[FFmpeg-cvslog] avcodec/ffv1dec: Fix off by 1 error in quant_table_count check

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Sat Sep 26 13:20:59 2015 +0200| [a2a93b0a8f5d77e244cbdbac2724855b217c29e6] | 
committer: Michael Niedermayer

avcodec/ffv1dec: Fix off by 1 error in quant_table_count check

Fixes: invalid_read.nut
Found-by: Paul B Mahol 

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 2d221d9e069e6269cb41f3678f2734800171d87b)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2a93b0a8f5d77e244cbdbac2724855b217c29e6
---

 libavcodec/ffv1dec.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 475b1ad..0ca58f4 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -306,7 +306,7 @@ static int decode_slice_header(FFV1Context *f, FFV1Context 
*fs)
 for (i = 0; i < f->plane_count; i++) {
 PlaneContext * const p = &fs->plane[i];
 int idx = get_symbol(c, state, 0);
-if (idx > (unsigned)f->quant_table_count) {
+if (idx >= (unsigned)f->quant_table_count) {
 av_log(f->avctx, AV_LOG_ERROR, "quant_table_index out of range\n");
 return -1;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/httpauth: Add space after commas in HTTP/RTSP auth header

2015-12-06 Thread Andrey Utkin 
ffmpeg | branch: release/2.4 | Andrey Utkin  
| Thu Oct  1 13:56:31 2015 +0300| [eaf03fa8304c7a9ace12f203811641efd64c0c0f] | 
committer: Michael Niedermayer

avformat/httpauth: Add space after commas in HTTP/RTSP auth header

This fixes access to Grandstream cameras, which return 401 to ffmpeg
otherwise.
VLC sends Authorization: header with spaces between parameters, and it
is known to work with Grandstream devices and broad range of other HTTP
and RTSP servers, so author considers switching to such behaviour safe.
Just for record - RFC 2617 (HTTP Auth) does not specify the need in
spaces, so this is not a bug of FFmpeg.

Signed-off-by: Michael Niedermayer 
(cherry picked from commit fdb32838723effb4560a345013387ea37b85ff20)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eaf03fa8304c7a9ace12f203811641efd64c0c0f
---

 libavformat/httpauth.c |   18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c
index dbe3eff..18cf36b 100644
--- a/libavformat/httpauth.c
+++ b/libavformat/httpauth.c
@@ -220,21 +220,21 @@ static char *make_digest_auth(HTTPAuthState *state, const 
char *username,
 
 /* TODO: Escape the quoted strings properly. */
 av_strlcatf(authstr, len, "username=\"%s\"",   username);
-av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm);
-av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce);
-av_strlcatf(authstr, len, ",uri=\"%s\"",   uri);
-av_strlcatf(authstr, len, ",response=\"%s\"",  response);
+av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm);
+av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce);
+av_strlcatf(authstr, len, ", uri=\"%s\"",   uri);
+av_strlcatf(authstr, len, ", response=\"%s\"",  response);
 
 // we are violating the RFC and use "" because all others seem to do that 
too.
 if (digest->algorithm[0])
-av_strlcatf(authstr, len, ",algorithm=\"%s\"",  digest->algorithm);
+av_strlcatf(authstr, len, ", algorithm=\"%s\"",  digest->algorithm);
 
 if (digest->opaque[0])
-av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque);
+av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque);
 if (digest->qop[0]) {
-av_strlcatf(authstr, len, ",qop=\"%s\"",digest->qop);
-av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce);
-av_strlcatf(authstr, len, ",nc=%s", nc);
+av_strlcatf(authstr, len, ", qop=\"%s\"",digest->qop);
+av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce);
+av_strlcatf(authstr, len, ", nc=%s", nc);
 }
 
 av_strlcatf(authstr, len, "\r\n");

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/mov: Fix integer overflow in FFABS

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Thu Sep  3 09:20:23 2015 +0200| [79b16c6e5e2f29b48a562f3829800909b8d398d6] | 
committer: Michael Niedermayer

avformat/mov: Fix integer overflow in FFABS

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 053e80f6eaf8d87521fe58ea96886b6ee0bbe59d)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79b16c6e5e2f29b48a562f3829800909b8d398d6
---

 libavformat/mov.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 3973081..6f46dbb 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2083,7 +2083,7 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, 
MOVAtom atom)
 av_dlog(c->fc, "count=%d, duration=%d\n",
 count, duration);
 
