ffmpeg 3.2.10 update
James Cowgill
jcowgill at debian.org
Sat Jan 27 10:19:19 UTC 2018
Hi,
On 26/01/18 17:53, Moritz Mühlenhoff wrote:
> On Fri, Jan 26, 2018 at 05:13:54PM +0000, James Cowgill wrote:
>> Hi,
>>
>> I've pushed ffmpeg 3.2.10 here:
>> https://salsa.debian.org/multimedia-team/ffmpeg/tree/debian/stretch
>>
>> Since I've not been doing these updates before, what is the correct
>> procedure. Do I just upload it to security-master, or should I contact
>> the security team first?
>
> For ffmpeg (since it's following the 3.2.x series) uploading to
> security-master is fine (unless some update happens to provide
> changes in debian/ beyond the changelog, then please send us a
> debdiff).
I've uploaded it and attached the debdiff. There are some minor
modifications to debian/ outside the changelog, but I don't think
they'll be controversial.
d/gbp.conf - changed the git packaging branch names to dep14 style.
d/patches - dropped patch added in 3.2.9 but has now been applied upstream.
Thanks,
James
-------------- next part --------------
diff -Nru ffmpeg-3.2.9/Changelog ffmpeg-3.2.10/Changelog
--- ffmpeg-3.2.9/Changelog 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/Changelog 2018-01-13 02:33:15.000000000 +0000
@@ -1,6 +1,77 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+version 3.2.10:
+- avcodec/utils: Avoid hardcoding duplicated types in sizeof()
+- avcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in one
+- avformat/libssh: check the user provided a password before trying to use it
+- avcodec/h264addpx_template: Fixes integer overflows
+- avcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0
+- avcodec/diracdec: Fix integer overflow with quant
+- avcodec/opus_parser: Check payload_len in parse_opus_ts_header()
+- avcodec/jpeg2000dsp: Fix integer overflows in ict_int()
+- avcodec/h264_slice: Do not attempt to render into frames already output
+- avcodec/dnxhddec: Check dc vlc
+- x264: Support version 153
+- avcodec/exr: Check buf_size more completely
+- avcodec/flacdec: Fix overflow in multiplication in decode_subframe_fixed()
+- avcodec/hevcdsp_template: Fix Invalid shifts in put_hevc_qpel_bi_w_h() and put_hevc_qpel_bi_w_w()
+- avcodec/flacdec: avoid undefined shift
+- avcodec/hevcdsp_template.c: Fix undefined shift in FUNC(dequant)
+- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0() and COMPOSE_DD137iL0()
+- avcodec/hevc_cabac: Fix integer overflow in ff_hevc_cu_qp_delta_abs()
+- tests/audiomatch: Add missing return code at the end of main()
+- avcodec/hevc_sei: Fix integer overflows in decode_nal_sei_message()
+- avcodec/hevcdsp_template: Fix undefined shift in put_hevc_qpel_bi_w_hv()
+- libavfilter/af_dcshift.c: Fixed repeated spelling error
+- avfilter/formats: fix wrong function name in error message
+- avcodec/amrwbdec: Fix division by 0 in voice_factor()
+- avcodec/diracdsp: Fix integer overflow in PUT_SIGNED_RECT_CLAMPED()
+- avcodec/dirac_dwt: Fix integer overflows in COMPOSE_DAUB97*
+- avcodec/vorbis: Fix another 1 << 31 > int32_t::max() with 1u.
+- Don't manipulate duration when it's AV_NOPTS_VALUE.
+- avcodec/vorbis: 1 << 31 > int32_t::max(), so use 1u << 31 instead.
+- avformat/utils: Prevent undefined shift with wrap_bits > 64.
+- avcodec/j2kenc: Fix out of array access in encode_cblk()
+- avcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()
+- avcodec/mlpdsp: Fix signed integer overflow, 2nd try
+- avcodec/kgv1dec: Check that there is enough input for maximum RLE compression
+- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*
+- avcodec/mpeg4videodec: Check also for negative versions in the validity check
+- Close ogg stream upon error when using AV_EF_EXPLODE.
+- Fix undefined shift on assumed 8-bit input.
+- Use ff_thread_once for fixed, float table init.
+- avformat/mov: Propagate errors in mov_switch_root.
+- avcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()
+- avcodec/mlpdsp: Fix undefined shift ff_mlp_pack_output()
+- avcodec/zmbv: Check that the buffer is large enough for mvec
+- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD137iL0()
+- avcodec/wmv2dec: Check end of bitstream in parse_mb_skip() and ff_wmv2_decode_mb()
+- avcodec/snowdec: Check for remaining bitstream in decode_blocks()
+- avcodec/snowdec: Check intra block dc differences.
+- avformat/mov: Check size of STSC allocation
+- avcodec/vc2enc: Clear coef_buf on allocation
+- avcodec/h264dec: Fix potential array overread
+- avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu
+- avcodec/aacpsdsp_template: Fix integer overflows in ps_decorrelate_c()
+- avcodec/aacdec_fixed: Fix undefined shift
+- avcodec/mdct_*: Fix integer overflow in addition in RESCALE()
+- avcodec/snowdec: Fix integer overflow in header parsing
+- avcodec/cngdec: Fix integer clipping
+- avcodec/sbrdsp_fixed: Fix integer overflow in shift in sbr_hf_g_filt_c()
+- avcodec/aacsbr_fixed: Fix division by zero in sbr_gain_calc()
+- avutil/softfloat: Add FLOAT_MIN
+- avcodec/h264idct_template: Fix integer overflows in ff_h264_idct8_add()
+- avcodec/xan: Check for bitstream end in xan_huffman_decode()
+- avcodec/exr: fix undefined shift in pxr24_uncompress()
+- avformat: Free the internal codec context at the end
+- avcodec/xan: Improve overlapping check
+- avcodec/aacdec_fixed: Fix integer overflow in apply_dependent_coupling_fixed()
+- avcodec/aacdec_fixed: Fix integer overflow in predict()
+- avcodec/jpeglsdec: Check for end of bitstream in ls_decode_line()
+- avcodec/jpeglsdec: Check ilv for being a supported value
+- vc2enc_dwt: pad the temporary buffer by the slice size
+
version 3.2.9:
- avcodec/snowdec: Check mv_scale
- avcodec/pafvideo: Check for bitstream end in decode_0()
diff -Nru ffmpeg-3.2.9/RELEASE ffmpeg-3.2.10/RELEASE
--- ffmpeg-3.2.9/RELEASE 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/RELEASE 2018-01-13 02:33:15.000000000 +0000
@@ -1 +1 @@
-3.2.9
+3.2.10
diff -Nru ffmpeg-3.2.9/VERSION ffmpeg-3.2.10/VERSION
--- ffmpeg-3.2.9/VERSION 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/VERSION 2018-01-13 14:36:44.000000000 +0000
@@ -1 +1 @@
-3.2.9
+3.2.10
diff -Nru ffmpeg-3.2.9/configure ffmpeg-3.2.10/configure
--- ffmpeg-3.2.9/configure 2017-10-26 21:48:16.000000000 +0100
+++ ffmpeg-3.2.10/configure 2018-01-13 14:36:44.000000000 +0000
@@ -6703,7 +6703,7 @@
#define FFMPEG_CONFIG_H
#define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
#define FFMPEG_LICENSE "$(c_escape $license)"
-#define CONFIG_THIS_YEAR 2017
+#define CONFIG_THIS_YEAR 2018
#define FFMPEG_DATADIR "$(eval c_escape $datadir)"
#define AVCONV_DATADIR "$(eval c_escape $datadir)"
#define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"
diff -Nru ffmpeg-3.2.9/debian/changelog ffmpeg-3.2.10/debian/changelog
--- ffmpeg-3.2.9/debian/changelog 2017-11-26 20:29:26.000000000 +0000
+++ ffmpeg-3.2.10/debian/changelog 2018-01-26 09:45:14.000000000 +0000
@@ -1,3 +1,15 @@
+ffmpeg (7:3.2.10-1~deb9u1) stretch-security; urgency=medium
+
+ * New upstream release.
+ - avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu.
+ (CVE-2017-17081)
+ - avformat/libssh: check the user provided a password before trying to
+ use it. (Closes: #886912)
+ * debian/patches:
+ - Drop CVE-2017-16840 patch - applied upstream.
+
+ -- James Cowgill <jcowgill at debian.org> Fri, 26 Jan 2018 09:45:14 +0000
+
ffmpeg (7:3.2.9-1~deb9u1) stretch-security; urgency=medium
* New upstream release.
diff -Nru ffmpeg-3.2.9/debian/gbp.conf ffmpeg-3.2.10/debian/gbp.conf
--- ffmpeg-3.2.9/debian/gbp.conf 2017-11-26 20:20:02.000000000 +0000
+++ ffmpeg-3.2.10/debian/gbp.conf 2018-01-26 09:36:41.000000000 +0000
@@ -1,4 +1,4 @@
[DEFAULT]
pristine-tar = True
-debian-branch = stretch
-upstream-branch = upstream-stretch
+debian-branch = debian/stretch
+upstream-branch = upstream/3.2.x
diff -Nru ffmpeg-3.2.9/debian/patches/0001-vc2enc_dwt-pad-the-temporary-buffer-by-the-slice-siz.patch ffmpeg-3.2.10/debian/patches/0001-vc2enc_dwt-pad-the-temporary-buffer-by-the-slice-siz.patch
--- ffmpeg-3.2.9/debian/patches/0001-vc2enc_dwt-pad-the-temporary-buffer-by-the-slice-siz.patch 2017-11-26 20:27:37.000000000 +0000
+++ ffmpeg-3.2.10/debian/patches/0001-vc2enc_dwt-pad-the-temporary-buffer-by-the-slice-siz.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,92 +0,0 @@
-From: Rostislav Pehlivanov <atomnuker at gmail.com>
-Date: Wed, 8 Nov 2017 23:50:04 +0000
-Subject: vc2enc_dwt: pad the temporary buffer by the slice size
-
-Since non-Haar wavelets need to look into pixels outside the frame, we
-need to pad the buffer. The old factor of two seemed to be a workaround
-that fact and only padded to the left and bottom. This correctly pads
-by the slice size and as such reduces memory usage and potential
-exploits.
