@@ -1,6 +1,328 @@

 Entries are sorted chronologically from oldest to youngest within each release,

 releases are sorted from youngest to oldest.

+version 4.0.5:

+ avcodec/wmaprodec: get frame during frame decode

+ avcodec/interplayacm: Fix overflow of last unused value

+ avcodec/adpcm: Fix undefined behavior with negative predictions in IMA OKI

+ avcodec/cook: Move up and extend block_align check

+ avcodec/sbcdec: Fix integer overflows in sbc_synthesize_four()

+ avcodec/twinvq: Check block_align

+ avcodec/cook: Enlarge gain table

+ avcodec/cook: Check samples_per_channel earlier

+ avcodec/atrac3plus: Check split point in fill mode 3

+ avcodec/wmavoice: Check sample_rate

+ avcodec/xsubdec: fix overflow in alpha handling

+ avcodec/iff: Check available space before entering loop in decode_long_vertical_delta2() / decode_long_vertical_delta()

+ avcodec/apedec: Fix integer overflow in filter_3800()

+ avutil/lfg: Document the AVLFG struct

+ avcodec/ffv1dec: Use a different error message for the slice level CRC

+ avcodec/apedec: Fix undefined integer overflow in long_filter_ehigh_3830()

+ avcodec/dstdec: Check that AC probabilities are within range

+ avcodec/dstdec: Check read_table() for failure

+ avcodec/snowenc: Set mb_num to avoid ratecontrol floating point divisions by 0.0

+ avcodec/snowenc: Fix 2 undefined shifts

+ avformat/nutenc: Do not pass NULL to memcmp() in get_needed_flags()

+ avcodec/aptx: Check the number of channels

+ avcodec/aacdec_template: Check samplerate

+ avcodec/truemotion2: Fix several integer overflows in tm2_low_res_block()

+ avcodec/utils: Check block_align

+ avcodec/wmalosslessdec: Fix some integer anomalies

+ avcodec/adpcm: Fix invalid shifts in ADPCM DTK

+ avcodec/apedec: Only clear the needed buffer space, instead of all

+ avcodec/libvorbisdec: Fix insufficient input checks leading to out of array reads

+ avcodec/g723_1dec: fix invalid shift with negative sid_gain

+ avcodec/vp5: Check render_x/y

+ avcodec/qdrw: Check input for header/skiped space before get_buffer()

+ avcodec/ralf: Skip initializing unused filter variables

+ avcodec/takdec: Fix overflow with large sample rates

+ avcodec/alsdec: Check that input space for header exists in read_diff_float_data()

+ avformat/pjsdec: Check duration for overflow

+ avcodec/ptx: Check that the input contains at least one line

+ avcodec/alac: Fix integer overflow in LPC

+ avcodec/smacker: Fix integer overflows in pred[] in smka_decode_frame()

+ avcodec/aliaspixdec: Check input size against minimal picture size

+ avcodec/ffwavesynth: Fix integer overflows in pink noise addition

+ avcodec/vc1_block: Fixes integer overflow in vc1_decode_i_block_adv()

+ avcodec/wmalosslessdec: Check block_align

+ avcodec/g729postfilter: Fix left shift of negative value

+ avcodec/binkaudio: Check sample rate

+ avcodec/sbcdec: Fix integer overflows in sbc_synthesize_eight()

+ avcodec/adpcm: Check initial predictor for ADPCM_IMA_EA_EACS

+ avcodec/g723_1dec: Fix overflow in shift

+ avcodec/apedec: Fix integer overflow in predictor_update_3930()

+ avcodec/g729postfilter: Fix undefined intermediate pointers

+ avcodec/g729postfilter: Fix undefined shifts

+ avcodec/lsp: Fix undefined shifts in lsp2poly()

+ avcodec/adpcm: Fix left shifts in AV_CODEC_ID_ADPCM_EA

+ avformat/shortendec: Check k in probe

+ avfilter/vf_geq: Use av_clipd() instead of av_clipf()

+ avcodec/wmaprodec: Check that the streams channels do not exceed the overall channels

+ avcodec/qdmc: Check input space in qdmc_get_vlc()

+ avcodec/pcm: Check bits_per_coded_sample

+ avcodec/exr: Allow duplicate use of channel indexes

+ avcodec/fitsdec: Fail on 0 naxisn

+ avcodec/dxv: Subtract 12 earlier in dxv_decompress_cocg()