-if (FFABS(duration) > (1<<28) && i+2fc, AV_LOG_WARNING, "CTTS invalid\n");
 av_freep(&sc->ctts_data);
 sc->ctts_count = 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Tue Sep 29 13:08:48 2015 +0200| [71fc26403f14ea34978b5efe4dd828248167ab09] | 
committer: Michael Niedermayer

avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise

Fixes crash
Fixes: flicker-1.scout3d21443372922.28.m4a

Found-by: Dale Curtis 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 1b82b934a166e60f64e966eaa97512ba9dcb615b)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71fc26403f14ea34978b5efe4dd828248167ab09
---

 libavcodec/x86/sbrdsp.asm |1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/x86/sbrdsp.asm b/libavcodec/x86/sbrdsp.asm
index 6f2e4f4..f7f7fe9 100644
--- a/libavcodec/x86/sbrdsp.asm
+++ b/libavcodec/x86/sbrdsp.asm
@@ -381,6 +381,7 @@ apply_noise_main:
 %else
 %define count m_maxq
 %endif
+movsxdifnidnnoiseq, noised
 decnoiseq
 shlcount, 2
 %ifdef PIC

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/g2meet: Fix potential overflow in tile dimensions check

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Fri Sep  4 12:10:02 2015 +0200| [47b6ea314df6df4021690a98616d3fa73e07d0df] | 
committer: Michael Niedermayer

avcodec/g2meet: Fix potential overflow in tile dimensions check

Fixes CID1322351

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 71ec8e1ed6cf4947e204e3e4b5929a44c054f5fb)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=47b6ea314df6df4021690a98616d3fa73e07d0df
---

 libavcodec/g2meet.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index d0cb88c..302dc9d 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -738,7 +738,7 @@ static int g2m_decode_frame(AVCodecContext *avctx, void 
*data,
 c->tile_height = bytestream2_get_be32(&bc);
 if (c->tile_width <= 0 || c->tile_height <= 0 ||
 ((c->tile_width | c->tile_height) & 0xF) ||
-c->tile_width * 4LL * c->tile_height >= INT_MAX
+c->tile_width * (uint64_t)c->tile_height >= INT_MAX / 4
 ) {
 av_log(avctx, AV_LOG_ERROR,
"Invalid tile dimensions %dx%d\n",

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.

2015-12-06 Thread Simon Thelen 
ffmpeg | branch: release/2.4 | Simon Thelen  | Fri Sep 11 
21:49:07 2015 +0200| [c6769b6d56bea1548a1c0167fdc322991bd46e50] | committer: 
Michael Niedermayer

lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.

Not requiring this can end up producing hilariously broken files
together with -c:s copy (e.g. a webvtt file containing binary subtitle data).

Signed-off-by: Simon Thelen 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b84232694ef0c6897e82b52326c9ea4027c69ec4)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c6769b6d56bea1548a1c0167fdc322991bd46e50
---

 libavformat/webvttenc.c |6 ++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/webvttenc.c b/libavformat/webvttenc.c
index b93993d..c386538 100644
--- a/libavformat/webvttenc.c
+++ b/libavformat/webvttenc.c
@@ -46,8 +46,14 @@ static void webvtt_write_time(AVIOContext *pb, int64_t 
millisec)
 static int webvtt_write_header(AVFormatContext *ctx)
 {
 AVStream *s = ctx->streams[0];
+AVCodecContext *avctx = ctx->streams[0]->codec;
 AVIOContext *pb = ctx->pb;
 
+if (ctx->nb_streams != 1 || avctx->codec_id != AV_CODEC_ID_WEBVTT) {
+av_log(ctx, AV_LOG_ERROR, "Exactly one WebVTT stream is needed.\n");
+return AVERROR(EINVAL);
+}
+
 avpriv_set_pts_info(s, 64, 1, 1000);
 
 avio_printf(pb, "WEBVTT\n");

