git.ffmpeg.org Git - ffmpeg.git/log

avcodec/tableprint_vlc: Unbreak hardcoded tables

Forgotten in d8ffec5bf9a2803f55cc0822a97b7815f24bee83.
Fixes issue #21102.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 1d47ae65bf6df91246cbe25c997b25947f7a4d1d)

forgejo: backport CI job names

avformat/img2dec: reject input images too big to fit into a single packet

Not entirely sure if it should instead use some entirely different
approach here, given that images exceeding 2GB don't seem that crazy
to me, but so far processing such images results in a heap overflow,
since the size addition overflows and a much too small packet is
allocated and its size never checked again when writing into it.

Fixes #YWH-PGM40646-32

(cherry picked from commit f6a95c7eb786f895812adaaa08d2fe91c4d4caf8)

avfilter/af_amerge: fix possible crash with custom layouts

The check if a native layout can be created from the sources was incomplete and
casued a crash with custom layouts if the layout contained a native channel
multiple times, as in this example command line:

ffmpeg -lavfi "sine[a0];sine,pan=FL+FL[a1];[a0][a1]amerge[aout]" -map "[aout]" -t 1 -f framecrc -

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit e8b10a9b09fff6fa09178634bededf14a6ea598c)

avfilter/stack_internal: fix checkheaders test

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 1a1377c53decf1264ca255910124caae82fd63a0)

doc/examples/qsv_transcode: EINVAL is more appropriate and ENAVAIL will fail build with visual studio

Signed-off-by: clarkh <hungkuishing@outlook.com>
(cherry picked from commit 6d129d8df5a3d8172a9565709a0b4ad4c86a8b52)

all: apply linter fixes

tools/check_arm_indent: skip empty glob

forgejo: apply needed CI changes for 6.1

forgejo: backport CI to release/6.1

Update for 6.1.4

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avutil/common: cast GET_BYTE/GET_16BIT returned value

In case of GET_BYTE/GET_16BIT return signed value.

(cherry picked from commit 0ae8df5f2ceea82337a2456ef16f930faf160189)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_drawtext: fix call GET_UTF8 with invalid argument

For GET_UTF8(val, GET_BYTE, ERROR), val has type of uint32_t,
GET_BYTE must return an unsigned integer, otherwise signed
extension happened due to val= (GET_BYTE), and GET_UTF8 went to
the error path.

This bug incidentally cancelled the bug where hb_buffer_add_utf8
was being called with incorrect argument, allowing drawtext to
function correctly on x86 and macOS ARM, which defined char as
signed. However, on Linux and Android ARM environments, because
char is unsigned by default, GET_UTF8 now returns the correct
return, which unexpectedly revealed issue #20906.

(cherry picked from commit a5cc0e5c9e752f98e38c2a95a0893faeb1f78fa9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_drawtext: fix incorrect text length

From the doc of HarfBuzz, what hb_buffer_add_utf8 needs is the
number of bytes, not Unicode character:
hb_buffer_add_utf8(buf, text, strlen(text), 0, strlen(text));

Fix issue #20906.

(cherry picked from commit 9bc3c572eaaab559a7258c392528e7a1cad2a9b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/vf_drawtext: Account for bbox text seperator

Fixes: out of array access
no test case

Found-by: Joshua Rogers <joshua@joshua.hu> with ZeroPath
Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad956ff076ea808e5d64c9ac17c1bfc1ba7d0cc0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/utvideodec: Set B for the width= 1 case in restore_median_planar_il()

Fixes: use of uninitialized memory
Fixes: 439878388/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_DEC_fuzzer-5635866203848704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 59db32b433ea9e7766ec7fac994860ed15d7ed7d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/osq: Fix 32bit sample overflow

Fixes: signed integer overflow: 2147483565 + 128 cannot be represented in type 'int'
Fixes: 428055715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6358069900804096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 08816b93760f43433a07e980fa9eeab4135de78c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rtpdec_rfc4175: Only change PayloadContext on success

Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c03e49dd1d8ee2dd21c24002dfac95644c830498)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rtpdec_rfc4175: Check dimensions

Fixes: out of array access
Fixes: zeropath/int_overflow_in_rtpdec_rfc4175

Found-by: Joshua Rogers <joshua@joshua.hu>
Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4e0d5ed48aa9c0e11b9ddeea8c2d14632314089)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rtpdec_rfc4175: Fix memleak of sampling

Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit af3dee313223c722c34e8231cd6859188928a6e3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/http: Fix off by 1 error

Fixes: out of array access
Fixes: zeropath/off-by-one-one-byte

Found-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b518c027a0cb8d89c586fe241cc99b1c20bc0f50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: spelling

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d80f8f36513ebff05c537adbe756e36036f80074)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: use tile dimensions in pxr24 UINT case

update the switch statement for EXR_UINT in pxr24_uncompress to
correctly use the tile width td->xsize instead of using the full window
width s->xdelta. s->delta is larger than td->xsize which lead to two
buffer overflows when interacting with the ptr variable in the same
switch statement.