-Reported by Liu Bingchang.
-
-Ideally, there should be no temporary buffer but the encoder is designed
-to deinterleave the coefficients into the classical wavelet structure
-with the lower frequency values in the top left corner.
-
-Signed-off-by: Rostislav Pehlivanov <atomnuker at gmail.com>
-(cherry picked from commit 3228ac730c11eca49d5680d5550128e397061c85)
----
- libavcodec/vc2enc.c | 3 ++-
- libavcodec/vc2enc_dwt.c | 12 +++++++++---
- libavcodec/vc2enc_dwt.h | 4 +++-
- 3 files changed, 14 insertions(+), 5 deletions(-)
-
-diff --git a/libavcodec/vc2enc.c b/libavcodec/vc2enc.c
-index eda3901..745c6e9 100644
---- a/libavcodec/vc2enc.c
-+++ b/libavcodec/vc2enc.c
-@@ -1190,7 +1190,8 @@ static av_cold int vc2_encode_init(AVCodecContext *avctx)
- /* DWT init */
- if (ff_vc2enc_init_transforms(&s->transform_args[i].t,
- s->plane[i].coef_stride,
-- s->plane[i].dwt_height))
-+ s->plane[i].dwt_height,
-+ s->slice_width, s->slice_height))
- goto alloc_fail;
- }
-
-diff --git a/libavcodec/vc2enc_dwt.c b/libavcodec/vc2enc_dwt.c
-index c60b003..d22af8a 100644
---- a/libavcodec/vc2enc_dwt.c
-+++ b/libavcodec/vc2enc_dwt.c
-@@ -255,21 +255,27 @@ static void vc2_subband_dwt_haar_shift(VC2TransformContext *t, dwtcoef *data,
- dwt_haar(t, data, stride, width, height, 1);
- }
-
--av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_width, int p_height)
-+av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_stride,
-+ int p_height, int slice_w, int slice_h)
- {
- s->vc2_subband_dwt[VC2_TRANSFORM_9_7] = vc2_subband_dwt_97;
- s->vc2_subband_dwt[VC2_TRANSFORM_5_3] = vc2_subband_dwt_53;
- s->vc2_subband_dwt[VC2_TRANSFORM_HAAR] = vc2_subband_dwt_haar;
- s->vc2_subband_dwt[VC2_TRANSFORM_HAAR_S] = vc2_subband_dwt_haar_shift;
-
-- s->buffer = av_malloc(2*p_width*p_height*sizeof(dwtcoef));
-+ /* Pad by the slice size, only matters for non-Haar wavelets */
-+ s->buffer = av_calloc((p_stride + slice_w)*(p_height + slice_h), sizeof(dwtcoef));
- if (!s->buffer)
- return 1;
-
-+ s->padding = (slice_h >> 1)*p_stride + (slice_w >> 1);
-+ s->buffer += s->padding;
-+
- return 0;
- }
-
- av_cold void ff_vc2enc_free_transforms(VC2TransformContext *s)
- {
-- av_freep(&s->buffer);
-+ av_free(s->buffer - s->padding);
-+ s->buffer = NULL;
- }
-diff --git a/libavcodec/vc2enc_dwt.h b/libavcodec/vc2enc_dwt.h
-index 7fbbfbe..a6932bc 100644
---- a/libavcodec/vc2enc_dwt.h
-+++ b/libavcodec/vc2enc_dwt.h
-@@ -41,12 +41,14 @@ enum VC2TransformType {
-
- typedef struct VC2TransformContext {
- dwtcoef *buffer;
-+ int padding;
- void (*vc2_subband_dwt[VC2_TRANSFORMS_NB])(struct VC2TransformContext *t,
- dwtcoef *data, ptrdiff_t stride,
- int width, int height);
- } VC2TransformContext;
-
--int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_width, int p_height);
-+int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_stride, int p_height,
-+ int slice_w, int slice_h);
- void ff_vc2enc_free_transforms(VC2TransformContext *t);
-
- #endif /* AVCODEC_VC2ENC_DWT_H */
diff -Nru ffmpeg-3.2.9/debian/patches/series ffmpeg-3.2.10/debian/patches/series
--- ffmpeg-3.2.9/debian/patches/series 2017-11-26 20:27:37.000000000 +0000
+++ ffmpeg-3.2.10/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-0001-vc2enc_dwt-pad-the-temporary-buffer-by-the-slice-siz.patch
diff -Nru ffmpeg-3.2.9/doc/Doxyfile ffmpeg-3.2.10/doc/Doxyfile
--- ffmpeg-3.2.9/doc/Doxyfile 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/doc/Doxyfile 2018-01-13 02:33:15.000000000 +0000
@@ -38,7 +38,7 @@
# could be handy for archiving the generated documentation or if some version
# control system is used.
-PROJECT_NUMBER = 3.2.9
+PROJECT_NUMBER = 3.2.10
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
diff -Nru ffmpeg-3.2.9/libavcodec/aacdec_fixed.c ffmpeg-3.2.10/libavcodec/aacdec_fixed.c
--- ffmpeg-3.2.9/libavcodec/aacdec_fixed.c 2017-10-26 20:03:02.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/aacdec_fixed.c 2018-01-13 02:33:15.000000000 +0000
@@ -307,9 +307,9 @@
if (shift < 31) {
if (shift > 0) {
- *coef += (pv.mant + (1 << (shift - 1))) >> shift;
+ *coef += (unsigned)((pv.mant + (1 << (shift - 1))) >> shift);
} else
- *coef += pv.mant << -shift;
+ *coef += (unsigned)pv.mant << -shift;
}
}
@@ -394,7 +394,7 @@
for (k = offsets[i]; k < offsets[i + 1]; k++) {
tmp = (int)(((int64_t)src[group * 128 + k] * c + \
(int64_t)0x1000000000) >> 37);
- dest[group * 128 + k] += tmp * (1 << shift);
+ dest[group * 128 + k] += tmp * (1U << shift);
}
}
}
diff -Nru ffmpeg-3.2.9/libavcodec/aacpsdsp_template.c ffmpeg-3.2.10/libavcodec/aacpsdsp_template.c
--- ffmpeg-3.2.9/libavcodec/aacpsdsp_template.c 2017-10-26 20:03:02.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/aacpsdsp_template.c 2018-01-13 02:33:15.000000000 +0000
@@ -129,12 +129,12 @@
INTFLOAT apd_im = in_im;
in_re = AAC_MSUB30(link_delay_re, fractional_delay_re,
link_delay_im, fractional_delay_im);
- in_re -= a_re;
+ in_re -= (UINTFLOAT)a_re;
in_im = AAC_MADD30(link_delay_re, fractional_delay_im,
link_delay_im, fractional_delay_re);
- in_im -= a_im;
- ap_delay[m][n+5][0] = apd_re + AAC_MUL31(ag[m], in_re);
- ap_delay[m][n+5][1] = apd_im + AAC_MUL31(ag[m], in_im);
+ in_im -= (UINTFLOAT)a_im;
+ ap_delay[m][n+5][0] = apd_re + (UINTFLOAT)AAC_MUL31(ag[m], in_re);
+ ap_delay[m][n+5][1] = apd_im + (UINTFLOAT)AAC_MUL31(ag[m], in_im);
}
out[n][0] = AAC_MUL16(transient_gain[n], in_re);
out[n][1] = AAC_MUL16(transient_gain[n], in_im);
diff -Nru ffmpeg-3.2.9/libavcodec/aacsbr_fixed.c ffmpeg-3.2.10/libavcodec/aacsbr_fixed.c
--- ffmpeg-3.2.9/libavcodec/aacsbr_fixed.c 2017-10-26 20:03:02.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/aacsbr_fixed.c 2018-01-13 02:33:15.000000000 +0000
@@ -437,6 +437,7 @@
av_add_sf(FLOAT_1, sbr->e_curr[e][m]),
av_add_sf(FLOAT_1, sbr->q_mapped[e][m]))));
}
+ sbr->gain[e][m] = av_add_sf(sbr->gain[e][m], FLOAT_MIN);
}
for (m = sbr->f_tablelim[k] - sbr->kx[1]; m < sbr->f_tablelim[k + 1] - sbr->kx[1]; m++) {
sum[0] = av_add_sf(sum[0], sbr->e_origmapped[e][m]);
diff -Nru ffmpeg-3.2.9/libavcodec/amrwbdec.c ffmpeg-3.2.10/libavcodec/amrwbdec.c
--- ffmpeg-3.2.9/libavcodec/amrwbdec.c 2017-09-12 01:51:32.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/amrwbdec.c 2018-01-13 02:33:15.000000000 +0000
@@ -611,7 +611,7 @@
AMRWB_SFR_SIZE) *
f_gain * f_gain;
- return (p_ener - f_ener) / (p_ener + f_ener);
+ return (p_ener - f_ener) / (p_ener + f_ener + 0.01);
}
/**
diff -Nru ffmpeg-3.2.9/libavcodec/arm/sbrdsp_neon.S ffmpeg-3.2.10/libavcodec/arm/sbrdsp_neon.S
--- ffmpeg-3.2.9/libavcodec/arm/sbrdsp_neon.S 2016-03-29 03:25:11.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/arm/sbrdsp_neon.S 2018-01-13 02:33:15.000000000 +0000
@@ -336,11 +336,11 @@
vld1.32 {d0}, [r0,:64]
vld1.32 {d6}, [lr,:64]
vld1.32 {d2[]}, [r1,:32]!
- vld1.32 {d3[]}, [r2,:32]!
