generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
32,194 Commits 24 Branches 241 Tags
Commit Graph

32194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luca Barbato
5a6af4fd74 wavpack: return meaningful errors 
And forward those that were already meaningful.
(cherry picked from commit 8c34558131d846d2b10389564caadaa206372fd4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wavpack.c
 2013-06-22 08:51:56 +02:00
Luca Barbato
42fed7f433 wavpack: check packet size early 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd06291239c1bb616bf303b5696cc432710b2530)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-06-22 08:51:56 +02:00
Luca Barbato
7ca8d8223d mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac 
Prevent out of buffer write when decoding broken samples.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cfbd98abe82cfcb9984a18d08697251b72b110c8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-06-22 08:48:37 +02:00
Luca Barbato
33492ad810 mjpeg: Validate sampling factors 
They must be non-zero.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8aa3500905fec6c4e657bb291b861d43c34d3de9)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/mjpegdec.c
 2013-06-22 08:48:24 +02:00
Luca Barbato
da5cf7e452 ljpeg: use the correct number of components in yuv 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit a030279a67ef883df8cf3707774656fa1be81078)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-06-22 08:47:16 +02:00
Luca Barbato
6711d410dc wavpack: validate samples size parsed in wavpack_decode_block 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit ed50673066956d6f2201a57c3254569f2ab08d9d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wavpack.c
 2013-06-22 08:40:13 +02:00
Luca Barbato
d26bc6c6b6 jpegls: check the scan offset 
Prevent an out of array bound write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit abad374909e6416e941351094f4f1446a71f8d23)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/jpeglsdec.c
 2013-06-22 08:40:02 +02:00
Reinhard Tartler
ca4a25acf8 jpegls: factorize return paths 
Conflicts:
	libavcodec/jpeglsdec.c

(cherry picked from commit 4a4107b48944397c914aa39ee16a82fe44db8c4c)
 2013-06-22 08:40:00 +02:00
Luca Barbato
2ebabfff48 jpegls: return meaningful errors 
(cherry picked from commit a5a0ef5e13a59ff53318a45d77c5624b23229c6f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/jpeglsdec.c
 2013-06-22 08:39:58 +02:00
Luca Barbato
a03dcec364 mjpegdec: properly report unsupported disabled features 
When JPEG-LS support is disabled the decoder would feed the
data to the JPEG Lossless decode_*_scan function resulting in
faulty decoding.

CC: libav-stable@libav.org
(cherry picked from commit b25e49b187617c486ae3f50a5cbb356fc0e868bb)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-06-22 08:38:31 +02:00
Reinhard Tartler
e6617580e3 update Changelog 2013-05-12 08:40:56 +02:00
Michael Smith
4941dfb4f6 proresdec: support mixed interlaced/non-interlaced content 
Set interlaced to false if we don't have an interlaced frame

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0881cbf314982cce8448bd12644ce2a6e0b8c576)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 1fa37f2bfa0f5c50ce61dedf2bbb772d96d71101)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-05-12 08:40:32 +02:00
Reinhard Tartler
2f61e40908 update Changelog 2013-05-11 11:58:32 +02:00
Luca Barbato
31ed79af7f wav: Always seek to an even offset 
RIFF chunks are aligned to 16bit according to the specification.

Bug-Id:500
CC:libav-stable@libav.org
(cherry picked from commit ac87eaf856e0fb51917266b899bb15d19b907baf)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-05-07 07:15:26 +02:00
Luca Barbato
f4bb72d33d id3v2: check for end of file while unescaping tags 
Prevent an out of buffer bound write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit af4cc2605c7a56ecfd84c264aa2b325020418472)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-05-07 07:13:55 +02:00
Anton Khirnov
6742f0408d indeo3: fix off by one in MV validity check 
CC:libav-stable@libav.org
(cherry picked from commit 95220be1faac628d849a004644c0d102df0aa98b)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-05-07 07:13:55 +02:00
Reinhard Tartler
a590979988 aac: check the maximum number of channels 
Broken bitstreams could report a larger than specified number of
channels and cause outbound writes.

