Hello community,
here is the log from the commit of package libav for openSUSE:Factory checked in at 2015-04-21 10:52:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libav (Old)
and /work/SRC/openSUSE:Factory/.libav.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libav"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libav/libav.changes 2015-03-28 18:38:23.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libav.new/libav.changes 2015-04-21 10:53:02.000000000 +0200
@@ -1,0 +2,32 @@
+Mon Apr 20 07:56:59 UTC 2015 - mpluskal@suse.com
+
+- Update to 11.3
+ * utvideodec: Handle slice_height being zero (CVE-2014-9604)
+ * adxdec: set avctx->channels in adx_read_header
+ * rmenc: limit packet size
+ * webp: validate the distance prefix code
+ * rv10: check size of s->mb_width * s->mb_height
+ * eamad: check for out of bounds read (CID/1257500)
+ * mdec: check for out of bounds read (CID/1257501)
+ * configure: Properly fail when libcdio/cdparanoia is not found
+ * tiff: Check that there is no aliasing in pixel format selection
+ (CVE-2014-8544)
+ * aic: Fix decoding files with odd dimensions
+ * vorbis: Check the vlc value in setup_classifs
+ * arm: Suppress tags about used cpu arch and extensions
+ * prores: Extend the padding check to 16bit
+ * icecast: Do not use chunked post, allows feeding to icecast
+ properly
+ * img2dec: correctly use the parsed value from -start_number
+ * h264_cabac: Break infinite loops
+ * hevc_deblock: Fix compilation with nasm (libav #795)
+ * h264: initialize H264Context.avctx in init_thread_copy
+ * h264: Do not share rbsp_buffer across threads
+ * h264: only ref cur_pic in update_thread_context if it is
+ initialized
+ * matroskadec: Fix read-after-free in matroska_read_seek()
+ (chromium #427266)
+ * log: Unbreak no-tty support on 256color terminals
+- Swith to pkgconfig style dependencies
+
+-------------------------------------------------------------------
Old:
----
libav-11.2.tar.xz
New:
----
libav-11.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libav.spec ++++++
--- /var/tmp/diff_new_pack.cDJrmL/_old 2015-04-21 10:53:02.000000000 +0200
+++ /var/tmp/diff_new_pack.cDJrmL/_new 2015-04-21 10:53:02.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libav
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,41 +24,40 @@
%define avutilso libavutil-libav54
%define swscaleso libswscale-libav3
Name: libav
-Version: 11.2
+Version: 11.3
Release: 0
Summary: Library working with various multimedia formats
License: GPL-2.0+
Group: Development/Libraries/C and C++
Url: https://libav.org/
Source: http://%{name}.org/releases/%{name}-%{version}.tar.xz
-BuildRequires: alsa-devel
-BuildRequires: freetype2-devel
-BuildRequires: frei0r-plugins-devel
-BuildRequires: gnutls-devel
-BuildRequires: libSDL-devel
-BuildRequires: libX11-devel
-BuildRequires: libXext-devel
-BuildRequires: libXfixes-devel
-BuildRequires: libbz2-devel
-BuildRequires: libcdio-paranoia-devel
-BuildRequires: libdc1394-devel
BuildRequires: libgsm-devel
-BuildRequires: libjack-devel
-BuildRequires: libopus-devel
-BuildRequires: libpulse-devel
-BuildRequires: libraw1394-devel
-BuildRequires: libtheora-devel
-BuildRequires: libva-devel
-BuildRequires: libvdpau-devel
-BuildRequires: libvorbis-devel
-BuildRequires: libvpx-devel
