[FFmpeg-cvslog] examples/demuxing_decoding: convert to codecpar

2016-08-24 Thread James Almer 
ffmpeg | branch: release/3.1 | James Almer  | Wed Aug 10 
12:31:16 2016 -0300| [40ab55746e29d27af58a4f78f4bb575813b12965] | committer: 
James Almer

examples/demuxing_decoding: convert to codecpar

Signed-off-by: James Almer 
(cherry picked from commit bba6a03b2816d805d44bce4f9701a71f7d3f8dad)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40ab55746e29d27af58a4f78f4bb575813b12965
---

 doc/examples/demuxing_decoding.c | 33 ++---
 1 file changed, 22 insertions(+), 11 deletions(-)

diff --git a/doc/examples/demuxing_decoding.c b/doc/examples/demuxing_decoding.c
index 59e0ccc..49fb6af 100644
--- a/doc/examples/demuxing_decoding.c
+++ b/doc/examples/demuxing_decoding.c
@@ -148,11 +148,10 @@ static int decode_packet(int *got_frame, int cached)
 }
 
 static int open_codec_context(int *stream_idx,
-  AVFormatContext *fmt_ctx, enum AVMediaType type)
+  AVCodecContext **dec_ctx, AVFormatContext 
*fmt_ctx, enum AVMediaType type)
 {
 int ret, stream_index;
 AVStream *st;
-AVCodecContext *dec_ctx = NULL;
 AVCodec *dec = NULL;
 AVDictionary *opts = NULL;
 
@@ -166,17 +165,31 @@ static int open_codec_context(int *stream_idx,
 st = fmt_ctx->streams[stream_index];
 
 /* find decoder for the stream */
-dec_ctx = st->codec;
-dec = avcodec_find_decoder(dec_ctx->codec_id);
+dec = avcodec_find_decoder(st->codecpar->codec_id);
 if (!dec) {
 fprintf(stderr, "Failed to find %s codec\n",
 av_get_media_type_string(type));
 return AVERROR(EINVAL);
 }
 
+/* Allocate a codec context for the decoder */
+*dec_ctx = avcodec_alloc_context3(dec);
+if (!*dec_ctx) {
+fprintf(stderr, "Failed to allocate the %s codec context\n",
+av_get_media_type_string(type));
+return AVERROR(ENOMEM);
+}
+
+/* Copy codec parameters from input stream to output codec context */
+if ((ret = avcodec_parameters_to_context(*dec_ctx, st->codecpar)) < 0) 
{
+fprintf(stderr, "Failed to copy %s codec parameters to decoder 
context\n",
+av_get_media_type_string(type));
+return ret;
+}
+
 /* Init the decoders, with or without reference counting */
 av_dict_set(, "refcounted_frames", refcount ? "1" : "0", 0);
-if ((ret = avcodec_open2(dec_ctx, dec, )) < 0) {
+if ((ret = avcodec_open2(*dec_ctx, dec, )) < 0) {
 fprintf(stderr, "Failed to open %s codec\n",
 av_get_media_type_string(type));
 return ret;
@@ -255,9 +268,8 @@ int main (int argc, char **argv)
 exit(1);
 }
 
-if (open_codec_context(_stream_idx, fmt_ctx, AVMEDIA_TYPE_VIDEO) >= 
0) {
+if (open_codec_context(_stream_idx, _dec_ctx, fmt_ctx, 
AVMEDIA_TYPE_VIDEO) >= 0) {
 video_stream = fmt_ctx->streams[video_stream_idx];
-video_dec_ctx = video_stream->codec;
 
 video_dst_file = fopen(video_dst_filename, "wb");
 if (!video_dst_file) {
@@ -279,9 +291,8 @@ int main (int argc, char **argv)
 video_dst_bufsize = ret;
 }
 
-if (open_codec_context(_stream_idx, fmt_ctx, AVMEDIA_TYPE_AUDIO) >= 
0) {
+if (open_codec_context(_stream_idx, _dec_ctx, fmt_ctx, 
AVMEDIA_TYPE_AUDIO) >= 0) {
 audio_stream = fmt_ctx->streams[audio_stream_idx];
-audio_dec_ctx = audio_stream->codec;
 audio_dst_file = fopen(audio_dst_filename, "wb");
 if (!audio_dst_file) {
 fprintf(stderr, "Could not open destination file %s\n", 
audio_dst_filename);
@@ -369,8 +380,8 @@ int main (int argc, char **argv)
 }
 
 end:
-avcodec_close(video_dec_ctx);
-avcodec_close(audio_dec_ctx);
+avcodec_free_context(_dec_ctx);
+avcodec_free_context(_dec_ctx);
 avformat_close_input(_ctx);
 if (video_dst_file)
 fclose(video_dst_file);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Changelog: update after last commit

2016-08-24 Thread James Almer 
ffmpeg | branch: release/3.1 | James Almer  | Wed Aug 24 
20:43:33 2016 -0300| [c46d22a4a58467bdc7885685b06a2114dd181c43] | committer: 
James Almer

Changelog: update after last commit

Signed-off-by: James Almer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c46d22a4a58467bdc7885685b06a2114dd181c43
---

 Changelog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Changelog b/Changelog
index a1bd17d..6089814 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,7 @@ version :
 
 
 version 3.1.3:
+- examples/demuxing_decoding: convert to codecpar
 - avcodec/exr: Check tile positions
 - avcodec/aacenc: Tighter input checks
 - avformat/wtvdec: Check pointer before use

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] libavcodec/wmalosslessdec: Check the remaining bits

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sun Aug 21 20:30:34 2016 +0200| [2f07937926e52e328ade0aeb40f61d994b41ed9d] | 
committer: Michael Niedermayer

libavcodec/wmalosslessdec: Check the remaining bits

Fixes assertion failure
Fixes: 
24ebfda03228b5cc1ef792608cfba458/signal_sigabrt_76ae7c37_6473_3fa8a111dbc752b1a7c411c5ab79aaa4.wma

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 67318187fbba382d887f9581dde48a50842f1bea)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f07937926e52e328ade0aeb40f61d994b41ed9d
---

 libavcodec/wmalosslessdec.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index 6b4edfc..7eb7b4c 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -1271,6 +1271,11 @@ static int decode_packet(AVCodecContext *avctx, void 
*data, int *got_frame_ptr,
 }
 }
 
+if (remaining_bits(s, gb) < 0) {
+av_log(avctx, AV_LOG_ERROR, "Overread %d\n", -remaining_bits(s, gb));
+s->packet_loss = 1;
+}
+
 if (s->packet_done && !s->packet_loss &&
 remaining_bits(s, gb) > 0) {
 /* save the rest of the data so that it can be decoded

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/h2645: Fix NAL unit padding

