ffmpeg

Author	SHA1	Message	Date
wm4	00cde0cddc	avcodec/dvdsubdec: error on bitmaps with size 0 Attemtping to decode them could lead to invalid writes with some fuzzed samples. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `bcaa9099b3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Johan Andersson	b3242c0f22	cmdutils: update copyright year to 2015. (cherry picked from commit `3e16065221`) Conflicts: cmdutils.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	766c1cbeb4	avformat/mov: fix integer overflow in mov_read_udta_string() Found-by: Paul Mehta <paul@paulmehta.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3859868c75`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
wm4	ce219702c3	avcodec/dvdsubdec: fix out of bounds accesses The code blindly trusted buffer offsets read from the file in the RLE decoder. Explicitly check the offset. Also error out on other RLE decoding errors. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `c9151de7c4`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	87a716991d	avcodec/indeo3: ensure offsets are non negative Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `368642361f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	cd4827dfd4	avcodec/indeo3: use signed variables to avoid underflow Fixes out of array read Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3305acdc92`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	1d1cc267e6	swscale: increase yuv2rgb table headroom Fixes out of array access Fixes: case2_bad_read_yuv2rgbx32.mp4 Found-by: Michal Zalewski <lcamtuf@coredump.cx> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	87ec3c6156	avcodec/vmdvideo: Check len before using it in method 3 Fixes out of array access Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3030fb7e0d`) Conflicts: libavcodec/vmdav.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	adf2f2166e	avformat/aviobuf: Check that avio_seek() target is non negative Fixes out of array access Suggested-by: Andrew Scherkus <scherkus@google.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `ed86dbd05d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
wm4	39a6977354	avformat/matroskadec: fix handling of recursive SeekHead elements When matroska_execute_seekhead() is called, it goes through the list of seekhead entries and attempts to read elements not read yet. When doing this, the parser can find further SeekHead elements, and will extend the matroska->seekhead list. This can lead to a (practically) infinite loop with certain broken files. (Maybe it can happen even with valid files. The demuxer doesn't seem to check correctly whether an element has already been read.) Fix this by ignoring elements that were added to the seekhead field during executing seekhead entries. This does not fix the possible situation when multiple SeekHead elements after the file header (i.e. occur after the "before_pos" file position) point to the same elements. These elements will probably be parsed multiple times, likely leading to bugs. Fixes ticket #4162. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `6551acab68`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	5a1061b4ad	swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output Fixes Ticket4151 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8524558858`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	a5c43d7c87	avformat/rmdec: Check codec_data_size Fixes infinite loop Fixes Ticket4154 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a6f730730b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	0b5d644839	avcodec/pngdec: Check IHDR/IDAT order Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `79ceaf827b`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	aebfcf7d62	avcodec/mjpegdec: Fix context fields becoming inconsistent Fixes out of array access Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `0eecf40935`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 32d3acac727f3f4a6489ca129a5ea4ccdfcb34a5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	ec640e10b2	avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization Fixes out of array read Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5dcb99033d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	3296e30d37	avcodec/h264_slice: Clear table pointers to avoid stale pointers Might fix Ticket3889 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `547fce9585`) Conflicts: libavcodec/h264_slice.c Conflicts: libavcodec/h264.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	d327f673f9	avcodec/dnxhddec: treat pix_fmt like width/height Fixes out of array accesses Fixes: asan_heap-oob_22c9a39_16_015.mxf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f3c0e0bf6f`) Conflicts: libavcodec/dnxhddec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	017226fdf9	avcodec/dxa: check dimensions Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e70312dfc2`) Conflicts: libavcodec/dxa.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	27d82d8374	avformat/mpegts: Check desc_len / get8() return code Fixes out of array read Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `c3d7f00ee3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	e0ed766f2a	avcodec/qpeg: fix off by 1 error in MV bounds check Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `dd3bfe3cc1`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	677da72300	avcodec/pngdec: Calculate MPNG bytewidth more defensively Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e830902934`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7238c744de	avcodec/pngdec: Check bits per pixel before setting monoblack pixel format Fixes out of array accesses Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3e2b745020`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7c1150bf05	avcodec/tiff: more completely check bpp/bppcount Fixes pixel format selection Fixes out of array accesses Fixes: asan_heap-oob_1766029_6_asan_heap-oob_20aa045_332_cov_1823216757_m2-d1d366d7965db766c19a66c7a2ccbb6b.tif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e1c0cfaa41`) Conflicts: libavcodec/tiff.c (cherry picked from commit e9125e74897135d690cf44f6e6d39e80dcd07803) Conflicts: libavcodec/tiff.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	19d0c9e993	avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8b0e96e1f2`) Conflicts: libavcodec/mmvideo.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	bd3a28e8b6	avcodec/utils: Add case for jv to avcodec_align_dimensions2() Fixes out of array accesses Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `105654e376`) Conflicts: libavcodec/utils.