@@ -505,7 +505,7 @@ static int alloc_buffer(AVCodecContext *s, InputStream *ist, FrameBuffer **pbuf)

         const int v_shift = i==0 ? 0 : v_chroma_shift;

         if (s->flags & CODEC_FLAG_EMU_EDGE)

             buf->data[i] = buf->base[i];

-        else

+        else if (buf->base[i])

             buf->data[i] = buf->base[i] +

                            FFALIGN((buf->linesize[i]*edge >> v_shift) +

                                    (pixel_size*edge >> h_shift), 32);

@@ -651,6 +651,11 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)

         for (k = 1; k < sub_blocks; k++)

             s[k] = s[k - 1] + decode_rice(gb, 0);

     }

+    for (k = 1; k < sub_blocks; k++)

+        if (s[k] > 32) {

+            av_log(avctx, AV_LOG_ERROR, "k invalid for rice code.\n");

+            return AVERROR_INVALIDDATA;

+        }

     if (get_bits1(gb))

         *bd->shift_lsbs = get_bits(gb, 4) + 1;

@@ -700,6 +705,10 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)

                     int rice_param = parcor_rice_table[sconf->coef_table][k][1];

                     int offset     = parcor_rice_table[sconf->coef_table][k][0];

                     quant_cof[k] = decode_rice(gb, rice_param) + offset;

+                    if (quant_cof[k] < -64 || quant_cof[k] > 63) {

+                        av_log(avctx, AV_LOG_ERROR, "quant_cof %d is out of range\n", quant_cof[k]);

+                        return AVERROR_INVALIDDATA;

+                    }

                 }

                 // read coefficients 20 to 126

@@ -732,7 +741,7 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)

             bd->ltp_gain[0]   = decode_rice(gb, 1) << 3;

             bd->ltp_gain[1]   = decode_rice(gb, 2) << 3;

-            r                 = get_unary(gb, 0, 4);

+            r                 = get_unary(gb, 0, 3);

             c                 = get_bits(gb, 2);

             bd->ltp_gain[2]   = ltp_gain_values[r][c];

@@ -761,7 +770,6 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)

         int          delta[8];

         unsigned int k    [8];

         unsigned int b = av_clip((av_ceil_log2(bd->block_length) - 3) >> 1, 0, 5);

-        unsigned int i = start;

         // read most significant bits

         unsigned int high;

@@ -772,29 +780,30 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)

         current_res = bd->raw_samples + start;

-        for (sb = 0; sb < sub_blocks; sb++, i = 0) {

+        for (sb = 0; sb < sub_blocks; sb++) {

+            unsigned int sb_len  = sb_length - (sb ? 0 : start);

+

             k    [sb] = s[sb] > b ? s[sb] - b : 0;

             delta[sb] = 5 - s[sb] + k[sb];

-            ff_bgmc_decode(gb, sb_length, current_res,

+            ff_bgmc_decode(gb, sb_len, current_res,

                         delta[sb], sx[sb], &high, &low, &value, ctx->bgmc_lut, ctx->bgmc_lut_status);

-            current_res += sb_length;

+            current_res += sb_len;

         }

         ff_bgmc_decode_end(gb);

         // read least significant bits and tails

-        i = start;

         current_res = bd->raw_samples + start;

-        for (sb = 0; sb < sub_blocks; sb++, i = 0) {

+        for (sb = 0; sb < sub_blocks; sb++, start = 0) {

             unsigned int cur_tail_code = tail_code[sx[sb]][delta[sb]];

             unsigned int cur_k         = k[sb];

             unsigned int cur_s         = s[sb];

-            for (; i < sb_length; i++) {

+            for (; start < sb_length; start++) {

                 int32_t res = *current_res;

                 if (res == cur_tail_code) {

@@ -2506,8 +2506,8 @@ static int field_end(H264Context *h, int in_setup){

     s->mb_y= 0;

     if (!in_setup && !s->dropable)

-        ff_thread_report_progress((AVFrame*)s->current_picture_ptr, (16*s->mb_height >> FIELD_PICTURE) - 1,

-                                 s->picture_structure==PICT_BOTTOM_FIELD);

+        ff_thread_report_progress(&s->current_picture_ptr->f, INT_MAX,

+                                  s->picture_structure == PICT_BOTTOM_FIELD);

     if (CONFIG_H264_VDPAU_DECODER && s->avctx->codec->capabilities&CODEC_CAP_HWACCEL_VDPAU)

         ff_vdpau_h264_set_reference_frames(s);

