Imported Debian version 2.5.3~trusty1

diff --git a/debian/changelog b/debian/changelog
index f314dca5483744b08872eb275a30e8720c0850a3..e27d4ce021908de629a120b1a50cbb143b7529b6 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ffmpeg (7:2.5.3~trusty1) trusty; urgency=medium
+
+  * New point release
+  * enable vidstab
+
+ -- Doug McMahon <mc631man@gmail.com>  Sun, 11 Jan 2015 11:31:01 -0500
+

 ffmpeg (7:2.5.2~trusty) trusty; urgency=medium
 
   * New point release
 ffmpeg (7:2.5.2~trusty) trusty; urgency=medium
 
   * New point release

diff --git a/debian/control b/debian/control
index 04a9adc2e5f0fa5027b884a5b7fb1439cdefe542..022b332dbc9e9cc34deb0a039c9f55121b4e6376 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -22,6 +22,7 @@ Build-Depends:
  libtheora-dev,
  libva-dev [!hurd-any],
  libvdpau-dev,
  libtheora-dev,
  libva-dev [!hurd-any],
  libvdpau-dev,

+ libvidstab-dev,

  libvo-aacenc-dev,
  libvorbis-dev,
  libvpx-dev (>= 0.9.6),
  libvo-aacenc-dev,
  libvorbis-dev,
  libvpx-dev (>= 0.9.6),

diff --git a/ffmpeg/Changelog b/ffmpeg/Changelog
index 4f5651bd7fbd46db00f8c5862d028f299e62ed8b..60eaea021673be49491a28a6166bc1e6e773c0eb 100644 (file)
--- a/ffmpeg/Changelog
+++ b/ffmpeg/Changelog
@@ -1,6 +1,23 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 

+version 2.5.3:
+- vp9: fix parser return values in error case
+- ffmpeg: Clear error message array at init.
+- avcodec/dvdsubdec: fix accessing dangling pointers
+- avcodec/dvdsubdec: error on bitmaps with size 0
+- cmdutils: Use 64bit for file size/offset related variable in cmdutils_read_file()
+- mov: Fix negative size calculation in mov_read_default().
+- avformat/mov: fix integer overflow in mov_read_udta_string()
+- mov: Fix overflow and error handling in read_tfra().
+- mov: Avoid overflow with mov_metadata_raw()
+- avcodec/dvdsubdec: fix out of bounds accesses
+- avfilter/vf_sab: fix filtering tiny images
+- avformat/flvdec: Increase string array size
+- avformat/flvdec: do not inject dts=0 metadata packets which failed to be parsed into a new data stream
+- avformat/cdxl: Fix integer overflow of image_size
+- libavformat: Build hevc.o when building the RTP muxer
+

 version 2.5.2:
 - avcodec/indeo3: ensure offsets are non negative
 - avcodec/h264: Check *log2_weight_denom
 version 2.5.2:
 - avcodec/indeo3: ensure offsets are non negative
 - avcodec/h264: Check *log2_weight_denom

diff --git a/ffmpeg/RELEASE b/ffmpeg/RELEASE
index f225a78adf0534ad898ee7521a19aa40897f53ba..aedc15bb0c6e24f27eedf7684532f8039cabb92c 100644 (file)
--- a/ffmpeg/RELEASE
+++ b/ffmpeg/RELEASE
@@ -1 +1 @@
-2.5.2
+2.5.3

diff --git a/ffmpeg/VERSION b/ffmpeg/VERSION
index f225a78adf0534ad898ee7521a19aa40897f53ba..aedc15bb0c6e24f27eedf7684532f8039cabb92c 100644 (file)
--- a/ffmpeg/VERSION
+++ b/ffmpeg/VERSION
@@ -1 +1 @@
-2.5.2
+2.5.3

diff --git a/ffmpeg/cmdutils.c b/ffmpeg/cmdutils.c
index b68dae97539d3c4acd29b3fda8bd9f978d28f21c..708b536a6838a84f0e7484c3f048ac3c91942b13 100644 (file)
--- a/ffmpeg/cmdutils.c
+++ b/ffmpeg/cmdutils.c
@@ -1860,7 +1860,7 @@ int read_yesno(void)
 
 int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
 {
 
 int cmdutils_read_file(const char *filename, char **bufptr, size_t *size)
 {

-    int ret;
+    int64_t ret;

     FILE *f = av_fopen_utf8(filename, "rb");
 
     if (!f) {
     FILE *f = av_fopen_utf8(filename, "rb");
 
     if (!f) {

diff --git a/ffmpeg/configure b/ffmpeg/configure
index d25f155cdcd3a4a60d9ec925b8856bc0cd134a78..9190c4e4cd1bf7477f0164c105025b983a7892b5 100755 (executable)
--- a/ffmpeg/configure
+++ b/ffmpeg/configure
@@ -5678,7 +5678,7 @@ cat > $TMPH <<EOF
 #define FFMPEG_CONFIG_H
 #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
 #define FFMPEG_LICENSE "$(c_escape $license)"
 #define FFMPEG_CONFIG_H
 #define FFMPEG_CONFIGURATION "$(c_escape $FFMPEG_CONFIGURATION)"
 #define FFMPEG_LICENSE "$(c_escape $license)"

-#define CONFIG_THIS_YEAR 2014
+#define CONFIG_THIS_YEAR 2015

 #define FFMPEG_DATADIR "$(eval c_escape $datadir)"
 #define AVCONV_DATADIR "$(eval c_escape $datadir)"
 #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"
 #define FFMPEG_DATADIR "$(eval c_escape $datadir)"
 #define AVCONV_DATADIR "$(eval c_escape $datadir)"
 #define CC_IDENT "$(c_escape ${cc_ident:-Unknown compiler})"

diff --git a/ffmpeg/doc/Doxyfile b/ffmpeg/doc/Doxyfile
index 1cde20bd2fed41077e033a6411dd1eb6859b83dc..4138903697d24f88b2ac63cab894ceda42bdc8c6 100644 (file)
--- a/ffmpeg/doc/Doxyfile
+++ b/ffmpeg/doc/Doxyfile
@@ -31,7 +31,7 @@ PROJECT_NAME           = FFmpeg
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 

