[FFmpeg-cvslog] avfilter/colormatrix:add slice threading

[Yayoi]

ffmpeg | branch: master | Yayoi  | Mon Mar  9 22:01:47 
2015 -0700| [d5232d4717ec815b5ccb1baf3bc758f1e063010a] | committer: Michael 
Niedermayer

avfilter/colormatrix:add slice threading

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5232d4717ec815b5ccb1baf3bc758f1e063010a
---

 libavfilter/vf_colormatrix.c |  146 +++---
 1 file changed, 94 insertions(+), 52 deletions(-)

diff --git a/libavfilter/vf_colormatrix.c b/libavfilter/vf_colormatrix.c
index daba16e..f5835cb 100644
--- a/libavfilter/vf_colormatrix.c
+++ b/libavfilter/vf_colormatrix.c
@@ -73,6 +73,17 @@ typedef struct {
 int hsub, vsub;
 } ColorMatrixContext;
 
+typedef struct ThreadData {
+AVFrame *dst;
+const AVFrame *src;
+int c2;
+int c3;
+int c4;
+int c5;
+int c6;
+int c7;
+} ThreadData;
+
 #define OFFSET(x) offsetof(ColorMatrixContext, x)
 #define FLAGS AV_OPT_FLAG_VIDEO_PARAM|AV_OPT_FLAG_FILTERING_PARAM
 
@@ -179,24 +190,28 @@ static av_cold int init(AVFilterContext *ctx)
 return 0;
 }
 
-static void process_frame_uyvy422(ColorMatrixContext *color,
-  AVFrame *dst, AVFrame *src)
+static int process_slice_uyvy422(AVFilterContext *ctx, void *arg, int jobnr, 
int nb_jobs)
 {
-const unsigned char *srcp = src->data[0];
-const int src_pitch = src->linesize[0];
+const ThreadData *td = arg;
+const AVFrame *src = td->src;
+AVFrame *dst = td->dst;
 const int height = src->height;
 const int width = src->width*2;
-unsigned char *dstp = dst->data[0];
+const int src_pitch = src->linesize[0];
 const int dst_pitch = dst->linesize[0];
-const int c2 = color->yuv_convert[color->mode][0][1];
-const int c3 = color->yuv_convert[color->mode][0][2];
-const int c4 = color->yuv_convert[color->mode][1][1];
-const int c5 = color->yuv_convert[color->mode][1][2];
-const int c6 = color->yuv_convert[color->mode][2][1];
-const int c7 = color->yuv_convert[color->mode][2][2];
+const int slice_start = (height *  jobnr   ) / nb_jobs;
+const int slice_end   = (height * (jobnr+1)) / nb_jobs;
+const unsigned char *srcp = src->data[0] + slice_start * src_pitch;
+unsigned char *dstp = dst->data[0] + slice_start * dst_pitch;
+const int c2 = td->c2;
+const int c3 = td->c3;
+const int c4 = td->c4;
+const int c5 = td->c5;
+const int c6 = td->c6;
+const int c7 = td->c7;
 int x, y;
 
-for (y = 0; y < height; y++) {
+for (y = slice_start; y < slice_end; y++) {
 for (x = 0; x < width; x += 4) {
 const int u = srcp[x + 0] - 128;
 const int v = srcp[x + 2] - 128;
@@ -209,32 +224,38 @@ static void process_frame_uyvy422(ColorMatrixContext 
*color,
 srcp += src_pitch;
 dstp += dst_pitch;
 }
+
+return 0;
 }
 
-static void process_frame_yuv422p(ColorMatrixContext *color,
-  AVFrame *dst, AVFrame *src)
+static int process_slice_yuv422p(AVFilterContext *ctx, void *arg, int jobnr, 
int nb_jobs)
 {
-const unsigned char *srcpU = src->data[1];
-const unsigned char *srcpV = src->data[2];
-const unsigned char *srcpY = src->data[0];
-const int src_pitchY  = src->linesize[0];
-const int src_pitchUV = src->linesize[1];
+const ThreadData *td = arg;
+const AVFrame *src = td->src;
+AVFrame *dst = td->dst;
 const int height = src->height;
 const int width = src->width;
-unsigned char *dstpU = dst->data[1];
-unsigned char *dstpV = dst->data[2];
-unsigned char *dstpY = dst->data[0];
+const int slice_start = (height *  jobnr   ) / nb_jobs;
+const int slice_end   = (height * (jobnr+1)) / nb_jobs;
+const int src_pitchY  = src->linesize[0];
+const int src_pitchUV = src->linesize[1];
+const unsigned char *srcpU = src->data[1] + slice_start * src_pitchUV;
+const unsigned char *srcpV = src->data[2] + slice_start * src_pitchUV;
+const unsigned char *srcpY = src->data[0] + slice_start * src_pitchY;
 const int dst_pitchY  = dst->linesize[0];
 const int dst_pitchUV = dst->linesize[1];
-const int c2 = color->yuv_convert[color->mode][0][1];
-const int c3 = color->yuv_convert[color->mode][0][2];
-const int c4 = color->yuv_convert[color->mode][1][1];
-const int c5 = color->yuv_convert[color->mode][1][2];
-const int c6 = color->yuv_convert[color->mode][2][1];
-const int c7 = color->yuv_convert[color->mode][2][2];
+unsigned char *dstpU = dst->data[1] + slice_start * dst_pitchUV;
+unsigned char *dstpV = dst->data[2] + slice_start * dst_pitchUV;
+unsigned char *dstpY = dst->data[0] + slice_start * dst_pitchY;
+const int c2 = td->c2;
+const int c3 = td->c3;
+const int c4 = td->c4;
+const int c5 = td->c5;
+const int c6 = td->c6;
+const int c7 = td->c7;
 int x, y;
 
-for (y = 0; y < height; y++) {
+for (y = slice_start; y

[FFmpeg-cvslog] avutil/buffer: Avoid moving the AVBufferRef to a new place in memory in av_buffer_make_writable ()

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer  | Thu Jan 15 
00:42:55 2015 +0100| [26d81b5703ea3b100d5138c0a6359076de2a1e0d] | committer: 
Michael Niedermayer

avutil/buffer: Avoid moving the AVBufferRef to a new place in memory in 
av_buffer_make_writable()

This allows making a AVBufferRef writable without the need to
update all pointers to it

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26d81b5703ea3b100d5138c0a6359076de2a1e0d
---

 libavutil/buffer.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavutil/buffer.c b/libavutil/buffer.c
index b31f034..bb112c2 100644
--- a/libavutil/buffer.c
+++ b/libavutil/buffer.c
@@ -159,8 +159,8 @@ int av_buffer_make_writable(AVBufferRef **pbuf)
 return AVERROR(ENOMEM);
 
 memcpy(newbuf->data, buf->data, buf->size);
-av_buffer_unref(pbuf);
-*pbuf = newbuf;
+
+buffer_replace(pbuf, &newbuf);
 
 return 0;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avutil/buffer: Avoid moving the AVBufferRef to a new place in memory in av_buffer_realloc ()

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer  | Thu Jan 15 
00:42:55 2015 +0100| [35fad1e9c90b329b8680787ee5a00c74223c6029] | committer: 
Michael Niedermayer

avutil/buffer: Avoid moving the AVBufferRef to a new place in memory in 
av_buffer_realloc()

This allows reallocating AVBufferRefs without the need to update
all pointers to it

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35fad1e9c90b329b8680787ee5a00c74223c6029
---

 libavutil/buffer.c |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libavutil/buffer.c b/libavutil/buffer.c
index ca102fd..b31f034 100644
--- a/libavutil/buffer.c
+++ b/libavutil/buffer.c
@@ -201,8 +201,7 @@ int av_buffer_realloc(AVBufferRef **pbuf, int size)
 
 memcpy(new->data, buf->data, FFMIN(size, buf->size));
 
-av_buffer_unref(pbuf);
-*pbuf = new;
+buffer_replace(pbuf, &new);
 return 0;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 5f77fb8 web: add 0.7.17

[gitolite]

The branch, master has been updated
   via  5f77fb88ce4db74f6df7d3c72a7a5239e0056850 (commit)
  from  4387851703430fbaa45d207f922a377630d27034 (commit)


- Log -
commit 5f77fb88ce4db74f6df7d3c72a7a5239e0056850
Author: Michael Niedermayer 
AuthorDate: Thu Mar 12 01:29:24 2015 +0100
Commit: Michael Niedermayer 
CommitDate: Thu Mar 12 01:29:24 2015 +0100

web: add 0.7.17

diff --git a/src/olddownload b/src/olddownload
index afd45c3..53e2d21 100644
--- a/src/olddownload
+++ b/src/olddownload
@@ -342,25 +342,25 @@ libpostproc52.  0.100
  
 
 
-  FFmpeg 0.7.16 "Peace"
+  FFmpeg 0.7.17 "Peace"
 
 
-  0.7.16 was released on 2013-10-06.
+  0.7.17 was released on 2015-03-12.
   It contains almost all features and bugfixes of 0.8.15 while being
   compatible with the 0.6 ABI and API.
 
 
 
   
-Download 
bzip2 tarball
-PGP 
signature
+Download 
bzip2 tarball
+PGP 
signature

   
-Download 
gzip tarball
-PGP 
signature
+Download 
gzip tarball
+PGP 
signature

   
-http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.7.16";>Changelog
+http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.7.17";>Changelog

  
 
diff --git a/src/security b/src/security
index 7067984..2d07237 100644
--- a/src/security
+++ b/src/security
@@ -1088,6 +1088,25 @@ Several security issues that dont have CVE numbers.
 Fixes CVE-2011-4364 among others
 
 FFmpeg 0.7
+0.7.17
+
+Fixes following vulnerabilities:
+
+
+CVE-2012-5150, c3ece52decafc4923aebe7fd74b274e9ebb1962e / 
ae3d41636942cbc0236bad21ad06c65f4eb0f096
+CVE-2014-4609, 1b291e0466308b341bc2e8c2a49d44862400f014 / 
7b5c706494a775b2b0d0e0a38448610802eef8f4
+CVE-2014-8541, b5e661bcd2bb4fe771cb2c1e21215c68e6a17665 / 
5c378d6a6df8243f06c87962b873bd563e58cd39
+CVE-2014-8542, cd3c4d8c55222337b0b59af4ea1fecfb46606e5e / 
105654e376a736d243aef4a1d121abebce912e6b
+CVE-2014-8543, 73962e677d871fa0dde5385ee04ea07c048d8864 / 
8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
+CVE-2014-8545, 7a5590ef4282e19d48d70cba0bc4628c13ec6fd8 / 
3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
+CVE-2014-8547, ef32bc8dde52439afd13988f56012a9f4dd55a83 / 
8f1457864be8fb9653643519dea1c6492f1dde57
+CVE-2014-8548, 5b2097626d0e4ccb432d7d8ab040aa8dbde9eb3a / 
c727401aa9d62335e89d118a5b4e202edf39d905
+CVE-2014-9316, 30e8a375901f8802853fd6d478b77a127d208bd6 / 
0eecf40935b22644e6cd74c586057237ecfd6844
+CVE-2014-9317, cb1db92cca98f963e91f421ee0c84f8866325a73 / 
79ceaf827be0b070675d4cd0a55c3386542defd8
+CVE-2014-9603, fac6f744d8170585f05e098ce9c9f27eeffa818e / 
3030fb7e0d41836f8add6399e9a7c7b740b48bfd
+CVE-2015-1872, 75b0cfcf105c8720a47a2ee80a70ba16799d71b7 / 
fabbfaa095660982cc0bc63242c459561fa37037
+
+
 0.7.16
 
 Fixes following vulnerabilities:

---

Summary of changes:
 src/olddownload |   14 +++---
 src/security|   19 +++
 2 files changed, 26 insertions(+), 7 deletions(-)


hooks/post-receive
-- 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Tag n0.7.17 : FFmpeg 0.7.17 release

[git]

[ffmpeg] [branch: refs/tags/n0.7.17]
Tag:5496678207a39f7e5fb19dc665e35597c353a78c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=5496678207a39f7e5fb19dc665e35597c353a78c

Tagger: Michael Niedermayer 
Date:   Thu Mar 12 01:17:20 2015 +0100

FFmpeg 0.7.17 release
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Update for 0.7.17

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Thu Mar 
12 00:54:14 2015 +0100| [6f4cda4a6b66cb3882c63e18a35937284c446c44] | committer: 
Michael Niedermayer

Update for 0.7.17

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f4cda4a6b66cb3882c63e18a35937284c446c44
---

 Doxyfile   |2 +-
 RELEASE|2 +-
 VERSION|2 +-
 cmdutils.c |2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Doxyfile b/Doxyfile
index 2b03049..be95183 100644
--- a/Doxyfile
+++ b/Doxyfile
@@ -31,7 +31,7 @@ PROJECT_NAME   = FFmpeg
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER = 0.7.16
+PROJECT_NUMBER = 0.7.17
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.
diff --git a/RELEASE b/RELEASE
index bf7b715..b22af29 100644
--- a/RELEASE
+++ b/RELEASE
@@ -1 +1 @@
-0.7.16
+0.7.17
diff --git a/VERSION b/VERSION
index bf7b715..b22af29 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.7.16
+0.7.17
diff --git a/cmdutils.c b/cmdutils.c
index b919bae..21922ae 100644
--- a/cmdutils.c
+++ b/cmdutils.c
@@ -57,7 +57,7 @@ AVFormatContext *avformat_opts;
 struct SwsContext *sws_opts;
 AVDictionary *format_opts, *video_opts, *audio_opts, *sub_opts;
 
-static const int this_year = 2013;
+static const int this_year = 2015;
 
 void init_opts(void)
 {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/vqf: Use 64bit for ret to avoid overflow

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Feb 
20 21:00:57 2015 +0100| [20446996f367bebba64197c1c18fe86a9ef2cb66] | committer: 
Michael Niedermayer

avformat/vqf: Use 64bit for ret to avoid overflow

Signed-off-by: Michael Niedermayer 
(cherry picked from commit cb08687180683a755d0fe9d425280d0e4d1e6db2)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20446996f367bebba64197c1c18fe86a9ef2cb66
---

 libavformat/vqf.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/vqf.c b/libavformat/vqf.c
index e06f393..884611b 100644
--- a/libavformat/vqf.c
+++ b/libavformat/vqf.c
@@ -227,7 +227,7 @@ static int vqf_read_seek(AVFormatContext *s,
 {
 VqfContext *c = s->priv_data;
 AVStream *st;
-int ret;
+int64_t ret;
 int64_t pos;
 
 st = s->streams[stream_index];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/gxf: Use 64bit for res to avoid overflow

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Feb 
20 20:14:56 2015 +0100| [286915cb846fe3aeda066e60e57238c0f581546a] | committer: 
Michael Niedermayer

avformat/gxf: Use 64bit for res to avoid overflow

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 12987f89007ee82b9d3a6090085dfaef8461ab8b)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=286915cb846fe3aeda066e60e57238c0f581546a
---

 libavformat/gxf.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/gxf.c b/libavformat/gxf.c
index 145b4ad..50dc2f0 100644
--- a/libavformat/gxf.c
+++ b/libavformat/gxf.c
@@ -486,7 +486,7 @@ static int gxf_packet(AVFormatContext *s, AVPacket *pkt) {
 }
 
 static int gxf_seek(AVFormatContext *s, int stream_index, int64_t timestamp, 
int flags) {
-int res = 0;
+int64_t res = 0;
 uint64_t pos;
 uint64_t maxlen = 100 * 1024 * 1024;
 AVStream *st = s->streams[0];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop

[Andreas Cadhalpun]

ffmpeg | branch: release/0.7 | Andreas Cadhalpun 
 | Sun Feb 22 20:48:38 2015 +0100| 
[1979bfecc78034426bf39442cfbd8a3c8c35e6ae] | committer: Michael Niedermayer

avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop

Averaging over 2 pixels doesn't work correctly for the last pixel, because the
rest of the buffer is not initialized.

