avcodec/mlpdec: Fix: runtime error: left shift of negative value -8

Fixes: 1658/clusterfuzz-testcase-minimized-4889937130291200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dfa: Fix: runtime error: signed integer overflow: -14202 * 196877 cannot be represented in type 'int'

Fixes: 1657/clusterfuzz-testcase-minimized-4710000079405056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

build: remove --enable-raise-major configure option

It's not used by anything, has dubious usefulness, the reasons for which
it was introduced are no longer valid, and only serves to add complexity
to the build system.

Signed-off-by: James Almer <jamrial@gmail.com>

avformat/movenc: remove experimental check for VP9 streams

The muxer has been updated and is now complaint with the v1.0 of the spec.

avfilter/af_afade: fix fading very long durations

Signed-off-by: Paul B Mahol <onemda@gmail.com>

Merge commit 'f8f7ad758d0e1f36915467567f4d75541d98c12f'

* commit 'f8f7ad758d0e1f36915467567f4d75541d98c12f':
  qsv: Set the correct range for la_depth

This commit is a noop.  There is a separate parameter to enable
lookahead, so overloading the depth is unnecessary.

Merged-by: Mark Thompson <sw@jkqxz.net>

avfilter: add audio crossfeed filter

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/aacdec: Fix runtime error: signed integer overflow: 2147483520 + 255 cannot be represented in type 'int'

Fixes: 1656/clusterfuzz-testcase-minimized-5900404925661184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv34: Fix runtime error: signed integer overflow: 768 * 4126720 cannot be represented in type 'int'

Fixes: 1655/clusterfuzz-testcase-minimized-5587079276789760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/aacdec_template: Fix fixed point scale in decode_cce()

Fixes: runtime error: shift exponent 1073741824 is too large for 32-bit type 'int'
Fixes: 1654/clusterfuzz-testcase-minimized-5151903795118080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

MAINTAINERS: Remove Tomas Härdin from mxfdec.c

See https://ffmpeg.org/pipermail/ffmpeg-devel/2017-May/211404.html

Signed-off-by: James Almer <jamrial@gmail.com>

avcodec/fmvc: Fix off by 1 error

Fixes: out of array access
Fixes: 1643/clusterfuzz-testcase-minimized-6117573403869184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h264_cavlc: Fix runtime error: index -1 out of bounds for type 'VLC [6]'

Fixes: 1639/clusterfuzz-testcase-minimized-5693801463021568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/flicvideo: Check frame_size before decrementing

Fixes: runtime error: signed integer overflow: -2147483627 - 22 cannot be represented in type 'int'
Fixes: 1637/clusterfuzz-testcase-minimized-5376582493405184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mlpdec: Fix runtime error: left shift of negative value -1

Fixes: 1636/clusterfuzz-testcase-minimized-5310494757879808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/takdec: Fix  runtime error: left shift of negative value -42

Fixes: 1635/clusterfuzz-testcase-minimized-4992749856096256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/hq_hqa: Fix: runtime error: signed integer overflow: -255 * 10180917 cannot be represented in type 'int'

Fixes: 1626/clusterfuzz-testcase-minimized-6416580571299840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/scpr: mask bits to prevent out of array read

Fixes: 1615/clusterfuzz-testcase-minimized-6625214647500800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

doc/filters: Added line to the af_bs2b filter docs mentioning --enable-libbs2b

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/truemotion1: Fix multiple runtime error: signed integer overflow: 1246906962 * 2 cannot be represented in type 'int'

Fixes: 1616/clusterfuzz-testcase-minimized-5119196578971648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avutil/hwcontext_dxva2: Don't improperly free IDirect3DSurface9 objects

Add dxva2_pool_release_dummy() and use it in call to
av_buffer_create() in dxva2_pool_alloc().

Prior to this change, av_buffer_create() was called with NULL for the
third argument, which indicates that av_buffer_default_free() should
be used to free the buffer's data.  Eventually, it gets to
buffer_pool_free() and calls buf->free() on a surface object (which is
av_buffer_default_free()).

This can result in a crash when the debug version of the C-runtime is
used on Windows.  While it doesn't appear to result in a crash when
the release version of the C-runtime is used on Windows, it likely
results in memory corruption, since av_free() is being called on
memory that was allocated using
IDirectXVideoAccelerationService::CreateSurface().

