Packman Build Service PMBS

avidemux3.changes Changed

avidemux3.spec Changed

ffmpeg-2.8.3.tar.bz2/Changelog -> ffmpeg-2.8.4.tar.bz2/Changelog Changed

@@ -1,6 +1,74 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 2.8.4
+- rawdec: only exempt BIT0 with need_copy from buffer sanity check
+- mlvdec: check that index_entries exist
+- avcodec/mpeg4videodec: also for empty partitioned slices
+- avcodec/h264_refs: Fix long_idx check
+- avcodec/h264_mc_template: prefetch list1 only if it is used in the MB
+- avcodec/h264_slice: Simplify ref2frm indexing
+- avfilter/vf_mpdecimate: Add missing emms_c()
+- sonic: make sure num_taps * channels is not larger than frame_size
+- opus_silk: fix typo causing overflow in silk_stabilize_lsf
+- ffm: reject invalid codec_id and codec_type
+- golomb: always check for invalid UE golomb codes in get_ue_golomb
+- sbr_qmf_analysis: sanitize input for 32-bit imdct
+- sbrdsp_fixed: assert that input values are in the valid range
+- aacsbr: ensure strictly monotone time borders
+- aacenc: update max_sfb when num_swb changes
+- aaccoder: prevent crash of anmr coder
+- ffmdec: reject zero-sized chunks
+- swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the alignment is insufficient for SSE*
+- swscale/x86/rgb2rgb_template: Do not crash on misaligend stride
+- avformat/mxfenc: Do not crash if there is no packet in the first stream
+- lavf/tee: fix side data double free.
+- avformat/hlsenc: Check the return code of avformat_write_header()
+- avformat/mov: Enable parser for mp3s by old HandBrake
+- avformat/mxfenc: Fix integer overflow in length computation
+- avformat/utils: estimate_timings_from_pts - increase retry counter, fixes invalid duration for ts files with hevc codec
+- avformat/matroskaenc: Check codecdelay before use
+- avutil/mathematics: Fix division by 0
+- mjpegdec: consider chroma subsampling in size check
+- libvpxenc: remove some unused ctrl id mappings
+- avcodec/vp3: ensure header is parsed successfully before tables
+- avcodec/jpeg2000dec: Check bpno in decode_cblk()
+- avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented in type int
+- swscale/utils: Fix for runtime error: left shift of negative value -1
+- avcodec/hevc: Fix integer overflow of entry_point_offset
+- avcodec/dirac_parser: Check that there is a previous PU before accessing it
+- avcodec/dirac_parser: Add basic validity checks for next_pu_offset and prev_pu_offset
+- avcodec/dirac_parser: Fix potential overflows in pointer checks
+- avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows
+- avcodec/wmaprodec: Fix overflow of cutoff
+- avformat/smacker: fix integer overflow with pts_inc
+- avcodec/vp3: Fix "runtime error: left shift of negative value"
+- avformat/riffdec: Initialize bitrate
+- mpegencts: Fix overflow in cbr mode period calculations
+- avutil/timecode: Fix fps check
+- avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for overflows
+- avcodec/apedec: Check length in long_filter_high_3800()
+- avcodec/vp3: always set pix_fmt in theora_decode_header()
+- avcodec/mpeg4videodec: Check available data before reading custom matrix
+- avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd
+- avutil/integer: Fix av_mod_i() with negative dividend
+- avformat/dump: Fix integer overflow in av_dump_format()
+- avcodec/h264_refs: Check that long references match before use
+- avcodec/utils: Clear dimensions in ff_get_buffer() on failure
+- avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()
+- avcodec/hevc: Check max ctb addresses for WPP
+- avcodec/vp3: Clear context on reinitialization failure
+- avcodec/hevc: allocate entries unconditionally
+- avcodec/hevc_cabac: Fix multiple integer overflows
+- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()
+- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()
+- avcodec/hevc: Check entry_point_offsets
+- lavf/rtpenc_jpeg: Less strict check for standard Huffman tables.
+- avcodec/ffv1dec: Clear quant_table_count if its invalid
+- avcodec/ffv1dec: Print an error if the quant table count is invalid
+- doc/filters/drawtext: fix centering example
+
+
 version 2.8.3
 - avcodec/cabac: Check initial cabac decoder state
 - avcodec/cabac_functions: Fix "left shift of negative value -31767"

ffmpeg-2.8.3.tar.bz2/RELEASE -> ffmpeg-2.8.4.tar.bz2/RELEASE Changed

ffmpeg-2.8.3.tar.bz2/VERSION -> ffmpeg-2.8.4.tar.bz2/VERSION Changed

ffmpeg-2.8.3.tar.bz2/doc/Doxyfile -> ffmpeg-2.8.4.tar.bz2/doc/Doxyfile Changed

ffmpeg-2.8.3.tar.bz2/doc/filters.texi -> ffmpeg-2.8.4.tar.bz2/doc/filters.texi Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/aaccoder.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/aaccoder.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/aacenc.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/aacenc.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/aacsbr_template.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/aacsbr_template.c Changed