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 87513d654546a99f8ddb045ca4fa5d33778a617e)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1979bfecc78034426bf39442cfbd8a3c8c35e6ae
---

 libavcodec/a64multienc.c |   10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavcodec/a64multienc.c b/libavcodec/a64multienc.c
index 5a665d0..c029e9e 100644
--- a/libavcodec/a64multienc.c
+++ b/libavcodec/a64multienc.c
@@ -55,9 +55,13 @@ static void to_meta_with_crop(AVCodecContext *avctx, AVFrame 
*p, int *dest)
 for (y = blocky; y < blocky + 8 && y < C64YRES; y++) {
 for (x = blockx; x < blockx + 8 && x < C64XRES; x += 2) {
 if(x < width && y < height) {
-/* build average over 2 pixels */
-luma = (src[(x + 0 + y * p->linesize[0])] +
-src[(x + 1 + y * p->linesize[0])]) / 2;
+if (x + 1 < width) {
+/* build average over 2 pixels */
+luma = (src[(x + 0 + y * p->linesize[0])] +
+src[(x + 1 + y * p->linesize[0])]) / 2;
+} else {
+luma = src[(x + y * p->linesize[0])];
+}
 /* write blocks as linear data now so they are 
suitable for elbg */
 dest[0] = luma;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] roqvideoenc: set enc->avctx in roq_encode_init

[Andreas Cadhalpun]

ffmpeg | branch: release/0.7 | Andreas Cadhalpun 
 | Mon Mar  9 19:24:09 2015 +0100| 
[a83b9f363c24f5d1482f9722c14fc02f3ca5a1d0] | committer: Michael Niedermayer

roqvideoenc: set enc->avctx in roq_encode_init

So far it is only set in roq_encode_frame, but it is used in
roq_encode_end to free the coded_frame. This currently segfaults if
roq_encode_frame is not called between roq_encode_init and
roq_encode_end.

Signed-off-by: Andreas Cadhalpun 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit cf82c426fadf90105e1fb9d5ecd267cc3aa2b288)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a83b9f363c24f5d1482f9722c14fc02f3ca5a1d0
---

 libavcodec/roqvideoenc.c |2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/roqvideoenc.c b/libavcodec/roqvideoenc.c
index 9030aff..39088fe 100644
--- a/libavcodec/roqvideoenc.c
+++ b/libavcodec/roqvideoenc.c
@@ -941,6 +941,8 @@ static int roq_encode_init(AVCodecContext *avctx)
 
 av_lfg_init(&enc->randctx, 1);
 
+enc->avctx = avctx;
+
 enc->framesSinceKeyframe = 0;
 if ((avctx->width & 0xf) || (avctx->height & 0xf)) {
 av_log(avctx, AV_LOG_ERROR, "Dimensions must be divisible by 16\n");

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/h264_ps: More completely check the bit depths

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Feb 
 6 04:11:56 2015 +0100| [3eb6eeaab0cd42886abbae76c90d005ac82ec9ba] | committer: 
Michael Niedermayer

avcodec/h264_ps: More completely check the bit depths

Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 69aa79365c1e8e1cb597d33e77bf1062c2ef47d4)

Conflicts:

libavcodec/h264_ps.c

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3eb6eeaab0cd42886abbae76c90d005ac82ec9ba
---

 libavcodec/h264_ps.c |4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index 6af0680..8f2aa62 100644
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -357,7 +357,9 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
 }
 sps->bit_depth_luma   = get_ue_golomb(&s->gb) + 8;
 sps->bit_depth_chroma = get_ue_golomb(&s->gb) + 8;
-if (sps->bit_depth_luma > 12U || sps->bit_depth_chroma > 12U) {
+if (sps->bit_depth_luma   < 8 || sps->bit_depth_luma   > 12 ||
+sps->bit_depth_chroma < 8 || sps->bit_depth_chroma > 12 ||
+sps->bit_depth_luma != sps->bit_depth_chroma) {
 av_log(h->s.avctx, AV_LOG_ERROR, "illegal bit depth value (%d, 
%d)\n",
sps->bit_depth_luma, sps->bit_depth_chroma);
 goto fail;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/utils: Align YUV411 by as much as the other YUV variants

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Sat Mar 
 7 14:30:34 2015 +0100| [bd92af66a1f0cfbb2bb6d372dbf1fac7caaa1732] | committer: 
Michael Niedermayer

avcodec/utils: Align YUV411 by as much as the other YUV variants

Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash2.avi

Found-by: Thomas Lindroth 
Tested-by: Thomas Lindroth 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit e3201c38d53d2b8b24d0bc95d726b2cb1752dc12)

Conflicts:

libavcodec/utils.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd92af66a1f0cfbb2bb6d372dbf1fac7caaa1732
---

 libavcodec/utils.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 27feb53..569047f 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -161,8 +161,8 @@ void avcodec_align_dimensions2(AVCodecContext *s, int 
*width, int *height, int l
 break;
 case PIX_FMT_YUV411P:
 case PIX_FMT_UYYVYY411:
-w_align=32;
-h_align=8;
+w_align = 32;
+h_align = 16 * 2;
 break;
 case PIX_FMT_YUV410P:
 if(s->codec_id == CODEC_ID_SVQ1){

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] configure: add noexecstack to linker options if supported.

[Reimar Döffinger]

ffmpeg | branch: release/0.7 | Reimar Döffinger  | 
Sun Sep 21 09:58:10 2014 +0100| [3ab6c0c4ecfd4880096f98474f8ac6b5f39dd924] | 
committer: Michael Niedermayer

configure: add noexecstack to linker options if supported.

Signed-off-by: Reimar Döffinger 
(cherry picked from commit b7082d953fda93f7841e7d15a6c3cd15bdee)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ab6c0c4ecfd4880096f98474f8ac6b5f39dd924
---

 configure |1 +
 1 file changed, 1 insertion(+)

diff --git a/configure b/configure
index 8f58296..ed228e4 100755
--- a/configure
+++ b/configure
@@ -2799,6 +2799,7 @@ if enabled asm; then
 fi
 
 check_ldflags -Wl,--as-needed
+check_ldflags -Wl,-z,noexecstack
 
 if check_func dlopen; then
 ldl=

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] h264/cabac: check loop index

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Thu Jan 
31 04:20:24 2013 +0100| [98b0751e895e6065cfae65008bee402481a4158c] | committer: 
Michael Niedermayer

h264/cabac: check loop index

fix out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit cdf0877bc341684c56ac1fe057397adbadf329ee)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=98b0751e895e6065cfae65008bee402481a4158c
---

 libavcodec/h264_cabac.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index b91883a..c1f4f7c 100644
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -1701,7 +1701,7 @@ static av_always_inline void 
decode_cabac_residual_internal( H264Context *h, DCT
 \
 if( coeff_abs >= 15 ) { \
 int j = 0; \
-while( get_cabac_bypass( CC ) ) { \
+while(get_cabac_bypass( CC ) && j<30) { \
 j++; \
 } \
 \

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/tiff: move bpp check to after "end:"

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Sun Mar 
 8 23:27:43 2015 +0100| [5333edcc869181649d7f9d6cdde9f975531c0b8c] | committer: 
Michael Niedermayer

avcodec/tiff: move bpp check to after "end:"

This ensures that all current and future code-pathes get bpp checked

Signed-off-by: Michael Niedermayer 
(cherry picked from commit d5e9fc782150d4596c72440a0aa02b7f4f1254b1)

Conflicts:

libavcodec/tiff.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5333edcc869181649d7f9d6cdde9f975531c0b8c
---

 libavcodec/tiff.c |7 +++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index d26135e..21588e7 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -498,6 +498,13 @@ static int tiff_decode_tag(TiffContext *s, const uint8_t 
*start, const uint8_t *
 default:
 av_log(s->avctx, AV_LOG_DEBUG, "Unknown or unsupported tag 
%d/0X%0X\n", tag, tag);
 }
+if (s->bpp > 64U) {
+av_log(s->avctx, AV_LOG_ERROR,
+"This format is not supported (bpp=%d, %d components)\n",
+s->bpp, count);
+s->bpp = 0;
+return AVERROR_INVALIDDATA;
+}
 return 0;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86()

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Thu Feb 
19 16:25:29 2015 +0100| [2ddabbb40f0c7b9f43a4c0db3d45938f56d3b21c] | committer: 
Michael Niedermayer

avcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86()

Based on patch by Francisco Blas Izquierdo Riera
Commit message partly taken from carl

fixes a compilation
error in mlpdsp_init.c with -fstack-check and some gcc compilers (I
reproduced the issue with gcc 4.7.3) by simplifying the code.

See also https://bugs.gentoo.org/show_bug.cgi?id=471756

$ make libavcodec/x86/mlpdsp_init.o
libavcodec/x86/mlpdsp_init.c: In function ‘mlp_filter_channel_x86’:
libavcodec/x86/mlpdsp_init.c:142:5: error: can’t find a register in
class ‘GENERAL_REGS’ while reloading ‘asm’
libavcodec/x86/mlpdsp_init.c:142:5: error: ‘asm’ operand has impossible
constraints

4551 -> 4509 dezicycles

Reviewed-by: Ramiro Polla 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 03f39fbb2a558153a3c464edec1378d637a755fe)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ddabbb40f0c7b9f43a4c0db3d45938f56d3b21c
---

 libavcodec/x86/mlpdsp.c |6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/libavcodec/x86/mlpdsp.c b/libavcodec/x86/mlpdsp.c
index 486a927..77e3df6 100644
--- a/libavcodec/x86/mlpdsp.c
+++ b/libavcodec/x86/mlpdsp.c
@@ -129,8 +129,8 @@ static void mlp_filter_channel_x86(int32_t *state, const 
int32_t *coeff,
 FIRMUL   (ff_mlp_firorder_6, 0x14   )
 FIRMUL   (ff_mlp_firorder_5, 0x10   )
 FIRMUL   (ff_mlp_firorder_4, 0x0c   )
-FIRMULREG(ff_mlp_firorder_3, 0x08,10)
-FIRMULREG(ff_mlp_firorder_2, 0x04, 9)
+FIRMUL   (ff_mlp_firorder_3, 0x08   )
+FIRMUL   (ff_mlp_firorder_2, 0x04   )
 FIRMULREG(ff_mlp_firorder_1, 0x00, 8)
 LABEL_MANGLE(ff_mlp_firorder_0)":\n\t"
 "jmp  *%6 \n\t"
@@ -159,8 +159,6 @@ static void mlp_filter_channel_x86(int32_t *state, const 
int32_t *coeff,
 : /* 4*/"r"((x86_reg)mask), /* 5*/"r"(firjump),
   /* 6*/"r"(iirjump)  , /* 7*/"c"(filter_shift)
 , /* 8*/"r"((int64_t)coeff[0])
-, /* 9*/"r"((int64_t)coeff[1])
-, /*10*/"r"((int64_t)coeff[2])
 : "rax", "rdx", "rsi"
 #else /* ARCH_X86_32 */
   /* 3*/"+m"(blocksize)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Fix buffer_size argument to init_put_bits() in multiple encoders.

[Dyami Caliri]

ffmpeg | branch: release/0.7 | Dyami Caliri  | Thu Feb 
26 10:17:01 2015 -0800| [c681f86a324d6181c31006edb300356af47e91cd] | committer: 
Michael Niedermayer

Fix buffer_size argument to init_put_bits() in multiple encoders.

Several encoders were multiplying the buffer size by 8, in order to get
a bit size. However, the buffer_size argument is for the byte size of
the buffer. We had experienced crashes encoding prores (Anatoliy) at
size 4096x4096.
(cherry picked from commit 50833c9f7b4e1922197a8955669f8ab3589c8cef)

Conflicts:

libavcodec/proresenc_kostya.c

Conflicts:

libavcodec/faxcompr.c
libavcodec/s302menc.c

Conflicts:

libavcodec/adpcmenc.c

Conflicts:

libavcodec/adpcmenc.c
libavcodec/proresenc.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c681f86a324d6181c31006edb300356af47e91cd
---

 libavcodec/aacenc.c|2 +-
 libavcodec/faxcompr.c  |2 +-
 libavcodec/flashsv2enc.c   |2 +-
 libavcodec/flashsvenc.c|2 +-
 libavcodec/nellymoserenc.c |2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c
index 0de6622..68fa0aa 100644
--- a/libavcodec/aacenc.c
+++ b/libavcodec/aacenc.c
@@ -153,7 +153,7 @@ static void put_audio_specific_config(AVCodecContext *avctx)
 PutBitContext pb;
 AACEncContext *s = avctx->priv_data;
 
-init_put_bits(&pb, avctx->extradata, avctx->extradata_size*8);
+init_put_bits(&pb, avctx->extradata, avctx->extradata_size);
 put_bits(&pb, 5, 2); //object type - AAC-LC
 put_bits(&pb, 4, s->samplerate_index); //sample rate index
 put_bits(&pb, 4, avctx->channels);
diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c
index 34aa576..0995811 100644
--- a/libavcodec/faxcompr.c
+++ b/libavcodec/faxcompr.c
@@ -243,7 +243,7 @@ static void put_line(uint8_t *dst, int size, int width, 
const int *runs)
 PutBitContext pb;
 int run, mode = ~0, pix_left = width, run_idx = 0;
 
-init_put_bits(&pb, dst, size*8);
+init_put_bits(&pb, dst, size);
 while(pix_left > 0){
 run = runs[run_idx++];
 mode = ~mode;
diff --git a/libavcodec/flashsv2enc.c b/libavcodec/flashsv2enc.c
index 7ee299c..86a35b6 100644
--- a/libavcodec/flashsv2enc.c
+++ b/libavcodec/flashsv2enc.c
@@ -270,7 +270,7 @@ static int write_header(FlashSV2Context * s, uint8_t * buf, 
int buf_size)
 if (buf_size < 5)
 return -1;
 
-init_put_bits(&pb, buf, buf_size * 8);
+init_put_bits(&pb, buf, buf_size);
 
 put_bits(&pb, 4, (s->block_width  >> 4) - 1);
 put_bits(&pb, 12, s->image_width);
diff --git a/libavcodec/flashsvenc.c b/libavcodec/flashsvenc.c
index c0327a9..8a813f2 100644
--- a/libavcodec/flashsvenc.c
+++ b/libavcodec/flashsvenc.c
@@ -139,7 +139,7 @@ static int encode_bitstream(FlashSVContext *s, AVFrame *p, 
uint8_t *buf,
 int buf_pos, res;
 int pred_blocks = 0;
 
-init_put_bits(&pb, buf, buf_size * 8);
+init_put_bits(&pb, buf, buf_size);
 
 put_bits(&pb,  4, (block_width / 16) - 1);
 put_bits(&pb, 12, s->image_width);
diff --git a/libavcodec/nellymoserenc.c b/libavcodec/nellymoserenc.c
index 1d35cda..f32b5b2 100644
--- a/libavcodec/nellymoserenc.c
+++ b/libavcodec/nellymoserenc.c
@@ -287,7 +287,7 @@ static void encode_block(NellyMoserEncodeContext *s, 
unsigned char *output, int
 
 apply_mdct(s);
 
-init_put_bits(&pb, output, output_size * 8);
+init_put_bits(&pb, output, output_size);
 
 i = 0;
 for (band = 0; band < NELLY_BANDS; band++) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/mjpegdec: Skip blocks which are outside the visible area

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Wed Feb 
11 03:33:53 2015 +0100| [2b8c9c1f7de835d50937a8bf2ae90a61929b3bdd] | committer: 
Michael Niedermayer

avcodec/mjpegdec: Skip blocks which are outside the visible area

Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi

Found-by: Thomas Lindroth 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf)

