avcodec/qdrw: fix decoding odd size images for 2bpp and 4bpp

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/qdrw: fix decoding odd size images for 16bit case

Signed-off-by: Paul B Mahol <onemda@gmail.com>

ffmpeg: Add a linebreak to an error message.

avdevice/decklink_dec: remove AVFMT_RAWPICTURE

It has no effect for input devices.

Signed-off-by: Marton Balint <cus@passwd.hu>

avdevice/decklink_enc: convert AVFMT_RAWPICTURE to AV_CODEC_ID_WRAPPED_AVFRAME

Signed-off-by: Marton Balint <cus@passwd.hu>

avdevice/decklink_enc: add support to specify field order

Signed-off-by: Marton Balint <cus@passwd.hu>

avdevice/decklink_enc: convert to codecpar

Signed-off-by: Marton Balint <cus@passwd.hu>

avcodec/scpr: add support for older version

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/flacdsp: Fix: runtime error: signed integer overflow: -1027555328 + -1226681270 cannot be represented in type 'int'

Fixes: 673/clusterfuzz-testcase-5948736536576000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/eac3dec: Fix runtime error: left shift of negative value -3

Fixes: 672/clusterfuzz-testcase-5595018867769344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg12dec: Fix runtime error: left shift of negative value -2

671/clusterfuzz-testcase-4990381827555328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ituh263dec: Check for the bitstream end in ff_h263_decode_mb()

Fixes invalid shift

Fixes: 670/clusterfuzz-testcase-4852021066727424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

add locale month names to av_small_strptime

Signed-off-by: Micah Galizia <micahgalizia@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fate: update ffprobe stuff after dbc7f02a727286f3

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avutil/frame: Disallow zero sized frame side data

There should be no case that needs this and its a potential for
creating corner cases

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avutil/frame: Reimplement av_frame_new_side_data() without size=0 special case

The size 0 special case causes side data to be created which is
different and a special case if for any reasons size = 0 is passed

Fixes: multiple runtime error: null pointer passed as argument 1, which is declared to never be null
Fixes: 653/clusterfuzz-testcase-5773837415219200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/wavpack: Fix 280:22: runtime error: left shift of negative value -1

Fixes: 653/clusterfuzz-testcase-5773837415219200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/wavpack: Check post_shift

Fixes: runtime error: shift exponent 34 is too large for 32-bit type 'int'

Fixes: 653/clusterfuzz-testcase-5773837415219200

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/aeval: trim last frame's number of samples to match requested duration

Fixes #6181.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

lswr/rematrix: Remove an aggressive loop optimization.

Fixes undefined behaviour and a gcc warning:
libswresample/rematrix.c:376:47: warning: iteration 64 invokes undefined behavior

avcodec/vp56: Implement very basic error concealment

This should fix the fate failure due to a truncated last frame.
Alternatively the frame could be dropped.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/hlsenc: don't use %s for strftime on msvc

MSVC doesn't support the %s time format, and instead of returning an
error the invalid parameter handler is invoked which (by default)
terminates the process.

Reviewed-by：Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com>

avformat/hlsenc: fix hls_flags temp_file bug

refer to ticket id: #6170

rename file from temp to origin name after complete current segment

Reviewed-by: Aman Gupta <ffmpeg@tmm1.net>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>

avcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1

Fixes: 669/clusterfuzz-testcase-4847965409640448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represented in type 'int'

Fixes: 666/clusterfuzz-testcase-6581447227867136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vp56: Fix sign typo

Fixes: 664/clusterfuzz-testcase-4917047475568640

The change to fate is due to a truncated last frames which is now detected as damaged.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegaudiodec_template: Correct return code on id3 tag discarding

Fixes: 665/clusterfuzz-testcase-4863789881098240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

opus_pvq: prevent division by 0

res was 0 and divided K which made it infinity which caused K to
overflow.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

avcodec/scpr: remove 4 dead store

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/fmvc: initialize opcode to 0

It shouldn't really matter but it doesn't hurt.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/scpr: improve motion vectors checking for out of buffer write

Signed-off-by: Paul B Mahol <onemda@gmail.com>

tools/target_dec_fuzzer: Fix misaligned read

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int'

Fixes: 664/clusterfuzz-testcase-4917047475568640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv34: Simplify and factor get_slice_offset() code

This also fixes several integer overflows by checking each value before
use.
Fixes: 662/clusterfuzz-testcase-4898131432964096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/scpr: make sure that component value is <= 0x1F for 16 bpc

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/aic: unbreak decoding of files with slice_width != 16

Signed-off-by: Paul B Mahol <onemda@gmail.com>

lavc/utils: Make second parameter to apply_param_change() const.