+ libavcodec/dxv: Remove redundant seek

+ avcodec/ituh263dec: Check input for minimal frame size

+ avcodec/truemotion1: Check that the input has enough space for a minimal index_stream

+ avformat/mpsubdec: Clear queue on error

+ avcodec/sunrast: Check that the input is large enough for the maximally compressed image

+ avcodec/sunrast: Check for availability of maplength before allocating image

+ avformat/subtitles: Check nb_subs in ff_subtitles_queue_finalize()

+ avcodec/wmaprodec: Check if there is a stream

+ avcodec/g2meet: Check for end of input in jpg_decode_block()

+ avcodec/g2meet: Check if adjusted pixel was on the stack

+ avformat/electronicarts: If no packet has been read at the end do not treat it as if theres a packet

+ avcodec/dxv: Check op_offset in dxv_decompress_yo()

+ avcodec/utils: Check sample_rate before opening the decoder

+ avcodec/aptx: Fix multiple shift anomalies

+ avcodec/fitsdec: fix use of uninitialised values

+ avcodec/motionpixels: Mark 2 functions as always_inline

+ avcodec/ituh263dec: Make the condition for the studio slice start code match between ff_h263_resync() and ff_mpeg4_decode_studio_slice_header()

+ avcodec/ralf: Fix integer overflow in decode_channel()

+ vcodec/vc1: compute rangex/y only for P/B frames

+ avcodec/vc1_pred: Fix invalid shifts in scaleforopp()

+ avcodec/vc1_block: Fix invalid shift with rangeredfrm

+ avcodec/vc1: Check for excessive resolution

+ avcodec/vc1: check REFDIST

+ avcodec/apedec: Fix several integer overflows in predictor_update_filter() and do_apply_filter()

+ avcodec/hevc_cabac: Tighten the limit on k in ff_hevc_cu_qp_delta_abs()

+ avcodec/4xm: Check index in decode_i_block() also in the path where its not used.

+ avcodec/atrac3: Check block_align

+ avcodec/alsdec: Avoid dereferencing context pointer in inner interleave loop

+ avcodec/fitsdec: Prevent division by 0 with huge data_max

+ avcodec/dstdec: Fix integer overflow in samples_per_frame computation

+ avcodec/g729_parser: Check block_size

+ avcodec/sbcdec: Initialize number of channels

+ avcodec/utils: Optimize ff_color_frame() using memcpy()

+ avcodec/aacdec: Check if we run out of input in read_stream_mux_config()

+ avcodec/utils: Use av_memcpy_backptr() in ff_color_frame()

+ avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL

+ avcodec/alac: Fix invalid shifts in 20/24 bps

+ avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction()

+ avcodec/ffwavesynth: Fix integer overflow in timestamps

+ avcodec/dxv: Check op_offset in both directions

+ avcodec/adpcm: Check number of channels for MTAF

+ avcodec/sunrast: Fix indention

+ avcodec/sunrast: Fix return type for "unsupported (compression) type"

+ avformat/mov: Check for EOF in mov_read_meta()

+ avcodec/hevcdec: Fix memleak of a53_caption

+ avformat/cdxl: Fix integer overflow in intermediate

+ avcodec/hevcdec: repeat character in skiped

+ avcodec/gdv: Replace assert() checking bitstream by if()

+ libavcodec/utils: Free threads on init failure

+ avcodec/htmlsubtitles: Avoid locale dependant isdigit()

+ avcodec/alsdec: Check k from being outside what our implementation can handle

+ avcodec/takdec: Fix integer overflow in decorrelate()

+ avcodec/aacps: Fix integer overflows in hybrid_synthesis()

+ avcodec/mpeg4videodec: Fix integer overflow in mpeg4_decode_studio_block()

+ avcodec/vp56rac: delay signaling an error on truncated input

+ avcodec/vp5/6/8: use vpX_rac_is_end()

+ avcodec/vp56: Add vpX_rac_is_end() to check for the end of input

+ avcodec/qdm2: Check frame size

+ avcodec/vc1_pred: Fix refdist in scaleforopp()

+ avcodec/vorbisdec: fix FASTDIV usage for vr_type == 2

+ avcodec/iff: Check for overlap in cmap_read_palette()

+ avcodec/apedec: Fix 32bit int overflow in do_apply_filter()

+ avcodec/ralf: fix undefined shift in extend_code()

+ avcodec/ralf: fix undefined shift

+ avcodec/bgmc: Check input space in ff_bgmc_decode_init()

+ avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()