Conflicts:

libavcodec/mjpegdec.c
(cherry picked from commit 5553947db2af443778f781a107d9fe9ad6ec5d17)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b8c9c1f7de835d50937a8bf2ae90a61929b3bdd
---

 libavcodec/mjpegdec.c |   31 ---
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index a0dcbc7..9323d53 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -859,19 +859,28 @@ static int mjpeg_decode_scan(MJpegDecodeContext *s, int 
nb_components, int Ah, i
 
 if(s->interlaced && s->bottom_field)
 block_offset += linesize[c] >> 1;
-ptr = data[c] + block_offset;
-if(!s->progressive) {
+if (   8*(h * mb_x + x) < s->width
+&& 8*(v * mb_y + y) < s->height) {
+ptr = data[c] + block_offset;
+} else
+ptr = NULL;
+if (!s->progressive) {
 if (copy_mb) {
-mjpeg_copy_block(ptr, reference_data[c] + 
block_offset, linesize[c], s->avctx->lowres);
+if (ptr)
+mjpeg_copy_block(ptr, reference_data[c] + 
block_offset,
+linesize[c], s->avctx->lowres);
 } else {
-s->dsp.clear_block(s->block);
-if(decode_block(s, s->block, i,
- s->dc_index[i], s->ac_index[i],
- s->quant_matrixes[ s->quant_index[c] ]) < 
0) {
-av_log(s->avctx, AV_LOG_ERROR, "error y=%d 
x=%d\n", mb_y, mb_x);
-return -1;
-}
-s->dsp.idct_put(ptr, linesize[c], s->block);
+s->dsp.clear_block(s->block);
+if (decode_block(s, s->block, i,
+ s->dc_index[i], s->ac_index[i],
+ 
s->quant_matrixes[s->quant_index[c]]) < 0) {
+av_log(s->avctx, AV_LOG_ERROR,
+   "error y=%d x=%d\n", mb_y, mb_x);
+return -1;
+}
+if (ptr) {
+s->dsp.idct_put(ptr, linesize[c], s->block);
+}
 }
 } else {
 int block_idx = s->block_stride[c] * (v * mb_y + y) + 
(h * mb_x + x);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] dnxhdenc: fix mb_rc size

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Jan 
17 20:09:48 2014 +0100| [0701f7c5c3f9e8a336d1f5773a89a5e63f8f5497] | committer: 
Michael Niedermayer

dnxhdenc: fix mb_rc size

Fixes out of array access with RC_VARIANCE set to 0

Signed-off-by: Michael Niedermayer 
(cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0701f7c5c3f9e8a336d1f5773a89a5e63f8f5497
---

 libavcodec/dnxhdenc.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/dnxhdenc.c b/libavcodec/dnxhdenc.c
index 62bc9f0..0c2a965 100644
--- a/libavcodec/dnxhdenc.c
+++ b/libavcodec/dnxhdenc.c
@@ -151,7 +151,7 @@ static int dnxhd_init_qmat(DNXHDEncContext *ctx, int lbias, 
int cbias)
 
 static int dnxhd_init_rc(DNXHDEncContext *ctx)
 {
-FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 
8160*ctx->m.avctx->qmax*sizeof(RCEntry), fail);
+FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_rc, 8160*(ctx->m.avctx->qmax + 
1)*sizeof(RCEntry), fail);
 if (ctx->m.avctx->mb_decision != FF_MB_DECISION_RD)
 FF_ALLOCZ_OR_GOTO(ctx->m.avctx, ctx->mb_cmp, 
ctx->m.mb_num*sizeof(RCCMPEntry), fail);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avutil/lzo: Fix integer overflow

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Jun 
20 03:15:28 2014 +0200| [1b291e0466308b341bc2e8c2a49d44862400f014] | committer: 
Michael Niedermayer

avutil/lzo: Fix integer overflow

Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav 
today (git and mailing list)

Fixes: LMS-2014-06-16-4
Found-by: "Don A. Bailey" 
See: ccda51b14c0fcae2fad73a24872dce75a7964996
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d6af26c55c1ea30f85a7d9edbc373f53be1743ee)

Conflicts:

libavutil/lzo.c
(cherry picked from commit 7b5c706494a775b2b0d0e0a38448610802eef8f4)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b291e0466308b341bc2e8c2a49d44862400f014
---

 libavutil/lzo.c |8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavutil/lzo.c b/libavutil/lzo.c
index d2e86bc..d91fbfc 100644
--- a/libavutil/lzo.c
+++ b/libavutil/lzo.c
@@ -62,7 +62,13 @@ static inline int get_byte(LZOContext *c) {
 static inline int get_len(LZOContext *c, int x, int mask) {
 int cnt = x & mask;
 if (!cnt) {
-while (!(x = get_byte(c))) cnt += 255;
+while (!(x = get_byte(c))) {
+if (cnt >= INT_MAX - 1000) {
+c->error |= AV_LZO_ERROR;
+break;
+}
+cnt += 255;
+}
 cnt += mask + x;
 }
 return cnt;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Wed Feb 
 4 14:47:41 2015 +0100| [c68fe8ac8b9d0602e24e1c8c5d575fb21a8b3364] | committer: 
Michael Niedermayer

avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 05e161952954acf247e0fd1fdef00559675c4d4d)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c68fe8ac8b9d0602e24e1c8c5d575fb21a8b3364
---

 libavformat/mpc8.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c
index 4d95a1d..3193f5d 100644
--- a/libavformat/mpc8.c
+++ b/libavformat/mpc8.c
@@ -54,7 +54,7 @@ typedef struct {
 
 static inline int64_t bs_get_v(uint8_t **bs)
 {
-int64_t v = 0;
+uint64_t v = 0;
 int br = 0;
 int c;
 
@@ -105,7 +105,7 @@ static int mpc8_probe(AVProbeData *p)
 
 static inline int64_t gb_get_v(GetBitContext *gb)
 {
-int64_t v = 0;
+uint64_t v = 0;
 int bits = 0;
 while(get_bits1(gb) && bits < 64-7){
 v <<= 7;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/utils: Fix number suffixes in tb_unreliable()

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Sun Feb 
 1 19:19:25 2015 +0100| [42f8a33c3c396b84932b0badca1cff5d0b6aff5e] | committer: 
Michael Niedermayer

avformat/utils: Fix number suffixes in tb_unreliable()

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 4b15bba2aec93776bfdc69a1bca42a4795a7d191)

Conflicts:

libavformat/utils.c
(cherry picked from commit e651a2f88c219e74c9851563e74100f7652a6005)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=42f8a33c3c396b84932b0badca1cff5d0b6aff5e
---

 libavformat/utils.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index e2418e7..69765ea 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -2314,8 +2314,8 @@ static int get_std_framerate(int i){
  * And there are "variable" fps files this needs to detect as well.
  */
 static int tb_unreliable(AVCodecContext *c){
-if(   c->time_base.den >= 101L*c->time_base.num
-   || c->time_base.den <5L*c->time_base.num
+if(   c->time_base.den >= 101LL*c->time_base.num
+   || c->time_base.den <5LL*c->time_base.num
 /*   || c->codec_tag == AV_RL32("DIVX")
|| c->codec_tag == AV_RL32("XVID")*/
|| c->codec_id == CODEC_ID_MPEG2VIDEO

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/thp: Check av_get_packet() for failure not only for partial output

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Thu Feb 
 5 03:45:21 2015 +0100| [f3a776a9433cfc935d56264f1c52873249477e12] | committer: 
Michael Niedermayer

avformat/thp: Check av_get_packet() for failure not only for partial output

Fixes null pointer dereference
Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit f2579dbb4b31e6ae731e7f680528ef3020ab)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3a776a9433cfc935d56264f1c52873249477e12
---

 libavformat/thp.c |2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/thp.c b/libavformat/thp.c
index 2d1f74e..ec2bb18 100644
--- a/libavformat/thp.c
+++ b/libavformat/thp.c
@@ -174,6 +174,8 @@ static int thp_read_packet(AVFormatContext *s,
 pkt->stream_index = thp->video_stream_index;
 } else {
 ret = av_get_packet(pb, pkt, thp->audiosize);
+if (ret < 0)
+return ret;
 if (ret != thp->audiosize) {
 av_free_packet(pkt);
 return AVERROR(EIO);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/vmdvideo: Check len before using it in method 3

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Tue Dec 
16 16:24:55 2014 +0100| [fac6f744d8170585f05e098ce9c9f27eeffa818e] | committer: 
Michael Niedermayer

avcodec/vmdvideo: Check len before using it in method 3

Fixes out of array access
Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3030fb7e0d41836f8add6399e9a7c7b740b48bfd)

Conflicts:

libavcodec/vmdvideo.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fac6f744d8170585f05e098ce9c9f27eeffa818e
---

 libavcodec/vmdav.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c
index 1f9694e..94ae895 100644
--- a/libavcodec/vmdav.c
+++ b/libavcodec/vmdav.c
@@ -339,7 +339,7 @@ static void vmd_decode(VmdVideoContext *s)
 if (*pb++ == 0xFF)
 len = rle_unpack(pb, pb_end - pb, len, &dp[ofs], 
frame_width - ofs);
 else {
-if (pb_end - pb < len)
+if (ofs + len > frame_width || pb_end - pb < len)
 return;
 memcpy(&dp[ofs], pb, len);
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Wed Dec 
 3 20:21:56 2014 +0100| [9f993d2d4ba256155b52529922e7da0144e64b99] | committer: 
Michael Niedermayer

swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output

Fixes Ticket4151

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 8524558858b7e14bc50afa10233e0194f591ab9d)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9f993d2d4ba256155b52529922e7da0144e64b99
---

 libswscale/x86/rgb2rgb_template.c |1 +
 1 file changed, 1 insertion(+)

diff --git a/libswscale/x86/rgb2rgb_template.c 
b/libswscale/x86/rgb2rgb_template.c
index baef3f8..bfa0d4f 100644
--- a/libswscale/x86/rgb2rgb_template.c
+++ b/libswscale/x86/rgb2rgb_template.c
@@ -1971,6 +1971,7 @@ static void RENAME(interleaveBytes)(const uint8_t *src1, 
const uint8_t *src2, ui
 for (h=0; h < height; h++) {
 int w;
 
+if (width >= 16)
 #if COMPILE_TEMPLATE_SSE2
 __asm__(
 "xor  %%"REG_a", %%"REG_a"  \n\t"

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/flac_parser: fix handling EOF if no headers are found

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Sat Jan 
17 01:56:03 2015 +0100| [ae82abbbcf0ca680d2458f81d431afabd12b7d0c] | committer: 
Michael Niedermayer

avcodec/flac_parser: fix handling EOF if no headers are found

Fixes assertion failure
Fixes Ticket4269

Signed-off-by: Michael Niedermayer 
(cherry picked from commit c4d85fc23c100f7a27d9bad710eb153214868e27)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae82abbbcf0ca680d2458f81d431afabd12b7d0c
---

 libavcodec/flac_parser.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c
index 50ad72b..dac1c26 100644
--- a/libavcodec/flac_parser.c
+++ b/libavcodec/flac_parser.c
@@ -646,7 +646,7 @@ static int flac_parse(AVCodecParserContext *s, 
AVCodecContext *avctx,
 handle_error:
 *poutbuf  = NULL;
 *poutbuf_size = 0;
-return read_end - buf;
+return buf_size ? read_end - buf : 0;
 }
 
 static int flac_parse_init(AVCodecParserContext *c)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/mjpegdec: Check number of components for JPEG-LS

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Wed Feb 
 4 20:48:30 2015 +0100| [75b0cfcf105c8720a47a2ee80a70ba16799d71b7] | committer: 
Michael Niedermayer

avcodec/mjpegdec: Check number of components for JPEG-LS

Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037)

Conflicts:

libavcodec/mjpegdec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=75b0cfcf105c8720a47a2ee80a70ba16799d71b7
---

 libavcodec/mjpegdec.c |7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 8a6d50d..a0dcbc7 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -347,9 +347,12 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
 return -1;
 }
 if(s->ls){
-if(s->nb_components > 1)
+if(s->nb_components == 3) {
 s->avctx->pix_fmt = PIX_FMT_RGB24;
-else if(s->bits <= 8)
+} else if (s->nb_components != 1) {
+av_log(s->avctx, AV_LOG_ERROR, "Unsupported number of components 
%d\n", s->nb_components);
+return AVERROR_PATCHWELCOME;
+} else if (s->bits <= 8)
 s->avctx->pix_fmt = PIX_FMT_GRAY8;
 else
 s->avctx->pix_fmt = PIX_FMT_GRAY16;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] smackerdemuxer: check some values before instead of just after malloc()

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Dec 
16 02:57:22 2011 +0100| [127a2902533cfb6d55cf1960d5f184eb4f02211f] | committer: 
Michael Niedermayer

smackerdemuxer: check some values before instead of just after malloc()
Fixes Ticket777
Bug Found by: Diana Elena Muscalu

Signed-off-by: Michael Niedermayer 
(cherry picked from commit c402c1c976dc5bd63908d1aaff5b60521cbbee92)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=127a2902533cfb6d55cf1960d5f184eb4f02211f
---

 libavformat/smacker.c |6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavformat/smacker.c b/libavformat/smacker.c
index b2c442e..faf85a5 100644
--- a/libavformat/smacker.c
+++ b/libavformat/smacker.c
@@ -251,6 +251,8 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket 
*pkt)
 memcpy(oldpal, pal, 768);
 size = avio_r8(s->pb);
 size = size * 4 - 1;
+if(size + 1 > frame_size)
+return AVERROR_INVALIDDATA;
 frame_size -= size;
 frame_size--;
 sz = 0;
@@ -292,10 +294,12 @@ static int smacker_read_packet(AVFormatContext *s, 
AVPacket *pkt)
 /* if audio chunks are present, put them to stack and retrieve later */
 for(i = 0; i < 7; i++) {
 if(flags & 1) {
-int size;
+unsigned int size;
 uint8_t *tmpbuf;
 
 size = avio_rl32(s->pb) - 4;
+if(size + 4L > frame_size)
+return AVERROR_INVALIDDATA;
 frame_size -= size;
 frame_size -= 4;
 smk->curstream++;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/pngdec: Check IHDR/IDAT order

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Wed Nov 
26 15:45:47 2014 +0100| [cb1db92cca98f963e91f421ee0c84f8866325a73] | committer: 
Michael Niedermayer

avcodec/pngdec: Check IHDR/IDAT order

Fixes out of array access
Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 79ceaf827be0b070675d4cd0a55c3386542defd8)

Conflicts:

libavcodec/pngdec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb1db92cca98f963e91f421ee0c84f8866325a73
---

 libavcodec/pngdec.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 22c50b7..a8c1d88 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -418,6 +418,12 @@ static int decode_frame(AVCodecContext *avctx,
 case MKTAG('I', 'H', 'D', 'R'):
 if (length != 13)
 goto fail;
+
+if (s->state & PNG_IDAT) {
+av_log(avctx, AV_LOG_ERROR, "IHDR after IDAT\n");
+goto fail;
+}
+
 s->width = bytestream_get_be32(&s->bytestream);
 s->height = bytestream_get_be32(&s->bytestream);
 if(av_image_check_size(s->width, s->height, 0, avctx)){

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Mon Nov 
10 23:07:50 2014 +0100| [f78f7eca1a5ce67db6b1f8a159dc47cc57e8d43a] | committer: 
Michael Niedermayer

avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization

Fixes out of array read
Fixes: 
asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 5dcb99033df16eccc4dbbc4a099ad64457f9f090)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f78f7eca1a5ce67db6b1f8a159dc47cc57e8d43a
---

 libavcodec/wmaprodec.c |3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c
index 816d95f..67c62a4 100644
--- a/libavcodec/wmaprodec.c
+++ b/libavcodec/wmaprodec.c
@@ -404,6 +404,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
 offset &= ~3;
 if (offset > s->sfb_offsets[i][band - 1])
 s->sfb_offsets[i][band++] = offset;
+
+if (offset >= subframe_len)
+break;
 }
 s->sfb_offsets[i][band - 1] = subframe_len;
 s->num_sfb[i]   = band - 1;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mpc8: fix hang with fuzzed file

[wm4]

ffmpeg | branch: release/0.7 | wm4  | Tue Feb  3 
19:04:12 2015 +0100| [42b4ba4a8ae261609100ed41b773b26f9989941e] | committer: 
Michael Niedermayer

avformat/mpc8: fix hang with fuzzed file

This can lead to an endless loop by seeking back a few bytes after each
attempted chunk read. Assuming negative sizes are always invalid, this
is easy to fix. Other code in this demuxer treats negative sizes as
invalid as well.