Fixes: out of bounds read and write
Found-by: veygax's insomnia network (INSOMNIA-1)
Signed-off-by: veygax <veyga@veygax.dev>
(cherry picked from commit 162f75b5e6798b385bb3eadd8280eff52d03cf29)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Simple check for available channels

The existing is_luma check is fragile as depending on the order
of channels it can be set or reset

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e8cf0377fee75de9ad2cc87385ab3e8f2c87143)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/sctp: Check size in sctp_write()

Fixes: out of array access
No testcase

Found-by: Joshua Rogers <joshua@joshua.hu> with ZeroPath
Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b98cea4bff2cbbb251b621a2b6c3ab76f814efa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rtmpproto: consider command line argument lengths

Fixes: out of array access
Fixes: zeropath/rtmp-2025-10

Found-by: Joshua Rogers <joshua@joshua.hu>
Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 83e0298de217a7108ee703806d6380e554007972)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rtmpproto_ Check tcurl and flashver length

Fixes: out of array accesses

Reviewed-by: Joshua Rogers <joshua@joshua.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a64e037429f20873ec48f6c82aa145ab448e1399)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/g723_1enc: Make min_err 64bit

This is intending to fix the case described in https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/thread/AAZ7GJPPUJI5SCVTDGJ6QL7UUEP56WOM/
Where FCBParam optim is used uninitialized

a min_err of 1<<30, allows the struct to be never initilialized as all
err (which is int32_t) can be larger than min_err. By increasing min_err
above the int32_t range this is no longer possible

Untested, as i do not have the testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>i
(cherry picked from commit 909af3a571da830cc70a34f0c3946379bd12dfbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vlc: Clear val8/16 in vlc_multi_gen() by av_mallocz()

Fixes: use of uninitialized memory
Fixes: 427814450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_DEC_fuzzer-646512196065689
Fixes: 445961558/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_DEC_fuzzer-5515158672965632

the multi vlc code will otherwise return uninitialized data. Now one can argue that this data should
not be used, but on errors this data can remain ...

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d8ffec5bf9a2803f55cc0822a97b7815f24bee83)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/rtpenc_h264_hevc: Check space for nal_length_size in ff_rtp_send_h264_hevc()

Fixes: memcpy with negative size
Fixes: momo_trip-poc/input

Reported-by: Momoko Shiraishi <shiraishi@os.is.s.u-tokyo.ac.jp>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d03483bd265b68db00c9b90f6f48dcf61c5c300d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

swscale/output: Fix integer overflow in yuv2ya16_X_c_template()

Found-by: colod colod <colodcolod7@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c6b7f9483a38657c9be824572b4c0c45d4d9fef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Check that DWA has 3 channels

The implementation hardcodes access to 3 channels, so we need to check that
Fixes: out of array access
Fixes: BIGSLEEP-445394503-crash.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7896cc67c13037abba8941e39a74c56d26b775a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: check ac_size

Fixes: out of array read
Fixes: dwa_uncompress.py.crash.exr

The code will read from the ac data even if ac_size is 0, thus that case
is not implemented and we ask for a sample and error out cleanly

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e078826da6f2a1dffa25162121b43b272f5e5fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Round dc_w/h up

Without rounding them up there are too few dc coeffs for the blocks.
We do not know if this way of handling odd dimensions is correct, as we have
no such DWA sample.
thus we ask the user for a sample if she encounters such a file

Fixes: out of array access
Fixes: BIGSLEEP-445392027-crash.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c911e0001115bbda904ad103b12c27b9a3c0c265)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mjpegdec: Explain buf_size/width/height check

Suggested-by: Ramiro
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61b6877637041a1f817ad9811c839b0feae2b8af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/avidec: Fix integer overflow iff ULONG_MAX < INT64_MAX

Affects many FATE-tests, see
https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu

Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 7a089ed8e049e3bfcb22de1250b86f2106060857)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fftools/ffmpeg_mux_init: Fix double-free on error

MATCH_PER_STREAM_OPT iterates over all options of a given
OptionDef and tests whether they apply to the current stream;
if so, they are set to ost->apad, otherwise, the code errors
out. If no error happens, ost->apad is av_strdup'ed in order
to take ownership of this pointer.

