Commit Graph

37180 Commits

Author SHA1 Message Date
Michael Niedermayer
46095f427e mp3dec: Check for memcpy size to be positive.
No, ive no testcase.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 03:30:46 +01:00
Thierry Foucu
10e9d1f76b Fix a heap-buffer-overflow
In some case, what left to read from ptr is smaller than EXTRABYTES.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 03:28:12 +01:00
Michael Niedermayer
3c5fe5b527 Merge remote-tracking branch 'qatar/master'
* qatar/master: (22 commits)
  wma: Clip WMA1 and WMA2 frame length to 11 bits.
  movenc: Don't require frame_size to be set for modes other than mov
  doc: Update APIchanges with info on muxer flushing
  movenc: Reindent a block
  tools: Remove some unnecessary #undefs.
  rv20: prevent calling ff_h263_decode_mba() with unset height/width
  tools: K&R reformatting cosmetics
  Ignore generated aviocat and ismindex tools.
  build: Automatically include architecture-specific library Makefile snippets.
  indeo5: prevent null pointer dereference on broken files
  pktdumper: Use usleep instead of sleep
  cosmetics: Remove some unnecessary block braces.
  Drop unnecessary prefix from *sink* variable and struct names.
  Add a tool for creating smooth streaming manifests
  movdec: Calculate an average bit rate for fragmented streams, too
  movenc: Write the sample rate instead of time scale in the stsd atom
  movenc: Add a separate ismv/isma (smooth streaming) muxer
  movenc: Allow the caller to decide on fragmentation
  libavformat: Add a flag for muxers that support write_packet(NULL) for flushing
  movenc: Add support for writing fragmented mov files
  ...

Conflicts:
	Changelog
	cmdutils.c
	cmdutils.h
	doc/APIchanges
	ffmpeg.c
	ffplay.c
	libavfilter/Makefile
	libavformat/Makefile
	libavformat/avformat.h
	libavformat/movenc.c
	libavformat/movenc.h
	libavformat/version.h
	tools/graph2dot.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 02:23:56 +01:00
Michael Niedermayer
01e5e97026 mjpegbdec: Fix incorrect bitstream buffer size.
Fixes CVE-2011-3947

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:56:09 +01:00
Paul B Mahol
dd453f197c r210, r10k and avrp encoder
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:40:06 +01:00
Michael Niedermayer
807a045ab7 kgv1dec: Increase offsets array size so it is large enough.
Fixes CVE-2011-3945

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:25:45 +01:00
Michael Niedermayer
2f3a86a761 doc/ffmpeg.texi
Merge changes from avconv.texi since the last merge into ffmpeg.texi

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:01:34 +01:00
Lou Logan
935c659c03 remove avconv from Doxyfile
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 22:47:45 +01:00
Michael Niedermayer
def678956a Remove avconv
All features have been merged into ffmpeg.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 22:46:37 +01:00
Michael Niedermayer
1285baaab5 smackerdec: Check that the last indexes are within the table.
Fixes CVE-2011-3944

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 22:32:11 +01:00
Alex Converse
d78bb1a4b2 wma: Clip WMA1 and WMA2 frame length to 11 bits.
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.

Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

CC: libav-stable@libav.org
2012-01-25 12:31:37 -08:00
Martin Storsjö
9f9c45f4b6 movenc: Don't require frame_size to be set for modes other than mov
The field frame_size isn't written to the output anywhere except
than in mov.

This facilitates stream copy from formats that don't set frame_size.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 22:25:56 +02:00
Martin Storsjö
6cb288290d doc: Update APIchanges with info on muxer flushing
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 22:24:13 +02:00
Martin Storsjö
990a746cec movenc: Reindent a block
Also add some space around operators and wrap a comment
that extends past the 80 char "limit"/guideline.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 22:13:56 +02:00
Michael Niedermayer
247d30a7db vp3: Copy all 3 frames for thread updates.
This fixes a double release of the current frame on deinit.
Fixes CVE-2011-3934

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 21:12:00 +01:00
Diego Biurrun
d55fa1cb25 tools: Remove some unnecessary #undefs. 2012-01-25 20:41:22 +01:00
Hendrik Leppkes
6071644287 indeo3: fix motion vector validation
The index of the motion vector has to be checked before being
multiplied by 2 for the array index.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 18:55:32 +01:00
Michael Niedermayer
5cb57a16ed dv: Fix null pointer dereference due to ach=0
Fixes part2 of CVE-2011-3929

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 16:41:27 +01:00
Michael Niedermayer
f9de136b17 dv: check stype
Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 16:41:26 +01:00
Janne Grunau
c3e10ae412 rv20: prevent calling ff_h263_decode_mba() with unset height/width
Prevents a crash of VLC during playback of a invalid matroska file,
found by John Villamil <johnv@matasano.com>.