+ avcodec/vc1dec: Require res_sprite for wmv3images

+ avcodec/vc1_block: Check for double escapes

+ avcodec/vorbisdec: Check get_vlc2() failure

+ avcodec/tta: Fix integer overflow in prediction

+ avcodec/vb: Check input packet size to be large enough to contain flags

+ avcodec/cavsdec: Limit the number of access units per packet to 2

+ avcodec/alac: Check for bps of 0

+ avcodec/alac: Fix multiple integer overflows in lpc_prediction()

+ avcodec/rl2: set dimensions

+ avcodec/aacdec: Add FF_CODEC_CAP_INIT_CLEANUP

+ avcodec/idcinvideo: Add 320x240 default maximum resolution

+ avformat/realtextdec: free queue on error

+ avcodec/alsdec: Fix integer overflow in decode_var_block_data()

+ avcodec/alsdec: Limit maximum channels to 512

+ avcodec/anm: Check input size for a frame with just a stop code

+ avcodec/flicvideo: Optimize and Simplify FLI_COPY in flic_decode_frame_24BPP() by using bytestream2_get_buffer()

+ avcodec/loco: Check left column value

+ avcodec/ffwavesynth: Fixes invalid shift with pink noise seeking

+ avcodec/ffwavesynth: Fix integer overflow for some corner case values

+ avcodec/indeo2: Check remaining input more often

+ avcodec/diracdec: Check that slices are fewer than pixels

+ avcodec/vp56: Consider the alpha start as end of the prior header

+ avcodec/4xm: Check for end of input in decode_p_block()

+ avcodec/hevcdec: Check delta_luma_weight_l0/1

+ avcodec/hnm4video: Optimize postprocess_current_frame()

+ avcodec/hevc_refs: Optimize 16bit generate_missing_ref()

+ avcodec/scpr: Use av_memcpy_backptr() in type 17 and 33

+ avcodec/dds: Use ff_set_dimensions()

+ avcodec/mpc8: Fix 32bit mask/enum

+ avcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()

+ avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()

+ avcodec/alsdec: fix mantisse shift

+ avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()

+ libavcodec/iff: Use unsigned to avoid undefined behaviour

+ avcodec/alsdec: Check for block_length <= 0 in read_var_block_data()

+ avcodec/vqavideo: Set video size

+ avcodec/sanm: Check extradata_size before allocations

+ avcodec/mss1: check for overread and forward errors

+ avcodec/dirac_parser: Fix overflow in dts

+ avcodec/ralf: Fix undefined pointer in decode_channel()

+ avcodec/ralf: Fix integer overflow in apply_lpc()

+ avcodec/vorbisdec: Implement vr->classifications = 1

+ avcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide

+ avformat/realtextdec: Check for duplicate extradata in realtext_read_header()

+ avcodec/apedec: Fix 2 signed overflows

+ avcodec/mss3: Check for the rac stream being invalid in rac_normalize()

+ avcodec/vc1_block: Check get_vlc2() return before use

+ avcodec/apedec: Do not partially clear data array

+ avcodec/hnm4video: Forward errors of decode_interframe_v4()

+ avcodec/clearvideo: fix invalid shift in tile size check

+ avcodec/vp3: Check that theora is theora

+ avcodec/vc1_pred: Fix invalid shift in scaleforsame()

+ avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()

+ avcodec/truemotion2: Fix several integer overflows in tm2_motion_block()

+ avcodec/apedec: make left/right unsigned to avoid undefined behavior

+ avcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800()

+ avformat/mpc: deallocate frames array on errors

+ avcodec/eatqi: Check for minimum frame size

+ avcodec/eatgv: Check remaining size after the keyframe header

+ avcodec/assdec: undefined use of memcpy()

+ avcodec/brenderpix: Check input size before allocating image

+ lafv/wavdec: Fail bext parsing on incomplete reads

+ avcodec/utils: fix leak of subtitle_header on error path

+ avcodec/utils: Check close before calling it

+ avcodec/vorbisdec: Check vlc for floor0 dec vector offset

+ avcodec/vorbisdec: amplitude bits can be more than 25 bits

+ avutil/softfloat_ieee754: Fix odd bit position for exponent and sign in av_bits2sf_ieee754()

+ avcodec/apedec: Fix various integer overflows

+ avcodec/apedec: Fix multiple integer overflows in predictor_update_filter()

+ avcodec/alsdec: fix undefined shift in multiply()