@@ -718,8 +718,8 @@
     }
 
     for (i = 1; i <= ch_data->bs_num_env; i++) {
-        if (ch_data->t_env[i-1] > ch_data->t_env[i]) {
-            av_log(ac->avctx, AV_LOG_ERROR, "Non monotone time borders\n");
+        if (ch_data->t_env[i-1] >= ch_data->t_env[i]) {
+            av_log(ac->avctx, AV_LOG_ERROR, "Not strictly monotone time borders\n");
             return -1;
         }
     }
@@ -1154,6 +1154,9 @@
                              INTFLOAT z[320], INTFLOAT W[2][32][32][2], int buf_idx)
 {
     int i;
+#if USE_FIXED
+    int j;
+#endif
     memcpy(x    , x+1024, (320-32)*sizeof(x[0]));
     memcpy(x+288, in,         1024*sizeof(x[0]));
     for (i = 0; i < 32; i++) { // numTimeSlots*RATE = 16*2 as 960 sample frames
@@ -1161,6 +1164,21 @@
         dsp->vector_fmul_reverse(z, sbr_qmf_window_ds, x, 320);
         sbrdsp->sum64x5(z);
         sbrdsp->qmf_pre_shuffle(z);
+#if USE_FIXED
+        for (j = 64; j < 128; j++) {
+            if (z[j] > 1<<24) {
+                av_log(NULL, AV_LOG_WARNING,
+                       "sbr_qmf_analysis: value %09d too large, setting to %09d\n",
+                       z[j], 1<<24);
+                z[j] = 1<<24;
+            } else if (z[j] < -(1<<24)) {
+                av_log(NULL, AV_LOG_WARNING,
+                       "sbr_qmf_analysis: value %09d too small, setting to %09d\n",
+                       z[j], -(1<<24));
+                z[j] = -(1<<24);
+            }
+        }
+#endif
         mdct->imdct_half(mdct, z, z+64);
         sbrdsp->qmf_post_shuffle(W[buf_idx][i], z);
         x += 32;

ffmpeg-2.8.3.tar.bz2/libavcodec/apedec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/apedec.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/dirac_parser.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/dirac_parser.c Changed

@@ -100,10 +100,12 @@
 static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc,
                              int offset)
 {
-    uint8_t *start = pc->buffer + offset;
-    uint8_t *end   = pc->buffer + pc->index;
-    if (start < pc->buffer || (start + 13 > end))
+    int8_t *start;
+
+    if (offset < 0 || pc->index - 13 < offset)
         return 0;
+
+    start = pc->buffer + offset;
     pu->pu_type = start[4];
 
     pu->next_pu_offset = AV_RB32(start + 5);
@@ -112,6 +114,15 @@
     if (pu->pu_type == 0x10 && pu->next_pu_offset == 0)
         pu->next_pu_offset = 13;
 
+    if (pu->next_pu_offset && pu->next_pu_offset < 13) {
+        av_log(NULL, AV_LOG_ERROR, "next_pu_offset %d is invalid\n", pu->next_pu_offset);
+        return 0;
+    }
+    if (pu->prev_pu_offset && pu->prev_pu_offset < 13) {
+        av_log(NULL, AV_LOG_ERROR, "prev_pu_offset %d is invalid\n", pu->prev_pu_offset);
+        return 0;
+    }
+
     return 1;
 }
 
@@ -190,7 +201,7 @@
         }
 
         /* Get the picture number to set the pts and dts*/
-        if (parse_timing_info) {
+        if (parse_timing_info && pu1.prev_pu_offset >= 13) {
             uint8_t *cur_pu = pc->buffer +
                               pc->index - 13 - pu1.prev_pu_offset;
             int pts = AV_RB32(cur_pu + 13);

ffmpeg-2.8.3.tar.bz2/libavcodec/ffv1dec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/ffv1dec.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/golomb.h -> ffmpeg-2.8.4.tar.bz2/libavcodec/golomb.h Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/h264_mc_template.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/h264_mc_template.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/h264_refs.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/h264_refs.c Changed

@@ -122,6 +122,14 @@
     return out_i;
 }
 
+static int mismatches_ref(H264Context *h, H264Picture *pic)
+{
+    AVFrame *f = pic->f;
+    return (h->cur_pic_ptr->f->width  != f->width ||
+            h->cur_pic_ptr->f->height != f->height ||
+            h->cur_pic_ptr->f->format != f->format);
+}
+
 int ff_h264_fill_default_ref_list(H264Context *h, H264SliceContext *sl)
 {
     int i, len;
@@ -193,10 +201,7 @@
     for (j = 0; j<1+(sl->slice_type_nos == AV_PICTURE_TYPE_B); j++) {
         for (i = 0; i < sl->ref_count[j]; i++) {
             if (h->default_ref_list[j][i].parent) {
-                AVFrame *f = h->default_ref_list[j][i].parent->f;
-                if (h->cur_pic_ptr->f->width  != f->width ||
-                    h->cur_pic_ptr->f->height != f->height ||
-                    h->cur_pic_ptr->f->format != f->format) {
+                if (mismatches_ref(h, h->default_ref_list[j][i].parent)) {
                     av_log(h->avctx, AV_LOG_ERROR, "Discarding mismatching reference\n");
                     memset(&h->default_ref_list[j][i], 0, sizeof(h->default_ref_list[j][i]));
                 }
@@ -298,14 +303,14 @@
 
                     long_idx = pic_num_extract(h, pic_id, &pic_structure);
 
-                    if (long_idx > 31) {
+                    if (long_idx > 31U) {
                         av_log(h->avctx, AV_LOG_ERROR,
                                "long_term_pic_idx overflow\n");
                         return AVERROR_INVALIDDATA;
                     }
                     ref = h->long_ref[long_idx];
                     assert(!(ref && !ref->reference));
-                    if (ref && (ref->reference & pic_structure)) {
+                    if (ref && (ref->reference & pic_structure) && !mismatches_ref(h, ref)) {
                         ref->pic_id = pic_id;
                         assert(ref->long_ref);
                         i = 0;

ffmpeg-2.8.3.tar.bz2/libavcodec/h264_slice.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/h264_slice.c Changed