CC: libav-stable@libav.org
2012-01-25 16:18:54 +01:00
Nicolas George
4a68949cd8 lavfi: Makefile: cosmetics: align FFLIBS. 2012-01-25 16:12:52 +01:00
Diego Biurrun
4e81b5f517 tools: K&R reformatting cosmetics 2012-01-25 15:31:11 +01:00
Diego Biurrun
50639cbefe Ignore generated aviocat and ismindex tools. 2012-01-25 15:04:35 +01:00
Diego Biurrun
07a873a277 build: Automatically include architecture-specific library Makefile snippets. 2012-01-25 15:04:28 +01:00
Janne Grunau
366ac22ea5 indeo5: prevent null pointer dereference on broken files
Found by John Villamil <johnv@matasano.com>
2012-01-25 14:31:57 +01:00
Martin Storsjö
7072a6a4bb pktdumper: Use usleep instead of sleep
MinGW doesn't have sleep, only _sleep (which is deprecated),
Sleep (which is defined in winbase.h and not in the standard
C headers) and usleep.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 14:34:51 +02:00
Diego Biurrun
33ad8c3cab cosmetics: Remove some unnecessary block braces. 2012-01-25 13:14:49 +01:00
Diego Biurrun
abe655a472 Drop unnecessary prefix from *sink* variable and struct names. 2012-01-25 12:28:36 +01:00
Martin Storsjö
33ec9ef96d Add a tool for creating smooth streaming manifests
It can also optionally split the file into individual fragments,
which allows it to be served from any web server without any
server side support.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:42 +02:00
Martin Storsjö
bc7d05177f movdec: Calculate an average bit rate for fragmented streams, too
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
3b5d4428ac movenc: Write the sample rate instead of time scale in the stsd atom
For ismv/isma, the time scale might not be the same as the sample
rate.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
4ddd54dab4 movenc: Add a separate ismv/isma (smooth streaming) muxer
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
b613ff5e93 movenc: Allow the caller to decide on fragmentation
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
f1caf01d5e libavformat: Add a flag for muxers that support write_packet(NULL) for flushing
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
83988d58ed movenc: Add support for writing fragmented mov files
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
6ca3856894 movenc: Add a separate start_pts
This fixes calculation of trackDuration if the MOVIentry array
is cleared. This is required by the fragmentation support in the
next patch.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:40 +02:00
Ronald S. Bultje
c3af52fa8b dsputil: use vertical component for drawing bottom edge.
Current code only writes 8 pixels of vertical edge for YUV422, which
causes MC artifacts when subsequent frames use data from that edge.
2012-01-25 18:06:36 +08:00
Michael Niedermayer
668494acd8 ffmpeg: add image size check to codec_get_buffer()
Fixes CVE-2011-3935

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 06:48:30 +01:00
Michael Niedermayer
28d634711b avidec: Fix regression with chunks that are larger than the file.
This commit makes the check specific to the case that needs it.

Regression was introduced by
commit 62adc60b97
Author: Michael Niedermayer <michaelni@gmx.at>
Date:   Fri Dec 16 06:13:04 2011 +0100

    avidec: Check that the header chunks fit in the available filesize.
    Fixes Ticket771
    Bug found by: Diana Elena Muscalu

    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 06:48:30 +01:00
Michael Niedermayer
59e95fa4a8 h263dec: Disallow width/height changing with frame threads.
Fixes CVE-2011-3937

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 06:48:30 +01:00
Michael Niedermayer
5c011706bc nsvdec: Fix use of uninitialized streams.
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 06:48:30 +01:00
Carl Eugen Hoyos
7988dd1b9a Fix multi-channel encoding with libfaac. 2012-01-25 03:51:49 +01:00
Michael Niedermayer
749e5dc1fd buildsystem: 10l add v4l entry back
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 00:46:41 +01:00
Michael Niedermayer
2179b638e3 v4l: fix compilation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 00:13:35 +01:00
Michael Niedermayer
1d9569f9e8 Merge remote-tracking branch 'qatar/master'
* qatar/master: (23 commits)
  aacenc: Fix identification padding when the bitstream is already aligned.
  aacenc: Write correct length for long identification strings.
  aud: remove unneeded field, audio_stream_index from context
  aud: fix time stamp calculation for ADPCM IMA WS
  aud: simplify header parsing
  aud: set pts_wrap_bits to 64.
  cosmetics: indentation
  aud: support Westwood SND1 audio in AUD files.
  adpcm_ima_ws: fix stereo decoding
  avcodec: add a new codec_id for CRYO APC IMA ADPCM.
  vqa: remove unused context fields, audio_samplerate and audio_bits
  vqa: clean up audio header parsing
  vqa: set time base to frame rate as coded in the header.
  vqa: set packet duration.
  vqa: use 1/sample_rate as the audio stream time base
  vqa: set stream start_time to 0.
  lavc: postpone the removal of AVCodecContext.request_channels.
  lavf: postpone removing av_close_input_file().
  lavc: postpone removing old audio encoding and decoding API
  avplay: remove the -er option.
  ...

Conflicts:
	Changelog
	libavcodec/version.h
	libavdevice/v4l.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-24 22:53:59 +01:00
Carl Eugen Hoyos
76c3e76eb3 Allow user to force reading mov alias from absolute path.
Based on a work-around by Alex Zhukov.

Fixes ticket #935
2012-01-24 22:39:54 +01:00
Alex Converse
efe68076da aacenc: Fix identification padding when the bitstream is already aligned. 2012-01-24 12:55:21 -08:00
Michael Niedermayer
cdfe94c5ab aacenc: Write correct length for long identification strings.
When the length is the escape value (15), the new length is calculated by
15 + get_bits(8) - 1.

Signed-off-by: Alex Converse <alex.converse@gmail.com>
2012-01-24 12:54:59 -08:00
Michael Niedermayer
c77be3a35a error concealment: initialize block index.
Fixes CVE-2011-3941 (out of bounds write)

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-24 21:08:41 +01:00
Justin Ruggles
b8dd555c63 aud: remove unneeded field, audio_stream_index from context
There is only one stream, so it will always be index 0.
This also allows for removal of the private context.
2012-01-24 14:13:47 -05:00