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Thu Aug 18 20:41:31 2016 +0200| [055e5c80ee07bb7911016a552df35ad25f7eebdd] | 
committer: Michael Niedermayer

avcodec/h2645: Fix NAL unit padding

The parser changes have lost the support for the needed padding, this adds it 
back
Fixes out of array reads
Fixes: 
03ea21d271abc8acf428d42ace51d8b4/asan_heap-oob_3358eef_5692_16f0cc01ab5225e9ce591659e5c20e35.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit cc13bc8c4f0f4afa30d0b94c3f3a369ccd2aaf0b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=055e5c80ee07bb7911016a552df35ad25f7eebdd
---

 libavcodec/h264.c|  2 +-
 libavcodec/h264.h|  2 --
 libavcodec/h2645_parse.c | 11 ++-
 libavcodec/h2645_parse.h |  6 --
 libavcodec/h264_parse.c  |  2 +-
 libavcodec/h264_parser.c |  2 +-
 libavcodec/hevc.c|  2 +-
 libavcodec/hevc_parser.c |  4 ++--
 libavcodec/qsvenc_hevc.c |  2 +-
 9 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index a61379c..a56f900 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -898,7 +898,7 @@ static int decode_nal_units(H264Context *h, const uint8_t 
*buf, int buf_size)
 }
 
 ret = ff_h2645_packet_split(>pkt, buf, buf_size, avctx, h->is_avc,
-h->nal_length_size, avctx->codec_id);
+h->nal_length_size, avctx->codec_id, 
avctx->flags2 & AV_CODEC_FLAG2_FAST);
 if (ret < 0) {
 av_log(avctx, AV_LOG_ERROR,
"Error splitting the input into NAL units.\n");
diff --git a/libavcodec/h264.h b/libavcodec/h264.h
index efe3555..309f91d 100644
--- a/libavcodec/h264.h
+++ b/libavcodec/h264.h
@@ -57,8 +57,6 @@
 
 #define MAX_DELAYED_PIC_COUNT  16
 
-#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if 
someone cares about a few bytes
-
 /* Compiling in interlaced support reduces the speed
  * of progressive decoding by about 2%. */
 #define ALLOW_INTERLACE
diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index 9979b63..d2fa5a0 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -30,10 +30,11 @@
 #include "h2645_parse.h"
 
 int ff_h2645_extract_rbsp(const uint8_t *src, int length,
-  H2645NAL *nal)
+  H2645NAL *nal, int small_padding)
 {
 int i, si, di;
 uint8_t *dst;
+int64_t padding = small_padding ? AV_INPUT_BUFFER_PADDING_SIZE : 
MAX_MBPAIR_SIZE;
 
 nal->skipped_bytes = 0;
 #define STARTCODE_TEST  \
@@ -81,7 +82,7 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length,
 }
 #endif /* HAVE_FAST_UNALIGNED */
 
-if (i >= length - 1) { // no escaped 0
+if (i >= length - 1 && small_padding) { // no escaped 0
 nal->data =
 nal->raw_data = src;
 nal->size =
@@ -90,7 +91,7 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length,
 }
 
 av_fast_malloc(>rbsp_buffer, >rbsp_buffer_size,
-   length + AV_INPUT_BUFFER_PADDING_SIZE);
+   length + padding);
 if (!nal->rbsp_buffer)
 return AVERROR(ENOMEM);
 
@@ -247,7 +248,7 @@ static int h264_parse_nal_header(H2645NAL *nal, void 
*logctx)
 
 int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length,
   void *logctx, int is_nalff, int nal_length_size,
-  enum AVCodecID codec_id)
+  enum AVCodecID codec_id, int small_padding)
 {
 int consumed, ret = 0;
 const uint8_t *next_avc = is_nalff ? buf : buf + length;
@@ -322,7 +323,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t 
*buf, int length,
 }
 nal = >nals[pkt->nb_nals];
 
-consumed = ff_h2645_extract_rbsp(buf, extract_length, nal);
+consumed = ff_h2645_extract_rbsp(buf, extract_length, nal, 
small_padding);
 if (consumed < 0)
 return consumed;
 
diff --git a/libavcodec/h2645_parse.h b/libavcodec/h2645_parse.h
index a3c7e1f..6302359 100644
--- a/libavcodec/h2645_parse.h
+++ b/libavcodec/h2645_parse.h
@@ -26,6 +26,8 @@
 #include "avcodec.h"
 #include "get_bits.h"
 
+#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if 
someone cares about a few bytes
+
 typedef struct H2645NAL {
 uint8_t *rbsp_buffer;
 int rbsp_buffer_size;
@@ -74,14 +76,14 @@ typedef struct H2645Packet {
  * Extract the raw (unescaped) bitstream.
  */
 int ff_h2645_extract_rbsp(const uint8_t *src, int length,
-  H2645NAL *nal);
+  H2645NAL *nal, int small_padding);
 
 /**
  * Split an input packet into NAL units.
  */
 int ff_h2645_packet_split(H2645Packet *pkt,

[FFmpeg-cvslog] avformat/wtvdec: Check pointer before use

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sun Aug 21 21:30:36 2016 +0200| [596513ca2ce9f140135a75647cf34ea86c8d86ce] | 
committer: Michael Niedermayer

avformat/wtvdec: Check pointer before use

Fixes out of array read
Fixes: 
049fdf78565f1ce5665df236d90f8657/asan_heap-oob_10a5a97_1026_42f9d4855547329560f385768de2f3fb.wtv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit cc5e5548df4af48674c7aef518e831b19e99f9fc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=596513ca2ce9f140135a75647cf34ea86c8d86ce
---

 libavformat/wtvdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index bd32d70..3ac4501 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -1031,7 +1031,7 @@ static int read_header(AVFormatContext *s)
 while (1) {
 uint64_t frame_nb = avio_rl64(pb);
 uint64_t position = avio_rl64(pb);
-while (frame_nb > e->size && e <= e_end) {
+while (e <= e_end && frame_nb > e->size) {
 e->pos = last_position;
 e++;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/rawdec: Fix bits_per_coded_sample checks

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Fri Aug 19 02:07:22 2016 +0200| [afd57722e1a8b749fc3c753824d26c2d7c0f9106] | 
committer: Michael Niedermayer

avcodec/rawdec: Fix bits_per_coded_sample checks

Fixes assertion failure
Fixes: 
9eb9cf5b8c26dd0fa7107ed0348dcc1f/signal_sigabrt_76ae7c37_8926_4609a5c3f071d555d2d557625f9687b1.swf

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 237207645b36fb79759d313c0399ee93ba467b9d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afd57722e1a8b749fc3c753824d26c2d7c0f9106
---

 libavcodec/rawdec.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
index f97a839..5a98258 100644
--- a/libavcodec/rawdec.c
+++ b/libavcodec/rawdec.c
@@ -204,8 +204,9 @@ static int raw_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 
 desc = av_pix_fmt_desc_get(avctx->pix_fmt);
 
-if ((avctx->bits_per_coded_sample == 8 || avctx->bits_per_coded_sample == 4
-|| avctx->bits_per_coded_sample <= 2) &&
+if ((avctx->bits_per_coded_sample == 8 || avctx->bits_per_coded_sample == 
4 ||
+ avctx->bits_per_coded_sample == 2 || avctx->bits_per_coded_sample == 
1 ||
+ (avctx->bits_per_coded_sample == 0 && (context->is_nut_pal8 || 
context->is_mono)) ) &&
 (context->is_mono || context->is_pal8) &&
 (!avctx->codec_tag || avctx->codec_tag == MKTAG('r','a','w',' ') ||
 context->is_nut_mono || context->is_nut_pal8)) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/adpcm: Fix adpcm_ima_wav padding

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sun Aug 21 01:42:20 2016 +0200| [4943abe05110562870b9f4d5e0ac85feb9ae2a63] | 
committer: Michael Niedermayer

avcodec/adpcm: Fix adpcm_ima_wav padding

Fixes out of array read
Fixes: 
f29f134ea5f5590df554a7733294a587/asan_stack-oob_309d14e_9188_ea01743d6355aff20530f3d4cdaa841a.wav