Signed-off-by: Aaron Levinson <alevinsn@aracnet.com>
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Reviewed-by: Mark Thompson <sw@jkqxz.net>

avcodec/allcodecs: move librsvg_decoder to the external library section

avfilter/af_bs2b: add missing flag for options

Signed-off-by: Paul B Mahol <onemda@gmail.com>

img2dec: use standard way to probe for svg/svgz files

librsvgdec: Fix pix_fmt on big-endian hardware.

lavc: add a librsvg rasterization library wrapper

Enables rendering of SVG images. This is possible since SVG images
still contain and specify the dimensions in pixels to which they've
been drawn to and thus enable browsers to display them without any
external data. Users can still override and generate images with
arbitrary resolutions.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

img2dec: add support for piped SVG demuxing

Only checks the extension and MIME type, since determining whether
a file is SVG is difficult since they're just XML files.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

lavc: add codec ID and description for SVG

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

avcodec/dcaenc: Do not abort process in case of bitrate deficit

Old behaviour - abort if at least one subband has 1bit quantizer
and consumed_bits still greater than frame_bits size. It was
a bit strange - we still could reduce bits consumption by reducing
SNR for other subbands. Same strange logic with upper threshold -
stop bits allocation if at least one subband reach 26bits.

New behaviour - if consumed_bits greater than frame_bits and all
subbands has 1 bit quantizer we restart bits allocation and allow
zero subbands.

opus_pvq: port to allow for SIMD functions

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

opusenc: initialize PVQ prng seed

Fixes valgrind warnings, didn't affect anything since it was only used
for resynthesis.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

configure: jni no longer requires -ldl

This dependency was removed in 33d69a90085d30af8a292d9364b835a26565d6b9.

avcodec/svq3: Fix runtime error: left shift of negative value -6

Fixes: 1604/clusterfuzz-testcase-minimized-5312060206350336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/tiff: reset sampling[] if its invalid

Fixes divission by 0
Fixes: clusterfuzz-testcase-minimized-5592896440893440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

movenc/isom: update vpcC box to version 1.0 of the specification

This brings our generation of the vpcC box up to date to version 1.0
of the VP Codec ISO Media File Format Binding.

Specifically, color/transfer properties are now written with values
based on ISO/IEC 23001-8, which is the same reference specification the
AVColor* enumerations are based on.

avfilter/vf_deflicker: add bypass option

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avfilter/af_stereotools: introduce different balance modes

Signed-off-by: Paul B Mahol <onemda@gmail.com>

compat/cuda/ptx2c: remove bashism and harden against arbitrary input

hwcontext_videotoolbox: fix fate-source

Thanks to James Darnley for figuring out what the hell it wanted.

avcodec/Makefile: fix dnxhd parser dependencies

Fixes ticket #6391

avcodec/h264: add sse2 versions of previous idct functions

Kaby Lake Pentium:
 - ff_h264_idct_add_8_sse2:    ~1.18x faster than mmxext
 - ff_h264_idct_dc_add_8_sse2: ~1.07x faster than mmxext

avcodec/h264: add avx 8-bit h264_idct_dc_add

Haswell:
 - 1.02x faster (405±0.7 vs. 397±0.8 decicycles) compared with mmxext

Skylake-U:
 - 1.06x faster (498±1.8 vs. 470±1.3 decicycles) compared with mmxext

avcodec/h264: add avx 8-bit h264_idct_add

Haswell:
 - 1.11x faster (522±0.4 vs. 469±1.8 decicycles) compared with mmxext

Skylake-U:
 - 1.21x faster (671±5.5 vs. 555±1.4 decicycles) compared with mmxext

avcodec/h264: use some 3 operand forms

avcodec/h264: change RETs into REP_RETs where appropriate

avfilter/af_compand: change default attack to 0

Fixes many distortions.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avfilter/af_silenceremove: set output timestamps

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avfilter/scale_cuda: add CUDA scale filter

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>

build: add support for building .cu files via nvcc

Original work by Yogender Gupta <ygupta@nvidia.com>

configure: add cuda-sdk for things requiring full CUDA sdk

videotoolbox: add hwcontext support

This adds tons of code for no other benefit than making VideoToolbox
support conform with the new hwaccel API (using hw_device_ctx and
hw_frames_ctx).