But this means that setting it originally was premature,
as it leads to double-frees when an error happens lateron.
This can simply be reproduced with
ffmpeg -filter_complex anullsrc -apad bar -apad:n baz -f null -
This is a regression since 83ace80bfd80fcdba2c65fa1d554923ea931d5bd.

Fix this by using a temporary variable instead of directly
setting ost->apad. Also only strdup the string if it actually
is != NULL.

Reviewed-by: Marth64 <marth64@proxyid.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/aviobuf: Keep checksum_ptr consistent in avio_seek()

Otherwise it might be > buf_ptr in which case ffio_get_checksum()
could segfault (s->buf_ptr - s->checksum_ptr would be negative
which would be converted to something very big when converted
to unsigned for the update_checksum callback).

Fixes ticket #11233.

Reported-by: Du4t
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 987c955cd7e972d9940284fa6ae7187ac858ebb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/librsvgdec: fix compilation with librsvg 2.50.3

This fixes compilation with librsvg 2.50.3: error: viewport undeclared

This was a regression since commit
86ed68420d3b60439d0b7767c53d0fdc1deb7277.

Fixes #10722.

Reviewed-by: Leo Izen <leo.izen@gmail.com>
(cherry picked from commit 9ee7796c540ce9cec3fdff0dd246de842228707b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

aacenc_tns: clamp filter direction energy measurement

The issue is that:

float en[2];
...
tns->n_filt[w] = is8 ? 1 : order != TNS_MAX_ORDER ? 2 : 3;
for (g = 0; g < tns->n_filt[w]; g++) {
tns->direction[w][g] = slant != 2 ? slant : en[g] < en[!g];

When using the AAC Main profile, n_filt = 3, and slant is by
default 2 (normal long frames), g can go above 1.

en is the evolution of energy in the frequency domain for every
band at the given window. E.g. whether the energy is concentrated
at the top of each band, or the bottom.

For 2-pole filters, its straightforward.
For 3-pole filters, we need more than 2 measurements.

This commit properly implements support for 3-pole filters, by measuring
the band energy across three areas.

Do note that even xHE-AAC caps n_filt to 2, and only AAC Main allows
n_filt == 3.

Fixes https://trac.ffmpeg.org/ticket/11418

(cherry picked from commit ed09aa28ae3b4509f00a24a9ebdeb084ee00736a)
(cherry picked from commit f98f142da571653436596ccad2d09c7e39bfd4fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dxv: Check coded_height, to avoid invalid av_clip()

Fixes: assertion failure
Fixes: 438961582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_DEC_fuzzer-5850827739955200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cdee519d40e61bd65ba5b3fbec00acd50a08d0d9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/aac/aacdec: dont allow ff_aac_output_configure() allocating a new frame if it has no frame

Fixes: null pointer dereference
Fixes: crash_test.mp4

Found-by: Intel PSIRT
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fcf180d9ea27b7dc29658c9dc3488ae6fac3ebd9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/lrcdec: Fix fate-sub-lrc-ms-remux on x86-32

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0243cf89b137b093b02a5c61a76e28cec1d69ae9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/sanm: Check w,h,left,top

The setup code fow w,h,left,top is complex, the code using it also falls in
at least 2 different classes, one using left/top the other not.

To ensure no out of array access happens we add this clear check.

Fixes: out of array access
Fixes: 439261995/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5383455572819968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 134fbfd1dcb59441e38d870ddd231772f4e8e127)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/utvideodec: Clear plane_start array

in pack mode the array is passed into decode_plane() without being initialized or used

Fixes: use of uninitialized memory
Fixes: 438780119/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_DEC_fuzzer-5464037027807232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2a22972db3b390d82dedbdbb5f44cc09a43912b5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fftools/ffmpeg_mux_init: Use 64bit for score computation in map_auto_video()

Fixes: signed integer overflow: 10 * 1952737655 cannot be represented in type 'int'
Fixes: PoC_avi_demux

Found-by: 2ourc3 (Salim LARGO)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cdbb5f1b93352f9e7eceb1562ad283a78b546091)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

lavc/aarch64: Fix addp overflow in ff_pred16x16_plane_neon_10

The mismatch between neon and C functions can be reproduced
using the following bitstream and command line on aarch64 devices.