-BuildRequires: openjpeg-devel
-BuildRequires: pkgconfig
-BuildRequires: schroedinger-devel
-BuildRequires: speex-devel
-BuildRequires: xz
+BuildRequires: pkg-config
BuildRequires: yasm
-BuildRequires: zlib-devel
+BuildRequires: pkgconfig(alsa)
+BuildRequires: pkgconfig(bzip2)
+BuildRequires: pkgconfig(freetype2)
+BuildRequires: pkgconfig(frei0r)
+BuildRequires: pkgconfig(gnutls)
+BuildRequires: pkgconfig(jack)
+BuildRequires: pkgconfig(libcdio_paranoia)
+BuildRequires: pkgconfig(libdc1394-2)
+BuildRequires: pkgconfig(libopenjpeg)
+BuildRequires: pkgconfig(libpulse)
+BuildRequires: pkgconfig(libraw1394)
+BuildRequires: pkgconfig(libva)
+BuildRequires: pkgconfig(opus)
+BuildRequires: pkgconfig(schroedinger-1.0)
+BuildRequires: pkgconfig(sdl)
+BuildRequires: pkgconfig(speex)
+BuildRequires: pkgconfig(theora)
+BuildRequires: pkgconfig(vdpau)
+BuildRequires: pkgconfig(vorbis)
+BuildRequires: pkgconfig(vpx)
+BuildRequires: pkgconfig(x11)
+BuildRequires: pkgconfig(xext)
+BuildRequires: pkgconfig(xfixes)
+BuildRequires: pkgconfig(zlib)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -225,7 +224,7 @@
./configure \
--prefix=%{_prefix} --libdir=%{_libdir} --shlibdir=%{_libdir} \
--extra-cflags='%{optflags}' --optflags='%{optflags}' \
- --incdir="%_includedir/libav" --build-suffix="-libav" --enable-pic \
+ --incdir="%{_includedir}/libav" --build-suffix="-libav" --enable-pic \
--enable-shared --disable-static \
--enable-runtime-cpudetect \
--enable-gpl \
++++++ libav-11.2.tar.xz -> libav-11.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/Changelog new/libav-11.3/Changelog
--- old/libav-11.2/Changelog 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/Changelog 2015-03-09 02:54:09.000000000 +0100
@@ -1,6 +1,31 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+version 11.3:
+
+- utvideodec: Handle slice_height being zero (CVE-2014-9604)
+- adxdec: set avctx->channels in adx_read_header
+- rmenc: limit packet size
+- webp: validate the distance prefix code
+- rv10: check size of s->mb_width * s->mb_height
+- eamad: check for out of bounds read (CID/1257500)
+- mdec: check for out of bounds read (CID/1257501)
+- configure: Properly fail when libcdio/cdparanoia is not found
+- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
+- aic: Fix decoding files with odd dimensions
+- vorbis: Check the vlc value in setup_classifs
+- arm: Suppress tags about used cpu arch and extensions
+- prores: Extend the padding check to 16bit
+- icecast: Do not use chunked post, allows feeding to icecast properly
+- img2dec: correctly use the parsed value from -start_number
+- h264_cabac: Break infinite loops
+- hevc_deblock: Fix compilation with nasm (libav #795)
+- h264: initialize H264Context.avctx in init_thread_copy
+- h264: Do not share rbsp_buffer across threads
+- h264: only ref cur_pic in update_thread_context if it is initialized
+- matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266)
+- log: Unbreak no-tty support on 256color terminals
+
version 11.2:
- h264: restore a block mistakenly removed in e10fd08a (libav #781)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/RELEASE new/libav-11.3/RELEASE
--- old/libav-11.2/RELEASE 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/RELEASE 2015-03-09 02:54:09.000000000 +0100
@@ -1 +1 @@
-11.2
