30892 Commits

Author SHA1 Message Date
Michael Niedermayer
6c68522a2a Merge commit '809c3023b699c54c90511913d3b6140dd2436550'
* commit '809c3023b699c54c90511913d3b6140dd2436550':
  mjpegdec: check for pixel format changes

Conflicts:
	libavcodec/mjpegdec.c

See: 5c378d6a6df8243f06c87962b873bd563e58cd39
See: a2f680c7bc7642c687aeb4e14d00ac74833c7a09
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 12:49:23 +01:00
Michael Niedermayer
cee4490b52 on2avc: check number of channels
Fixes invalid memory access.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8549
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-19 08:01:47 +01:00
Michael Niedermayer
d423dd72be smc: fix the bounds check
Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-19 08:01:47 +01:00
Michael Niedermayer
0b39ac6f54 gifdec: refactor interleave end handling
Fixes invalid writes with very small image heights.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-19 08:01:47 +01:00
Anton Khirnov
17ba719d9b mmvideo: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 2.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8543
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Anton Khirnov
88626e5af8 jvdec: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 8.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8542
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Anton Khirnov
809c3023b6 mjpegdec: check for pixel format changes
Fixes possible invalid memory access.

Based on code by Michael Niedermayer <michaelni@gmx.at>

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8541
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-12-19 08:01:46 +01:00
Michael Niedermayer
c89751aa21 Merge commit '210461c0a83a5625560fa1d92229200dc7fb869b'
* commit '210461c0a83a5625560fa1d92229200dc7fb869b':
  imgconvert: check memory allocations and propagate errors

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 05:37:26 +01:00
Michael Niedermayer
8ccfafa7b4 Merge commit '596b5c488fa1d40f114a64d3b73e1863cab073fb'
* commit '596b5c488fa1d40f114a64d3b73e1863cab073fb':
  wma: check memory allocations and propagate errors

Conflicts:
	libavcodec/wma.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 05:36:20 +01:00
Michael Niedermayer
d05b154b5b Merge commit '5ac06633cb63fcc51f2471a3478b44d3f010b16b'
* commit '5ac06633cb63fcc51f2471a3478b44d3f010b16b':
  takdec: check av_samples_get_buffer_size() return value

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 05:06:23 +01:00
Michael Niedermayer
5387b0cbfb Merge commit '971099ff5a85377579eb5b8d3620e283957f097e'
* commit '971099ff5a85377579eb5b8d3620e283957f097e':
  aacenc: correctly check returned value

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 04:45:32 +01:00
Michael Niedermayer
445ec2dfcb Merge commit 'ac467d94fa6d9d626f77d4ca8125a5eb1ad5425d'
* commit 'ac467d94fa6d9d626f77d4ca8125a5eb1ad5425d':
  lcl: return an appropriate error code

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 04:44:08 +01:00
Michael Niedermayer
ff4f2036de Merge commit 'c63dd3f0a48a9f6389d253597ab51caddc0118db'
* commit 'c63dd3f0a48a9f6389d253597ab51caddc0118db':
  a64multi: check elbg return values

Conflicts:
	libavcodec/a64multienc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 04:21:13 +01:00
Michael Niedermayer
bb7ad47ddf Merge commit '3beb9cbad35218ed1fb3473eeb3cfc97a931bff4'
* commit '3beb9cbad35218ed1fb3473eeb3cfc97a931bff4':
  roqvideo: check memory allocations and propagate errors

Conflicts:
	libavcodec/roqvideoenc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 04:20:30 +01:00
Michael Niedermayer
16f0618200 Merge commit 'ae2d41ec875965ce4ab9fdd88a5e8ba57cada67a'
* commit 'ae2d41ec875965ce4ab9fdd88a5e8ba57cada67a':
  elbg: check memory allocations and propagate errors

Conflicts:
	libavcodec/elbg.c
	libavcodec/elbg.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 04:10:17 +01:00
Michael Niedermayer
6fcdcc414b Merge commit '67fc8a15e4182ea111cfcd05897709f09d99a33a'
* commit '67fc8a15e4182ea111cfcd05897709f09d99a33a':
  theora: support different visible and coded frame size

Conflicts:
	libavcodec/vp3.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 03:42:16 +01:00
Michael Niedermayer
2e97437657 Merge commit '87bd298abeb901fe16383a0d267502cc7fc03878'
* commit '87bd298abeb901fe16383a0d267502cc7fc03878':
  DPX parser

Conflicts:
	libavcodec/dpx_parser.c
	libavcodec/version.h

See: 8ec328668a7d10c8224ae5f591add5b388ea82ed
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 03:30:40 +01:00
Michael Niedermayer
9aabe66781 Merge commit '3a3790b8f8b56ee6abc93ccac280eb693675e294'
* commit '3a3790b8f8b56ee6abc93ccac280eb693675e294':
  tiff: support encoding and decoding 64bit images