Fixes ticket #4262.

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 56cc024220886927350cfc26ee695062ca7ecaf4)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=42b4ba4a8ae261609100ed41b773b26f9989941e
---

 libavformat/mpc8.c |4 
 1 file changed, 4 insertions(+)

diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c
index db23781..161cee3 100644
--- a/libavformat/mpc8.c
+++ b/libavformat/mpc8.c
@@ -204,6 +204,10 @@ static int mpc8_read_header(AVFormatContext *s, 
AVFormatParameters *ap)
 while(!url_feof(pb)){
 pos = avio_tell(pb);
 mpc8_get_chunk_header(pb, &tag, &size);
+if (size < 0) {
+av_log(s, AV_LOG_ERROR, "Invalid chunk length\n");
+return AVERROR_INVALIDDATA;
+}
 if(tag == TAG_STREAMHDR)
 break;
 mpc8_handle_chunk(s, tag, pos, size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/mjpegdec: check bits per pixel for changes similar to dimensions

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 01:50:27 2014 +0200| [b5e661bcd2bb4fe771cb2c1e21215c68e6a17665] | committer: 
Michael Niedermayer

avcodec/mjpegdec: check bits per pixel for changes similar to dimensions

Fixes out of array accesses
Fixes: 
asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 5c378d6a6df8243f06c87962b873bd563e58cd39)

Conflicts:

libavcodec/mjpegdec.c
(cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82)

Conflicts:

libavcodec/mjpegdec.c

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5e661bcd2bb4fe771cb2c1e21215c68e6a17665
---

 libavcodec/mjpegdec.c |   17 ++---
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 817636f..6d0ec63 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -212,16 +212,16 @@ int ff_mjpeg_decode_dht(MJpegDecodeContext *s)
 
 int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
 {
-int len, nb_components, i, width, height, pix_fmt_id;
+int len, nb_components, i, width, height, bits, pix_fmt_id;
 
 /* XXX: verify len field validity */
 len = get_bits(&s->gb, 16);
-s->bits= get_bits(&s->gb, 8);
+bits= get_bits(&s->gb, 8);
 
-if(s->pegasus_rct) s->bits=9;
-if(s->bits==9 && !s->pegasus_rct) s->rct=1;//FIXME ugly
+if(s->pegasus_rct) bits=9;
+if(bits==9 && !s->pegasus_rct) s->rct=1;//FIXME ugly
 
-if (s->bits != 8 && !s->lossless){
+if (bits != 8 && !s->lossless){
 av_log(s->avctx, AV_LOG_ERROR, "only 8 bits/component accepted\n");
 return -1;
 }
@@ -241,7 +241,7 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
 if (nb_components <= 0 ||
 nb_components > MAX_COMPONENTS)
 return -1;
-if (s->ls && !(s->bits <= 8 || nb_components == 1)){
+if (s->ls && !(bits <= 8 || nb_components == 1)){
 av_log(s->avctx, AV_LOG_ERROR, "only <= 8 bits/component or 16-bit 
gray accepted for JPEG-LS\n");
 return -1;
 }
@@ -274,11 +274,14 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
 
 /* if different size, realloc/alloc picture */
 /* XXX: also check h_count and v_count */
-if (width != s->width || height != s->height) {
+if (   width != s->width || height != s->height
+|| bits != s->bits
+   ) {
 av_freep(&s->qscale_table);
 
 s->width = width;
 s->height = height;
+s->bits   = bits;
 s->interlaced = 0;
 
 /* test interlaced mode */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/gifdec: factorize interleave end handling out

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 20:15:52 2014 +0200| [ef32bc8dde52439afd13988f56012a9f4dd55a83] | committer: 
Michael Niedermayer

avcodec/gifdec: factorize interleave end handling out

also change it to a loop
Fixes out of array access
Fixes: 
asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 8f1457864be8fb9653643519dea1c6492f1dde57)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef32bc8dde52439afd13988f56012a9f4dd55a83
---

 libavcodec/gifdec.c |   15 +--
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
index 39d0db9..1c9358f 100644
--- a/libavcodec/gifdec.c
+++ b/libavcodec/gifdec.c
@@ -125,26 +125,21 @@ static int gif_read_image(GifState *s)
 case 1:
 y1 += 8;
 ptr += linesize * 8;
-if (y1 >= height) {
-y1 = pass ? 2 : 4;
-ptr = ptr1 + linesize * y1;
-pass++;
-}
 break;
 case 2:
 y1 += 4;
 ptr += linesize * 4;
-if (y1 >= height) {
-y1 = 1;
-ptr = ptr1 + linesize;
-pass++;
-}
 break;
 case 3:
 y1 += 2;
 ptr += linesize * 2;
 break;
 }
+while (y1 >= height) {
+y1 = 4 >> pass;
+ptr = ptr1 + linesize * y1;
+pass++;
+}
 } else {
 ptr += linesize;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mpegts: Check desc_len / get8() return code

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Sat Oct 
 4 04:29:40 2014 +0200| [79891f5b87baa9c17366a84950cb81b8f4f6e5f1] | committer: 
Michael Niedermayer

avformat/mpegts: Check desc_len / get8() return code

Fixes out of array read
Fixes: 
signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79891f5b87baa9c17366a84950cb81b8f4f6e5f1
---

 libavformat/mpegts.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c
index bcf9b00..28ec492 100644
--- a/libavformat/mpegts.c
+++ b/libavformat/mpegts.c
@@ -1240,7 +1240,7 @@ static void sdt_cb(MpegTSFilter *filter, const uint8_t 
*section, int section_len
 break;
 desc_len = get8(&p, desc_list_end);
 desc_end = p + desc_len;
-if (desc_end > desc_list_end)
+if (desc_len < 0 || desc_end > desc_list_end)
 break;
 
 av_dlog(ts->stream, "tag: 0x%02x len=%d\n",

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mpc8: fix broken pointer math

[wm4]

ffmpeg | branch: release/0.7 | wm4  | Tue Feb  3 
19:04:11 2015 +0100| [a58b8e99c4211c17361d0469ff522298cfb01344] | committer: 
Michael Niedermayer

avformat/mpc8: fix broken pointer math

This could overflow and crash at least on 32 bit systems.

Reviewed-by: Reimar Döffinger 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa)

Conflicts:

libavformat/mpc8.c
(cherry picked from commit 49dd89f9027f3def12e170bb7d986d37812eedba)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a58b8e99c4211c17361d0469ff522298cfb01344
---

 libavformat/mpc8.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c
index 161cee3..4d95a1d 100644
--- a/libavformat/mpc8.c
+++ b/libavformat/mpc8.c
@@ -88,7 +88,7 @@ static int mpc8_probe(AVProbeData *p)
 size = bs_get_v(&bs);
 if (size < 2)
 return 0;
-if (bs + size - 2 >= bs_end)
+if (size >= bs_end - bs + 2)
 return AVPROBE_SCORE_MAX / 4 - 1; //seems to be valid MPC but no 
header yet
 if (header_found) {
 if (size < 11 || size > 28)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/jpeglsdec: Check run value more completely in ls_decode_line()

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Thu Oct 
 2 23:17:21 2014 +0200| [794fcabfe8b8506dbdf33a735318d1a2aecfb150] | committer: 
Michael Niedermayer

avcodec/jpeglsdec: Check run value more completely in ls_decode_line()

previously it could have been by 1 too large
Fixes out of array access
Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls
Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls
Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 06e7d58410a17dc72c30ee7f3145fcacc425f4f2)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=794fcabfe8b8506dbdf33a735318d1a2aecfb150
---

 libavcodec/jpeglsdec.c |5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 7278e02..628fed1 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -203,6 +203,11 @@ static inline void ls_decode_line(JLSState *state, 
MJpegDecodeContext *s, void *
 x += stride;
 }
 
+if (x >= w) {
+av_log(NULL, AV_LOG_ERROR, "run overflow\n");
+return;
+}
+
 /* decode run termination value */
 Rb = R(last, x);
 RItype = (FFABS(Ra - Rb) <= state->near) ? 1 : 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/smc: fix off by 1 error

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 22:50:45 2014 +0200| [5b2097626d0e4ccb432d7d8ab040aa8dbde9eb3a] | committer: 
Michael Niedermayer

avcodec/smc: fix off by 1 error

Fixes out of array access
Fixes: asan_heap-oob_1685bf0_5_asan_heap-oob_1f35116_430_smc.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit c727401aa9d62335e89d118a5b4e202edf39d905)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b2097626d0e4ccb432d7d8ab040aa8dbde9eb3a
---

 libavcodec/smc.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index fddd5ab..ff185fb 100644
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -68,7 +68,7 @@ typedef struct SmcContext {
 row_ptr += stride * 4; \
 } \
 total_blocks--; \
-if (total_blocks < 0) \
+if (total_blocks < 0 + !!n_blocks) \
 { \
 av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went 
negative (this should not happen)\n"); \
 return; \

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/aviobuf: Check that avio_seek() target is non negative

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Sun Dec 
14 17:26:11 2014 +0100| [1aedd7645a3d01a9a674a7e62d90811a88bc6b04] | committer: 
Michael Niedermayer

avformat/aviobuf: Check that avio_seek() target is non negative

Fixes out of array access

Suggested-by: Andrew Scherkus 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit ed86dbd05d61363dc1c0d33f3267e2177c985fdd)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1aedd7645a3d01a9a674a7e62d90811a88bc6b04
---

 libavformat/aviobuf.c |3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 626261a..8c6be84 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -203,6 +203,9 @@ int64_t avio_seek(AVIOContext *s, int64_t offset, int 
whence)
 return offset1;
 offset += offset1;
 }
+if (offset < 0)
+return AVERROR(EINVAL);
+
 offset1 = offset - pos;
 if (!s->must_flush &&
 offset1 >= 0 && offset1 <= (s->buf_end - s->buffer)) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 14:45:04 2014 +0200| [73962e677d871fa0dde5385ee04ea07c048d8864] | committer: 
Michael Niedermayer

avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks

Fixes out of array access
Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e)

Conflicts:

libavcodec/mmvideo.c

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=73962e677d871fa0dde5385ee04ea07c048d8864
---

 libavcodec/mmvideo.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c
index 707ddc5..0136bf8 100644
--- a/libavcodec/mmvideo.c
+++ b/libavcodec/mmvideo.c
@@ -105,7 +105,7 @@ static void mm_decode_intra(MmContext * s, int half_horiz, 
int half_vert, const
 
 if (color) {
 memset(s->frame.data[0] + y*s->frame.linesize[0] + x, color, 
run_length);
-if (half_vert)
+if (half_vert && y + half_vert < s->avctx->height)
 memset(s->frame.data[0] + (y+1)*s->frame.linesize[0] + x, 
color, run_length);
 }
 x+= run_length;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/pngdec: Calculate MPNG bytewidth more defensively

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 17:54:21 2014 +0200| [fd36238c402d69438edab22fd81a7ab5397fee93] | committer: 
Michael Niedermayer

avcodec/pngdec: Calculate MPNG bytewidth more defensively

Signed-off-by: Michael Niedermayer 
(cherry picked from commit e830902934a29df05c7af65aef2a480b15f572c4)

Conflicts:

libavcodec/pngdec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fd36238c402d69438edab22fd81a7ab5397fee93
---

 libavcodec/pngdec.c |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 6a49530..22c50b7 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -584,9 +584,10 @@ static int decode_frame(AVCodecContext *avctx,
 int i, j;
 uint8_t *pd = s->current_picture->data[0];
 uint8_t *pd_last = s->last_picture->data[0];
+int ls = FFMIN(av_image_get_linesize(s->current_picture->format, 
s->width, 0), s->width * s->bpp);
 
 for(j=0; j < s->height; j++) {
-for(i=0; i < s->width * s->bpp; i++) {
+for(i=0; i < ls; i++) {
 pd[i] += pd_last[i];
 }
 pd += s->image_linesize;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/smacker: Fix number suffix

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Sun Feb 
 1 19:36:13 2015 +0100| [8cf62b34e4286d3ec2645afc8ef4329bc08f72e1] | committer: 
Michael Niedermayer

avformat/smacker: Fix number suffix

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 465f3705b1ef832fd6904750d018f81f9044f3ab)

Conflicts:

libavformat/smacker.c
(cherry picked from commit ef3687998fb46d7d936bb6023f25c1dc324a4640)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8cf62b34e4286d3ec2645afc8ef4329bc08f72e1
---

 libavformat/smacker.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/smacker.c b/libavformat/smacker.c
index faf85a5..6a81a48 100644
--- a/libavformat/smacker.c
+++ b/libavformat/smacker.c
@@ -298,7 +298,7 @@ static int smacker_read_packet(AVFormatContext *s, AVPacket 
*pkt)
 uint8_t *tmpbuf;
 
 size = avio_rl32(s->pb) - 4;
-if(size + 4L > frame_size)
+if(size + 4LL > frame_size)
 return AVERROR_INVALIDDATA;
 frame_size -= size;
 frame_size -= 4;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/mjpegdec: Fix context fields becoming inconsistent

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Tue Nov 
25 13:53:06 2014 +0100| [30e8a375901f8802853fd6d478b77a127d208bd6] | committer: 
Michael Niedermayer

avcodec/mjpegdec: Fix context fields becoming inconsistent

Fixes out of array access
Fixes: 
asan_heap-oob_1ca4f85_2760_cov_19187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 0eecf40935b22644e6cd74c586057237ecfd6844)

Conflicts:

libavcodec/mjpegdec.c
(cherry picked from commit 32d3acac727f3f4a6489ca129a5ea4ccdfcb34a5)

Conflicts:

libavcodec/mjpegdec.c
(cherry picked from commit 8d8ac60d70aee50d44a3e1d7de276598de041640)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=30e8a375901f8802853fd6d478b77a127d208bd6
---

 libavcodec/mjpegdec.c |   20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 6d0ec63..8a6d50d 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1177,6 +1177,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
 }
 
 if (id == AV_RL32("LJIF")){
+int rgb = s->rgb;
+int pegasus_rct = s->pegasus_rct;
 if (s->avctx->debug & FF_DEBUG_PICT_INFO)
 av_log(s->avctx, AV_LOG_INFO, "Pegasus lossless jpeg header 
found\n");
 skip_bits(&s->gb, 16); /* version ? */
@@ -1185,17 +1187,27 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
 skip_bits(&s->gb, 16); /* unknwon always 0? */
 switch( get_bits(&s->gb, 8)){
 case 1:
-s->rgb= 1;
-s->pegasus_rct=0;
+rgb = 1;
+pegasus_rct = 0;
 break;
 case 2:
-s->rgb= 1;
-s->pegasus_rct=1;
+rgb = 1;
+pegasus_rct = 1;
 break;
 default:
 av_log(s->avctx, AV_LOG_ERROR, "unknown colorspace\n");
 }
+
 len -= 9;
+if (s->got_picture)
+if (rgb != s->rgb || pegasus_rct != s->pegasus_rct) {
+av_log(s->avctx, AV_LOG_WARNING, "Mismatching LJIF tag\n");
+goto out;
+}
+
+s->rgb = rgb;
+s->pegasus_rct = pegasus_rct;
+
 goto out;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/dxa: check dimensions

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Tue Oct 
28 15:26:42 2014 +0100| [f3cdeeb070d4793d98b16a7ad66049e537ab7ba7] | committer: 
Michael Niedermayer

avcodec/dxa: check dimensions

Fixes out of array access
Fixes: asan_heap-oob_11222fb_21_020.dxa
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit e70312dfc22c4e54d5716f28f28db8f99c74cc90)