wget https://streams.videolan.org/ffmpeg/incoming/replay_intra_pred_16x16.h264
./ffmpeg -cpuflags 0 -threads 1 -i replay_intra_pred_16x16.h264 -f framemd5 -y md5_ref
./ffmpeg -threads 1 -i replay_intra_pred_16x16.h264 -f framemd5 -y md5_neon

Signed-off-by: Bin Peng <pengbin@visionular.com>
(cherry picked from commit 3115c0c0e6c27c689a02a7267dcf8e61fa2ac425)

avcodec/x86/pngdsp: add missing emms at the end of add_png_paeth_prediction

Fixes unpredictable behavior with floats.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 57a29f2e7dd2374a1df27316c6cf7c0225e86758)

Changelog: remove stray branch name

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Changelog:update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavfilter/dnn/dnn_backend_tf: Remove redundant av_freep() to avoid double free

Remove redundant av_freep() to avoid double free since task will be freed in dnn_free_model_tf() after the success of ff_queue_push_back().

Fixes: af052f9066 ("lavfi/dnn: fix mem leak in TF backend error handle")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
(cherry picked from commit b8d5f65b9e89d893f27cf00799dbc15fc0ca2f8e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dxv: Check that we initialize op_data

Fixes: 431665305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_DEC_fuzzer-5339599339847680
Fixes: use of uninitialized memory

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6a8c41dcacbba011e553fbf35518577321d1aadb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Check for pixel type consistency in DWA

Fixes: out of array access
Fixes: BIGSLEEP-436511754/testcase.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0469d68acb52081ca8385b844b9650398242be0f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/libvorbisdec: avoid overflow when assinging sample rate from long to int

Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_DEC_fuzzer-6096101407260672
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 2287a19abbd80d25b411a3028969c55c4b0b8c88)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/g726: init missing sample rate

Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_G726_DEC_fuzzer-5695764455292928
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit c2f7dae70d27a8f5ca1e3fa43d96ff5c8bf032fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/lrcdec: limit input timestamp range to avoid overflows

Fixes: clusterfuzz-testcase-ffmpeg_dem_LRC_fuzzer-5226140131459072
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit c74bc74398e7a1e235fdf51d0dd2dfb942626c82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/scpr3: Clear clr

clr is passing into decode_run_p() its not used when not set
but this possibly triggers msan (it doesnt locally)

Fixes?: use of uninintialized memory
Fixes?: 436997807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-6253316466606080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 354226037646d44701f0f2a84749fb2ea303f043)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ilbcdec: Clear cbvec when used with create_augmented_vector()

Fixes: use of uninitialized memory
Fixes: 42538134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-6322020827070464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9686fdd729a9caeeac0dc84dca2a65e4c9e5460b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpeg2000dec: Make sure the 4 extra bytes allocated are initialized

Fixes: use of uninitialized memory
Fixes: 429130590/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-5736930522497024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6fe3786cd8c06437756d407f727ff01cf1774ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/avf_showcqt: fix unbounded index when copying to fft_data

When timeclamp and/or fps are low, j can be negative.

Fix Ticket11640

(cherry picked from commit 35ea45835484b90490e7d1704ef99ccb7b775578)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/aacsbr_template: Check ilb

Fixes: index 50 out of bounds for type 'INTFLOAT [40][2]'
Fixes: 401661737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4866055713652736

Someone knowing AAC well should review this, there is likely a nicer fix

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01a1b99fc2ccdf713abfa5203e36fbf5816e1b5f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/utvideodec: Set B for the width= 1 case

Fixes: use of uninitialized meory
Fixes: 428034093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_DEC_fuzzer-6195630160805888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 032dfe8584c4675f3253ebb5e333e834f55f7562)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ffv1: Clear state on alloc

Fixes: use of uninitialized memory
Fixes: 428969823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_DEC_fuzzer-5909681623334912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70fc46d185663dbea0995bf868d66b58b388119e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpeg2000dec: implement cdef remapping during pixel format matching

Fixes: out of array access
Fixes: poc.jp2

Found-by: Andy Nguyen <theflow@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01a292c7e36545ddeb3c7f79cd02e2611cd37d73)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpeg2000dec: move cdef default check into get_siz()

This way cdef is at its final value earlier

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 104d6846c1be0cb757dc95d5801a416f4d7c687d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Check rle_raw_data and surroundings

Fixes: out of array read

Fixes: BIGSLEEP-436510153/dwa_uncompress_read.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d9c003d76383e82b57b6d5aa33776709d0cda2c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/exr: Dont access outside xsize/ysize

Fixes: out of array access
Fixes: BIGSLEEP-436510316/dwa_uncompress_write.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f45da79b2c336c5f8f3e563d72b8a22fecdcde0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

examples: Add check and replace av_free() to avoid potential memory errors

Add check for the return value of av_packet_alloc() to avoid potential NULL pointer dereference.
Moreover, replace redundant av_free() with fprintf().