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit f2a9a30fd6a2914197ae42ee67703a1471fac2eb)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4943abe05110562870b9f4d5e0ac85feb9ae2a63
---

 libavcodec/adpcm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index 46c63a2..06ba83e 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -803,7 +803,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void 
*data,
 if (avctx->bits_per_coded_sample != 4) {
 int samples_per_block = 
ff_adpcm_ima_block_samples[avctx->bits_per_coded_sample - 2];
 int block_size = 
ff_adpcm_ima_block_sizes[avctx->bits_per_coded_sample - 2];
-uint8_t temp[20] = { 0 };
+uint8_t temp[20 + AV_INPUT_BUFFER_PADDING_SIZE] = { 0 };
 GetBitContext g;
 
 for (n = 0; n < (nb_samples - 1) / samples_per_block; n++) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/aacenc: Tighter input checks

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Tue Aug 23 11:00:29 2016 +0200| [ae893819620b49f1a04902dca35852139aaa8d36] | 
committer: Michael Niedermayer

avcodec/aacenc: Tighter input checks

Fixes occurance of NaN/Inf leading to assertion failures and out of array access
Fixes: 
d1c38a09acc34845c6be3a127a5aacaf/signal_sigsegv_3982225_6121_d18bd5451d4245ee09408f04badd1b83.wmv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 77bf96b04710b98a52aaddb93bfd32da0d506191)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae893819620b49f1a04902dca35852139aaa8d36
---

 libavcodec/aacenc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c
index 2653cef..4b80d38 100644
--- a/libavcodec/aacenc.c
+++ b/libavcodec/aacenc.c
@@ -622,8 +622,8 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket 
*avpkt,
 }
 
 for (k = 0; k < 1024; k++) {
-if (!isfinite(cpe->ch[ch].coeffs[k])) {
-av_log(avctx, AV_LOG_ERROR, "Input contains NaN/+-Inf\n");
+if (!(fabs(cpe->ch[ch].coeffs[k]) < 1E16)) { // Ensure 
headroom for energy calculation
+av_log(avctx, AV_LOG_ERROR, "Input contains (near) 
NaN/+-Inf\n");
 return AVERROR(EINVAL);
 }
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/h264_parser: Factor get_avc_nalsize() out

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sat Aug 20 00:36:38 2016 +0200| [93422bc92e942e71b2435e7dac7dbbad3a32ddcc] | 
committer: Michael Niedermayer

avcodec/h264_parser: Factor get_avc_nalsize() out

Signed-off-by: Michael Niedermayer 
(cherry picked from commit f10ea03df3dd1c15e3a957ca0aba528251438a79)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93422bc92e942e71b2435e7dac7dbbad3a32ddcc
---

 libavcodec/h2645_parse.h | 20 
 libavcodec/h264_parser.c | 22 +-
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/libavcodec/h2645_parse.h b/libavcodec/h2645_parse.h
index 6302359..3a60f3f 100644
--- a/libavcodec/h2645_parse.h
+++ b/libavcodec/h2645_parse.h
@@ -90,4 +90,24 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t 
*buf, int length,
  */
 void ff_h2645_packet_uninit(H2645Packet *pkt);
 
+static inline int get_nalsize(int nal_length_size, const uint8_t *buf,
+  int buf_size, int *buf_index, void *logctx)
+{
+int i, nalsize = 0;
+
+if (*buf_index >= buf_size - nal_length_size) {
+// the end of the buffer is reached, refill it
+return AVERROR(EAGAIN);
+}
+
+for (i = 0; i < nal_length_size; i++)
+nalsize = ((unsigned)nalsize << 8) | buf[(*buf_index)++];
+if (nalsize <= 0 || nalsize > buf_size - *buf_index) {
+av_log(logctx, AV_LOG_ERROR,
+   "Invalid nal size %d\n", nalsize);
+return AVERROR_INVALIDDATA;
+}
+return nalsize;
+}
+
 #endif /* AVCODEC_H2645_PARSE_H */
diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c
index 2ae9869..abe5961 100644
--- a/libavcodec/h264_parser.c
+++ b/libavcodec/h264_parser.c
@@ -226,26 +226,6 @@ static int scan_mmco_reset(AVCodecParserContext *s, 
GetBitContext *gb,
 return 0;
 }
 
-static inline int get_avc_nalsize(H264ParseContext *p, const uint8_t *buf,
-  int buf_size, int *buf_index, void *logctx)
-{
-int i, nalsize = 0;
-
-if (*buf_index >= buf_size - p->nal_length_size) {
-// the end of the buffer is reached, refill it
-return AVERROR(EAGAIN);
-}
-
-for (i = 0; i < p->nal_length_size; i++)
-nalsize = ((unsigned)nalsize << 8) | buf[(*buf_index)++];
-if (nalsize <= 0 || nalsize > buf_size - *buf_index) {
-av_log(logctx, AV_LOG_ERROR,
-   "AVC: nal size %d\n", nalsize);
-return AVERROR_INVALIDDATA;
-}
-return nalsize;
-}
-
 /**
  * Parse NAL units of found picture and decode some basic information.
  *
@@ -286,7 +266,7 @@ static inline int parse_nal_units(AVCodecParserContext *s,
 int src_length, consumed, nalsize = 0;
 
 if (buf_index >= next_avc) {
-nalsize = get_avc_nalsize(p, buf, buf_size, _index, avctx);
+nalsize = get_nalsize(p->nal_length_size, buf, buf_size, 
_index, avctx);
 if (nalsize < 0)
 break;
 next_avc = buf_index + nalsize;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] h2645_parse: only read avc length code at the correct position

2016-08-24 Thread Hendrik Leppkes 
ffmpeg | branch: release/3.1 | Hendrik Leppkes  | Thu Jul  
7 20:18:26 2016 +0200| [fabc1c9e567df696c87b557bc156e92420b26fa0] | committer: 
Michael Niedermayer

h2645_parse: only read avc length code at the correct position

Reading it from any other position would result in a wrong size being
read, instead fallback to the re-sync mechanic in the else clause.

(cherry picked from commit c3e9b098e12b8932693361625d4a69bc30583d9a)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fabc1c9e567df696c87b557bc156e92420b26fa0
---

 libavcodec/h2645_parse.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index 4d18de8..e92e38a 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -259,7 +259,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t 
*buf, int length,
 int extract_length = 0;
 int skip_trailing_zeros = 1;
 
-if (buf >= next_avc) {
+if (buf == next_avc) {
 int i;
 for (i = 0; i < nal_length_size; i++)
 extract_length = (extract_length << 8) | buf[i];
@@ -272,6 +272,9 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t 
*buf, int length,
 }
 next_avc = buf + extract_length;
 } else {
+if (buf > next_avc)
+av_log(logctx, AV_LOG_WARNING, "Exceeded next NALFF position, 
re-syncing.\n");
+
 /* search start code */
 while (buf[0] != 0 || buf[1] != 0 || buf[2] != 1) {
 ++buf;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avformat/swfdec: Fix inflate() error code check