+ avcodec/alsdec: Fix 2 integer overflows

+ avcodec/flicvideo: Make line_packets int

+ avcodec/dvbsubdec: Use ff_set_dimensions()

+ avcodec/ffwavesynth: Check if there is enough extradata before allocation

+ avcodec/ffwavesynth: More correct cast in wavesynth_seek()

+ avcodec/ffwavesynth: Check sample rate before use

+ avcodec/dnxhd_parser: Fix parser when input does not have nicely sized packets

+ avcodec/dnxhd_parser: remove unneeded code

+ avformat/utils: Check rfps_duration_sum for overflow

+ avcodec/h264_refs: Also check reference in ff_h264_build_ref_list()

+ avcodec/parser: Check next index validity in ff_combine_frame()

+ avcodec/ivi: Ask for samples with odd tiles

+ avformat/xmv: Make bitrate 64bit

+ avcodec/pngdec: Check that previous_picture has same w/h/format

+ avcodec/huffyuv: remove gray8a (the format is listed but not supported by the implementation)

+ avcodec/mpc8: Fixes invalid shift in mpc8_decode_frame()

+ avcodec/utils, avcodec_open2: close codec on failure

+ avcodec/golomb: Correct the doxy about get_ue_golomb() and errors

+ avformat/utils: Check timebase before use in estimate_timings()

+ avcodec/hq_hqa: Use ff_set_dimensions()

+ avcodec/rv10: Fix integer overflow in aspect ratio compare

+ avcodec/4xm: Fix signed integer overflows in idct()

+ avcodec/qdm2: Check checksum_size for 0

+ avcodec/qdm2: error out of qdm2_fft_decode_tones() before entering endless loop

+ avcodec/qdm2: Do not read out of array in fix_coding_method_array()

+ avcodec/svq3: Use ff_set_dimension()

+ avcodec/iff: Check ham vs bpp

+ avcodec/ffwavesynth: use uint32_t to compute difference, it is enough

+ avcodec/ffwavesynth: Simplify lcg_seek(), avoid negative case

+ avcodec/ffwavesynth: Fix backward lcg_seek()

+ avcodec/flicvideo: Fix off by 1 error in flic_decode_frame_24BPP()

+ avcodec/vc1_block: Check for vlc error in vc1_decode_ac_coeff()

+ avcodec/alac: Check lpc_quant

+ avcodec/dxv: Initialize tex_funct to NULL

+ avcodec/alsdec: Add FF_CODEC_CAP_INIT_CLEANUP

+ avcodec/alsdec: Fix integer overflow with buffer number

+ avcodec/alsdec: Fixes signed integer overflow in LSB addition

+ avcodec/alsdec: Check opt_order / sb_length in ra_block handling

+ avcodec/alsdec: Fix integer overflow with shifting samples

+ avcodec/alsdec: Fix undefined behavior in decode_rice()

+ avcodec/alsdec: Fixes invalid shifts in read_var_block_data() and INTERLEAVE_OUTPUT()

+ avcodec/hevc_ps: Change num_tile_rows/columns checks to sps->ctb_height/weight

+ avcodec/hevc_ps: Fix integer overflow with num_tile_rows and num_tile_columns

+ avcodec/apedec: Add k < 24 check to the only k++ case which lacks such a check

+ avformat/aviobuf: Delay buffer downsizing until asserts are met

+ avcodec/fitsdec: Check data_min/max

+ avcodec/m101: Fix off be 2 error

+ avcodec/qdm2: Move fft_order check up

+ avcodec/libvorbisdec: Check extradata size

+ avformat/vqf: Check header_size

+ avcodec/utils: Check bits_per_coded_sample

+ avcodec/videodsp_template: Fix overflow of addition

+ avcodec/alsdec: Fix invalid shift in multiply()

+ avcodec/ffwavesynth: Check ts_end - ts_start for overflow

+ avcodec/vc1dsp: Avoid undefined shifts in vc1_v_s_overlap_c / vc1_h_s_overlap_c

+ avcodec/tta: Fix undefined shift

+ avcodec/qdmc: Fix integer overflows in PRNG

+ avcodec/bintext: Check font height

+ avcodec/binkdsp: Fix integer overflows in idct

+ avcodec/bink: Fix integer overflow in unquantize_dct_coeffs()

+ avcodec/motionpixels: Check for vlc error in mp_get_vlc()