Conflicts:

libavcodec/dxa.c

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3cdeeb070d4793d98b16a7ad66049e537ab7ba7
---

 libavcodec/dxa.c |5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/dxa.c b/libavcodec/dxa.c
index 807ecd8..7f4321c 100644
--- a/libavcodec/dxa.c
+++ b/libavcodec/dxa.c
@@ -295,6 +295,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
 c->avctx = avctx;
 avctx->pix_fmt = PIX_FMT_PAL8;
 
+if (avctx->width%4 || avctx->height%4) {
+av_log(avctx, AV_LOG_ERROR, "dimensions are not a multiple of 4");
+return AVERROR_INVALIDDATA;
+}
+
 avcodec_get_frame_defaults(&c->pic);
 avcodec_get_frame_defaults(&c->prev);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/qpeg: fix off by 1 error in MV bounds check

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 21:08:52 2014 +0200| [faf293a83af1133e3c54f901d00aadb70e81977f] | committer: 
Michael Niedermayer

avcodec/qpeg: fix off by 1 error in MV bounds check

Fixes out of array access
Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit dd3bfe3cc1ca26d0fff3a3baf61a40207032143f)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=faf293a83af1133e3c54f901d00aadb70e81977f
---

 libavcodec/qpeg.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/qpeg.c b/libavcodec/qpeg.c
index 39d8171..24dfdb6 100644
--- a/libavcodec/qpeg.c
+++ b/libavcodec/qpeg.c
@@ -168,7 +168,7 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t 
*dst, int size,
 
 /* check motion vector */
 if ((me_x + filled < 0) || (me_x + me_w + filled > width) 
||
-   (height - me_y - me_h < 0) || (height - me_y > 
orig_height) ||
+   (height - me_y - me_h < 0) || (height - me_y >= 
orig_height) ||
(filled + me_w > width) || (height - me_h < 0))
 av_log(NULL, AV_LOG_ERROR, "Bogus motion vector 
(%i,%i), block size %ix%i at %i,%i\n",
me_x, me_y, me_w, me_h, filled, height);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/pngdec: Check bits per pixel before setting monoblack pixel format

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 17:35:58 2014 +0200| [7a5590ef4282e19d48d70cba0bc4628c13ec6fd8] | committer: 
Michael Niedermayer

avcodec/pngdec: Check bits per pixel before setting monoblack pixel format

Fixes out of array accesses
Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6)

Conflicts:

libavcodec/pngdec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a5590ef4282e19d48d70cba0bc4628c13ec6fd8
---

 libavcodec/pngdec.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 9afa093..6a49530 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -463,7 +463,7 @@ static int decode_frame(AVCodecContext *avctx,
 } else if (s->bit_depth == 16 &&
s->color_type == PNG_COLOR_TYPE_RGB) {
 avctx->pix_fmt = PIX_FMT_RGB48BE;
-} else if (s->bit_depth == 1) {
+} else if (s->bit_depth == 1 && s->bits_per_pixel == 1) {
 avctx->pix_fmt = PIX_FMT_MONOBLACK;
 } else if (s->bit_depth == 8 &&
s->color_type == PNG_COLOR_TYPE_PALETTE) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] matroska: Fix use after free

[Dale Curtis]

ffmpeg | branch: release/0.7 | Dale Curtis  | Thu Jan 
10 11:05:29 2013 -0800| [c3ece52decafc4923aebe7fd74b274e9ebb1962e] | committer: 
Michael Niedermayer

matroska: Fix use after free

Signed-off-by: Dale Curtis 
Signed-off-by: Luca Barbato 
(cherry picked from commit ae3d41636942cbc0236bad21ad06c65f4eb0f096)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c3ece52decafc4923aebe7fd74b274e9ebb1962e
---

 libavformat/matroskadec.c |1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 2fe1db5..ac91f67 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1676,6 +1676,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext 
*matroska,
  */
 static void matroska_clear_queue(MatroskaDemuxContext *matroska)
 {
+matroska->prev_pkt = NULL;
 if (matroska->packets) {
 int n;
 for (n = 0; n < matroska->num_packets; n++) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/utils: Add case for jv to avcodec_align_dimensions2()

[Michael Niedermayer]

ffmpeg | branch: release/0.7 | Michael Niedermayer  | Fri Oct 
 3 04:30:58 2014 +0200| [cd3c4d8c55222337b0b59af4ea1fecfb46606e5e] | committer: 
Michael Niedermayer

avcodec/utils: Add case for jv to avcodec_align_dimensions2()

Fixes out of array accesses
Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 105654e376a736d243aef4a1d121abebce912e6b)

Conflicts:

libavcodec/utils.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd3c4d8c55222337b0b59af4ea1fecfb46606e5e
---

 libavcodec/utils.c |4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 8eca9c6..27feb53 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -182,6 +182,10 @@ void avcodec_align_dimensions2(AVCodecContext *s, int 
*width, int *height, int l
 w_align = 4;
 h_align = 4;
 }
+if (s->codec_id == CODEC_ID_JV) {
+w_align = 8;
+h_align = 8;
+}
 break;
 case PIX_FMT_BGR24:
 if((s->codec_id == CODEC_ID_MSZH) || (s->codec_id == CODEC_ID_ZLIB)){

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '67142a8c721c7916c9ad2eb439c14d567aeb88c1'

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer  | Thu Mar 12 
00:31:20 2015 +0100| [3bedc99723a3684260441218a6f5bf42e147db12] | committer: 
Michael Niedermayer

Merge commit '67142a8c721c7916c9ad2eb439c14d567aeb88c1'

* commit '67142a8c721c7916c9ad2eb439c14d567aeb88c1':
  roqvideoenc: set enc->avctx in roq_encode_init

See: cf82c426fadf90105e1fb9d5ecd267cc3aa2b288
Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3bedc99723a3684260441218a6f5bf42e147db12
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] roqvideoenc: set enc->avctx in roq_encode_init

[Andreas Cadhalpun]

ffmpeg | branch: master | Andreas Cadhalpun  
| Mon Mar  9 19:24:09 2015 +0100| [67142a8c721c7916c9ad2eb439c14d567aeb88c1] | 
committer: Anton Khirnov

roqvideoenc: set enc->avctx in roq_encode_init

So far it is only set in roq_encode_frame, but it is used in
roq_encode_end to free the coded_frame. This currently segfaults if
roq_encode_frame is not called between roq_encode_init and
roq_encode_end.

CC:libav-sta...@libav.org
Signed-off-by: Andreas Cadhalpun 
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67142a8c721c7916c9ad2eb439c14d567aeb88c1
---

 libavcodec/roqvideoenc.c |2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/roqvideoenc.c b/libavcodec/roqvideoenc.c
index fd651e9..872bee8 100644
--- a/libavcodec/roqvideoenc.c
+++ b/libavcodec/roqvideoenc.c
@@ -992,6 +992,8 @@ static av_cold int roq_encode_init(AVCodecContext *avctx)
 
 av_lfg_init(&enc->randctx, 1);
 
+enc->avctx = avctx;
+
 enc->framesSinceKeyframe = 0;
 if ((avctx->width & 0xf) || (avctx->height & 0xf)) {
 av_log(avctx, AV_LOG_ERROR, "Dimensions must be divisible by 16\n");

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] asfenc: fix leaking asf->index_ptr on error

[Andreas Cadhalpun]

ffmpeg | branch: master | Andreas Cadhalpun  
| Mon Mar  9 19:31:39 2015 +0100| [72211a2af0470799c9611b9c1c7039ab14a34a0a] | 
committer: Anton Khirnov

asfenc: fix leaking asf->index_ptr on error

Signed-off-by: Andreas Cadhalpun 
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=72211a2af0470799c9611b9c1c7039ab14a34a0a
---

 libavformat/asfenc.c |1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/asfenc.c b/libavformat/asfenc.c
index beacd73..39ba3d9 100644
--- a/libavformat/asfenc.c
+++ b/libavformat/asfenc.c
@@ -630,6 +630,7 @@ static int asf_write_header(AVFormatContext *s)
  * It is needed to use asf as a streamable format. */
 if (asf_write_header1(s, 0, DATA_HEADER_SIZE) < 0) {
 //av_free(asf);
+av_freep(&asf->index_ptr);
 return -1;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '72211a2af0470799c9611b9c1c7039ab14a34a0a'

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer  | Thu Mar 12 
00:23:28 2015 +0100| [a277c545b2b507338c02c5c46b17431466da6979] | committer: 
Michael Niedermayer

Merge commit '72211a2af0470799c9611b9c1c7039ab14a34a0a'

* commit '72211a2af0470799c9611b9c1c7039ab14a34a0a':
  asfenc: fix leaking asf->index_ptr on error

See: 2c8cff2be4a044c66e4904efa156dafd0d332d25
Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a277c545b2b507338c02c5c46b17431466da6979
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '212556cd2144659dc6b9d121ddb38cd272bd10ae'

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer  | Thu Mar 12 
00:14:43 2015 +0100| [e197dc04bbc21e0be0b5d92829d4d65d7b62ca63] | committer: 
Michael Niedermayer

Merge commit '212556cd2144659dc6b9d121ddb38cd272bd10ae'

* commit '212556cd2144659dc6b9d121ddb38cd272bd10ae':
  qsv: Improve the log message of when initializing MFX_IMPL_HARDWARE{2, 3, 4}

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e197dc04bbc21e0be0b5d92829d4d65d7b62ca63
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] qsv: Improve the log message of when initializing MFX_IMPL_HARDWARE{2, 3, 4}

[Yukinori Yamazoe]

ffmpeg | branch: master | Yukinori Yamazoe  | Wed Mar 11 
18:04:30 2015 +0900| [212556cd2144659dc6b9d121ddb38cd272bd10ae] | committer: 
Anton Khirnov

qsv: Improve the log message of when initializing MFX_IMPL_HARDWARE{2, 3, 4}

Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=212556cd2144659dc6b9d121ddb38cd272bd10ae
---

 libavcodec/qsv.c |   13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/libavcodec/qsv.c b/libavcodec/qsv.c
index 3b2a75b..eef0604 100644
--- a/libavcodec/qsv.c
+++ b/libavcodec/qsv.c
@@ -117,12 +117,19 @@ static int qsv_init_session(AVCodecContext *avctx, 
QSVContext *q, mfxSession ses
 
 MFXQueryIMPL(q->internal_session, &impl);
 
-if (impl & MFX_IMPL_SOFTWARE)
+switch (MFX_IMPL_BASETYPE(impl)) {
+case MFX_IMPL_SOFTWARE:
 desc = "software";
-else if (impl & MFX_IMPL_HARDWARE)
+break;
+case MFX_IMPL_HARDWARE:
+case MFX_IMPL_HARDWARE2:
+case MFX_IMPL_HARDWARE3:
+case MFX_IMPL_HARDWARE4:
 desc = "hardware accelerated";
-else
+break;
+default:
 desc = "unknown";
+}
 
 av_log(avctx, AV_LOG_VERBOSE,
"Initialized an internal MFX session using %s 
implementation\n",

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '76435f5e40854567252756ea7f788958dd2cc04c' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 23:09:55 2015 +0100| [9575bd6a9d4c9527f09e3d906b338d6c184bafce] | 
committer: Michael Niedermayer

Merge commit '76435f5e40854567252756ea7f788958dd2cc04c' into release/0.10

* commit '76435f5e40854567252756ea7f788958dd2cc04c':
  doc: More changelog updates for v0.8.17

Conflicts:
Changelog

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9575bd6a9d4c9527f09e3d906b338d6c184bafce
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '335ec616cc38ee6206a3acebd46d01aad73d721b' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 23:11:29 2015 +0100| [a0316589e472d9372daf5f5afd1e17a69ded226d] | 
committer: Michael Niedermayer

Merge commit '335ec616cc38ee6206a3acebd46d01aad73d721b' into release/0.10

* commit '335ec616cc38ee6206a3acebd46d01aad73d721b':
  utvideodec: Handle slice_height being zero

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0316589e472d9372daf5f5afd1e17a69ded226d
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '0e810255596070e2c503c5da9001f7087f71de6e' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 23:12:31 2015 +0100| [509239066ad0359ec4183ff49884e010d471f852] | 
committer: Michael Niedermayer

Merge commit '0e810255596070e2c503c5da9001f7087f71de6e' into release/0.10

* commit '0e810255596070e2c503c5da9001f7087f71de6e':
  doc: More changelog updates for v0.8.17

Conflicts:
Changelog

not merged

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=509239066ad0359ec4183ff49884e010d471f852
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] doc: More changelog updates for v0.8.17

[Reinhard Tartler]

ffmpeg | branch: release/0.10 | Reinhard Tartler  | Sun 
Mar  8 22:34:43 2015 -0400| [76435f5e40854567252756ea7f788958dd2cc04c] | 
committer: Reinhard Tartler

doc: More changelog updates for v0.8.17

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=76435f5e40854567252756ea7f788958dd2cc04c
---

 Changelog |3 +++
 1 file changed, 3 insertions(+)

diff --git a/Changelog b/Changelog
index 81cee04..ed35b61 100644
--- a/Changelog
+++ b/Changelog
@@ -3,6 +3,9 @@ releases are sorted from youngest to oldest.
 
 version 0.8.17:
 
+- tiff: Check that there is no aliasing in pixel format selection 
(CVE-2014-8544)
+- rmenc: limit packet size
+- eamad: check for out of bounds read (CID/1257500)
 - h264_cabac: Break infinite loops
 - matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
 - gifdec: refactor interleave end handling (CVE-2014-8547)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] utvideodec: Handle slice_height being zero

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar  4 17:36:14 2015 +| [335ec616cc38ee6206a3acebd46d01aad73d721b] | 
committer: Reinhard Tartler

utvideodec: Handle slice_height being zero

Fixes out of array accesses.

