height - me_y is the line from which we read, so it must be strictly
smaller than the frame height. Fixes possible invalid reads in corrupted
files.
Also, use a proper context for logging the error.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
If refdata was NULL, the memcpy() ended up copying the same memory
block onto itself, which is not only pointless, but also undefined
behavior.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This should workaround an apparent mis-compilation with gcc 4.2 on BSD
The function is rarely called and not inlining should have no speed
effect
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '2d2a92f72199823a92e4e226c32e42a27ec801c0':
dxa: use the AVFrame API properly.
qpeg: use the AVFrame API properly.
cin video: use the AVFrame API properly.
msvideo1: use the AVFrame API properly.
Conflicts:
libavcodec/dsicinav.c
libavcodec/dxa.c
libavcodec/msvideo1.c
libavcodec/qpeg.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7a5a55722749a3ab77941914707277b147322cbe':
qpeg: Add checks for running out of rows in qpeg_decode_inter
Conflicts:
libavcodec/qpeg.c
See: 4299dfa5de
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec_asf: Set the no_resync_search option for the chained asf demuxer
asfdec: Add an option for not searching for the packet markers
cosmetics: Clean up the tiffenc pix_fmts declaration to match the style of others
cosmetics: Align codec declarations
cosmetics: Convert mimic.c to utf-8
avconv: remove an unused function parameter.
avconv: remove now pointless variables.
avconv: drop support for building without libavfilter.
nellymoserenc: fix crash due to memsetting the wrong area.
libavformat: Only require first packet to be known for audio/video streams
avplay: Don't try to scale timestamps if the tb isn't set
Conflicts:
Changelog
configure
ffmpeg.c
libavcodec/aacenc.c
libavcodec/bmpenc.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/ffv1.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/libopenjpegdec.c
libavcodec/mpeg12enc.c
libavcodec/mpeg4videodec.c
libavcodec/pamenc.c
libavcodec/pgssubdec.c
libavcodec/pngenc.c
libavcodec/qtrleenc.c
libavcodec/rawdec.c
libavcodec/sgienc.c
libavcodec/tiffenc.c
libavcodec/v210dec.c
libavcodec/wmv2dec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master: (27 commits)
cmdutils: use new avcodec_is_decoder/encoder() functions.
lavc: make codec_is_decoder/encoder() public.
lavc: deprecate AVCodecContext.sub_id.
libcdio: add a forgotten AVClass to the private context.
swscale: remove "cpu flags" from -sws_flags description.
proresenc: give user a possibility to alter some encoding parameters
vorbisenc: add output buffer overwrite protection
libopencore-amrnbenc: fix end-of-stream handling
ra144enc: fix end-of-stream handling
nellymoserenc: zero any leftover packet bytes
nellymoserenc: use proper MDCT overlap delay
qpeg: Use bytestream2 functions to prevent buffer overreads.
swscale: make %rep unconditional.
vp8: convert simple loopfilter x86 assembly to use named arguments.
vp8: convert idct x86 assembly to use named arguments.
vp8: convert mc x86 assembly to use named arguments.
vp8: convert loopfilter x86 assembly to use cpuflags().
vp8: convert idct/mc x86 assembly to use cpuflags().
swscale: remove now unnecessary hack.
x86inc: don't "bake" stack_offset in named arguments.
...
Conflicts:
cmdutils.c
doc/APIchanges
libavcodec/mpeg12.c
libavcodec/options.c
libavcodec/qpeg.c
libavcodec/utils.c
libavcodec/version.h
libavdevice/libcdio.c
tests/lavf-regression.sh
Merged-by: Michael Niedermayer <michaelni@gmx.at>
qpeg should probably be changed to use the checked bytestream reader.
But for now this fixes it and is significantly less work.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
amrwb: remove duplicate arguments from extrapolate_isf().
amrwb: error out early if mode is invalid.
h264: change underread for 10bit QPEL to overread.
matroska: check buffer size for RM-style byte reordering.
vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
vp8: change int stride to ptrdiff_t stride.
wma: fix invalid buffer size assumptions causing random overreads.