@@ -1993,12 +1993,12 @@
         if (USES_LIST(top_type, list)) {
             const int b_xy  = h->mb2b_xy[top_xy] + 3 * b_stride;
             const int b8_xy = 4 * top_xy + 2;
-            int (*ref2frm)[64] = (void*)(sl->ref2frm[h->slice_table[top_xy] & (MAX_SLICES - 1)][0] + (MB_MBAFF(sl) ? 20 : 2));
+            int *ref2frm = sl->ref2frm[h->slice_table[top_xy] & (MAX_SLICES - 1)][list] + (MB_MBAFF(sl) ? 20 : 2);
             AV_COPY128(mv_dst - 1 * 8, h->cur_pic.motion_val[list][b_xy + 0]);
             ref_cache[0 - 1 * 8] =
-            ref_cache[1 - 1 * 8] = ref2frm[list][h->cur_pic.ref_index[list][b8_xy + 0]];
+            ref_cache[1 - 1 * 8] = ref2frm[h->cur_pic.ref_index[list][b8_xy + 0]];
             ref_cache[2 - 1 * 8] =
-            ref_cache[3 - 1 * 8] = ref2frm[list][h->cur_pic.ref_index[list][b8_xy + 1]];
+            ref_cache[3 - 1 * 8] = ref2frm[h->cur_pic.ref_index[list][b8_xy + 1]];
         } else {
             AV_ZERO128(mv_dst - 1 * 8);
             AV_WN32A(&ref_cache[0 - 1 * 8], ((LIST_NOT_USED) & 0xFF) * 0x01010101u);
@@ -2008,15 +2008,15 @@
             if (USES_LIST(left_type[LTOP], list)) {
                 const int b_xy  = h->mb2b_xy[left_xy[LTOP]] + 3;
                 const int b8_xy = 4 * left_xy[LTOP] + 1;
-                int (*ref2frm)[64] =(void*)( sl->ref2frm[h->slice_table[left_xy[LTOP]] & (MAX_SLICES - 1)][0] + (MB_MBAFF(sl) ? 20 : 2));
+                int *ref2frm = sl->ref2frm[h->slice_table[left_xy[LTOP]] & (MAX_SLICES - 1)][list] + (MB_MBAFF(sl) ? 20 : 2);
                 AV_COPY32(mv_dst - 1 +  0, h->cur_pic.motion_val[list][b_xy + b_stride * 0]);
                 AV_COPY32(mv_dst - 1 +  8, h->cur_pic.motion_val[list][b_xy + b_stride * 1]);
                 AV_COPY32(mv_dst - 1 + 16, h->cur_pic.motion_val[list][b_xy + b_stride * 2]);
                 AV_COPY32(mv_dst - 1 + 24, h->cur_pic.motion_val[list][b_xy + b_stride * 3]);
                 ref_cache[-1 +  0] =
-                ref_cache[-1 +  8] = ref2frm[list][h->cur_pic.ref_index[list][b8_xy + 2 * 0]];
+                ref_cache[-1 +  8] = ref2frm[h->cur_pic.ref_index[list][b8_xy + 2 * 0]];
                 ref_cache[-1 + 16] =
-                ref_cache[-1 + 24] = ref2frm[list][h->cur_pic.ref_index[list][b8_xy + 2 * 1]];
+                ref_cache[-1 + 24] = ref2frm[h->cur_pic.ref_index[list][b8_xy + 2 * 1]];
             } else {
                 AV_ZERO32(mv_dst - 1 +  0);
                 AV_ZERO32(mv_dst - 1 +  8);
@@ -2041,9 +2041,9 @@
 
     {
         int8_t *ref = &h->cur_pic.ref_index[list][4 * mb_xy];
-        int (*ref2frm)[64] = (void*)(sl->ref2frm[sl->slice_num & (MAX_SLICES - 1)][0] + (MB_MBAFF(sl) ? 20 : 2));
-        uint32_t ref01 = (pack16to32(ref2frm[list][ref[0]], ref2frm[list][ref[1]]) & 0x00FF00FF) * 0x0101;
-        uint32_t ref23 = (pack16to32(ref2frm[list][ref[2]], ref2frm[list][ref[3]]) & 0x00FF00FF) * 0x0101;
+        int *ref2frm = sl->ref2frm[sl->slice_num & (MAX_SLICES - 1)][list] + (MB_MBAFF(sl) ? 20 : 2);
+        uint32_t ref01 = (pack16to32(ref2frm[ref[0]], ref2frm[ref[1]]) & 0x00FF00FF) * 0x0101;
+        uint32_t ref23 = (pack16to32(ref2frm[ref[2]], ref2frm[ref[3]]) & 0x00FF00FF) * 0x0101;
         AV_WN32A(&ref_cache[0 * 8], ref01);
         AV_WN32A(&ref_cache[1 * 8], ref01);
         AV_WN32A(&ref_cache[2 * 8], ref23);

ffmpeg-2.8.3.tar.bz2/libavcodec/hevc.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/hevc.c Changed