-PROJECT_NUMBER         = 2.5.2
+PROJECT_NUMBER         = 2.5.3

 
 # With the PROJECT_LOGO tag one can specify a logo or icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55
 
 # With the PROJECT_LOGO tag one can specify a logo or icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55

diff --git a/ffmpeg/doc/examples/Makefile b/ffmpeg/doc/examples/Makefile
index 07251fe3c2fd894f285f71b4a586f6aa14adef55..9f03f04b57ea3b1d9e3d2541fd93f1fe34305a32 100644 (file)
--- a/ffmpeg/doc/examples/Makefile
+++ b/ffmpeg/doc/examples/Makefile
@@ -29,6 +29,7 @@ OBJS=$(addsuffix .o,$(EXAMPLES))
 
 # the following examples make explicit use of the math library
 avcodec:           LDLIBS += -lm
 
 # the following examples make explicit use of the math library
 avcodec:           LDLIBS += -lm

+decoding_encoding: LDLIBS += -lm

 muxing:            LDLIBS += -lm
 resampling_audio:  LDLIBS += -lm
 
 muxing:            LDLIBS += -lm
 resampling_audio:  LDLIBS += -lm
 

diff --git a/ffmpeg/ffmpeg.c b/ffmpeg/ffmpeg.c
index eef774bda7c73b1e52f1e3aeb00e4c4b580f79e3..2be1004b8d7789ff0e6a7daf39213ffccc7ce0ce 100644 (file)
--- a/ffmpeg/ffmpeg.c
+++ b/ffmpeg/ffmpeg.c
@@ -2521,7 +2521,7 @@ static int transcode_init(void)
     AVFormatContext *oc;
     OutputStream *ost;
     InputStream *ist;
     AVFormatContext *oc;
     OutputStream *ost;
     InputStream *ist;

-    char error[1024];
+    char error[1024] = {0};

     int want_sdp = 1;
 
     for (i = 0; i < nb_filtergraphs; i++) {
     int want_sdp = 1;
 
     for (i = 0; i < nb_filtergraphs; i++) {

diff --git a/ffmpeg/libavcodec/dvdsubdec.c b/ffmpeg/libavcodec/dvdsubdec.c
index 39604f3adae5d3d720e133622af4ccf084a2f92d..222c71bdcf4d15de2b868267f971facc3b516d27 100644 (file)
--- a/ffmpeg/libavcodec/dvdsubdec.c
+++ b/ffmpeg/libavcodec/dvdsubdec.c
@@ -39,7 +39,7 @@ typedef struct DVDSubContext
   int      has_palette;
   uint8_t  colormap[4];
   uint8_t  alpha[256];
   int      has_palette;
   uint8_t  colormap[4];
   uint8_t  alpha[256];

-  uint8_t *buf;
+  uint8_t  buf[0x10000];

   int      buf_size;
   int      forced_subs_only;
 #ifdef DEBUG
   int      buf_size;
   int      forced_subs_only;
 #ifdef DEBUG


@@ -108,6 +108,12 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h,
     int x, y, len, color;
     uint8_t *d;
 
     int x, y, len, color;
     uint8_t *d;
 

+    if (start >= buf_size)
+        return -1;
+
+    if (w <= 0 || h <= 0)
+        return -1;
+

     bit_len = (buf_size - start) * 8;
     init_get_bits(&gb, buf + start, bit_len);
 
     bit_len = (buf_size - start) * 8;
     init_get_bits(&gb, buf + start, bit_len);
 


@@ -359,10 +365,12 @@ static int decode_dvd_subtitles(DVDSubContext *ctx, AVSubtitle *sub_header,
                 sub_header->rects[0] = av_mallocz(sizeof(AVSubtitleRect));
                 sub_header->num_rects = 1;
                 sub_header->rects[0]->pict.data[0] = bitmap;
                 sub_header->rects[0] = av_mallocz(sizeof(AVSubtitleRect));
                 sub_header->num_rects = 1;
                 sub_header->rects[0]->pict.data[0] = bitmap;

-                decode_rle(bitmap, w * 2, w, (h + 1) / 2,
-                           buf, offset1, buf_size, is_8bit);
-                decode_rle(bitmap + w, w * 2, w, h / 2,
-                           buf, offset2, buf_size, is_8bit);
+                if (decode_rle(bitmap, w * 2, w, (h + 1) / 2,
+                               buf, offset1, buf_size, is_8bit) < 0)
+                    goto fail;
+                if (decode_rle(bitmap + w, w * 2, w, h / 2,
+                               buf, offset2, buf_size, is_8bit) < 0)
+                    goto fail;

                 sub_header->rects[0]->pict.data[1] = av_mallocz(AVPALETTE_SIZE);
                 if (is_8bit) {
                     if (!yuv_palette)
                 sub_header->rects[0]->pict.data[1] = av_mallocz(AVPALETTE_SIZE);
                 if (is_8bit) {
                     if (!yuv_palette)


@@ -501,15 +509,11 @@ static int append_to_cached_buf(AVCodecContext *avctx,
 {
     DVDSubContext *ctx = avctx->priv_data;
 
 {
     DVDSubContext *ctx = avctx->priv_data;
 

-    if (ctx->buf_size > 0xffff - buf_size) {
+    if (ctx->buf_size >= sizeof(ctx->buf) - buf_size) {

         av_log(avctx, AV_LOG_WARNING, "Attempt to reconstruct "
                "too large SPU packets aborted.\n");
         av_log(avctx, AV_LOG_WARNING, "Attempt to reconstruct "
                "too large SPU packets aborted.\n");

