On branch release/4.3
Your branch is up to date with 'origin/release/4.3'.

Untracked files:
  (use "git add ..." to include in what will be committed)
	0001-avcodec-png-read-and-write-stereo3d-frame-side-data-.patch

nothing added to commit but untracked files present (use "git add" to track)
commit 799fc4d732fc2515911b75fe816da2bbd20221d9
Author: James Almer 
Date:   Sun Jul 12 21:32:01 2020 -0300

    x86/yuv2rgb: fix crashes when storing data on unaligned buffers
    
    Regression since fc6a5883d6af8cae0e96af84dda0ad74b360a084 on SSSE3 enabled
    CPUs.
    
    Fixes ticket #8747
    
    Signed-off-by: James Almer 
    (cherry picked from commit ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a)

commit d913badb9f13d24ca8a980d9d4ec7f1b0838bd4b
Author: James Almer 
Date:   Sat Jul 11 20:55:32 2020 -0300

    checkasm/vf_blend: use the correct depth parameters to initialize the blend modes
    
    This effectively enables the tests that until now were just running
    the C version alone.
    
    Signed-off-by: James Almer 
    (cherry picked from commit 55e1bc39cb3e485e5b0b6b13a41a2fd6f18ed3af)

commit 8fd7d3864de6a82d7a7c4d1a3620cb21cb0dd8b9
Author: James Almer 
Date:   Sat Jul 11 10:04:23 2020 -0300

    x86/vf_blend: fix warnings about trailing empty parameters
    
    Finishes fixing ticket #8771
    
    Signed-off-by: James Almer 
    (cherry picked from commit 320694ff84a609c5b0438c1f10da355cb48a0be3)

commit 590a36acbdce1ee5905962f93a152f347d283511
Author: James Almer 
Date:   Thu Jul 9 11:48:12 2020 -0300

    x86/h264_deblock: fix warning about trailing empty parameter
    
    Fixes part of ticket #8771
    
    Signed-off-by: James Almer 
    (cherry picked from commit 2c844c98285ca03d9cc44db920da645cf0376c40)

commit bb3490e7f9645babab4cf84fdb2b2dd4922d81a6
Author: Henrik Gramner 
Date:   Thu Jul 9 11:47:35 2020 -0300

    avutil/x86inc: fix warnings when assembling with Nasm 2.15
    
    Some new warnings regarding use of empty macro parameters has
    been added, so adjust some x86inc code to silence those.
    
    Fixes part of ticket #8771
    
    Signed-off-by: James Almer 
    (cherry picked from commit 0b2b03568f22fdb361d9a44c262bfb9269335f80)

commit 6b6b9e593dd4d3aaf75f48d40a13ef03bdef9fdb
Author: Michael Niedermayer 
Date:   Sat Jul 11 00:26:17 2020 +0200

    Changelog: update
    
    Signed-off-by: Michael Niedermayer 

commit 5086d2269747234bd371729a34b7f30467443460
Author: Michael Niedermayer 
Date:   Fri Jul 10 17:14:43 2020 +0200

    avcodec/tiff: Check input space in dng_decode_jpeg()
    
    Fixes: out of array read
    Fixes: 24034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5111884337119232
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 79e8d17024e6c6328a40fcee191ffd70798a9c6e)
    Signed-off-by: Michael Niedermayer 

commit 3c4679c4302d04fdd92eca65321fe0af5cc08a42
Author: Michael Niedermayer 
Date:   Fri Jul 10 00:31:16 2020 +0200

    avcodec/mjpeg_parser: Adjust size rejection threshold
    
    Fixes: 86987846-429c8d80-c197-11ea-916b-bb4738e09687.jpg
    Fixes: Regression since ec3d8a0e6945fe015d16cd98a1e7dbb4be815c15
    
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit dde60772970ed663b85d475e741013a0222decda)
    Signed-off-by: Michael Niedermayer 

commit 832652a9d10e3e19d04aad424efe1e1754a11306
Author: Michael Niedermayer 
Date:   Fri Jul 10 19:37:57 2020 +0200

    avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment()
    
    Fixes: Out of array read
    Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 4a10bc8f6f5d600c44ecb9b43cd9abf13bf3bfae)
    Signed-off-by: Michael Niedermayer 

commit 9ee65bf88d6a4ec9587ce119aeae148a190d9838
Author: Andreas Rheinhardt 
Date:   Tue Jul 7 21:50:33 2020 +0200

    avformat/sdp: Fix potential write beyond end of buffer
    
    Reviewed-by: Michael Niedermayer 
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 5d91b7718efc581da8882a4e9bf2f5953e41adbf)
    Signed-off-by: Andreas Rheinhardt 

commit be84216c53a4ed81573c82320e9c4a20e9b349d9
Author: Andreas Rheinhardt 
Date:   Thu Jul 9 12:07:28 2020 +0200

    avformat/mm: Check for existence of audio stream
    
    No audio stream is created unconditionally and if none has been created,
    no packet with stream_index 1 may be returned. This fixes an assert in
    ff_read_packet() in libavformat/utils reported in ticket #8782.
    