@@ -744,7 +744,7 @@
             av_freep(&sh->entry_point_offset);
             av_freep(&sh->offset);
             av_freep(&sh->size);
-            sh->entry_point_offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(int));
+            sh->entry_point_offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(unsigned));
             sh->offset = av_malloc_array(sh->num_entry_point_offsets, sizeof(int));
             sh->size = av_malloc_array(sh->num_entry_point_offsets, sizeof(int));
             if (!sh->entry_point_offset || !sh->offset || !sh->size) {
@@ -2440,8 +2440,8 @@
     HEVCLocalContext *lc = s->HEVClc;
     int *ret = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int));
     int *arg = av_malloc_array(s->sh.num_entry_point_offsets + 1, sizeof(int));
-    int offset;
-    int startheader, cmpt = 0;
+    int64_t offset;
+    int64_t startheader, cmpt = 0;
     int i, j, res = 0;
 
     if (!ret || !arg) {
@@ -2450,11 +2450,18 @@
         return AVERROR(ENOMEM);
     }
 
+    if (s->sh.slice_ctb_addr_rs + s->sh.num_entry_point_offsets * s->ps.sps->ctb_width >= s->ps.sps->ctb_width * s->ps.sps->ctb_height) {
+        av_log(s->avctx, AV_LOG_ERROR, "WPP ctb addresses are wrong (%d %d %d %d)\n",
+            s->sh.slice_ctb_addr_rs, s->sh.num_entry_point_offsets,
+            s->ps.sps->ctb_width, s->ps.sps->ctb_height
+        );
+        res = AVERROR_INVALIDDATA;
+        goto error;
+    }
 
-    if (!s->sList[1]) {
-        ff_alloc_entries(s->avctx, s->sh.num_entry_point_offsets + 1);
-
+    ff_alloc_entries(s->avctx, s->sh.num_entry_point_offsets + 1);
 
+    if (!s->sList[1]) {
         for (i = 1; i < s->threads_number; i++) {
             s->sList[i] = av_malloc(sizeof(HEVCContext));
             memcpy(s->sList[i], s, sizeof(HEVCContext));
@@ -2487,6 +2494,11 @@
     }
     if (s->sh.num_entry_point_offsets != 0) {
         offset += s->sh.entry_point_offset[s->sh.num_entry_point_offsets - 1] - cmpt;
+        if (length < offset) {
+            av_log(s->avctx, AV_LOG_ERROR, "entry_point_offset table is corrupted\n");
+            res = AVERROR_INVALIDDATA;
+            goto error;
+        }
         s->sh.size[s->sh.num_entry_point_offsets - 1] = length - offset;
         s->sh.offset[s->sh.num_entry_point_offsets - 1] = offset;
 
@@ -2513,6 +2525,7 @@
 
     for (i = 0; i <= s->sh.num_entry_point_offsets; i++)
         res += ret[i];
+error:
     av_free(ret);
     av_free(arg);
     return res;

ffmpeg-2.8.3.tar.bz2/libavcodec/hevc.h -> ffmpeg-2.8.4.tar.bz2/libavcodec/hevc.h Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/hevc_cabac.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/hevc_cabac.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/jpeg2000dec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/jpeg2000dec.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/jpeg2000dwt.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/jpeg2000dwt.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/libvpxenc.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/libvpxenc.c Changed

@@ -104,19 +104,11 @@
 
 /** String mappings for enum vp8e_enc_control_id */
 static const char *const ctlidstr[] = {
-    [VP8E_UPD_ENTROPY]           = "VP8E_UPD_ENTROPY",
-    [VP8E_UPD_REFERENCE]         = "VP8E_UPD_REFERENCE",
-    [VP8E_USE_REFERENCE]         = "VP8E_USE_REFERENCE",
-    [VP8E_SET_ROI_MAP]           = "VP8E_SET_ROI_MAP",
-    [VP8E_SET_ACTIVEMAP]         = "VP8E_SET_ACTIVEMAP",
-    [VP8E_SET_SCALEMODE]         = "VP8E_SET_SCALEMODE",
     [VP8E_SET_CPUUSED]           = "VP8E_SET_CPUUSED",
     [VP8E_SET_ENABLEAUTOALTREF]  = "VP8E_SET_ENABLEAUTOALTREF",
     [VP8E_SET_NOISE_SENSITIVITY] = "VP8E_SET_NOISE_SENSITIVITY",
-    [VP8E_SET_SHARPNESS]         = "VP8E_SET_SHARPNESS",
     [VP8E_SET_STATIC_THRESHOLD]  = "VP8E_SET_STATIC_THRESHOLD",
     [VP8E_SET_TOKEN_PARTITIONS]  = "VP8E_SET_TOKEN_PARTITIONS",
-    [VP8E_GET_LAST_QUANTIZER]    = "VP8E_GET_LAST_QUANTIZER",
     [VP8E_SET_ARNR_MAXFRAMES]    = "VP8E_SET_ARNR_MAXFRAMES",
     [VP8E_SET_ARNR_STRENGTH]     = "VP8E_SET_ARNR_STRENGTH",
     [VP8E_SET_ARNR_TYPE]         = "VP8E_SET_ARNR_TYPE",

ffmpeg-2.8.3.tar.bz2/libavcodec/mjpegdec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/mjpegdec.c Changed

@@ -1246,7 +1246,7 @@
                              int mb_bitmask_size,
                              const AVFrame *reference)
 {
-    int i, mb_x, mb_y;
+    int i, mb_x, mb_y, chroma_h_shift, chroma_v_shift, chroma_width, chroma_height;
     uint8_t *data[MAX_COMPONENTS];
     const uint8_t *reference_data[MAX_COMPONENTS];
     int linesize[MAX_COMPONENTS];
@@ -1263,6 +1263,11 @@
 
     s->restart_count = 0;
 