Fixes: 9a38184a14 ("examples/decode_audio: allocate the packet dynamically")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c64cff64a22a59c0c02281ee9fd9d89963d14d16)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavcodec/tests/snowenc: Add av_free() to avoid memory leak

Add av_free() to free s.temp_dwt_buffer and s.temp_idwt_buffer at the end of the function to avoid memory leak.

Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 446cfbfb7446208bd1592bbc0ac18ac744543563)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavfilter/af_firequalizer: Add check for av_malloc_array()

Add check for the return value of av_malloc_array() to avoid potential NULL pointer dereference.

Fixes: d3be186ed1 ("avfilter/firequalizer: add dumpfile and dumpscale option")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a25462482c02c004d685a8fcf2fa63955aaa0931)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavcodec/videotoolbox_vp9: Move av_malloc() to avoid memory leak

Move av_malloc() after the check for subsampling to avoid memory leak if subsampling < 0 and av_malloc() succeeds.

Fixes: a41a2efc85 ("lavc/videotoolbox: add VP9 hardware acceleration")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b4e6ccb13f10752bc5c2a963478c7f3764a0cfe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpc8: init avctx->sample_rate

Fixes frame validation.

Fixes: 416134551/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5765557242888192
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 09cb2d41d1862c2f9b3b66311ede28527d703700)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cbs_h266_syntax_template: fix out of bounds access

current->num_tile_columns is not updated in the loop, so the existing
check was not working. Check current index instead and break. This also
simplifies duplicated log.

Fixes: 435225531/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-6639684232216576
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit fb862976df08b3b132491abca9956f2fe9f96bc1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/libopenmpt: fix seeking weirdness

- proper pts for packets. leaving it blank leaves it up for guessing,
  but the guess doesn't take seeking into account, causing weirdness.

- clamp to 0 when seeking to negative ts. libopenmpt docs are unclear on
  this but not doing this causes an immediate EOF when seeking backwards
  to the beginning in mpv.

- only set song duration and packet pts when they are non-negative and
  in int64 range. NaNs count as out of range. this isn't a fix for any
  specific issue but might be helpful still, and shouldn't break
  anything.

(cherry picked from commit ecef5f9e1fb70b38f3e325c8e613349344c97de4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/hls: add cmfv/cmfa exceptions

Fixes: Ticket11526

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3c3a6ecfb230c56a8ff9d219d79d5981b2aa4f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/lrcdec: support arbitrary precision timestamp

Apparently files with milliseconds exist in the wild. And since it cost
nothing to support arbitrary number of digits, extend format to support
that.

Depending on number of digits, the time base of fractional part is
changing. Most LRCs use 2 digits and centiseconds base, but subs with 3
digits and miliseconds exist too.

Set internal time base to AV_TIME_BASE, which in parcitice allows to
hold microseconds with 6 digits. Totally artificial, but who knows maybe
someone wants that.

Fixes: #11677

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit bc3cc0a6af44adc63caf4e5097fcfebd7a7475b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ffv1dec: Disable frame threading due to race condition

Slice threading remains available!

The race condition fix is in 8d5efc218245c3f0559f48837b3e63e2932525e0
and bcf08c11710cab5db8eb3d0774e1a93e322fb821
Backport of these is welcome

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

swscale/swscale_unscaled: use 8 line alignment for planarCopyWrapper with dithering

Dithering relies on a 8 line dithering table and the code always uses it from
the beginning. So in order to make dithering independent from height of the
slices used we must enforce a 8 line alignment.

Fixes issue #20071.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit b61e510e7500c27c7dee2b9c8cfa77689195f2a0)

Update for 6.1.3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavcodec/tests/motion: Add check for avcodec_alloc_context3()

Add check for the return value of avcodec_alloc_context3() to avoid potential NULL pointer dereference.

Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d234b4330d1588eb127cf2283a442ee341f2c2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tests/avpacket: Add av_free() to avoid memory leak

Add av_free() to free extra_data if av_packet_add_side_data() fails.

Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 008679ec162d1769afd706af5b1ce7a593f13f2b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

examples: Add av_freep to avoid potential memory leak

Add av_freep() to free avio_ctx_buffer if avio_alloc_context fails
to avoid potential memory leak.

Fixes: 5fc4dea39c ("examples: add avio_reading.c example")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ca58424ded24e931fed329174c28244b67d5670)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tests/avpacket: Add av_packet_free() to avoid memory leak

Add av_packet_free() to free avpkt_clone and avpkt in the error paths to avoid potential memory leak.

Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab040e25657436e88a62624b3751a583dfe4e123)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/fits: Clear naxis

Fixes: Use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_DEC_fuzzer-5602250833854464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1687daa93c131f929495c7ab0509d2e5c98b40f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/vqavideo; Check bytestream2_get_buffer() reading next_codebook_buffer

Fixes: use of uninintilaized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6235973619351552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44864dbbb9b87d13d8f4ec92fb8536be0f9dbbc4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/lzf: Check for input space

Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5597015691296768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 610d368d9bc3f1b7073a0b33e352f8bd7db24c7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/imc: Clear padding of buf16

Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IAC_fuzzer-6685890556788736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 715df4b1ff398758ca1b8a82c3d16940bc63fc56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/iff: Clear ham_buf

Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6651797156724736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e9e7cb3b65167f37dcbfcf6a2ee308548af4e73)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cri: Check bytestream2_get_buffer() for end

Fixes: use of uninintialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5910856640823296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea3851bebf91a96b11d16be2b36bf88111e30e36)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cri: Factor read_len out

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9bf3c141bb96dd285477278400b8349e9f964b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/dashdec: Allocate space for appended "/"

Fixes: writing 1 byte over the end of the array
Fixes: BIGSLEEP-433502298/test.xml

Found-by: Google Big Sleep
A prettier solution is welcome!
A testcase exists only for the baseurl case

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce0a655f85c1144d19a4acad59afbb92e4997e30)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegvideo_dec: Fix lowres=3 field select interlaced mpeg4 frame

Fixes: out of array read in the chroma plane
Fixes: 428034092/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_DEC_fuzzer-5582608941776896.test

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b849ac006b667dbd494a28de2f8b059fec308ac2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mxg: clear AV_INPUT_BUFFER_PADDING_SIZE

Fixes: use of uninitialized memory
Fixes: 427532813/clusterfuzz-testcase-minimized-ffmpeg_dem_MXG_fuzzer-5661938917113856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b12e919cfe3bf69038225794330d14575fb78d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/vqf: Ensure that comm_chunk is fully read

Fixes: use of uninitialized memory
Fixes: 412125811/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-6253774274887680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b7a327b3a43df6ab82885cea5ae02bf9dd899a9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/mov: make sure file_checksum is fully initialized

Fixes: use of uninitialized memory
Fixes: 394990189/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6431722199908352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b16e1ddd9c0bc4ca90447d481186216cfdce0fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/asfdec_f: Check amount of value read

Fixes: use of uninitialized memory
Fixes: 403675492/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-4754281823797248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fa197924a66d83106c5d4dadb8610a1c526afd67)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpegxl_parser: add sanity check for frame size

If a frame size is absolutely massive, this can spin the parser as it
attempts to decode a permuted TOC. We add a sanity check here for eight
times the size of the image for an internal frame to prevent malicious
bitstreams from slowing the parser down to a crawl.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 829680f96a7a7ff02d1543895ec0fb713309d5c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/concatdec: Clip duration in one more case in get_best_effort_duration()

Fixes: signed integer overflow: 40000 - -9223372036854770000 cannot be represented in type 'long'
Fixes: 427262541/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4831506940100608

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8cdb47e47a7a53a3c635a71bf712d79119eb86b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ffv1dec: Check k in get_vlc_symbol()

The true problem happens in several previous get_vlc_symbol()
but checking that is more expensive (involving FFABS())
here its just a simple check between 2 variables we have.

Fixes: Assertion log >= k failed at libavcodec/golomb.h:406
Fixes: 429296194/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_DEC_fuzzer-4691594622337024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 051e0d7744dbb45f680bbfa72bfead947b11ef2f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cfhd: Check idwt_buf size before allocation

Fixes: OOM
Fixes: 428760799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_DEC_fuzzer-5685176435015680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d72bf6fe0793c3f069ba181a0e733dcc9f28180)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>