From 5df3efbdd6bf5ec723b4932e7c6296bea097d718 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 6 Dec 2019 21:00:24 +0100 Subject: [PATCH] Update for 2.8.16 Signed-off-by: Michael Niedermayer --- Changelog | 309 +++++++++++++++++++++++++++++++++++++++++++++++++++ RELEASE | 2 +- doc/Doxyfile | 2 +- 3 files changed, 311 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index 0329e58c3d..b92e937c28 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,315 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 2.8.16: +- avcodec/utils: Check block_align +- avcodec/utils: Check sample_rate before opening the decoder +- avcodec/g729dec: require buf_size to be non 0 +- avcodec/alac: Fix integer overflow in lpc_prediction() with sign +- avcodec/wmaprodec: Fix buflen computation in save_bits() +- avcodec/vc1_block: Fix integer overflow in AC rescaling in vc1_decode_i_block_adv() +- avcodec/vmdaudio: Check chunk counts to avoid integer overflow +- avformat/mxfdec: Clear metadata_sets_count in mxf_read_close() +- avcodec/nuv: Use ff_set_dimensions() +- avcodec/ffwavesynth: Fix integer overflow with pink_ts_cur/next +- avcodec/ralf: Fix integer overflows with the filter coefficient in decode_channel() +- avcodec/g729dec: Use 64bit and clip in scalar product +- avcodec/mxpegdec: Check for multiple SOF +- avcodec/nuv: Move comptype check up +- avcodec/wmavoice: Fix integer overflow in synth_frame() +- avutil/lfg: Correct index increment type to avoid undefined behavior +- avcodec/cngdec: Remove AV_CODEC_CAP_DELAY +- avcodec/iff: Move index use after check in decodeplane8() +- avcodec/atrac3: Check for huge block aligns +- avcodec/ralf: use multiply instead of shift to avoid undefined behavior in decode_block() +- avcodec/wmadec: Require previous exponents for reuse +- avcodec/vc1_block: Fix undefined behavior in ac prediction rescaling +- avcodec/apedec: Fixes integer overflow of res+*data in do_apply_filter() +- avcodec/sonic: Fix integer overflow in predictor_calc_error() +- lavc/tableprint_vlc: Remove avpriv_request_sample() from included files. +- avcodec/adpcm: Fix undefined behavior with negative predictions in IMA OKI +- avcodec/cook: Move up and extend block_align check +- avcodec/twinvq: Check block_align +- avcodec/cook: Enlarge gain table +- avcodec/atrac3plus: Check split point in fill mode 3 +- avcodec/wmavoice: Check sample_rate +- avcodec/apedec: Fix integer overflow in filter_3800() +- avcodec/ffv1dec: Use a different error message for the slice level CRC +- avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830() +- avcodec/snowenc: Fix 2 undefined shifts +- avformat/nutenc: Do not pass NULL to memcmp() in get_needed_flags() +- avcodec/truemotion2: Fix several integer overflows in tm2_low_res_block() +- avcodec/adpcm: Fix invalid shifts in ADPCM DTK +- avcodec/apedec: Only clear the needed buffer space, instead of all +- avcodec/libvorbisdec: Fix insufficient input checks leading to out of array reads +- avcodec/vp5: Check render_x/y +- avcodec/ralf: Skip initializing unused filter variables +- avformat/pjsdec: Check duration for overflow +- avcodec/ptx: Check that the input contains at least one line +- avcodec/alac: Fix integer overflow in LPC +- avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame() +- avcodec/aliaspixdec: Check input size against minimal picture size +- avcodec/ffwavesynth: Fix integer overflows in pink noise addition +- avcodec/vc1_block: Fixes integer overflow in vc1_decode_i_block_adv() +- avcodec/wmalosslessdec: Check block_align +- avcodec/g729postfilter: Fix left shift of negative value +- avcodec/binkaudio: Check sample rate +- avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACS +- avcodec/apedec: Fix integer overflow in predictor_update_3930() +- avcodec/g729postfilter: Fix undefined intermediate pointers +- avcodec/g729postfilter: Fix undefined shifts +- avcodec/lsp: Fix undefined shifts in lsp2poly() +- avcodec/adpcm: Fix left shifts in AV_CODEC_ID_ADPCM_EA +- avfilter/vf_geq: Use av_clipd() instead of av_clipf() +- avcodec/ituh263dec: Check input for minimal frame size +- avcodec/truemotion1: Check that the input has enough space for a minimal index_stream +- avformat/mpsubdec: Clear queue on error +- avcodec/sunrast: Check that the input is large enough for the maximally compressed image +- avcodec/sunrast: Check for availability of maplength before allocating image +- avformat/subtitles: Check nb_subs in ff_subtitles_queue_finalize() +- avcodec/g2meet: Check for end of input in jpg_decode_block() +- avcodec/g2meet: Check if adjusted pixel was on the stack +- avcodec/motionpixels: Mark 2 functions as always_inline +- avcodec/ralf: Fix integer overflow in decode_channel() +- vcodec/vc1: compute rangex/y only for P/B frames +- avcodec/vc1_pred: Fix