Commit Graph

68501 Commits

Author SHA1 Message Date
Michael Niedermayer
3ba1050292 avcodec/imc: dont read bits beyond the end
Fixes use of uninitialized memory

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 05:14:11 +01:00
Michael Niedermayer
ddd7dac7ae avcodec/utils: check the private context class
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 05:14:11 +01:00
Michael Niedermayer
3305acdc92 avcodec/indeo3: use signed variables to avoid underflow
Fixes out of array read
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 05:14:11 +01:00
Reimar Döffinger
254da44bf9 flacenc: calculate lower sum levels in-place.
Should improve cache usage and reduces stack usage.
Also reduces number of copies in case many levels
have the same number of bits.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2014-12-17 04:27:09 +01:00
Supraja Meedinti
abbcc68e5c libavutil: cosmetic: inserted spaces wherever necessary
Signed-off-by: Supraja Meedinti <supraja0493@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 02:18:02 +01:00
Michael Niedermayer
f3b5b139ad avcodec/h264: make the first field of H264Context an AVClass
Fixes use of freed memory
Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-17 01:33:06 +01:00
Michael Niedermayer
2a983ff7fe swscale: increase yuv2rgb table headroom
Fixes out of array access
Fixes: case2_bad_read_yuv2rgbx32.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 23:37:26 +01:00
Michael Niedermayer
be9ce6e10a avformat/mov: fix integer overflow of size
Fixes: case1_call_stack_overflow.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 23:37:25 +01:00
Michael Niedermayer
caa7a3914f avformat/mov: check atom nesting depth
Fixes call stack overflow
Fixes: case1_call_stack_overflow.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 23:37:24 +01:00
Michael Niedermayer
3881606240 avcodec/utvideodec: Fix handling of slice_height=0
Fixes out of array accesses
Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 23:00:04 +01:00
Lou Logan
a9a3c005b8 doc/filters: fix typos and spelling errors
Prompted-by: Carl Oxwall <@oxwall>
Signed-off-by: Lou Logan <lou@lrcd.com>
2014-12-16 10:32:00 -09:00
Michael Niedermayer
211200e0c0 avcodec/xface: Add asserts to limit nb_words from becoming too large
Approved-by: Stefano Sabatini <stefasab@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 19:19:35 +01:00
Michael Niedermayer
93a5a16f13 avcodec/xface: correct the XFACE_MAX_* values
Fixes out of array access

Fixes: asan_stack-oob_32c12e5_2536_cov_2442316831_lena.xface
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 19:19:28 +01:00
Michael Niedermayer
3030fb7e0d avcodec/vmdvideo: Check len before using it in method 3
Fixes out of array access
Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 16:27:45 +01:00
Michael Niedermayer
b8eb8b0310 avformat/hlsenc: Use av_freep() to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 15:37:04 +01:00
Michael Niedermayer
91ea466551 avformat/flvdec: Use av_freep() avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 15:37:04 +01:00
Michael Niedermayer
16d763fa45 avformat/hdsenc: Use av_freep() avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 15:37:04 +01:00
Paul B Mahol
5f90ef6611 lavfi: add colorlevels filter
Signed-off-by: Paul B Mahol <onemda@gmail.com>
2014-12-16 10:10:04 +00:00
Christian Suloway
92a596f13b avformat/hlsenc: fix hls_write_trailer() on hls_start() failure
Close segment I/O context and append segment in hls_write_trailer() only
when segment I/O context is allocated.

Signed-off-by: Christian Suloway <csuloway@globaleagleent.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 03:57:58 +01:00
Derek Buitenhuis
402a61c919 snow_dwt: Don't try and free members of non-existent arrays
If allocation fails earlier on, and the next frame is processed,
the slice buffer could be left in a state where line and data_stack
have already been freed, or are otherwise null pointers.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2014-12-15 21:52:19 -05:00
Ronald S. Bultje
0a7964dca5 vp9/x86: save one register on 32bit idct32x32.
Fixes build on win32.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 02:51:26 +01:00
Michael Niedermayer
1a86e29ff0 Merge commit '6f4364aba9d70dc5fd9f1c88b9c03bf9ea893d40'
* commit '6f4364aba9d70dc5fd9f1c88b9c03bf9ea893d40':
  mov: Fix handling of zero-length metadata values

Conflicts:
	libavformat/mov.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-16 02:23:43 +01:00
Michael Niedermayer
d2f9aefbde ffmpeg: Check for subtitle_out malloc failure
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 23:26:54 +01:00
Michael Niedermayer
4f1923a91b avcodec/tiffenc: Consistently use ADD_ENTRY1()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 22:45:41 +01:00
Martin Storsjö
6f4364aba9 mov: Fix handling of zero-length metadata values
Since 3cec81f4d4, a zero-length metadata value would try to
allocate 2*0 bytes, where av_malloc() returns NULL.

Always add one to the allocated length, to allow space for
a null terminator in the zero-length case.

Incidentally, this fixes fate-alac on RVCT 4.0, where a compiler
bug seems to mess up the mov muxer to the point that it writes
the wrong sort of metadata. Previously this bug was undetected,
but since 3cec81f4d4 such mov files started returning
AVERROR(ENOMEM) in the mov demuxer.

