ffmpeg

Author	SHA1	Message	Date
Anton Khirnov	f1a7bfea41	shorten: pad the internal bitstream buffer Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 1713eec29add37b654ec6bf262b843d139c1ffc6)	2014-02-28 23:05:53 -05:00
Justin Ruggles	3e3805b7fa	samplefmt: avoid integer overflow in av_samples_get_buffer_size() CC:libav-stable@libav.org (cherry picked from commit 0e830094ad0dc251613a0aa3234d9c5c397e02e6)	2014-02-28 23:05:53 -05:00
Anton Khirnov	8ba514117b	Add missing header to fix compilation after d2a0654 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-28 23:05:08 -05:00
Reinhard Tartler	675cf1cded	Prepare for 9.12 RELEASE	2014-02-28 22:39:04 -05:00
Diego Biurrun	0c1a15db46	configure: Add missing dependency of Snow decoder on videodsp	2014-02-21 10:31:39 +01:00
Anton Khirnov	d2a065437a	rpza: limit the number of blocks to the total remaining blocks in the frame Fixes invalid writes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 77bb0004bbe18f1498cfecdc68db5f10808b6599) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2014-02-14 11:31:35 +01:00
Michael Niedermayer	08dde7567d	Merge remote-tracking branch 'qatar/release/9' into release/1.1 * qatar/release/9: Update Changelog for 9.11 oggparseogm: check timing variables mathematics: remove asserts from av_rescale_rnd() vc1: Always reset numref when parsing a new frame header. h264: reset num_reorder_frames if it is invalid Conflicts: Changelog libavcodec/vc1.c libavutil/mathematics.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 06:41:15 +01:00
Michael Niedermayer	cb8180885f	Merge commit '62ed6da016b789eee00e0fff517df4a254e12e5d' into release/1.1 * commit '62ed6da016b789eee00e0fff517df4a254e12e5d': h264: check that an IDR NAL only contains I slices mov: Free an earlier allocated array if allocating a new one Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 06:32:48 +01:00
Michael Niedermayer	e2781db62a	Merge commit '44079902c49e526f464bb4eb855665e1af867e91' into release/1.1 * commit '44079902c49e526f464bb4eb855665e1af867e91': mov: Free intermediate arrays in the normal cleanup function segafilm: fix leaks if reading the header fails h264_cavlc: check the size of the intra PCM data. h263: Check init_get_bits return value cavsdec: check ff_get_buffer() return value Conflicts: libavcodec/cavsdec.c libavcodec/h263dec.c libavformat/mov.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 06:23:46 +01:00
Michael Niedermayer	9ac7d8f85d	Merge commit 'c85e5f13f6ac9c4c90125e7671d89009e57f9df9' into release/1.1 * commit 'c85e5f13f6ac9c4c90125e7671d89009e57f9df9': cavs: Check for negative cbp avi: DV in AVI must be considered single stream vmnc: Check the cursor dimensions vmnc: Port to bytestream2 Conflicts: libavcodec/cavsdec.c libavcodec/vmnc.c libavformat/avidec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 06:05:36 +01:00
Michael Niedermayer	fd856693de	Merge commit 'f1476459b7013d306eb911573f1dc81e74ccd082' into release/1.1 * commit 'f1476459b7013d306eb911573f1dc81e74ccd082': vmnc: K&R formatting cosmetics flashsv: Check diff_start diff_height values dsputil/pngdsp: fix signed/unsigned type in end comparison Conflicts: libavcodec/dsputil.c libavcodec/flashsv.c libavcodec/vmnc.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 05:43:42 +01:00
Michael Niedermayer	a5c3f596d1	avformat/utils: av_probe_input_buffer2 decrease difference to libav This removes the initialization of 2 unused fields The change was part of c1868e7ee7b07b40a0fe15f50df89fe499a01a50 but wasnt merged as the fields could still be used Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 05c78f345b623a3eed203ab17da6e1419d56abd0) Conflicts: libavformat/utils.c	2014-02-04 05:20:43 +01:00
Michael Niedermayer	ee3ce73bfb	avformat/utils/av_probe_input_buffer2: fix buffer passed to ffio_rewind_with_probe_data() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 05886c9d4edddb07a4cdc6afee8b30cd9c80b4db) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 05:20:09 +01:00
Michael Niedermayer	3994eebb1e	avformat/utils/av_probe_input_buffer2: fix offset check The check could fail if avio_read() read less than requested Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8c3b026a0eeb49464d957b61b0c01cceecc416fd) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 05:20:08 +01:00
Michael Niedermayer	82b44665e9	avformat/utils/av_probe_input_buffer2: Fix pd.buf_size Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6a2064820b52568c05a9ec8f418f18840e7c43cc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 05:20:07 +01:00