+ vld1.32 {d18[]}, [r2,:32]!
vceq.f32 d4, d2, #0
veor d2, d2, d3
vmov d1, d0
- vmla.f32 d0, d6, d3
+ vmla.f32 d0, d6, d18
vadd.f32 s2, s2, s4
vbif d0, d1, d4
vst1.32 {d0}, [r0,:64]!
diff -Nru ffmpeg-3.2.9/libavcodec/cngdec.c ffmpeg-3.2.10/libavcodec/cngdec.c
--- ffmpeg-3.2.9/libavcodec/cngdec.c 2017-10-26 20:03:02.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/cngdec.c 2018-01-13 02:33:15.000000000 +0000
@@ -147,7 +147,7 @@
return ret;
buf_out = (int16_t *)frame->data[0];
for (i = 0; i < avctx->frame_size; i++)
- buf_out[i] = p->filter_out[i + p->order];
+ buf_out[i] = av_clip_int16(p->filter_out[i + p->order]);
memcpy(p->filter_out, p->filter_out + avctx->frame_size,
p->order * sizeof(*p->filter_out));
diff -Nru ffmpeg-3.2.9/libavcodec/dirac_dwt.h ffmpeg-3.2.10/libavcodec/dirac_dwt.h
--- ffmpeg-3.2.9/libavcodec/dirac_dwt.h 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/dirac_dwt.h 2018-01-13 02:33:15.000000000 +0000
@@ -99,34 +99,34 @@
(b1 + ((int)(b0 + (unsigned)(b2) + 1) >> 1))
#define COMPOSE_DD97iH0(b0, b1, b2, b3, b4)\
- (b2 + ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 8) >> 4))
+ (int)(((unsigned)(b2) + ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 8) >> 4)))
#define COMPOSE_DD137iL0(b0, b1, b2, b3, b4)\
- (b2 - ((-b0 + 9*b1 + 9*b3 - b4 + 16) >> 5))
+ (int)(((unsigned)(b2) - ((int)(-b0 + 9U*b1 + 9U*b3 - b4 + 16) >> 5)))
#define COMPOSE_HAARiL0(b0, b1)\
- (b0 - ((b1 + 1) >> 1))
+ ((int)(b0 - (unsigned)((int)(b1 + 1U) >> 1)))
#define COMPOSE_HAARiH0(b0, b1)\
- (b0 + b1)
+ ((int)(b0 + (unsigned)(b1)))
#define COMPOSE_FIDELITYiL0(b0, b1, b2, b3, b4, b5, b6, b7, b8)\
- (b4 - ((int)(-8*(b0+(unsigned)b8) + 21*(b1+(unsigned)b7) - 46*(b2+(unsigned)b6) + 161*(b3+(unsigned)b5) + 128) >> 8))
+ ((unsigned)b4 - ((int)(-8*(b0+(unsigned)b8) + 21*(b1+(unsigned)b7) - 46*(b2+(unsigned)b6) + 161*(b3+(unsigned)b5) + 128) >> 8))
#define COMPOSE_FIDELITYiH0(b0, b1, b2, b3, b4, b5, b6, b7, b8)\
- (b4 + ((int)(-2*(b0+(unsigned)b8) + 10*(b1+(unsigned)b7) - 25*(b2+(unsigned)b6) + 81*(b3+(unsigned)b5) + 128) >> 8))
+ ((unsigned)b4 + ((int)(-2*(b0+(unsigned)b8) + 10*(b1+(unsigned)b7) - 25*(b2+(unsigned)b6) + 81*(b3+(unsigned)b5) + 128) >> 8))
#define COMPOSE_DAUB97iL1(b0, b1, b2)\
- (b1 - ((int)(1817*(b0 + (unsigned)b2) + 2048) >> 12))
+ ((unsigned)(b1) - ((int)(1817*(b0 + (unsigned)b2) + 2048) >> 12))
#define COMPOSE_DAUB97iH1(b0, b1, b2)\
- (b1 - ((int)( 113*(b0 + (unsigned)b2) + 64) >> 7))
+ ((unsigned)(b1) - ((int)( 113*(b0 + (unsigned)b2) + 64) >> 7))
#define COMPOSE_DAUB97iL0(b0, b1, b2)\
- (b1 + ((int)( 217*(b0 + (unsigned)b2) + 2048) >> 12))
+ ((unsigned)(b1) + ((int)( 217*(b0 + (unsigned)b2) + 2048) >> 12))
#define COMPOSE_DAUB97iH0(b0, b1, b2)\
- (b1 + ((int)(6497*(b0 + (unsigned)b2) + 2048) >> 12))
+ ((unsigned)(b1) + ((int)(6497*(b0 + (unsigned)b2) + 2048) >> 12))
#endif /* AVCODEC_DWT_H */
diff -Nru ffmpeg-3.2.9/libavcodec/diracdec.c ffmpeg-3.2.10/libavcodec/diracdec.c
--- ffmpeg-3.2.9/libavcodec/diracdec.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/diracdec.c 2018-01-13 02:33:15.000000000 +0000
@@ -502,16 +502,16 @@
}
if (s->codeblock_mode && !(s->old_delta_quant && blockcnt_one)) {
- int quant = b->quant;
+ int quant;
if (is_arith)
- quant += dirac_get_arith_int(c, CTX_DELTA_Q_F, CTX_DELTA_Q_DATA);
+ quant = dirac_get_arith_int(c, CTX_DELTA_Q_F, CTX_DELTA_Q_DATA);
else
- quant += dirac_get_se_golomb(gb);
- if (quant < 0) {
+ quant = dirac_get_se_golomb(gb);
+ if (quant > INT_MAX - b->quant || b->quant + quant < 0) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid quant\n");
return;
}
- b->quant = quant;
+ b->quant += quant;
}
if (b->quant > (DIRAC_MAX_QUANT_INDEX - 1)) {
diff -Nru ffmpeg-3.2.9/libavcodec/diracdsp.c ffmpeg-3.2.10/libavcodec/diracdsp.c
--- ffmpeg-3.2.9/libavcodec/diracdsp.c 2017-10-15 16:59:36.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/diracdsp.c 2018-01-13 02:33:15.000000000 +0000
@@ -159,10 +159,10 @@
int32_t *src = (int32_t *)_src; \
for (y = 0; y < height; y++) { \
for (x = 0; x < width; x+=4) { \
- dst[x ] = av_clip_uintp2(src[x ] + (1 << (PX - 1)), PX); \
- dst[x+1] = av_clip_uintp2(src[x+1] + (1 << (PX - 1)), PX); \
- dst[x+2] = av_clip_uintp2(src[x+2] + (1 << (PX - 1)), PX); \
- dst[x+3] = av_clip_uintp2(src[x+3] + (1 << (PX - 1)), PX); \
+ dst[x ] = av_clip_uintp2(src[x ] + (1U << (PX - 1)), PX); \
+ dst[x+1] = av_clip_uintp2(src[x+1] + (1U << (PX - 1)), PX); \
+ dst[x+2] = av_clip_uintp2(src[x+2] + (1U << (PX - 1)), PX); \
+ dst[x+3] = av_clip_uintp2(src[x+3] + (1U << (PX - 1)), PX); \
} \
dst += dst_stride >> 1; \
src += src_stride >> 2; \
diff -Nru ffmpeg-3.2.9/libavcodec/dnxhddec.c ffmpeg-3.2.10/libavcodec/dnxhddec.c
--- ffmpeg-3.2.9/libavcodec/dnxhddec.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/dnxhddec.c 2018-01-13 02:33:15.000000000 +0000
@@ -372,6 +372,10 @@
UPDATE_CACHE(bs, &row->gb);
GET_VLC(len, bs, &row->gb, ctx->dc_vlc.table, DNXHD_DC_VLC_BITS, 1);
+ if (len < 0) {
+ ret = len;
+ goto error;
+ }
if (len) {
level = GET_CACHE(bs, &row->gb);
LAST_SKIP_BITS(bs, &row->gb, len);
@@ -425,7 +429,7 @@
GET_VLC(index1, bs, &row->gb, ctx->ac_vlc.table,
DNXHD_VLC_BITS, 2);
}
-
+error:
CLOSE_READER(bs, &row->gb);
return ret;
}
diff -Nru ffmpeg-3.2.9/libavcodec/exr.c ffmpeg-3.2.10/libavcodec/exr.c
--- ffmpeg-3.2.9/libavcodec/exr.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/exr.c 2018-01-13 02:33:15.000000000 +0000
@@ -864,7 +864,7 @@
in = ptr[2] + td->xsize;
for (j = 0; j < td->xsize; ++j) {
- uint32_t diff = (*(ptr[0]++) << 24) |
+ uint32_t diff = ((unsigned)*(ptr[0]++) << 24) |
(*(ptr[1]++) << 16) |
(*(ptr[2]++) << 8);
pixel += diff;
@@ -1044,7 +1044,7 @@
line_offset = AV_RL64(s->gb.buffer + jobnr * 8);
if (s->is_tile) {
- if (line_offset > buf_size - 20)
+ if (buf_size < 20 || line_offset > buf_size - 20)
return AVERROR_INVALIDDATA;
src = buf + line_offset + 20;
@@ -1055,7 +1055,7 @@
tileLevelY = AV_RL32(src - 8);
data_size = AV_RL32(src - 4);
- if (data_size <= 0 || data_size > buf_size)
+ if (data_size <= 0 || data_size > buf_size - line_offset - 20)
return AVERROR_INVALIDDATA;
if (tileLevelX || tileLevelY) { /* tile level, is not the full res level */
@@ -1088,7 +1088,7 @@
td->channel_line_size = td->xsize * s->current_channel_offset;/* uncompress size of one line */
uncompressed_size = td->channel_line_size * (uint64_t)td->ysize;/* uncompress size of the block */
} else {
- if (line_offset > buf_size - 8)
+ if (buf_size < 8 || line_offset > buf_size - 8)
return AVERROR_INVALIDDATA;
src = buf + line_offset + 8;
@@ -1098,7 +1098,7 @@
return AVERROR_INVALIDDATA;
data_size = AV_RL32(src - 4);
- if (data_size <= 0 || data_size > buf_size)
+ if (data_size <= 0 || data_size > buf_size - line_offset - 8)
return AVERROR_INVALIDDATA;
td->ysize = FFMIN(s->scan_lines_per_block, s->ymax - line + 1); /* s->ydelta - line ?? */
diff -Nru ffmpeg-3.2.9/libavcodec/flacdec.c ffmpeg-3.2.10/libavcodec/flacdec.c
--- ffmpeg-3.2.9/libavcodec/flacdec.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/flacdec.c 2018-01-13 02:33:15.000000000 +0000
@@ -287,7 +287,7 @@
if (pred_order > 2)
c = b - decoded[pred_order-2] + decoded[pred_order-3];
if (pred_order > 3)
- d = c - decoded[pred_order-2] + 2*decoded[pred_order-3] - decoded[pred_order-4];
+ d = c - decoded[pred_order-2] + 2U*decoded[pred_order-3] - decoded[pred_order-4];
switch (pred_order) {
case 0:
@@ -445,7 +445,7 @@
return AVERROR_INVALIDDATA;
}
- if (wasted) {
+ if (wasted && wasted < 32) {
int i;
for (i = 0; i < s->blocksize; i++)
decoded[i] = (unsigned)decoded[i] << wasted;
diff -Nru ffmpeg-3.2.9/libavcodec/h264_slice.c ffmpeg-3.2.10/libavcodec/h264_slice.c
--- ffmpeg-3.2.9/libavcodec/h264_slice.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/h264_slice.c 2018-01-13 02:33:15.000000000 +0000
@@ -1462,6 +1462,12 @@
* one except for reference purposes. */
h->first_field = 1;
h->cur_pic_ptr = NULL;
+ } else if (h->cur_pic_ptr->reference & DELAYED_PIC_REF) {
+ /* This frame was already output, we cannot draw into it
+ * anymore.