Signed-off-by: Martin Storsjö <martin@martin.st>
2014-12-15 23:42:10 +02:00
Michael Niedermayer
4cffcbc809 Merge commit '10d4c5e55e5b23e165aa4c7723073ebe2c2e7da0'
* commit '10d4c5e55e5b23e165aa4c7723073ebe2c2e7da0':
  tiff: set the correct return value when check_size() fails

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 22:14:14 +01:00
Michael Niedermayer
07b4d4b1a2 Merge commit '3c27275c1309190f2d6ed69140b67d014215b6c9'
* commit '3c27275c1309190f2d6ed69140b67d014215b6c9':
  tiff: Check the check_size() return value and forward it

Conflicts:
	libavcodec/tiffenc.c

See: d50aa006fb
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 22:00:52 +01:00
Michael Niedermayer
41915d0b86 Merge commit '4690e01c3aaf495c87127e5dc74aa347197dbc0b'
* commit '4690e01c3aaf495c87127e5dc74aa347197dbc0b':
  prores: Evaluate all the quantizers

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 21:46:29 +01:00
Michael Niedermayer
71df932b22 Merge commit '490a3ebf36821b81f73e34ad3f554cb523dd2682'
* commit '490a3ebf36821b81f73e34ad3f554cb523dd2682':
  matroskadec: Fix read-after-free in matroska_read_seek()

See: 33301f0017
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 21:35:18 +01:00
Michael Niedermayer
38c3ffbd55 Merge commit 'd75190aa93206c02cb4f18a66d2c927d6a0198e1'
* commit 'd75190aa93206c02cb4f18a66d2c927d6a0198e1':
  mpegvideo: move REBASE_PICTURE where it is used

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 21:27:10 +01:00
Michael Niedermayer
0a3ffcfc82 Merge commit '63fcedcf01247f15b72c0d1f959bb3b612853ba8'
* commit '63fcedcf01247f15b72c0d1f959bb3b612853ba8':
  mpegvideo: remove unused function declaration

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 21:19:40 +01:00
Michael Niedermayer
b799ec7e0b avcodec/hevc: Print an error if luma_log2_weight_denom is out of range
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 21:12:46 +01:00
Michael Niedermayer
241943d3a2 Merge commit 'b2bece5e9a4dd96142962c6798e187c77b88bbfa'
* commit 'b2bece5e9a4dd96142962c6798e187c77b88bbfa':
  hevc: always clip luma_log2_weight_denom

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 21:06:20 +01:00
Nicolas George
acbc2ed26a lavf/concatdec: handle NOPTS start_time.
Fix trac ticket #3598.

Signed-off-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 20:00:35 +01:00
Michael Niedermayer
9887e7df9b Changelog: Add 10bit spp
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 18:59:13 +01:00
Michael Niedermayer
838aa08d75 avfilter/vf_spp: support 10bit per sample
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 18:49:35 +01:00
Michael Niedermayer
1307c11ce6 avcodec/avdct: support >8bit per sample dcts
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 18:25:00 +01:00
Michael Niedermayer
c1d9283b1e doc/ffplay: remove duplicate threads option, this is documented in codecs.*
Fixes Ticket3610

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 17:54:14 +01:00
Michael Niedermayer
ae658efef8 avformat/xmv: Check return code of ff_alloc_extradata()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 16:01:05 +01:00
Michael Niedermayer
480cd822b3 avformat/flic: se av_freep() to avoid leaving stale extradata pointer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 15:49:00 +01:00
Michael Niedermayer
0051e3c233 avformat/rtpdec_mpeg4: Use av_freep() to avoid leaving stale extradata pointer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 15:48:35 +01:00
Michael Niedermayer
c116befc92 avformat/xmv: use av_freep() to avoid leaving stale extradata pointer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 15:47:54 +01:00
Vittorio Giovara
10d4c5e55e tiff: set the correct return value when check_size() fails
Only one instance affected and solved as other occurences.
2014-12-15 15:46:34 +01:00
Luca Barbato
3c27275c13 tiff: Check the check_size() return value and forward it
Also use the same type for add_entry and check_size.

Bug-Id: CID 700699
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Vittorio Giovara <vittorio.giovarao@gmail.com>
2014-12-15 15:46:34 +01:00
Luca Barbato
4690e01c3a prores: Evaluate all the quantizers
Prevent an uninitialized data access.

CC: libav-stable@libav.org
Bug-Id: CID 703824 / CID 703825
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2014-12-15 15:46:34 +01:00
Xiaohan Wang
490a3ebf36 matroskadec: Fix read-after-free in matroska_read_seek()
In matroska_read_seek(), |tracks| is assigned at the begining of the
function. However, functions like matroska_parse_cues() could reallocate
the tracks and invalidate |tracks|.

This assigns |tracks| only before using it, so that it will not get
invalidated elsewhere.

Bug-Id: chromium/427266
2014-12-15 15:46:34 +01:00
Vittorio Giovara
d75190aa93 mpegvideo: move REBASE_PICTURE where it is used
Drop an unused #undef from h264 decoder.
2014-12-15 15:46:34 +01:00
Vittorio Giovara
63fcedcf01 mpegvideo: remove unused function declaration 2014-12-15 15:46:34 +01:00
Vittorio Giovara
b2bece5e9a hevc: always clip luma_log2_weight_denom
Its value shall be between 0 and 7 according to the specifications.

CC: libav-stable@libav.org
Bug-Id: CID 1257502
2014-12-15 15:46:34 +01:00
Michael Niedermayer
89f0feadc2 avformat/assenc: Use av_freep() to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-15 15:43:42 +01:00