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Fri Aug 19 10:28:22 2016 +0200| [4770eac663da306fc8298ff8b73ebeabdc23489c] | 
committer: Michael Niedermayer

avformat/swfdec: Fix inflate() error code check

Fixes infinite loop
Fixes endless.poc

Found-by: 连一汉 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a453bbb68f3eec202673728988bba3bc76071761)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4770eac663da306fc8298ff8b73ebeabdc23489c
---

 libavformat/swfdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
index fa2435e..c6f5fe6 100644
--- a/libavformat/swfdec.c
+++ b/libavformat/swfdec.c
@@ -119,10 +119,10 @@ retry:
 z->avail_out = buf_size;
 
 ret = inflate(z, Z_NO_FLUSH);
-if (ret < 0)
-return AVERROR(EINVAL);
 if (ret == Z_STREAM_END)
 return AVERROR_EOF;
+if (ret != Z_OK)
+return AVERROR(EINVAL);
 
 if (buf_size - z->avail_out == 0)
 goto retry;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] Update for 3.1.3

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Thu Aug 25 03:35:17 2016 +0200| [949094a4cdd946a2e38b6fc570e190ac8df1b5ec] | 
committer: Michael Niedermayer

Update for 3.1.3

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=949094a4cdd946a2e38b6fc570e190ac8df1b5ec
---

 Changelog| 22 ++
 RELEASE  |  2 +-
 doc/Doxyfile |  2 +-
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/Changelog b/Changelog
index 6100077..a1bd17d 100644
--- a/Changelog
+++ b/Changelog
@@ -4,6 +4,28 @@ releases are sorted from youngest to oldest.
 version :
 
 
+version 3.1.3:
+- avcodec/exr: Check tile positions
+- avcodec/aacenc: Tighter input checks
+- avformat/wtvdec: Check pointer before use
+- libavcodec/wmalosslessdec: Check the remaining bits
+- avcodec/adpcm: Fix adpcm_ima_wav padding
+- avcodec/svq3: fix slice size check
+- avcodec/diracdec: Check numx/y
+- avcodec/h2645_parse: fix nal size
+- avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split()
+- h2645_parse: only read avc length code at the correct position
+- h2645_parse: don't overread AnnexB NALs within an avc stream
+- avcodec/h264_parser: Factor get_avc_nalsize() out
+- avcodec/cfhd: Increase minimum band dimension to 3
+- avcodec/indeo2: check ctab
+- avformat/swfdec: Fix inflate() error code check
+- avcodec/rawdec: Fix bits_per_coded_sample checks
+- vcodec/h2645_parse: Clear buffer padding
+- avcodec/h2645: Fix NAL unit padding
+- avfilter/drawutils: Fix single plane with alpha
+- cmdutils: check for SetDllDirectory() availability
+
 version 3.1.2:
 - cmdutils: remove the current working directory from the DLL search path on 
win32
 - avcodec/rawdec: Fix palette handling with changing palettes
diff --git a/RELEASE b/RELEASE
index ef538c2..ff365e0 100644
--- a/RELEASE
+++ b/RELEASE
@@ -1 +1 @@
-3.1.2
+3.1.3
diff --git a/doc/Doxyfile b/doc/Doxyfile
index 20dcf77..5c8b2ed 100644
--- a/doc/Doxyfile
+++ b/doc/Doxyfile
@@ -31,7 +31,7 @@ PROJECT_NAME   = FFmpeg
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER = 3.1.2
+PROJECT_NUMBER = 3.1.3
 
 # With the PROJECT_LOGO tag one can specify a logo or icon that is included
 # in the documentation. The maximum height of the logo should not exceed 55

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split()

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sat Aug 20 00:39:07 2016 +0200| [ec30a498e66a6498c3c5045244aec9a38d41799e] | 
committer: Michael Niedermayer

avcodec/h2645_parse: Use get_nalsize() in ff_h2645_packet_split()

This fixes several regressions in h.264

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 528171ba84b24830b74d9c19dd957ac3609f7270)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec30a498e66a6498c3c5045244aec9a38d41799e
---

 libavcodec/h2645_parse.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index e92e38a..0059437 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -260,16 +260,15 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t 
*buf, int length,
 int skip_trailing_zeros = 1;
 
 if (buf == next_avc) {
-int i;
-for (i = 0; i < nal_length_size; i++)
-extract_length = (extract_length << 8) | buf[i];
+int i = 0;
+extract_length = get_nalsize(nal_length_size,
+ buf, length, , logctx);
+if (extract_length < 0)
+return extract_length;
+
 buf+= nal_length_size;
 length -= nal_length_size;
 
-if (extract_length > length) {
-av_log(logctx, AV_LOG_ERROR, "Invalid NAL unit size.\n");
-return AVERROR_INVALIDDATA;
-}
 next_avc = buf + extract_length;
 } else {
 if (buf > next_avc)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/diracdec: Check numx/y

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sat Aug 20 19:21:07 2016 +0200| [049d7677156af30ea34f5871df88846a8b9bc385] | 
committer: Michael Niedermayer

avcodec/diracdec: Check numx/y

Fixes division by 0
Fixes: 
60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a31e08fa1aa5c5f0518b8af850f28eb945268e66)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=049d7677156af30ea34f5871df88846a8b9bc385
---

 libavcodec/diracdec.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index c473e87..769dac3 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1153,6 +1153,11 @@ static int dirac_unpack_idwt_params(DiracContext *s)
 else {
 s->num_x= get_interleaved_ue_golomb(gb);
 s->num_y= get_interleaved_ue_golomb(gb);
+if (s->num_x * s->num_y == 0 || s->num_x * (uint64_t)s->num_y > 
INT_MAX) {
+av_log(s->avctx,AV_LOG_ERROR,"Invalid numx/y\n");
+s->num_x = s->num_y = 0;
+return AVERROR_INVALIDDATA;
+}
 if (s->ld_picture) {
 s->lowdelay.bytes.num = get_interleaved_ue_golomb(gb);
 s->lowdelay.bytes.den = get_interleaved_ue_golomb(gb);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/h2645_parse: fix nal size

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Fri Aug 19 23:54:28 2016 +0200| [8003a5d23792d79187e5f99be55c518e997bc1fd] | 
committer: Michael Niedermayer

avcodec/h2645_parse: fix nal size

Found-by: 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 15dd56c093be480e719d7bbc39f8dbddb586694d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8003a5d23792d79187e5f99be55c518e997bc1fd
---

 libavcodec/h2645_parse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index 0059437..c3961a5 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -88,7 +88,8 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length,
 nal->size =
 nal->raw_size = length;
 return length;
-}
+} else if (i > length)
+i = length;
 
 av_fast_padded_malloc(>rbsp_buffer, >rbsp_buffer_size,
   length + padding);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/exr: Check tile positions

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Wed Aug 17 21:22:29 2016 +0200| [79f52a0dbd484aad111e4bf4a4f7047c7ceb6137] | 
committer: Michael Niedermayer

avcodec/exr: Check tile positions

This also disabled the case of mixed x/ymin with tiles, the code
handles these cases inconsistent for the 2 coordinate axis and is
unlikely working correctly.