Since VideoToolbox decoding does not actually require the user to
allocate frames, the new code does mostly nothing.

One benefit is that ffmpeg_videotoolbox.c can be dropped once generic
hwaccel support for ffmpeg.c is merged from Libav.

Does not consider VDA or VideoToolbox encoding.

Fun fact: the frame transfer functions are copied from vaapi, as the
mapping makes copying generic boilerplate. Mapping itself is not
exported by the VT code, because I don't know how to test.

libavcodec/exr : simplify reorder_pixels

reorder_pixels is call by rle_uncompress and zip_uncompress
with size == uncompress_size

uncompress_size is a multiple of 2 (because exr store data
in half, float, or uint32)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pixlet: Fixes: runtime error: signed integer overflow: 9203954323419769657 + 29897660706736950 cannot be represented in type 'long'

Fixes: 1569/clusterfuzz-testcase-minimized-6328690508038144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4videodec: Clear sprite wraping on unsupported cases in VOP decode

Fixes: Integer overflow
Fixes: 1572/clusterfuzz-testcase-minimized-4578773729017856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ac3dec: Fix: runtime error: index -1 out of bounds for type 'INTFLOAT [2]'

It seems dual mono with a LFE channel is not forbidden

Fixes: 1570/clusterfuzz-testcase-minimized-6455337349545984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/hqxdsp: Fix runtime error: signed integer overflow: -196264 * 11585 cannot be represented in type 'int'

Fixes: 1568/clusterfuzz-testcase-minimized-5944868608147456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/g723_1dec: Fix LCG type

Fixes: 1567/clusterfuzz-testcase-minimized-5693653555085312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/af_compand: fix default companding to avoid clipping

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/ffv1dec: Fix runtime error: signed integer overflow: 1550964438 + 1550964438 cannot be represented in type 'int'

Fixes: 1559/clusterfuzz-testcase-minimized-5048096079740928
Fixes: 1560/clusterfuzz-testcase-minimized-6011037813833728
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/webp: Fix signedness in prefix_code check

Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/svq3: Fix runtime error: signed integer overflow: 169 * 12717677 cannot be represented in type 'int'

Fixes: 1556/clusterfuzz-testcase-minimized-5027865978470400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mlpdec: Check that there is enough data for headers

Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ac3dec: Keep track of band structure

It is needed in some corner cases that seem not to be forbidden
Fixes: out of array index
Fixes: 1538/clusterfuzz-testcase-minimized-4696904925446144
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/webp: Add missing input padding

Fixes: 1536/clusterfuzz-testcase-minimized-5973925404082176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/aacdec_fixed: Fix runtime error: left shift of negative value -1

Fixes: 1535/clusterfuzz-testcase-minimized-5826695535788032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/aacsbr_template: Do not change bs_num_env before its checked

Fixes: 1489/clusterfuzz-testcase-minimized-5075102901207040
Fixes: out of array access
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/wavpack: Fix runtime error: signed integer overflow: 2147483642 + 512 cannot be represented in type 'int'

Fixed: 1453/clusterfuzz-testcase-minimized-5024976874766336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/scpr: Fix multiple runtime error: index 256 out of bounds for type 'unsigned int [256]'

Fixes: 1519/clusterfuzz-testcase-minimized-5286680976162816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h264_cavlc: Fix runtime error: index -1 out of bounds for type 'VLC [15]

Fixes: 1513/clusterfuzz-testcase-minimized-6246484833992704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mlp: Fix multiple runtime error: left shift of negative value -1

Fixes: 1512/clusterfuzz-testcase-minimized-4713846423945216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter: don't anonymously typedef structs

Signed-off-by: Paul B Mahol <onemda@gmail.com>

x86/float_dsp: remove usage of integer instructions

avcodec/rangecoder: Fix range coder corner case handling

Fixes: 1511/clusterfuzz-testcase-minimized-5906663800307712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dds: Fix runtime error: left shift of 210 by 24 places cannot be represented in type 'int'

Fixes: 1510/clusterfuzz-testcase-minimized-5826231746428928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rscc: Check pixel_size for overflow