    Reviewed-by: Michael Niedermayer 
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit ec59dc73f0cc8930bf5dae389cd76d049d537ca7)
    Signed-off-by: Andreas Rheinhardt 

commit 401b59e4c35f58b289d297efec8265f45d660f99
Author: Michael Niedermayer 
Date:   Thu Jul 9 22:17:30 2020 +0200

    Update for 4.3.1
    
    Signed-off-by: Michael Niedermayer 

commit d4ced9ebb7925f7e0ed43535d0b7a40de72098b9
Author: Zhao Zhili 
Date:   Sun Jul 5 00:51:53 2020 +0800

    avformat/mov: Fix unaligned read of uint32_t and endian-dependance in mov_read_default
    
    Reviewed-by: Andreas Rheinhardt 
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 806a4d5187aeb82b97898683242886ed1e84f894)
    Signed-off-by: Michael Niedermayer 

commit b021eba8b679e405f794fc5e5cb0e4bb17985b6e
Author: Michael Niedermayer 
Date:   Tue Jun 30 22:01:22 2020 +0200

    avcodec/apedec: Fix undefined integer overflow with 24bit
    
    Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
    Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 9f7b252cdf2d0e0f79d16dc7cd575d1884239863)
    Signed-off-by: Michael Niedermayer 

commit 093c2dd644897c5a8ad534b461a74cc9398a73e4
Author: Michael Niedermayer 
Date:   Tue Jun 30 21:11:25 2020 +0200

    avcodec/loco: Fix integer overflow with large values from loco_get_rice()
    
    Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
    Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 3ddc5e1f3cebca25ade54ee68159d305f210bf5f)
    Signed-off-by: Michael Niedermayer 

commit 99eb08f390db77192f55231a8e092e27c2b13100
Author: Michael Niedermayer 
Date:   Mon Jul 6 20:18:42 2020 +0200

    avformat/smjpegdec: Check the existence of referred streams
    
    Fixes: Assertion failure
    Fixes: 23758/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5160954605338624.fuzz
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 321ea59dac6538f92206bab0a2688fa24a25c4d2)
    Signed-off-by: Michael Niedermayer 

commit b228e0c5f6a854d2ba3d5b4e3b88ab47380aacf1
Author: Michael Niedermayer 
Date:   Sat Jul 4 14:17:05 2020 +0200

    avcodec/tiff: Check frame parameters before blit for DNG
    
    Fixes: out of array access
    Fixes: 23888/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6021365974171648.fuzz
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 4091f4f78012d1a7eb1e04b69cf65d5ef3afee3a)
    Signed-off-by: Michael Niedermayer 

commit 11a10e30a92986a4666ea831976c44f9ebb4de71
Author: Michael Niedermayer 
Date:   Sat Jul 4 14:15:01 2020 +0200

    avcodec/mjpegdec: Limit bayer to single plane outputting format
    
    This reduces the number of paths reachable with DNG and should
    improve security
    
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 865a34970e73b9c23e33fd6dc6ba046d4e821519)
    Signed-off-by: Michael Niedermayer 

commit f98f29de5ea4fdd09b2e834734259652f28c116c
Author: Michael Niedermayer 
Date:   Fri Jul 3 23:55:50 2020 +0200

    avcodec/pnmdec: Fix misaligned reads
    
    Found-by: "Steinar H. Gunderson" 
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit ea28ce9bc13803ccef97850388ddc9a73998a23e)
    Signed-off-by: Michael Niedermayer 

commit 531ddbacb57c2d58f5342d6fde8f056f2790ca4a
Author: Michael Niedermayer 
Date:   Thu Jun 18 11:52:47 2020 +0200

    avcodec/mv30: Fix integer overflows in idct2_1d()
    
    Fixes: signed integer overflow: 6500736 * 473 cannot be represented in type 'int'
    Fixes: 23259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5179394271477760
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 3b8d5bcc3189c6c46279889f1176c0caba4466e4)
    Signed-off-by: Michael Niedermayer 

commit d25345bb006c8ba757eb3608bb55d18f5ae84c53
Author: Michael Niedermayer 
Date:   Tue Jun 30 21:32:53 2020 +0200

    avcodec/hcadec: Check total_band_count against imdct_in size
    
    Fixes: index 128 out of bounds for type 'float [128]'
    Fixes: 23465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-5089866596745216
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 2d96c945312d3f62e3f872bfb51a593afb40e09a)
    Signed-off-by: Michael Niedermayer 

commit 1ff86cb452c1ff7b975e3f3abe0a0443cd2f3266
Author: Michael Niedermayer 
Date:   Wed Jul 1 23:31:47 2020 +0200

    avcodec/scpr3: Fix out of array access with dectab
    
    Fixes: 23721/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5914074721550336
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit c8de8dfba6b2706f22214489b1779fb0d27e7e65)
    Signed-off-by: Michael Niedermayer 

commit f1ebea7c915e0f6b5225d02d8af5a4e598f5d38e
Author: Michael Niedermayer 
Date:   Wed Jul 1 23:05:22 2020 +0200

    avcodec/tiff: Do not overrun the array ends in dng_blit()
    
    Fixes: out of array access
    Fixes: 23589/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5110559589793792.fuzz
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit f35caea77f76c62bd0e392e514a84833ab1e0c83)
    Signed-off-by: Michael Niedermayer 

commit c86a9d5b82f967f9726e1902f6d80b3a09fd3bad
Author: Michael Niedermayer 
Date:   Wed Jul 1 21:27:23 2020 +0200

    avcodec/dstdec: Replace AC overread check by sample rate check
    
    Real files do skip coding 0 bits at the end, thus this kind of check
    does not work reliable.
    
    Fixes: Ticket 8770
    Fixes: dst-256fs44-6ch-refdstencoder.dff
    
    The samplerate is specified in ISO/IEC 14496-3:2005(E) as one of 3 fixed
    values, this also can be used to limit the duration and avoid the timeout
    
    This reverts commit f6df99dba1ae64b05d08fba8160d13eb9795042f.
    
    (cherry picked from commit 1679f23beb3cfc3639352b3cbe7c08c00189c6b0)
    Signed-off-by: Michael Niedermayer 

commit 1f32d8ea2328843f5741029278fd146aba19e8d0
Author: Reimar Döffinger 
Date:   Mon Jul 6 09:32:17 2020 +0200

    dnn_backend_native: Add overflow check for length calculation.
    
    We should not silently allocate an incorrect sized buffer.
    Fixes trac issue #8718.
    
    Signed-off-by: Reimar Döffinger 
    Reviewed-by: Michael Niedermayer 
    Reviewed-by: Guo, Yejun 

commit 7cbb6ee2eec8fcd1e627ea27b0569d6d5bcfe324
Author: Andreas Rheinhardt 
Date:   Sat Jul 4 20:57:56 2020 +0200

    avcodec/h264_metadata_bsf: Fix invalid av_freep
    
    This bug was introduced in 3c8a2a1180f03ca6b299ebc27eef21ae86635ca0.
    
    Reviewed-by: James Almer 
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 04e06beb0ab98a6eb85df32f7809b1143e4bebe7)
    Signed-off-by: Andreas Rheinhardt 

commit acefb59ac5cdfbec6c82f80b188ddf2e67a29a0a
Author: James Almer 
Date:   Sun Jun 21 15:30:45 2020 -0300

    avcodec/cbs_h265: set default VUI parameters when vui_parameters_present_flag is false
    
    Based on cbs_h264 code.
    
    Should fix ticket #8752.
    
    Signed-off-by: James Almer 
    (cherry picked from commit d1c55fc46019229b5526768ffdb0e1e67beb21ff)

commit 797574400d531503ff46009784c0b97c0091733a
Author: Manoj Bonda 
Date:   Fri Jun 19 12:31:22 2020 +0530

    avcodec/av1_parser: initialize avctx->pix_fmt
    
    Initialize avctx->pix_fmt in av1_parser.c
    AV1 Chroma format is invalid when quering using below code if no AV1 decoder
    is available:
    
    iVideoStream = av_find_best_stream(fmtc, AVMEDIA_TYPE_VIDEO, -1, -1, NULL, 0);
    eChromaFormat = (AVPixelFormat)fmtc->streams[iVideoStream]->codecpar->format;
    
    Signed-off-by: James Almer 
    (cherry picked from commit 23d06f606e58779d47ca9d312c570b8e64f99f9e)

commit b303fe926ef153b01de3f1ae6bba8fbb0b7190bf
Author: James Almer 
Date:   Fri Jun 19 10:56:20 2020 -0300

    avcodec/av1_parser: add missing parsing for RGB pixel format signaling
    
    Signed-off-by: James Almer 
    (cherry picked from commit af6cddae1fe9cf378e961d9a2a36dd7234996ab3)

commit 8f5f453998c2c1896c77fe7d7ff593c1c22ecb0e
Author: James Almer 
Date:   Fri Jun 19 09:56:49 2020 -0300

    avcodec/av1_parser: set context values outside the OBU parsing loop
    
    Signed-off-by: James Almer 
    (cherry picked from commit 634a44db5a621e59079fbeb00ec62f2f6c9fdd8b)

commit 836f6fb5670da816140d5f1f5f573aa1f7132caa
Author: Michael Niedermayer 
Date:   Thu Jun 18 11:56:53 2020 +0200

    avutil/avsscanf: Add () to avoid integer overflow in scanexp()
    
    Fixes: signed integer overflow: 2147483610 + 52 cannot be represented in type 'int'
    Fixes: 23260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PBM_fuzzer-5187871274434560
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 42b28565aa852b98d95d8d02f7b0781999f9d533)
    Signed-off-by: Michael Niedermayer 

commit 3571d9d654f78c3c16ec17c8260d28f211e9571b
Author: Michael Niedermayer 
Date:   Sun Jun 21 12:24:04 2020 +0200

    avformat/utils: reorder duration computation to avoid overflow
    
    Fixes: signed integer overflow: 8 * 9223372036854774783 cannot be represented in type 'long'
    Fixes: 23381/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4818340509122560
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 10cc82c35baabbb07ffec3faccb04d8928c39e4c)
    Signed-off-by: Michael Niedermayer 

commit f27a51021114a603597e5bbd0adb410ab84b2697
Author: Michael Niedermayer 
Date:   Thu Jun 25 19:22:01 2020 +0200

    avcodec/pngdec: Check for fctl after idat
    
    Fixes: out of array access
    Fixes: 23554/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APNG_fuzzer-4796622520451072.fuzz
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 65b1ba680fb67902a9c876a49d0146eaae5a1c3d)
    Signed-off-by: Michael Niedermayer 

commit a3fdeb0c3a4ecabab2c2351b86fc92004526e9cc
Author: Michael Niedermayer 
Date:   Mon Jun 29 19:49:41 2020 +0200

    avformat/hls: Pass a copy of the URL for probing
    
    The segments / url can be modified by the io read when reloading
    
    This may be an alternative or additional fix for Ticket8673
    as a further alternative the reload stuff could be disabled during
    probing
    
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit b5e39880fb7269b1b3577cee288e06aa3dc1dfa2)
    Signed-off-by: Michael Niedermayer 

commit 199d6a049a90e03f0e61b6a859c9f0fe8ac69251
Author: Michael Niedermayer 
Date:   Sun Jun 28 00:21:09 2020 +0200

    avutil/common: Fix integer overflow in av_ceil_log2_c()
    
    Fixes: left shift of 1913647649 by 1 places cannot be represented in type 'int'
    Fixes: 23572/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5082619795734528
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit e409262837712016097c187e97bf99aadf6a4cdf)
    Signed-off-by: Michael Niedermayer 

commit f4affa071a622429f75da1cd3838f0bc0e0181d5
Author: Michael Niedermayer 
Date:   Sun Jun 28 00:10:19 2020 +0200

    avcodec/wmalosslessdec: fix overflow with pred in revert_cdlms
    
    Fixes: signed integer overflow: 2048 + 2147483646 cannot be represented in type 'int'
    Fixes: 23538/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5227567073460224
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 21598d711d894081d0566282473044ba4f378f33)
    Signed-off-by: Michael Niedermayer 

commit c05d51c06742ca280789038d71ac5ae1c4dd8ad8
Author: Michael Niedermayer 
Date:   Tue Jun 23 01:01:53 2020 +0200

    avformat/mvdec: Fix integer overflow with billions of channels
    
    Fixes: signed integer overflow: 1394614304 * 2 cannot be represented in type 'int'
    Fixes: 23491/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5697377020411904
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit b6fbbe08c325415cc784df296058beb6604f0b9c)
    Signed-off-by: Michael Niedermayer 

commit 3ce81bf96047717dec9974c3aab7c0bb08b4e72d
Author: Michael Niedermayer 
Date:   Tue Jun 23 01:43:14 2020 +0200

    avformat/microdvddec: skip malformed lines without frame number.
    
    Fixes: signed integer overflow: 1 - -9223372036854775808 cannot be represented in type 'long'
    Fixes: 23490/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5133490093031424
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Reviewed-by: Nicolas George 
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit a8fb7612a97530bdd0b2549dacf91dcf71a3187a)
    Signed-off-by: Michael Niedermayer 

commit dd273d359e45ab69398ac0dc41206d5f1a9371bf
Author: Guo Yejun 
Date:   Wed Jun 10 13:36:11 2020 +0800

    dnn_backend_native: check operand index
    
    it fixed the issue in https://trac.ffmpeg.org/ticket/8716
    (cherry-pick from 0b3bd001ac1745d9d008a2d195817df57d7d1d14)
    Signed-off-by: Guo, Yejun 

commit 5530748bfdf1a4d41d4c92e59f662c94e38a5f94
Author: Guo Yejun 
Date:   Wed Jun 10 10:59:19 2020 +0800

    dnn_backend_native.c: refine code for fail case
    
    (cherry-pick from fc932195ab0c9c00fa0cd9620c60763d978d495b)
    Signed-off-by: Guo, Yejun 

commit 143e2d0d6653426b871ff5802a1d558d60f574fe
Author: Zhao Zhili 
Date:   Sun Jun 28 11:15:39 2020 +0800

    avformat/mov: fix memleaks
    
    Fix two cases of memleaks:
    1. The leak of dv_demux
    2. The leak of dv_fctx upon dv_demux allocate failure
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit f3dc38a186b2326ce03e50969897ea703817ddb0)
    Signed-off-by: Andreas Rheinhardt 

commit 7c1ad9d1514a16d56cb0803787b62694fd9b6b24
Author: Andreas Rheinhardt 
Date:   Mon Sep 16 15:48:31 2019 +0200

    libavformat/mov: Fix memleaks when demuxing DV audio
    
    The code for demuxing DV audio predates the introduction of refcounted
    packets and when the latter was added, changes to the former were
    forgotten. This meant that when avpriv_dv_produce_packet initialized the
    packet containing the AVBufferRef, the AVBufferRef as well as the
    underlying AVBuffer leaked; the actual packet data didn't leak: They
    were directly freed, but not via their AVBuffer's free function.
    
    https://samples.ffmpeg.org/ffmpeg-bugs/trac/ticket4671/dir1.tar.bz2
    contains samples for this (enable_drefs needs to be enabled for them).
    
    Moreover, errors in avpriv_dv_produce_packet were ignored; this has been
    changed, too.
    
    Furthermore, in the hypothetical scenario that the track has a palette,
    this would leak, too, so reorder the code so that the palette code
    appears after the DV audio code.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 61f5c6ab06fc61e0f9f8f8dab5595b8bb202df73)
    Signed-off-by: Andreas Rheinhardt 

commit b3d8e13a88c1e32ce5600687c67cbae6f0aeaeac
Author: Andreas Rheinhardt 
Date:   Thu Jun 18 14:37:38 2020 +0200

    avcodec/cbs_av1: Fix writing uvlc numbers >= INT_MAX
    
    Fixes: assertion failure
    Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
    Fixes: 23264/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6308429248593920
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 6f06c17a55137855c67ba4a7b6778ca34ddbbe6b)
    Signed-off-by: Andreas Rheinhardt 

commit 3cf212f6c8c7ef5cc8400510bc32045c6058893f
Author: Andreas Rheinhardt 
Date:   Wed Jun 24 17:51:58 2020 +0200

    avformat/avc, mxfenc: Avoid allocation of H264 SPS structure, fix memleak
    
    Up until now, ff_avc_decode_sps would parse a SPS and return some
    properties from it in a freshly allocated structure. Yet said structure
    is very small and completely internal to libavformat, so there is no
    reason to use the heap for it. This commit therefore changes the
    function to return an int and to modify a caller-provided structure.
    This will also allow ff_avc_decode_sps to return better error codes in
    the future.
    
    It also fixes a memleak in mxfenc: If a packet contained multiple SPS,
    only the SPS structure belonging to the last SPS would be freed, the
    other ones would leak when the pointer is overwritten to point to the
    new SPS structure. Of course, without allocations there are no leaks.
    This is Coverity issue #1445194.
    
    Furthermore, the SPS structure has been renamed from
    H264SequenceParameterSet to H264SPS in order to avoid overlong lines.
    
    Reviewed-by: Tomas Härdin 
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit a0b6df0a3953e2586e63f513485c4d2d42507d7f)
    Signed-off-by: Andreas Rheinhardt 

commit 284fffa92fc54315f7974649b10a38a87f7a48ea
Author: Andreas Rheinhardt 
Date:   Thu Jun 25 15:10:35 2020 +0200

    avcodec/bitstream: Don't check for undefined behaviour after it happened
    
    Reviewed-by: Michael Niedermayer 
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 5e196dac22cc510db104922f99626a03b453ef4a)
    Signed-off-by: Andreas Rheinhardt 

commit d8407afe021c525c25b6b39ae2d8dc3b6dbde6fe
Author: Andreas Rheinhardt 
Date:   Mon May 25 10:14:00 2020 +0200

    avformat/aviobuf: Also return truncated buffer in avio_get_dyn_buf()
    
    Two kinds of errors can happen when working with dynamic buffers:
    (Re)allocation errors or truncation errors (one has to truncate the
    buffer to a size of INT_MAX because avio_close_dyn_buf() and
    avio_get_dyn_buf() both return an int). Right now, avio_get_dyn_buf()
    returns an empty buffer in either case. But given that
    avio_get_dyn_buf() does not destroy the dynamic buffer, one can return
    the buffer in case of truncation and let the user check the error flags
    and decide for himself instead of hardcoding a single way to proceed
    in case of truncation.
    
    (This actually restores the behaviour from before commit
    163bb9ac0af495a5cb95441bdb5c02170440d28c.)
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit c33e56c7a6a8bef7d95e1d36eb2f35748d475695)
    Signed-off-by: Andreas Rheinhardt 

commit b6546add07d428320e74217d79decfabb86f173b
Author: Andreas Rheinhardt 
Date:   Sun May 24 03:14:00 2020 +0200

    avformat/aviobuf: Don't check for overflow after it happened
    
    If adding two ints overflows, it doesn't matter whether the result will
    be stored in an unsigned or not; and checking afterwards does not make it
    retroactively defined.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 28a078eded1c29985ed078b59d48ff59cf00394b)
    Signed-off-by: Andreas Rheinhardt 

commit 8e12af29d1a3f95c9e952d78354e3c8b1c0431a8
Author: Michael Niedermayer 
Date:   Sun Jun 14 23:45:46 2020 +0200

    avcodec/tiff: Check stride for dng
    
    Fixes: assertion failure
    Fixes: 23422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5746026064642048
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 276dfa9d91ee50183824612803891b7d066e8f00)
    Signed-off-by: Michael Niedermayer 

commit 716b5c6ec9f856ea973298c8e319f041871080e7
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 20:54:46 2020 +0200

    avformat/mov: Fix reel_name size check
    
    Only read str_size bytes from offset 30 of extradata if the extradata is
    indeed at least 30 + str_size bytes long.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit ff3fad6b0edb13dd664403b01bc00309f035b110)

commit 9d921e38f436a431e6d457fe7e4700878e7327b9
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 09:19:38 2020 +0200

    avformat/mov: Fix memleak upon encountering repeating tags
    
    mov_read_custom tries to read three strings belonging to three different
    tags. When an already encountered tag is encountered again, a new buffer
    for the string to be read is allocated and stored in the pointer
    destined for this particular tag. But in this scenario, said pointer
    already holds the address of the string read earlier, leading to a leak.
    
    This commit therefore aborts the reading process upon encountering
    an already encountered tag.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit dfef1d5e3cd4dfead84416a01e6c9ff0da50b34d)

commit c49dfee90bc1c149410f7017e9cbbbeb4063ccdf
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:35:41 2020 +0200

    avformat/matroskaenc: Don't use NULL for %s format string
    
    The argument pertaining to a printf %s conversion specifier must not
    be NULL, even if the precision (i.e. the number of characters to write)
    is zero. If it is NULL, it is undefined behaviour.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 6de6ce7bc80e874099895b6c73977bc2efb06a4d)

commit 3f3cfddb37b0a868a450b9ff9733cb16af943031
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:29:17 2020 +0200

    avformat/webvttdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit c784fe8b867e42a1c8d2c48d7046e3e0cce7ec31)

commit b7897f03199e65d546729b319cca9909d46cf214
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:28:56 2020 +0200

    avformat/vplayerdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 67434afa7fcb2b411b10a4d09fb30cd3a5907c2c)

commit 6eac7d79f4e7282567793d5c52ec84a646cac840
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:27:43 2020 +0200

    avformat/tedcaptionsdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if allocating the AVStream for the subtitles fails.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 337783b118d4cc265759c103b672dd5d5d3e7cb8)

commit 04e1d16f651c201c4a43eb350ec4b87db8e77010
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:27:11 2020 +0200

    avformat/subviewerdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit a708f652737eba08607df84394ca4bec6b458736)

commit 49b60a9a52b50a0064c1d7282dff117aee853855
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:26:40 2020 +0200

    avformat/subviewer1dec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 9751d7515222c7b58d0c6fb31aec6e0464c0f338)

commit 3201350dc753ec8c8f2c28f3e4f58ff42e7a742b
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:24:23 2020 +0200

    avformat/stldec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit e13874b9eae4e156ca1c478e6d59d3461bbdc09f)

commit 157bbc779c5124b7f6aee39df6399425f12dc2e2
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:23:27 2020 +0200

    avformat/srtdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit c70409957c7332971f0e147729d769f6d2f95390)

commit bf29cf8eb6f5fadcec2c32522612eb0c453e2581
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:22:32 2020 +0200

    avformat/sccdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit f3c63e67bb00fa7d96595203d01a576df651e275)

commit 6e64260a190a9549d12953dc779cb88e69cdaaac
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:21:46 2020 +0200

    avformat/samidec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle
    or when creating extradata.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit f161f8e4ad10c8ae5b2e97870e09bc6a421408eb)

commit 7754a2ea12afda7edaafab32b37d6423618a406f
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:21:03 2020 +0200

    avformat/pjsdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 9df560e8986640e20c62286f0baee2a80540accd)

commit d84b9ab4abb82e9f7d6dcab07de5e51ac721ba6b
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:20:09 2020 +0200

    avformat/mpsubdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon creating an AVStream.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit a5ed8aeea4f4199e89520c3fdbd9d07ae7fc3c3f)

commit f1724907424f92217823b6da2487715f0a1d36bc
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:19:32 2020 +0200

    avformat/mpl2dec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 331799747e7e995710f5dfc4d413cda35eb01289)

commit 330a757d41860bf70e93d7b6c19cb65390b069a9
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:16:15 2020 +0200

    avformat/microdvddec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle
    or when allocating extradata.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit b12014a5b861959fd41a32ba3ff4cb139c56efcd)

commit ea27fe480eaa845171a603d2bc82ced55f8ddcf6
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:12:00 2020 +0200

    avformat/lrcdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit d38694cea9f289b3f9dcce1a2f07746d029b35f3)

commit db2002aee700e477225b82f393b25b3b371f4f64
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:09:08 2020 +0200

    avformat/jacosubdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit c13a752733a9af955b032c55f704b748fe37dd19)

commit 788a7c027b6e263c40c8b6b423a3291e0e2ce0d1
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:07:28 2020 +0200

    avformat/assdec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle
    or if creating the extradata failed.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 5ab39c2d8c1e5e00b48d758eee7d5ae435a99ef7)

commit 7c0a9ff9c01112be075156c88e565f2ec28c9e2d
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 03:04:29 2020 +0200

    avformat/aqtitledec: Fix memleak upon read header failure
    
    The already parsed subtitles (contained in an FFDemuxSubtitlesQueue)
    would leak if an error happened upon reading a subsequent subtitle.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit a86a5d06d8967d01964833456df1df9fc186f125)

commit 30d66abc801ec54f81f49b0aa01a36692a744266
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 00:37:40 2020 +0200

    avformat/mov: Fix memleaks upon read_header failure
    
    By default, a demuxer's read_close function is not called automatically
    if an error happens when reading the header; instead it is up to the
    demuxer to clean up after itself in this case. The mov demuxer did this
    by calling its read_close function when it encountered some errors when
    reading the header. Yet for other errors (mostly adding side-data to
    streams) this has been forgotten, so that all the internal structures
    of the demuxer leak.
    
    This commit fixes this by making sure mov_read_close is called when
    necessary.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit ac378c535be907ee383dafb430be7216a2920982)

commit 5171e0ee18c19960bec84ee3adb920cd3f83e35f
Author: Andreas Rheinhardt 
Date:   Sun Jun 14 00:24:55 2020 +0200

    avformat/omadec: Fix memleaks upon read_header failure
    
    Fixes possible leaks of id3v2 metadata as well as an AVDES struct in
    case the content is encrypted and an error happens lateron.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 3d3ba43bc68ca90fe72d0fc390c9e5f5c7de1513)

commit 245d0f1889d8b3b5b7ae20e543d0b128932e3565
Author: Andreas Rheinhardt 
Date:   Sat Jun 13 23:58:32 2020 +0200

    avformat/matroskadec: Fix memleaks in WebM DASH manifest demuxer
    
    In certain error scenarios, the underlying Matroska demuxer was not
    properly closed, causing leaks.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 0841063ce6a2e664fb3986b0a255c57392cd9f02)

commit 0260352d92228e56a999ea00a365ffef6cee20cc
Author: Andreas Rheinhardt 
Date:   Fri Aug 30 15:18:29 2019 +0200

    avformat/matroskadec: Use right number of tracks
    
    When demuxing a Matroska/WebM file, streams are added for tracks and for
    attachments, so that the array containing the former can be NULL even
    when the corresponding AVFormatContext has streams. So check for there
    to be tracks in the MatroskaDemuxContext instead of just streams in the
    AVFormatContext before dereferencing the pointer to the tracks.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 1ef30571a0a7150cb20c580bfc52af2a7101c20d)

commit a2ab8babef6d6eabbd7ae5f5f36df9c069f7d94b
Author: Andreas Rheinhardt 
Date:   Wed Sep 4 00:50:11 2019 +0200

    avformat/matroskadec: Fix handling gigantic durations
    
    matroska_parse_block currently asserts that the duration is not equal to
    AV_NOPTS_VALUE, but there is nothing that actually guarantees this. It
    is easy to create (spec-compliant) files which run into this assert;
    so replace it and instead cap the duration to INT64_MAX, as the duration
    field of an AVPacket is an int64_t.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 3714d452b894821591a2fbafdd1b8ef15abe4be6)

commit 751f285152b90faf78d3dde76bc5cee16f093813
Author: Andreas Rheinhardt 
Date:   Sat Jun 13 22:34:19 2020 +0200

    avformat/matroskadec: Move AVBufferRef instead of copying, fix memleak
    
    EBML binary elements are already made reference-counted when read;
    so when populating the AVStream.attached_pic, one does not need to
    allocate a new buffer for the data; instead the current code just
    creates a new reference to the underlying AVBuffer. But this can be
    improved even further: Just move the already existing reference.
    
    This also fixes a memleak that happens upon error because
    matroska_read_close has not been called in this scenario.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit cbe336c9e81e2d9de3a18abef887c9255a9b9da5)

commit 2c738c75218a1dcaec3ec6baa9b0d4b267820812
Author: Andreas Rheinhardt 
Date:   Mon Jun 15 05:09:07 2020 +0200

    avformat/hlsenc: Always treat numbers as decimal
    
    c801ab43c36e8c4f88121aa09af26c77bcbd671b caused a regression: The stream
    number is now parsed with strtoll without a fixed basis; as a
    consequence, the "010" in a variant stream mapping like "a:010" is now
    treated as an octal number (i.e. as eight, not ten). This was not
    intended and may break some scripts, so this commit restores the old
    behaviour.
    
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit 19a876fd6973724521dd5e7cc8f8e4683b19eda4)

commit 82d70d8038aed96552a77fa583a82c08b0d12636
Author: Andreas Rheinhardt 
Date:   Wed May 27 19:09:14 2020 +0200

    avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
    
    The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
    is so big that it extends beyond the end of the input packet; it does so
    only implicitly by using the checked version of the bytestream2 API.
    But this has downsides compared to real checks: It can lead to huge
    allocations (up to 2GiB) even when the input packet is just a few bytes.
    And furthermore it leads to uninitialized data being output.
    So add a check to error out early if it happens.
    
    Also check directly whether there is enough data for the length field.
    
    Reviewed-by: Michael Niedermayer 
    Signed-off-by: Andreas Rheinhardt 
    (cherry picked from commit ea1b71e82f5a1752d59d3bfb9704092a79eba6b5)

commit cc948a1c8c86847cc4dac848b1aff2a68aef0843
Author: Michael Niedermayer 
Date:   Fri Nov 2 01:36:21 2018 +0100

    RELEASE_NOTES: Based on the version from 4.1
    
    Name suggested by Kieran O Leary and Reto Kromer
    
    Signed-off-by: Michael Niedermayer 

commit 5c1e458b3454f947c32b6ba35015d715f111e1a5
Author: Michael Niedermayer 
Date:   Sun Jun 14 19:45:05 2020 +0200

    avformat/mxfdec: free duplicated utf16 strings
    
    Fixes: memleak
    Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744
    
    Suggested-by: Marton Balint 
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 0aa2768cb275bda9e9e1331ed95adc7cd686eafe)
    Signed-off-by: Michael Niedermayer 

commit 8bdc64d45ff769e0a71c1c2f94e4160004090242
Author: Michael Niedermayer 
Date:   Sun Jun 14 19:51:23 2020 +0200

    avformat/4xm: Check that a video stream was created before returning packets for it
    
    Fixes: assertion failure
    Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit c517c3f4741b6897ea952d1fba199c93c5217cfe)
    Signed-off-by: Michael Niedermayer 

commit a3e0c9f8f086d37a646d7cc5a7aa8f23bd5b0024
Author: Michael Niedermayer 
Date:   Sat Jun 13 21:47:03 2020 +0200

    avcodec/ffwavesynth: Avoid undefined operation on ts overflow
    
    Alternatively these conditions could be treated as errors
    Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
    Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long')
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 584d334afd59714ed04637a9227a4f1368c26166)
    Signed-off-by: Michael Niedermayer 

commit 95b9ac040ef7ada89f6885c8e6c1a77c9018954e
Author: Michael Niedermayer 
Date:   Sat Jun 13 16:03:14 2020 +0200

    avcodec/mv30: check mode_size vs. input space
    
    Fixes: Timeout (longer than my patience vs 1sec)
    Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 75e2ac4f0752649a0b9486e6825ef68341ee974d)
    Signed-off-by: Michael Niedermayer 

commit f8239323498c1695ec83174bc72239717e1d0c9d
Author: Michael Niedermayer 
Date:   Thu Jun 11 22:22:57 2020 +0200

    avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
    
    Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int'
    Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit e361785ee05cc75d3caacf2f254160b0336f5358)
    Signed-off-by: Michael Niedermayer 

commit fa0a71ac41b0627de11d0a5faa05743d91c820c3
Author: Michael Niedermayer 
Date:   Thu Jun 11 22:45:27 2020 +0200

    avcodec/jpeg2000dec: Fix/check for multiple integer overflows
    
    Fixes: shift exponent 35 is too large for 32-bit type 'int'
    Fixes: 22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit c579ceffbe30d048c7448c5e9238fc52094de630)
    Signed-off-by: Michael Niedermayer 

commit e149b24c63859a40000d45aafb56abb70f334655
Author: Michael Niedermayer 
Date:   Sun Jun 7 19:24:10 2020 +0200

    avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
    
    Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int'
    Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit c0dfe134beefde4070d43910518b1f4a58f01794)
    Signed-off-by: Michael Niedermayer 

commit 2ce670fc489b319afb0d80d47e9875bf9a829d3a
Author: Michael Niedermayer 
Date:   Thu Feb 20 19:56:39 2020 +0100

    avcodec/sonic: Fix several integer overflows
    
    Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int'
    Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 75d520e33704447f1b29ac47fd9e40994a6bc659)
    Signed-off-by: Michael Niedermayer 

commit 6011484167bf4a0548dedd0da573c4933cd335be
Author: Michael Niedermayer 
Date:   Sat Jun 13 12:36:49 2020 +0200

    avformat/oggdec: Disable mid stream codec changes
    
    Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768
    Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Suggested-by: Lynne on IRC
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 70277f12328fb052c2c758fa7f4eb36b9ea89638)
    Signed-off-by: Michael Niedermayer 

commit c37218944327857e62e831840e1e8d50b481f230
Author: Michael Niedermayer 
Date:   Sat Jun 13 11:56:01 2020 +0200

    avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
    
    Fixes: out of array access
    Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit e53235f06c229a23d3241b47e32647019161fb7c)
    Signed-off-by: Michael Niedermayer 

commit 335ddf2fe9bd4f67358c7ccf13c415cd7df7d955
Author: Michael Niedermayer 
Date:   Sat Jun 13 11:21:52 2020 +0200

    avcodec/pixlet: Fix log(0) check
    
    Fixes: passing zero to clz(), which is not a valid argument
    Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit bd0f81526d3f4c23ecd0a399829103be2445c011)
    Signed-off-by: Michael Niedermayer 

commit 6514919306f2da851226c7cfa94f39424c55fdd9
Author: Michael Niedermayer 
Date:   Sat Jun 13 11:13:21 2020 +0200

    avformat/ape: Cleanup after ape_read_header() failure
    
    Fixes: memleaks
    Fixes: 23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 9b5fc789fb52af8769ec66e634ea362a67cb5d06)
    Signed-off-by: Michael Niedermayer 

commit 0e51c7b64a35478250c21efae14d68c50aea666c
Author: Michael Niedermayer 
Date:   Sat Jun 13 10:48:14 2020 +0200

    avcodec/iff: Fix off by x error
    
    Fixes: out of array access
    Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 51225dee0a6266780d26d43bd6802bbcf736327e)
    Signed-off-by: Michael Niedermayer 

commit 28460ece95feffa4531f79f3a23d701ee4b5ec0e
Author: Michael Niedermayer 
Date:   Tue Jun 9 22:11:23 2020 +0200

    avcodec/wmalosslessdec: Check block_align maximum
    
    Fixes: Assertion failure
    Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 314d10f7a60f1786c85da30a569be61e2b906fef)
    Signed-off-by: Michael Niedermayer 

commit 63d14168a50169aac480cb983ef7819317c2fb5c
Author: Michael Niedermayer 
Date:   Tue Jun 9 22:14:59 2020 +0200

    avcodec/loco: Fix signed integer overflow in loco_get_rice()
    
    Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
    Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit aa88cdfd90f5da0683cd6556c75a5ba5740a1c27)
    Signed-off-by: Michael Niedermayer 

commit 838e17ffec4b1cc930cd89228e88ee8db1b52dcb
Author: Michael Niedermayer 
Date:   Mon Jun 8 09:28:55 2020 +0200

    avformat/thp: Check fps
    
    Fixes: division by zero
    Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 0e15b01b4e463d12128db2c15de7741637548347)
    Signed-off-by: Michael Niedermayer 

commit d078f39a51520185bbb1e4683d709141562d9929
Author: Michael Niedermayer 
Date:   Mon Jun 8 09:47:41 2020 +0200

    avformat/mpl2dec: Fix integer overflow with duration
    
    Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
    Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 9a42a67c5ca198a3879b7f3663cc44ccbcaf0bd3)
    Signed-off-by: Michael Niedermayer 

commit e468d9248c3eec2f55cc452ae5d5931823f42cd2
Author: Michael Niedermayer 
Date:   Fri Apr 10 22:05:07 2020 +0200

    avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit()
    
    Fixes: Timeout (85sec -> 0.5sec)
    Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
    Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
    Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 49ba60fed04d7011c36bae378445ba93ccf983c2)
    Signed-off-by: Michael Niedermayer 

commit e625d40b93373e0bb8d52ba265774b4caefc8323
Author: Michael Niedermayer 
Date:   Sat Jun 6 19:42:07 2020 +0200

    avcodec/mpeg12dec: remove outdated comments
    
    Found-by: Kieran
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 48de8f5816aa54dc584aeb2dbbf63a0e880279e2)
    Signed-off-by: Michael Niedermayer 

commit bb788dec83231ce2f35bcc6b11c04a39d18c0c7a
Author: Michael Niedermayer 
Date:   Sat Jun 6 17:45:39 2020 +0200

    avcodec/snowdec: Avoid integer overflow with huge qlog
    
    Fixes: integer overflow
    Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit 38fbf33c7255b503453052c32ab5ae4fb151b29e)
    Signed-off-by: Michael Niedermayer 

commit 611fc7244a1a93b4d0fd652d13a09c52f2dc19f3
Author: Michael Niedermayer 
Date:   Fri Jun 5 18:22:51 2020 +0200

    avcodec/movtextdec: Fix shift overflows in mov_text_init()
    
    Fixes: left shift of 243 by 24 places cannot be represented in type 'int'
    Fixes: 22716/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5704263425851392
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit d7a2311a2c5be1e861c3df618d295e7eced8e84b)
    Signed-off-by: Michael Niedermayer 

commit 8dee726b1a5c82c5e6578a606b299c6fdc74c142
Author: Dale Curtis 
Date:   Thu May 14 14:38:07 2020 -0700

    avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
    
    Signed-off-by: Dale Curtis 
    Signed-off-by: Michael Niedermayer 
    (cherry picked from commit bf446711bc8b7f316771870b8d4dc4dd65f5d94b)
    Signed-off-by: Michael Niedermayer 

commit dba8e32e444e72c273bdc04a57dfb4c5a67388e7
Author: James Almer 
Date:   Thu Jun 11 13:06:17 2020 -0300

    avcodec/cbs_av1: abort when written inferred values don't match
    
    If this happens, it's a sign of parsing issues earlier in the process, or
    misuse by the calling module.
    
    Prevents writing invalid bitstreams.
    
    Reviewed-by: Michael Niedermayer 
    Signed-off-by: James Almer 
    (cherry picked from commit 318a1a383dc0312ad5b4afec0ddf0d8d231f5c79)