Fixes crash
Fixes: poc1.exr, poc2.exr

Found-by: Yaoguang Chen of Aliapy unLimit Security Team
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 01aee8148d4fa439cce678a11f5110656c98de1f)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137
---

 libavcodec/exr.c | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index cabe329..de46028 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1027,8 +1027,9 @@ static int decode_block(AVCodecContext *avctx, void 
*tdata,
 uint64_t line_offset, uncompressed_size;
 uint16_t *ptr_x;
 uint8_t *ptr;
-uint32_t data_size, line, col = 0;
-uint32_t tileX, tileY, tileLevelX, tileLevelY;
+uint32_t data_size;
+uint64_t line, col = 0;
+uint64_t tileX, tileY, tileLevelX, tileLevelY;
 const uint8_t *src;
 int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components; 
/* nb pixel to add at the right of the datawindow */
 int bxmin = s->xmin * 2 * s->desc->nb_components; /* nb pixel to add at 
the left of the datawindow */
@@ -1059,9 +1060,18 @@ static int decode_block(AVCodecContext *avctx, void 
*tdata,
 return AVERROR_PATCHWELCOME;
 }
 
+if (s->xmin || s->ymin) {
+avpriv_report_missing_feature(s->avctx, "Tiles with xmin/ymin");
+return AVERROR_PATCHWELCOME;
+}
+
 line = s->tile_attr.ySize * tileY;
 col = s->tile_attr.xSize * tileX;
 
+if (line < s->ymin || line > s->ymax ||
+col  < s->xmin || col  > s->xmax)
+return AVERROR_INVALIDDATA;
+
 td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tileY * 
s->tile_attr.ySize);
 td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tileX * 
s->tile_attr.xSize);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/cfhd: Increase minimum band dimension to 3

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Fri Aug 19 21:34:38 2016 +0200| [22a0c0e7642729db3d3e2820be56a6af38c61f2f] | 
committer: Michael Niedermayer

avcodec/cfhd: Increase minimum band dimension to 3

The implementation does not currently support len=2

Fixes out of array accesses
Fixes: 
29d1b3db5ba2205e82b0b3a533e057a3/asan_heap-oob_12b650c_9254_3b8c4e4d931eb2c32841c18ebb297f1d.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b8b36717217c6f45db71c77ad4e7c65521e7d9ff)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=22a0c0e7642729db3d3e2820be56a6af38c61f2f
---

 libavcodec/cfhd.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 74facd4..dfc9ace 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -320,7 +320,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 s->plane[s->channel_num].band[0][0].width  = data;
 s->plane[s->channel_num].band[0][0].stride = data;
 av_log(avctx, AV_LOG_DEBUG, "Lowpass width %"PRIu16"\n", data);
-if (data < 2 || data > 
s->plane[s->channel_num].band[0][0].a_width) {
+if (data < 3 || data > 
s->plane[s->channel_num].band[0][0].a_width) {
 av_log(avctx, AV_LOG_ERROR, "Invalid lowpass width\n");
 ret = AVERROR(EINVAL);
 break;
@@ -328,7 +328,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 } else if (tag == 28) {
 s->plane[s->channel_num].band[0][0].height = data;
 av_log(avctx, AV_LOG_DEBUG, "Lowpass height %"PRIu16"\n", data);
-if (data < 2 || data > s->plane[s->channel_num].band[0][0].height) 
{
+if (data < 3 || data > s->plane[s->channel_num].band[0][0].height) 
{
 av_log(avctx, AV_LOG_ERROR, "Invalid lowpass height\n");
 ret = AVERROR(EINVAL);
 break;
@@ -366,7 +366,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 s->plane[s->channel_num].band[s->level][s->subband_num].width  = 
data;
 s->plane[s->channel_num].band[s->level][s->subband_num].stride = 
FFALIGN(data, 8);
 av_log(avctx, AV_LOG_DEBUG, "Highpass width %i channel %i level %i 
subband %i\n", data, s->channel_num, s->level, s->subband_num);
-if (data < 2) {
+if (data < 3) {
 av_log(avctx, AV_LOG_ERROR, "Invalid highpass width\n");
 ret = AVERROR(EINVAL);
 break;
@@ -374,7 +374,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 } else if (tag == 42) {
 s->plane[s->channel_num].band[s->level][s->subband_num].height = 
data;
 av_log(avctx, AV_LOG_DEBUG, "Highpass height %i\n", data);
-if (data < 2) {
+if (data < 3) {
 av_log(avctx, AV_LOG_ERROR, "Invalid highpass height\n");
 ret = AVERROR(EINVAL);
 break;
@@ -383,7 +383,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 s->plane[s->channel_num].band[s->level][s->subband_num].width  = 
data;
 s->plane[s->channel_num].band[s->level][s->subband_num].stride = 
FFALIGN(data, 8);
 av_log(avctx, AV_LOG_DEBUG, "Highpass width2 %i\n", data);
-if (data < 2) {
+if (data < 3) {
 av_log(avctx, AV_LOG_ERROR, "Invalid highpass width2\n");
 ret = AVERROR(EINVAL);
 break;
@@ -391,7 +391,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, 
int *got_frame,
 } else if (tag == 50) {
 s->plane[s->channel_num].band[s->level][s->subband_num].height = 
data;
 av_log(avctx, AV_LOG_DEBUG, "Highpass height2 %i\n", data);
-if (data < 2) {
+if (data < 3) {
 av_log(avctx, AV_LOG_ERROR, "Invalid highpass height2\n");
 ret = AVERROR(EINVAL);
 break;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/svq3: fix slice size check

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Sat Aug 20 22:09:54 2016 +0200| [8c4a67183b0790735cc4611015a3a66c2616f6f1] | 
committer: Michael Niedermayer

avcodec/svq3: fix slice size check

Fixes out of array read
Fixes: 
09f46aa2175cade93e3e3932646a56a9/asan_heap-oob_4a5385_2995_498f6abfdc0248288cefe5f4b7ad316c.mov

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 2624695484cde26baedac10192856ebfd97f2cc7)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8c4a67183b0790735cc4611015a3a66c2616f6f1
---

 libavcodec/svq3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index a927063..5e7d164 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1027,7 +1027,7 @@ static int svq3_decode_slice_header(AVCodecContext *avctx)
 slice_bits   = slice_length * 8;
 slice_bytes  = slice_length + length - 1;
 
-if (slice_bytes > get_bits_left(>gb)) {
+if (8LL*slice_bytes > get_bits_left(>gb)) {
 av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
 return -1;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/indeo2: check ctab

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Fri Aug 19 13:07:14 2016 +0200| [77f978996bd55f8ee22ced3accb6264cbbc36859] | 
committer: Michael Niedermayer

avcodec/indeo2: check ctab

Fixes out of array access
Fixes: 
6b73fa392ac808f02e95a4e0a5770026/asan_static-oob_1b15f9a_1969_e7778535e5f27225fe0d6ded14721430.AVI

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 9ffe44c5c75c485b4cbb12751e228f18da219df3)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=77f978996bd55f8ee22ced3accb6264cbbc36859
---

 libavcodec/indeo2.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/indeo2.c b/libavcodec/indeo2.c
index 17f2367..7ad686d 100644
--- a/libavcodec/indeo2.c
+++ b/libavcodec/indeo2.c
@@ -171,6 +171,12 @@ static int ir2_decode_frame(AVCodecContext *avctx,
 
 ltab = buf[0x22] & 3;
 ctab = buf[0x22] >> 2;
+
+if (ctab > 3) {
+av_log(avctx, AV_LOG_ERROR, "ctab %d is invalid\n", ctab);
+return AVERROR_INVALIDDATA;
+}
+
 if (s->decode_delta) { /* intraframe */
 if ((ret = ir2_decode_plane(s, avctx->width, avctx->height,
 p->data[0], p->linesize[0],

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] h2645_parse: don't overread AnnexB NALs within an avc stream

2016-08-24 Thread Hendrik Leppkes 
ffmpeg | branch: release/3.1 | Hendrik Leppkes  | Thu Jul  
7 20:19:51 2016 +0200| [0ad4d4198a40f3907b77390d525bf6fd7868538f] | committer: 
Michael Niedermayer

h2645_parse: don't overread AnnexB NALs within an avc stream

We know the maximum size of an AnnexB NAL, signaling it as the maximum
NAL size allows ff_h2645_extract_rbsp to determine the correct size.

