opus_pvq: remove unneeded assert

Since the PVQ search has been well fuzzed and is guaranteed to never
break SUM(abs(y[])) == K, the assert is no longer needed.
Also the assert only prevented coding the wrong vector index but didn't
prevent crashes during searching for it, which made the assert rather
informational than practical.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

opus_pvq: improve PVQ search for low Ks

Since the probelm mentioned only happened when the phase was negative
(e.g. the sum had to be decreased), only discarding dimensions with a
zero pulse in that case restored the search's previously low distortion
at low Ks when the phase is never negative.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

avcodec/ituh263dec: Fix runtime error: left shift of 1342177279 by 1 places cannot be represented in type 'int'

Fixes: 659/clusterfuzz-testcase-5866673603084288
Huge DMV could be created by an encoder ignoring the spec

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpeglsdec: check shift for values that cause overflow later

Fixes: 657/clusterfuzz-testcase-6674741433729024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4videodec: Check the other 3 sprite points for intermediate overflows

This is not necessarily specific to fuzzed files

Fixes: Multiple integer overflows
Fixes: 656/clusterfuzz-testcase-6463814516080640
Fixes: 658/clusterfuzz-testcase-6691260146384896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

lavfi: Add VAAPI deinterlacer

(cherry picked from commit ade370a4d7eab1866b6023c91c135d27c77ca465)
(cherry picked from commit 2d518aec4c781316092be65893b47922c8f71b67)

avcodec/shorten: support decoding AIFF-C variant

Signed-off-by: Paul B Mahol <onemda@gmail.com>

doc/filters: mention 'ffmpeg -filters' in timeline section

So users can see which filters support the 'enable' option.

Signed-off-by: Lou Logan <lou@lrcd.com>

avcodec/scpr: improve check for out of range motion vectors

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/scpr: check that current row is in valid range

Stops writing out of dst array.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/scpr: do not allow out of array access for 16bit case

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/qdrw: do better w/h parsing for direct bit packing

Apparently using 0x0001 opcode solely is not correct.
Try this instead.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

lavc/videotoolboxenc: check for dictionary key symbols

Fixes #6081. Some dictionary keys are not present on OS X 10.8.
This loads the symbols and uses a default value if not present.

Signed-off-by: Rick Kern <kernrj@gmail.com>

avcodec/h264_ps: Check chroma_qp_index_offset

Fixes: 647/clusterfuzz-testcase-5195745823031296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Reviewed-by: BBB
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mips/Makefile: corrected conditional build of version 1 of vc1dsp optimizations for loongson mmi

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

lavd/opengl_enc: Fix a typo.

avcodec/wrapped_avframe: allocate a buffer with padding

This ensures that the wrapped avframe will not get reallocated later, which
would invalidate internal references such as extended data.

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>

avcodec: add ScreenPressor decoder

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/h264idct_template: Fix several runtime error: signed integer overflow

Fixes: 652/clusterfuzz-testcase-6174944410992640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4videodec: Check sprite_offset in addition to shifts

Fixes: 651/clusterfuzz-testcase-5710668915277824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegaudiodec_template: Fix multiple runtime error: signed integer overflow

Fixes: 648/clusterfuzz-testcase-5337961317007360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/qdrw: add support for 0x0001 code

Fixes decoding of files which sets frame width/height this way.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/dnxhddec: fix decoding of DNxHR HQX 10-bit

Signed-off-by: Paul B Mahol <onemda@gmail.com>

doc: drawtext options update

Remove nonexistant "draw" option.
Add undocumented "tc24hmax" timecode wrap option.

Signed-off-by: Mulvya <mulvya@gmail.com>
Signed-off-by: Lou Logan <lou@lrcd.com>

avcodec/cbrt_data: add missing header include

Fixes make checkheaders

avcodec/mjpegenc_huffman: add missing header include

Fixes make checkheaders

avcodec/flicvideo: update comment, 24bit support is implemented

Signed-off-by: Paul B Mahol <onemda@gmail.com>

MAINTAINERS: Add ffmpeg-security alias members

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv34: Forward error from rv34_decode_mv()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4video: Fix runtime error: left shift of negative value

Fixes: 644/clusterfuzz-testcase-4726434209726464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dcadsp: Fix runtime error: signed integer overflow: 394625024 * 8 cannot be represented in type 'int'

Fixes: 643/clusterfuzz-testcase-5209078743695360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv34: Fix runtime error: signed integer overflow: -2 + -2147483648 cannot be represented in type 'int'

Fixes: 642/clusterfuzz-testcase-558358808074649
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/matroskaenc: don't write DisplayUnit with value Unknown on WebM files

Value 4 (Unknown) is for the time being part of the Matroska spec but not
supported by WebM

Addresses ticket #6176

avcodec/qdrw: don't overwrite bpp when checking its value

Finishes fixing ticket #6171

aacdec: When ignoring a PCE restore the previous config

This is related to, but doesn't solve ticker 6152.

lavd/opengl_enc: Support BGR48.

avcodec/qdrw: add support for 2bpp and 4bpp packed pallette format

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/qdrw: fix writing past end of row

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/ituh263dec: Fix runtime error: left shift of negative value -22

Fixes: 639/clusterfuzz-testcase-5143866241974272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/gsmdec_template: Fix runtime error: signed integer overflow: -22527 * 99113 cannot be represented in type 'int'

Fixes: 636/clusterfuzz-testcase-6520876646268928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/bmp: Fix runtime error: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself

There is code checking height and width later, leaving an invalid value invalid
is thus fine.