+    av_pix_fmt_get_chroma_sub_sample(s->avctx->pix_fmt, &chroma_h_shift,
+                                     &chroma_v_shift);
+    chroma_width  = FF_CEIL_RSHIFT(s->width,  chroma_h_shift);
+    chroma_height = FF_CEIL_RSHIFT(s->height, chroma_v_shift);
+
     for (i = 0; i < nb_components; i++) {
         int c   = s->comp_index[i];
         data[c] = s->picture_ptr->data[c];
@@ -1299,8 +1304,8 @@
 
                     if (s->interlaced && s->bottom_field)
                         block_offset += linesize[c] >> 1;
-                    if (   8*(h * mb_x + x) < s->width
-                        && 8*(v * mb_y + y) < s->height) {
+                    if (   8*(h * mb_x + x) < ((c == 1) || (c == 2) ? chroma_width  : s->width)
+                        && 8*(v * mb_y + y) < ((c == 1) || (c == 2) ? chroma_height : s->height)) {
                         ptr = data[c] + block_offset;
                     } else
                         ptr = NULL;

ffmpeg-2.8.3.tar.bz2/libavcodec/mpeg4videodec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/mpeg4videodec.c Changed

@@ -883,7 +883,7 @@
     const int part_a_end   = s->pict_type == AV_PICTURE_TYPE_I ? (ER_DC_END   | ER_MV_END)   : ER_MV_END;
 
     mb_num = mpeg4_decode_partition_a(ctx);
-    if (mb_num < 0) {
+    if (mb_num <= 0) {
         ff_er_add_slice(&s->er, s->resync_mb_x, s->resync_mb_y,
                         s->mb_x, s->mb_y, part_a_error);
         return -1;
@@ -1881,6 +1881,10 @@
                 int last = 0;
                 for (i = 0; i < 64; i++) {
                     int j;
+                    if (get_bits_left(gb) < 8) {
+                        av_log(s->avctx, AV_LOG_ERROR, "insufficient data for custom matrix\n");
+                        return AVERROR_INVALIDDATA;
+                    }
                     v = get_bits(gb, 8);
                     if (v == 0)
                         break;
@@ -1904,6 +1908,10 @@
                 int last = 0;
                 for (i = 0; i < 64; i++) {
                     int j;
+                    if (get_bits_left(gb) < 8) {
+                        av_log(s->avctx, AV_LOG_ERROR, "insufficient data for custom matrix\n");
+                        return AVERROR_INVALIDDATA;
+                    }
                     v = get_bits(gb, 8);
                     if (v == 0)
                         break;

ffmpeg-2.8.3.tar.bz2/libavcodec/opus_silk.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/opus_silk.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/pgssubdec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/pgssubdec.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/rawdec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/rawdec.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/sbrdsp_fixed.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/sbrdsp_fixed.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/sonic.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/sonic.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/utils.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/utils.c Changed

ffmpeg-2.8.3.tar.bz2/libavcodec/vp3.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/vp3.c Changed

@@ -131,7 +131,7 @@
 
 typedef struct Vp3DecodeContext {
     AVCodecContext *avctx;
-    int theora, theora_tables;
+    int theora, theora_tables, theora_header;
     int version;
     int width, height;
     int chroma_x_shift, chroma_y_shift;
@@ -209,8 +209,8 @@
     int16_t *dct_tokens[3][64];
     int16_t *dct_tokens_base;
 #define TOKEN_EOB(eob_run)              ((eob_run) << 2)
-#define TOKEN_ZERO_RUN(coeff, zero_run) (((coeff) << 9) + ((zero_run) << 2) + 1)
-#define TOKEN_COEFF(coeff)              (((coeff) << 2) + 2)
+#define TOKEN_ZERO_RUN(coeff, zero_run) (((coeff) * 512) + ((zero_run) << 2) + 1)
+#define TOKEN_COEFF(coeff)              (((coeff) * 4) + 2)
 
     /**
      * number of blocks that contain DCT coefficients at
@@ -2016,17 +2016,19 @@
             vp3_decode_end(avctx);
             ret = theora_decode_header(avctx, &gb);
 
+            if (ret >= 0)
+                ret = vp3_decode_init(avctx);
             if (ret < 0) {
                 vp3_decode_end(avctx);
-            } else
-                ret = vp3_decode_init(avctx);
+            }
             return ret;
         } else if (type == 2) {
             ret = theora_decode_tables(avctx, &gb);
+            if (ret >= 0)
+                ret = vp3_decode_init(avctx);
             if (ret < 0) {
                 vp3_decode_end(avctx);
-            } else
-                ret = vp3_decode_init(avctx);
+            }
             return ret;
         }
 
@@ -2251,6 +2253,7 @@
     int ret;
     AVRational fps, aspect;
 
+    s->theora_header = 0;
     s->theora = get_bits_long(gb, 24);
     av_log(avctx, AV_LOG_DEBUG, "Theora bitstream version %X\n", s->theora);
 
@@ -2321,7 +2324,8 @@
             return AVERROR_INVALIDDATA;
         }
         skip_bits(gb, 3); /* reserved */
-    }
+    } else
+        avctx->pix_fmt = AV_PIX_FMT_YUV420P;
 
     ret = ff_set_dimensions(avctx, s->width, s->height);
     if (ret < 0)
@@ -2355,6 +2359,7 @@
         avctx->color_trc  = AVCOL_TRC_BT709;
     }
 
+    s->theora_header = 1;
     return 0;
 }
 
@@ -2363,6 +2368,9 @@
     Vp3DecodeContext *s = avctx->priv_data;
     int i, n, matrices, inter, plane;
 