(cherry picked from commit 83a940e7fb9640954d631870e2ec6e8b3fc528ed)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ad4d4198a40f3907b77390d525bf6fd7868538f
---

 libavcodec/h2645_parse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index 50837b6..4d18de8 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -291,7 +291,7 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t 
*buf, int length,
 
 buf   += 3;
 length-= 3;
-extract_length = length;
+extract_length = FFMIN(length, next_avc - buf);
 
 if (buf >= next_avc) {
 /* skip to the start of the next NAL */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] vcodec/h2645_parse: Clear buffer padding

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Thu Aug 18 22:23:32 2016 +0200| [7d42daeea2df35e26dd4d45c3cce693a4d7a788c] | 
committer: Michael Niedermayer

vcodec/h2645_parse: Clear buffer padding

Fixes use of uninitialized memory
Fixes: 
044100cb22845944988a4bd821ff8074/asan_heap-oob_329927a_1366_c3de34ce9217dac820fbb46171031bbb.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 382a68b0088b06b8df20d0133d767d53d8f161ef)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d42daeea2df35e26dd4d45c3cce693a4d7a788c
---

 libavcodec/h2645_parse.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index d2fa5a0..50837b6 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -34,7 +34,7 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length,
 {
 int i, si, di;
 uint8_t *dst;
-int64_t padding = small_padding ? AV_INPUT_BUFFER_PADDING_SIZE : 
MAX_MBPAIR_SIZE;
+int64_t padding = small_padding ? 0 : MAX_MBPAIR_SIZE;
 
 nal->skipped_bytes = 0;
 #define STARTCODE_TEST  \
@@ -90,8 +90,8 @@ int ff_h2645_extract_rbsp(const uint8_t *src, int length,
 return length;
 }
 
-av_fast_malloc(>rbsp_buffer, >rbsp_buffer_size,
-   length + padding);
+av_fast_padded_malloc(>rbsp_buffer, >rbsp_buffer_size,
+  length + padding);
 if (!nal->rbsp_buffer)
 return AVERROR(ENOMEM);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avfilter/drawutils: Fix single plane with alpha

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: release/3.1 | Michael Niedermayer  | 
Tue Aug  9 12:22:15 2016 +0200| [905372be8f746ded92023fa92b858599368b2597] | 
committer: Michael Niedermayer

avfilter/drawutils: Fix single plane with alpha

Fixes Ticket5720

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 369ed11e3c8acc08db39fb2ed4e980a918cab61e)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=905372be8f746ded92023fa92b858599368b2597
---

 libavfilter/drawutils.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavfilter/drawutils.c b/libavfilter/drawutils.c
index e533040..8153fde 100644
--- a/libavfilter/drawutils.c
+++ b/libavfilter/drawutils.c
@@ -450,6 +450,7 @@ void ff_blend_rectangle(FFDrawContext *draw, FFDrawColor 
*color,
 alpha = 0x101 * color->rgba[3] + 0x2;
 }
 nb_planes = draw->nb_planes - !!(draw->desc->flags & 
AV_PIX_FMT_FLAG_ALPHA);
+nb_planes += !nb_planes;
 for (plane = 0; plane < nb_planes; plane++) {
 nb_comp = draw->pixelstep[plane];
 p0 = pointer_at(draw, dst, dst_linesize, plane, x0, y0);
@@ -627,6 +628,7 @@ void ff_blend_mask(FFDrawContext *draw, FFDrawColor *color,
 alpha = (0x101 * color->rgba[3] + 0x2) >> 8;
 }
 nb_planes = draw->nb_planes - !!(draw->desc->flags & 
AV_PIX_FMT_FLAG_ALPHA);
+nb_planes += !nb_planes;
 for (plane = 0; plane < nb_planes; plane++) {
 nb_comp = draw->pixelstep[plane];
 p0 = pointer_at(draw, dst, dst_linesize, plane, x0, y0);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avcodec/exr: Check tile positions

2016-08-24 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Wed 
Aug 17 21:22:29 2016 +0200| [01aee8148d4fa439cce678a11f5110656c98de1f] | 
committer: Michael Niedermayer

avcodec/exr: Check tile positions

This also disabled the case of mixed x/ymin with tiles, the code
handles these cases inconsistent for the 2 coordinate axis and is
unlikely working correctly.

Fixes crash
Fixes: poc1.exr, poc2.exr

Found-by: Yaoguang Chen of Aliapy unLimit Security Team
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01aee8148d4fa439cce678a11f5110656c98de1f
---

 libavcodec/exr.c | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 9ad11d6..c250eea 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1029,8 +1029,9 @@ static int decode_block(AVCodecContext *avctx, void 
*tdata,
 uint64_t line_offset, uncompressed_size;
 uint16_t *ptr_x;
 uint8_t *ptr;
-uint32_t data_size, line, col = 0;
-uint32_t tileX, tileY, tileLevelX, tileLevelY;
+uint32_t data_size;
+uint64_t line, col = 0;
+uint64_t tileX, tileY, tileLevelX, tileLevelY;
 const uint8_t *src;
 int axmax = (avctx->width - (s->xmax + 1)) * 2 * s->desc->nb_components; 
/* nb pixel to add at the right of the datawindow */
 int bxmin = s->xmin * 2 * s->desc->nb_components; /* nb pixel to add at 
the left of the datawindow */
@@ -1062,9 +1063,18 @@ static int decode_block(AVCodecContext *avctx, void 
*tdata,
 return AVERROR_PATCHWELCOME;
 }
 
+if (s->xmin || s->ymin) {
+avpriv_report_missing_feature(s->avctx, "Tiles with xmin/ymin");
+return AVERROR_PATCHWELCOME;
+}
+
 line = s->tile_attr.ySize * tileY;
 col = s->tile_attr.xSize * tileX;
 
+if (line < s->ymin || line > s->ymax ||
+col  < s->xmin || col  > s->xmax)
+return AVERROR_INVALIDDATA;
+
 td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tileY * 
s->tile_attr.ySize);
 td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tileX * 
s->tile_attr.xSize);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] af_hdcd: check return value of av_frame_copy_props()

2016-08-24 Thread Burt P 
ffmpeg | branch: master | Burt P  | Mon Aug 22 17:14:49 2016 
-0500| [8a78fc5b015f34e0a0c877b4b22b33fb961f847b] | committer: Burt P

af_hdcd: check return value of av_frame_copy_props()

Anton Khirnov:
"[av_frame_copy_props()] potentially contains memory allocation,
so the return value needs to be checked."