-        av_freep(&ctx->buf);

         return AVERROR_INVALIDDATA;
     }
         return AVERROR_INVALIDDATA;
     }

-    ctx->buf = av_realloc(ctx->buf, ctx->buf_size + buf_size);
-    if (!ctx->buf)
-        return AVERROR(ENOMEM);

     memcpy(ctx->buf + ctx->buf_size, buf, buf_size);
     ctx->buf_size += buf_size;
     return 0;
     memcpy(ctx->buf + ctx->buf_size, buf, buf_size);
     ctx->buf_size += buf_size;
     return 0;


@@ -525,7 +529,7 @@ static int dvdsub_decode(AVCodecContext *avctx,
     AVSubtitle *sub = data;
     int is_menu;
 
     AVSubtitle *sub = data;
     int is_menu;
 

-    if (ctx->buf) {
+    if (ctx->buf_size) {

         int ret = append_to_cached_buf(avctx, buf, buf_size);
         if (ret < 0) {
             *data_size = 0;
         int ret = append_to_cached_buf(avctx, buf, buf_size);
         if (ret < 0) {
             *data_size = 0;


@@ -567,7 +571,6 @@ static int dvdsub_decode(AVCodecContext *avctx,
     }
 #endif
 
     }
 #endif
 

-    av_freep(&ctx->buf);

     ctx->buf_size = 0;
     *data_size = 1;
     return buf_size;
     ctx->buf_size = 0;
     *data_size = 1;
     return buf_size;


@@ -711,7 +714,6 @@ static av_cold int dvdsub_init(AVCodecContext *avctx)
 static av_cold int dvdsub_close(AVCodecContext *avctx)
 {
     DVDSubContext *ctx = avctx->priv_data;
 static av_cold int dvdsub_close(AVCodecContext *avctx)
 {
     DVDSubContext *ctx = avctx->priv_data;

-    av_freep(&ctx->buf);

     ctx->buf_size = 0;
     return 0;
 }
     ctx->buf_size = 0;
     return 0;
 }

diff --git a/ffmpeg/libavcodec/vp9_parser.c b/ffmpeg/libavcodec/vp9_parser.c
index af033c25e64639c7171213fcfd9cc38eaefd5439..922f36f3811baf0bfae97eeb4c4013ddff24ba83 100644 (file)
--- a/ffmpeg/libavcodec/vp9_parser.c
+++ b/ffmpeg/libavcodec/vp9_parser.c
@@ -77,6 +77,8 @@ static int parse(AVCodecParserContext *ctx,
                     idx += a; \
                     if (sz > size) { \
                         s->n_frames = 0; \
                     idx += a; \
                     if (sz > size) { \
                         s->n_frames = 0; \

+                        *out_size = 0; \
+                        *out_data = data; \

                         av_log(avctx, AV_LOG_ERROR, \
                                "Superframe packet size too big: %u > %d\n", \
                                sz, size); \
                         av_log(avctx, AV_LOG_ERROR, \
                                "Superframe packet size too big: %u > %d\n", \
                                sz, size); \

diff --git a/ffmpeg/libavfilter/af_amix.c b/ffmpeg/libavfilter/af_amix.c
index e40969f70cf7335c11b3953c6b97b083850e265e..fd9d13556f3328e26ea0181bf290af00bb53cf8d 100644 (file)
--- a/ffmpeg/libavfilter/af_amix.c
+++ b/ffmpeg/libavfilter/af_amix.c
@@ -496,6 +496,8 @@ static av_cold int init(AVFilterContext *ctx)
         snprintf(name, sizeof(name), "input%d", i);
         pad.type           = AVMEDIA_TYPE_AUDIO;
         pad.name           = av_strdup(name);
         snprintf(name, sizeof(name), "input%d", i);
         pad.type           = AVMEDIA_TYPE_AUDIO;
         pad.name           = av_strdup(name);

+        if (!pad.name)
+            return AVERROR(ENOMEM);

         pad.filter_frame   = filter_frame;
 
         ff_insert_inpad(ctx, i, &pad);
         pad.filter_frame   = filter_frame;
 
         ff_insert_inpad(ctx, i, &pad);

diff --git a/ffmpeg/libavfilter/af_join.c b/ffmpeg/libavfilter/af_join.c
index a1717c63b9f097db433b0689d0aa1c0523f41aef..71a454bba7ed6291b6cf4e0c37d97ccc23d0f01c 100644 (file)
--- a/ffmpeg/libavfilter/af_join.c
+++ b/ffmpeg/libavfilter/af_join.c
@@ -214,6 +214,8 @@ static av_cold int join_init(AVFilterContext *ctx)
         snprintf(name, sizeof(name), "input%d", i);
         pad.type           = AVMEDIA_TYPE_AUDIO;
         pad.name           = av_strdup(name);
         snprintf(name, sizeof(name), "input%d", i);
         pad.type           = AVMEDIA_TYPE_AUDIO;
         pad.name           = av_strdup(name);

+        if (!pad.name)
+            return AVERROR(ENOMEM);

         pad.filter_frame   = filter_frame;
 
         pad.needs_fifo = 1;
         pad.filter_frame   = filter_frame;
 
         pad.needs_fifo = 1;

diff --git a/ffmpeg/libavfilter/split.c b/ffmpeg/libavfilter/split.c
index 6abd5ee2e0cb07a1efc94d07cf03e213ecc7b69a..735381067732306dbc660774568cda14b541eb9b 100644 (file)
--- a/ffmpeg/libavfilter/split.c
+++ b/ffmpeg/libavfilter/split.c
@@ -52,6 +52,8 @@ static av_cold int split_init(AVFilterContext *ctx)
         snprintf(name, sizeof(name), "output%d", i);
         pad.type = ctx->filter->inputs[0].type;
         pad.name = av_strdup(name);
         snprintf(name, sizeof(name), "output%d", i);
         pad.type = ctx->filter->inputs[0].type;
         pad.name = av_strdup(name);