@@ -2624,9 +2624,7 @@ static int decode_slice_header(H264Context *h, H264Context *h0){

     int num_ref_idx_active_override_flag;

     unsigned int slice_type, tmp, i, j;

     int default_ref_list_done = 0;

-    int last_pic_structure;

-

-    s->dropable= h->nal_ref_idc == 0;

+    int last_pic_structure, last_pic_dropable;

     /* FIXME: 2tap qpel isn't implemented for high bit depth. */

     if((s->avctx->flags2 & CODEC_FLAG2_FAST) && !h->nal_ref_idc && !h->pixel_shift){

@@ -2645,8 +2643,14 @@ static int decode_slice_header(H264Context *h, H264Context *h0){

         }

         h0->current_slice = 0;

-        if (!s0->first_field)

-            s->current_picture_ptr= NULL;

+        if (!s0->first_field) {

+            if (s->current_picture_ptr && !s->dropable &&

+                s->current_picture_ptr->owner2 == s) {

+                ff_thread_report_progress(&s->current_picture_ptr->f, INT_MAX,

+                                          s->picture_structure == PICT_BOTTOM_FIELD);

+            }

+            s->current_picture_ptr = NULL;

+        }

     }

     slice_type= get_ue_golomb_31(&s->gb);

@@ -2864,6 +2868,8 @@ static int decode_slice_header(H264Context *h, H264Context *h0){

     h->mb_mbaff = 0;

     h->mb_aff_frame = 0;

     last_pic_structure = s0->picture_structure;

+    last_pic_dropable  = s->dropable;

+    s->dropable        = h->nal_ref_idc == 0;

     if(h->sps.frame_mbs_only_flag){

         s->picture_structure= PICT_FRAME;

     }else{

@@ -2880,10 +2886,22 @@ static int decode_slice_header(H264Context *h, H264Context *h0){

     }

     h->mb_field_decoding_flag= s->picture_structure != PICT_FRAME;

-    if(h0->current_slice == 0){

-        // Shorten frame num gaps so we don't have to allocate reference frames just to throw them away

-        if(h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0) {

-            int unwrap_prev_frame_num = h->prev_frame_num, max_frame_num = 1<<h->sps.log2_max_frame_num;

+    if (h0->current_slice != 0) {

+        if (last_pic_structure != s->picture_structure ||

+            last_pic_dropable  != s->dropable) {

+            av_log(h->s.avctx, AV_LOG_ERROR,

+                   "Changing field mode (%d -> %d) between slices is not allowed\n",

+                   last_pic_structure, s->picture_structure);

+            s->picture_structure = last_pic_structure;

+            s->dropable          = last_pic_dropable;

+            return AVERROR_INVALIDDATA;

+        }

+    } else {

+        /* Shorten frame num gaps so we don't have to allocate reference

+         * frames just to throw them away */

+        if (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0) {

+            int unwrap_prev_frame_num = h->prev_frame_num;

+            int max_frame_num         = 1 << h->sps.log2_max_frame_num;

             if (unwrap_prev_frame_num > h->frame_num) unwrap_prev_frame_num -= max_frame_num;

@@ -2896,8 +2914,74 @@ static int decode_slice_header(H264Context *h, H264Context *h0){

             }

         }

-        while(h->frame_num !=  h->prev_frame_num && h->prev_frame_num >= 0 &&

-              h->frame_num != (h->prev_frame_num+1)%(1<<h->sps.log2_max_frame_num)){

+        /* See if we have a decoded first field looking for a pair...

+         * Here, we're using that to see if we should mark previously

+         * decode frames as "finished".

+         * We have to do that before the "dummy" in-between frame allocation,

+         * since that can modify s->current_picture_ptr. */

+        if (s0->first_field) {

+            assert(s0->current_picture_ptr);

+            assert(s0->current_picture_ptr->f.data[0]);

+            assert(s0->current_picture_ptr->f.reference != DELAYED_PIC_REF);

+

+            /* Mark old field/frame as completed */

+            if (!last_pic_dropable && s0->current_picture_ptr->owner2 == s0) {

+                ff_thread_report_progress(&s0->current_picture_ptr->f, INT_MAX,

+                                          last_pic_structure == PICT_BOTTOM_FIELD);

+            }

+

+            /* figure out if we have a complementary field pair */

+            if (!FIELD_PICTURE || s->picture_structure == last_pic_structure) {

+                /* Previous field is unmatched. Don't display it, but let it

+                 * remain for reference if marked as such. */

+                if (!last_pic_dropable && last_pic_structure != PICT_FRAME) {

+                    ff_thread_report_progress(&s0->current_picture_ptr->f, INT_MAX,