+11.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/VERSION new/libav-11.3/VERSION
--- old/libav-11.2/VERSION 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/VERSION 2015-03-09 02:54:09.000000000 +0100
@@ -1 +1 @@
-11.2
+11.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/configure new/libav-11.3/configure
--- old/libav-11.2/configure 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/configure 2015-03-09 02:54:09.000000000 +0100
@@ -1477,6 +1477,7 @@
TOOLCHAIN_FEATURES="
as_dn_directive
as_func
+ as_object_arch
asm_mod_q
attribute_may_alias
attribute_packed
@@ -3870,6 +3871,11 @@
.unreq ra
EOF
+ # llvm's integrated assembler supports .object_arch from llvm 3.5
+ [ "$objformat" = elf ] && check_as <mb_width = FFALIGN(avctx->width, 16) >> 4;
ctx->mb_height = FFALIGN(avctx->height, 16) >> 4;
- ctx->num_x_slices = 16;
- ctx->slice_width = ctx->mb_width / 16;
+ ctx->num_x_slices = (ctx->mb_width + 15) >> 4;
+ ctx->slice_width = 16;
for (i = 1; i < 32; i++) {
if (!(ctx->mb_width % i) && (ctx->mb_width / i < 32)) {
ctx->slice_width = ctx->mb_width / i;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/eamad.c new/libav-11.3/libavcodec/eamad.c
--- old/libav-11.2/libavcodec/eamad.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/eamad.c 2015-03-09 02:54:09.000000000 +0100
@@ -145,6 +145,11 @@
break;
} else if (level != 0) {
i += run;
+ if (i > 63) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
+ return;
+ }
j = scantable[i];
level = (level*quant_matrix[j]) >> 4;
level = (level-1)|1;
@@ -159,6 +164,11 @@
run = SHOW_UBITS(re, &s->gb, 6)+1; LAST_SKIP_BITS(re, &s->gb, 6);
i += run;
+ if (i > 63) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
+ return;
+ }
j = scantable[i];
if (level < 0) {
level = -level;
@@ -170,10 +180,6 @@
level = (level-1)|1;
}
}
- if (i > 63) {
- av_log(s->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", s->mb_x, s->mb_y);
- return;
- }
block[j] = level;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/h264.c new/libav-11.3/libavcodec/h264.c
--- old/libav-11.2/libavcodec/h264.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/h264.c 2015-03-09 02:54:09.000000000 +0100
@@ -686,6 +686,11 @@
memset(h->sps_buffers, 0, sizeof(h->sps_buffers));
memset(h->pps_buffers, 0, sizeof(h->pps_buffers));
+ h->avctx = avctx;
+ h->rbsp_buffer[0] = NULL;
+ h->rbsp_buffer[1] = NULL;
+ h->rbsp_buffer_size[0] = 0;
+ h->rbsp_buffer_size[1] = 0;
h->context_initialized = 0;
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/h264_cabac.c new/libav-11.3/libavcodec/h264_cabac.c
--- old/libav-11.2/libavcodec/h264_cabac.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/h264_cabac.c 2015-03-09 02:54:09.000000000 +0100
@@ -1711,7 +1711,7 @@
\
if( coeff_abs >= 15 ) { \
int j = 0; \
- while( get_cabac_bypass( CC ) ) { \
+ while (get_cabac_bypass(CC) && j < 30) { \
j++; \
} \
\
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/h264_slice.c new/libav-11.3/libavcodec/h264_slice.c
--- old/libav-11.2/libavcodec/h264_slice.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/h264_slice.c 2015-03-09 02:54:09.000000000 +0100
@@ -589,8 +589,11 @@
h->cur_pic_ptr = REBASE_PICTURE(h1->cur_pic_ptr, h, h1);
ff_h264_unref_picture(h, &h->cur_pic);
- if ((ret = ff_h264_ref_picture(h, &h->cur_pic, &h1->cur_pic)) < 0)