+        if (!pad.name)
+            return AVERROR(ENOMEM);

 
         ff_insert_outpad(ctx, i, &pad);
     }
 
         ff_insert_outpad(ctx, i, &pad);
     }

diff --git a/ffmpeg/libavfilter/src_movie.c b/ffmpeg/libavfilter/src_movie.c
index 0b97b827e49bd71d5a737cd954e4996b4c4b5b39..908c03e1d338bb0ca40017c804c6689fe27af08b 100644 (file)
--- a/ffmpeg/libavfilter/src_movie.c
+++ b/ffmpeg/libavfilter/src_movie.c
@@ -289,6 +289,8 @@ static av_cold int movie_common_init(AVFilterContext *ctx)
         snprintf(name, sizeof(name), "out%d", i);
         pad.type          = movie->st[i].st->codec->codec_type;
         pad.name          = av_strdup(name);
         snprintf(name, sizeof(name), "out%d", i);
         pad.type          = movie->st[i].st->codec->codec_type;
         pad.name          = av_strdup(name);

+        if (!pad.name)
+            return AVERROR(ENOMEM);

         pad.config_props  = movie_config_output_props;
         pad.request_frame = movie_request_frame;
         ff_insert_outpad(ctx, i, &pad);
         pad.config_props  = movie_config_output_props;
         pad.request_frame = movie_request_frame;
         ff_insert_outpad(ctx, i, &pad);

diff --git a/ffmpeg/libavfilter/vf_sab.c b/ffmpeg/libavfilter/vf_sab.c
index aa38b533fe17baf81d517be548145b4c59cfb7b4..b8af27cdcd66d5a593811a6bfdfec3262799f727 100644 (file)
--- a/ffmpeg/libavfilter/vf_sab.c
+++ b/ffmpeg/libavfilter/vf_sab.c
@@ -220,6 +220,19 @@ static int config_props(AVFilterLink *inlink)
 
 #define NB_PLANES 4
 
 
 #define NB_PLANES 4
 

+static inline int mirror(int x, int w)
+{
+    if (!w)
+        return 0;
+
+    while ((unsigned)x > (unsigned)w) {
+        x = -x;
+        if (x < 0)
+            x += 2 * w;
+    }
+    return x;
+}
+

 static void blur(uint8_t       *dst, const int dst_linesize,
                  const uint8_t *src, const int src_linesize,
                  const int w, const int h, FilterParam *fp)
 static void blur(uint8_t       *dst, const int dst_linesize,
                  const uint8_t *src, const int src_linesize,
                  const int w, const int h, FilterParam *fp)


@@ -253,8 +266,7 @@ static void blur(uint8_t       *dst, const int dst_linesize,
                 for (dy = 0; dy < radius*2 + 1; dy++) {
                     int dx;
                     int iy = y+dy - radius;
                 for (dy = 0; dy < radius*2 + 1; dy++) {
                     int dx;
                     int iy = y+dy - radius;

-                    if      (iy < 0)  iy = -iy;
-                    else if (iy >= h) iy = h+h-iy-1;
+                    iy = mirror(iy, h-1);

 
                     for (dx = 0; dx < radius*2 + 1; dx++) {
                         const int ix = x+dx - radius;
 
                     for (dx = 0; dx < radius*2 + 1; dx++) {
                         const int ix = x+dx - radius;


@@ -265,13 +277,11 @@ static void blur(uint8_t       *dst, const int dst_linesize,
                 for (dy = 0; dy < radius*2+1; dy++) {
                     int dx;
                     int iy = y+dy - radius;
                 for (dy = 0; dy < radius*2+1; dy++) {
                     int dx;
                     int iy = y+dy - radius;

-                    if      (iy <  0) iy = -iy;
-                    else if (iy >= h) iy = h+h-iy-1;
+                    iy = mirror(iy, h-1);

 
                     for (dx = 0; dx < radius*2 + 1; dx++) {
                         int ix = x+dx - radius;
 
                     for (dx = 0; dx < radius*2 + 1; dx++) {
                         int ix = x+dx - radius;

-                        if      (ix < 0)  ix = -ix;
-                        else if (ix >= w) ix = w+w-ix-1;
+                        ix = mirror(ix, w-1);

                         UPDATE_FACTOR;
                     }
                 }
                         UPDATE_FACTOR;
                     }
                 }

diff --git a/ffmpeg/libavformat/Makefile b/ffmpeg/libavformat/Makefile
index f0900c434304f062259d379340051303db3df6c4..6bf0761b21864b4bfcefb35e1c3a44026bec61c1 100644 (file)
--- a/ffmpeg/libavformat/Makefile
+++ b/ffmpeg/libavformat/Makefile
@@ -377,7 +377,7 @@ OBJS-$(CONFIG_RTP_MUXER)                 += rtp.o         \
                                             rtpenc_h264.o \
                                             rtpenc_vp8.o  \
                                             rtpenc_xiph.o \
                                             rtpenc_h264.o \
                                             rtpenc_vp8.o  \
                                             rtpenc_xiph.o \

-                                            avc.o
+                                            avc.o hevc.o

 OBJS-$(CONFIG_RTSP_DEMUXER)              += rtsp.o rtspdec.o httpauth.o \
                                             urldecode.o
 OBJS-$(CONFIG_RTSP_MUXER)                += rtsp.o rtspenc.o httpauth.o \
 OBJS-$(CONFIG_RTSP_DEMUXER)              += rtsp.o rtspdec.o httpauth.o \
                                             urldecode.o
 OBJS-$(CONFIG_RTSP_MUXER)                += rtsp.o rtspenc.o httpauth.o \

diff --git a/ffmpeg/libavformat/cdxl.c b/ffmpeg/libavformat/cdxl.c
index e3e379aef772cd7c7efd24bb7264bfca871030e4..6d8e750b830704170c585a0d7f90a3e4e0094107 100644 (file)
--- a/ffmpeg/libavformat/cdxl.c
+++ b/ffmpeg/libavformat/cdxl.c
@@ -127,6 +127,8 @@ static int cdxl_read_packet(AVFormatContext *s, AVPacket *pkt)
     height       = AV_RB16(&cdxl->header[16]);
     palette_size = AV_RB16(&cdxl->header[20]);
     audio_size   = AV_RB16(&cdxl->header[22]);
     height       = AV_RB16(&cdxl->header[16]);
     palette_size = AV_RB16(&cdxl->header[20]);
     audio_size   = AV_RB16(&cdxl->header[22]);