Conflicts:
	libavcodec/tiff.c
	libavcodec/tiffenc.c
	libavcodec/version.h

See: c714cd3bd4af70e0cba1db399ca420b1f51a773d
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-19 03:19:23 +01:00
Reimar Döffinger
70d80ed40f qdm2: Allow hard-coding VLC tables.
Also adds a lot of infrastructure necessary for it.
Some of it is a bit ugly though.
Increases binary size for hardcoded tables by about 12 kB,
which is about 15 kB from qdm2_table minus data and code
saved that was only used for creating it.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2014-12-18 23:51:07 +01:00
Reimar Döffinger
de6d44829c aacps.c: Move large arrays to context to reduce stack usage.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2014-12-18 23:50:41 +01:00
Vittorio Giovara
210461c0a8 imgconvert: check memory allocations and propagate errors 2014-12-18 23:27:14 +01:00
Vittorio Giovara
596b5c488f wma: check memory allocations and propagate errors 2014-12-18 23:27:14 +01:00
Vittorio Giovara
5ac06633cb takdec: check av_samples_get_buffer_size() return value
CC: libav-stable@libav.org
Bug-Id: CID 747734
2014-12-18 23:27:14 +01:00
Vittorio Giovara
971099ff5a aacenc: correctly check returned value
CC: libav-stable@libav.org
2014-12-18 23:27:14 +01:00
Vittorio Giovara
ac467d94fa lcl: return an appropriate error code 2014-12-18 23:27:14 +01:00
Vittorio Giovara
16c7a8a142 aacps: invert the order of parameters of ipdopd_reset()
This is the order that the caller uses in the rest of the file. The
same operation is applied to both parameters, so this change is only
done for consistency, it doesn't change the actual behaviour.

Bug-Id: CID 732285 / CID 732286
2014-12-18 23:27:14 +01:00
Vittorio Giovara
9745f19ffc assdec: check the right variable
CC: libav-stable@libav.org
Bug-Id: CID 1257815
2014-12-18 23:27:14 +01:00
Vittorio Giovara
c63dd3f0a4 a64multi: check elbg return values 2014-12-18 23:22:59 +01:00
Vittorio Giovara
3beb9cbad3 roqvideo: check memory allocations and propagate errors 2014-12-18 23:22:59 +01:00
Vittorio Giovara
ae2d41ec87 elbg: check memory allocations and propagate errors 2014-12-18 23:22:59 +01:00
Vittorio Giovara
67fc8a15e4 theora: support different visible and coded frame size
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2014-12-18 23:22:59 +01:00
Paul B Mahol
87bd298abe DPX parser
Additional improvements and fixes by Michael Niedermayer <michaelni@gmx.at>.

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
2014-12-18 23:22:59 +01:00
Carl Eugen Hoyos
3a3790b8f8 tiff: support encoding and decoding 64bit images 2014-12-18 23:22:59 +01:00
Michael Niedermayer
3bb465245f h261dec: Fix context initialization sequence
ff_mpv_common_init sets s->context_initialized.

This fixes decoding of h261 in the cases where the demuxer
hasn't already set the frame size.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 23:10:24 +02:00
Michael Niedermayer
3d8bedef45 Merge commit '91bfac759dfd536e439ad3e35964705012c6a5a7'
* commit '91bfac759dfd536e439ad3e35964705012c6a5a7':
  h261enc: Disallow sliced encoding

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-18 21:10:56 +01:00
Michael Niedermayer
368642361f avcodec/indeo3: ensure offsets are non negative
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-18 18:57:27 +01:00
Michael Niedermayer
e59c28b166 avcodec/adpcm: Check idelta
Fixes integer overflow
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-18 16:10:23 +01:00
Martin Storsjö
91bfac759d h261enc: Disallow sliced encoding
This avoids trying to do sliced encoding, even if a slice/packet
size is requested (via the -ps option or the rtp_payload_size
field), since the encoder currently doesn't support it (or at least
our decoder can't decode it, even if the h261_encode_gob_header
function is hooked up to be called from the slicing part in
mpegvideo_enc.c).

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-18 12:00:01 +02:00
Michael Niedermayer
61296d41e2 avcodec/h264: Check *log2_weight_denom
Fixes undefined behavior
Fixes: signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-18 03:45:59 +01:00
Michael Niedermayer
3281fa8925 avcodec/hevc_ps: Check diff_cu_qp_delta_depth
Fixes undefined behavior
Fixes: asan_static-oob_17aa046_582_cov_1577759978_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-18 02:19:53 +01:00
Michael Niedermayer
99f8c9e4d1 avcodec/hevc: move qp_block_mask to where its used
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-18 01:55:02 +01:00
Michael Niedermayer
e8714f6f93 avcodec/h264: Clear delayed_pic on deallocation
Fixes use of freed memory

Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 21:55:45 +01:00
Michael Niedermayer
8aa8d12554 avcodec/hevc: clear filter_slice_edges() on allocation
This avoids use of uninitialized memory
Fixes: asan_static-oob_17aa046_582_cov_212287884_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 19:43:58 +01:00
Michael Niedermayer
7d593495e4 avcodec/dcadec: Check that the added xch channel isnt already there
Fixes null pointer dereference
Fixes: signal_sigsegv_369609d_623_cov_2008234281_ES_6.1_16bit.dts
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 15:33:59 +01:00
Michael Niedermayer
3ba1050292 avcodec/imc: dont read bits beyond the end
Fixes use of uninitialized memory

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 05:14:11 +01:00
Michael Niedermayer
ddd7dac7ae avcodec/utils: check the private context class
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 05:14:11 +01:00
Michael Niedermayer
3305acdc92 avcodec/indeo3: use signed variables to avoid underflow
Fixes out of array read
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 05:14:11 +01:00
Reimar Döffinger
254da44bf9 flacenc: calculate lower sum levels in-place.
Should improve cache usage and reduces stack usage.
Also reduces number of copies in case many levels
have the same number of bits.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2014-12-17 04:27:09 +01:00
Michael Niedermayer
f3b5b139ad avcodec/h264: make the first field of H264Context an AVClass
Fixes use of freed memory
Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 01:33:06 +01:00
Michael Niedermayer
3881606240 avcodec/utvideodec: Fix handling of slice_height=0
Fixes out of array accesses
Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 23:00:04 +01:00