Windows Media Audio Lossless decoder
rv10/20: Fix slice overflow with checked bitstream reader.
h263dec: Disallow width/height changing with frame threads.
rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
rmdec: Honor .RMF tag size rather than assuming 18.
g722: Fix the QMF scaling
r3d: don't set codec timebase.
electronicarts: set timebase for tgv video.
electronicarts: parse the framerate for cmv video.
ogg: don't set codec timebase
electronicarts: don't set codec timebase
avs: don't set codec timebase
wavpack: Fix an integer overflow
...
Conflicts:
libavcodec/arm/vp8dsp_init_arm.c
libavcodec/fraps.c
libavcodec/h264.c
libavcodec/mpeg4videodec.c
libavcodec/mpegvideo.c
libavcodec/msmpeg4.c
libavcodec/pnmdec.c
libavcodec/qpeg.c
libavcodec/rawenc.c
libavcodec/ulti.c
libavcodec/vcr1.c
libavcodec/version.h
libavcodec/wmalosslessdec.c
libavformat/electronicarts.c
libswscale/ppc/yuv2rgb_altivec.c
tests/ref/acodec/g722
tests/ref/fate/ea-cmv
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata.
H.264: tweak some other x86 asm for Atom
probe: Fix insane flow control.
mpegts: remove invalid error check
s302m: use nondeprecated audio sample format API
lavc: use designated initialisers for all codecs.
x86: cabac: add operand size suffixes missing from 6c32576
Conflicts:
libavcodec/ac3enc_float.c
libavcodec/flacenc.c
libavcodec/frwu.c
libavcodec/pictordec.c
libavcodec/qtrleenc.c
libavcodec/v210enc.c
libavcodec/wmv2dec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is required specifically for setting frame->format to -1,
otherwise it will be set to 0 = PIX_FMT_YUV420P and code reading
the format from the output decoded frame will get misled.
In particular fix regressions occurring with the pending vsrc_buffer
patch.
* qatar/master:
vorbisdec: Rename silly "class_" variable to plain "class".
simple_idct_alpha: Drop some useless casts.
Simplify av_log_missing_feature().
ac3enc: remove check for mismatching channels and channel_layout
If AVCodecContext.channels is 0 and AVCodecContext.channel_layout is non-zero, set channels based on channel_layout.
If AVCodecContext.channel_layout and AVCodecContext.channels are both non-zero, check to make sure they do not contradict eachother.
cosmetics: indentation
Check AVCodec.supported_samplerates and AVCodec.channel_layouts in avcodec_open().
aacdec: remove sf_scale and sf_offset.
aacdec: use a scale of 2 in the LTP MDCT rather than doubling the coefficient table values from the spec.
Define POW_SF2_ZERO in aac.h and use for ff_aac_pow2sf_tabp[] offsets instead of hardcoding 200 everywhere.
Large intensity stereo and PNS indices are legal. Clip them instead of erroring out. A magnitude of 100 corresponds to 2^25 so the will most likely result in clipped output anyway.
qpeg: use reget_buffer() in decode_frame()
ultimotion: use reget_buffer() in ulti_decode_frame()
smacker: remove unnecessary call to avctx->release_buffer in decode_frame()
avparser: don't av_malloc(0).
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Decoder relies on previous frame data, so use reget_buffer().
This also set frame->reference to 3, as the frame will be requested
unmodified later so it shouldn't be modified by the application.
Fix playback of file Clock.avi.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
* qatar/master:
ac3dec: fix processing of delta bit allocation information.
vc1: fix fate-vc1 after previous commit.
wmv3dec: fix playback of complex WMV3 files using simple_idct.
make av_dup_packet() more cautious on allocation failures
make containers pass palette change in AVPacket
introduce side information for AVPacket
Politic commits that have not been pulled:
Update regtest checksums after revision 6001dad.
Replace more FFmpeg references by Libav.
Replace references to ffmpeg-devel with libav-devel; fix roundup URL.
Merged-by: Michael Niedermayer <michaelni@gmx.at>