+    if (FFALIGN(width, 16) * (uint64_t)height * cdxl->header[19] > INT_MAX)
+        return AVERROR_INVALIDDATA;

     image_size   = FFALIGN(width, 16) * height * cdxl->header[19] / 8;
     video_size   = palette_size + image_size;
 
     image_size   = FFALIGN(width, 16) * height * cdxl->header[19] / 8;
     video_size   = palette_size + image_size;
 

diff --git a/ffmpeg/libavformat/flvdec.c b/ffmpeg/libavformat/flvdec.c
index 54f2f56dba2bf644617ef986f776a6d4450f0453..da277a1218407dcf7f806ad9a89c5fd6420ac21a 100644 (file)
--- a/ffmpeg/libavformat/flvdec.c
+++ b/ffmpeg/libavformat/flvdec.c
@@ -390,7 +390,7 @@ static int amf_parse_object(AVFormatContext *s, AVStream *astream,
     FLVContext *flv = s->priv_data;
     AVIOContext *ioc;
     AMFDataType amf_type;
     FLVContext *flv = s->priv_data;
     AVIOContext *ioc;
     AMFDataType amf_type;

-    char str_val[256];
+    char str_val[1024];

     double num_val;
 
     num_val  = 0;
     double num_val;
 
     num_val  = 0;


@@ -558,13 +558,13 @@ static int flv_read_metabody(AVFormatContext *s, int64_t next_pos)
     type = avio_r8(ioc);
     if (type != AMF_DATA_TYPE_STRING ||
         amf_get_string(ioc, buffer, sizeof(buffer)) < 0)
     type = avio_r8(ioc);
     if (type != AMF_DATA_TYPE_STRING ||
         amf_get_string(ioc, buffer, sizeof(buffer)) < 0)

-        return -1;
+        return 2;

 
     if (!strcmp(buffer, "onTextData"))
         return 1;
 
     if (strcmp(buffer, "onMetaData") && strcmp(buffer, "onCuePoint"))
 
     if (!strcmp(buffer, "onTextData"))
         return 1;
 
     if (strcmp(buffer, "onMetaData") && strcmp(buffer, "onCuePoint"))

-        return -1;
+        return 2;

 
     // find the streams now so that amf_parse_object doesn't need to do
     // the lookup every time it is called.
 
     // find the streams now so that amf_parse_object doesn't need to do
     // the lookup every time it is called.


@@ -822,7 +822,7 @@ static int flv_read_packet(AVFormatContext *s, AVPacket *pkt)
             stream_type=FLV_STREAM_TYPE_DATA;
             if (size > 13 + 1 + 4 && dts == 0) { // Header-type metadata stuff
                 meta_pos = avio_tell(s->pb);
             stream_type=FLV_STREAM_TYPE_DATA;
             if (size > 13 + 1 + 4 && dts == 0) { // Header-type metadata stuff
                 meta_pos = avio_tell(s->pb);

-                if (flv_read_metabody(s, next) == 0) {
+                if (flv_read_metabody(s, next) <= 0) {

                     goto skip;
                 }
                 avio_seek(s->pb, meta_pos, SEEK_SET);
                     goto skip;
                 }
                 avio_seek(s->pb, meta_pos, SEEK_SET);

diff --git a/ffmpeg/libavformat/matroskadec.c b/ffmpeg/libavformat/matroskadec.c
index e9ba1e967e6ca567cac863f8c73054dbd43da85f..3f327fd8c5af8eb6ab6a01e446f3677f10d3c579 100644 (file)
--- a/ffmpeg/libavformat/matroskadec.c
+++ b/ffmpeg/libavformat/matroskadec.c
@@ -1080,7 +1080,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data)
                 for (j = 0; j < list->nb_elem;
                      j++, ptr += syntax[i].list_elem_size)
                     ebml_free(syntax[i].def.n, ptr);
                 for (j = 0; j < list->nb_elem;
                      j++, ptr += syntax[i].list_elem_size)
                     ebml_free(syntax[i].def.n, ptr);

-                av_free(list->elem);
+                av_freep(&list->elem);

             } else
                 ebml_free(syntax[i].def.n, data_off);
         default:
             } else
                 ebml_free(syntax[i].def.n, data_off);
         default:


@@ -2134,7 +2134,7 @@ static int matroska_deliver_packet(MatroskaDemuxContext *matroska,
 {
     if (matroska->num_packets > 0) {
         memcpy(pkt, matroska->packets[0], sizeof(AVPacket));
 {
     if (matroska->num_packets > 0) {
         memcpy(pkt, matroska->packets[0], sizeof(AVPacket));

-        av_free(matroska->packets[0]);
+        av_freep(&matroska->packets[0]);

         if (matroska->num_packets > 1) {
             void *newpackets;
             memmove(&matroska->packets[0], &matroska->packets[1],
         if (matroska->num_packets > 1) {
             void *newpackets;
             memmove(&matroska->packets[0], &matroska->packets[1],


@@ -2165,7 +2165,7 @@ static void matroska_clear_queue(MatroskaDemuxContext *matroska)
         int n;
         for (n = 0; n < matroska->num_packets; n++) {
             av_free_packet(matroska->packets[n]);
         int n;
         for (n = 0; n < matroska->num_packets; n++) {
             av_free_packet(matroska->packets[n]);