CC:libav-stable@libav.org
(cherry picked from commit a943a132f36f4df8fe2f749744677b71984abce7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/aacdec.c
 2013-05-07 07:13:50 +02:00
Reinhard Tartler
7bf6a86f2e update Changelog 2013-04-24 21:02:29 +02:00
Luca Barbato
d2d2ddf9a3 oggdec: fix faulty cleanup prototype 
(cherry picked from commit fba8e5b608577fc660989d0057a55818254a3744)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
43c0a87279 qdm2: check that the FFT size is a power of 2 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 34f87a58532ed652a6e0283c1d044ee5df0aef0b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
c579d4283e indeo3: switch parsing the header to bytestream2 
Also add an additional sanity check to the alt_quant table.
Fixes invalid reads with corrupted files.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 66531d634e75b834e89e4a6a0f7470ca018712a1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
9b2af4d080 indeo3: check motion vectors. 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit a0a872d0733f60876b0c93f236bc4606f36fbf89)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
c5084a1765 rv10: check that extradata is large enough 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

(cherry picked from commit 01d376f598fe95478036f5d1e3e5e14ffe32d4bf)

Conflicts:

	libavcodec/rv10.c
 2013-04-24 21:01:14 +02:00
Anton Khirnov
74753cf1a9 indeo3: fix data size check 
The data offsets are relative to the bistream header, which is 16 bytes
after the start of the data.
Fixes invalid reads with corrupted files.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 34e6af9e204ca6bb18d8cf8ec68fe19b0e083e95)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
881526744e lavf: make sure stream probe data gets freed. 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dbb1425811a672eddf4acf0513237cdf20f83756)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
4c7f40c6df dfa: check for invalid access in decode_wdlt(). 
This can happen when the number of skipped lines is not consistent with
the number of coded lines.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3623589edc7b1257bb45aa9e52c9631e133f22b6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
9aa2eee313 xmv: check audio track parameters validity. 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d1016dccdcb10486245e5d7c186cc31af54b2a9c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
0f6364b62b bmv: check for len being valid in bmv_decode_frame(). 
It can be 0 or -1 for invalid files, which may result in invalid memory
access.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b88f902125ee808c8366e9dcb3f21e4c227483fc)

Conflicts:

	libavcodec/bmv.c
 2013-04-24 21:01:14 +02:00
Anton Khirnov
c65fb5b41b xmv: do not leak memory in the error paths in xmv_read_header() 
CC: libav-stable@libav.org
(cherry picked from commit f8080bd13b5f7fc48204b17fa59a5ce9feb15f07)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Anton Khirnov
2eaf8698a3 avfiltergraph: check for sws opts being non-NULL before using them. 
Avoid snprintfing a NULL pointer.

CC: libav-stable@libav.org
(cherry picked from commit 6e3c13a559e9ff300b5ca60e1d503e594d7f055c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Luca Barbato
a563e4af9f oma: Validate sample rates 
The sample rate index is 3 bits even if currently index 5, 6 and 7 are
not supported.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 0933fd1533560fbc718026e12f19a4824b041237)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-04-24 21:01:14 +02:00
Reinhard Tartler
73746237a1 Prepare for 0.8.7 Release 2013-04-24 21:01:10 +02:00
Reinhard Tartler
b385a77218 update Changelog 2013-03-23 14:48:40 +01:00
Reinhard Tartler
dab40d5bd4 fate: fetch samples that match the release series 
The idea is to ensure that 'make fate' always fetches the fate samples
that work with this release.
(cherry picked from commit a89f68776b2771935a348ce07d0a094ae965acfc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-23 14:46:45 +01:00
Ronald S. Bultje
cd534fdf86 dxva2: include dxva.h if found 
Apparently, some build environments require dxva.h even for dxva2,
while others lack this header entirely.  Including it conditionally
allows building in both cases.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit fa84506177f0246b30d4ea6a99ee5d419f3e4550)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-19 08:41:24 +01:00
Kostya Shishkov
36aad4f1cc iff: validate CMAP palette size 
Fixes CVE-2013-2495