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	bb6a8a0509	avcodec/mjpegdec: check bits per pixel for changes similar to dimensions Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5c378d6a6d`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82) Conflicts: libavcodec/mjpegdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	1704a7b67d	avcodec/jpeglsdec: Check run value more completely in ls_decode_line() previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `06e7d58410`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Reimar Döffinger	ef803afa76	configure: add noexecstack to linker options if supported. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> (cherry picked from commit `b7082d953f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	348b87b9bd	avcodec/ac3enc_template: fix out of array read Found-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `d85ebea3f3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	ced4e9fdbb	avformat/m4vdec: Check for non startcode 00 00 00 sequences in probe Fixes miss detection of PCM as m4v Fixes Ticket 3928 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `7c1835c52a`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7248e73559	avcodec: fix aac/ac3 parser bitstream buffer size Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `fccd85b9f3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 01:31:57 +01:00
Michael Niedermayer	509239066a	Merge commit '0e810255596070e2c503c5da9001f7087f71de6e' into release/0.10 * commit '0e810255596070e2c503c5da9001f7087f71de6e': doc: More changelog updates for v0.8.17 Conflicts: Changelog not merged Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 23:12:31 +01:00
Michael Niedermayer	a0316589e4	Merge commit '335ec616cc38ee6206a3acebd46d01aad73d721b' into release/0.10 * commit '335ec616cc38ee6206a3acebd46d01aad73d721b': utvideodec: Handle slice_height being zero Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 23:11:51 +01:00
Michael Niedermayer	9575bd6a9d	Merge commit '76435f5e40854567252756ea7f788958dd2cc04c' into release/0.10 * commit '76435f5e40854567252756ea7f788958dd2cc04c': doc: More changelog updates for v0.8.17 Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 23:09:55 +01:00
Michael Niedermayer	90afa95a55	Merge commit 'ec5b2f6a385959048f780b4e7d3d259dc1fa8421' into release/0.10 * commit 'ec5b2f6a385959048f780b4e7d3d259dc1fa8421': tiff: Check that there is no aliasing in pixel format selection Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:51:08 +01:00
Michael Niedermayer	817ed4fae9	Merge commit '82776caf7993221719eefbe576f851c7e52dfef9' into release/0.10 * commit '82776caf7993221719eefbe576f851c7e52dfef9': rmenc: limit packet size Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:50:49 +01:00
Michael Niedermayer	22377751c9	Merge commit '905988fe1a8accbc1ab93120aa4cd29252b81cce' into release/0.10 * commit '905988fe1a8accbc1ab93120aa4cd29252b81cce': eamad: check for out of bounds read Conflicts: libavcodec/eamad.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:50:00 +01:00
Michael Niedermayer	cb4da0405d	Merge commit '8b1f8fb26bfe6a4cd9f72b962b45643fa331dbe1' into release/0.10 * commit '8b1f8fb26bfe6a4cd9f72b962b45643fa331dbe1': Update Changelog for 0.8.17 Release Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:49:09 +01:00
Michael Niedermayer	7f9527d30f	Merge commit 'aace8b184c867875e2715b2af23fa98886f90427' into release/0.10 * commit 'aace8b184c867875e2715b2af23fa98886f90427': Prepare for 0.8.17 Release Conflicts: RELEASE not merged Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:39:24 +01:00
Michael Niedermayer	60feb8543a	Merge commit 'd6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b' into release/0.10 * commit 'd6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b': h264_cabac: Break infinite loops Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:38:55 +01:00
Michael Niedermayer	3eaef560a7	Merge commit '51dd54c51aaca909893c9f90a4119e96ff71ffdf' into release/0.10 * commit '51dd54c51aaca909893c9f90a4119e96ff71ffdf': matroskadec: Fix read-after-free in matroska_read_seek() Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:37:20 +01:00
Michael Niedermayer	caedb041a6	Merge commit '9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a' into release/0.10 * commit '9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a': gifdec: refactor interleave end handling Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:32:12 +01:00
Michael Niedermayer	ed69f0f72e	Merge commit 'a331e11906b196c9a00f5ffbc45d80fcd7fe8423' into release/0.10 * commit 'a331e11906b196c9a00f5ffbc45d80fcd7fe8423': smc: fix the bounds check Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:31:57 +01:00
Michael Niedermayer	8439378f41	Merge commit 'fc159ba88ea2dd1fa11e4ab6af8b574fc80db454' into release/0.10 * commit 'fc159ba88ea2dd1fa11e4ab6af8b574fc80db454': mmvideo: check frame dimensions Conflicts: libavcodec/mmvideo.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:31:40 +01:00
Michael Niedermayer	17f094697d	Merge commit '954aafaa961c32c655ad38fb622e8cbe249ebd5a' into release/0.10 * commit '954aafaa961c32c655ad38fb622e8cbe249ebd5a': jvdec: check frame dimensions Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:21:47 +01:00
Michael Niedermayer	522c7c37d2	Merge commit '0ceb2dffb6ba082a8abcc57c53a14b2512f0aa48' into release/0.10 * commit '0ceb2dffb6ba082a8abcc57c53a14b2512f0aa48': mov: avoid a memleak when multiple stss boxes are present Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:20:32 +01:00
Michael Niedermayer	525689ede9	Merge commit '22103315c2a1cb2de336750c50cf6bf7c109220c' into release/0.10 * commit '22103315c2a1cb2de336750c50cf6bf7c109220c': Add some bug references to the changelog Conflicts: Changelog not merged as this isnt the FFmpeg Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:19:49 +01:00
Michael Niedermayer	c1f9be99d7	Merge commit 'b989bb7adee0f3286dcaa63c5cd0753eac45f6be' into release/0.10 * commit 'b989bb7adee0f3286dcaa63c5cd0753eac45f6be': apetag: Fix APE tag size check Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:05:04 +01:00
Michael Niedermayer	c388db185c	Merge commit '893b353362bc220280efd8d14c4878a1cafe18a8' into release/0.10 * commit '893b353362bc220280efd8d14c4878a1cafe18a8': x86: Only use optimizations with cmov if the CPU supports the instruction Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:04:45 +01:00
Michael Niedermayer	a19a10a53e	Merge commit '8637f4edeee1a6bd18bc90740fafadd3e1b412aa' into release/0.10 * commit '8637f4edeee1a6bd18bc90740fafadd3e1b412aa': x86: Add CPU flag for the i686 cmov instruction Conflicts: doc/APIchanges libavutil/avutil.h Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:04:04 +01:00

1 2 3 4 5 ...

38320 Commits