-            av_free(matroska->packets[n]);
+            av_freep(&matroska->packets[n]);

         }
         av_freep(&matroska->packets);
         matroska->num_packets = 0;
         }
         av_freep(&matroska->packets);
         matroska->num_packets = 0;


@@ -3003,7 +3003,7 @@ static int matroska_read_close(AVFormatContext *s)
 
     for (n = 0; n < matroska->tracks.nb_elem; n++)
         if (tracks[n].type == MATROSKA_TRACK_TYPE_AUDIO)
 
     for (n = 0; n < matroska->tracks.nb_elem; n++)
         if (tracks[n].type == MATROSKA_TRACK_TYPE_AUDIO)

-            av_free(tracks[n].audio.buf);
+            av_freep(&tracks[n].audio.buf);

     ebml_free(matroska_cluster, &matroska->current_cluster);
     ebml_free(matroska_segment, matroska);
 
     ebml_free(matroska_cluster, &matroska->current_cluster);
     ebml_free(matroska_segment, matroska);
 

diff --git a/ffmpeg/libavformat/mov.c b/ffmpeg/libavformat/mov.c
index 57e4524e3510f1decf914b92bdeb0eb4c43d5fb6..7455e3b5e5621ef6d9705536d473da9c3a1ca6de 100644 (file)
--- a/ffmpeg/libavformat/mov.c
+++ b/ffmpeg/libavformat/mov.c
@@ -210,7 +210,11 @@ static int mov_read_covr(MOVContext *c, AVIOContext *pb, int type, int len)
 static int mov_metadata_raw(MOVContext *c, AVIOContext *pb,
                             unsigned len, const char *key)
 {
 static int mov_metadata_raw(MOVContext *c, AVIOContext *pb,
                             unsigned len, const char *key)
 {

-    char *value = av_malloc(len + 1);
+    char *value;
+    // Check for overflow.
+    if (len >= INT_MAX)
+        return AVERROR(EINVAL);
+    value = av_malloc(len + 1);

     if (!value)
         return AVERROR(ENOMEM);
     avio_read(pb, value, len);
     if (!value)
         return AVERROR(ENOMEM);
     avio_read(pb, value, len);


@@ -352,7 +356,7 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 
     if (!key)
         return 0;
 
     if (!key)
         return 0;

-    if (atom.size < 0)
+    if (atom.size < 0 || str_size >= INT_MAX/2)

         return AVERROR_INVALIDDATA;
 
     str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input
         return AVERROR_INVALIDDATA;
 
     str_size_alloc = str_size << 1; // worst-case requirement for output string in case of utf8 coded input


@@ -1150,7 +1154,7 @@ static int mov_read_wave(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         st->codec->codec_id == AV_CODEC_ID_QDMC ||
         st->codec->codec_id == AV_CODEC_ID_SPEEX) {
         // pass all frma atom to codec, needed at least for QDMC and QDM2
         st->codec->codec_id == AV_CODEC_ID_QDMC ||
         st->codec->codec_id == AV_CODEC_ID_SPEEX) {
         // pass all frma atom to codec, needed at least for QDMC and QDM2

-        av_free(st->codec->extradata);
+        av_freep(&st->codec->extradata);

         if (ff_get_extradata(st->codec, pb, atom.size) < 0)
             return AVERROR(ENOMEM);
     } else if (atom.size > 8) { /* to read frma, esds atoms */
         if (ff_get_extradata(st->codec, pb, atom.size) < 0)
             return AVERROR(ENOMEM);
     } else if (atom.size > 8) { /* to read frma, esds atoms */


@@ -1190,7 +1194,7 @@ static int mov_read_glbl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         av_log(c, AV_LOG_WARNING, "ignoring multiple glbl\n");
         return 0;
     }
         av_log(c, AV_LOG_WARNING, "ignoring multiple glbl\n");
         return 0;
     }

-    av_free(st->codec->extradata);
+    av_freep(&st->codec->extradata);

     if (ff_get_extradata(st->codec, pb, atom.size) < 0)
         return AVERROR(ENOMEM);
 
     if (ff_get_extradata(st->codec, pb, atom.size) < 0)
         return AVERROR(ENOMEM);
 


@@ -1215,7 +1219,7 @@ static int mov_read_dvc1(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return 0;
 
     avio_seek(pb, 6, SEEK_CUR);
         return 0;
 
     avio_seek(pb, 6, SEEK_CUR);

-    av_free(st->codec->extradata);
+    av_freep(&st->codec->extradata);

     if ((ret = ff_get_extradata(st->codec, pb, atom.size - 7)) < 0)
         return ret;
 
     if ((ret = ff_get_extradata(st->codec, pb, atom.size - 7)) < 0)
         return ret;
 


@@ -1241,7 +1245,7 @@ static int mov_read_strf(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return AVERROR_INVALIDDATA;
 
     avio_skip(pb, 40);
         return AVERROR_INVALIDDATA;
 
     avio_skip(pb, 40);

-    av_free(st->codec->extradata);
+    av_freep(&st->codec->extradata);

     if (ff_get_extradata(st->codec, pb, atom.size - 40) < 0)
         return AVERROR(ENOMEM);
     return 0;
     if (ff_get_extradata(st->codec, pb, atom.size - 40) < 0)
         return AVERROR(ENOMEM);
     return 0;


@@ -3428,7 +3432,7 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
                 }
             }
             total_size += 8;
                 }
             }
             total_size += 8;

-            if (a.size == 1) { /* 64 bit extended size */
+            if (a.size == 1 && total_size + 8 <= atom.size) { /* 64 bit extended size */

                 a.size = avio_rb64(pb) - 8;
                 total_size += 8;
             }
                 a.size = avio_rb64(pb) - 8;
                 total_size += 8;
             }


