for (p = 0, j = 0; j < ch_used; ++j) { if (!do_not_decode[j]) { temp = get_vlc2(&vc->gb, vc->codebooks[vr->classbook].vlc.table, @@ -1316,22 +1316,18 @@ av_dlog(NULL, "Classword: %u\n", temp); - if (temp <= 65536) { - for (i = partition_count + c_p_c - 1; i >= partition_count; i--) { - temp2 = (((uint64_t)temp) * inverse_class) >> 32; - - if (i < vr->ptns_to_read) - vr->classifs[p + i] = temp - temp2 * vr->classifications; - temp = temp2; - } - } else { - for (i = partition_count + c_p_c - 1; i >= partition_count; i--) { - temp2 = temp / vr->classifications; - - if (i < vr->ptns_to_read) - vr->classifs[p + i] = temp - temp2 * vr->classifications; - temp = temp2; - } + if (temp < 0) { + av_log(vc->avctx, AV_LOG_ERROR, + "Invalid vlc code decoding %d channel.", j); + return AVERROR_INVALIDDATA; + } + + for (i = partition_count + c_p_c - 1; i >= partition_count; i--) { + temp2 = (((uint64_t)temp) * inverse_class) >> 32; + + if (i < vr->ptns_to_read) + vr->classifs[p + i] = temp - temp2 * vr->classifications; + temp = temp2; } } p += vr->ptns_to_read; @@ -1381,7 +1377,9 @@ voffset = vr->begin; for (partition_count = 0; partition_count < ptns_to_read;) { // SPEC error if (!pass) { - setup_classifs(vc, vr, do_not_decode, ch_used, partition_count); + int ret = setup_classifs(vc, vr, do_not_decode, ch_used, partition_count); + if (ret < 0) + return ret; } for (i = 0; (i < c_p_c) && (partition_count < ptns_to_read); ++i) { for (j_times_ptns_to_read = 0, j = 0; j < ch_used; ++j) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/webp.c new/libav-11.3/libavcodec/webp.c --- old/libav-11.2/libavcodec/webp.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/webp.c 2015-03-09 02:54:09.000000000 +0100 @@ -688,6 +688,11 @@ length = offset + get_bits(&s->gb, extra_bits) + 1; } prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb); + if (prefix_code > 39) { + av_log(s->avctx, AV_LOG_ERROR, + "distance prefix code too large: %d\n", prefix_code); + return AVERROR_INVALIDDATA; + } if (prefix_code < 4) { distance = prefix_code + 1; } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/x86/hevc_deblock.asm new/libav-11.3/libavcodec/x86/hevc_deblock.asm --- old/libav-11.2/libavcodec/x86/hevc_deblock.asm 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavcodec/x86/hevc_deblock.asm 2015-03-09 02:54:09.000000000 +0100 @@ -356,7 +356,7 @@ %if %1 > 8 shl betaq, %1 - 8 %endif - movd m13, betaq + movd m13, betad SPLATW m13, m13, 0 ;end beta calculations @@ -620,7 +620,7 @@ paddw m15, m2; p1' ;beta calculations - movd m10, betaq + movd m10, betad SPLATW m10, m10, 0 movd m13, r7d; 1dp0 + 1dp3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/adxdec.c new/libav-11.3/libavformat/adxdec.c --- old/libav-11.2/libavformat/adxdec.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavformat/adxdec.c 2015-03-09 02:54:09.000000000 +0100 @@ -89,8 +89,14 @@ av_log(s, AV_LOG_ERROR, "Invalid extradata size.\n"); return AVERROR_INVALIDDATA; } + avctx->channels = AV_RB8(avctx->extradata + 7); avctx->sample_rate = AV_RB32(avctx->extradata + 8); + if (avctx->channels <= 0) { + av_log(s, AV_LOG_ERROR, "invalid number of channels %d\n", avctx->channels); + return AVERROR_INVALIDDATA; + } + st->codec->codec_type = AVMEDIA_TYPE_AUDIO; st->codec->codec_id = s->iformat->raw_codec_id; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/icecast.c new/libav-11.3/libavformat/icecast.c --- old/libav-11.2/libavformat/icecast.