Michael Niedermayer	35bf91c5b5	Merge commit '8575f5362f98c937758b20ff8512d6767a56208e' into release/1.1 * commit '8575f5362f98c937758b20ff8512d6767a56208e': lavf: make av_probe_input_buffer more robust lavf: use a fixed width type lavf: simplify handling of offset in av_probe_input_buffer() Conflicts: libavformat/utils.c See: cdce0e8a506cafebe47736d891f5b645b57d14b2 and previous commits Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 05:17:57 +01:00
Michael Niedermayer	c06f8bac20	avformat/utils: fix av_probe_input_buffer2() so it returns the probe score Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c4810fbe4f53d312ba70f251f7ee4f484cbca565) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 05:15:36 +01:00
Michael Niedermayer	af74599e66	avcodec/vc1: reset fcm/field_mode in non advanced header parsing Fixes NULL pointer dereference Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 04:50:17 +01:00
Michael Niedermayer	74821341b9	avcodec/takdec: always check bits_per_raw_sample Fixes out of array access Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 04:50:17 +01:00
Michael Niedermayer	7adf4a92a1	avcodec/vmnc: Check that rectangles are within the picture Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Conflicts: libavcodec/vmnc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 04:50:17 +01:00
Michael Niedermayer	e04f68f7c5	dnxhdenc: fix mb_rc size Fixes out of array access with RC_VARIANCE set to 0 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 04:50:17 +01:00
Michael Niedermayer	10238ada6d	cmdutils: update year Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 04:50:17 +01:00
Reinhard Tartler	27f60e2b0b	Update Changelog for 9.11	2014-02-02 13:08:08 -05:00
Anton Khirnov	62ed6da016	h264: check that an IDR NAL only contains I slices Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 8b2e5e42bb9d6a59ede5af2e6df4aaf7750d1195) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:46 -05:00
Anton Khirnov	bf7c240a50	oggparseogm: check timing variables Fixes a potential divide by zero. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 75647dea6f7db79b409bad66a119f5c73da730f3) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:46 -05:00
Anton Khirnov	03bfd8419f	mathematics: remove asserts from av_rescale_rnd() It is a public function, it must not assert on its parameters. (cherry picked from commit 94a417acc05cc5151b473abc0bf51fad26f8c5a0) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:46 -05:00
Michael Niedermayer	3cc8d9bc1f	vc1: Always reset numref when parsing a new frame header. Fixes an issue where the B-frame coding mode switches from interlaced fields to interlaced frames, causing incorrect decisions in the motion compensation code and resulting in visual artifacts. CC: libav-stable@libav.org Signed-off-by: Tim Walker <tdskywalker@gmail.com> (cherry picked from commit dd2d0039b6405dc724e4fef0d5b8f49530eea3aa) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:46 -05:00
Anton Khirnov	299c5dcfb0	h264: reset num_reorder_frames if it is invalid An invalid VUI is not considered a fatal error, so the SPS containing it may still be used. Leaving an invalid value of num_reorder_frames there can result in writing over the bounds of H264Context.delayed_pic. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 9ecabd7892ff073ae60ded3fc0a1290f5914ed5c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/h264_ps.c	2014-02-01 23:51:46 -05:00
Martin Storsjö	44079902c4	mov: Free intermediate arrays in the normal cleanup function These arrays are normally freed at the end of mov_read_trak, but make sure they're freed in case mov_read_trak returned early (due to errors) or in case the atoms that allocate arrays are encountered at some other point than within a trak (which we don't have checks against). Sample-Id: 00000496-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d51f09962d5b4bc999fb70c040f330dd1873212e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:45 -05:00
Martin Storsjö	a1b4d42d31	mov: Free an earlier allocated array if allocating a new one It could probably also be considered an error if the pointer isn't null at this point, but then we might risk rejecting some slightly broken files that we might have handled so far. Sample-Id: 00000496-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 2620df13104ddaa136158eb6bb1195adbf9d7692) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:45 -05:00