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Fri Sep 11 13:28:51 2015 +0200| [7cdd319b01cfacc5ab07744ee3422a46b6f2c754] | 
committer: Michael Niedermayer

avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 055e56e9f76da3298f1b59bf5ea46f570e844600)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7cdd319b01cfacc5ab07744ee3422a46b6f2c754
---

 libavcodec/mjpegdec.c |9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index c2a92fa..4a78625 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -946,7 +946,14 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, 
int nb_components, int p
 skip_bits(&s->gb, 16); /* skip RSTn */
 }
 }
-if (s->nb_components == 4) {
+if (s->rct && s->nb_components == 4) {
+for (mb_x = 0; mb_x < s->mb_width; mb_x++) {
+ptr[4*mb_x + 2] = buffer[mb_x][0] - ((buffer[mb_x][1] + 
buffer[mb_x][2] - 0x200) >> 2);
+ptr[4*mb_x + 1] = buffer[mb_x][1] + ptr[4*mb_x + 2];
+ptr[4*mb_x + 3] = buffer[mb_x][2] + ptr[4*mb_x + 2];
+ptr[4*mb_x + 0] = buffer[mb_x][3];
+}
+} else if (s->nb_components == 4) {
 for(i=0; icomp_index[i];
 if (s->bits <= 8) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] swresample/swresample: Fix integer overflow in seed calculation

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Thu Sep  3 09:22:31 2015 +0200| [f66787d3452c993ed0285cbb44369a558c733703] | 
committer: Michael Niedermayer

swresample/swresample: Fix integer overflow in seed calculation

Fixes CID1322333

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 32f53958b8f6ed4c3c2a7447c1e47d012796fae2)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f66787d3452c993ed0285cbb44369a558c733703
---

 libswresample/swresample.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libswresample/swresample.c b/libswresample/swresample.c
index 3e23912..e9bc659 100644
--- a/libswresample/swresample.c
+++ b/libswresample/swresample.c
@@ -638,7 +638,7 @@ static int swr_convert_internal(struct SwrContext *s, 
AudioData *out, int out_co
 return ret;
 if(ret)
 for(ch=0; chdither.noise.ch_count; ch++)
-if((ret=swri_get_dither(s, s->dither.noise.ch[ch], 
s->dither.noise.count, 12345678913579dither.noise.ch[ch], 
s->dither.noise.count, (12345678913579ULL*ch + 3141592) % 2718281828U, 
s->dither.noise.fmt))<0)
 return ret;
 av_assert0(s->dither.noise.ch_count == preout->ch_count);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avutil/common: Document FFABS() corner case

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Thu Sep  3 02:00:05 2015 +0200| [7ffe708297e900889f6979eee292b766b1f1872a] | 
committer: Michael Niedermayer

avutil/common: Document FFABS() corner case

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 733511fb53fedd3adaaeabc5db9d0b29e71ea1d3)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ffe708297e900889f6979eee292b766b1f1872a
---

 libavutil/common.h |6 ++
 1 file changed, 6 insertions(+)

diff --git a/libavutil/common.h b/libavutil/common.h
index c82a3a6..a48959d 100644
--- a/libavutil/common.h
+++ b/libavutil/common.h
@@ -58,6 +58,12 @@
: ((a) + (1<<(b)) - 1) 
>> (b))
 #define FFUDIV(a,b) (((a)>0 ?(a):(a)-(b)+1) / (b))
 #define FFUMOD(a,b) ((a)-(b)*FFUDIV(a,b))
+
+/**
+ * Absolute value, Note, INT_MIN / INT64_MIN result in undefined behavior as 
they
+ * are not representable as absolute values of their type. This is the same
+ * as with *abs()
+ */
 #define FFABS(a) ((a) >= 0 ? (a) : (-(a)))
 #define FFSIGN(a) ((a) > 0 ? 1 : -1)
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/tta: Check init_get_bits8() for failure

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Fri Sep  4 01:18:13 2015 +0200| [ec35bb729cdd36a757f6180fc3c69b76404e773a] | 
committer: Michael Niedermayer

avcodec/tta: Check init_get_bits8() for failure

Fixes: CID1322319

Signed-off-by: Michael Niedermayer 
(cherry picked from commit f1593e4ca564cdb7f3194a9eee1dea16df41142d)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec35bb729cdd36a757f6180fc3c69b76404e773a
---

 libavcodec/tta.c |6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index 5fdbac8..1c4316b 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -123,6 +123,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx)
 TTAContext *s = avctx->priv_data;
 GetBitContext gb;
 int total_frames;
+int ret;
 
 s->avctx = avctx;
 
