Commit Graph

39602 Commits

Author SHA1 Message Date
Michael Niedermayer
ba775a54bc indeo3: fix out of picture write.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 03:26:51 +01:00
Michael Niedermayer
59a4b73531 pthread/mpegvideo: detect and block attempts to init frames after setup.
This fixes race conditions that ultimately lead to memory corruption.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-24 00:32:18 +01:00
Janne Grunau
cb7190cd2c rv34: error out on size changes with frame threading 2012-03-23 23:11:55 +01:00
Alex Converse
b00307ecd0 aacsbr: Add a debug check to sbr_mapping.
There have been multiple bugs caused by inconsistencies here.

Based on an idea from Michael Niedermayer.

CC: libav-stable@libav.org
2012-03-23 14:56:44 -07:00
Alex Converse
0cb93dacee aac: Reset some state variables when turning SBR off
This makes sure the reset flag gets set when SBR gets turned back on
and sets control variables for unguided mode back to their defaults.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-23 14:56:44 -07:00
Alex Converse
a237b38021 aac: Reset PS parameters on header decode failure.
If the next header frame codes zero envelopes the previous frame's
values will be used. Consequently the invalid values must be cleared.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-23 14:56:44 -07:00
Michael Niedermayer
71c2a70cbf error_concealment: Prevent FPEs in case of corrupted input.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 22:03:32 +01:00
Ronald S. Bultje
7beec7e29d fate: add wmalossless test. 2012-03-23 14:03:03 -07:00
Michael Niedermayer
e2d110d8d2 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  rv34: Handle only complete frames in frame-mt.
  MPV: set reference frame pointers to NULL when allocation of dummy pictures fails
  configure: die if x11grab dependencies are unavailable
  zerocodec: factorize loop
  avconv: fix the resampling safety factors for output audio buffer allocation
  avconv: move audio output buffer allocation to a separate function
  avconv: make the async buffer global and free it in exit_program()

Conflicts:
	ffmpeg.c
	libavcodec/mpegvideo.c
	libavcodec/rv34.c
	libavcodec/zerocodec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 21:20:06 +01:00
Ronald S. Bultje
71ea26811c aacsbr: handle m_max values smaller than 4.
Prevents a signflip in the counter, and a subsequent crash because of
overreads/overwrites.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-23 12:56:08 -07:00
Reimar Döffinger
adb98a3d22 VC1: restore optimizations broken in 9a1ced32.
They were moved into code under HAVE_YASM and most of them
even into completely disabled code with no reason given
for that in the commit message.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
2012-03-23 19:39:02 +01:00
Paul B Mahol
e730036fdc interplayvideo: give avctx to av_dlog()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:12:34 +01:00
Paul B Mahol
0c57f8197c interplayvideo: remove superfluous strings from av_log()
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:11:08 +01:00
Paul B Mahol
a0b07b8fc5 vmdvideo: remove superfluous strings from av_log messages
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:05:12 +01:00
Paul B Mahol
89cd95b19c sonic: fix warning about incompatible pointer types
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 19:03:45 +01:00
Janne Grunau
73ad4471a4 rv34: Handle only complete frames in frame-mt.
Correct handling of errors to prevent hags or crashes is very complex
otherwise.

The frame initializing is also moved from decode_slice() to
decode_frame() for clarity.
2012-03-23 17:50:46 +01:00
Janne Grunau
5ab506a5c8 MPV: set reference frame pointers to NULL when allocation of dummy pictures fails 2012-03-23 17:50:46 +01:00
Josh Allmann
4a584edad7 configure: die if x11grab dependencies are unavailable
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-03-23 12:10:41 +01:00
Michael Niedermayer
afa6129016 zerocodec: factorize loop
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-03-23 12:10:41 +01:00
Michael Niedermayer
ae03b2141e swr: check that there is enough information to do rematrixing when needed.
Fixes assertion failure.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 12:10:08 +01:00
Michael Niedermayer
2e909b3c77 bitstream: build_table, check table_nb_bits.
Fixes null ptr deref.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 11:38:53 +01:00
Michael Niedermayer
aae44fb4cd indeo4: check ref_mb
Fix NULL deref

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 11:03:53 +01:00
Michael Niedermayer
1664edb998 ffmpeg: check samplerate from decoder.
Fixes FPE