+ */
+ h->first_field = 1;
+ h->cur_pic_ptr = NULL;
} else {
/* Second field in complementary pair */
h->first_field = 0;
diff -Nru ffmpeg-3.2.9/libavcodec/h264addpx_template.c ffmpeg-3.2.10/libavcodec/h264addpx_template.c
--- ffmpeg-3.2.9/libavcodec/h264addpx_template.c 2017-09-12 01:51:32.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/h264addpx_template.c 2018-01-13 02:33:15.000000000 +0000
@@ -35,10 +35,10 @@
stride /= sizeof(pixel);
for (i = 0; i < 4; i++) {
- dst[0] += src[0];
- dst[1] += src[1];
- dst[2] += src[2];
- dst[3] += src[3];
+ dst[0] += (unsigned)src[0];
+ dst[1] += (unsigned)src[1];
+ dst[2] += (unsigned)src[2];
+ dst[3] += (unsigned)src[3];
dst += stride;
src += 4;
@@ -55,14 +55,14 @@
stride /= sizeof(pixel);
for (i = 0; i < 8; i++) {
- dst[0] += src[0];
- dst[1] += src[1];
- dst[2] += src[2];
- dst[3] += src[3];
- dst[4] += src[4];
- dst[5] += src[5];
- dst[6] += src[6];
- dst[7] += src[7];
+ dst[0] += (unsigned)src[0];
+ dst[1] += (unsigned)src[1];
+ dst[2] += (unsigned)src[2];
+ dst[3] += (unsigned)src[3];
+ dst[4] += (unsigned)src[4];
+ dst[5] += (unsigned)src[5];
+ dst[6] += (unsigned)src[6];
+ dst[7] += (unsigned)src[7];
dst += stride;
src += 8;
diff -Nru ffmpeg-3.2.9/libavcodec/h264dec.h ffmpeg-3.2.10/libavcodec/h264dec.h
--- ffmpeg-3.2.9/libavcodec/h264dec.h 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/h264dec.h 2018-01-13 02:33:15.000000000 +0000
@@ -422,6 +422,7 @@
uint8_t (*mvd_table[2])[2];
uint8_t *direct_table;
+ uint8_t scan_padding[16];
uint8_t zigzag_scan[16];
uint8_t zigzag_scan8x8[64];
uint8_t zigzag_scan8x8_cavlc[64];
diff -Nru ffmpeg-3.2.9/libavcodec/h264idct_template.c ffmpeg-3.2.10/libavcodec/h264idct_template.c
--- ffmpeg-3.2.9/libavcodec/h264idct_template.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/h264idct_template.c 2018-01-13 02:33:15.000000000 +0000
@@ -91,10 +91,10 @@
const int a5 = -block[i+1*8] + block[i+7*8] + block[i+5*8] + (block[i+5*8]>>1);
const int a7 = block[i+3*8] + block[i+5*8] + block[i+1*8] + (block[i+1*8]>>1);
- const int b1 = (a7>>2) + a1;
- const int b3 = a3 + (a5>>2);
- const int b5 = (a3>>2) - a5;
- const int b7 = a7 - (a1>>2);
+ const int b1 = (a7>>2) + (unsigned)a1;
+ const int b3 = (unsigned)a3 + (a5>>2);
+ const int b5 = (a3>>2) - (unsigned)a5;
+ const int b7 = (unsigned)a7 - (a1>>2);
block[i+0*8] = b0 + b7;
block[i+7*8] = b0 - b7;
diff -Nru ffmpeg-3.2.9/libavcodec/hevc_cabac.c ffmpeg-3.2.10/libavcodec/hevc_cabac.c
--- ffmpeg-3.2.9/libavcodec/hevc_cabac.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/hevc_cabac.c 2018-01-13 02:33:15.000000000 +0000
@@ -633,8 +633,10 @@
suffix_val += 1 << k;
k++;
}
- if (k == CABAC_MAX_BIN)
+ if (k == CABAC_MAX_BIN) {
av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", k);
+ return AVERROR_INVALIDDATA;
+ }
while (k--)
suffix_val += get_cabac_bypass(&s->HEVClc->cc) << k;
diff -Nru ffmpeg-3.2.9/libavcodec/hevc_sei.c ffmpeg-3.2.10/libavcodec/hevc_sei.c
--- ffmpeg-3.2.9/libavcodec/hevc_sei.c 2017-10-26 21:48:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/hevc_sei.c 2018-01-13 02:33:15.000000000 +0000
@@ -344,11 +344,15 @@
av_log(s->avctx, AV_LOG_DEBUG, "Decoding SEI\n");
while (byte == 0xFF) {
+ if (get_bits_left(gb) < 16 || payload_type > INT_MAX - 255)
+ return AVERROR_INVALIDDATA;
byte = get_bits(gb, 8);
payload_type += byte;
}
byte = 0xFF;
while (byte == 0xFF) {
+ if (get_bits_left(gb) < 8 + 8LL*payload_size)
+ return AVERROR_INVALIDDATA;
byte = get_bits(gb, 8);
payload_size += byte;
}
diff -Nru ffmpeg-3.2.9/libavcodec/hevcdsp_template.c ffmpeg-3.2.10/libavcodec/hevcdsp_template.c
--- ffmpeg-3.2.9/libavcodec/hevcdsp_template.c 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/hevcdsp_template.c 2018-01-13 02:33:15.000000000 +0000
@@ -125,7 +125,7 @@
} else {
for (y = 0; y < size; y++) {
for (x = 0; x < size; x++) {
- *coeffs = *coeffs << -shift;
+ *coeffs = *(uint16_t*)coeffs << -shift;
coeffs++;
}
}
@@ -921,7 +921,7 @@
for (y = 0; y < height; y++) {
for (x = 0; x < width; x++)
dst[x] = av_clip_pixel(((QPEL_FILTER(src, 1) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 +
- ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1));
+ ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1));
src += srcstride;
dst += dststride;
src2 += MAX_PB_SIZE;
@@ -976,7 +976,7 @@
for (y = 0; y < height; y++) {
for (x = 0; x < width; x++)
dst[x] = av_clip_pixel(((QPEL_FILTER(src, srcstride) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 +
- ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1));
+ ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1));
src += srcstride;
dst += dststride;
src2 += MAX_PB_SIZE;
@@ -1057,7 +1057,7 @@
for (y = 0; y < height; y++) {
for (x = 0; x < width; x++)
dst[x] = av_clip_pixel(((QPEL_FILTER(tmp, MAX_PB_SIZE) >> 6) * wx1 + src2[x] * wx0 +
- ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1));
+ ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1));
tmp += MAX_PB_SIZE;
dst += dststride;
src2 += MAX_PB_SIZE;
@@ -1361,7 +1361,7 @@
for (y = 0; y < height; y++) {
for (x = 0; x < width; x++)
dst[x] = av_clip_pixel(((EPEL_FILTER(src, 1) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 +
- ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1));
+ ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1));
src += srcstride;
dst += dststride;
src2 += MAX_PB_SIZE;
@@ -1413,7 +1413,7 @@
for (y = 0; y < height; y++) {
for (x = 0; x < width; x++)
dst[x] = av_clip_pixel(((EPEL_FILTER(src, srcstride) >> (BIT_DEPTH - 8)) * wx1 + src2[x] * wx0 +
- ((ox0 + ox1 + 1) << log2Wd)) >> (log2Wd + 1));
+ ((ox0 + ox1 + 1) * (1 << log2Wd))) >> (log2Wd + 1));
src += srcstride;
dst += dststride;
src2 += MAX_PB_SIZE;
diff -Nru ffmpeg-3.2.9/libavcodec/j2kenc.c ffmpeg-3.2.10/libavcodec/j2kenc.c
--- ffmpeg-3.2.9/libavcodec/j2kenc.c 2017-09-12 01:51:33.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/j2kenc.c 2018-01-13 02:33:15.000000000 +0000
@@ -688,7 +688,8 @@
cblk->npasses = passno;
cblk->ninclpasses = passno;
- cblk->passes[passno-1].rate = ff_mqc_flush_to(&t1->mqc, cblk->passes[passno-1].flushed, &cblk->passes[passno-1].flushed_len);
+ if (passno)
+ cblk->passes[passno-1].rate = ff_mqc_flush_to(&t1->mqc, cblk->passes[passno-1].flushed, &cblk->passes[passno-1].flushed_len);
}
/* tier-2 routines: */
diff -Nru ffmpeg-3.2.9/libavcodec/jpeg2000dsp.c ffmpeg-3.2.10/libavcodec/jpeg2000dsp.c
--- ffmpeg-3.2.9/libavcodec/jpeg2000dsp.c 2017-09-25 18:21:49.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/jpeg2000dsp.c 2018-01-13 02:33:15.000000000 +0000
@@ -64,9 +64,9 @@
int i;
for (i = 0; i < csize; i++) {
- i0 = *src0 + *src2 + (((26345 * *src2) + (1 << 15)) >> 16);
+ i0 = *src0 + *src2 + ((int)((26345U * *src2) + (1 << 15)) >> 16);
i1 = *src0 - ((int)(((unsigned)i_ict_params[1] * *src1) + (1 << 15)) >> 16)
- - (((i_ict_params[2] * *src2) + (1 << 15)) >> 16);
+ - ((int)(((unsigned)i_ict_params[2] * *src2) + (1 << 15)) >> 16);