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavformat/icecast.c 2015-03-09 02:54:09.000000000 +0100 @@ -126,6 +126,7 @@ av_dict_set(&opt_dict, "method", s->legacy_icecast ? "SOURCE" : "PUT", 0); av_dict_set(&opt_dict, "auth_type", "basic", 0); av_dict_set(&opt_dict, "headers", headers, 0); + av_dict_set(&opt_dict, "chunked_post", "0", 0); if (NOT_EMPTY(s->content_type)) av_dict_set(&opt_dict, "content_type", s->content_type, 0); if (NOT_EMPTY(s->user_agent)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/img2dec.c new/libav-11.3/libavformat/img2dec.c --- old/libav-11.2/libavformat/img2dec.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavformat/img2dec.c 2015-03-09 02:54:09.000000000 +0100 @@ -194,7 +194,7 @@ return AVERROR(ENOENT); s->img_first = first_index; s->img_last = last_index; - s->img_number = first_index; + s->img_number = s->start_number != 1 ? s->start_number : first_index; /* compute duration */ st->start_time = 0; st->duration = last_index - first_index + 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/matroskadec.c new/libav-11.3/libavformat/matroskadec.c --- old/libav-11.2/libavformat/matroskadec.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavformat/matroskadec.c 2015-03-09 02:54:09.000000000 +0100 @@ -2532,7 +2532,7 @@ int64_t timestamp, int flags) { MatroskaDemuxContext *matroska = s->priv_data; - MatroskaTrack *tracks = matroska->tracks.elem; + MatroskaTrack *tracks = NULL; AVStream *st = s->streams[stream_index]; int i, index, index_sub, index_min; @@ -2562,6 +2562,7 @@ return 0; index_min = index; + tracks = matroska->tracks.elem; for (i = 0; i < matroska->tracks.nb_elem; i++) { tracks[i].audio.pkt_cnt = 0; tracks[i].audio.sub_packet_cnt = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/rmenc.c new/libav-11.3/libavformat/rmenc.c --- old/libav-11.2/libavformat/rmenc.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavformat/rmenc.c 2015-03-09 02:54:09.000000000 +0100 @@ -44,6 +44,10 @@ /* in ms */ #define BUFFER_DURATION 0 +/* the header needs at most 7 + 4 + 12 B */ +#define MAX_HEADER_SIZE (7 + 4 + 12) +/* UINT16_MAX is the maximal chunk size */ +#define MAX_PACKET_SIZE (UINT16_MAX - MAX_HEADER_SIZE) static void put_str(AVIOContext *s, const char *tag) @@ -389,6 +393,10 @@ /* Well, I spent some time finding the meaning of these bits. I am not sure I understood everything, but it works !! */ #if 1 + if (size > MAX_PACKET_SIZE) { + avpriv_report_missing_feature(s, "Muxing packets larger than 64 kB"); + return AVERROR(ENOSYS); + } write_packet_header(s, stream, size + 7 + (size >= 0x4000)*4, key_frame); /* bit 7: '1' if final packet of a frame converted in several packets */ avio_w8(pb, 0x81); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavutil/arm/asm.S new/libav-11.3/libavutil/arm/asm.S --- old/libav-11.2/libavutil/arm/asm.S 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavutil/arm/asm.S 2015-03-09 02:54:09.000000000 +0100 @@ -49,11 +49,17 @@ #elif HAVE_ARMV5TE .arch armv5te #endif +#if HAVE_AS_OBJECT_ARCH +ELF .object_arch armv4 +#endif #if HAVE_NEON .fpu neon +ELF .eabi_attribute 10, 0 @ suppress Tag_FP_arch +ELF .eabi_attribute 12, 0 @ suppress Tag_Advanced_SIMD_arch #elif HAVE_VFP .fpu vfp +ELF .eabi_attribute 10, 0 @ suppress Tag_FP_arch #endif .syntax unified diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavutil/log.c new/libav-11.3/libavutil/log.c --- old/libav-11.2/libavutil/log.c 2015-01-14 21:50:49.000000000 +0100 +++ new/libav-11.3/libavutil/log.c 2015-03-09 02:54:09.000000000 +0100 @@ -75,7 +75,8 @@ char *term = getenv("TERM"); use_color = !getenv("NO_COLOR") && !getenv("AV_LOG_FORCE_NOCOLOR") && (getenv("TERM") && isatty(2) || getenv("AV_LOG_FORCE_COLOR")); - use_color += term && strstr(term, "256color"); + if (use_color) + use_color += term && strstr(term, "256color"); #else use_color = getenv("AV_LOG_FORCE_COLOR") && !getenv("NO_COLOR") && !getenv("AV_LOG_FORCE_NOCOLOR");