- return ret;
+ if (h1->cur_pic.f.buf[0]) {
+ ret = ff_h264_ref_picture(h, &h->cur_pic, &h1->cur_pic);
+ if (ret < 0)
+ return ret;
+ }
h->workaround_bugs = h1->workaround_bugs;
h->low_delay = h1->low_delay;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/mdec.c new/libav-11.3/libavcodec/mdec.c
--- old/libav-11.2/libavcodec/mdec.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/mdec.c 2015-03-09 02:54:09.000000000 +0100
@@ -86,7 +86,12 @@
if (level == 127) {
break;
} else if (level != 0) {
- i += run;
+ i += run;
+ if (i > 63) {
+ av_log(a->avctx, AV_LOG_ERROR,
+ "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y);
+ return AVERROR_INVALIDDATA;
+ }
j = scantable[i];
level = (level * qscale * quant_matrix[j]) >> 3;
level = (level ^ SHOW_SBITS(re, &a->gb, 1)) - SHOW_SBITS(re, &a->gb, 1);
@@ -96,8 +101,13 @@
run = SHOW_UBITS(re, &a->gb, 6)+1; LAST_SKIP_BITS(re, &a->gb, 6);
UPDATE_CACHE(re, &a->gb);
level = SHOW_SBITS(re, &a->gb, 10); SKIP_BITS(re, &a->gb, 10);
- i += run;
- j = scantable[i];
+ i += run;
+ if (i > 63) {
+ av_log(a->avctx, AV_LOG_ERROR,
+ "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y);
+ return AVERROR_INVALIDDATA;
+ }
+ j = scantable[i];
if (level < 0) {
level = -level;
level = (level * qscale * quant_matrix[j]) >> 3;
@@ -108,10 +118,6 @@
level = (level - 1) | 1;
}
}
- if (i > 63) {
- av_log(a->avctx, AV_LOG_ERROR, "ac-tex damaged at %d %d\n", a->mb_x, a->mb_y);
- return AVERROR_INVALIDDATA;
- }
block[j] = level;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/mpegvideo.h new/libav-11.3/libavcodec/mpegvideo.h
--- old/libav-11.2/libavcodec/mpegvideo.h 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/mpegvideo.h 2015-03-09 02:54:09.000000000 +0100
@@ -816,7 +816,7 @@
extern const uint8_t ff_h263_chroma_qscale_table[32];
/* rv10.c */
-void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
+int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number);
int ff_rv_decode_dc(MpegEncContext *s, int n);
void ff_rv20_encode_picture_header(MpegEncContext *s, int picture_number);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/mpegvideo_enc.c new/libav-11.3/libavcodec/mpegvideo_enc.c
--- old/libav-11.2/libavcodec/mpegvideo_enc.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/mpegvideo_enc.c 2015-03-09 02:54:09.000000000 +0100
@@ -3412,8 +3412,11 @@
ff_msmpeg4_encode_picture_header(s, picture_number);
else if (CONFIG_MPEG4_ENCODER && s->h263_pred)
ff_mpeg4_encode_picture_header(s, picture_number);
- else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10)
- ff_rv10_encode_picture_header(s, picture_number);
+ else if (CONFIG_RV10_ENCODER && s->codec_id == AV_CODEC_ID_RV10) {
+ ret = ff_rv10_encode_picture_header(s, picture_number);
+ if (ret < 0)
+ return ret;
+ }
else if (CONFIG_RV20_ENCODER && s->codec_id == AV_CODEC_ID_RV20)
ff_rv20_encode_picture_header(s, picture_number);
else if (CONFIG_FLV_ENCODER && s->codec_id == AV_CODEC_ID_FLV1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/proresdec.c new/libav-11.3/libavcodec/proresdec.c
--- old/libav-11.2/libavcodec/proresdec.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/proresdec.c 2015-03-09 02:54:09.000000000 +0100
@@ -365,6 +365,7 @@
}
}
+#define MAX_PADDING 16
/**
* Decode AC coefficients for all blocks in a slice.