i2 = *src0 + (2 * *src1) + ((int)((-14942U * *src1) + (1 << 15)) >> 16);
*src0++ = i0;
*src1++ = i1;
diff -Nru ffmpeg-3.2.9/libavcodec/jpeglsdec.c ffmpeg-3.2.10/libavcodec/jpeglsdec.c
--- ffmpeg-3.2.9/libavcodec/jpeglsdec.c 2017-10-26 21:48:18.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/jpeglsdec.c 2018-01-13 02:33:15.000000000 +0000
@@ -233,6 +233,9 @@
while (x < w) {
int err, pred;
+ if (get_bits_left(&s->gb) <= 0)
+ return;
+
/* compute gradients */
Ra = x ? R(dst, x - stride) : R(last, x);
Rb = R(last, x);
@@ -438,6 +441,10 @@
avpriv_report_missing_feature(s->avctx, "Sample interleaved images");
ret = AVERROR_PATCHWELCOME;
goto end;
+ } else { /* unknown interleaving */
+ avpriv_report_missing_feature(s->avctx, "Unknown interleaved images");
+ ret = AVERROR_PATCHWELCOME;
+ goto end;
}
if (s->xfrm && s->nb_components == 3) {
diff -Nru ffmpeg-3.2.9/libavcodec/kgv1dec.c ffmpeg-3.2.10/libavcodec/kgv1dec.c
--- ffmpeg-3.2.9/libavcodec/kgv1dec.c 2016-06-27 00:54:29.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/kgv1dec.c 2018-01-13 02:33:15.000000000 +0000
@@ -62,6 +62,9 @@
h = (buf[1] + 1) * 8;
buf += 2;
+ if (avpkt->size < 2 + w*h / 513)
+ return AVERROR_INVALIDDATA;
+
if (w != avctx->width || h != avctx->height) {
av_freep(&c->frame_buffer);
av_freep(&c->last_frame_buffer);
diff -Nru ffmpeg-3.2.9/libavcodec/libx264.c ffmpeg-3.2.10/libavcodec/libx264.c
--- ffmpeg-3.2.9/libavcodec/libx264.c 2017-10-26 21:48:18.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/libx264.c 2018-01-13 02:33:15.000000000 +0000
@@ -279,7 +279,11 @@
x264_picture_init( &x4->pic );
x4->pic.img.i_csp = x4->params.i_csp;
+#if X264_BUILD >= 153
+ if (x4->params.i_bitdepth > 8)
+#else
if (x264_bit_depth > 8)
+#endif
x4->pic.img.i_csp |= X264_CSP_HIGH_DEPTH;
x4->pic.img.i_plane = avfmt2_num_planes(ctx->pix_fmt);
@@ -490,6 +494,9 @@
x4->params.p_log_private = avctx;
x4->params.i_log_level = X264_LOG_DEBUG;
x4->params.i_csp = convert_pix_fmt(avctx->pix_fmt);
+#if X264_BUILD >= 153
+ x4->params.i_bitdepth = av_pix_fmt_desc_get(avctx->pix_fmt)->comp[0].depth;
+#endif
PARSE_X264_OPT("weightp", wpredp);
@@ -878,6 +885,24 @@
AV_PIX_FMT_NV20,
AV_PIX_FMT_NONE
};
+static const enum AVPixelFormat pix_fmts_all[] = {
+ AV_PIX_FMT_YUV420P,
+ AV_PIX_FMT_YUVJ420P,
+ AV_PIX_FMT_YUV422P,
+ AV_PIX_FMT_YUVJ422P,
+ AV_PIX_FMT_YUV444P,
+ AV_PIX_FMT_YUVJ444P,
+ AV_PIX_FMT_NV12,
+ AV_PIX_FMT_NV16,
+#ifdef X264_CSP_NV21
+ AV_PIX_FMT_NV21,
+#endif
+ AV_PIX_FMT_YUV420P10,
+ AV_PIX_FMT_YUV422P10,
+ AV_PIX_FMT_YUV444P10,
+ AV_PIX_FMT_NV20,
+ AV_PIX_FMT_NONE
+};
#if CONFIG_LIBX264RGB_ENCODER
static const enum AVPixelFormat pix_fmts_8bit_rgb[] = {
AV_PIX_FMT_BGR0,
@@ -889,12 +914,16 @@
static av_cold void X264_init_static(AVCodec *codec)
{
+#if X264_BUILD < 153
if (x264_bit_depth == 8)
codec->pix_fmts = pix_fmts_8bit;
else if (x264_bit_depth == 9)
codec->pix_fmts = pix_fmts_9bit;
else if (x264_bit_depth == 10)
codec->pix_fmts = pix_fmts_10bit;
+#else
+ codec->pix_fmts = pix_fmts_all;
+#endif
}
#define OFFSET(x) offsetof(X264Context, x)
diff -Nru ffmpeg-3.2.9/libavcodec/mdct_fixed.c ffmpeg-3.2.10/libavcodec/mdct_fixed.c
--- ffmpeg-3.2.9/libavcodec/mdct_fixed.c 2016-03-29 03:25:17.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/mdct_fixed.c 2018-01-13 02:33:15.000000000 +0000
@@ -39,13 +39,13 @@
/* pre rotation */
for(i=0;i<n8;i++) {
- re = RSCALE(-input[2*i+n3] - input[n3-1-2*i]);
- im = RSCALE(-input[n4+2*i] + input[n4-1-2*i]);
+ re = RSCALE(-input[2*i+n3], - input[n3-1-2*i]);
+ im = RSCALE(-input[n4+2*i], + input[n4-1-2*i]);
j = revtab[i];
CMUL(x[j].re, x[j].im, re, im, -tcos[i], tsin[i]);
- re = RSCALE( input[2*i] - input[n2-1-2*i]);
- im = RSCALE(-input[n2+2*i] - input[ n-1-2*i]);
+ re = RSCALE( input[2*i] , - input[n2-1-2*i]);
+ im = RSCALE(-input[n2+2*i], - input[ n-1-2*i]);
j = revtab[n8 + i];
CMUL(x[j].re, x[j].im, re, im, -tcos[n8 + i], tsin[n8 + i]);
}
diff -Nru ffmpeg-3.2.9/libavcodec/mdct_template.c ffmpeg-3.2.10/libavcodec/mdct_template.c
--- ffmpeg-3.2.9/libavcodec/mdct_template.c 2017-09-12 01:51:33.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/mdct_template.c 2018-01-13 02:33:15.000000000 +0000
@@ -33,12 +33,12 @@
*/
#if FFT_FLOAT
-# define RSCALE(x) (x)
+# define RSCALE(x, y) ((x) + (y))
#else
#if FFT_FIXED_32
-# define RSCALE(x) (((x) + 32) >> 6)
+# define RSCALE(x, y) ((int)((x) + (unsigned)(y) + 32) >> 6)
#else /* FFT_FIXED_32 */
-# define RSCALE(x) ((x) >> 1)
+# define RSCALE(x, y) ((int)((x) + (unsigned)(y)) >> 1)
#endif /* FFT_FIXED_32 */
#endif
@@ -181,13 +181,13 @@
/* pre rotation */
for(i=0;i<n8;i++) {
- re = RSCALE(-input[2*i+n3] - input[n3-1-2*i]);
- im = RSCALE(-input[n4+2*i] + input[n4-1-2*i]);
+ re = RSCALE(-input[2*i+n3], - input[n3-1-2*i]);
+ im = RSCALE(-input[n4+2*i], + input[n4-1-2*i]);
j = revtab[i];
CMUL(x[j].re, x[j].im, re, im, -tcos[i], tsin[i]);
- re = RSCALE( input[2*i] - input[n2-1-2*i]);
- im = RSCALE(-input[n2+2*i] - input[ n-1-2*i]);
+ re = RSCALE( input[2*i] , - input[n2-1-2*i]);
+ im = RSCALE(-input[n2+2*i], - input[ n-1-2*i]);
j = revtab[n8 + i];
CMUL(x[j].re, x[j].im, re, im, -tcos[n8 + i], tsin[n8 + i]);
}
diff -Nru ffmpeg-3.2.9/libavcodec/mlpdsp.c ffmpeg-3.2.10/libavcodec/mlpdsp.c
--- ffmpeg-3.2.9/libavcodec/mlpdsp.c 2017-07-19 13:02:02.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/mlpdsp.c 2018-01-13 02:33:15.000000000 +0000
@@ -117,7 +117,7 @@
(1U << output_shift[mat_ch]);
lossless_check_data ^= (sample & 0xffffff) << mat_ch;
if (is32)
- *data_32++ = sample << 8;
+ *data_32++ = sample * 256U;
else
*data_16++ = sample >> 8;
}
diff -Nru ffmpeg-3.2.9/libavcodec/mpeg4videodec.c ffmpeg-3.2.10/libavcodec/mpeg4videodec.c
--- ffmpeg-3.2.9/libavcodec/mpeg4videodec.c 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/mpeg4videodec.c 2018-01-13 02:33:15.000000000 +0000
@@ -2149,8 +2149,15 @@
e = sscanf(buf, "FFmpeg v%d.%d.%d / libavcodec build: %d", &ver, &ver2, &ver3, &build);
if (e != 4) {
e = sscanf(buf, "Lavc%d.%d.%d", &ver, &ver2, &ver3) + 1;
- if (e > 1)
- build = (ver << 16) + (ver2 << 8) + ver3;
+ if (e > 1) {
+ if (ver > 0xFFU || ver2 > 0xFFU || ver3 > 0xFFU) {
+ av_log(s->avctx, AV_LOG_WARNING,
+ "Unknown Lavc version string encountered, %d.%d.%d; "
+ "clamping sub-version values to 8-bits.\n",
+ ver, ver2, ver3);
+ }
+ build = ((ver & 0xFF) << 16) + ((ver2 & 0xFF) << 8) + (ver3 & 0xFF);
+ }
}
if (e != 4) {
if (strcmp(buf, "ffmpeg") == 0)
diff -Nru ffmpeg-3.2.9/libavcodec/mpegaudiodsp.c ffmpeg-3.2.10/libavcodec/mpegaudiodsp.c
--- ffmpeg-3.2.9/libavcodec/mpegaudiodsp.c 2017-09-12 01:51:33.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/mpegaudiodsp.c 2018-01-13 02:33:15.000000000 +0000
@@ -20,17 +20,21 @@
#include "config.h"
#include "libavutil/attributes.h"
+#include "libavutil/thread.h"
#include "mpegaudiodsp.h"
#include "dct.h"
#include "dct32.h"
+static AVOnce mpadsp_float_table_init = AV_ONCE_INIT;
+static AVOnce mpadsp_fixed_table_init = AV_ONCE_INIT;