+                                              last_pic_structure == PICT_TOP_FIELD);

+                }

+            } else {

+                if (s0->current_picture_ptr->frame_num != h->frame_num) {

+                    /* This and previous field were reference, but had

+                     * different frame_nums. Consider this field first in

+                     * pair. Throw away previous field except for reference

+                     * purposes. */

+                    if (!last_pic_dropable && last_pic_structure != PICT_FRAME) {

+                        ff_thread_report_progress(&s0->current_picture_ptr->f, INT_MAX,

+                                                  last_pic_structure == PICT_TOP_FIELD);

+                    }

+                } else {

+                    /* Second field in complementary pair */

+                    if (!((last_pic_structure   == PICT_TOP_FIELD &&

+                           s->picture_structure == PICT_BOTTOM_FIELD) ||

+                          (last_pic_structure   == PICT_BOTTOM_FIELD &&

+                           s->picture_structure == PICT_TOP_FIELD))) {

+                        av_log(s->avctx, AV_LOG_ERROR,

+                               "Invalid field mode combination %d/%d\n",

+                               last_pic_structure, s->picture_structure);

+                        s->picture_structure = last_pic_structure;

+                        s->dropable          = last_pic_dropable;

+                        return AVERROR_INVALIDDATA;

+                    } else if (last_pic_dropable != s->dropable) {

+                        av_log(s->avctx, AV_LOG_ERROR,

+                               "Cannot combine reference and non-reference fields in the same frame\n");

+                        av_log_ask_for_sample(s->avctx, NULL);

+                        s->picture_structure = last_pic_structure;

+                        s->dropable          = last_pic_dropable;

+                        return AVERROR_INVALIDDATA;

+                    }

+

+                    /* Take ownership of this buffer. Note that if another thread owned

+                     * the first field of this buffer, we're not operating on that pointer,

+                     * so the original thread is still responsible for reporting progress

+                     * on that first field (or if that was us, we just did that above).

+                     * By taking ownership, we assign responsibility to ourselves to

+                     * report progress on the second field. */

+                    s0->current_picture_ptr->owner2 = s0;

+                }

+            }

+        }

+

+        while (h->frame_num != h->prev_frame_num && h->prev_frame_num >= 0 &&

+               h->frame_num != (h->prev_frame_num + 1) % (1 << h->sps.log2_max_frame_num)) {

             Picture *prev = h->short_ref_count ? h->short_ref[0] : NULL;

             av_log(h->s.avctx, AV_LOG_DEBUG, "Frame num gap %d %d\n", h->frame_num, h->prev_frame_num);

             if (ff_h264_frame_start(h) < 0)

@@ -2928,7 +3012,9 @@ static int decode_slice_header(H264Context *h, H264Context *h0){

             }

         }

-        /* See if we have a decoded first field looking for a pair... */

+        /* See if we have a decoded first field looking for a pair...

+         * We're using that to see whether to continue decoding in that

+         * frame, or to allocate a new one. */

         if (s0->first_field) {

             assert(s0->current_picture_ptr);

             assert(s0->current_picture_ptr->f.data[0]);

@@ -2945,13 +3031,10 @@ static int decode_slice_header(H264Context *h, H264Context *h0){

             } else {

                 if (s0->current_picture_ptr->frame_num != h->frame_num) {

-                    /*

-                     * This and previous field had

-                     * different frame_nums. Consider this field first in

-                     * pair. Throw away previous field except for reference

-                     * purposes.

-                     */

-                    s0->first_field = 1;

+                    /* This and the previous field had different frame_nums.

+                     * Consider this field first in pair. Throw away previous

+                     * one except for reference purposes. */

+                    s0->first_field         = 1;

                     s0->current_picture_ptr = NULL;

                 } else {

@@ -3820,8 +3903,9 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){

         hx = h->thread_context[context_count];

         ptr= ff_h264_decode_nal(hx, buf + buf_index, &dst_length, &consumed, next_avc - buf_index);

-        if (ptr==NULL || dst_length < 0){

-            return -1;

+        if (ptr == NULL || dst_length < 0) {

+            buf_index = -1;

+            goto end;

         }

         i= buf_index + consumed;

         if((s->workaround_bugs & FF_BUG_AUTODETECT) && i+3<next_avc &&

@@ -3873,7 +3957,8 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){

         case NAL_IDR_SLICE:

             if (h->nal_unit_type != NAL_IDR_SLICE) {

                 av_log(h->s.avctx, AV_LOG_ERROR, "Invalid mix of idr and non-idr slices\n");

-                return -1;

+                buf_index = -1;