@@ -389,7 +390,7 @@
lev_cb_index = ff_prores_lev_to_cb_index[FFMIN(level, 9)];
bits_left = get_bits_left(gb);
- if (bits_left <= 0 || (bits_left <= 8 && !show_bits(gb, bits_left)))
+ if (bits_left <= 0 || (bits_left <= MAX_PADDING && !show_bits(gb, bits_left)))
return 0;
run = decode_vlc_codeword(gb, ff_prores_ac_codebook[run_cb_index]);
@@ -397,7 +398,7 @@
return AVERROR_INVALIDDATA;
bits_left = get_bits_left(gb);
- if (bits_left <= 0 || (bits_left <= 8 && !show_bits(gb, bits_left)))
+ if (bits_left <= 0 || (bits_left <= MAX_PADDING && !show_bits(gb, bits_left)))
return AVERROR_INVALIDDATA;
level = decode_vlc_codeword(gb, ff_prores_ac_codebook[lev_cb_index]) + 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/rv10enc.c new/libav-11.3/libavcodec/rv10enc.c
--- old/libav-11.2/libavcodec/rv10enc.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/rv10enc.c 2015-03-09 02:54:09.000000000 +0100
@@ -28,7 +28,7 @@
#include "mpegvideo.h"
#include "put_bits.h"
-void ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
+int ff_rv10_encode_picture_header(MpegEncContext *s, int picture_number)
{
int full_frame= 0;
@@ -48,12 +48,18 @@
/* if multiple packets per frame are sent, the position at which
to display the macroblocks is coded here */
if(!full_frame){
+ if (s->mb_width * s->mb_height >= (1U << 12)) {
+ avpriv_report_missing_feature(s->avctx, "Encoding frames with %d (>= 4096) macroblocks",
+ s->mb_width * s->mb_height);
+ return AVERROR(ENOSYS);
+ }
put_bits(&s->pb, 6, 0); /* mb_x */
put_bits(&s->pb, 6, 0); /* mb_y */
put_bits(&s->pb, 12, s->mb_width * s->mb_height);
}
put_bits(&s->pb, 3, 0); /* ignored */
+ return 0;
}
FF_MPV_GENERIC_CLASS(rv10)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/tiff.c new/libav-11.3/libavcodec/tiff.c
--- old/libav-11.2/libavcodec/tiff.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/tiff.c 2015-03-09 02:54:09.000000000 +0100
@@ -248,6 +248,14 @@
{
int ret;
+ // make sure there is no aliasing in the following switch
+ if (s->bpp >= 100 || s->bppcount >= 10) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Unsupported image parameters: bpp=%d, bppcount=%d\n",
+ s->bpp, s->bppcount);
+ return AVERROR_INVALIDDATA;
+ }
+
switch (s->bpp * 10 + s->bppcount) {
case 11:
s->avctx->pix_fmt = AV_PIX_FMT_MONOBLACK;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/utvideodec.c new/libav-11.3/libavcodec/utvideodec.c
--- old/libav-11.2/libavcodec/utvideodec.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/utvideodec.c 2015-03-09 02:54:09.000000000 +0100
@@ -213,6 +213,8 @@
slice_start = ((slice * height) / slices) & cmask;
slice_height = ((((slice + 1) * height) / slices) & cmask) -
slice_start;
+ if (!slice_height)
+ continue;
bsrc = src + slice_start * stride;
@@ -269,6 +271,8 @@
slice_height = ((((slice + 1) * height) / slices) & cmask) -
slice_start;
slice_height >>= 1;
+ if (!slice_height)
+ continue;
bsrc = src + slice_start * stride;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/vorbisdec.c new/libav-11.3/libavcodec/vorbisdec.c
--- old/libav-11.2/libavcodec/vorbisdec.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/vorbisdec.c 2015-03-09 02:54:09.000000000 +0100
@@ -1308,7 +1308,7 @@
int p, j, i;
unsigned c_p_c = vc->codebooks[vr->classbook].dimensions;
unsigned inverse_class = ff_inverse[vr->classifications];
- unsigned temp, temp2;
+ int temp, temp2;
for (p = 0, j = 0; j < ch_used; ++j) {
if (!do_not_decode[j]) {
temp = get_vlc2(&vc->gb, vc->codebooks[vr->classbook].vlc.table,
@@ -1316,22 +1316,18 @@
av_dlog(NULL, "Classword: %u\n", temp);
- if (temp <= 65536) {