+
av_cold void ff_mpadsp_init(MPADSPContext *s)
{
DCTContext dct;
ff_dct_init(&dct, 5, DCT_II);
- ff_init_mpadsp_tabs_float();
- ff_init_mpadsp_tabs_fixed();
+ ff_thread_once(&mpadsp_float_table_init, &ff_init_mpadsp_tabs_float);
+ ff_thread_once(&mpadsp_fixed_table_init, &ff_init_mpadsp_tabs_fixed);
s->apply_window_float = ff_mpadsp_apply_window_float;
s->apply_window_fixed = ff_mpadsp_apply_window_fixed;
diff -Nru ffmpeg-3.2.9/libavcodec/opus_parser.c ffmpeg-3.2.10/libavcodec/opus_parser.c
--- ffmpeg-3.2.9/libavcodec/opus_parser.c 2017-10-26 21:48:18.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/opus_parser.c 2018-01-13 02:33:15.000000000 +0000
@@ -43,6 +43,7 @@
const uint8_t *buf = start + 1;
int start_trim_flag, end_trim_flag, control_extension_flag, control_extension_length;
uint8_t flags;
+ uint64_t payload_len_tmp;
GetByteContext gb;
bytestream2_init(&gb, buf, buf_len);
@@ -52,11 +53,11 @@
end_trim_flag = (flags >> 3) & 1;
control_extension_flag = (flags >> 2) & 1;
- *payload_len = 0;
+ payload_len_tmp = *payload_len = 0;
while (bytestream2_peek_byte(&gb) == 0xff)
- *payload_len += bytestream2_get_byte(&gb);
+ payload_len_tmp += bytestream2_get_byte(&gb);
- *payload_len += bytestream2_get_byte(&gb);
+ payload_len_tmp += bytestream2_get_byte(&gb);
if (start_trim_flag)
bytestream2_skip(&gb, 2);
@@ -67,6 +68,11 @@
bytestream2_skip(&gb, control_extension_length);
}
+ if (bytestream2_tell(&gb) + payload_len_tmp > buf_len)
+ return NULL;
+
+ *payload_len = payload_len_tmp;
+
return buf + bytestream2_tell(&gb);
}
@@ -104,6 +110,10 @@
state = (state << 8) | payload[i];
if ((state & OPUS_TS_MASK) == OPUS_TS_HEADER) {
payload = parse_opus_ts_header(payload, &payload_len, buf_size - i);
+ if (!payload) {
+ av_log(avctx, AV_LOG_ERROR, "Error parsing Ogg TS header.\n");
+ return AVERROR_INVALIDDATA;
+ }
*header_len = payload - buf;
start_found = 1;
break;
diff -Nru ffmpeg-3.2.9/libavcodec/sbrdsp_fixed.c ffmpeg-3.2.10/libavcodec/sbrdsp_fixed.c
--- ffmpeg-3.2.9/libavcodec/sbrdsp_fixed.c 2017-10-26 20:03:03.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/sbrdsp_fixed.c 2018-01-13 02:33:15.000000000 +0000
@@ -233,12 +233,14 @@
int64_t accu;
for (m = 0; m < m_max; m++) {
- int64_t r = 1LL << (22-g_filt[m].exp);
- accu = (int64_t)X_high[m][ixh][0] * ((g_filt[m].mant + 0x40)>>7);
- Y[m][0] = (int)((accu + r) >> (23-g_filt[m].exp));
+ if (22 - g_filt[m].exp < 61) {
+ int64_t r = 1LL << (22-g_filt[m].exp);
+ accu = (int64_t)X_high[m][ixh][0] * ((g_filt[m].mant + 0x40)>>7);
+ Y[m][0] = (int)((accu + r) >> (23-g_filt[m].exp));
- accu = (int64_t)X_high[m][ixh][1] * ((g_filt[m].mant + 0x40)>>7);
- Y[m][1] = (int)((accu + r) >> (23-g_filt[m].exp));
+ accu = (int64_t)X_high[m][ixh][1] * ((g_filt[m].mant + 0x40)>>7);
+ Y[m][1] = (int)((accu + r) >> (23-g_filt[m].exp));
+ }
}
}
diff -Nru ffmpeg-3.2.9/libavcodec/snowdec.c ffmpeg-3.2.10/libavcodec/snowdec.c
--- ffmpeg-3.2.9/libavcodec/snowdec.c 2017-10-26 21:48:27.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/snowdec.c 2018-01-13 02:33:15.000000000 +0000
@@ -183,13 +183,22 @@
int my_context= av_log2(2*FFABS(left->my - top->my)) + 0*av_log2(2*FFABS(tr->my - top->my));
type= get_rac(&s->c, &s->block_state[1 + left->type + top->type]) ? BLOCK_INTRA : 0;
-
if(type){
+ int ld, cbd, crd;
pred_mv(s, &mx, &my, 0, left, top, tr);
- l += get_symbol(&s->c, &s->block_state[32], 1);
+ ld = get_symbol(&s->c, &s->block_state[32], 1);
+ if (ld < -255 || ld > 255) {
+ return AVERROR_INVALIDDATA;
+ }
+ l += ld;
if (s->nb_planes > 2) {
- cb+= get_symbol(&s->c, &s->block_state[64], 1);
- cr+= get_symbol(&s->c, &s->block_state[96], 1);
+ cbd = get_symbol(&s->c, &s->block_state[64], 1);
+ crd = get_symbol(&s->c, &s->block_state[96], 1);
+ if (cbd < -255 || cbd > 255 || crd < -255 || crd > 255) {
+ return AVERROR_INVALIDDATA;
+ }
+ cb += cbd;
+ cr += crd;
}
}else{
if(s->ref_frames > 1)
@@ -374,7 +383,7 @@
}
}
- s->spatial_decomposition_type+= get_symbol(&s->c, s->header_state, 1);
+ s->spatial_decomposition_type+= (unsigned)get_symbol(&s->c, s->header_state, 1);
if(s->spatial_decomposition_type > 1U){
av_log(s->avctx, AV_LOG_ERROR, "spatial_decomposition_type %d not supported\n", s->spatial_decomposition_type);
return AVERROR_INVALIDDATA;
@@ -390,10 +399,10 @@
}
- s->qlog += get_symbol(&s->c, s->header_state, 1);
- s->mv_scale += get_symbol(&s->c, s->header_state, 1);
- s->qbias += get_symbol(&s->c, s->header_state, 1);
- s->block_max_depth+= get_symbol(&s->c, s->header_state, 1);
+ s->qlog += (unsigned)get_symbol(&s->c, s->header_state, 1);
+ s->mv_scale += (unsigned)get_symbol(&s->c, s->header_state, 1);
+ s->qbias += (unsigned)get_symbol(&s->c, s->header_state, 1);
+ s->block_max_depth+= (unsigned)get_symbol(&s->c, s->header_state, 1);
if(s->block_max_depth > 1 || s->block_max_depth < 0 || s->mv_scale > 256U){
av_log(s->avctx, AV_LOG_ERROR, "block_max_depth= %d is too large\n", s->block_max_depth);
s->block_max_depth= 0;
@@ -428,6 +437,8 @@
for(y=0; y<h; y++){
for(x=0; x<w; x++){
+ if (s->c.bytestream >= s->c.bytestream_end)
+ return AVERROR_INVALIDDATA;
if ((res = decode_q_branch(s, 0, x, y)) < 0)
return res;
}
diff -Nru ffmpeg-3.2.9/libavcodec/utils.c ffmpeg-3.2.10/libavcodec/utils.c
--- ffmpeg-3.2.9/libavcodec/utils.c 2017-10-26 21:48:18.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/utils.c 2018-01-13 02:33:15.000000000 +0000
@@ -1274,7 +1274,7 @@
if (ret < 0)
return ret;
- avctx->internal = av_mallocz(sizeof(AVCodecInternal));
+ avctx->internal = av_mallocz(sizeof(*avctx->internal));
if (!avctx->internal) {
ret = AVERROR(ENOMEM);
goto end;
@@ -2766,7 +2766,7 @@
av_freep(&sub->rects);
- memset(sub, 0, sizeof(AVSubtitle));
+ memset(sub, 0, sizeof(*sub));
}
static int do_decode(AVCodecContext *avctx, AVPacket *pkt)
diff -Nru ffmpeg-3.2.9/libavcodec/vc2enc.c ffmpeg-3.2.10/libavcodec/vc2enc.c
--- ffmpeg-3.2.9/libavcodec/vc2enc.c 2017-10-26 20:03:03.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/vc2enc.c 2018-01-13 02:33:15.000000000 +0000
@@ -1171,7 +1171,7 @@
p->dwt_width = w = FFALIGN(p->width, (1 << s->wavelet_depth));
p->dwt_height = h = FFALIGN(p->height, (1 << s->wavelet_depth));
p->coef_stride = FFALIGN(p->dwt_width, 32);
- p->coef_buf = av_malloc(p->coef_stride*p->dwt_height*sizeof(dwtcoef));
+ p->coef_buf = av_mallocz(p->coef_stride*p->dwt_height*sizeof(dwtcoef));
if (!p->coef_buf)
goto alloc_fail;
for (level = s->wavelet_depth-1; level >= 0; level--) {
@@ -1190,7 +1190,8 @@
/* DWT init */
if (ff_vc2enc_init_transforms(&s->transform_args[i].t,
s->plane[i].coef_stride,
- s->plane[i].dwt_height))
+ s->plane[i].dwt_height,
+ s->slice_width, s->slice_height))
goto alloc_fail;
}
diff -Nru ffmpeg-3.2.9/libavcodec/vc2enc_dwt.c ffmpeg-3.2.10/libavcodec/vc2enc_dwt.c
--- ffmpeg-3.2.9/libavcodec/vc2enc_dwt.c 2017-09-12 01:51:34.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/vc2enc_dwt.c 2018-01-13 02:33:15.000000000 +0000