@@ -131,7 +132,10 @@ static av_cold int tta_decode_init(AVCodecContext * avctx)
 return AVERROR_INVALIDDATA;
 
 s->crc_table = av_crc_get_table(AV_CRC_32_IEEE_LE);
-init_get_bits8(&gb, avctx->extradata, avctx->extradata_size);
+ret = init_get_bits8(&gb, avctx->extradata, avctx->extradata_size);
+if (ret < 0)
+return ret;
+
 if (show_bits_long(&gb, 32) == AV_RL32("TTA1")) {
 /* signature */
 skip_bits_long(&gb, 32);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/dump: Fix integer overflow in aspect ratio calculation

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Thu Sep  3 02:49:44 2015 +0200| [e5c9396a029322b1a43e24b6dbe1cb2ec76bf0f1] | 
committer: Michael Niedermayer

avformat/dump: Fix integer overflow in aspect ratio calculation

Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d1bdaf3fb2c45020f72a378bb64eab1bf136581c)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5c9396a029322b1a43e24b6dbe1cb2ec76bf0f1
---

 libavformat/dump.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/dump.c b/libavformat/dump.c
index 3a7adbe..c4434b3 100644
--- a/libavformat/dump.c
+++ b/libavformat/dump.c
@@ -363,8 +363,8 @@ static void dump_stream_format(AVFormatContext *ic, int i,
 av_cmp_q(st->sample_aspect_ratio, st->codec->sample_aspect_ratio)) {
 AVRational display_aspect_ratio;
 av_reduce(&display_aspect_ratio.num, &display_aspect_ratio.den,
-  st->codec->width  * st->sample_aspect_ratio.num,
-  st->codec->height * st->sample_aspect_ratio.den,
+  st->codec->width  * (int64_t)st->sample_aspect_ratio.num,
+  st->codec->height * (int64_t)st->sample_aspect_ratio.den,
   1024 * 1024);
 av_log(NULL, AV_LOG_INFO, ", SAR %d:%d DAR %d:%d",
st->sample_aspect_ratio.num, st->sample_aspect_ratio.den,

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/rangecoder: Check e

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Fri Sep 25 14:26:14 2015 +0200| [b5b29b22c0f8b49db045edb33254291486cb0db7] | 
committer: Michael Niedermayer

avcodec/rangecoder: Check e

Fixes hang.nut

Found-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b2955b6c5aed11026ec5c7164462899a10cdb937)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5b29b22c0f8b49db045edb33254291486cb0db7
---

 libavcodec/ffv1dec.c |5 -
 libavcodec/snow.h|2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 760d74f..26ed2ee 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -47,8 +47,11 @@ static inline av_flatten int get_symbol_inline(RangeCoder 
*c, uint8_t *state,
 else {
 int i, e, a;
 e = 0;
-while (get_rac(c, state + 1 + FFMIN(e, 9))) // 1..10
+while (get_rac(c, state + 1 + FFMIN(e, 9))) { // 1..10
 e++;
+if (e > 31)
+return AVERROR_INVALIDDATA;
+}
 
 a = 1;
 for (i = e - 1; i >= 0; i--)
diff --git a/libavcodec/snow.h b/libavcodec/snow.h
index 46df46c..d2fcc7c 100644
--- a/libavcodec/snow.h
+++ b/libavcodec/snow.h
@@ -555,6 +555,8 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, 
int is_signed){
 e= 0;
 while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10
 e++;
+if (e > 31)
+return AVERROR_INVALIDDATA;
 }
 
 a= 1;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/svq1dec: Check init_get_bits8() for failure

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Fri Sep  4 01:18:13 2015 +0200| [45c30d84b6c57b529687096bd7043c6999bd2d14] | 
committer: Michael Niedermayer

avcodec/svq1dec: Check init_get_bits8() for failure

Fixes: CID1322313

Signed-off-by: Michael Niedermayer 
(cherry picked from commit a51d4246d8ac96acee735e7e5dedb9d9ef27a594)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45c30d84b6c57b529687096bd7043c6999bd2d14
---

 libavcodec/svq1dec.c |5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index 2f9ea16..1212522 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -617,9 +617,12 @@ static int svq1_decode_frame(AVCodecContext *avctx, void 
*data,
 uint8_t *current;
 int result, i, x, y, width, height;
 svq1_pmv *pmv;
+int ret;
 
