The decode function assumes that the video will have those dimensions.
Fixes CVE-2012-2801
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2012-2800
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Fixes CVE-2012-2794
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Add a small table of integers instead as this is simpler and
avoid rounding issues (though such rounding issues are unlikely in this case)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The values are checked in the wraper function used to call this code.
This was introduced by: ee715f49a06bf3898246d01b056284a9bb1bcbb9
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b146d74730ab9ec5abede9066f770ad851e45fbc':
indeo4: update AVCodecContext width/height on size change
dfa: check that the caller set width/height properly.
indeo5dec: Make sure we have had a valid gop header.
cavsdec: check for changing w/h.
lavc: set channel count from channel layout in avcodec_open2().
doc/platform: Rework the Visual Studio linking section
doc/faq: Change the Visual Studio entry to reflect current status
doc/platform: Replace Visual Studio section with build instructions
doc/platform: Nuke section on linking static MinGW-built libs with MSVC
doc/platform: Remove false claim about MinGW installer
doc/platform: Mention MinGW-w64
dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction()
mpegaudiodec: fix short_start calculation
Conflicts:
doc/faq.texi
doc/platform.texi
libavcodec/cavsdec.c
libavcodec/indeo5.c
libavcodec/ivi_common.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This prevents decoding happening on a half initialized context.
Fixes CVE-2012-2779
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Our decoder does not support changing w/h.
Fixes CVE-2012-2777 and CVE-2012-2784.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The value should be always 3, as it follows from the specification.
Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
* qatar/master:
libopus: Remap channels using libopus' internal remapping.
Opus decoder using libopus
avcodec: document the use of AVCodecContext.delay for audio decoding
vc1dec: add flush function for WMV9 and VC-1 decoders
http: Increase buffer sizes to cope with longer URIs
nutenc: const correctness for ff_put_v_trace/put_s_trace function arguments
h264_refs: Fix debug tprintf argument types
golomb: const correctness for get_ue()/get_se() function arguments
get_bits: const correctness for get_bits_trace()/get_xbits_trace() arguments
Conflicts:
Changelog
libavcodec/Makefile
libavcodec/version.h
libavformat/http.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This way we can directly remap channels from Opus' channel order to
libav's internal channel order, instead of mapping channels from
Opus' order to Vorbis' order then to libav's order.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
* qatar/master:
dwt: Drop unused functions spatial_compose{53|97}i()
nutdec: Remove unused and broken debug function stub
avcodec: Drop long-deprecated imgconvert.h header
Add Opus support to the Ogg muxer.
Add Opus codec id and codec description.
avformat: Identify anonymous AVIO typedef structs.
Conflicts:
libavcodec/avcodec.h
libavcodec/codec_desc.c
libavcodec/imgconvert.h
libavcodec/version.h
libavformat/oggenc.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
I was sadly unable to find a non fuzzed mp3 that uses the
feature that contained the bug (and i searched hard ...), thus
while this fixes the security issue. It may or may not fix
mixed blocks in 8khz mp3s, i cant say due to lack of samples to test.
Security issue exists since: b37d945dd4213cb8e92146571b0374cd45d52286
Reported-by: Dale Curtis <dalecurtis@google.com>
(Probably) Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
nutdec: const correctness for get_v_trace/get_s_trace function arguments
truemotion2: Request samples for old TM2 headers
rtpdec: Remove a useless ff_ prefix from a static symbol
rtpdec: Support depacketizing speex
rtpenc: Add support for packetizing speex
Conflicts:
libavformat/rtpdec.c
libavformat/sdp.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This reverts commit d25f87f5174df5923be7ce0bb89fad08999286ed.
This breaks decoding of some h264 files
I have tested the original patch with fate but by mistake have
forgotten to specify the fate samples so testing was limited to
the internal regression tests.