+    if (!s->theora_header)
+        return AVERROR_INVALIDDATA;
+
     if (s->theora >= 0x030200) {
         n = get_bits(gb, 3);
         /* loop filter limit values table */

ffmpeg-2.8.3.tar.bz2/libavcodec/wmaprodec.c -> ffmpeg-2.8.4.tar.bz2/libavcodec/wmaprodec.c Changed

ffmpeg-2.8.3.tar.bz2/libavfilter/vf_mpdecimate.c -> ffmpeg-2.8.4.tar.bz2/libavfilter/vf_mpdecimate.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/dump.c -> ffmpeg-2.8.4.tar.bz2/libavformat/dump.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/ffmdec.c -> ffmpeg-2.8.4.tar.bz2/libavformat/ffmdec.c Changed

@@ -268,6 +268,7 @@
     AVStream *st;
     AVIOContext *pb = s->pb;
     AVCodecContext *codec;
+    const AVCodecDescriptor *codec_desc;
     int ret;
     int f_main = 0, f_cprv = -1, f_stvi = -1, f_stau = -1;
     AVCodec *enc;
@@ -322,7 +323,20 @@
             codec = st->codec;
             /* generic info */
             codec->codec_id = avio_rb32(pb);
+            codec_desc = avcodec_descriptor_get(codec->codec_id);
+            if (!codec_desc) {
+                av_log(s, AV_LOG_ERROR, "Invalid codec id: %d\n", codec->codec_id);
+                codec->codec_id = AV_CODEC_ID_NONE;
+                goto fail;
+            }
             codec->codec_type = avio_r8(pb);
+            if (codec->codec_type != codec_desc->type) {
+                av_log(s, AV_LOG_ERROR, "Codec type mismatch: expected %d, found %d\n",
+                       codec_desc->type, codec->codec_type);
+                codec->codec_id = AV_CODEC_ID_NONE;
+                codec->codec_type = AVMEDIA_TYPE_UNKNOWN;
+                goto fail;
+            }
             codec->bit_rate = avio_rb32(pb);
             codec->flags = avio_rb32(pb);
             codec->flags2 = avio_rb32(pb);
@@ -415,7 +429,7 @@
             }
             break;
         case MKBETAG('S', '2', 'V', 'I'):
-            if (f_stvi++) {
+            if (f_stvi++ || !size) {
                 ret = AVERROR(EINVAL);
                 goto fail;
             }
@@ -430,7 +444,7 @@
                 goto fail;
             break;
         case MKBETAG('S', '2', 'A', 'U'):
-            if (f_stau++) {
+            if (f_stau++ || !size) {
                 ret = AVERROR(EINVAL);
                 goto fail;
             }
@@ -471,6 +485,7 @@
     AVStream *st;
     AVIOContext *pb = s->pb;
     AVCodecContext *codec;
+    const AVCodecDescriptor *codec_desc;
     int i, nb_streams;
     uint32_t tag;
 
@@ -508,7 +523,20 @@
         codec = st->codec;
         /* generic info */
         codec->codec_id = avio_rb32(pb);
+        codec_desc = avcodec_descriptor_get(codec->codec_id);
+        if (!codec_desc) {
+            av_log(s, AV_LOG_ERROR, "Invalid codec id: %d\n", codec->codec_id);
+            codec->codec_id = AV_CODEC_ID_NONE;
+            goto fail;
+        }
         codec->codec_type = avio_r8(pb); /* codec_type */
+        if (codec->codec_type != codec_desc->type) {
+            av_log(s, AV_LOG_ERROR, "Codec type mismatch: expected %d, found %d\n",
+                   codec_desc->type, codec->codec_type);
+            codec->codec_id = AV_CODEC_ID_NONE;
+            codec->codec_type = AVMEDIA_TYPE_UNKNOWN;
+            goto fail;
+        }
         codec->bit_rate = avio_rb32(pb);
         codec->flags = avio_rb32(pb);
         codec->flags2 = avio_rb32(pb);

ffmpeg-2.8.3.tar.bz2/libavformat/hlsenc.c -> ffmpeg-2.8.4.tar.bz2/libavformat/hlsenc.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/isom.h -> ffmpeg-2.8.4.tar.bz2/libavformat/isom.h Changed

ffmpeg-2.8.3.tar.bz2/libavformat/matroskaenc.c -> ffmpeg-2.8.4.tar.bz2/libavformat/matroskaenc.c Changed

@@ -926,14 +926,18 @@
     }
 
     if (codec->codec_type == AVMEDIA_TYPE_AUDIO && codec->initial_padding && codec->codec_id == AV_CODEC_ID_OPUS) {
+        int64_t codecdelay = av_rescale_q(codec->initial_padding,
+                                          (AVRational){ 1, codec->sample_rate },
+                                          (AVRational){ 1, 1000000000 });
+        if (codecdelay < 0) {
+            av_log(s, AV_LOG_ERROR, "Initial padding is invalid\n");
+            return AVERROR(EINVAL);
+        }
 //         mkv->tracks[i].ts_offset = av_rescale_q(codec->initial_padding,
 //                                                 (AVRational){ 1, codec->sample_rate },
 //                                                 st->time_base);
 
-        put_ebml_uint(pb, MATROSKA_ID_CODECDELAY,
-                      av_rescale_q(codec->initial_padding,
-                                   (AVRational){ 1, codec->sample_rate },
-                                   (AVRational){ 1, 1000000000 }));
+        put_ebml_uint(pb, MATROSKA_ID_CODECDELAY, codecdelay);
     }
     if (codec->codec_id == AV_CODEC_ID_OPUS) {
         put_ebml_uint(pb, MATROSKA_ID_SEEKPREROLL, OPUS_SEEK_PREROLL);

ffmpeg-2.8.3.tar.bz2/libavformat/mlvdec.c -> ffmpeg-2.8.4.tar.bz2/libavformat/mlvdec.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/mov.c -> ffmpeg-2.8.4.tar.bz2/libavformat/mov.c Changed