 /* initialize bit buffer */
-init_get_bits8(&s->gb, buf, buf_size);
+ret = init_get_bits8(&s->gb, buf, buf_size);
+if (ret < 0)
+return ret;
 
 /* decode frame header */
 s->frame_code = get_bits(&s->gb, 22);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/g2meet: Also clear tile dimensions on header_fail

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Fri Sep  4 12:11:46 2015 +0200| [873ee14b560fa43a25b6ac88b23f9784eda53eeb] | 
committer: Michael Niedermayer

avcodec/g2meet: Also clear tile dimensions on header_fail

Signed-off-by: Michael Niedermayer 
(cherry picked from commit fb0466699575724923aeddc4490302180dfdf4af)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=873ee14b560fa43a25b6ac88b23f9784eda53eeb
---

 libavcodec/g2meet.c |2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index 302dc9d..16f46e2 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -869,6 +869,8 @@ header_fail:
 c->height  = 0;
 c->tiles_x =
 c->tiles_y = 0;
+c->tile_width =
+c->tile_height = 0;
 return ret;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/truemotion1: Check for even width

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Tue Sep  1 04:57:22 2015 +0200| [6f08086992c3fad68fbaca03b0ca2a42f0ad0d67] | 
committer: Michael Niedermayer

avcodec/truemotion1: Check for even width

Fixes out of array access
Fixes: 
87196d8bbc633629fc9dd851fce73e70/asan_heap-oob_26f6853_862_cov_585961513_sonic3dblast_intro-partial.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 63fb5a6aefb4223334001fd2c0d82a5e22e3b528)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f08086992c3fad68fbaca03b0ca2a42f0ad0d67
---

 libavcodec/truemotion1.c |4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/truemotion1.c b/libavcodec/truemotion1.c
index 660ecf5..b2de889 100644
--- a/libavcodec/truemotion1.c
+++ b/libavcodec/truemotion1.c
@@ -402,6 +402,10 @@ static int truemotion1_decode_header(TrueMotion1Context *s)
 new_pix_fmt = AV_PIX_FMT_RGB555; // RGB565 is supported as well
 
 s->w >>= width_shift;
+if (s->w & 1) {
+avpriv_request_sample(s->avctx, "Frame with odd width");
+return AVERROR_PATCHWELCOME;
+}
 
 if (s->w != s->avctx->width || s->h != s->avctx->height ||
 new_pix_fmt != s->avctx->pix_fmt) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/ffv1dec: Explicitly check read_quant_table() return value

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Sat Sep 26 13:09:59 2015 +0200| [ac19d8eb3ac797eb8826909c6f16f47df349e070] | 
committer: Michael Niedermayer

avcodec/ffv1dec: Explicitly check read_quant_table() return value

Forwards the error code, avoids potential integer overflow

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 10bbf6cf622f8a954c6cc694ca07c24f989c99af)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac19d8eb3ac797eb8826909c6f16f47df349e070
---

 libavcodec/ffv1dec.c |5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 26ed2ee..475b1ad 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -503,7 +503,10 @@ static int read_quant_tables(RangeCoder *c,
 int context_count = 1;
 
 for (i = 0; i < 5; i++) {
-context_count *= read_quant_table(c, quant_table[i], context_count);
+int ret = read_quant_table(c, quant_table[i], context_count);
+if (ret < 0)
+return ret;
+context_count *= ret;
 if (context_count > 32768U) {
 return AVERROR_INVALIDDATA;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avfilter/af_asyncts: use llabs for int64_t

2015-12-06 Thread Ganesh Ajjanagadde 
ffmpeg | branch: release/2.4 | Ganesh Ajjanagadde  | 
Sat Sep  5 20:42:02 2015 -0700| [3ea20e60dc5d6362dba02c4fb19e44e4943046ad] | 
committer: Michael Niedermayer

avfilter/af_asyncts: use llabs for int64_t

long may not be 64 bit on all platforms; so labs on int64_t is unsafe.
This fixes a warning reported in:
http://fate.ffmpeg.org/log.cgi?time=20150905071512&log=compile&slot=i386-darwin-clang-polly-3.7