Fixes a compilation warning:
passing argument 2 of ‘apply_param_change’ discards ‘const’ qualifier from pointer target type

opus_pvq: remove unneeded assert

Since the PVQ search has been well fuzzed and is guaranteed to never
break SUM(abs(y[])) == K, the assert is no longer needed.
Also the assert only prevented coding the wrong vector index but didn't
prevent crashes during searching for it, which made the assert rather
informational than practical.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

opus_pvq: improve PVQ search for low Ks

Since the probelm mentioned only happened when the phase was negative
(e.g. the sum had to be decreased), only discarding dimensions with a
zero pulse in that case restored the search's previously low distortion
at low Ks when the phase is never negative.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

avcodec/ituh263dec: Fix runtime error: left shift of 1342177279 by 1 places cannot be represented in type 'int'

Fixes: 659/clusterfuzz-testcase-5866673603084288

Huge DMV could be created by an encoder ignoring the spec

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpeglsdec: check shift for values that cause overflow later

Fixes: 657/clusterfuzz-testcase-6674741433729024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows

This is not necessarily specific to fuzzed files

Fixes: Multiple integer overflows
Fixes: 656/clusterfuzz-testcase-6463814516080640
Fixes: 658/clusterfuzz-testcase-6691260146384896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

lavfi: Add VAAPI deinterlacer

(cherry picked from commit ade370a4d7eab1866b6023c91c135d27c77ca465)
(cherry picked from commit 2d518aec4c781316092be65893b47922c8f71b67)

avcodec/shorten: support decoding AIFF-C variant

Signed-off-by: Paul B Mahol <onemda@gmail.com>

doc/filters: mention 'ffmpeg -filters' in timeline section

So users can see which filters support the 'enable' option.

Signed-off-by: Lou Logan <lou@lrcd.com>

avcodec/scpr: improve check for out of range motion vectors

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/scpr: check that current row is in valid range

Stops writing out of dst array.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/scpr: do not allow out of array access for 16bit case

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/qdrw: do better w/h parsing for direct bit packing

Apparently using 0x0001 opcode solely is not correct.
Try this instead.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

lavc/videotoolboxenc: check for dictionary key symbols

Fixes #6081. Some dictionary keys are not present on OS X 10.8.
This loads the symbols and uses a default value if not present.

Signed-off-by: Rick Kern <kernrj@gmail.com>

avcodec/h264_ps: Check chroma_qp_index_offset

Fixes: 647/clusterfuzz-testcase-5195745823031296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mips/Makefile: corrected conditional build of version 1 of vc1dsp optimizations for loongson mmi

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

lavd/opengl_enc: Fix a typo.

avcodec/wrapped_avframe: allocate a buffer with padding

This ensures that the wrapped avframe will not get reallocated later, which
would invalidate internal references such as extended data.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>

avcodec: add ScreenPressor decoder

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/h264idct_template: Fix several runtime error: signed integer overflow

Fixes: 652/clusterfuzz-testcase-6174944410992640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4videodec: Check sprite_offset in addition to shifts

Fixes: 651/clusterfuzz-testcase-5710668915277824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegaudiodec_template: Fix multiple runtime error: signed integer overflow

Fixes: 648/clusterfuzz-testcase-5337961317007360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/qdrw: add support for 0x0001 code

Fixes decoding of files which sets frame width/height this way.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/dnxhddec: fix decoding of DNxHR HQX 10-bit

Signed-off-by: Paul B Mahol <onemda@gmail.com>

doc: drawtext options update

Remove nonexistant "draw" option.
Add undocumented "tc24hmax" timecode wrap option.

Signed-off-by: Mulvya <mulvya@gmail.com>
Signed-off-by: Lou Logan <lou@lrcd.com>

avcodec/cbrt_data: add missing header include

Fixes make checkheaders

avcodec/mjpegenc_huffman: add missing header include

Fixes make checkheaders

avcodec/flicvideo: update comment, 24bit support is implemented

Signed-off-by: Paul B Mahol <onemda@gmail.com>

MAINTAINERS: Add ffmpeg-security alias members

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv34: Forward error from rv34_decode_mv()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4video: Fix runtime error: left shift of negative value

Fixes: 644/clusterfuzz-testcase-4726434209726464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dcadsp: Fix runtime error: signed integer overflow: 394625024 * 8 cannot be represented in type 'int'