@@ -419,6 +419,12 @@
             snprintf(key2, sizeof(key2), "%s-%s", key, language);
             av_dict_set(&c->fc->metadata, key2, str, 0);
         }
+        if (!strcmp(key, "encoder")) {
+            int major, minor, micro;
+            if (sscanf(str, "HandBrake %d.%d.%d", &major, &minor, &micro) == 3) {
+                c->handbrake_version = 1000000*major + 1000*minor + micro;
+            }
+        }
     }
     av_log(c->fc, AV_LOG_TRACE, "lang \"%3s\" ", language);
     av_log(c->fc, AV_LOG_TRACE, "tag \"%s\" value \"%s\" atom \"%.4s\" %d %"PRId64"\n",
@@ -4528,6 +4534,13 @@
                     return err;
             }
         }
+        if (mov->handbrake_version &&
+            mov->handbrake_version <= 1000000*0 + 1000*10 + 0 &&  // 0.10.0
+            st->codec->codec_id == AV_CODEC_ID_MP3
+        ) {
+            av_log(s, AV_LOG_VERBOSE, "Forcing full parsing for mp3 stream\n");
+            st->need_parsing = AVSTREAM_PARSE_FULL;
+        }
     }
 
     if (mov->trex_data) {

ffmpeg-2.8.3.tar.bz2/libavformat/mpegtsenc.c -> ffmpeg-2.8.4.tar.bz2/libavformat/mpegtsenc.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/mxfenc.c -> ffmpeg-2.8.4.tar.bz2/libavformat/mxfenc.c Changed

@@ -1266,11 +1266,11 @@
             user_comment_count = mxf_write_user_comments(s, s->metadata);
         mxf_write_metadata_key(pb, 0x013600);
         PRINT_KEY(s, "Material Package key", pb->buf_ptr - 16);
-        klv_encode_ber_length(pb, 92 + name_size + (16*track_count) + (16*user_comment_count) + 12*mxf->store_user_comments);
+        klv_encode_ber_length(pb, 92 + name_size + (16*track_count) + (16*user_comment_count) + 12LL*mxf->store_user_comments);
     } else {
         mxf_write_metadata_key(pb, 0x013700);
         PRINT_KEY(s, "Source Package key", pb->buf_ptr - 16);
-        klv_encode_ber_length(pb, 112 + name_size + (16*track_count) + 12*mxf->store_user_comments); // 20 bytes length for descriptor reference
+        klv_encode_ber_length(pb, 112 + name_size + (16*track_count) + 12LL*mxf->store_user_comments); // 20 bytes length for descriptor reference
     }
 
     // write uid
@@ -2467,6 +2467,10 @@
         }
         mxf->edit_units_count++;
     } else if (!mxf->edit_unit_byte_count && st->index == 1) {
+        if (!mxf->edit_units_count) {
+            av_log(s, AV_LOG_ERROR, "No packets in first stream\n");
+            return AVERROR_PATCHWELCOME;
+        }
         mxf->index_entries[mxf->edit_units_count-1].slice_offset =
             mxf->body_offset - mxf->index_entries[mxf->edit_units_count-1].offset;
     }

ffmpeg-2.8.3.tar.bz2/libavformat/riffdec.c -> ffmpeg-2.8.4.tar.bz2/libavformat/riffdec.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/rtpenc_jpeg.c -> ffmpeg-2.8.4.tar.bz2/libavformat/rtpenc_jpeg.c Changed

@@ -36,6 +36,7 @@
     int off = 0; /* fragment offset of the current JPEG frame */
     int len;
     int i;
+    int default_huffman_tables = 0;
 