Signed-off-by: Ganesh Ajjanagadde 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d74123d03eb1047b844bc39fbde26f199c72cbcb)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ea20e60dc5d6362dba02c4fb19e44e4943046ad
---

 libavfilter/af_asyncts.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/af_asyncts.c b/libavfilter/af_asyncts.c
index 5f8e1f6..4be093b 100644
--- a/libavfilter/af_asyncts.c
+++ b/libavfilter/af_asyncts.c
@@ -205,7 +205,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *buf)
 delta= pts - s->pts - get_delay(s);
 out_size = avresample_available(s->avr);
 
-if (labs(delta) > s->min_delta ||
+if (llabs(delta) > s->min_delta ||
 (s->first_frame && delta && s->first_pts != AV_NOPTS_VALUE)) {
 av_log(ctx, AV_LOG_VERBOSE, "Discontinuity - %"PRId64" samples.\n", 
delta);
 out_size = av_clipl_int32((int64_t)out_size + delta);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/libopusenc: Fix infinite loop on flushing after 0 input

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.4 | Michael Niedermayer  | 
Thu Aug 27 12:44:31 2015 +0200| [ab79e3d1a5f9b2d677273d15970a719b8be039bf] | 
committer: Michael Niedermayer

avcodec/libopusenc: Fix infinite loop on flushing after 0 input

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 6701c92fa4269872856c70c3170a9b3291b46247)

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab79e3d1a5f9b2d677273d15970a719b8be039bf
---

 libavcodec/libopusenc.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/libopusenc.c b/libavcodec/libopusenc.c
index 9a1952a..dadd7f0 100644
--- a/libavcodec/libopusenc.c
+++ b/libavcodec/libopusenc.c
@@ -324,7 +324,7 @@ static int libopus_encode(AVCodecContext *avctx, AVPacket 
*avpkt,
 } else
 audio = frame->data[0];
 } else {
-if (!opus->afq.remaining_samples)
+if (!opus->afq.remaining_samples || (!opus->afq.frame_alloc && 
!opus->afq.frame_count))
 return 0;
 audio = opus->samples;
 memset(audio, 0, opus->opts.packet_size * sample_size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Update for 2.8.4

2015-12-06 Thread Michael Niedermayer 
ffmpeg | branch: release/2.8 | Michael Niedermayer  | 
Sun Dec  6 10:42:02 2015 +0100| [913c642c21dd608cc53ea2482e9b4d3141bcd542] | 
committer: Michael Niedermayer

Update for 2.8.4

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=913c642c21dd608cc53ea2482e9b4d3141bcd542
---

 Changelog|   40 
 RELEASE  |2 +-
 doc/Doxyfile |2 +-
 3 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/Changelog b/Changelog
index 7e70b11..2ea0727 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,46 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 2.8.4
+- libvpxenc: remove some unused ctrl id mappings
+- avcodec/vp3: ensure header is parsed successfully before tables
+- avcodec/jpeg2000dec: Check bpno in decode_cblk()
+- avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented 
in type int
+- swscale/utils: Fix for runtime error: left shift of negative value -1
+- avcodec/hevc: Fix integer overflow of entry_point_offset
+- avcodec/dirac_parser: Check that there is a previous PU before accessing it
+- avcodec/dirac_parser: Add basic validity checks for next_pu_offset and 
prev_pu_offset
+- avcodec/dirac_parser: Fix potential overflows in pointer checks
+- avcodec/wmaprodec: Check bits per sample to be within the range not causing 
integer overflows
+- avcodec/wmaprodec: Fix overflow of cutoff
+- avformat/smacker: fix integer overflow with pts_inc
+- avcodec/vp3: Fix "runtime error: left shift of negative value"
+- avformat/riffdec: Initialize bitrate
+- mpegencts: Fix overflow in cbr mode period calculations
+- avutil/timecode: Fix fps check
+- avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() 
for overflows
+- avcodec/apedec: Check length in long_filter_high_3800()
+- avcodec/vp3: always set pix_fmt in theora_decode_header()
+- avcodec/mpeg4videodec: Check available data before reading custom matrix
+- avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
+- avutil/integer: Fix av_mod_i() with negative dividend
+- avformat/dump: Fix integer overflow in av_dump_format()
+- avcodec/h264_refs: Check that long references match before use
+- avcodec/utils: Clear dimensions in ff_get_buffer() on failure
+- avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
+- avcodec/hevc: Check max ctb addresses for WPP
+- avcodec/vp3: Clear context on reinitialization failure
+- avcodec/hevc: allocate entries unconditionally
+- avcodec/hevc_cabac: Fix multiple integer overflows
+- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
+- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
+- avcodec/hevc: Check entry_point_offsets
+- lavf/rtpenc_jpeg: Less strict check for standard Huffman tables.
+- avcodec/ffv1dec: Clear quant_table_count if its invalid
+- avcodec/ffv1dec: Print an error if the quant table count is invalid
+- doc/filters/drawtext: fix centering example
+
+
 version 2.8.3
 - avcodec/cabac: Check initial cabac decoder state
 - avcodec/cabac_functions: Fix "left shift of negative value -31767"
diff --git a/RELEASE b/RELEASE
index 9f8d8a9..2701a22 100644
--- a/RELEASE
+++ b/RELEASE
@@ -1 +1 @@
-2.8.3
+2.8.4
diff --git a/doc/Doxyfile b/doc/Doxyfile
index f4e3ca8..5c4b466 100644
--- a/doc/Doxyfile
+++ b/doc/Doxyfile
@@ -31,7 +31,7 @@ PROJECT_NAME   = FFmpeg
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER = 2.8.3
+PROJECT_NUMBER = 2.8.4
 