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

CC: libav-stable@libav.org
(cherry picked from commit 50c449ac24fbb4c03c15d2e2026cef2204b80385)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 31a77177ff323ef83944c60a8654891213ab6691)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-18 20:24:49 +01:00
Reinhard Tartler
fabdeed6fc Changelog: document msrle bugfix 2013-03-17 08:25:46 +01:00
Reinhard Tartler
f0337b0f24 Changelog: cosmetics, remove trailing periods and sort 2013-03-17 08:25:12 +01:00
Anton Khirnov
4160398e2a msrledec: check bounds before constructing a possibly invalid pointer, 
CC:libav-stable@libav.org
(cherry picked from commit 9bd6375d5f16842306dcecde637ffe605acda26b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit b7765d00f911fe0f8fcda21b93a540f27d2ba2f5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-17 07:37:06 +01:00
Ronald Bultje
327ff82bac msrle: convert MS RLE decoding function to bytestream2. 
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 992f71e95dcf57c917531f126ba7499ef9ed87d3)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-17 07:36:54 +01:00
Reinhard Tartler
e91a6249b6 Update Changelog for the 0.8.6 Release 2013-03-16 08:48:36 +01:00
Anton Khirnov
b57ab9d7a9 wmaprodec: require block_align to be set. 
Avoids an infinite loop in the calling programs with decoder not
consuming any input and not returning output.

CC:libav-stable@libav.org
(cherry picked from commit cacad1c058f66558ec727faac3b277d2dee264d4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 20373a66ec68d958c266f643a7d0e5ec254c0fcc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-16 08:21:01 +01:00
Anton Khirnov
6dbe931344 ivi_common: do not call MC for intra frames when dc_transform is unset 
CC:libav-stable@libav.org
(cherry picked from commit 3ba40ebb6cc58753dc3746c718203bb31760deba)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 74880e78d83031d612c941a383b810ff0c9d50c6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-03-16 08:21:01 +01:00
Anton Khirnov
87e4f4c79a roqvideodec: fix a potential infinite loop in roqvideo_decode_frame(). 
When there is just 1 byte remanining in the buffer, nothing will be read
and the loop will continue forever. Check that there are at least 8
bytes, which are always read at the beginning.

CC:libav-stable@libav.org
(cherry picked from commit 3e2f200237af977b9253b0aff121eee27bcedb44)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 747fbe0c212b81952bb27ec7b99fa709081e2d63)

Conflicts:

	libavcodec/roqvideodec.c
 2013-03-16 08:21:01 +01:00
Reinhard Tartler
ca335f5000 Revert "libmp3lame: use the correct remaining buffer size when flushing" 
This reverts commit 5dbb3298b9c1d7beb41c7d3ab19f86d6e027e43d, which was
mistakenly backported.
 2013-03-16 08:20:35 +01:00
Xi Wang
cab9624892 lzo: fix overflow checking in copy_backptr() 
The check `src > dst' in the form `&c->out[-back] > c->out' invokes
pointer overflow, which is undefined behavior in C.

Remove the check.  Also replace `&c->out[-back] < c->out_start' with
a safe form `c->out - c->out_start < back' to avoid overflow.

CC: libav-stable@libav.org

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

(cherry picked from commit ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6)

Conflicts:
	libavutil/lzo.c
 2013-03-15 13:35:59 +01:00
Xi Wang
d8010bda7a flacdec: simplify bounds checking in flac_probe() 
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.

CC: libav-stable@libav.org

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

(cherry picked from commit 8425d693eefbedbb41f91735614d41067695aa37)
 2013-03-15 13:33:35 +01:00
Xi Wang
12d8ae2979 atrac3: avoid oversized shifting in decode_bytes() 
When `off' is 0, `0x537F6103 << 32' in the following expression invokes
undefined behavior, the result of which is not necessarily 0.

    (0x537F6103 >> (off * 8)) | (0x537F6103 << (32 - (off * 8)))

Avoid oversized shifting.

CC: libav-stable@libav.org

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

(cherry picked from commit eba1ff31304e407db3cefd7532108408f364367b)

Conflicts:
	libavcodec/atrac3.c
 2013-03-15 13:33:25 +01:00
Anton Khirnov
0076639965 avconv: skip attached files when selecting streams to read from. 
Fixes Bug 473 / invalid reads when using -attach.
 2013-03-15 08:58:11 +01:00
Mans Rullgard
d8fbae3c3c lavf: fix arithmetic overflows in avformat_seek_file() 
The values compared here can be more than INT64_MAX apart.  Since the
difference is always positive, converting to uint64_t before subtracting
gives the correct result without overflows.

Signed-off-by: Mans Rullgard <mans@mansr.com>

(cherry picked from commit 91ac403b1316d59b4f43c4ea0f237e24cec2819a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-03-13 14:14:54 +01:00