Fixes: 643/clusterfuzz-testcase-5209078743695360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv34: Fix runtime error: signed integer overflow: -2 + -2147483648 cannot be represented in type 'int'

Fixes: 642/clusterfuzz-testcase-558358808074649

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/matroskaenc: don't write DisplayUnit with value Unknown on WebM files

Value 4 (Unknown) is for the time being part of the Matroska spec but not
supported by WebM

Addresses ticket #6176

avcodec/qdrw: don't overwrite bpp when checking its value

Finishes fixing ticket #6171

aacdec: When ignoring a PCE restore the previous config

This is related to, but doesn't solve ticker 6152.

lavd/opengl_enc: Support BGR48.

avcodec/qdrw: add support for 2bpp and 4bpp packed pallette format

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/qdrw: fix writing past end of row

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/ituh263dec: Fix runtime error: left shift of negative value -22

Fixes: 639/clusterfuzz-testcase-5143866241974272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/gsmdec_template: Fix runtime error: signed integer overflow: -22527 * 99113 cannot be represented in type 'int'

Fixes: 636/clusterfuzz-testcase-6520876646268928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/bmp: Fix runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself

There is code checking height and width later, leaving an invalid value invalid
is thus fine.

Fixes: 635/clusterfuzz-testcase-6225161437052928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/sierravmd: Support for Shivers 2 stereo tracks

Signed-off-by: Nicolas Roy-Renaud <nicolas.roy-renaud.1@ens.etsmtl.ca>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

lavfi/buffersrc: fix directly setting channel layout

When setting the channel layout directly using AVBufferSrcParameters
the channel layout was correctly set however the init function still
expected the old string format to set the number of channels (when it
hadn't already been specified).

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

avformat/hlsenc: fix cid 1401346  Dereferencing pointer error

check if proto is null before av_strcasecmp
CID:  1401346

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>

avcodec/h264_ps: Check delta scale for validity

Fixes: signed integer overflow: 5 + 2147483646 cannot be represented in type 'int'
Fixes: 634/clusterfuzz-testcase-5285420445204480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/simple_idct: Fix runtime error: left shift of negative value -6395

Fixes: 633/clusterfuzz-testcase-4553133554401280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv40: Fix runtime error: left shift of negative value

Fixes: 630/clusterfuzz-testcase-6608718928019456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/qdrw: add support for decoding rgb555

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avformat/mpl2dec: skip BOM when probing

Fixes #5442.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

lavf/mpeg: Initialize a stack variable used by memcmp().

Silence a valgrind warning.

Fixes ticket #6160.

avcodec/dca_xll: Fix runtime error: signed integer overflow: -1073741824 * 32768 cannot be represented in type 'int'

Fixes: 629/clusterfuzz-testcase-6697457381539840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/flacdec: reduce limit for golomb so that the max value does not overflow

Fixes: runtime error: left shift of 32 by 26 places cannot be represented in type 'int'

Fixes: 628/clusterfuzz-testcase-6187747641393152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dca_xll: signed integer overflow: 255251 * 32768 cannot be represented in type 'int'

Fixes: 627/clusterfuzz-testcase-5020897033322496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Factorize CHECK/SUINT code

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

speedhq: fix decoding artifacts

The quantization table is stored in the natural order, but when we
access it, we use an index that's in zigzag order, causing us to read
the wrong value. This causes artifacts, especially in areas with
horizontal or vertical edges. The artifacts look a lot like the
DCT ringing artifacts you'd expect to see from a low-bitrate file,
but when comparing to NewTek's own decoder, it's obvious they're not
supposed to be there.

Fix by simply storing the scaled quantization table in zigzag order.
Performance is unchanged.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fate/source: Check for cases that could use av_clip_uintp2() and av_clip_intp2()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/nvenc: allow forcing keyframes by default

lavf/mov.c: Correct keyframe search in edit list to return the very first keyframe/frame with matching timestamp. Fixes ticket#5904

Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegaudiodec: Eliminate many undefined operations

Fixes: 625/clusterfuzz-testcase-4574924406521856
Fixes: 626/clusterfuzz-testcase-4738718621499392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pictordec: Do not read more than nb_planes

Fixes undefined behavior
Fixes: 622/clusterfuzz-testcase-5745722022428672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/af_atempo: fix drift calculation, ticket #6157

ticket #6157

Reported-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Pavel Koshevoy <pkoshevoy@gmail.com>

avcodec/ituh263dec: Check cbpy in ff_h263_decode_mb()

Fixes: 618/clusterfuzz-testcase-6594990333493248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'

Fixes: 617/clusterfuzz-testcase-6413875723370496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>