- for (i = partition_count + c_p_c - 1; i >= partition_count; i--) {
- temp2 = (((uint64_t)temp) * inverse_class) >> 32;
-
- if (i < vr->ptns_to_read)
- vr->classifs[p + i] = temp - temp2 * vr->classifications;
- temp = temp2;
- }
- } else {
- for (i = partition_count + c_p_c - 1; i >= partition_count; i--) {
- temp2 = temp / vr->classifications;
-
- if (i < vr->ptns_to_read)
- vr->classifs[p + i] = temp - temp2 * vr->classifications;
- temp = temp2;
- }
+ if (temp < 0) {
+ av_log(vc->avctx, AV_LOG_ERROR,
+ "Invalid vlc code decoding %d channel.", j);
+ return AVERROR_INVALIDDATA;
+ }
+
+ for (i = partition_count + c_p_c - 1; i >= partition_count; i--) {
+ temp2 = (((uint64_t)temp) * inverse_class) >> 32;
+
+ if (i < vr->ptns_to_read)
+ vr->classifs[p + i] = temp - temp2 * vr->classifications;
+ temp = temp2;
}
}
p += vr->ptns_to_read;
@@ -1381,7 +1377,9 @@
voffset = vr->begin;
for (partition_count = 0; partition_count < ptns_to_read;) { // SPEC error
if (!pass) {
- setup_classifs(vc, vr, do_not_decode, ch_used, partition_count);
+ int ret = setup_classifs(vc, vr, do_not_decode, ch_used, partition_count);
+ if (ret < 0)
+ return ret;
}
for (i = 0; (i < c_p_c) && (partition_count < ptns_to_read); ++i) {
for (j_times_ptns_to_read = 0, j = 0; j < ch_used; ++j) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/webp.c new/libav-11.3/libavcodec/webp.c
--- old/libav-11.2/libavcodec/webp.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/webp.c 2015-03-09 02:54:09.000000000 +0100
@@ -688,6 +688,11 @@
length = offset + get_bits(&s->gb, extra_bits) + 1;
}
prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
+ if (prefix_code > 39) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "distance prefix code too large: %d\n", prefix_code);
+ return AVERROR_INVALIDDATA;
+ }
if (prefix_code < 4) {
distance = prefix_code + 1;
} else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavcodec/x86/hevc_deblock.asm new/libav-11.3/libavcodec/x86/hevc_deblock.asm
--- old/libav-11.2/libavcodec/x86/hevc_deblock.asm 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavcodec/x86/hevc_deblock.asm 2015-03-09 02:54:09.000000000 +0100
@@ -356,7 +356,7 @@
%if %1 > 8
shl betaq, %1 - 8
%endif
- movd m13, betaq
+ movd m13, betad
SPLATW m13, m13, 0
;end beta calculations
@@ -620,7 +620,7 @@
paddw m15, m2; p1'
;beta calculations
- movd m10, betaq
+ movd m10, betad
SPLATW m10, m10, 0
movd m13, r7d; 1dp0 + 1dp3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/adxdec.c new/libav-11.3/libavformat/adxdec.c
--- old/libav-11.2/libavformat/adxdec.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavformat/adxdec.c 2015-03-09 02:54:09.000000000 +0100
@@ -89,8 +89,14 @@
av_log(s, AV_LOG_ERROR, "Invalid extradata size.\n");
return AVERROR_INVALIDDATA;
}
+ avctx->channels = AV_RB8(avctx->extradata + 7);
avctx->sample_rate = AV_RB32(avctx->extradata + 8);
+ if (avctx->channels <= 0) {
+ av_log(s, AV_LOG_ERROR, "invalid number of channels %d\n", avctx->channels);
+ return AVERROR_INVALIDDATA;
+ }
+
st->codec->codec_type = AVMEDIA_TYPE_AUDIO;
st->codec->codec_id = s->iformat->raw_codec_id;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/icecast.c new/libav-11.3/libavformat/icecast.c
--- old/libav-11.2/libavformat/icecast.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavformat/icecast.c 2015-03-09 02:54:09.000000000 +0100
@@ -126,6 +126,7 @@
av_dict_set(&opt_dict, "method", s->legacy_icecast ? "SOURCE" : "PUT", 0);
av_dict_set(&opt_dict, "auth_type", "basic", 0);
av_dict_set(&opt_dict, "headers", headers, 0);
+ av_dict_set(&opt_dict, "chunked_post", "0", 0);