Anton Khirnov	f728782c0d	segafilm: fix leaks if reading the header fails Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 6892d145a0c80249bd61ee7dd31ec851c5076bcd) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:45 -05:00
Luca Barbato	c85e5f13f6	cavs: Check for negative cbp Sample-Id: 00000647-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Luca Barbato	f1476459b7	vmnc: K&R formatting cosmetics Signed-off-by: Diego Biurrun <diego@biurrun.de>	2014-02-01 14:59:50 -05:00
Anton Khirnov	b5275ca1a8	h264_cavlc: check the size of the intra PCM data. Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Luca Barbato	3485a07977	avi: DV in AVI must be considered single stream Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Michael Niedermayer	d9c82cea11	h263: Check init_get_bits return value And use init_get_bits8 to check for integer overflows while at it. CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2014-02-01 14:59:50 -05:00
Luca Barbato	4b24eb1a03	vmnc: Check the cursor dimensions And manage the reallocation failure path. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 5e992a4682d2c09eed3839c6cacf70db3b65c2f4)	2014-02-01 14:59:50 -05:00
Anton Khirnov	969028870c	cavsdec: check ff_get_buffer() return value Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Luca Barbato	9f9e773881	vmnc: Port to bytestream2 Fix some buffer overreads. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Michael Niedermayer	10d48fe6d3	flashsv: Check diff_start diff_height values Fix out of array accesses. Found-by: ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Adresses: CVE-2013-7015 (cherry picked from commit 57070b1468edc6ac8cb3696c817f3c943975d4c1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 13:56:58 -05:00
Michael Niedermayer	af9799790d	dsputil/pngdsp: fix signed/unsigned type in end comparison Fixes out of array accesses and integer overflows. (cherry picked from commit d1916d13e28b87f4b1b214231149e12e1d536b4b) Adresses: CVE-2013-7010, CVE-2013-7014 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 13:53:41 -05:00
Michael Niedermayer	6fa9741357	avcodec/aacdec: Dont fail if channels arent known yet Fixes Ticket3312 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 676a395ab903cac623c5d6ddd0928c789e08a59e) Conflicts: libavcodec/aacdec.c	2014-01-19 14:58:22 +01:00
Michael Niedermayer	bb26a88193	avcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the bitstream Fixes Ticket3303 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 31e703e899bee74c50efd8eb62c3d012ef5ab26d)	2014-01-19 14:57:56 +01:00
Michael Niedermayer	55a4228ac2	avcodec/mjpegdec: only run EOI emulation code when there was a scan Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 361e27a3d8096baacc45d2551a1ebfcbfdaa6a67)	2014-01-19 14:56:18 +01:00
Michael Niedermayer	3ae81880e1	avcodec/mjpegdec: update cur_scan also for non-LS jpeg This should make no difference but the variable will be used in a subsequent commit Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d) Conflicts: libavcodec/mjpegdec.c	2014-01-19 14:56:08 +01:00
Anton Khirnov	8575f5362f	lavf: make av_probe_input_buffer more robust Always use the actually read size as the offset instead of making possibly invalid assumptions. Addresses: CVE-2012-6618 (cherry picked from commit 2115a3597457231a6e5c0527fe0ff8550f64b733) Conflicts: libavformat/utils.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-01-13 15:32:24 +01:00
Anton Khirnov	539d255871	lavf: use a fixed width type It's shorter and more consistent with the rest of the code. (cherry picked from commit 8b76362836f3c373c3aadc544522edcbef16dd5f) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-01-13 15:32:17 +01:00
Anton Khirnov	e38c62fe0c	lavf: simplify handling of offset in av_probe_input_buffer() (cherry picked from commit c1868e7ee7b07b40a0fe15f50df89fe499a01a50) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-01-13 15:24:08 +01:00
Michael Niedermayer	1017b5914c	update for 1.1.8 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n1.1.8	2014-01-13 15:20:18 +01:00
Michael Niedermayer	9f47f95e70	Merge remote-tracking branch 'qatar/release/9' into release/1.1 * qatar/release/9: prores: Error out only on surely incomplete ac_coeffs Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 15:14:13 +01:00

... 7 8 9 10 11 ...

49748 Commits