 # With the PROJECT_LOGO tag one can specify a logo or icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avfilter/af_stereotools: fix logic fail

2015-12-06 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Sun Dec  6 10:09:09 
2015 +0100| [3e1724baf8aaf8bd591acd44f260e9d69cf94fdc] | committer: Paul B Mahol

avfilter/af_stereotools: fix logic fail

Signed-off-by: Paul B Mahol 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e1724baf8aaf8bd591acd44f260e9d69cf94fdc
---

 libavfilter/af_stereotools.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/af_stereotools.c b/libavfilter/af_stereotools.c
index 00a0dde..8ab184d 100644
--- a/libavfilter/af_stereotools.c
+++ b/libavfilter/af_stereotools.c
@@ -110,7 +110,7 @@ static int config_input(AVFilterLink *inlink)
 StereoToolsContext *s = ctx->priv;
 
 s->length = 2 * inlink->sample_rate * 0.05;
-if (s->length <= 1 && s->length & 1) {
+if (s->length <= 1 || s->length & 1) {
 av_log(ctx, AV_LOG_ERROR, "sample rate is too small\n");
 return AVERROR(EINVAL);
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] libavutil: add version component accessor macros

2015-12-06 Thread Reynaldo H. Verdejo Pinochet 
ffmpeg | branch: master | Reynaldo H. Verdejo Pinochet 
 | Fri Dec  4 14:07:23 2015 -0800| 
[21c34cb26154a5eadd6e10df86c20e2df3a7bd55] | committer: Reynaldo H. Verdejo 
Pinochet

libavutil: add version component accessor macros

Pretty standard macros, these should help libav*
users avoid repeating ver.si.on parsing code,
which aids in compatibility-checking tasks like
identifying FFmpeg from Libav (_MICRO >= 100 check).
Something many are doing since we are not
intercompatible anymore.

Signed-off-by: Reynaldo H. Verdejo Pinochet 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=21c34cb26154a5eadd6e10df86c20e2df3a7bd55
---

 libavutil/version.h |   10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/libavutil/version.h b/libavutil/version.h
index bf0a929..e7f0488 100644
--- a/libavutil/version.h
+++ b/libavutil/version.h
@@ -37,6 +37,14 @@
 #define AV_VERSION(a, b, c) AV_VERSION_DOT(a, b, c)
 
 /**
+ * Extract version components from the full ::AV_VERSION_INT int as returned
+ * by functions like ::avformat_version() and ::avcodec_version()
+ */
+#define AV_VERSION_MAJOR(a) ((a) >> 16)
+#define AV_VERSION_MINOR(a) (((a) & 0x00FF00) >> 8)
+#define AV_VERSION_MICRO(a) ((a) & 0xFF)
+
+/**
  * @}
  */
 
@@ -56,7 +64,7 @@
  */
 
 #define LIBAVUTIL_VERSION_MAJOR  55
-#define LIBAVUTIL_VERSION_MINOR   9
+#define LIBAVUTIL_VERSION_MINOR  10
 #define LIBAVUTIL_VERSION_MICRO 100
 
 #define LIBAVUTIL_VERSION_INT   AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

<    1   2