CC: libav-sta...@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-9604
Signed-off-by: Vittorio Giovara 
Signed-off-by: Luca Barbato 
(cherry picked from commit 0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d)
(cherry picked from commit 3a417a86b330b7c1acf9db4f729be7d619caaded)
Signed-off-by: Reinhard Tartler 
(cherry picked from commit e032e647dd79e7748145792dfee0358eccb1982e)
Signed-off-by: Reinhard Tartler 
(cherry picked from commit 789f433bc6376e6e45d41ae491007d482fa1df85)

Conflicts:
libavcodec/utvideodec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=335ec616cc38ee6206a3acebd46d01aad73d721b
---

 libavcodec/utvideo.c |4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/utvideo.c b/libavcodec/utvideo.c
index fdce255..b889ae9 100644
--- a/libavcodec/utvideo.c
+++ b/libavcodec/utvideo.c
@@ -246,6 +246,8 @@ static void restore_median(uint8_t *src, int step, int 
stride,
 for (slice = 0; slice < slices; slice++) {
 slice_start = ((slice * height) / slices) & cmask;
 slice_height = slice + 1) * height) / slices) & cmask) - 
slice_start;
+if (!slice_height)
+continue;
 
 bsrc = src + slice_start * stride;
 
@@ -301,6 +303,8 @@ static void restore_median_il(uint8_t *src, int step, int 
stride,
 slice_start= ((slice * height) / slices) & cmask;
 slice_height   = slice + 1) * height) / slices) & cmask) - 
slice_start;
 slice_height >>= 1;
+if (!slice_height)
+continue;
 
 bsrc = src + slice_start * stride;
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] doc: More changelog updates for v0.8.17

[Reinhard Tartler]

ffmpeg | branch: release/0.10 | Reinhard Tartler  | Mon 
Mar  9 22:11:14 2015 -0400| [0e810255596070e2c503c5da9001f7087f71de6e] | 
committer: Reinhard Tartler

doc: More changelog updates for v0.8.17

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e810255596070e2c503c5da9001f7087f71de6e
---

 Changelog |1 +
 1 file changed, 1 insertion(+)

diff --git a/Changelog b/Changelog
index ed35b61..ecbb6ef 100644
--- a/Changelog
+++ b/Changelog
@@ -3,6 +3,7 @@ releases are sorted from youngest to oldest.
 
 version 0.8.17:
 
+- utvideodec: Handle slice_height being zero (CVE-2014-9604)
 - tiff: Check that there is no aliasing in pixel format selection 
(CVE-2014-8544)
 - rmenc: limit packet size
 - eamad: check for out of bounds read (CID/1257500)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Prepare for 0.8.17 Release

[Reinhard Tartler]

ffmpeg | branch: release/0.10 | Reinhard Tartler  | Sun 
Mar  8 11:29:56 2015 -0400| [aace8b184c867875e2715b2af23fa98886f90427] | 
committer: Reinhard Tartler

Prepare for 0.8.17 Release

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aace8b184c867875e2715b2af23fa98886f90427
---

 RELEASE |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RELEASE b/RELEASE
index ac7dffa..9bba175 100644
--- a/RELEASE
+++ b/RELEASE
@@ -1 +1 @@
-0.8.16
+0.8.17

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Update Changelog for 0.8.17 Release

[Reinhard Tartler]

ffmpeg | branch: release/0.10 | Reinhard Tartler  | Sun 
Mar  8 11:32:09 2015 -0400| [8b1f8fb26bfe6a4cd9f72b962b45643fa331dbe1] | 
committer: Reinhard Tartler

Update Changelog for 0.8.17 Release

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b1f8fb26bfe6a4cd9f72b962b45643fa331dbe1
---

 Changelog |   13 +
 1 file changed, 13 insertions(+)

diff --git a/Changelog b/Changelog
index eb2a983..81cee04 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,19 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 0.8.17:
+
+- h264_cabac: Break infinite loops
+- matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
+- gifdec: refactor interleave end handling (CVE-2014-8547)
+- smc: fix the bounds check (CVE-2014-8548)
+- mmvideo: check frame dimensions (CVE-2014-8543)
+- jvdec: check frame dimensions (CVE-2014-8542)
+- mov: avoid a memleak when multiple stss boxes are present
+- apetag: Fix APE tag size check
+- x86: Only use optimizations with cmov if the CPU supports the instruction
+- x86: Add CPU flag for the i686 cmov instruction
+
 version 0.8.16:
 
 - avcodec: Add more missing #includes for ff_get_buffer()

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] h264_cabac: Break infinite loops

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Thu 
Jan 31 04:20:24 2013 +0100| [d6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b] | 
committer: Vittorio Giovara

h264_cabac: Break infinite loops

This fixes out of array reads and/or infinite loops.

30 is the maximum number of bits that can be read into
coeff_abs below.

CC: libav-sta...@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Martin Storsjö 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b
---

 libavcodec/h264_cabac.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c
index 2ee4bc0..7f86de5 100644
--- a/libavcodec/h264_cabac.c
+++ b/libavcodec/h264_cabac.c
@@ -1719,7 +1719,7 @@ decode_cabac_residual_internal(H264Context *h, DCTELEM 
*block,
 \
 if( coeff_abs >= 15 ) { \
 int j = 0; \
-while( get_cabac_bypass( CC ) ) { \
+while (get_cabac_bypass(CC) && j < 30) { \
 j++; \
 } \
 \

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] tiff: Check that there is no aliasing in pixel format selection

[Anton Khirnov]

ffmpeg | branch: release/0.10 | Anton Khirnov  | Sat Mar  7 
22:06:59 2015 +0100| [ec5b2f6a385959048f780b4e7d3d259dc1fa8421] | committer: 
Reinhard Tartler

tiff: Check that there is no aliasing in pixel format selection

Fixes possible issues with unexpected bpp/bppcount values.

CC: libav-sta...@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
(cherry picked from commit ae5e1f3d663a8c9a532d89e588cbc61f171c9186)
Signed-off-by: Luca Barbato 
(cherry picked from commit eb9041403d820634c45ed4ee98570246a252507a)
Signed-off-by: Reinhard Tartler 
(cherry picked from commit 62b0462e5fa78901380ca229ddb6a7625efd61a2)
Signed-off-by: Reinhard Tartler 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec5b2f6a385959048f780b4e7d3d259dc1fa8421
---

 libavcodec/tiff.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index c0b611f..20f2a47 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -218,6 +218,14 @@ static int init_image(TiffContext *s)
 int i, ret;
 uint32_t *pal;
 
+// make sure there is no aliasing in the following switch
+if (s->bpp >= 100 || s->bppcount >= 10) {
+av_log(s->avctx, AV_LOG_ERROR,
+   "Unsupported image parameters: bpp=%d, bppcount=%d\n",
+   s->bpp, s->bppcount);
+return AVERROR_INVALIDDATA;
+}
+
 switch (s->bpp * 10 + s->bppcount) {
 case 11:
 s->avctx->pix_fmt = PIX_FMT_MONOBLACK;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit 'd6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:37:34 2015 +0100| [60feb8543a568e15228c7d4531a9c665868df97e] | 
committer: Michael Niedermayer

Merge commit 'd6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b' into release/0.10

* commit 'd6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b':
  h264_cabac: Break infinite loops

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=60feb8543a568e15228c7d4531a9c665868df97e
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit 'aace8b184c867875e2715b2af23fa98886f90427' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:39:24 2015 +0100| [7f9527d30fa9e875a088f5da97419afcbc17388d] | 
committer: Michael Niedermayer

Merge commit 'aace8b184c867875e2715b2af23fa98886f90427' into release/0.10

* commit 'aace8b184c867875e2715b2af23fa98886f90427':
  Prepare for 0.8.17 Release

Conflicts:
RELEASE

not merged

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f9527d30fa9e875a088f5da97419afcbc17388d
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] matroskadec: Fix read-after-free in matroska_read_seek()

[Xiaohan Wang]

ffmpeg | branch: release/0.10 | Xiaohan Wang  | Thu Nov  6 
12:59:54 2014 -0800| [51dd54c51aaca909893c9f90a4119e96ff71ffdf] | committer: 
Vittorio Giovara

matroskadec: Fix read-after-free in matroska_read_seek()

In matroska_read_seek(), |tracks| is assigned at the begining of the
function. However, functions like matroska_parse_cues() could reallocate
the tracks and invalidate |tracks|.

This assigns |tracks| only before using it, so that it will not get
invalidated elsewhere.

Bug-Id: chromium/427266

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=51dd54c51aaca909893c9f90a4119e96ff71ffdf
---

 libavformat/matroskadec.c |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 922b258..4dd82d2 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1974,7 +1974,7 @@ static int matroska_read_seek(AVFormatContext *s, int 
stream_index,
   int64_t timestamp, int flags)
 {
 MatroskaDemuxContext *matroska = s->priv_data;
-MatroskaTrack *tracks = matroska->tracks.elem;
+MatroskaTrack *tracks = NULL;
 AVStream *st = s->streams[stream_index];
 int i, index, index_sub, index_min;
 
@@ -2003,6 +2003,7 @@ static int matroska_read_seek(AVFormatContext *s, int 
stream_index,
 return 0;
 
 index_min = index;
+tracks = matroska->tracks.elem;
 for (i=0; i < matroska->tracks.nb_elem; i++) {
 tracks[i].audio.pkt_cnt = 0;
 tracks[i].audio.sub_packet_cnt = 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '8b1f8fb26bfe6a4cd9f72b962b45643fa331dbe1' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:49:09 2015 +0100| [cb4da0405d3453d9a7cf55237a44e8f8939f4be4] | 
committer: Michael Niedermayer

Merge commit '8b1f8fb26bfe6a4cd9f72b962b45643fa331dbe1' into release/0.10

* commit '8b1f8fb26bfe6a4cd9f72b962b45643fa331dbe1':
  Update Changelog for 0.8.17 Release

Conflicts:
Changelog

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb4da0405d3453d9a7cf55237a44e8f8939f4be4
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] eamad: check for out of bounds read

[Federico Tomassetti]

ffmpeg | branch: release/0.10 | Federico Tomassetti  | 
Wed Feb 18 12:11:44 2015 +| [905988fe1a8accbc1ab93120aa4cd29252b81cce] | 
committer: Vittorio Giovara

eamad: check for out of bounds read

Bug-Id: CID 1257500
CC: libav-sta...@libav.org

Signed-off-by: Luca Barbato 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=905988fe1a8accbc1ab93120aa4cd29252b81cce
---

 libavcodec/eamad.c |   14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/libavcodec/eamad.c b/libavcodec/eamad.c
index 0d10982..8c3f357 100644
--- a/libavcodec/eamad.c
+++ b/libavcodec/eamad.c
@@ -138,6 +138,11 @@ static inline void decode_block_intra(MadContext * t, 
DCTELEM * block)
 break;
 } else if (level != 0) {
 i += run;
+if (i > 63) {
+av_log(s->avctx, AV_LOG_ERROR,
+   "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
+return;
+}
 j = scantable[i];
 level = (level*quant_matrix[j]) >> 4;
 level = (level-1)|1;
@@ -152,6 +157,11 @@ static inline void decode_block_intra(MadContext * t, 
DCTELEM * block)
 run = SHOW_UBITS(re, &s->gb, 6)+1; LAST_SKIP_BITS(re, &s->gb, 
6);
 
 i += run;
+if (i > 63) {
+av_log(s->avctx, AV_LOG_ERROR,
+   "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
+return;
+}
 j = scantable[i];
 if (level < 0) {
 level = -level;
@@ -163,10 +173,6 @@ static inline void decode_block_intra(MadContext * t, 
DCTELEM * block)
 level = (level-1)|1;
 }
 }
-if (i > 63) {
-av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", 
s->mb_x, s->mb_y);
-return;
-}
 
 block[j] = level;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '51dd54c51aaca909893c9f90a4119e96ff71ffdf' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:37:11 2015 +0100| [3eaef560a71f63989f105949accf0d023e92ea07] | 
committer: Michael Niedermayer

Merge commit '51dd54c51aaca909893c9f90a4119e96ff71ffdf' into release/0.10

* commit '51dd54c51aaca909893c9f90a4119e96ff71ffdf':
  matroskadec: Fix read-after-free in matroska_read_seek()

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3eaef560a71f63989f105949accf0d023e92ea07
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] rmenc: limit packet size

[Andreas Cadhalpun]

ffmpeg | branch: release/0.10 | Andreas Cadhalpun 
 | Mon Mar  2 16:52:26 2015 +0100| 
[82776caf7993221719eefbe576f851c7e52dfef9] | committer: Vittorio Giovara

rmenc: limit packet size

The chunk size is limited to UINT16_MAX (written by avio_wb16), so make
sure that the packet size is not too large.

Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.

Signed-off-by: Andreas Cadhalpun 
Signed-off-by: Anton Khirnov 
Signed-off-by: Vittorio Giovara 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=82776caf7993221719eefbe576f851c7e52dfef9
---

 libavformat/rmenc.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavformat/rmenc.c b/libavformat/rmenc.c
index 0312d16..94be94a 100644
--- a/libavformat/rmenc.c
+++ b/libavformat/rmenc.c
@@ -44,6 +44,10 @@ typedef struct {
 
 /* in ms */
 #define BUFFER_DURATION 0
+/* the header needs at most 7 + 4 + 12 B */
+#define MAX_HEADER_SIZE (7 + 4 + 12)
+/* UINT16_MAX is the maximal chunk size */
+#define MAX_PACKET_SIZE (UINT16_MAX - MAX_HEADER_SIZE)
 
 
 static void put_str(AVIOContext *s, const char *tag)
@@ -387,6 +391,10 @@ static int rm_write_video(AVFormatContext *s, const 
uint8_t *buf, int size, int
 /* Well, I spent some time finding the meaning of these bits. I am
not sure I understood everything, but it works !! */
 #if 1
+if (size > MAX_PACKET_SIZE) {
+av_log_missing_feature(s, "Muxing packets larger than 64 kB", 0);
+return AVERROR(ENOSYS);
+}
 write_packet_header(s, stream, size + 7 + (size >= 0x4000)*4, key_frame);
 /* bit 7: '1' if final packet of a frame converted in several packets */
 avio_w8(pb, 0x81);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '82776caf7993221719eefbe576f851c7e52dfef9' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:50:45 2015 +0100| [817ed4fae9d0221af12f60309db8b8263e60c9c8] | 
committer: Michael Niedermayer

Merge commit '82776caf7993221719eefbe576f851c7e52dfef9' into release/0.10

* commit '82776caf7993221719eefbe576f851c7e52dfef9':
  rmenc: limit packet size

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=817ed4fae9d0221af12f60309db8b8263e60c9c8
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '905988fe1a8accbc1ab93120aa4cd29252b81cce' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:50:00 2015 +0100| [22377751c9676849ea554b9220870df9dd344f7d] | 
committer: Michael Niedermayer

Merge commit '905988fe1a8accbc1ab93120aa4cd29252b81cce' into release/0.10

* commit '905988fe1a8accbc1ab93120aa4cd29252b81cce':
  eamad: check for out of bounds read

Conflicts:
libavcodec/eamad.c

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22377751c9676849ea554b9220870df9dd344f7d
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit 'ec5b2f6a385959048f780b4e7d3d259dc1fa8421' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:51:05 2015 +0100| [90afa95a55a26bd407604e279f3bb551201ed6d7] | 
committer: Michael Niedermayer

Merge commit 'ec5b2f6a385959048f780b4e7d3d259dc1fa8421' into release/0.10

* commit 'ec5b2f6a385959048f780b4e7d3d259dc1fa8421':
  tiff: Check that there is no aliasing in pixel format selection

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90afa95a55a26bd407604e279f3bb551201ed6d7
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] mmvideo: check frame dimensions

[Anton Khirnov]

ffmpeg | branch: release/0.10 | Anton Khirnov  | Sun Dec 14 
21:01:59 2014 +0100| [fc159ba88ea2dd1fa11e4ab6af8b574fc80db454] | committer: 
Anton Khirnov

mmvideo: check frame dimensions

The frame size must be set by the caller and each dimension must be a
multiple of 2.

CC: libav-sta...@libav.org
Bug-ID: CVE-2014-8543
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 17ba719d9ba30c970f65747f42d5fbb1e447ca28)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 69a930b988ff4f88ae27e4fc24ff6ed116840b5e)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 3f10a779b465fd22d3aec1b744ca8544bc2da970)
Signed-off-by: Anton Khirnov 

Conflicts:
libavcodec/mmvideo.c

(cherry picked from commit 03dba25a4001495226651068232b4c6b1e75fd02)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc159ba88ea2dd1fa11e4ab6af8b574fc80db454
---

 libavcodec/mmvideo.c |7 +++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c
index 660cebc..2698132 100644
--- a/libavcodec/mmvideo.c
+++ b/libavcodec/mmvideo.c
@@ -60,6 +60,13 @@ static av_cold int mm_decode_init(AVCodecContext *avctx)
 
 avctx->pix_fmt = PIX_FMT_PAL8;
 
+if (!avctx->width || !avctx->height ||
+(avctx->width & 1) || (avctx->height & 1)) {
+av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n",
+   avctx->width, avctx->height);
+return AVERROR(EINVAL);
+}
+
 s->frame.reference = 1;
 
 return 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit 'a331e11906b196c9a00f5ffbc45d80fcd7fe8423' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:31:54 2015 +0100| [ed69f0f72edb0d84e8bf27e0c000eb36dce5184c] | 
committer: Michael Niedermayer

Merge commit 'a331e11906b196c9a00f5ffbc45d80fcd7fe8423' into release/0.10

* commit 'a331e11906b196c9a00f5ffbc45d80fcd7fe8423':
  smc: fix the bounds check

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed69f0f72edb0d84e8bf27e0c000eb36dce5184c
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] smc: fix the bounds check

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Fri 
Oct  3 22:50:45 2014 +0200| [a331e11906b196c9a00f5ffbc45d80fcd7fe8423] | 
committer: Anton Khirnov

smc: fix the bounds check

Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-sta...@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov 
(cherry picked from commit d423dd72be451462c6fb1cbbe313bed0194001ab)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 58dc526ebf722d33bf09275c1241674e0e6b9ef1)
Signed-off-by: Anton Khirnov 
(cherry picked from commit f249e9889155599ee3ad0172832d38f68b0c625d)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 306ee95088243fefa2dfcb5c355d439db75e2d2a)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a331e11906b196c9a00f5ffbc45d80fcd7fe8423
---

 libavcodec/smc.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index 2bd3176..257d5da 100644
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -69,7 +69,7 @@ typedef struct SmcContext {
 row_ptr += stride * 4; \
 } \
 total_blocks--; \
-if (total_blocks < 0) \
+if (total_blocks < !!n_blocks) \
 { \
 av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went 
negative (this should not happen)\n"); \
 return; \

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:32:08 2015 +0100| [caedb041a6ab32038a71d970a79f3d9f04111dff] | 
committer: Michael Niedermayer

Merge commit '9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a' into release/0.10

* commit '9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a':
  gifdec: refactor interleave end handling

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=caedb041a6ab32038a71d970a79f3d9f04111dff
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] gifdec: refactor interleave end handling

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Fri 
Oct  3 20:15:52 2014 +0200| [9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a] | 
committer: Anton Khirnov

gifdec: refactor interleave end handling

Fixes invalid writes with very small image heights.