@@ -3779,35 +3783,39 @@ static void export_orphan_timecode(AVFormatContext *s)
 static int read_tfra(MOVContext *mov, AVIOContext *f)
 {
     MOVFragmentIndex* index = NULL;
 static int read_tfra(MOVContext *mov, AVIOContext *f)
 {
     MOVFragmentIndex* index = NULL;

-    int version, fieldlength, i, j, err;
+    int version, fieldlength, i, j;

     int64_t pos = avio_tell(f);
     uint32_t size = avio_rb32(f);
     int64_t pos = avio_tell(f);
     uint32_t size = avio_rb32(f);

+    void *tmp;
+

     if (avio_rb32(f) != MKBETAG('t', 'f', 'r', 'a')) {
     if (avio_rb32(f) != MKBETAG('t', 'f', 'r', 'a')) {

-        return -1;
+        return 1;

     }
     av_log(mov->fc, AV_LOG_VERBOSE, "found tfra\n");
     index = av_mallocz(sizeof(MOVFragmentIndex));
     if (!index) {
         return AVERROR(ENOMEM);
     }
     }
     av_log(mov->fc, AV_LOG_VERBOSE, "found tfra\n");
     index = av_mallocz(sizeof(MOVFragmentIndex));
     if (!index) {
         return AVERROR(ENOMEM);
     }

-    mov->fragment_index_count++;
-    if ((err = av_reallocp(&mov->fragment_index_data,
-                           mov->fragment_index_count *
-                           sizeof(MOVFragmentIndex*))) < 0) {
+
+    tmp = av_realloc_array(mov->fragment_index_data,
+                           mov->fragment_index_count + 1,
+                           sizeof(MOVFragmentIndex*));
+    if (!tmp) {

         av_freep(&index);
         av_freep(&index);

-        return err;
+        return AVERROR(ENOMEM);

     }
     }

-    mov->fragment_index_data[mov->fragment_index_count - 1] =
-        index;
+    mov->fragment_index_data = tmp;
+    mov->fragment_index_data[mov->fragment_index_count++] = index;

 
     version = avio_r8(f);
     avio_rb24(f);
     index->track_id = avio_rb32(f);
     fieldlength = avio_rb32(f);
     index->item_count = avio_rb32(f);
 
     version = avio_r8(f);
     avio_rb24(f);
     index->track_id = avio_rb32(f);
     fieldlength = avio_rb32(f);
     index->item_count = avio_rb32(f);

-    index->items = av_mallocz(
-            index->item_count * sizeof(MOVFragmentIndexItem));
+    index->items = av_mallocz_array(
+            index->item_count, sizeof(MOVFragmentIndexItem));

     if (!index->items) {
     if (!index->items) {

+        index->item_count = 0;

         return AVERROR(ENOMEM);
     }
     for (i = 0; i < index->item_count; i++) {
         return AVERROR(ENOMEM);
     }
     for (i = 0; i < index->item_count; i++) {


@@ -3861,11 +3869,13 @@ static int mov_read_mfra(MOVContext *c, AVIOContext *f)
         av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (tag mismatch)\n");
         goto fail;
     }
         av_log(c->fc, AV_LOG_DEBUG, "doesn't look like mfra (tag mismatch)\n");
         goto fail;
     }

-    ret = 0;

     av_log(c->fc, AV_LOG_VERBOSE, "stream has mfra\n");
     av_log(c->fc, AV_LOG_VERBOSE, "stream has mfra\n");

-    while (!read_tfra(c, f)) {
-        /* Empty */
-    }
+    do {
+        ret = read_tfra(c, f);
+        if (ret < 0)
+            goto fail;
+    } while (!ret);
+    ret = 0;

 fail:
     seek_ret = avio_seek(f, original_pos, SEEK_SET);
     if (seek_ret < 0) {
 fail:
     seek_ret = avio_seek(f, original_pos, SEEK_SET);
     if (seek_ret < 0) {


@@ -4104,7 +4114,7 @@ static int mov_read_packet(AVFormatContext *s, AVPacket *pkt)
 #if CONFIG_DV_DEMUXER
         if (mov->dv_demux && sc->dv_audio_container) {
             avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos);
 #if CONFIG_DV_DEMUXER
         if (mov->dv_demux && sc->dv_audio_container) {
             avpriv_dv_produce_packet(mov->dv_demux, pkt, pkt->data, pkt->size, pkt->pos);

-            av_free(pkt->data);
+            av_freep(&pkt->data);

             pkt->size = 0;
             ret = avpriv_dv_get_packet(mov->dv_demux, pkt);
             if (ret < 0)
             pkt->size = 0;
             ret = avpriv_dv_get_packet(mov->dv_demux, pkt);
             if (ret < 0)

diff --git a/ffmpeg/libavformat/movenc.c b/ffmpeg/libavformat/movenc.c
index 10e883c923470c38a7e9060480a20b6adbcb4ec2..ef250412b935de1992a127431eef0a890ce34e2a 100644 (file)
--- a/ffmpeg/libavformat/movenc.c
+++ b/ffmpeg/libavformat/movenc.c
@@ -2499,7 +2499,8 @@ static int mov_write_mvhd_tag(AVIOContext *pb, MOVMuxContext *mov)
     }
 
     version = max_track_len < UINT32_MAX ? 0 : 1;
     }
 
     version = max_track_len < UINT32_MAX ? 0 : 1;