if (NOT_EMPTY(s->content_type))
av_dict_set(&opt_dict, "content_type", s->content_type, 0);
if (NOT_EMPTY(s->user_agent))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/img2dec.c new/libav-11.3/libavformat/img2dec.c
--- old/libav-11.2/libavformat/img2dec.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavformat/img2dec.c 2015-03-09 02:54:09.000000000 +0100
@@ -194,7 +194,7 @@
return AVERROR(ENOENT);
s->img_first = first_index;
s->img_last = last_index;
- s->img_number = first_index;
+ s->img_number = s->start_number != 1 ? s->start_number : first_index;
/* compute duration */
st->start_time = 0;
st->duration = last_index - first_index + 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/matroskadec.c new/libav-11.3/libavformat/matroskadec.c
--- old/libav-11.2/libavformat/matroskadec.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavformat/matroskadec.c 2015-03-09 02:54:09.000000000 +0100
@@ -2532,7 +2532,7 @@
int64_t timestamp, int flags)
{
MatroskaDemuxContext *matroska = s->priv_data;
- MatroskaTrack *tracks = matroska->tracks.elem;
+ MatroskaTrack *tracks = NULL;
AVStream *st = s->streams[stream_index];
int i, index, index_sub, index_min;
@@ -2562,6 +2562,7 @@
return 0;
index_min = index;
+ tracks = matroska->tracks.elem;
for (i = 0; i < matroska->tracks.nb_elem; i++) {
tracks[i].audio.pkt_cnt = 0;
tracks[i].audio.sub_packet_cnt = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavformat/rmenc.c new/libav-11.3/libavformat/rmenc.c
--- old/libav-11.2/libavformat/rmenc.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavformat/rmenc.c 2015-03-09 02:54:09.000000000 +0100
@@ -44,6 +44,10 @@
/* in ms */
#define BUFFER_DURATION 0
+/* the header needs at most 7 + 4 + 12 B */
+#define MAX_HEADER_SIZE (7 + 4 + 12)
+/* UINT16_MAX is the maximal chunk size */
+#define MAX_PACKET_SIZE (UINT16_MAX - MAX_HEADER_SIZE)
static void put_str(AVIOContext *s, const char *tag)
@@ -389,6 +393,10 @@
/* Well, I spent some time finding the meaning of these bits. I am
not sure I understood everything, but it works !! */
#if 1
+ if (size > MAX_PACKET_SIZE) {
+ avpriv_report_missing_feature(s, "Muxing packets larger than 64 kB");
+ return AVERROR(ENOSYS);
+ }
write_packet_header(s, stream, size + 7 + (size >= 0x4000)*4, key_frame);
/* bit 7: '1' if final packet of a frame converted in several packets */
avio_w8(pb, 0x81);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavutil/arm/asm.S new/libav-11.3/libavutil/arm/asm.S
--- old/libav-11.2/libavutil/arm/asm.S 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavutil/arm/asm.S 2015-03-09 02:54:09.000000000 +0100
@@ -49,11 +49,17 @@
#elif HAVE_ARMV5TE
.arch armv5te
#endif
+#if HAVE_AS_OBJECT_ARCH
+ELF .object_arch armv4
+#endif
#if HAVE_NEON
.fpu neon
+ELF .eabi_attribute 10, 0 @ suppress Tag_FP_arch
+ELF .eabi_attribute 12, 0 @ suppress Tag_Advanced_SIMD_arch
#elif HAVE_VFP
.fpu vfp
+ELF .eabi_attribute 10, 0 @ suppress Tag_FP_arch
#endif
.syntax unified
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libav-11.2/libavutil/log.c new/libav-11.3/libavutil/log.c
--- old/libav-11.2/libavutil/log.c 2015-01-14 21:50:49.000000000 +0100
+++ new/libav-11.3/libavutil/log.c 2015-03-09 02:54:09.000000000 +0100
@@ -75,7 +75,8 @@
char *term = getenv("TERM");
use_color = !getenv("NO_COLOR") && !getenv("AV_LOG_FORCE_NOCOLOR") &&
(getenv("TERM") && isatty(2) || getenv("AV_LOG_FORCE_COLOR"));
- use_color += term && strstr(term, "256color");
+ if (use_color)
+ use_color += term && strstr(term, "256color");
#else
use_color = getenv("AV_LOG_FORCE_COLOR") && !getenv("NO_COLOR") &&
!getenv("AV_LOG_FORCE_NOCOLOR");