invalid shifts in scaleforopp() +- avcodec/vc1_block: Fix invalid shift with rangeredfrm +- avcodec/vc1: Check for excessive resolution +- avcodec/vc1: check REFDIST +- avcodec/apedec: Fix several integer overflows in predictor_update_filter() and do_apply_filter() +- avcodec/hevc_cabac: Tighten the limit on k in ff_hevc_cu_qp_delta_abs() +- avcodec/4xm: Check index in decode_i_block() also in the path where its not used. +- avcodec/atrac3: Check block_align +- avcodec/alsdec: Avoid dereferencing context pointer in inner interleave loop +- avcodec/g729_parser: Check block_size +- avcodec/aacdec: Check if we run out of input in read_stream_mux_config() +- avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL +- avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction() +- avcodec/ffwavesynth: Fix integer overflow in timestamps +- avcodec/sunrast: Fix indention +- avcodec/sunrast: Fix return type for "unsupported (compression) type" +- avformat/cdxl: Fix integer overflow in intermediate +- avcodec/hevcdec: repeat character in skiped +- avcodec/alsdec: Check k from being outside what our implementation can handle +- avcodec/vp56rac: delay signaling an error on truncated input +- avcodec/vp5/6/8: use vpX_rac_is_end() +- avcodec/vp56: Add vpX_rac_is_end() to check for the end of input +- avcodec/qdm2: Check frame size +- avcodec/vc1_pred: Fix refdist in scaleforopp() +- avcodec/vorbisdec: fix FASTDIV usage for vr_type == 2 +- avcodec/iff: Check for overlap in cmap_read_palette() +- avcodec/apedec: Fix 32bit int overflow in do_apply_filter() +- avcodec/ralf: fix undefined shift in extend_code() +- avcodec/ralf: fix undefined shift +- avcodec/bgmc: Check input space in ff_bgmc_decode_init() +- avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block() +- avcodec/vc1dec: Require res_sprite for wmv3images +- avcodec/vc1_block: Check for double escapes +- avcodec/vorbisdec: Check get_vlc2() failure +- avcodec/tta: Fix integer overflow in prediction +- avcodec/vb: Check input packet size to be large enough to contain flags +- avcodec/cavsdec: Limit the number of access units per packet to 2 +- avcodec/alac: Fix multiple integer overflows in lpc_prediction() +- avcodec/rl2: set dimensions +- avformat/realtextdec: free queue on error +- avcodec/alsdec: Fix integer overflow in decode_var_block_data() +- avcodec/alsdec: Limit maximum channels to 512 +- avcodec/anm: Check input size for a frame with just a stop code +- avcodec/loco: Check left column value +- avcodec/ffwavesynth: Fixes invalid shift with pink noise seeking +- avcodec/ffwavesynth: Fix integer overflow for some corner case values +- avcodec/indeo2: Check remaining input more often +- avcodec/vp56: Consider the alpha start as end of the prior header +- avcodec/4xm: Check for end of input in decode_p_block() +- avcodec/hnm4video: Optimize postprocess_current_frame() +- avcodec/hevc_refs: Optimize 16bit generate_missing_ref() +- avcodec/dds: Use ff_set_dimensions() +- avcodec/mpc8: Fix 32bit mask/enum +- avcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data() +- avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks() +- avcodec/aacdec_template: fix integer overflow in imdct_and_windowing() +- libavcodec/iff: Use unsigned to avoid undefined behaviour +- avcodec/alsdec: Check for block_length <= 0 in read_var_block_data() +- avcodec/vqavideo: Set video size +- avcodec/sanm: Check extradata_size before allocations +- avcodec/mss1: check for overread and forward errors +- avcodec/dirac_parser: Fix overflow in dts +- avcodec/ralf: Fix undefined pointer in decode_channel() +- avcodec/ralf: Fix integer overflow in apply_lpc() +- avcodec/vorbisdec: Implement vr->classifications = 1 +- avcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide +- avcodec/apedec: Fix 2 signed overflows +- avcodec/mss3: Check for the rac stream being invalid in rac_normalize() +- avcodec/vc1_block: Check get_vlc2() return before use +- avcodec/apedec: Do not partially clear data array +- avcodec/hnm4video: Forward errors of decode_interframe_v4() +- avcodec/vp3: Check that theora is theora +- avcodec/vc1_pred: Fix invalid shift in scaleforsame() +- avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc() +- avcodec/truemotion2: Fix several integer overflows in tm2_motion_block() +- avcodec/apedec: make left/right unsigned to avoid undefined behavior +- avcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800() +- avcodec/eatgv: Check remaining size after the keyframe header +- avcodec/assdec: undefined use of memcpy() +- avcodec/brenderpix: Check input size before allocating image +- lafv/wavdec: Fail bext parsing on incomplete reads +- avcodec/vorbisdec: Check vlc for floor0 dec vector offset +- avcodec/vorbisdec: amplitude bits can be more than 25 bits +- avcodec/apedec: Fix various integer overflows +- avcodec/apedec: Fix multiple integer overflows in predictor_update_filter() +- avcodec/alsdec: Fix 2 integer overflows +- avcodec/flicvideo: Make line_packets int +- avcodec/dvbsubdec: Use ff_set_dimensions() +- avcodec/ffwavesynth: Check if there is enough extradata before allocation +- avcodec/ffwavesynth: More correct cast in wavesynth_seek() +- avcodec/ffwavesynth: Check sample rate before use +- avformat/utils: Check rfps_duration_sum for overflow +- avcodec/parser: Check next index validity in ff_combine_frame() +- avcodec/ivi: Ask for samples with odd tiles +- avformat/xmv: Make bitrate 64bit +- avcodec/pngdec: Check that previous_picture has same w/h/format +- avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation) +- avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame() +- avcodec/hq_hqa: Use ff_set_dimensions() +- avcodec/rv10: Fix integer overflow in aspect ratio compare +- avcodec/4xm: Fix signed integer overflows in idct() +- avcodec/qdm2: Check checksum_size for 0 +- avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop +- avcodec/qdm2: Do not read out of array in fix_coding_method_array() +- avcodec/svq3: Use ff_set_dimension() +- avcodec/iff: Check ham vs bpp +- avcodec/ffwavesynth: use uint32_t to compute difference, it is enough +- avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case +- avcodec/ffwavesynth: Fix backward lcg_seek() +- avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff() +- avcodec/alac: Check lpc_quant +- avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUP +- avcodec/alsdec: Fix integer overflow with buffer number +- avcodec/alsdec: Check opt_order / sb_length in ra_block handling +- avcodec/alsdec: Fix integer overflow with shifting samples +- avcodec/alsdec: Fix undefined behavior in decode_rice() +- avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT() +- avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check +- avcodec/qdm2: Move fft_order check up +- avcodec/libvorbisdec: Check extradata size +- avcodec/videodsp_template: Fix overflow of addition +- avcodec/ffwavesynth: Check ts_end - ts_start for overflow +- avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c +- avcodec/tta: Fix undefined shift +- avcodec/bintext: Check font height +- avcodec/binkdsp: Fix integer overflows in idct +- avcodec/motionpixels: Check for vlc error in mp_get_vlc() +- avcodec/loco: Limit lossy parameter so it is sane and does not overflow +- avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed +- avcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c() +- avcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block() +- avcodec/iff: finetune the palette size check in the mask case +- avcodec/bink: Reorder operations in init to avoid memleak on error +- avformat/wtvdec: Avoid (32bit signed) sectors +- avcodec/bitstream: Check for more conflicting codes in build_table() +- avcodec/bitstream: Check for integer code truncation in build_table() +- avformat/sbgdec: Fixes integer overflow in str_to_time() with hours +- avcodec/mjpegdec: Check for non ls PAL8 +- avcodec/mss4: Check input size against skip bits +- avcodec/diracdec: Fix integer overflow in global_mv() +- avcodec/vmnc: Check available space against chunks before reget_buffer() +- avcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decode failure) +- avcodec/aacdec_fixed: Handle more extreem cases in noise_scale() +- avcodec/aacdec_template: Merge 3 #ifs related to noise handling +- avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify +- avformat/mp3enc: Avoid SEEK_END as it is unsupported +- avcodec/truemotion2: Fix several integer overflows in tm2_update_block() +- avformat/webm_chunk: Specify expected argument length of get_chunk_filename() +- avformat/webm_chunk: Check header filename length +- avcodec/cpia: Check input size also against linesizes and EOL +- libswcale: Fix possible string overflow in test. +- avcodec/hq_hqa: Check available space before reading slice offsets +- lavf/webm_chunk: Respect buffer size +- avcodec/jvdec: Use ff_get_buffer() when the content is not reused +- avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block() +- avcodec/aacdec_fixed: Fix undefined shift in noise_scale() +- avutil/avstring: Fix bug and undefined behavior in av_strncasecmp() +- avformat/aadec: Check for scanf() failure +- avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside +- avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform() +- avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation +- avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks() +- avcodec/hevcdec: Avoid only partly skiping duplicate first slices +- lavc/bmp: Avoid a heap buffer overwrite for 1bpp input. +- avcodec/truemotion2: Fix integer overflow in tm2_null_res_block() +- avcodec/dfa: Check the chunk header is not truncated +- avcodec/dvbsubdec: Check object position +- avcodec/cdgraphics: Use ff_set_dimensions() +- avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes +- avcodec/aic: Check remaining bits in aic_decode_coeffs() +- avcodec/bethsoftvideo: Check block_type +- avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int() +- avcodec/error_resilience: Use a symmetric check for skipping MV estimation +- avcodec/mlpdec: Insuffient typo +- avcodec/jvdec: Check available input space before decode8x8() +- avformat/webmdashenc: Check id in adaption_sets +- avformat/http: Fix Out-of-Bounds access in process_line() +- avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393 +- avformat/mov.c: require tfhd to begin parsing trun +- avcodec/pgssubdec: Check for duplicate display segments +- avformat/rtsp: Check number of streams in sdp_parse_line() +- avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect() +- avcodec/fic: Check that there is input left in fic_decode_block() +- avutil/mem: Optimize fill32() by unrolling and using 64bit +- configure: bump year +- avcodec/4xm: Fix returned error codes +- avcodec/mjpegbdec: Fix some misplaced {} and spaces +- avformat/wvdec: detect and error out on WavPack DSD files +- avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa +- avcodec/fic: Fail on invalid slice size/off +- postproc/postprocess_template: Avoid using %4 for the threshold compare +- avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan() +- lavf/id3v2: fail read_apic on EOF reading mimetype +- avformat/nutenc: Document trailer index assert better +- lavf/mov: ensure only one tkhd per trak +- avcodec/msvideo1: Check for too small dimensions +- avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size +- avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size +- avcodec/truemotion2: fix integer overflows in tm2_low_chroma() +- avutil/mem: Fix invalid use of av_alloc_size +- avcodec/hevcdec: decode at most one slice reporting being the first in the picture +- avfilter/af_silenceremove: fix possible crash if supplied duration is negative +- avcodec/pngdec: Check compression method +- avcodec/shorten: Fix integer overflow with offset +- avcodec/cavsdec: Propagate error codes inside decode_mb_i() +- avcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu case +- avformat/flvenc: Check audio packet size +- avutil/integer: Fix integer overflow in av_mul_i() +- avcodec/msrle: Check that the input is large enough to contain a end of picture code +- avcodec/jpeg2000dec: Fix off by 1 error in JPEG2000_PGOD_CPRL handling +- avcodec/mpeg4videodec: Fix typo in sprite delta check +- avcodec/h264_cavlc: Check mb_skip_run +- avcodec/ra144: Fix integer overflow in add_wav() +- avformat/utils: Never store negative values in last_IP_duration +- avformat/utils: Fix integer overflow in discontinuity check +- avcodec/unary: Improve get_unary() docs +- avcodec/dvdsubdec: Sanity check len in decode_rle() +- avcodec/mpeg4videodec: Fix undefined shift in get_amv() +- avcodec/zmbv: Check that the decompressed data size is correct +- avcodec/zmbv: Update decomp_len in raw frames +- avcodec/shorten: Fix bitstream end check in read_header() +- avcodec/dvdsubdec: Avoid branch in decode_run_8bit() +- avcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking() +- avcodec/ra144: Fix undefined integer overflow in add_wav() +- avcodec/hq_hqa: Check remaining input bits in hqa_decode_mb() +- avcodec/vb: Check for end of bytestream before reading blocktype +- avcodec/snowdec: Fix integer overflow with motion vector residual +- avformat/nsvdec: Do not parse multiple NSVf +- avformat/mlvdec: read_string() received unsigned size, make the argument unsigned +- avcodec/shorten: Fix integer overflow in residual/LPC combination +- avcodec/shorten: Check verbatim length +- avcodec/mpegaudio_parser: Initialize poutbuf* +- avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp() +- avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream and we also have a -1 special case +- avcodec/diracdec: Prevent integer overflow in intermediate in global_mv() +- swresample/swresample: Fix input channel count in resample_first computation +- avutil/pixfmt: Document chroma plane size for odd resolutions + version 2.8.15: - avcodec/dvdsub_parser: Allocate input padding - avcodec/dvdsub_parser: Init output buf/size diff --git a/RELEASE b/RELEASE index 92e6e77a29..85c0a6a965 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.8.15 +2.8.16 diff --git a/doc/Doxyfile b/doc/Doxyfile index 9c2ce1ef88..c47d2b44c7 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.8.15 +PROJECT_NUMBER = 2.8.16 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55