ffmpeg

Author	SHA1	Message	Date
Ronald S. Bultje	746f1594d7	h264: additional protection against unsupported size/bitdepth changes. Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 732f9fcfe54fc9a0a7bbce53fe86b38744c2d301) Conflicts: libavcodec/h264.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Ronald S. Bultje	0e4bb0530f	tta: prevents overflows for 32bit integers in header. This prevents sample_rate/data_length from going negative, which caused various crashes and undefined behaviour further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ac80b812cd177553339467ea12548d71c9ef6865) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:45 +02:00
Paul B Mahol	994c0efcc7	ttadec: CRC checking Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 2af3dc8698707f800f83f5fc890571a6a119866e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:35 +02:00
Paul B Mahol	cf5e119d4a	tta: use skip_bits_long() Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 9aff2d17533576f4ff52531e534f1319fb36a590) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:28 +02:00
Michael Niedermayer	e8050f313e	apedec: check bits <= 32. Fixes a floating-point exception further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> (cherry picked from commit 420d1df2e2a857eae45fa947e16eae7494793d57) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	be424d86a8	truemotion: forbid invalid VLC bitsizes and token values. SHOW_UBITS() is only defined up to n_bits is 25, therefore forbid values larger than this in get_vlc2() (max_bits). tokens[][] can be used as an index in deltas[], which has a size of 64, so ensure the values are smaller than that. This prevents crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b7b1509d06d3696d3b944791227fe198ded0654b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	46f8bbfc6d	truemotion2: handle out-of-frame motion vectors through edge extension. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bf39d3b59d85e5734babe48b61b8d92d18188185) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	562c6a7bf1	lzw: prevent buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ddcf67c8a51c67b122a826d8b5819e96d591d813) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	e711ccee4d	truemotion2: convert packet header reading to bytestream2. Also use correct buffer sizes in calls to tm2_read_stream(). Together, this prevents overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bd508d435b94584db460c684e30ea7ce180cf50f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	d6372e80fe	lagarith: fix buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 0a82f5275f719e6e369a807720a2c3603aa0ddd9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	29d91e9161	raw: forward avpicture_fill() error code in raw_decode(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 98df2e24141cd00a557ef10ed7af2b956200cd80) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Mashiat Sarker Shakkhar	583f57f04a	vc1: Do not read from array if index is invalid. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 95b192de5d05f3e1542e7b2378cdefbc195f5185) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Ronald S. Bultje	f8f6c14f54	utvideo: port header reading to bytestream2. Fixes crash during slice size reading if slice_end goes negative. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ec0ed97b046d46421db72c4911d2bbe28bbe5741) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Paul B Mahol	9e24f2a1f0	bytestream: add more unchecked variants for bytestream2 API Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f1ce053cd0e0d7dc67fa61f32bcd8b6ee5e5c490) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Aneesh Dogra	e788c6e9cb	bytestream: K&R formatting cosmetics Signed-off-by: Diego Biurrun <diego@biurrun.de> (cherry picked from commit ab9ae401525d301a31ec695bf39103502db6afeb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Aneesh Dogra	2e681cf50f	bytestream: Add bytestream2 writing API. Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit db7d45237ab6fc7fe90ec861cb756b2a109504a4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Alex Converse	9ddd3abe78	aac: Reset PS parameters on header decode failure. If the next header frame codes zero envelopes the previous frame's values will be used. Consequently the invalid values must be cleared. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a237b38021cd3009cc78eeb974b596085f2fe393) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Ronald S. Bultje	c21b858b27	vqa: check palette chunk size before reading data. Prevents overreads beyond buffer boundaries. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 75d7975268394f4f16294b68ec6d6d5ac30da3ac) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Paul B Mahol	0b9bb581fd	vqavideo: port to bytestream2 API Protects against overreads. Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 5a3a906ba29b53fa34d3047af78d9f8fd7678256) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	105601c151	wmavoice: fix stack overread. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 262196445cf03fda0f7e41c4b968f4f7bf060e6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	3a4949aa50	indeo4: fix out-of-bounds function call. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit 68fd077f68bdde864bb7328d72a040849c616261) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	bf3998d71e	mimic: don't use self as reference, and report completion at end of decode(). Fixes hangs on corrupt samples that reference self-frames. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 80387f0e2568746dce4a68e2217297029a053dae) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	87208b8fc4	mpeg4: report frame decoding completion at ff_MPV_frame_end(). Prevents hangs on corrupt input. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c6ccb96bc955b2087ec71033d99b3dcd5203eaf2) Conflicts: libavcodec/mpegvideo.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Kostya Shishkov	1ee0cd1ad7	dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 Signed-off-by: Janne Grunau <janne-libav@jannau.net>	2012-03-14 23:32:15 +01:00
Ronald S. Bultje	b594732475	dca: don't use av_clip_uintp2(). The argument is not a literal, thus causing the ARM v6 or later builds to break. Signed-off-by: Janne Grunau <janne-libav@jannau.net>	2012-03-14 23:30:19 +01:00
Michael Niedermayer	ce15406e78	snow: check reference frame indices. Fixes NULL ptr dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 1f8ff2b13cbfef790385818664ed12e763e7c75b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:35:09 +01:00
Michael Niedermayer	c9e95636a8	snow: reject unsupported chroma shifts. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit c9837954e7b968d44f82e7cdb7618e9f523b196c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:34:55 +01:00