+ avcodec/loco: Limit lossy parameter so it is sane and does not overflow

+ avformat/mov: Set fragment.found_tfhd only after TFHD has been parsed

+ avcodec/xpmdec: Do not use context dimensions as temporary variables

+ avcodec/fitsdec: Fix division by 0 in size check

+ avcodec/aacpsdsp_template: Fix integer overflow in ps_hybrid_analysis_c()

+ avcodec/truemotion2: Fix integer overflow in last loop in tm2_update_block()

+ avcodec/iff: finetune the palette size check in the mask case

+ avcodec/iff: Fix mask_buf / mask_palbuf leak

+ avformat/icodec: Free ico->images on error paths

+ avformat/wsddec: Fix undefined shift

+ avcodec/fmvc: Check if header fields are available before allocating the image

+ avcodec/bink: Reorder operations in init to avoid memleak on error

+ avformat/wtvdec: Avoid (32bit signed) sectors

+ avcodec/bitstream: Check for more conflicting codes in build_table()

+ avcodec/bitstream: Check for integer code truncation in build_table()

+ avformat/sbgdec: Fixes integer overflow in str_to_time() with hours

+ avformat/vpk: Check offset for validity

+ avformat/vpk: Fix integer overflow in samples_per_block computation

+ avcodec/mjpegdec: Check for non ls PAL8

+ avcodec/interplayvideo: check decoding_map_size with video_data_size

+ avcodec/h264_parse: Use 64bit for expectedpoc and expected_delta_per_poc_cycle

+ avcodec/mss4: Check input size against skip bits

+ avcodec/dxv: Check op_offset in dxv_decompress_cocg()

+ avcodec/diracdec: Fix integer overflow in global_mv()

+ avcodec/vmnc: Check available space against chunks before reget_buffer()

+ avcodec/aacdec_template: skip apply_tns() if max_sfb is 0 (from previous header decode failure)

+ avcodec/aacdec_fixed: Handle more extreem cases in noise_scale()

+ avcodec/aacdec_template: Merge 3 #ifs related to noise handling

+ avcodec/aacdec_fixed: ssign seems always -1 in noise_scale(), simplify

+ avformat/mp3enc: Avoid SEEK_END as it is unsupported

+ avcodec/truemotion2: Fix several integer overflows in tm2_update_block()

+ avformat/webm_chunk: Specify expected argument length of get_chunk_filename()

+ avformat/webm_chunk: Check header filename length

+ avcodec/cpia: Check input size also against linesizes and EOL

+ swscale/tests/swscale: Lengthen pixfmt name buffer to 21 bytes

+ libswcale: Fix possible string overflow in test.

+ avcodec/hq_hqa: Check available space before reading slice offsets

+ lavf/webm_chunk: Respect buffer size

+ avcodec/fits: Check bitpix

+ avcodec/jvdec: Use ff_get_buffer() when the content is not reused

+ avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block()

+ avcodec/gdv: Check input palette size before rescale()

+ avcodec/jpeg2000: Check stepsize before using it

+ avcodec/aacdec_fixed: Fix undefined shift in noise_scale()

+ avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()

+ avformat/mov: Skip stsd adjustment without chunks

+ avformat/aadec: Check for scanf() failure

+ avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside

+ avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()

+ avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation

+ avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks()

+ avcodec/rscc: Check that the to be uncompressed input is large enough

+ avcodec/nvenc: add driver version info for latest SDKs

+ avcodec/bsf: check that AVBSFInternal was allocated before dereferencing it

+ lavf/rawenc: Only accept the appropriate stream type for raw muxers.

+ avcodec/h263dec: fix hwaccel decoding

+ avutil/mem: Fix invalid use of av_alloc_size

+ avformat/aacdec: resync to the next adts frame on invalid data instead of aborting

+ avformat/aacdec: factorize the adts frame resync code

+ movsub_bsf: Fix mov2textsub regression

+ avformat/aacdec: fix demuxing of small frames

+ avcodec/cuviddec: improve progressive frame detection

+

 version 4.0.4:

 - avcodec/hevcdec: Avoid only partly skiping duplicate first slices

 - lavc/bmp: Avoid a heap buffer overwrite for 1bpp input.

@@ -1 +1 @@

-4.0.4

+4.0.5

@@ -38,7 +38,7 @@ PROJECT_NAME           = FFmpeg

 # could be handy for archiving the generated documentation or if some version

 # control system is used.

-PROJECT_NUMBER         = 4.0.4

+PROJECT_NUMBER         = 4.0.5

 # Using the PROJECT_BRIEF tag one can provide an optional one line description

 # for a project that appears at the top of each page and should give viewer a