Fixes out of array access
Fixes: asan_heap-oob_4d5bb0_682_cov_3124593265_Fraunhofer__a_driving_force_in_innovation__small.mp4

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 330863c9f1)

Conflicts:

	libavcodec/h264_slice.c

Also use the frame pixel format instead of the one from the codec
context, which is more robust.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit fdc64a1044)

Conflicts:

	libavcodec/h264_slice.c

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

The AVFrame values are closer to the AVFrame bitmap changed instead of
the AVCodecContext values, so this should be more robust

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit aef0e0f009)

Conflicts:

	libavcodec/h264_slice.c

Bug-Id: CVE-2015-3417
CC: libav-stable@libav.org

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2197b40189)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fixes null pointer dereference
Fixes Ticket4440

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 386601286f)

Conflicts:

	libavcodec/h264_slice.c
(cherry picked from commit ce6d38e9ed)

Fixes non deterministic crash in ticket4408/fuzz2.264
Likely fixes other samples as well

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 43b434210e)

Conflicts:

	libavcodec/h264.h
	libavcodec/h264_slice.c
(cherry picked from commit dbbc42858e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fixes null pointer dereference
Fixes: signal_sigsegv_3042097_3007_cov_1741463594_non_monotone_timestamps1.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c23a0e77dd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

It may be empty if the previous thread's decode call did not contain a
valid frame.

(cherry picked from commit 0dea4c77cc)
Signed-off-by: Anton Khirnov <anton@khirnov.net>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2fd9ce92af)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fixes race condition and null pointer dereference
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 38d5241b7f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

This might fix a hypothetical race condition

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f111831ed6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fixes potential race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f906982c94)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fixes race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6fafc62b0b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Might fix Ticket3889

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 547fce9585)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Even if sps.crop is true, the cropping amount may be zero.
Fixes a sample with a valid but broken container cropping.

Fixes null pointer dereference
Fixes Ticket3873

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Diego Biurrun <diego@biurrun.de>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>

Also suggest what can be done to workaround the limitation.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fixes Ticket3475

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

It leverages the new hwaccel 1.2 features:

- get_buffer2 is never called
- the internal context is automatically initialized/deinitialized

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

This describes more accurately what this field is for.

This way each decoder does not have to do the same thing manually.

It will be useful in the following commits.

Fixes Ticket3063

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

The Windows runtime aborts if it finds %t or %z.
Fixes ticket #3472.

Reviewed-by: Ronald Bultje

avctx->coded_{height,width} will always equal h->{height,width} since
init_dimensions() does that explicitly, Size changes are detected by
changes in mb_{height,width} earlier and propagated through the
needs_reinit variable.

Fixes crash

Found-by: iive
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

This is limited to the case where x264_build = -1, to not break x264 decoding

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Fixes Ticket3260

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Unused buffers scratchpad and temp have been dropped too.