+                goto end;

             }

             idr(h); // FIXME ensure we don't lose some frames if there is reordering

         case NAL_SLICE:

@@ -4017,6 +4102,15 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){

     }

     if(context_count)

         execute_decode_slices(h, context_count);

+

+end:

+    /* clean up */

+    if (s->current_picture_ptr && s->current_picture_ptr->owner2 == s &&

+        !s->dropable) {

+        ff_thread_report_progress(&s->current_picture_ptr->f, INT_MAX,

+                                  s->picture_structure == PICT_BOTTOM_FIELD);

+    }

+

     return buf_index;

 }

@@ -29,6 +29,7 @@

 #include "libavutil/opt.h"

 #include "avcodec.h"

 #include "bytestream.h"

+#include "internal.h"

 #include "vorbis.h"

 #include "libavutil/mathematics.h"

@@ -59,6 +60,12 @@ static const AVOption options[] = {

     { "iblock", "Sets the impulse block bias", offsetof(OggVorbisContext, iblock), AV_OPT_TYPE_DOUBLE, { .dbl = 0 }, -15, 0, AV_OPT_FLAG_AUDIO_PARAM | AV_OPT_FLAG_ENCODING_PARAM },

     { NULL }

 };

+

+static const AVCodecDefault defaults[] = {

+    { "b",  "0" },

+    { NULL },

+};

+

 static const AVClass class = { "libvorbis", av_default_item_name, options, LIBAVUTIL_VERSION_INT };

 static const char * error(int oggerr, int *averr)

@@ -75,33 +82,29 @@ static av_cold int oggvorbis_init_encoder(vorbis_info *vi, AVCodecContext *avcco

 {

     OggVorbisContext *context = avccontext->priv_data;

     double cfreq;

-    int r;

-    if (avccontext->flags & CODEC_FLAG_QSCALE) {

-        /* variable bitrate */

-        float quality = avccontext->global_quality / (float)FF_QP2LAMBDA;

-        r = vorbis_encode_setup_vbr(vi, avccontext->channels,

+    if (avccontext->flags & CODEC_FLAG_QSCALE || !avccontext->bit_rate) {

+        /* variable bitrate

+         * NOTE: we use the oggenc range of -1 to 10 for global_quality for

+         *       user convenience, but libvorbis uses -0.1 to 1.0.

+         */

+        float q = avccontext->global_quality / (float)FF_QP2LAMBDA;

+        /* default to 3 if the user did not set quality or bitrate */

+        if (!(avccontext->flags & CODEC_FLAG_QSCALE))

+            q = 3.0;

+        if (vorbis_encode_setup_vbr(vi, avccontext->channels,

                                     avccontext->sample_rate,

-                                    quality / 10.0);

-        if (r) {

-            av_log(avccontext, AV_LOG_ERROR,

-                   "Unable to set quality to %g: %s\n", quality, error(r, &r));

-            return r;

-        }

+                                    q / 10.0))

+            return -1;

     } else {

         int minrate = avccontext->rc_min_rate > 0 ? avccontext->rc_min_rate : -1;

-        int maxrate = avccontext->rc_min_rate > 0 ? avccontext->rc_max_rate : -1;

+        int maxrate = avccontext->rc_max_rate > 0 ? avccontext->rc_max_rate : -1;

         /* constant bitrate */

-        r = vorbis_encode_setup_managed(vi, avccontext->channels,

-                                        avccontext->sample_rate, minrate,

-                                        avccontext->bit_rate, maxrate);

-        if (r) {

-            av_log(avccontext, AV_LOG_ERROR,

-                   "Unable to set CBR to %d: %s\n", avccontext->bit_rate,

-                   error(r, &r));

-            return r;

-        }

+        if (vorbis_encode_setup_managed(vi, avccontext->channels,

+                                        avccontext->sample_rate, maxrate,

+                                        avccontext->bit_rate, minrate))

+            return -1;

         /* variable bitrate by estimate, disable slow rate management */

         if (minrate == -1 && maxrate == -1)

@@ -314,4 +317,5 @@ AVCodec ff_libvorbis_encoder = {

     .sample_fmts    = (const enum AVSampleFormat[]) { AV_SAMPLE_FMT_S16, AV_SAMPLE_FMT_NONE },

     .long_name      = NULL_IF_CONFIG_SMALL("libvorbis Vorbis"),

     .priv_class     = &class,

+    .defaults       = defaults,

 };

@@ -230,8 +230,8 @@ static const AVOption options[]={

 {"rc_qmod_freq", "experimental quantizer modulation", OFFSET(rc_qmod_freq), AV_OPT_TYPE_INT, {.dbl = DEFAULT }, INT_MIN, INT_MAX, V|E},