CC: libav-sta...@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov 
(cherry picked from commit 0b39ac6f54505a538c21fe49a626de94c518c903)
Signed-off-by: Anton Khirnov 
(cherry picked from commit eac49477aa95cf727d87d2741ee8e60be59d394b)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 92888e9ed4ea4e761ae953bbe28c85cc658abc8f)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 02de44073a8e116ea177b53081219d32ef135ad8)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a
---

 libavcodec/gifdec.c |   15 +--
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
index 9bac254..4b30e50 100644
--- a/libavcodec/gifdec.c
+++ b/libavcodec/gifdec.c
@@ -125,26 +125,21 @@ static int gif_read_image(GifState *s)
 case 1:
 y1 += 8;
 ptr += linesize * 8;
-if (y1 >= height) {
-y1 = pass ? 2 : 4;
-ptr = ptr1 + linesize * y1;
-pass++;
-}
 break;
 case 2:
 y1 += 4;
 ptr += linesize * 4;
-if (y1 >= height) {
-y1 = 1;
-ptr = ptr1 + linesize;
-pass++;
-}
 break;
 case 3:
 y1 += 2;
 ptr += linesize * 2;
 break;
 }
+while (y1 >= height) {
+y1  = 4 >> pass;
+ptr = ptr1 + linesize * y1;
+pass++;
+}
 } else {
 ptr += linesize;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit 'fc159ba88ea2dd1fa11e4ab6af8b574fc80db454' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:31:40 2015 +0100| [8439378f41e34737499858eff8bafb930aee50ca] | 
committer: Michael Niedermayer

Merge commit 'fc159ba88ea2dd1fa11e4ab6af8b574fc80db454' into release/0.10

* commit 'fc159ba88ea2dd1fa11e4ab6af8b574fc80db454':
  mmvideo: check frame dimensions

Conflicts:
libavcodec/mmvideo.c

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8439378f41e34737499858eff8bafb930aee50ca
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '954aafaa961c32c655ad38fb622e8cbe249ebd5a' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:20:49 2015 +0100| [17f094697db962e2b4b0aba62f31052c54dfb305] | 
committer: Michael Niedermayer

Merge commit '954aafaa961c32c655ad38fb622e8cbe249ebd5a' into release/0.10

* commit '954aafaa961c32c655ad38fb622e8cbe249ebd5a':
  jvdec: check frame dimensions

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=17f094697db962e2b4b0aba62f31052c54dfb305
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '22103315c2a1cb2de336750c50cf6bf7c109220c' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:19:30 2015 +0100| [525689ede90699df29aaa700fb45fd5659d4ce4e] | 
committer: Michael Niedermayer

Merge commit '22103315c2a1cb2de336750c50cf6bf7c109220c' into release/0.10

* commit '22103315c2a1cb2de336750c50cf6bf7c109220c':
  Add some bug references to the changelog

Conflicts:
Changelog

not merged as this isnt the FFmpeg Changelog

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=525689ede90699df29aaa700fb45fd5659d4ce4e
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '0ceb2dffb6ba082a8abcc57c53a14b2512f0aa48' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:20:28 2015 +0100| [522c7c37d23538183d94e960dcb9160441726124] | 
committer: Michael Niedermayer

Merge commit '0ceb2dffb6ba082a8abcc57c53a14b2512f0aa48' into release/0.10

* commit '0ceb2dffb6ba082a8abcc57c53a14b2512f0aa48':
  mov: avoid a memleak when multiple stss boxes are present

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=522c7c37d23538183d94e960dcb9160441726124
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Add some bug references to the changelog

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Tue Sep 16 
03:28:45 2014 -0700| [22103315c2a1cb2de336750c50cf6bf7c109220c] | committer: 
Diego Biurrun

Add some bug references to the changelog

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22103315c2a1cb2de336750c50cf6bf7c109220c
---

 Changelog |8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Changelog b/Changelog
index f9740c1..eb2a983 100644
--- a/Changelog
+++ b/Changelog
@@ -4,7 +4,7 @@ releases are sorted from youngest to oldest.
 version 0.8.16:
 
 - avcodec: Add more missing #includes for ff_get_buffer()
-- ffv1dec: check that global parameters do not change in version 0/1
+- ffv1dec: check that global parameters do not change in version 0/1 
(CVE-2013-7020)
 - arm: dsputil: fix overreads in put/avg_pixels functions
 - arm: dsputil: prettify some conditional instructions in put_pixels macros
 - arm/neon: dsputil: use correct size specifiers on vld1/vst1
@@ -19,11 +19,11 @@ version 0.8.16:
 - svq1enc: Set picture_structure correctly
 - adpcmenc: Calculate the IMA_QT predictor without overflow
 - ffmpeg: Clarify wording of ffmpeg --> avconv deprecation message
-- doc: Fix syntax and logical errors in avconv stream combination example
+- doc: Fix syntax and logical errors in avconv stream combination example 
(libav/661)
 
 version 0.8.15:
 
-- avcodec: Introduce ff_get_buffer
+- avcodec: Introduce ff_get_buffer (CVE-2011-3935)
 - configure: Check for -Werror parameters on clang
 - lavf: Fix leftovers from the ff_get_buffer patch
 
@@ -222,7 +222,7 @@ version 0.8.9:
 - 8bps: Bound-check the input buffer
 - rtmp: Do not misuse memcmp
 - rtmp: rename data_size to size
-- lavc: set the default rc_initial_buffer_occupancy
+- lavc: set the default rc_initial_buffer_occupancy (libav/222, ubuntu/1023408)
 - 4xm: Reject not a multiple of 16 dimension
 - 4xm: do not overread the prestream buffer
 - 4xm: validate the buffer size before parsing it

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] jvdec: check frame dimensions

[Anton Khirnov]

ffmpeg | branch: release/0.10 | Anton Khirnov  | Sun Dec 14 
21:01:59 2014 +0100| [954aafaa961c32c655ad38fb622e8cbe249ebd5a] | committer: 
Anton Khirnov

jvdec: check frame dimensions

The frame size must be set by the caller and each dimension must be a
multiple of 8.

CC: libav-sta...@libav.org
Bug-ID: CVE-2014-8542
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 88626e5af8d006e67189bf10b96b982502a7e8ad)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 55788572ea7b89cdd77bab1cf4bf06d14ead34f5)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 8f238dd9bdd9eba569fcaa564a07fbdd89412a14)
Signed-off-by: Anton Khirnov 

Conflicts:
libavcodec/jvdec.c

(cherry picked from commit 50cb695bf124b0bd4d9e2b3c1bfdd08b35b14438)
Signed-off-by: Anton Khirnov 

Conflicts:
libavcodec/jvdec.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=954aafaa961c32c655ad38fb622e8cbe249ebd5a
---

 libavcodec/jvdec.c |8 
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/jvdec.c b/libavcodec/jvdec.c
index f2c9752..cc05688 100644
--- a/libavcodec/jvdec.c
+++ b/libavcodec/jvdec.c
@@ -42,6 +42,14 @@ static av_cold int decode_init(AVCodecContext *avctx)
 JvContext *s = avctx->priv_data;
 avctx->pix_fmt = PIX_FMT_PAL8;
 dsputil_init(&s->dsp, avctx);
+
+if (!avctx->width || !avctx->height ||
+(avctx->width & 7) || (avctx->height & 7)) {
+av_log(avctx, AV_LOG_ERROR, "Invalid video dimensions: %dx%d\n",
+   avctx->width, avctx->height);
+return AVERROR(EINVAL);
+}
+
 return 0;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] mov: avoid a memleak when multiple stss boxes are present

[Anton Khirnov]

ffmpeg | branch: release/0.10 | Anton Khirnov  | Tue Aug 12 
14:39:10 2014 +| [0ceb2dffb6ba082a8abcc57c53a14b2512f0aa48] | committer: 
Anton Khirnov

mov: avoid a memleak when multiple stss boxes are present

CC: libav-sta...@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 64f7575fbd64e5b65d5c644347408588c776f1fe)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 577f1feb3fd1e51fd14af7ce6d79d468faa3b929)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 931f5b235112f1c2a09dead36f0a228061d23942)
Signed-off-by: Anton Khirnov 
(cherry picked from commit 93f919d0b4c4341ccee366c98ac9af813f8fe622)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ceb2dffb6ba082a8abcc57c53a14b2512f0aa48
---

 libavformat/mov.c |1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index d59a66e..a1de652 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1523,6 +1523,7 @@ static int mov_read_stss(MOVContext *c, AVIOContext *pb, 
MOVAtom atom)
 return 0;
 if (entries >= UINT_MAX / sizeof(int))
 return AVERROR_INVALIDDATA;
+av_freep(&sc->keyframes);
 sc->keyframes = av_malloc(entries * sizeof(int));
 if (!sc->keyframes)
 return AVERROR(ENOMEM);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '8637f4edeee1a6bd18bc90740fafadd3e1b412aa' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:04:04 2015 +0100| [a19a10a53e4a2d83320da8d15e6266d98330b80d] | 
committer: Michael Niedermayer

Merge commit '8637f4edeee1a6bd18bc90740fafadd3e1b412aa' into release/0.10

* commit '8637f4edeee1a6bd18bc90740fafadd3e1b412aa':
  x86: Add CPU flag for the i686 cmov instruction

Conflicts:
doc/APIchanges
libavutil/avutil.h

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a19a10a53e4a2d83320da8d15e6266d98330b80d
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] x86: Only use optimizations with cmov if the CPU supports the instruction

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Tue Jun 19 
12:55:10 2012 +0200| [893b353362bc220280efd8d14c4878a1cafe18a8] | committer: 
Diego Biurrun

x86: Only use optimizations with cmov if the CPU supports the instruction

Also fill in missing hash for AV_CPU_FLAG_CMOV addition in APIChanges.

(cherry picked from commit fe07c9c6b5a870b8f2ffcfac649228b4d76e9505)
Signed-off-by: Diego Biurrun 

Conflicts:
libavcodec/x86/dsputil_mmx.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=893b353362bc220280efd8d14c4878a1cafe18a8
---

 doc/APIchanges   |2 +-
 libavcodec/x86/dsputil_mmx.c |3 ++-
 libavcodec/x86/h264_intrapred_init.c |3 ++-
 libavcodec/x86/h264dsp_mmx.c |3 ++-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/doc/APIchanges b/doc/APIchanges
index a9524cc..7c95af2 100644
--- a/doc/APIchanges
+++ b/doc/APIchanges
@@ -13,7 +13,7 @@ libavutil:   2011-04-18
 
 API changes, most recent first:
 
-2014-09-16 - xxx - lavu 51.22.3 - cpu.h
+2014-09-16 - 8637f4e - lavu 51.22.3 - cpu.h
   Add AV_CPU_FLAG_CMOV.
 
 2012-03-04 - 7f3f855 - lavu 51.22.1 - error.h
diff --git a/libavcodec/x86/dsputil_mmx.c b/libavcodec/x86/dsputil_mmx.c
index e34b95b..81472bb 100644
--- a/libavcodec/x86/dsputil_mmx.c
+++ b/libavcodec/x86/dsputil_mmx.c
@@ -2683,7 +2683,8 @@ void dsputil_init_mmx(DSPContext* c, AVCodecContext 
*avctx)
 c->add_hfyu_median_prediction = ff_add_hfyu_median_prediction_mmx2;
 #endif
 #if HAVE_7REGS
-if (HAVE_AMD3DNOW && (mm_flags & AV_CPU_FLAG_3DNOW))
+if (HAVE_AMD3DNOW && (mm_flags & AV_CPU_FLAG_3DNOW) &&
+(mm_flags & AV_CPU_FLAG_CMOV))
 c->add_hfyu_median_prediction = 
add_hfyu_median_prediction_cmov;
 #endif
 
diff --git a/libavcodec/x86/h264_intrapred_init.c 
b/libavcodec/x86/h264_intrapred_init.c
index 223dbde..70a4c1e 100644
--- a/libavcodec/x86/h264_intrapred_init.c
+++ b/libavcodec/x86/h264_intrapred_init.c
@@ -188,7 +188,8 @@ void ff_h264_pred_init_x86(H264PredContext *h, int 
codec_id, const int bit_depth
 if (chroma_format_idc <= 1)
 h->pred8x8  [PLANE_PRED8x8] = ff_pred8x8_plane_mmx;
 if (codec_id == CODEC_ID_SVQ3) {
-h->pred16x16[PLANE_PRED8x8] = ff_pred16x16_plane_svq3_mmx;
+if (mm_flags & AV_CPU_FLAG_CMOV)
+h->pred16x16[PLANE_PRED8x8] = 
ff_pred16x16_plane_svq3_mmx;
 } else if (codec_id == CODEC_ID_RV40) {
 h->pred16x16[PLANE_PRED8x8] = ff_pred16x16_plane_rv40_mmx;
 } else {
diff --git a/libavcodec/x86/h264dsp_mmx.c b/libavcodec/x86/h264dsp_mmx.c
index f5ae4dc..19b3a4b 100644
--- a/libavcodec/x86/h264dsp_mmx.c
+++ b/libavcodec/x86/h264dsp_mmx.c
@@ -361,7 +361,8 @@ void ff_h264dsp_init_x86(H264DSPContext *c, const int 
bit_depth, const int chrom
 if (chroma_format_idc <= 1)
 c->h264_idct_add8   = ff_h264_idct_add8_8_mmx;
 c->h264_idct_add16intra = ff_h264_idct_add16intra_8_mmx;
-c->h264_luma_dc_dequant_idct= ff_h264_luma_dc_dequant_idct_mmx;
+if (mm_flags & AV_CPU_FLAG_CMOV)
+c->h264_luma_dc_dequant_idct = ff_h264_luma_dc_dequant_idct_mmx;
 
 if (mm_flags & AV_CPU_FLAG_MMX2) {
 c->h264_idct_dc_add= ff_h264_idct_dc_add_8_mmx2;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '893b353362bc220280efd8d14c4878a1cafe18a8' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 22:04:41 2015 +0100| [c388db185c8034d8cb00cb83e61dbc8d2805628f] | 
committer: Michael Niedermayer

Merge commit '893b353362bc220280efd8d14c4878a1cafe18a8' into release/0.10

* commit '893b353362bc220280efd8d14c4878a1cafe18a8':
  x86: Only use optimizations with cmov if the CPU supports the instruction

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c388db185c8034d8cb00cb83e61dbc8d2805628f
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] apetag: Fix APE tag size check

[Katerina Barone-Adesi]

ffmpeg | branch: release/0.10 | Katerina Barone-Adesi  | 
Tue Sep 16 01:40:24 2014 +0200| [b989bb7adee0f3286dcaa63c5cd0753eac45f6be] | 
committer: Diego Biurrun

apetag: Fix APE tag size check

The size variable is (correctly) unsigned, but is passed to several functions
which take signed parameters, such as avio_read, sometimes after having
numbers added to it. So ensure that size remains within the bounds that
these functions can handle.