     s->buf_ptr   = s->buf;
     s->timestamp = s->cur_timestamp;
@@ -90,23 +91,66 @@
                 return;
             }
         } else if (buf[i + 1] == DHT) {
-            if (   AV_RB16(&buf[i + 2]) < 418
-                || i + 420 >= size
-                || buf[i +   4] != 0x00
-                || buf[i +  33] != 0x01
-                || buf[i +  62] != 0x10
-                || buf[i + 241] != 0x11
-                || memcmp(buf + i +   5, avpriv_mjpeg_bits_dc_luminance   + 1, 16)
-                || memcmp(buf + i +  21, avpriv_mjpeg_val_dc, 12)
-                || memcmp(buf + i +  34, avpriv_mjpeg_bits_dc_chrominance + 1, 16)
-                || memcmp(buf + i +  50, avpriv_mjpeg_val_dc, 12)
-                || memcmp(buf + i +  63, avpriv_mjpeg_bits_ac_luminance   + 1, 16)
-                || memcmp(buf + i +  79, avpriv_mjpeg_val_ac_luminance, 162)
-                || memcmp(buf + i + 242, avpriv_mjpeg_bits_ac_chrominance + 1, 16)
-                || memcmp(buf + i + 258, avpriv_mjpeg_val_ac_chrominance, 162)) {
-                av_log(s1, AV_LOG_ERROR,
-                       "RFC 2435 requires standard Huffman tables for jpeg\n");
-                return;
+            int dht_size = AV_RB16(&buf[i + 2]);
+            default_huffman_tables |= 1 << 4;
+            i += 3;
+            dht_size -= 2;
+            if (i + dht_size >= size)
+                continue;
+            while (dht_size > 0)
+                switch (buf[i + 1]) {
+                case 0x00:
+                    if (   dht_size >= 29
+                        && !memcmp(buf + i +  2, avpriv_mjpeg_bits_dc_luminance + 1, 16)
+                        && !memcmp(buf + i + 18, avpriv_mjpeg_val_dc, 12)) {
+                        default_huffman_tables |= 1;
+                        i += 29;
+                        dht_size -= 29;
+                    } else {
+                        i += dht_size;
+                        dht_size = 0;
+                    }
+                    break;
+                case 0x01:
+                    if (   dht_size >= 29
+                        && !memcmp(buf + i +  2, avpriv_mjpeg_bits_dc_chrominance + 1, 16)
+                        && !memcmp(buf + i + 18, avpriv_mjpeg_val_dc, 12)) {
+                        default_huffman_tables |= 1 << 1;
+                        i += 29;
+                        dht_size -= 29;
+                    } else {
+                        i += dht_size;
+                        dht_size = 0;
+                    }
+                    break;
+                case 0x10:
+                    if (   dht_size >= 179
+                        && !memcmp(buf + i +  2, avpriv_mjpeg_bits_ac_luminance   + 1, 16)
+                        && !memcmp(buf + i + 18, avpriv_mjpeg_val_ac_luminance, 162)) {
+                        default_huffman_tables |= 1 << 2;
+                        i += 179;
+                        dht_size -= 179;
+                    } else {
+                        i += dht_size;
+                        dht_size = 0;
+                    }
+                    break;
+                case 0x11:
+                    if (   dht_size >= 179
+                        && !memcmp(buf + i +  2, avpriv_mjpeg_bits_ac_chrominance + 1, 16)
+                        && !memcmp(buf + i + 18, avpriv_mjpeg_val_ac_chrominance, 162)) {
+                        default_huffman_tables |= 1 << 3;
+                        i += 179;
+                        dht_size -= 179;
+                    } else {
+                        i += dht_size;
+                        dht_size = 0;
+                    }
+                    break;
+                default:
+                    i += dht_size;
+                    dht_size = 0;
+                    continue;
             }
         } else if (buf[i + 1] == SOS) {
             /* SOS is last marker in the header */
@@ -119,6 +163,11 @@
             break;
         }
     }
+    if (default_huffman_tables && default_huffman_tables != 31) {
+        av_log(s1, AV_LOG_ERROR,
+               "RFC 2435 requires standard Huffman tables for jpeg\n");
+        return;
+    }
     if (nb_qtables && nb_qtables != 2)
         av_log(s1, AV_LOG_WARNING,
                "RFC 2435 suggests two quantization tables, %d provided\n",

ffmpeg-2.8.3.tar.bz2/libavformat/smacker.c -> ffmpeg-2.8.4.tar.bz2/libavformat/smacker.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/tee.c -> ffmpeg-2.8.4.tar.bz2/libavformat/tee.c Changed

ffmpeg-2.8.3.tar.bz2/libavformat/utils.c -> ffmpeg-2.8.4.tar.bz2/libavformat/utils.c Changed

ffmpeg-2.8.3.tar.bz2/libavutil/integer.c -> ffmpeg-2.8.4.tar.bz2/libavutil/integer.c Changed

ffmpeg-2.8.3.tar.bz2/libavutil/mathematics.c -> ffmpeg-2.8.4.tar.bz2/libavutil/mathematics.c Changed

ffmpeg-2.8.3.tar.bz2/libavutil/timecode.c -> ffmpeg-2.8.4.tar.bz2/libavutil/timecode.c Changed

ffmpeg-2.8.3.tar.bz2/libswscale/utils.c -> ffmpeg-2.8.4.tar.bz2/libswscale/utils.c Changed

ffmpeg-2.8.3.tar.bz2/libswscale/x86/rgb2rgb_template.c -> ffmpeg-2.8.4.tar.bz2/libswscale/x86/rgb2rgb_template.c Changed

@@ -1887,8 +1887,9 @@
     for (h=0; h < height; h++) {
         int w;
 
-        if (width >= 16)
+        if (width >= 16) {
 #if COMPILE_TEMPLATE_SSE2
+            if (!((((intptr_t)src1) | ((intptr_t)src2) | ((intptr_t)dest))&15)) {
         __asm__(
             "xor              %%"REG_a", %%"REG_a"  \n\t"
             "1:                                     \n\t"
@@ -1907,7 +1908,8 @@
             ::"r"(dest), "r"(src1), "r"(src2), "r" ((x86_reg)width-15)
             : "memory", XMM_CLOBBERS("xmm0", "xmm1", "xmm2",) "%"REG_a
         );
-#else
+            } else
+#endif
         __asm__(
             "xor %%"REG_a", %%"REG_a"               \n\t"
             "1:                                     \n\t"
@@ -1933,7 +1935,8 @@
             ::"r"(dest), "r"(src1), "r"(src2), "r" ((x86_reg)width-15)
             : "memory", "%"REG_a
         );
-#endif
+
+        }
         for (w= (width&(~15)); w < width; w++) {
             dest[2*w+0] = src1[w];
             dest[2*w+1] = src2[w];
@@ -1943,9 +1946,7 @@
         src2 += src2Stride;
     }
     __asm__(
-#if !COMPILE_TEMPLATE_SSE2
             EMMS"       \n\t"
-#endif
             SFENCE"     \n\t"
             ::: "memory"
             );

Changes of Revision 24