 {"rc_override_count", NULL, OFFSET(rc_override_count), AV_OPT_TYPE_INT, {.dbl = DEFAULT }, INT_MIN, INT_MAX},

 {"rc_eq", "set rate control equation", OFFSET(rc_eq), AV_OPT_TYPE_STRING, {.str = NULL}, CHAR_MIN, CHAR_MAX, V|E},

-{"maxrate", "set max video bitrate tolerance (in bits/s)", OFFSET(rc_max_rate), AV_OPT_TYPE_INT, {.dbl = DEFAULT }, INT_MIN, INT_MAX, V|E},

-{"minrate", "set min video bitrate tolerance (in bits/s)", OFFSET(rc_min_rate), AV_OPT_TYPE_INT, {.dbl = DEFAULT }, INT_MIN, INT_MAX, V|E},

+{"maxrate", "set max bitrate tolerance (in bits/s)", OFFSET(rc_max_rate), AV_OPT_TYPE_INT, {.dbl = DEFAULT }, INT_MIN, INT_MAX, V|A|E},

+{"minrate", "set min bitrate tolerance (in bits/s)", OFFSET(rc_min_rate), AV_OPT_TYPE_INT, {.dbl = DEFAULT }, INT_MIN, INT_MAX, V|A|E},

 {"bufsize", "set ratecontrol buffer size (in bits)", OFFSET(rc_buffer_size), AV_OPT_TYPE_INT, {.dbl = DEFAULT }, INT_MIN, INT_MAX, A|V|E},

 {"rc_buf_aggressivity", "currently useless", OFFSET(rc_buffer_aggressivity), AV_OPT_TYPE_FLOAT, {.dbl = 1.0 }, -FLT_MAX, FLT_MAX, V|E},

 {"i_qfactor", "qp factor between P and I frames", OFFSET(i_quant_factor), AV_OPT_TYPE_FLOAT, {.dbl = -0.8 }, -FLT_MAX, FLT_MAX, V|E},

@@ -5713,6 +5713,12 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,

         mb_height = s->mb_height >> v->field_mode;

         for (i = 0; i <= n_slices; i++) {

             if (i > 0 &&  slices[i - 1].mby_start >= mb_height) {

+                if (v->field_mode <= 0) {

+                    av_log(v->s.avctx, AV_LOG_ERROR, "Slice %d starts beyond "

+                           "picture boundary (%d >= %d)\n", i,

+                           slices[i - 1].mby_start, mb_height);

+                    continue;

+                }

                 v->second_field = 1;

                 v->blocks_off   = s->mb_width  * s->mb_height << 1;

                 v->mb_off       = s->mb_stride * s->mb_height >> 1;

@@ -330,6 +330,11 @@ static av_cold int decode_init(AVCodecContext *avctx)

         return AVERROR_INVALIDDATA;

     }

+    if (s->avctx->sample_rate <= 0) {

+        av_log(avctx, AV_LOG_ERROR, "invalid sample rate\n");

+        return AVERROR_INVALIDDATA;

+    }

+

     s->num_channels = avctx->channels;

     if (s->num_channels < 0) {

@@ -299,6 +299,7 @@ static void start_frame(AVFilterLink *inlink, AVFilterBufferRef *inpicref)

 {

     PadContext *pad = inlink->dst->priv;

     AVFilterBufferRef *outpicref = avfilter_ref_buffer(inpicref, ~0);

+    AVFilterBufferRef *for_next_filter;

     int plane;

     for (plane = 0; plane < 4 && outpicref->data[plane]; plane++) {

@@ -335,12 +336,14 @@ static void start_frame(AVFilterLink *inlink, AVFilterBufferRef *inpicref)

     outpicref->video->w = pad->w;

     outpicref->video->h = pad->h;

-    avfilter_start_frame(inlink->dst->outputs[0], outpicref);

+    for_next_filter = avfilter_ref_buffer(outpicref, ~0);

+    avfilter_start_frame(inlink->dst->outputs[0], for_next_filter);

 }

 static void end_frame(AVFilterLink *link)

 {

     avfilter_end_frame(link->dst->outputs[0]);

+    avfilter_unref_buffer(link->dst->outputs[0]->out_buf);

     avfilter_unref_buffer(link->cur_buf);

 }

@@ -1221,7 +1221,7 @@ resync:

                 avi->dts_max = dts;

         }

-        return size;

+        return 0;

     }

     if ((err = avi_sync(s, 0)) < 0)