Ronald S. Bultje	6e5c07f4c8	xa_adpcm: limit filter to prevent xa_adpcm_table[] array bounds overruns. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 86020073dbb9a3a9d1fbb76345b2ca29ba1f13d2) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:34:36 +01:00
Ronald S. Bultje	c999a8ed65	h264: increase reference poc list from 16 to 32. Interlaced images can have 32 references (16 per field), so limiting the array size to 16 leads to invalid writes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 48cbe4b092113eae0b3e5d6a08b59027f913a884) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:34:13 +01:00
Ronald S. Bultje	4d343a6f47	h264: stricter reference limit enforcement. Progressive images can have only 16 references, error out if there are more, since the data is almost certainly corrupt, and the invalid value will lead to random crashes or invalid writes later on. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e0febda22d0e0fab094a9c886b0e0f0f662df1ef) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:33:15 +01:00
Michael Niedermayer	a81a6d9c80	h264: improve parsing of broken AVC SPS Parsing the entire NAL as SPS fixes decoding of some AVC bitstreams with broken escaping. Since the size of the NAL unit is known and checked against the buffer end we can parse it entirely without buffer overreads. Fixes playback of http://streams.videolan.org/streams/mp4/Mr_MrsSmith-h264_aac.mp4 Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 3aa661ec561d7a20812b84b353b0d7855ac346c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:27:22 +01:00
Alex Converse	48f0eeb2e5	Replace computations of remaining bits with calls to get_bits_left(). (cherry picked from commit 3574a85ce57366ba7429edef93d5cad8640fb68c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:27:16 +01:00
Ronald S. Bultje	d26e47bf6c	png: convert to bytestream2 API. Protects against overreads in the input buffer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 4c25269cedd042abcb823c42d33609564861c374) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:14:28 +01:00
Ronald S. Bultje	568a474a08	roqvideo: convert to bytestream2 API. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cdf15771621bce7959b3e53b21426c5ba747e17b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:09:40 +01:00
Ronald S. Bultje	9a66cdbc16	smc: port to bytestream2 API. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8febcb9fc178926687ee19d32d2b3150da899867) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:09:28 +01:00
Ronald S. Bultje	ddb1149e25	tgq: convert to bytestream2 API. This protects against input buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 1255eed533b4069db7f205601953ca54c0dc42c9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:09:19 +01:00
Ronald S. Bultje	f6778f58d4	algmm: convert to bytestream2 API. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a55d5bdc6e28a2cfefc440d792de5cc4f02377e2) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:09:19 +01:00
Paul B Mahol	e4e4d92641	jvdec: unbreak video decoding The safe bitstream reader broke it since the buffer size was specified in bytes instead of bits. Signed-off-by: Janne Grunau <janne-libav@jannau.net> CC: libav-stable@libav.org (cherry picked from commit a1c036e961a32f7208e7315dabfa0ee99d779edb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:02:23 +01:00
Michael Niedermayer	de0ff4ce69	h264: Fix invalid interlaced/progressive MB combinations for direct mode prediction. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 758ec111538ccd487686e8677aa754ee4d82beaa) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:00:52 +01:00
Anton Khirnov	6548cb2578	libx264: add 'stats' private option for setting 2pass stats filename. x264 always opens the file itself with fopen, so we cannot use the standard lavc stats mechanism. CC: libav-stable@libav.org (cherry picked from commit d533e395e14d403948ca2424efbcee92429ef8e1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:00:12 +01:00
Anton Khirnov	f6257cf4b7	libx264: fix help text for slice-max-size option. CC: libav-stable@libav.org (cherry picked from commit 9d5c131ecec75fcfb1b4b56f74f2b2756bf0027a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:00:02 +01:00
Janne Grunau	d94256d36c	Revert "h264: clear trailing bits in partially parsed NAL units" This reverts commit 729ebb2f185244b0ff06d48edbbbbb02ceb4ed4e. There was an off-by-one error in the bit mask calculation clearing actually the last valid bit and causing http://bugzilla.libav.org/show_bug.cgi?id=227 The broken sample (Mr_MrsSmith-h264_aac.mp4) the commit was fixing does not work after correcting the off-by-one error. CC: libav-stable@libav.org (cherry picked from commit 8a6037c3900875ccab8d553d2cc659bdef2c9d0e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:56:55 +01:00
Ronald S. Bultje	7bb97a61df	mpc: pad mpc_CC/SCF[] tables to allow for negative indices. MPC8 allows indices of mpc_CC up to -1, and mpc_SCF up to -6, thus pad the tables by that much on the left end. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d7eabd50425a61b31e90c763a0c3e4316a725404) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:48:29 +01:00
Ronald S. Bultje	c65eadee5d	xxan: protect against chroma LUT overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit f77bfa837636a99a4034d31916a76f7d1688cf5a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:47:19 +01:00
Ronald S. Bultje	a43f4bd601	xxan: convert to bytestream2 API. Protects against overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 55188278169c3a1838334d7aa47a1f7a40741690) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:47:19 +01:00
Ronald S. Bultje	8f881885c2	xxan: don't read before start of buffer in av_memcpy_backptr(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit f1279e286b00e99f343adb51e251f036a3df6f32) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:47:19 +01:00
Ronald S. Bultje	26521d87ba	dsicinvideo: validate buffer offset before copying pixels. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c95fefa0420be9cc0f09a95041acf11114aaacd0) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:47:19 +01:00
Ronald S. Bultje	e1a4143793	cook: error out on quant_index values outside [-63, 63] range. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 97e48b2f541396ef6e8816a555bac1bb993d7a6a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:47:19 +01:00
Ronald S. Bultje	b9482a6efd	cook: extend channel uncoupling tables so the full bit range is covered. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 37cc8600d0313838cab5b886b9d373e5819aa24f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 20:47:19 +01:00
Ronald S. Bultje	88c3cc019c	cook: expand dither_tab[], and make sure indexes into it don't overflow. Fixes overflows in accessing dither_tab[]. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 442c3a8cb1785d74f8e2d7ab35b1862b7088436b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-13 23:40:29 +01:00

1 2 3 4 5 ...

15206 Commits