@@ -255,21 +255,27 @@
dwt_haar(t, data, stride, width, height, 1);
}
-av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_width, int p_height)
+av_cold int ff_vc2enc_init_transforms(VC2TransformContext *s, int p_stride,
+ int p_height, int slice_w, int slice_h)
{
s->vc2_subband_dwt[VC2_TRANSFORM_9_7] = vc2_subband_dwt_97;
s->vc2_subband_dwt[VC2_TRANSFORM_5_3] = vc2_subband_dwt_53;
s->vc2_subband_dwt[VC2_TRANSFORM_HAAR] = vc2_subband_dwt_haar;
s->vc2_subband_dwt[VC2_TRANSFORM_HAAR_S] = vc2_subband_dwt_haar_shift;
- s->buffer = av_malloc(2*p_width*p_height*sizeof(dwtcoef));
+ /* Pad by the slice size, only matters for non-Haar wavelets */
+ s->buffer = av_calloc((p_stride + slice_w)*(p_height + slice_h), sizeof(dwtcoef));
if (!s->buffer)
return 1;
+ s->padding = (slice_h >> 1)*p_stride + (slice_w >> 1);
+ s->buffer += s->padding;
+
return 0;
}
av_cold void ff_vc2enc_free_transforms(VC2TransformContext *s)
{
- av_freep(&s->buffer);
+ av_free(s->buffer - s->padding);
+ s->buffer = NULL;
}
diff -Nru ffmpeg-3.2.9/libavcodec/vc2enc_dwt.h ffmpeg-3.2.10/libavcodec/vc2enc_dwt.h
--- ffmpeg-3.2.9/libavcodec/vc2enc_dwt.h 2017-09-12 01:51:34.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/vc2enc_dwt.h 2018-01-13 02:33:15.000000000 +0000
@@ -41,12 +41,14 @@
typedef struct VC2TransformContext {
dwtcoef *buffer;
+ int padding;
void (*vc2_subband_dwt[VC2_TRANSFORMS_NB])(struct VC2TransformContext *t,
dwtcoef *data, ptrdiff_t stride,
int width, int height);
} VC2TransformContext;
-int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_width, int p_height);
+int ff_vc2enc_init_transforms(VC2TransformContext *t, int p_stride, int p_height,
+ int slice_w, int slice_h);
void ff_vc2enc_free_transforms(VC2TransformContext *t);
#endif /* AVCODEC_VC2ENC_DWT_H */
diff -Nru ffmpeg-3.2.9/libavcodec/vorbis.c ffmpeg-3.2.10/libavcodec/vorbis.c
--- ffmpeg-3.2.9/libavcodec/vorbis.c 2017-10-15 16:59:37.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/vorbis.c 2018-01-13 02:33:15.000000000 +0000
@@ -67,7 +67,7 @@
if (bits[p] > 32)
return AVERROR_INVALIDDATA;
for (i = 0; i < bits[p]; ++i)
- exit_at_level[i+1] = 1 << i;
+ exit_at_level[i+1] = 1u << i;
++p;
@@ -91,7 +91,7 @@
exit_at_level[i] = 0;
// construct code (append 0s to end) and introduce new exits
for (j = i + 1 ;j <= bits[p]; ++j)
- exit_at_level[j] = code + (1 << (j - 1));
+ exit_at_level[j] = code + (1u << (j - 1));
codes[p] = code;
}
diff -Nru ffmpeg-3.2.9/libavcodec/wmv2dec.c ffmpeg-3.2.10/libavcodec/wmv2dec.c
--- ffmpeg-3.2.9/libavcodec/wmv2dec.c 2017-09-12 01:51:34.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/wmv2dec.c 2018-01-13 02:33:15.000000000 +0000
@@ -30,7 +30,7 @@
#include "wmv2.h"
-static void parse_mb_skip(Wmv2Context *w)
+static int parse_mb_skip(Wmv2Context *w)
{
int mb_x, mb_y;
MpegEncContext *const s = &w->s;
@@ -45,6 +45,8 @@
MB_TYPE_16x16 | MB_TYPE_L0;
break;
case SKIP_TYPE_MPEG:
+ if (get_bits_left(&s->gb) < s->mb_height * s->mb_width)
+ return AVERROR_INVALIDDATA;
for (mb_y = 0; mb_y < s->mb_height; mb_y++)
for (mb_x = 0; mb_x < s->mb_width; mb_x++)
mb_type[mb_y * s->mb_stride + mb_x] =
@@ -52,6 +54,8 @@
break;
case SKIP_TYPE_ROW:
for (mb_y = 0; mb_y < s->mb_height; mb_y++) {
+ if (get_bits_left(&s->gb) < 1)
+ return AVERROR_INVALIDDATA;
if (get_bits1(&s->gb)) {
for (mb_x = 0; mb_x < s->mb_width; mb_x++)
mb_type[mb_y * s->mb_stride + mb_x] =
@@ -65,6 +69,8 @@
break;
case SKIP_TYPE_COL:
for (mb_x = 0; mb_x < s->mb_width; mb_x++) {
+ if (get_bits_left(&s->gb) < 1)
+ return AVERROR_INVALIDDATA;
if (get_bits1(&s->gb)) {
for (mb_y = 0; mb_y < s->mb_height; mb_y++)
mb_type[mb_y * s->mb_stride + mb_x] =
@@ -77,6 +83,7 @@
}
break;
}
+ return 0;
}
static int decode_ext_header(Wmv2Context *w)
@@ -170,9 +177,12 @@
}
} else {
int cbp_index;
+ int ret;
w->j_type = 0;
- parse_mb_skip(w);
+ ret = parse_mb_skip(w);
+ if (ret < 0)
+ return ret;
cbp_index = decode012(&s->gb);
w->cbp_table_index = wmv2_get_cbp_table_index(s, cbp_index);
@@ -359,6 +369,8 @@
w->hshift = 0;
return 0;
}
+ if (get_bits_left(&s->gb) <= 0)
+ return AVERROR_INVALIDDATA;
code = get_vlc2(&s->gb, ff_mb_non_intra_vlc[w->cbp_table_index].table,
MB_NON_INTRA_VLC_BITS, 3);
@@ -369,6 +381,8 @@
cbp = code & 0x3f;
} else {
s->mb_intra = 1;
+ if (get_bits_left(&s->gb) <= 0)
+ return AVERROR_INVALIDDATA;
code = get_vlc2(&s->gb, ff_msmp4_mb_i_vlc.table, MB_INTRA_VLC_BITS, 2);
if (code < 0) {
av_log(s->avctx, AV_LOG_ERROR,
diff -Nru ffmpeg-3.2.9/libavcodec/x86/mpegvideodsp.c ffmpeg-3.2.10/libavcodec/x86/mpegvideodsp.c
--- ffmpeg-3.2.9/libavcodec/x86/mpegvideodsp.c 2017-09-12 01:51:34.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/x86/mpegvideodsp.c 2018-01-13 02:33:15.000000000 +0000
@@ -52,8 +52,9 @@
const int dyh = (dyy - (1 << (16 + shift))) * (h - 1);
const int dxh = dxy * (h - 1);
const int dyw = dyx * (w - 1);
- int need_emu = (unsigned) ix >= width - w ||
- (unsigned) iy >= height - h;
+ int need_emu = (unsigned) ix >= width - w || width < w ||
+ (unsigned) iy >= height - h || height< h
+ ;
if ( // non-constant fullpel offset (3% of blocks)
((ox ^ (ox + dxw)) | (ox ^ (ox + dxh)) | (ox ^ (ox + dxw + dxh)) |
diff -Nru ffmpeg-3.2.9/libavcodec/xan.c ffmpeg-3.2.10/libavcodec/xan.c
--- ffmpeg-3.2.9/libavcodec/xan.c 2017-10-15 16:59:38.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/xan.c 2018-01-13 02:33:15.000000000 +0000
@@ -131,7 +131,10 @@
return ret;
while (val != 0x16) {
- unsigned idx = val - 0x17 + get_bits1(&gb) * byte;
+ unsigned idx;
+ if (get_bits_left(&gb) < 1)
+ return AVERROR_INVALIDDATA;
+ idx = val - 0x17 + get_bits1(&gb) * byte;
if (idx >= 2 * byte)
return AVERROR_INVALIDDATA;
val = src[idx];
@@ -263,7 +266,7 @@
prevframe_index = (y + motion_y) * stride + x + motion_x;
prevframe_x = x + motion_x;
- if (prev_palette_plane == palette_plane && FFABS(curframe_index - prevframe_index) < pixel_count) {
+ if (prev_palette_plane == palette_plane && FFABS(motion_x + width*motion_y) < pixel_count) {
avpriv_request_sample(s->avctx, "Overlapping copy");
return ;
}
diff -Nru ffmpeg-3.2.9/libavcodec/zmbv.c ffmpeg-3.2.10/libavcodec/zmbv.c
--- ffmpeg-3.2.9/libavcodec/zmbv.c 2017-10-26 21:48:18.000000000 +0100
+++ ffmpeg-3.2.10/libavcodec/zmbv.c 2018-01-13 02:33:15.000000000 +0000
@@ -539,6 +539,8 @@
} else {
frame->key_frame = 0;
frame->pict_type = AV_PICTURE_TYPE_P;
+ if (c->decomp_len < 2LL * ((c->width + c->bw - 1) / c->bw) * ((c->height + c->bh - 1) / c->bh))
+ return AVERROR_INVALIDDATA;
if (c->decomp_len)
c->decode_xor(c);
}
diff -Nru ffmpeg-3.2.9/libavfilter/af_dcshift.c ffmpeg-3.2.10/libavfilter/af_dcshift.c
--- ffmpeg-3.2.9/libavfilter/af_dcshift.c 2017-10-26 20:03:03.000000000 +0100
+++ ffmpeg-3.2.10/libavfilter/af_dcshift.c 2018-01-13 02:33:15.000000000 +0000
@@ -28,7 +28,7 @@
typedef struct DCShiftContext {
const AVClass *class;
double dcshift;
- double limiterthreshhold;
+ double limiterthreshold;
double limitergain;
} DCShiftContext;
