~oxide-developers/oxide/+git/ffmpeg:oxide/1.20

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

96b6cab... by Chris Coulson on 2016-12-19

Merge upstream 4c35fe00477f20343294cc5827cc5abab6c005fd in to oxide/1.20

4c35fe0... by Matt Wolenetz <email address hidden> on 2016-12-06

More cherry picks from master into M56

Note, chromium/patches/README needed conflict resolution, since these
cherry-picks to M56 interleaved with some others already picked for M56
in a different order than on master (due to verification delays on
master).

BUG=635422,637428,670190

Details:

avformat/oggparsespeex: Check frames_per_packet and packet_size

The speex specification does not seem to restrict these values, thus
the limits where choosen so as to avoid multiplicative overflow

Fixes undefined behavior
Fixes: 635422.ogg

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e)

BUG=635422
<email address hidden>

Change-Id: I0640a2526d3d51a6eee7292d3ef2f4eaf63aab1d
Reviewed-on: https://chromium-review.googlesource.com/417245
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit abbfa708f6caa31ca561463286893fc0de13596d)

avformat/utils: Check start/end before computing duration in update_stream_timings()

Fixes undefined behavior
Fixes: 637428.ogg

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit 90da187f1d334422477886a19eca3c1da29c59a7)

BUG=637428
<email address hidden>

Change-Id: I5f35696751d8048ccecb98ace8bc0f2579e13afc
Reviewed-on: https://chromium-review.googlesource.com/417225
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit bfbbd7c5a0f595807a74f7649540b7a40e479028)

A couple cherry picks from upstream to fix issue 670190

Cherry-pick #1:
avformat/oggdec: Skip streams in duration correction that did not had their duration set.

Fixes: part of 670190.ogg
Fixes integer overflow

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit ee2a6f5df8c6a151c3e3826872f1b0a07401c62a)

Cherry-pick #2:
avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory()

Fixes: part of 670190.ogg

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit 8258e363851434ad5662c19d036fddb3e3f27683)

BUG=670190
<email address hidden>

Change-Id: Ia3f8e3d8c7f15ea2c7f746649155a0df913f74fd
Reviewed-on: https://chromium-review.googlesource.com/418859
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit f309edd7828e3ea500c2891187d15926690ddd27)

3582a8e... by Matt Wolenetz <email address hidden> on 2016-12-03

Multiple cherry picks from master into M56

Note, chromium/patches/README needed conflict resolution, since the
cherry-picks for 635422, 637428, and 670190 are not yet approved for
merge.

BUG=643950,643951,643952,668346,640912,640889,639961

Details:

lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr

Core of patch is from <email address hidden>

BUG=643950
<email address hidden>

Change-Id: I6eb1ab9c13e92366297e4c41dab98e6300a18a5b
Reviewed-on: https://chromium-review.googlesource.com/416271
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit fd878457cd55690d4a27d74411b68a30c9fb2313)

lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid

Core of patch is from <email address hidden>

BUG=643951
<email address hidden>

Change-Id: Ib4dd9b30c7d882a37bec89ddd56d6691851ec61c
Reviewed-on: https://chromium-review.googlesource.com/417133
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit 9d45f272a682b0ea831c20e36f696e15cc0c55fe)

lavf/mov.c: Avoid heap allocation wraps and OOB in mov_read_{senc,saiz,udta_string}()

Core of patch is from <email address hidden>

BUG=643952
<email address hidden>

Change-Id: Ie464d4d0df044725fcb0a6d2fa49847580de2731
Reviewed-on: https://chromium-review.googlesource.com/417161
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit 8622f9398e7c89a664c4c2ceff9d35b89ff17bb5)

avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c

Fixes: left shift of negative value
Fixes: 668346-media

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c)

BUG=668346
<email address hidden>

Change-Id: Idec4c2ef302d36a3ac230d5cf957685cb0a9f49d
Reviewed-on: https://chromium-review.googlesource.com/417105
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit d537e0c9f5438f2cbe2b9379e208afffc38f2553)

avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()

Fixes undefined behavior
Fixes: 640912-media

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239)

BUG=640912
<email address hidden>
TEST=no ffplay repro of 640912 (with both this and the fix for 668346 applied)

Change-Id: I2489491ab0ba1839083fb9fc3a51555ed0dc3250
Reviewed-on: https://chromium-review.googlesource.com/417286
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit 83b21c04ac5fb6eb8b744c0adb120ecb1f97e1b3)

avcodec/get_bits: Fix get_sbits_long(0)

Fixes undefined behavior
Fixes: 640889-media

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit c72fa432349881d5a445cd110abf698cc94d490d)