-    (version == 1) ? avio_wb32(pb, 120) : avio_wb32(pb, 108); /* size */
+    avio_wb32(pb, version == 1 ? 120 : 108); /* size */
+

     ffio_wfourcc(pb, "mvhd");
     avio_w8(pb, version);
     avio_wb24(pb, 0); /* flags */
     ffio_wfourcc(pb, "mvhd");
     avio_w8(pb, version);
     avio_wb24(pb, 0); /* flags */

diff --git a/ffmpeg/libavformat/segment.c b/ffmpeg/libavformat/segment.c
index 2cad6e3dab720df02bd6892b9a4e6de6d51cacf7..56ffcdcd7c8b328c108b1a6d500f4aa943ca6215 100644 (file)
--- a/ffmpeg/libavformat/segment.c
+++ b/ffmpeg/libavformat/segment.c
@@ -343,7 +343,7 @@ static int segment_end(AVFormatContext *s, int write_trailer, int is_last)
             if (seg->list_size && seg->segment_count >= seg->list_size) {
                 entry = seg->segment_list_entries;
                 seg->segment_list_entries = seg->segment_list_entries->next;
             if (seg->list_size && seg->segment_count >= seg->list_size) {
                 entry = seg->segment_list_entries;
                 seg->segment_list_entries = seg->segment_list_entries->next;

-                av_free(entry->filename);
+                av_freep(&entry->filename);

                 av_freep(&entry);
             }
 
                 av_freep(&entry);
             }
 


@@ -501,10 +501,10 @@ static int open_null_ctx(AVIOContext **ctx)
     return 0;
 }
 
     return 0;
 }
 

-static void close_null_ctx(AVIOContext *pb)
+static void close_null_ctxp(AVIOContext **pb)

 {
 {

-    av_free(pb->buffer);
-    av_free(pb);
+    av_freep(&(*pb)->buffer);
+    av_freep(pb);

 }
 
 static int select_reference_stream(AVFormatContext *s)
 }
 
 static int select_reference_stream(AVFormatContext *s)


@@ -687,7 +687,7 @@ static int seg_write_header(AVFormatContext *s)
         s->avoid_negative_ts = 1;
 
     if (!seg->write_header_trailer) {
         s->avoid_negative_ts = 1;
 
     if (!seg->write_header_trailer) {

-        close_null_ctx(oc->pb);
+        close_null_ctxp(&oc->pb);

         if ((ret = avio_open2(&oc->pb, oc->filename, AVIO_FLAG_WRITE,
                               &s->interrupt_callback, NULL)) < 0)
             goto fail;
         if ((ret = avio_open2(&oc->pb, oc->filename, AVIO_FLAG_WRITE,
                               &s->interrupt_callback, NULL)) < 0)
             goto fail;


@@ -820,7 +820,7 @@ static int seg_write_trailer(struct AVFormatContext *s)
             goto fail;
         open_null_ctx(&oc->pb);
         ret = av_write_trailer(oc);
             goto fail;
         open_null_ctx(&oc->pb);
         ret = av_write_trailer(oc);

-        close_null_ctx(oc->pb);
+        close_null_ctxp(&oc->pb);

     } else {
         ret = segment_end(s, 1, 1);
     }
     } else {
         ret = segment_end(s, 1, 1);
     }


@@ -836,7 +836,7 @@ fail:
     cur = seg->segment_list_entries;
     while (cur) {
         next = cur->next;
     cur = seg->segment_list_entries;
     while (cur) {
         next = cur->next;

-        av_free(cur->filename);
+        av_freep(&cur->filename);

         av_free(cur);
         cur = next;
     }
         av_free(cur);
         cur = next;
     }

diff --git a/ffmpeg/libavformat/utils.c b/ffmpeg/libavformat/utils.c
index 5da110da66fd6304b86c663670fed83fb4e6b65f..5a282a7ce79b56767be2d4bb1bc1ea4d3576c1be 100644 (file)
--- a/ffmpeg/libavformat/utils.c
+++ b/ffmpeg/libavformat/utils.c
@@ -2829,6 +2829,7 @@ int ff_alloc_extradata(AVCodecContext *avctx, int size)
     int ret;
 
     if (size < 0 || size >= INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) {
     int ret;
 
     if (size < 0 || size >= INT32_MAX - FF_INPUT_BUFFER_PADDING_SIZE) {

+        avctx->extradata = NULL;

         avctx->extradata_size = 0;
         return AVERROR(EINVAL);
     }
         avctx->extradata_size = 0;
         return AVERROR(EINVAL);
     }

diff --git a/scripts/ffmpeg-config b/scripts/ffmpeg-config
index bcac71578abdddf042cd69e06708cc4dfbd6d5cf..9b337f014705d5c207a6d9b44296531790466457 100755 (executable)
--- a/scripts/ffmpeg-config
+++ b/scripts/ffmpeg-config
@@ -9,7 +9,7 @@ fi
 OPTIONS=" --prefix=/opt/ffmpeg  --enable-avresample --disable-debug --enable-nonfree --enable-gpl --enable-version3 --enable-libpulse --enable-libopencore-amrnb --enable-libopencore-amrwb --disable-decoder=amrnb --disable-decoder=amrwb $USER_OPTS"
 
 # optional flags for encoding 
 OPTIONS=" --prefix=/opt/ffmpeg  --enable-avresample --disable-debug --enable-nonfree --enable-gpl --enable-version3 --enable-libpulse --enable-libopencore-amrnb --enable-libopencore-amrwb --disable-decoder=amrnb --disable-decoder=amrwb $USER_OPTS"
 
 # optional flags for encoding 

-OPTIONS="$OPTIONS --enable-libx264 --enable-libx265  --enable-libfdk-aac --enable-libvorbis --enable-libmp3lame --enable-libopus --enable-libvpx --enable-libspeex --enable-libass --enable-avisynth --enable-libsoxr --enable-libxvid --enable-libvo-aacenc  "
+OPTIONS="$OPTIONS --enable-libx264 --enable-libx265  --enable-libfdk-aac --enable-libvorbis --enable-libmp3lame --enable-libopus --enable-libvpx --enable-libspeex --enable-libass --enable-avisynth --enable-libsoxr --enable-libxvid --enable-libvo-aacenc --enable-libvidstab"

 
 echo Using ffmpeg options: $OPTIONS
 
 
 echo Using ffmpeg options: $OPTIONS