Fixes: 1509/clusterfuzz-testcase-minimized-5129419876204544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/fmvc: Check nb_blocks

Fixes: out of array read
Fixes: 1508/clusterfuzz-testcase-minimized-5011336327069696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/hq_hqadsp: Fix runtime error: signed integer overflow: 80359 * 30274 cannot be represented in type 'int'

Fixes: 1507/clusterfuzz-testcase-minimized-4955228300378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cavsdec: Fix runtime error: signed integer overflow: 31 + 2147483640 cannot be represented in type 'int'

Fixes: 1506/clusterfuzz-testcase-minimized-5401272918212608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/xpmdec: Fix multiple pointer/memory issues

Most of these were found through code review in response to
fixing 1466/clusterfuzz-testcase-minimized-5961584419536896
There is thus no testcase for most of this.
The initial issue was Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavcodec/exr : cosmetics variable name

rename tile variable to better follow ffmpeg coding style

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/avpacket: allow only one element per type in packet side data

It was never meant to do otherwise, as av_packet_get_side_data() returns the first
entry it finds of a given type.

Based on code from libavformat's av_stream_add_side_data().

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>

avfilter/aeval: remove comment that was left from some other file

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avfilter/aeval: free input frame on error

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avfilter/af_astats: add RMS difference too

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avfilter/vf_pad: revert part of 57c3670896c69714ca

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/vp8dsp: vp7_luma_dc_wht_c: Fix multiple runtime error: signed integer overflow: -1366381240 + -1262413604 cannot be represented in type 'int'

Fixes: 1440/clusterfuzz-testcase-minimized-5785716111966208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/avcodec: Limit the number of side data elements per packet

Fixes: 1293/clusterfuzz-testcase-minimized-6054752074858496
See: [FFmpeg-devel] [PATCH] avcodec/avcodec: Limit the number of side data elements per packet

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/texturedsp: Fix runtime error: left shift of 255 by 24 places cannot be represented in type 'int'

Fixes: 1505/clusterfuzz-testcase-minimized-4561688818876416
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/g723_1dec: Fix runtime error: left shift of negative value -1

Fixes: 1504/clusterfuzz-testcase-minimized-6249212138225664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/wmv2dsp: Fix runtime error: signed integer overflow: 181 * -17047030 cannot be represented in type 'int'

Fixes: 1503/clusterfuzz-testcase-minimized-5369271855087616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter: add acopy filter

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/diracdec: Fix Assertion frame->buf[0] failed at libavcodec/decode.c:610

Fixes: 1487/clusterfuzz-testcase-minimized-6288036495097856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mss3: Fix runtime error: signed integer overflow: -2146318336 - 2139696256 cannot be represented in type 'int'

Fix is similar to rac_get_model_sym()
Fixes: 1483/clusterfuzz-testcase-minimized-6386507814273024
Fixes: 1485/clusterfuzz-testcase-minimized-6639880215986176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/golomb: Fix runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

Fixes: 1481/clusterfuzz-testcase-minimized-5264379509473280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/msmpeg4dec: Check for cbpy VLC errors

Fixes: runtime error: left shift of negative value -1
Fixes: 1480/clusterfuzz-testcase-minimized-5188321007370240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cllc: Check num_bits

Fixes: runtime error: shift exponent -2 is negative
Fixes: 1479/clusterfuzz-testcase-minimized-6638493360979968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cllc: Factor VLC_BITS/DEPTH out, do not use repeated literal numbers

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

doc/libav-merge: mention the skipped AVFrame crop fields usage commits

Merge commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a'

* commit '1202b712690c14f0efb06e4ad8b06c5b3df6822a':
  theora: export cropping information instead of handling it internally
  h264dec: export cropping information instead of handling it internally
  h264dec: be more explicit in handling container cropping
  hevcdec: export cropping information instead of handling it internally

This commit is a noop.

This changes the cropping behavior, when it's supposedly only meant to move
it outside of the decoder.
See https://ffmpeg.org/pipermail/ffmpeg-devel/2017-May/211239.html for the
discussion about it.

Merged-by: James Almer <jamrial@gmail.com>

avcodec/scpr: Check y in first line loop in decompress_i()

Fixes: out of array access
Fixes: 1478/clusterfuzz-testcase-minimized-5285486908145664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>