BUG=640889
<email address hidden>

Change-Id: I2b58c9a656c0b32467e9f84e0915807b8170d98d
Reviewed-on: https://chromium-review.googlesource.com/417185
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit 85304c9bf34a8029032cfc2e21da2be0c4c4eb80)

avcodec/flacdec: Fix undefined shift in decode_subframe()

Fixes undefined behavior
Fixes: 639961-media

Found-by: Matt Wolenetz <email address hidden>
Signed-off-by: Michael Niedermayer <email address hidden>
(cherry picked from commit 1f5630af51f24d79053b6bef5b8b3ba93d637306)

BUG=639961
<email address hidden>

Change-Id: I2e7f77984c3e436cafbe677ed85582e5af90cbb8
Reviewed-on: https://chromium-review.googlesource.com/417201
Reviewed-by: Dale Curtis <email address hidden>
(cherry picked from commit 26be2ced90769f25f83b9a613fe3b3e47c1ce4c6)

448748e... by Chris Coulson on 2016-12-07

Merge upstream 7e5307d753a5a21f6d02663ccccf2acdf7aeae0e in to oxide/dev/cr2924

7e5307d... by "<email address hidden>" <email address hidden> on 2016-11-28

Consume headers in flac parser.

Fix from Michael Neidermayer. Prevents clusterfuzz test case from
looping forever trying to find the next header.

BUG=665305
Change-Id: If518327c93569c475bdabec154ac5c4499b74acd
Reviewed-on: https://chromium-review.googlesource.com/414310
Reviewed-by: Dale Curtis <email address hidden>

d16162e... by Matt Wolenetz <email address hidden> on 2016-11-23

mov: immediately return from mov_fix_index without old index entries

If there are no index entries, e_old = st->index_entries is only one
byte large, since it was created by av_realloc called with size 0.

Thus accessing e_old[0].timestamp causes a heap buffer overflow.

Reviewed-by: Sasi Inguva <email address hidden>
Signed-off-by: Andreas Cadhalpun <email address hidden>
(cherry picked from commit 9d83b209d8861f1daf55f6719b1e0c226ed7269a)

<email address hidden>
BUG=667063

Change-Id: I1dbc7dae4ea8d4869ecc35a8657b9aade98a5d48
Reviewed-on: https://chromium-review.googlesource.com/413549
Reviewed-by: Dale Curtis <email address hidden>

5ed6e20... by Chris Cunningham <email address hidden> on 2016-11-22

mp3dec: fix msan warning when verifying mpa header

MPEG Audio frame header must be 4 bytes. If we fail to read
4 bytes bail early to avoid Use-of-uninitialized-value msan error.

BUG=666874
TEST=libfuzzer_media_pipeline_integration_fuzzer

Change-Id: I3a3fdeb1dbd8c8b2f1f81d621bbbafab9b77bb34
Reviewed-on: https://chromium-review.googlesource.com/413605
Reviewed-by: Matthew Wolenetz <email address hidden>

141e56c... by Matt Wolenetz <email address hidden> on 2016-11-22

lavc/libopusdec.c Fix ff_vorbis_channel_layouts OOB

Similar to existing lavc/vorbisdec.c code which first checks that
avc->channels is valid for accessing ff_vorbis_channel_layouts, this
change adds protection to libopusdec.c to prevent accessing that
array with a negative index.

<email address hidden>
BUG=666794

Change-Id: Id301bd783cb9b826117d41b20b1b05f28d35827c
Reviewed-on: https://chromium-review.googlesource.com/413334
Reviewed-by: Dale Curtis <email address hidden>

e91355a... by Matt Wolenetz <email address hidden> on 2016-11-21

lavf/utils.c Protect against accessing entries[nb_entries]

In ff_index_search_timestamp(), if b == num_entries,
m == num_entries - 1, and entries[m].flags & AVINDEX_DISCARD_FRAME is
true, then the search for the next non-discarded packet could access
entries[nb_entries], exceeding its bounds. This change adds a protection
against that scenario.

BUG=666770,666769
<email address hidden>

Change-Id: Ib9a84dae74dad1e70a7a0afcf3382fd187152733
Reviewed-on: https://chromium-review.googlesource.com/413306
Reviewed-by: Dale Curtis <email address hidden>

92f86a5... by Matt Wolenetz <email address hidden> on 2016-11-17

Disable deprecation warnings locally within ffmpeg

Upstream changes in the FFmpeg M56 roll included some deprecated usages
of avcodec_encode_{audio,video}2() and AVStream.codec internally in
lavc/utils.c and lavf/utils.c, respectively. This change locally
disables deprecation warnings around those usages to prevent spamming
such warnings when building Chrom*.

BUG=591845
<email address hidden>

Change-Id: I2086156c22114cccffa355d47336aa31fa5bb135
Reviewed-on: https://chromium-review.googlesource.com/412444
Reviewed-by: Dale Curtis <email address hidden>