(cherry picked from commit 56ac2cbd0464e0146e62c91843e2b1f5e0908504)
Signed-off-by: Diego Biurrun 

Conflicts:
libavformat/apetag.c

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b989bb7adee0f3286dcaa63c5cd0753eac45f6be
---

 libavformat/apetag.c |6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/apetag.c b/libavformat/apetag.c
index 2390bfa..41ba054 100644
--- a/libavformat/apetag.c
+++ b/libavformat/apetag.c
@@ -51,8 +51,10 @@ static int ape_tag_read_field(AVFormatContext *s)
 av_log(s, AV_LOG_WARNING, "Invalid APE tag key '%s'.\n", key);
 return -1;
 }
-if (size >= UINT_MAX)
-return -1;
+if (size > INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) {
+av_log(s, AV_LOG_ERROR, "APE tag size too large.\n");
+return AVERROR_INVALIDDATA;
+}
 value = av_malloc(size+1);
 if (!value)
 return AVERROR(ENOMEM);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] x86: Add CPU flag for the i686 cmov instruction

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Tue Jun 19 
22:55:26 2012 +0200| [8637f4edeee1a6bd18bc90740fafadd3e1b412aa] | committer: 
Diego Biurrun

x86: Add CPU flag for the i686 cmov instruction

(cherry picked from commit 65345a5a30a0e866b6944c0e6184be3feca04335)
Signed-off-by: Diego Biurrun 

Conflicts:
libavutil/cpu.c
libavutil/cpu.h

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8637f4edeee1a6bd18bc90740fafadd3e1b412aa
---

 doc/APIchanges  |3 +++
 libavutil/avutil.h  |2 +-
 libavutil/cpu.c |1 +
 libavutil/cpu.h |1 +
 libavutil/x86/cpu.c |2 ++
 5 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/APIchanges b/doc/APIchanges
index 0b9cdac..a9524cc 100644
--- a/doc/APIchanges
+++ b/doc/APIchanges
@@ -13,6 +13,9 @@ libavutil:   2011-04-18
 
 API changes, most recent first:
 
+2014-09-16 - xxx - lavu 51.22.3 - cpu.h
+  Add AV_CPU_FLAG_CMOV.
+
 2012-03-04 - 7f3f855 - lavu 51.22.1 - error.h
   Add AVERROR_UNKNOWN
 
diff --git a/libavutil/avutil.h b/libavutil/avutil.h
index 605be62..0d30538 100644
--- a/libavutil/avutil.h
+++ b/libavutil/avutil.h
@@ -155,7 +155,7 @@
 
 #define LIBAVUTIL_VERSION_MAJOR 51
 #define LIBAVUTIL_VERSION_MINOR 22
-#define LIBAVUTIL_VERSION_MICRO  2
+#define LIBAVUTIL_VERSION_MICRO  3
 
 #define LIBAVUTIL_VERSION_INT   AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \
LIBAVUTIL_VERSION_MINOR, \
diff --git a/libavutil/cpu.c b/libavutil/cpu.c
index 25895d6..60d0e14 100644
--- a/libavutil/cpu.c
+++ b/libavutil/cpu.c
@@ -64,6 +64,7 @@ static const struct {
 { AV_CPU_FLAG_FMA4,  "fma4"   },
 { AV_CPU_FLAG_3DNOW, "3dnow"  },
 { AV_CPU_FLAG_3DNOWEXT,  "3dnowext"   },
+{ AV_CPU_FLAG_CMOV,  "cmov"   },
 #endif
 { 0 }
 };
diff --git a/libavutil/cpu.h b/libavutil/cpu.h
index df7bf44..e535580 100644
--- a/libavutil/cpu.h
+++ b/libavutil/cpu.h
@@ -41,6 +41,7 @@
 #define AV_CPU_FLAG_XOP  0x0400 ///< Bulldozer XOP functions
 #define AV_CPU_FLAG_FMA4 0x0800 ///< Bulldozer FMA4 functions
 #define AV_CPU_FLAG_IWMMXT   0x0100 ///< XScale IWMMXT
+#define AV_CPU_FLAG_CMOV 0x1000 ///< i686 cmov
 #define AV_CPU_FLAG_ALTIVEC  0x0001 ///< standard
 
 /**
diff --git a/libavutil/x86/cpu.c b/libavutil/x86/cpu.c
index 2424fe4..b87d3a3 100644
--- a/libavutil/x86/cpu.c
+++ b/libavutil/x86/cpu.c
@@ -83,6 +83,8 @@ int ff_get_cpu_flags_x86(void)
 cpuid(1, eax, ebx, ecx, std_caps);
 family = ((eax>>8)&0xf) + ((eax>>20)&0xff);
 model  = ((eax>>4)&0xf) + ((eax>>12)&0xf0);
+if (std_caps & (1 << 15))
+rval |= AV_CPU_FLAG_CMOV;
 if (std_caps & (1<<23))
 rval |= AV_CPU_FLAG_MMX;
 if (std_caps & (1<<25))

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit 'c6af9e944ebeb336f6520f59afaebb62392fb026' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 21:55:54 2015 +0100| [efdca97cf10450599c1cace171abe897fadfa25d] | 
committer: Michael Niedermayer

Merge commit 'c6af9e944ebeb336f6520f59afaebb62392fb026' into release/0.10

* commit 'c6af9e944ebeb336f6520f59afaebb62392fb026':
  Update Changelog for v0.8.16
  Prepare for 0.8.16 release
  Update Changelog for v0.8.15

Conflicts:
Changelog
RELEASE

not merged

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=efdca97cf10450599c1cace171abe897fadfa25d
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] doc: Fix syntax and logical errors in avconv stream combination example

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Wed Sep 10 
18:38:15 2014 +0200| [f661006f235fa58bc756610cdc76c662ac0fab5f] | committer: 
Diego Biurrun

doc: Fix syntax and logical errors in avconv stream combination example

Bug-Id: 661
CC: libav-sta...@libav.org
(cherry picked from commit 775a0b04f0cf8102fe322b2ee03fe1a0633dea04)
Signed-off-by: Diego Biurrun 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f661006f235fa58bc756610cdc76c662ac0fab5f
---

 doc/avconv.texi |6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/avconv.texi b/doc/avconv.texi
index 0a83326..aed16ce 100644
--- a/doc/avconv.texi
+++ b/doc/avconv.texi
@@ -1021,11 +1021,11 @@ only formats accepting a normal integer are suitable.
 You can put many streams of the same type in the output:
 
 @example
-avconv -i test1.avi -i test2.avi -map 0.3 -map 0.2 -map 0.1 -map 0.0 -c copy 
test12.nut
+avconv -i test1.avi -i test2.avi -map 1:1 -map 1:0 -map 0:1 -map 0:0 -c copy 
-y test12.nut
 @end example
 
-The resulting output file @file{test12.avi} will contain first four streams 
from
-the input file in reverse order.
+The resulting output file @file{test12.nut} will contain the first four streams
+from the input files in reverse order.
 
 @end itemize
 @c man end EXAMPLES

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Update Changelog for v0.8.16

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Wed Sep 10 
12:46:05 2014 -0700| [c6af9e944ebeb336f6520f59afaebb62392fb026] | committer: 
Diego Biurrun

Update Changelog for v0.8.16

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c6af9e944ebeb336f6520f59afaebb62392fb026
---

 Changelog |   20 
 1 file changed, 20 insertions(+)

diff --git a/Changelog b/Changelog
index bc21035..f9740c1 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,26 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 0.8.16:
+
+- avcodec: Add more missing #includes for ff_get_buffer()
+- ffv1dec: check that global parameters do not change in version 0/1
+- arm: dsputil: fix overreads in put/avg_pixels functions
+- arm: dsputil: prettify some conditional instructions in put_pixels macros
+- arm/neon: dsputil: use correct size specifiers on vld1/vst1
+- vp8: avoid race condition on segment map.
+- nutdec: Remove unused and broken debug function stub
+- h264_refs: Fix debug tprintf argument types
+- swscale: Remove two bogus asserts
+- elbg: Fix an assert
+- mpegvideo: remove last_picture_ptr / h264 assert.
+- parser: Don't use pc as context for av_dlog
+- h264: Remove an assert on current_picture_ptr being null
+- svq1enc: Set picture_structure correctly
+- adpcmenc: Calculate the IMA_QT predictor without overflow
+- ffmpeg: Clarify wording of ffmpeg --> avconv deprecation message
+- doc: Fix syntax and logical errors in avconv stream combination example
+
 version 0.8.15:
 
 - avcodec: Introduce ff_get_buffer

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Update Changelog for v0.8.15

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Wed Sep 10 
12:42:12 2014 -0700| [e9e7646379f985d4bbeb02779fb969b8d5cad728] | committer: 
Diego Biurrun

Update Changelog for v0.8.15

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e9e7646379f985d4bbeb02779fb969b8d5cad728
---

 Changelog |6 ++
 1 file changed, 6 insertions(+)

diff --git a/Changelog b/Changelog
index cb0565c..bc21035 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,12 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 0.8.15:
+
+- avcodec: Introduce ff_get_buffer
+- configure: Check for -Werror parameters on clang
+- lavf: Fix leftovers from the ff_get_buffer patch
+
 version 0.8.14:
 
 - vp3: Copy all 3 frames for thread updates (CVE-2011-3934)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit 'f661006f235fa58bc756610cdc76c662ac0fab5f' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 21:54:41 2015 +0100| [9ba0719244bf626e817e56c9aad0272ca55b0484] | 
committer: Michael Niedermayer

Merge commit 'f661006f235fa58bc756610cdc76c662ac0fab5f' into release/0.10

* commit 'f661006f235fa58bc756610cdc76c662ac0fab5f':
  doc: Fix syntax and logical errors in avconv stream combination example

Conflicts:
doc/avconv.texi

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9ba0719244bf626e817e56c9aad0272ca55b0484
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Prepare for 0.8.16 release

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Wed Sep 10 
12:43:08 2014 -0700| [992da6b76c6119292bb7e96b66a937a032997804] | committer: 
Diego Biurrun

Prepare for 0.8.16 release

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=992da6b76c6119292bb7e96b66a937a032997804
---

 RELEASE |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RELEASE b/RELEASE
index 7d87d99..ac7dffa 100644
--- a/RELEASE
+++ b/RELEASE
@@ -1 +1 @@
-0.8.15
+0.8.16

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '554fd5cd630073b8273aa044a6bdfd6f608209e9' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 21:50:29 2015 +0100| [8e37603ac9612448b9dbe64a9988e489d961caee] | 
committer: Michael Niedermayer

Merge commit '554fd5cd630073b8273aa044a6bdfd6f608209e9' into release/0.10

* commit '554fd5cd630073b8273aa044a6bdfd6f608209e9':
  ffmpeg: Clarify wording of ffmpeg --> avconv deprecation message

Conflicts:
ffmpeg.c

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e37603ac9612448b9dbe64a9988e489d961caee
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] adpcmenc: Calculate the IMA_QT predictor without overflow

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Tue 
Sep  4 14:02:30 2012 +0300| [2deac60a387409dcbc7b37a8c30de89c7aeb58ac] | 
committer: Diego Biurrun

adpcmenc: Calculate the IMA_QT predictor without overflow

Previously, the value given to put_bits was 10 bits long for positive
predictors, even though 9 bits were to be written. The extra bit could
in some cases overwrite existing bits in the bitstream writer cache.

This fixes a failed assert in put_bits.h, when running a version
built with -DDEBUG.

The fate test result gets slightly improved, thanks to getting rid
of the overwritten bits in the bitstream writer cache.

Signed-off-by: Martin Storsjö 
(cherry picked from commit aa264da5bf6a3d82a47abba4cfcfa629dd1f3daa)
Signed-off-by: Diego Biurrun 

Conflicts:
tests/ref/fate/acodec-adpcm-ima_qt

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2deac60a387409dcbc7b37a8c30de89c7aeb58ac
---

 libavcodec/adpcmenc.c |2 +-
 tests/ref/acodec/adpcm_ima_qt |6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/adpcmenc.c b/libavcodec/adpcmenc.c
index 9697f82..c88a5da 100644
--- a/libavcodec/adpcmenc.c
+++ b/libavcodec/adpcmenc.c
@@ -550,7 +550,7 @@ static int adpcm_encode_frame(AVCodecContext *avctx,
 init_put_bits(&pb, dst, buf_size * 8);
 
 for (ch = 0; ch < avctx->channels; ch++) {
-put_bits(&pb, 9, (c->status[ch].prev_sample + 0x1) >> 7);
+put_bits(&pb, 9, (c->status[ch].prev_sample & 0x) >> 7);
 put_bits(&pb, 7,  c->status[ch].step_index);
 if (avctx->trellis > 0) {
 uint8_t buf[64];
diff --git a/tests/ref/acodec/adpcm_ima_qt b/tests/ref/acodec/adpcm_ima_qt
index c1db43f..a50c30a 100644
--- a/tests/ref/acodec/adpcm_ima_qt
+++ b/tests/ref/acodec/adpcm_ima_qt
@@ -1,4 +1,4 @@
-057d27978b35888776512e4e9669a63b *./tests/data/acodec/adpcm_qt.aiff
+23cbae1182e150ebf28e0abfb9cba127 *./tests/data/acodec/adpcm_qt.aiff
 281252 ./tests/data/acodec/adpcm_qt.aiff
-169c40435c68d50112c9c61fc67e446d *./tests/data/adpcm_ima_qt.acodec.out.wav
-stddev:  918.61 PSNR: 37.07 MAXDIFF:34029 bytes:  1058560/  1058400
+b0fafd002c38fb70acaddfda1a31ed61 *./tests/data/adpcm_ima_qt.acodec.out.wav
+stddev:  904.76 PSNR: 37.20 MAXDIFF:34029 bytes:  1058560/  1058400

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Merge commit '3eed35addb461c42471e0367bb6cd68d8ffd3aec' into release/0.10

[Michael Niedermayer]

ffmpeg | branch: release/0.10 | Michael Niedermayer  | Wed 
Mar 11 21:49:26 2015 +0100| [82c8abb34f13422b8302329f70f5399549a82b32] | 
committer: Michael Niedermayer

Merge commit '3eed35addb461c42471e0367bb6cd68d8ffd3aec' into release/0.10

* commit '3eed35addb461c42471e0367bb6cd68d8ffd3aec':
  svq1enc: Set picture_structure correctly

Merged-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=82c8abb34f13422b8302329f70f5399549a82b32
---



___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] ffmpeg: Clarify wording of ffmpeg --> avconv deprecation message

[Diego Biurrun]

ffmpeg | branch: release/0.10 | Diego Biurrun  | Wed Aug 20 
10:50:33 2014 -0700| [554fd5cd630073b8273aa044a6bdfd6f608209e9] | committer: 
Diego Biurrun

ffmpeg: Clarify wording of ffmpeg --> avconv deprecation message

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=554fd5cd630073b8273aa044a6bdfd6f608209e9
---

 ffmpeg.c |8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ffmpeg.c b/ffmpeg.c
index f61de33..1069c3e 100644
--- a/ffmpeg.c
+++ b/ffmpeg.c
@@ -4376,9 +4376,11 @@ int main(int argc, char **argv)
 
 show_banner();
 
-av_log(NULL, AV_LOG_WARNING, "This program is not developed anymore and is 
only "
- "provided for compatibility. Use avconv 
instead "
- "(see Changelog for the list of incompatible 
changes).\n");
+av_log(NULL, AV_LOG_WARNING,
+   "The ffmpeg program is only provided for script compatibility and 
will be removed\n"
+   "in a future release. It has been deprecated in the Libav project 
to allow for\n"
+   "incompatible command line syntax improvements in its replacement 
called avconv\n"
+   "(see Changelog for details). Please use avconv instead.\n");
 
 /* parse options */
 parse_options(NULL, argc, argv, options, opt_output_file);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog