From bb146bb57bea6647f9c080aa4f9323a3a789ad22 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 23 Mar 2012 03:43:30 +0100
Subject: [PATCH 1/6] ogg: prevent NULL pointer deference in theora gptopts

Additional safety in case a special ogg stream is crafted
with the proper number of

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/oggparsetheora.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavformat/oggparsetheora.c b/libavformat/oggparsetheora.c
index df7a89c09d..632c4ef521 100644
--- a/libavformat/oggparsetheora.c
+++ b/libavformat/oggparsetheora.c
@@ -131,8 +131,13 @@ theora_gptopts(AVFormatContext *ctx, int idx, uint64_t gp, int64_t *dts)
     struct ogg *ogg = ctx->priv_data;
     struct ogg_stream *os = ogg->streams + idx;
     struct theora_params *thp = os->private;
-    uint64_t iframe = gp >> thp->gpshift;
-    uint64_t pframe = gp & thp->gpmask;
+    uint64_t iframe, pframe;
+
+    if (!thp)
+        return AV_NOPTS_VALUE;
+
+    iframe = gp >> thp->gpshift;
+    pframe = gp & thp->gpmask;
 
     if (thp->version < 0x030201)
         iframe++;

From 0336dea2ef7e7136273170efbe0e8cb5de6815c0 Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Thu, 20 Sep 2012 01:33:47 +0200
Subject: [PATCH 2/6] oggparsetheora: make it more robust

---
 libavformat/oggparsetheora.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/libavformat/oggparsetheora.c b/libavformat/oggparsetheora.c
index 632c4ef521..dfb73c9bd1 100644
--- a/libavformat/oggparsetheora.c
+++ b/libavformat/oggparsetheora.c
@@ -53,7 +53,8 @@ theora_header (AVFormatContext * s, int idx)
         os->private = thp;
     }
 
-    if (os->buf[os->pstart] == 0x80) {
+    switch (os->buf[os->pstart]) {
+    case 0x80: {
         GetBitContext gb;
         int width, height;
         AVRational timebase;
@@ -110,8 +111,16 @@ theora_header (AVFormatContext * s, int idx)
         st->codec->codec_id = AV_CODEC_ID_THEORA;
         st->need_parsing = AVSTREAM_PARSE_HEADERS;
 
-    } else if (os->buf[os->pstart] == 0x83) {
-        ff_vorbis_comment (s, &st->metadata, os->buf + os->pstart + 7, os->psize - 8);
+    }
+    break;
+    case 0x81:
+        ff_vorbis_comment(s, &st->metadata, os->buf + os->pstart + 7, os->psize - 8);
+    case 0x82:
+        if (!thp->version)
+            return -1;
+        break;
+    default:
+        return -1;
     }
 
     st->codec->extradata = av_realloc (st->codec->extradata,

From 2768b717987d4e19d2774890d7d84aef531b1d9f Mon Sep 17 00:00:00 2001
From: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Date: Mon, 24 Sep 2012 23:22:15 +0000
Subject: [PATCH 3/6] cbrt_tablegen: Include libm.h

Needed for cbrtf fallback on systems which lack it.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
---
 libavcodec/cbrt_tablegen.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/cbrt_tablegen.c b/libavcodec/cbrt_tablegen.c
index e92c0f1db1..44c2695560 100644
--- a/libavcodec/cbrt_tablegen.c
+++ b/libavcodec/cbrt_tablegen.c
@@ -21,6 +21,7 @@
  */
 
 #include <stdlib.h>
+#include "libavutil/libm.h"
 #define CONFIG_HARDCODED_TABLES 0
 #include "cbrt_tablegen.h"
 #include "tableprint.h"

From 94a69dee64553374d5ce6a5ff3b0928fada52fd0 Mon Sep 17 00:00:00 2001
From: Nathan Caldwell <saintdev@gmail.com>
Date: Mon, 24 Sep 2012 17:02:44 -0600
Subject: [PATCH 4/6] libfdk-aac: Limit to supported sample rates.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavcodec/libfdk-aacenc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/libfdk-aacenc.c b/libavcodec/libfdk-aacenc.c
index c9ecc4c1c6..b046c7fb78 100644
--- a/libavcodec/libfdk-aacenc.c
+++ b/libavcodec/libfdk-aacenc.c
@@ -393,6 +393,11 @@ static const uint64_t aac_channel_layout[] = {
     0,
 };
 
+static const int aac_sample_rates[] = {
+    96000, 88200, 64000, 48000, 44100, 32000,
+    24000, 22050, 16000, 12000, 11025, 8000, 0
+};
+
 AVCodec ff_libfdk_aac_encoder = {
     .name            = "libfdk_aac",
     .type            = AVMEDIA_TYPE_AUDIO,
@@ -408,5 +413,6 @@ AVCodec ff_libfdk_aac_encoder = {
     .priv_class      = &aac_enc_class,
     .defaults        = aac_encode_defaults,
     .profiles        = profiles,
+    .supported_samplerates = aac_sample_rates,
     .channel_layouts = aac_channel_layout,
 };

From c8ba8be27e3230c674f2b5a772cfa1da6d7172ab Mon Sep 17 00:00:00 2001
From: Nathan Caldwell <saintdev@gmail.com>
Date: Mon, 24 Sep 2012 17:03:22 -0600
Subject: [PATCH 5/6] libfdk-aac: reindent after last commit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Martin Storsjö <martin@martin.st>
---
 libavcodec/libfdk-aacenc.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/libavcodec/libfdk-aacenc.c b/libavcodec/libfdk-aacenc.c
index b046c7fb78..289c7aca9e 100644
--- a/libavcodec/libfdk-aacenc.c
+++ b/libavcodec/libfdk-aacenc.c
@@ -399,20 +399,20 @@ static const int aac_sample_rates[] = {
 };
 
 AVCodec ff_libfdk_aac_encoder = {
-    .name            = "libfdk_aac",
-    .type            = AVMEDIA_TYPE_AUDIO,
-    .id              = AV_CODEC_ID_AAC,
-    .priv_data_size  = sizeof(AACContext),
-    .init            = aac_encode_init,
-    .encode2         = aac_encode_frame,
-    .close           = aac_encode_close,
-    .capabilities    = CODEC_CAP_SMALL_LAST_FRAME | CODEC_CAP_DELAY,
-    .sample_fmts     = (const enum AVSampleFormat[]){ AV_SAMPLE_FMT_S16,
-                                                      AV_SAMPLE_FMT_NONE },
-    .long_name       = NULL_IF_CONFIG_SMALL("Fraunhofer FDK AAC"),
-    .priv_class      = &aac_enc_class,
-    .defaults        = aac_encode_defaults,
-    .profiles        = profiles,
+    .name                  = "libfdk_aac",
+    .type                  = AVMEDIA_TYPE_AUDIO,
+    .id                    = AV_CODEC_ID_AAC,
+    .priv_data_size        = sizeof(AACContext),
+    .init                  = aac_encode_init,
+    .encode2               = aac_encode_frame,
+    .close                 = aac_encode_close,
+    .capabilities          = CODEC_CAP_SMALL_LAST_FRAME | CODEC_CAP_DELAY,
+    .sample_fmts           = (const enum AVSampleFormat[]){ AV_SAMPLE_FMT_S16,
+                                                            AV_SAMPLE_FMT_NONE },
+    .long_name             = NULL_IF_CONFIG_SMALL("Fraunhofer FDK AAC"),
+    .priv_class            = &aac_enc_class,
+    .defaults              = aac_encode_defaults,
+    .profiles              = profiles,
     .supported_samplerates = aac_sample_rates,
-    .channel_layouts = aac_channel_layout,
+    .channel_layouts       = aac_channel_layout,
 };

From 7a1a9dd56cb4cafad054bf6d65b21bb24d31c544 Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Tue, 25 Sep 2012 08:08:28 +0200
Subject: [PATCH 6/6] pthread: make sure AVFrame.extended_data is set properly.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
---
 libavcodec/pthread.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/pthread.c b/libavcodec/pthread.c
index e0489acffb..0496257fde 100644
--- a/libavcodec/pthread.c
+++ b/libavcodec/pthread.c
@@ -377,6 +377,10 @@ static attribute_align_arg void *frame_worker_thread(void *arg)
         p->got_frame = 0;
         p->result = codec->decode(avctx, &p->frame, &p->got_frame, &p->avpkt);
 
+        /* many decoders assign whole AVFrames, thus overwriting extended_data;
+         * make sure it's set correctly */
+        p->frame.extended_data = p->frame.data;
+
         if (p->state == STATE_SETTING_UP) ff_thread_finish_setup(avctx);
 
         p->state = STATE_INPUT_READY;