@@ -47,7 +47,7 @@
{
DCShiftContext *s = ctx->priv;
- s->limiterthreshhold = INT32_MAX * (1.0 - (fabs(s->dcshift) - s->limitergain));
+ s->limiterthreshold = INT32_MAX * (1.0 - (fabs(s->dcshift) - s->limitergain));
return 0;
}
@@ -106,14 +106,14 @@
d = src[j];
- if (d > s->limiterthreshhold && dcshift > 0) {
- d = (d - s->limiterthreshhold) * s->limitergain /
- (INT32_MAX - s->limiterthreshhold) +
- s->limiterthreshhold + dcshift;
- } else if (d < -s->limiterthreshhold && dcshift < 0) {
- d = (d + s->limiterthreshhold) * s->limitergain /
- (INT32_MAX - s->limiterthreshhold) -
- s->limiterthreshhold + dcshift;
+ if (d > s->limiterthreshold && dcshift > 0) {
+ d = (d - s->limiterthreshold) * s->limitergain /
+ (INT32_MAX - s->limiterthreshold) +
+ s->limiterthreshold + dcshift;
+ } else if (d < -s->limiterthreshold && dcshift < 0) {
+ d = (d + s->limiterthreshold) * s->limitergain /
+ (INT32_MAX - s->limiterthreshold) -
+ s->limiterthreshold + dcshift;
} else {
d = dcshift * INT32_MAX + d;
}
diff -Nru ffmpeg-3.2.9/libavfilter/formats.c ffmpeg-3.2.10/libavfilter/formats.c
--- ffmpeg-3.2.9/libavfilter/formats.c 2017-10-26 21:48:19.000000000 +0100
+++ ffmpeg-3.2.10/libavfilter/formats.c 2018-01-13 02:33:15.000000000 +0000
@@ -72,7 +72,7 @@
for (j = 0; j < b->nb; j++) \
if (a->fmts[i] == b->fmts[j]) { \
if(k >= FFMIN(a->nb, b->nb)){ \
- av_log(NULL, AV_LOG_ERROR, "Duplicate formats in avfilter_merge_formats() detected\n"); \
+ av_log(NULL, AV_LOG_ERROR, "Duplicate formats in %s detected\n", __FUNCTION__); \
av_free(ret->fmts); \
av_free(ret); \
return NULL; \
diff -Nru ffmpeg-3.2.9/libavformat/libssh.c ffmpeg-3.2.10/libavformat/libssh.c
--- ffmpeg-3.2.9/libavformat/libssh.c 2017-10-26 20:03:04.000000000 +0100
+++ ffmpeg-3.2.10/libavformat/libssh.c 2018-01-13 02:33:16.000000000 +0000
@@ -103,7 +103,7 @@
}
}
- if (!authorized && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
+ if (!authorized && password && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
if (ssh_userauth_password(libssh->session, NULL, password) == SSH_AUTH_SUCCESS) {
av_log(libssh, AV_LOG_DEBUG, "Authentication successful with password.\n");
authorized = 1;
diff -Nru ffmpeg-3.2.9/libavformat/mov.c ffmpeg-3.2.10/libavformat/mov.c
--- ffmpeg-3.2.9/libavformat/mov.c 2017-10-26 21:48:19.000000000 +0100
+++ ffmpeg-3.2.10/libavformat/mov.c 2018-01-13 02:33:16.000000000 +0000
@@ -2390,6 +2390,8 @@
avio_rb24(pb); /* flags */
entries = avio_rb32(pb);
+ if ((uint64_t)entries * 12 + 4 > atom.size)
+ return AVERROR_INVALIDDATA;
av_log(c->fc, AV_LOG_TRACE, "track[%i].stsc.entries = %i\n", c->fc->nb_streams-1, entries);
@@ -5668,6 +5670,7 @@
static int mov_switch_root(AVFormatContext *s, int64_t target)
{
+ int ret;
MOVContext *mov = s->priv_data;
int i, j;
int already_read = 0;
@@ -5704,8 +5707,10 @@
mov->found_mdat = 0;
- if (mov_read_default(mov, s->pb, (MOVAtom){ AV_RL32("root"), INT64_MAX }) < 0 ||
- avio_feof(s->pb))
+ ret = mov_read_default(mov, s->pb, (MOVAtom){ AV_RL32("root"), INT64_MAX });
+ if (ret < 0)
+ return ret;
+ if (avio_feof(s->pb))
return AVERROR_EOF;
av_log(s, AV_LOG_TRACE, "read fragments, offset 0x%"PRIx64"\n", avio_tell(s->pb));
diff -Nru ffmpeg-3.2.9/libavformat/oggdec.c ffmpeg-3.2.10/libavformat/oggdec.c
--- ffmpeg-3.2.9/libavformat/oggdec.c 2017-10-26 21:48:19.000000000 +0100
+++ ffmpeg-3.2.10/libavformat/oggdec.c 2018-01-13 02:33:16.000000000 +0000
@@ -709,8 +709,10 @@
"Headers mismatch for stream %d: "
"expected %d received %d.\n",
i, os->codec->nb_header, os->nb_header);
- if (s->error_recognition & AV_EF_EXPLODE)
+ if (s->error_recognition & AV_EF_EXPLODE) {
+ ogg_read_close(s);
return AVERROR_INVALIDDATA;
+ }
}
if (os->start_granule != OGG_NOGRANULE_VALUE)
os->lastpts = s->streams[i]->start_time =
diff -Nru ffmpeg-3.2.9/libavformat/oggparsevp8.c ffmpeg-3.2.10/libavformat/oggparsevp8.c
--- ffmpeg-3.2.9/libavformat/oggparsevp8.c 2017-10-15 16:59:38.000000000 +0100
+++ ffmpeg-3.2.10/libavformat/oggparsevp8.c 2018-01-13 02:33:16.000000000 +0000
@@ -125,7 +125,7 @@
os->lastdts = vp8_gptopts(s, idx, os->granule, NULL) - duration;
if(s->streams[idx]->start_time == AV_NOPTS_VALUE) {
s->streams[idx]->start_time = os->lastpts;
- if (s->streams[idx]->duration)
+ if (s->streams[idx]->duration && s->streams[idx]->duration != AV_NOPTS_VALUE)
s->streams[idx]->duration -= s->streams[idx]->start_time;
}
}
diff -Nru ffmpeg-3.2.9/libavformat/utils.c ffmpeg-3.2.10/libavformat/utils.c
--- ffmpeg-3.2.9/libavformat/utils.c 2017-10-26 21:48:19.000000000 +0100
+++ ffmpeg-3.2.10/libavformat/utils.c 2018-01-13 02:33:16.000000000 +0000
@@ -1710,13 +1710,14 @@
if (next_pkt->dts != AV_NOPTS_VALUE) {
int wrap_bits = s->streams[next_pkt->stream_index]->pts_wrap_bits;
+ av_assert2(wrap_bits <= 64);
// last dts seen for this stream. if any of packets following
// current one had no dts, we will set this to AV_NOPTS_VALUE.
int64_t last_dts = next_pkt->dts;
while (pktl && next_pkt->pts == AV_NOPTS_VALUE) {
if (pktl->pkt.stream_index == next_pkt->stream_index &&
- (av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << (wrap_bits - 1)) < 0)) {
- if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2LL << (wrap_bits - 1))) {
+ av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2ULL << (wrap_bits - 1)) < 0) {
+ if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2ULL << (wrap_bits - 1))) {
// not B-frame
next_pkt->pts = pktl->pkt.dts;
}
@@ -3737,12 +3738,6 @@
}
}
- // close codecs which were opened in try_decode_frame()
- for (i = 0; i < ic->nb_streams; i++) {
- st = ic->streams[i];
- avcodec_close(st->internal->avctx);
- }
-
ff_rfps_calculate(ic);
for (i = 0; i < ic->nb_streams; i++) {
@@ -3923,6 +3918,7 @@
st = ic->streams[i];
if (st->info)
av_freep(&st->info->duration_error);
+ avcodec_close(ic->streams[i]->internal->avctx);
av_freep(&ic->streams[i]->info);
}
if (ic->pb)
diff -Nru ffmpeg-3.2.9/libavutil/softfloat.h ffmpeg-3.2.10/libavutil/softfloat.h
--- ffmpeg-3.2.9/libavutil/softfloat.h 2017-10-26 20:03:04.000000000 +0100
+++ ffmpeg-3.2.10/libavutil/softfloat.h 2018-01-13 02:33:16.000000000 +0000
@@ -43,6 +43,7 @@
static const SoftFloat FLOAT_1584893192 = { 0x32B771ED, 1}; ///< 1.584893192 (10^.2)
static const SoftFloat FLOAT_100000 = { 0x30D40000, 17}; ///< 100000
static const SoftFloat FLOAT_0999999 = { 0x3FFFFBCE, 0}; ///< 0.999999
+static const SoftFloat FLOAT_MIN = { 0x20000000, MIN_EXP};
/**
diff -Nru ffmpeg-3.2.9/tests/audiomatch.c ffmpeg-3.2.10/tests/audiomatch.c
--- ffmpeg-3.2.9/tests/audiomatch.c 2017-10-15 16:59:38.000000000 +0100
+++ ffmpeg-3.2.10/tests/audiomatch.c 2018-01-13 02:33:16.000000000 +0000
@@ -107,4 +107,6 @@
}
}
printf("presig: %d postsig:%d c:%7.4f lenerr:%d\n", bestpos, datlen - siglen - bestpos, bestc / sigamp, datlen - siglen);
+
+ return 0;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20180127/8869ca57/attachment-0001.sig>
More information about the pkg-multimedia-maintainers
mailing list