Signed-off-by: Burt P 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a78fc5b015f34e0a0c877b4b22b33fb961f847b
---

 libavfilter/af_hdcd.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavfilter/af_hdcd.c b/libavfilter/af_hdcd.c
index 1bcd279..2324dc3 100644
--- a/libavfilter/af_hdcd.c
+++ b/libavfilter/af_hdcd.c
@@ -1530,14 +1530,18 @@ static int filter_frame(AVFilterLink *inlink, AVFrame 
*in)
 AVFrame *out;
 const int16_t *in_data;
 int32_t *out_data;
-int n, c;
+int n, c, result;
 
 out = ff_get_audio_buffer(outlink, in->nb_samples);
 if (!out) {
 av_frame_free();
 return AVERROR(ENOMEM);
 }
-av_frame_copy_props(out, in);
+result = av_frame_copy_props(out, in);
+if (result) {
+av_frame_free();
+return result;
+}
 out->format = outlink->format;
 
 in_data  = (int16_t*)in->data[0];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] fate: add test for af_hdcd analyze mode

2016-08-24 Thread Burt P 
ffmpeg | branch: master | Burt P  | Mon Aug 22 17:11:42 2016 
-0500| [0cfe6acbe4987b3ce8ec364408256a09895a1f9b] | committer: Burt P

fate: add test for af_hdcd analyze mode

Signed-off-by: Burt P 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0cfe6acbe4987b3ce8ec364408256a09895a1f9b
---

 tests/fate/filter-audio.mak | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/tests/fate/filter-audio.mak b/tests/fate/filter-audio.mak
index d1d9d59..2066fa9 100644
--- a/tests/fate/filter-audio.mak
+++ b/tests/fate/filter-audio.mak
@@ -238,6 +238,12 @@ fate-filter-hdcd: CMD = md5 -i $(SRC) -af hdcd -f s24le
 fate-filter-hdcd: CMP = oneline
 fate-filter-hdcd: REF = 5db465a58d2fd0d06ca944b883b33476
 
+FATE_AFILTER_SAMPLES-$(call FILTERDEMDECENCMUX, HDCD, FLAC, FLAC, PCM_S24LE, 
PCM_S24LE) += fate-filter-hdcd-analyze
+fate-filter-hdcd-analyze: SRC = $(TARGET_SAMPLES)/filter/hdcd.flac
+fate-filter-hdcd-analyze: CMD = md5 -i $(SRC) -af hdcd=analyze_mode=pe -f s24le
+fate-filter-hdcd-analyze: CMP = oneline
+fate-filter-hdcd-analyze: REF = 81a4f00f85a585bc0198e9a0670a8cde
+
 FATE_AFILTER_SAMPLES-$(call FILTERDEMDECENCMUX, HDCD, FLAC, FLAC, PCM_S24LE, 
PCM_S24LE) += fate-filter-hdcd-false-positive
 fate-filter-hdcd-false-positive: SRC = 
$(TARGET_SAMPLES)/filter/hdcd-false-positive.flac
 fate-filter-hdcd-false-positive: CMD = md5 -i $(SRC) -af hdcd -f s24le

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] avfilter/vf_lut: add planar RGB support

2016-08-24 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Wed Aug 24 08:30:22 
2016 +0200| [0edfd8e6f4bbab7412aa27beb0e3dbe864196062] | committer: Paul B Mahol

avfilter/vf_lut: add planar RGB support

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0edfd8e6f4bbab7412aa27beb0e3dbe864196062
---

 libavfilter/vf_lut.c  | 17 -
 tests/ref/fate/filter-pixfmts-lut |  6 ++
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/libavfilter/vf_lut.c b/libavfilter/vf_lut.c
index 5148663..3e2f43c 100644
--- a/libavfilter/vf_lut.c
+++ b/libavfilter/vf_lut.c
@@ -66,6 +66,7 @@ typedef struct LutContext {
 int hsub, vsub;
 double var_values[VAR_VARS_NB];
 int is_rgb, is_yuv;
+int is_planar;
 int is_16bit;
 int step;
 int negate_alpha; /* only used by negate */
@@ -126,7 +127,12 @@ static av_cold void uninit(AVFilterContext *ctx)
 AV_PIX_FMT_ARGB, AV_PIX_FMT_RGBA, \
 AV_PIX_FMT_ABGR, AV_PIX_FMT_BGRA, \
 AV_PIX_FMT_RGB24,AV_PIX_FMT_BGR24,\
-AV_PIX_FMT_RGB48LE,  AV_PIX_FMT_RGBA64LE
+AV_PIX_FMT_RGB48LE,  AV_PIX_FMT_RGBA64LE, \
+AV_PIX_FMT_GBRP, AV_PIX_FMT_GBRAP,\
+AV_PIX_FMT_GBRP9,AV_PIX_FMT_GBRP10,   \
+AV_PIX_FMT_GBRP12,   AV_PIX_FMT_GBRP14,   \
+AV_PIX_FMT_GBRP16,   AV_PIX_FMT_GBRAP12,  \
+AV_PIX_FMT_GBRAP16
 
 static const enum AVPixelFormat yuv_pix_fmts[] = { YUV_FORMATS, 
AV_PIX_FMT_NONE };
 static const enum AVPixelFormat rgb_pix_fmts[] = { RGB_FORMATS, 
AV_PIX_FMT_NONE };
@@ -268,10 +274,11 @@ static int config_props(AVFilterLink *inlink)
 break;
 default:
 min[0] = min[1] = min[2] = min[3] = 0;
-max[0] = max[1] = max[2] = max[3] = 255;
+max[0] = max[1] = max[2] = max[3] = 255 * (1 << (desc->comp[0].depth - 
8));
 }
 
 s->is_yuv = s->is_rgb = 0;
+s->is_planar = desc->flags & AV_PIX_FMT_FLAG_PLANAR;
 if  (ff_fmt_is_in(inlink->format, yuv_pix_fmts)) s->is_yuv = 1;
 else if (ff_fmt_is_in(inlink->format, rgb_pix_fmts)) s->is_rgb = 1;
 
@@ -345,7 +352,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
 av_frame_copy_props(out, in);
 }
 
-if (s->is_rgb && s->is_16bit) {
+if (s->is_rgb && s->is_16bit && !s->is_planar) {
 /* packed, 16-bit */
 uint16_t *inrow, *outrow, *inrow0, *outrow0;
 const int w = inlink->w;
@@ -382,7 +389,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
 inrow0  += in_linesize;
 outrow0 += out_linesize;
 }
-} else if (s->is_rgb) {
+} else if (s->is_rgb && !s->is_planar) {
 /* packed */
 uint8_t *inrow, *outrow, *inrow0, *outrow0;
 const int w = inlink->w;
@@ -412,7 +419,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
 outrow0 += out_linesize;
 }
 } else if (s->is_16bit) {
-// planar yuv >8 bit depth
+// planar >8 bit depth
 uint16_t *inrow, *outrow;
 
 for (plane = 0; plane < 4 && in->data[plane] && in->linesize[plane]; 
plane++) {
diff --git a/tests/ref/fate/filter-pixfmts-lut 
b/tests/ref/fate/filter-pixfmts-lut
index 47e79d1..1f7c2ea 100644
--- a/tests/ref/fate/filter-pixfmts-lut
+++ b/tests/ref/fate/filter-pixfmts-lut
@@ -2,6 +2,12 @@ abgr0a932e831efd4ec22f68b25278bac402
 argb4f575be3cd02799389f581df99c4de38
 bgr24   fa43e3b2abfde8d9e60e157a9acc553d
 bgra4e2e689897ee7a8e42b16234597bab35
+gbrap   0d1eb2c39e291c53c57302cdc653c2fc
+gbrpe572d53183f3f2ed3951aa9940d440a1
+gbrp10lea8fd1ebbc36a477e2b134241fed91687
+gbrp12lec5a4b89571f7095eb737ad9fd6b1ee08
+gbrp14lebdfdfd6f36c60497d1cdae791f3cc117
+gbrp9le a8c4e29f4cb627db81ba053e0853e702
 rgb24   a356171207723a580e7d277078072005
 rgb48le 5c7dd8575836d18c91e09f1915cf9aa9
 rgba7bc854c2698b78af3e9159a19c2d9d21

