Wrong bit depth can lead to invalid rowsize values, which crashes the
decoder further down.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
configure: add POWER[5-7] support
arm: intreadwrite: revert 16-bit load asm to old version for gcc < 4.6
vqavideo: return error if image size is not a multiple of block size
cosmetics: indentation
avformat: only fill-in interpolated timestamps if duration is non-zero
avformat: remove a workaround for broken timestamps
Conflicts:
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This adds support for png image2pipe streaming
Update to latest git by: Eugene Ware <eugene@noblesamurai.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The decoder assumes in various places that the image size
is a multiple of the block size, and there is no obvious
way to support odd sizes. Bailing out early if the header
specifies a bad size avoids various errors later on.
Fixes CVE-2012-0947.
Signed-off-by: Mans Rullgard <mans@mansr.com>
* qatar/master:
mpeg12: fixed parsing in some mpeg2 streams
Add SMPTE240M transfer characteristics flag.
mpegts: Some additional HDMV types and reg descriptors for mpegts
motionpixels: Clip YUV values after applying a gradient.
jpeg: handle progressive in second field of interlaced.
ituh263dec: Implement enough of Annex O (scalability) to fix a FPE.
h263: more strictly forbid frame size changes with frame-mt.
h264: additional protection against unsupported size/bitdepth changes.
tta: prevents overflows for 32bit integers in header.
configure: remove malloc_aligned.
vp8: update frame size changes on thread context switches.
snowdsp: explicitily state instruction size.
wmall: fix reconstructing audio with uncoded channels
WMAL cosmetics: fix indentation
gitignore: add Win32 library suffixes
Conflicts:
configure
libavcodec/h263dec.c
libavcodec/h264.c
libavcodec/ituh263dec.c
libavcodec/mjpegdec.c
libavcodec/wmalosslessdec.c
libavcodec/x86/snowdsp_mmx.c
libavformat/mpegts.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Compared to av_opt_ptr, accessors bring:
- better performance (negligible);
- compile-time type check;
- link-time existence check
(or at worst, a dynamic linker error instead of a NULL dereference).
* qatar/master:
arm: intreadwrite: disable inline asm for gcc 4.7 and later
arm: intreadwrite: fix inline asm constraints for gcc 4.6 and later
indeo3: fix motion vector validation
pcm_bluray: set bits_per_raw_sample for > 16-bit
twinvq: fix out of bounds array access
lavr: use 8.8 instead of 10.6 as the 16-bit fixed-point mixing coeff type
Conflicts:
doc/APIchanges
libavcodec/indeo3.c
libavcodec/pcm-mpeg.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Progressive data is allocated later in decode_sof(), not allocating
that data leads to NULL dereferences.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This prevents sample_rate/data_length from going negative, which
caused various crashes and undefined behaviour further down.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This properly synchronizes frame size changes between threads if
subsequent threads abort decoding before frame size is initialized, i.e.
it prevents the thread after that from ping-ponging back to the original
value.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
The index of the motion vector has to be checked before being
multiplied by 2 for the array index.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* qatar/master:
avplay: use libavresample for sample format conversion and channel mixing
Fix compilation with YASM/NASM without AVX support.
WMAL: do not output last frame again if nothing was decoded in current packet
WMAL: do not start decoding if frame does not end in current packet
adpcm-thp: fix invalid array indexing
ppc: add const where needed in scalarproduct_int16_altivec()
ppc: remove shift parameter from scalarproduct_int16_altivec()
ppc: dsputil: do unaligned block accesses correctly
dvenc: do not call dsputil functions with stride not a multiple of 16
APIchanges: fill in some dates and commit hashes
Conflicts:
doc/APIchanges
ffplay.c
libavcodec/adpcm.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
ModeTab.fmode has only 3 elements, so indexing it with ftype
in the initialier for 'size' is invalid when ftype == FT_PPC.
This fixes crashes with gcc 4.8.
Signed-off-by: Mans Rullgard <mans@mansr.com>
The shift parameter was removed from this interface in 7e1ce6a.
This updates the Altivec implementation to match.
Signed-off-by: Mans Rullgard <mans@mansr.com>
To load unaligned vector data in the usual way, explicit vec_ld()
should be used rather than dereferencing a pointer to a vector type.
When the VSX extension is enabled, gcc may compile vector pointer
dereferences using the VSX lxvw4x instruction instead of the lvx
instruction typically used with Altivec/VMX. As the behaviour of
these instructions with unaligned addresses differs, it is important
that only lvx is used here.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Allowing dsputil functions to assume the stride is a multiple of 16
even for smaller block sizes can simplify their implementation.
This appears to be the only place this guarantee is not met.
Signed-off-by: Mans Rullgard <mans@mansr.com>
* qatar/master:
mkv: mark corrupted packets and return them
mkv: forward EMBL block data error
avcodec: introduce YCoCg colorspace
avcodec: cosmetic cleanup on header
aac sbr: align struct member by 32 byte.
Conflicts:
libavcodec/avcodec.h
libavformat/matroskadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