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:59:03 +01:00
Michael Niedermayer
a22e64fd02 rawdec: Check w/h.
Fixes FPE

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:48:18 +01:00
Michael Niedermayer
5934d57ba9 xmv: check channel number
Fixes FPE

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:31:45 +01:00
Michael Niedermayer
08c37a10e9 mjpegdec: check h/v_count.
Fixes FPE

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:24:22 +01:00
Michael Niedermayer
46c7842994 ituh263dec: Implement enough of Annex O (scalability) to fix a FPE.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 10:14:30 +01:00
Justin Ruggles
4094fc9971 avconv: fix the resampling safety factors for output audio buffer allocation
This matches the output size required for audio_resample()
2012-03-23 01:19:43 -04:00
Justin Ruggles
9869e963a6 avconv: move audio output buffer allocation to a separate function
Allows for removing a goto and makes the code easier to follow.
2012-03-23 01:19:43 -04:00
Justin Ruggles
f3ab3e1aee avconv: make the async buffer global and free it in exit_program() 2012-03-23 01:19:42 -04:00
Michael Niedermayer
cc415956a4 error_conceal: fix FPE in guess_dc() with huge sizes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 05:21:52 +01:00
Michael Niedermayer
ac2cb27916 mov: Fix FPE on 0 time_scale
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 04:32:16 +01:00
Michael Niedermayer
c0a99eae29 indeo4: check band->scan
Fixes null ptr exception

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 04:29:41 +01:00
Michael Niedermayer
f927c5b753 vorbisdemux: Check private context in theoras gtopts.
This prevents a null ptr dereference.
It could be checked differently but this way it should
be possible to return some data.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 04:29:33 +01:00
Paul B Mahol
ae2c33b0c2 cosmetics: remove superfluous curly brackets
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:09:07 +01:00
Paul B Mahol
0e465c1a81 huffyuv: remove long time disabled code
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:09:07 +01:00
Paul B Mahol
3a085c6a37 huffyuv: do not decode/encode yuv colorspace with odd width
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:09:07 +01:00
Michael Niedermayer
ba02069a8e aacdec: prevent channels from exceeding MAX_CHANNELS.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 03:08:58 +01:00
Michael Niedermayer
01fd1aa0ad matroskadec: fix strcmp(NULL)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 01:27:49 +01:00
Michael Niedermayer
437f5daf0b mov: fix global unicode convertion array overflow.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 01:09:04 +01:00
Michael Niedermayer
0c97fd336e mmdemux: dont set pkt->size to an invalid value.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 00:50:49 +01:00
Michael Niedermayer
7c0748c2db eatqi: replace break by goto.
This fixes some heap overread.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-23 00:50:43 +01:00
Michael Niedermayer
5a4af049b1 aacdec: reset max_sfb on invalid data.
Fixes global out of array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:57:45 +01:00
Michael Niedermayer
3583c8706d vqavideodev: Check image dimensions
Fixes out of heap array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:43:37 +01:00
Michael Niedermayer
464cef4c14 Merge remote-tracking branch 'qatar/master'
* qatar/master:
  xwma: Validate channels and bits_per_coded_sample.
  mov: Do not read past the end of the ctts_data table.
  mov: Add missing terminator to mov_ch_layout_map_1ch.
  asf: reset side data elements on packet copy.
  wmavoice: fix stack overread.
  wmalossless: error out if a subframe is not used by any channel.
  vqa: check palette chunk size before reading data.
  wmalossless: reset sample pointer for each subframe.
  wmalossless: error out on invalid values for order.

Conflicts:
	libavcodec/vqavideo.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:16:49 +01:00
Michael Niedermayer
9759d2b886 indeo4: check motion vetors.
Fixes out of heap array read.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:13:00 +01:00
Michael Niedermayer
afc0cc22e1 pngenc: make max_packet_size 64bit check check it.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-03-22 23:13:00 +01:00
Clément Bœsch
50a3867bab png: make ff_png_pass_mask local to pngdec. 2012-03-22 22:53:51 +01:00
Carl Eugen Hoyos
abdcb4918c Fix libgsm.c compilation after typo in 67b8c8. 2012-03-22 22:01:35 +01:00
Alex Converse
5023b89bba xwma: Validate channels and bits_per_coded_sample.
This prevents a SIGFPE later on.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
2012-03-22 13:57:12 -07:00