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

[FFmpeg-cvslog] fate: update for gbrap after 61980dc479ce045d2e280bff0ba2118ccb8ce595

2016-08-24 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Wed Aug 24 08:03:20 
2016 +0200| [35a0bc0d94bc7a5106fe93db8ec1b59e10a6a184] | committer: Paul B Mahol

fate: update for gbrap after 61980dc479ce045d2e280bff0ba2118ccb8ce595

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35a0bc0d94bc7a5106fe93db8ec1b59e10a6a184
---

 tests/ref/fate/filter-pixdesc-gbrap  | 2 +-
 tests/ref/fate/filter-pixfmts-copy   | 2 +-
 tests/ref/fate/filter-pixfmts-crop   | 2 +-
 tests/ref/fate/filter-pixfmts-field  | 2 +-
 tests/ref/fate/filter-pixfmts-fieldorder | 2 +-
 tests/ref/fate/filter-pixfmts-hflip  | 2 +-
 tests/ref/fate/filter-pixfmts-il | 2 +-
 tests/ref/fate/filter-pixfmts-null   | 2 +-
 tests/ref/fate/filter-pixfmts-pad| 2 +-
 tests/ref/fate/filter-pixfmts-rotate | 2 +-
 tests/ref/fate/filter-pixfmts-scale  | 2 +-
 tests/ref/fate/filter-pixfmts-vflip  | 2 +-
 12 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/tests/ref/fate/filter-pixdesc-gbrap 
b/tests/ref/fate/filter-pixdesc-gbrap
index 6be442b..c8f5354 100644
--- a/tests/ref/fate/filter-pixdesc-gbrap
+++ b/tests/ref/fate/filter-pixdesc-gbrap
@@ -1 +1 @@
-pixdesc-gbrap   a2b9d6261ad24d75d192cbb3af277022
+pixdesc-gbrap   62c4d187a269f9f6fc87bb87e904ea71
diff --git a/tests/ref/fate/filter-pixfmts-copy 
b/tests/ref/fate/filter-pixfmts-copy
index 0059c9f..5890d4d 100644
--- a/tests/ref/fate/filter-pixfmts-copy
+++ b/tests/ref/fate/filter-pixfmts-copy
@@ -18,7 +18,7 @@ bgr8898a66734bda0572dfab1edd8239f6a2
 bgra3934fb81a602dfa7d29420b1a66f0fd8
 bgra64bec8d3217bf58d34f080ac88c0b0012c77
 bgra64leb71d75a928aac14cb768403e6f6a9910
-gbrap   ae09c3e9dcbe0d1ef21b2342be369210
+gbrap   98d30987407c51e5620921e11d40a4ff
 gbrp5fbc319e30110d19d539f5b274eddb6d
 gbrp10be703a17591a2a5c236675c5101c349bcc
 gbrp10leee014153f55c011918df5b2394815780
diff --git a/tests/ref/fate/filter-pixfmts-crop 
b/tests/ref/fate/filter-pixfmts-crop
index 4932b01..9b0b36f 100644
--- a/tests/ref/fate/filter-pixfmts-crop
+++ b/tests/ref/fate/filter-pixfmts-crop
@@ -18,7 +18,7 @@ bgr8142275ecc024d3f7b66c168ac2279ae2
 bgrae66a5f68ba463cbc89fce23a61bb5203
 bgra64be1ad8dd02714cafec793fb89577ddde47
 bgra64ledd29ec9aba43aa3e8f9f5b9a93ca8831
-gbrap   da6be176149efdfecb2a690bc64a644e
+gbrap   188cd467fe7ae7d85ae9ca8bdfa07739
 gbrpec671f573c2105072ab68a1933c58fee
 gbrp10be6f0130a41f01e58593d3840446dd94b7
 gbrp10le9c152b7dfb7ad7bc477518d97316d04f
diff --git a/tests/ref/fate/filter-pixfmts-field 
b/tests/ref/fate/filter-pixfmts-field
index 05bbc37..135814a 100644
--- a/tests/ref/fate/filter-pixfmts-field
+++ b/tests/ref/fate/filter-pixfmts-field
@@ -18,7 +18,7 @@ bgr847b2118262ad932cacf731cb66905ffd
 bgra66d6e0846990fff0f09a07c43c3add71
 bgra64beec0bdef8663dc9d73818a48419cb4764
 bgra64le9e2def541e51bc6e77fbffbff7fa146a
-gbrap   5bbed2c5c872748b38db078dbd7535fa
+gbrap   08a28b79dbd19246d1a94e3466af3624
 gbrp838025a3062f7f31e99196ce66961ad7
 gbrp10bef63c2555ea19fc78b00fd5b3e2b48e8c
 gbrp10lebe64c374ab318235d912372e99a0516a
diff --git a/tests/ref/fate/filter-pixfmts-fieldorder 
b/tests/ref/fate/filter-pixfmts-fieldorder
index 6c15a71..6dac638 100644
--- a/tests/ref/fate/filter-pixfmts-fieldorder
+++ b/tests/ref/fate/filter-pixfmts-fieldorder
@@ -18,7 +18,7 @@ bgr8cfc405aaf0162b4edfe9b3e047c5624d
 bgra5967b559257dbb6784f93b9d2bef4edd
 bgra64be64a4ec15bc35ede2018f650b50c2429b
 bgra64le5029192d0f32383c9f25f8e7da7cb5a0
-gbrap   8096c8ee9ade98101348c10eb22504cb
+gbrap   00afb65d44bea99c31b318fdbeb3be10
 gbrp506dea2fe492e985a396d1b11ccd8db3
 gbrp10be55bbfe2d472780dcbadf3027778caa0e
 gbrp10le13a39077ab1b2c3b49afd3e250b84a77
diff --git a/tests/ref/fate/filter-pixfmts-hflip 
b/tests/ref/fate/filter-pixfmts-hflip
index ca152e4..561aa9f 100644
--- a/tests/ref/fate/filter-pixfmts-hflip
+++ b/tests/ref/fate/filter-pixfmts-hflip
@@ -18,7 +18,7 @@ bgr867fb3fd116f0c0eb36d8ed03bdfbb0a6
 bgra275f05a382bcbc9bc77c06b79e1d8a71
 bgra64be1cabeafe9c21a4f7ccd976220f22ee5a
 bgra64le1b15c01c94cf9af89273da1d1f994cff
-gbrap   28e8d545a8f32a330c9368c927d97b66
+gbrap   bf6a2b2f206fbbb332a718fb570d7cb7
 gbrp0ecfeca171ba3a1a2ff4e92f572b71cf
 gbrp10be774398c2f81757a536c094f16cfc541a
 gbrp10lee9a6434d691be541f789f850963da181
diff --git a/tests/ref/fate/filter-pixfmts-il b/tests/ref/fate/filter-pixfmts-il
index d7f2d60..7795c9b 100644
--- a/tests/ref/fate/filter-pixfmts-il
+++