Fixes: 635/clusterfuzz-testcase-6225161437052928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/sierravmd: Support for Shivers 2 stereo tracks

Signed-off-by: Nicolas Roy-Renaud <nicolas.roy-renaud.1@ens.etsmtl.ca>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

lavfi/buffersrc: fix directly setting channel layout

When setting the channel layout directly using AVBufferSrcParameters
the channel layout was correctly set however the init function still
expected the old string format to set the number of channels (when it
hadn't already been specified).

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

avformat/hlsenc: fix cid 1401346  Dereferencing pointer error

check if proto is null before av_strcasecmp
CID:  1401346

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>

avcodec/h264_ps: Check delta scale for validity

Fixes: signed integer overflow: 5 + 2147483646 cannot be represented in type 'int'
Fixes: 634/clusterfuzz-testcase-5285420445204480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/simple_idct: Fix runtime error: left shift of negative value -6395

Fixes: 633/clusterfuzz-testcase-4553133554401280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/rv40: Fix runtime error: left shift of negative value

Fixes: 630/clusterfuzz-testcase-6608718928019456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/qdrw: add support for decoding rgb555

Signed-off-by: Paul B Mahol <onemda@gmail.com>

avformat/mpl2dec: skip BOM when probing

Fixes #5442.

Signed-off-by: Paul B Mahol <onemda@gmail.com>

lavf/mpeg: Initialize a stack variable used by memcmp().

Silence a valgrind warning.

Fixes ticket #6160.

avcodec/dca_xll: Fix runtime error: signed integer overflow: -1073741824 * 32768 cannot be represented in type 'int'

Fixes: 629/clusterfuzz-testcase-6697457381539840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/flacdec: reduce limit for golomb so that the max value does not overflow

Fixes: runtime error: left shift of 32 by 26 places cannot be represented in type 'int'
Fixes: 628/clusterfuzz-testcase-6187747641393152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dca_xll: signed integer overflow: 255251 * 32768 cannot be represented in type 'int'

Fixes: 627/clusterfuzz-testcase-5020897033322496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Factorize CHECK/SUINT code

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

speedhq: fix decoding artifacts

The quantization table is stored in the natural order, but when we
access it, we use an index that's in zigzag order, causing us to read
the wrong value. This causes artifacts, especially in areas with
horizontal or vertical edges. The artifacts look a lot like the
DCT ringing artifacts you'd expect to see from a low-bitrate file,
but when comparing to NewTek's own decoder, it's obvious they're not
supposed to be there.

Fix by simply storing the scaled quantization table in zigzag order.
Performance is unchanged.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

fate/source: Check for cases that could use av_clip_uintp2() and av_clip_intp2()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/nvenc: allow forcing keyframes by default

lavf/mov.c: Correct keyframe search in edit list to return the very first keyframe/frame with matching timestamp. Fixes ticket#5904

Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpegaudiodec: Eliminate many undefined operations

Fixes: 625/clusterfuzz-testcase-4574924406521856
Fixes: 626/clusterfuzz-testcase-4738718621499392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pictordec: Do not read more than nb_planes

Fixes undefined behavior
Fixes: 622/clusterfuzz-testcase-5745722022428672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/af_atempo: fix drift calculation, ticket #6157

ticket #6157

Reported-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Pavel Koshevoy <pkoshevoy@gmail.com>

avcodec/ituh263dec: Check cbpy in ff_h263_decode_mb()

Fixes: 618/clusterfuzz-testcase-6594990333493248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/srtdec: Fix signed integer overflow: 1811992524 * 384 cannot be represented in type 'int'

Fixes: 617/clusterfuzz-testcase-6413875723370496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h264_ps: Fix runtime error: signed integer overflow: -1094995528 * 2 cannot be represented in type 'int'

Fixes: 615/clusterfuzz-testcase-5488002644049920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h264_cabac: runtime error: signed integer overflow: 2147483647 + 14 cannot be represented in type 'int'

Fixes: 614/clusterfuzz-testcase-4931860079575040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg4videodec: Fix runtime error: shift exponent -2 is negative

Fixes: 612/clusterfuzz-testcase-4707817137111040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mjpegdec: Fix runtime error: left shift of negative value -507

Fixes: 611/clusterfuzz-testcase-5613455820193792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/eac3dec: Fix runtime error: left shift of negative value

Fixes: 610/clusterfuzz-testcase-4831030085156864
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

opus_pvq: fix PVQ search for K < 5 and low Ns

If the PVQ search picked a place to increment/decrement on the y[]
vector which had no pulse then it would cause a desync since it would
change the sum in the wrong direction. Fix this by not considering
places without pulses as viable.

This makes the PVQ search slightly worse at K < 5 which isn't all that
common. Still, this is a workaround to prevent making broken files until
I can think of a better way of fixing it.

Also add an assertion, which can be removed or moved to assert1/2 once
the PVQ search is stable.

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

avcodec/pngdec: Check bit depth for validity

Fixes: runtime error: shift exponent 132 is too large for 32-bit type 'int'
Fixes: 609/clusterfuzz-testcase-4825202619842560
See 11.2.2 IHDR Image header

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg12dec: Fix runtime error: left shift of negative value

Fixes: 608/clusterfuzz-testcase-603978286392934
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avfilter/f_setcmd: fix null pointer dereference on using dash as interval

Fixes Coverity CID 1396259.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>

avdevice/iec61883: free packet on buffer allocation error

Fixes Coverity CID 1396416.

Signed-off-by: Marton Balint <cus@passwd.hu>

avformat/fifo: assert on disallowed message type and state combinations

Fixes Coverity CID 1396277.

Signed-off-by: Marton Balint <cus@passwd.hu>

avcodec/huffyuvencdsp: use an actual unsigned long constant

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>

avcodec/huffyuvdsp: use an actual unsigned long constant

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>

avcodec/wavpacl: Fix runtime error: left shift of negative value -1

Fixes: 607/clusterfuzz-testcase-5108792465293312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/flac: Fix several integer overflows

Fixes: 686513-media
Found-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

Factor CHECKED out of DEBUG so it can be set seperatly

Suggested-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/pngdec: Store metadata directly into AVFrame

Fixes memleak
Fixes: 500/clusterfuzz-testcase-6315221727576064
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/utils: Also fill dts==RELATIVE_TS_BASE packets in update_initial_durations()

This dts value can end up in the list in the absence of durations and is in that
case semantically identical to AV_NOPTS_VALUE. We can alternatively prevent
storing RELATIVE_TS_BASE if there is no duration.

Fixes Ticket3640

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/mpeg12dec: Provide debug level log on skiped P/B frames

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/h264: sse2, avx h luma mbaff deblock/loop filter

x86-64 only

Yorkfield:
- sse2: ~2.17x (434 vs. 200 cycles)

Nehalem:
- sse2: ~2.94x (409 vs. 139 cycles)

Skylake:
- sse2: ~3.10x (370 vs. 119 cycles)
- avx:  ~3.29x (370 vs. 112 cycles)

x86util: import MOVHL macro

Originally committed to x264 in 1637239a by Henrik Gramner who has
agreed to re-license it as LGPL.  Original commit message follows.

    x86: Avoid some bypass delays and false dependencies

    A bypass delay of 1-3 clock cycles may occur on some CPUs when transitioning
    between int and float domains, so try to avoid that if possible.

avcodec/h264: add named parameters to x86 function

avcodec/x86: deduplicate PASS8ROWS macro

tests/fate/hevc: remove vsync drop from where it is not needed anymore

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/cuvid: add drop_second_field as input option

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>

avcodec/cuvid: don't overwrite deinterlace at progressive input

If there is progressive input it will disable deinterlacing in cuvid for
all future frames even those interlaced.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>

avformat/m4vdec: Detect raw mpeg4video with unidentified non mpeg headers with a very low score

Fixes Ticket 6018

This fixes a regression, and allows playback of files containing mpeg4video that are otherwise
not supported

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avformat/hlsenc: set default http method to PUT when method is null

When the http method is not set, the method will use POST for ts,
PUT for m3u8, it is not unify, now set it unify.
This ticket id: #5315

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>

opusenc: initialize the emphasis coefficients on init

Signed-off-by: Rostislav Pehlivanov <atomnuker@gmail.com>

lavf/riff: Support decoding files with broken mediasubtype base guid.

Fixes ticket #6100.

avcodec/opus: Check count of ambisonic channels

https://tools.ietf.org/html/draft-ietf-codec-ambisonics-01#section-3.1
specifies the maximum as 227

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libopus: decode ambisonics with non-diegetic sources

Channel mapping 2 additionally supports a non-diegetic stereo track
appended to the end of a full-order ambisonics signal, such that the
total channel count is either
  (n + 1) ^ 2, or
  (n + 1) ^ 2 + 2
where n is the ambisonics order

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/fmvc: fix decoding of odd size videos

Signed-off-by: Paul B Mahol <onemda@gmail.com>

lavc/avpacket: Initialize a variable in error path.

Fixes ticket #6153.

Tested-by: Tyson Smith

wmaprodec: fix leaking fdsp on init failure

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>

mpegaudiodec_template: fix leaking fdsp for mp3on4float

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>

vaapi_vp8: Use VP8_MAX_QUANT instead of magic number