Commit Graph

37344 Commits

Author SHA1 Message Date
Michael Niedermayer
70dba1e3c8 kvmc: Check palsize.
Fixes: CVE-2011-3952

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:30:49 +01:00
Michael Niedermayer
1860c66c54 matroskadec: increase padding on several more extradata allocations.
Inspired by: 5af569aa30 by alex
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:23:41 +01:00
Alex Converse
5af569aa30 matroskadec: Pad AAC extradata.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

CC: libav-stable@libav.org
(cherry picked from commit d2ee8c1779)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:16:33 +01:00
Michael Niedermayer
92115bb685 dpcm: Round output buffer size up.
Fixes: CVE-2011-3951

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:05:57 +01:00
Michael Niedermayer
ddf0c1d86a diracdec: Check num_refs.
Fixes: CVE-2011-3950

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:05:57 +01:00
Michael Niedermayer
e2291ea153 diracdec: Check dirac_unpack_idwt_params parameters before storing them.
Fixes CVE-2011-3949

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 17:05:57 +01:00
Tomas Härdin
62271c4c9a mxfdec: Fix files with essence containers larger than 2 GiB.
For such files, accumulating into an int would cause an overflow.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-01-26 15:47:50 +01:00
Jean First
4fbd3e89e7 mxfdec: Employ correct printf conversion specifiers for POSIX int types.
Signed-off-by: Jean First <jeanfirst@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-01-26 15:31:55 +01:00
Hendrik Leppkes
feaa40020b vc1: always read the bfraction element for interlaced fields
Previously, it would not be read if refdist_flag was not set, however
according to the spec and the reference decoder, it should always be read.

Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
2012-01-26 15:19:27 +01:00
Clément Bœsch
ee0cab7721 doc: remove trailing 's' to metadata.
metadata is already plural.

Found-by: Alexander Strasser
2012-01-26 13:06:22 +01:00
Michael Niedermayer
46095f427e mp3dec: Check for memcpy size to be positive.
No, ive no testcase.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 03:30:46 +01:00
Thierry Foucu
10e9d1f76b Fix a heap-buffer-overflow
In some case, what left to read from ptr is smaller than EXTRABYTES.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 03:28:12 +01:00
Michael Niedermayer
3c5fe5b527 Merge remote-tracking branch 'qatar/master'
* qatar/master: (22 commits)
  wma: Clip WMA1 and WMA2 frame length to 11 bits.
  movenc: Don't require frame_size to be set for modes other than mov
  doc: Update APIchanges with info on muxer flushing
  movenc: Reindent a block
  tools: Remove some unnecessary #undefs.
  rv20: prevent calling ff_h263_decode_mba() with unset height/width
  tools: K&R reformatting cosmetics
  Ignore generated aviocat and ismindex tools.
  build: Automatically include architecture-specific library Makefile snippets.
  indeo5: prevent null pointer dereference on broken files
  pktdumper: Use usleep instead of sleep
  cosmetics: Remove some unnecessary block braces.
  Drop unnecessary prefix from *sink* variable and struct names.
  Add a tool for creating smooth streaming manifests
  movdec: Calculate an average bit rate for fragmented streams, too
  movenc: Write the sample rate instead of time scale in the stsd atom
  movenc: Add a separate ismv/isma (smooth streaming) muxer
  movenc: Allow the caller to decide on fragmentation
  libavformat: Add a flag for muxers that support write_packet(NULL) for flushing
  movenc: Add support for writing fragmented mov files
  ...

Conflicts:
	Changelog
	cmdutils.c
	cmdutils.h
	doc/APIchanges
	ffmpeg.c
	ffplay.c
	libavfilter/Makefile
	libavformat/Makefile
	libavformat/avformat.h
	libavformat/movenc.c
	libavformat/movenc.h
	libavformat/version.h
	tools/graph2dot.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-26 02:23:56 +01:00
Paul B Mahol
7de9af65c7 fate: add XWD image regression test
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-01-26 01:51:26 +01:00
Janne Grunau
b3461c29c1 lavf: prevent infinite loops while flushing in avformat_find_stream_info
If no data was seen for a stream decoder are returning 0 when fed with
empty packets for flushing. We can stop flushing when the decoder does
not return delayed delayed frames anymore. Changes try_decode_frame()
return value to got_picture or negative error.

CC: libav-stable@libav.org
2012-01-26 00:45:05 +01:00
Michael Niedermayer
01e5e97026 mjpegbdec: Fix incorrect bitstream buffer size.
Fixes CVE-2011-3947

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:56:09 +01:00
Alex Converse
d2ee8c1779 matroskadec: Pad AAC extradata.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

CC: libav-stable@libav.org
2012-01-25 14:46:06 -08:00
Paul B Mahol
dd453f197c r210, r10k and avrp encoder
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:40:06 +01:00
Michael Niedermayer
807a045ab7 kgv1dec: Increase offsets array size so it is large enough.
Fixes CVE-2011-3945

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:25:45 +01:00
Martin Storsjö
8801fac365 ismindex: Fix build on mingw
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-26 00:04:28 +02:00
Michael Niedermayer
2f3a86a761 doc/ffmpeg.texi
Merge changes from avconv.texi since the last merge into ffmpeg.texi

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 23:01:34 +01:00
Lou Logan
935c659c03 remove avconv from Doxyfile
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 22:47:45 +01:00
Michael Niedermayer
def678956a Remove avconv
All features have been merged into ffmpeg.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 22:46:37 +01:00
Michael Niedermayer
1285baaab5 smackerdec: Check that the last indexes are within the table.
Fixes CVE-2011-3944

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 22:32:11 +01:00
Alex Converse
d78bb1a4b2 wma: Clip WMA1 and WMA2 frame length to 11 bits.
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.

Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

CC: libav-stable@libav.org
2012-01-25 12:31:37 -08:00
Martin Storsjö
9f9c45f4b6 movenc: Don't require frame_size to be set for modes other than mov
The field frame_size isn't written to the output anywhere except
than in mov.

This facilitates stream copy from formats that don't set frame_size.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 22:25:56 +02:00
Martin Storsjö
6cb288290d doc: Update APIchanges with info on muxer flushing
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 22:24:13 +02:00
Martin Storsjö
990a746cec movenc: Reindent a block
Also add some space around operators and wrap a comment
that extends past the 80 char "limit"/guideline.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 22:13:56 +02:00
Michael Niedermayer
247d30a7db vp3: Copy all 3 frames for thread updates.
This fixes a double release of the current frame on deinit.
Fixes CVE-2011-3934

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 21:12:00 +01:00
Diego Biurrun
d55fa1cb25 tools: Remove some unnecessary #undefs. 2012-01-25 20:41:22 +01:00
Hendrik Leppkes
6071644287 indeo3: fix motion vector validation
The index of the motion vector has to be checked before being
multiplied by 2 for the array index.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 18:55:32 +01:00
Michael Niedermayer
5cb57a16ed dv: Fix null pointer dereference due to ach=0
Fixes part2 of CVE-2011-3929

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 16:41:27 +01:00
Michael Niedermayer
f9de136b17 dv: check stype
Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-01-25 16:41:26 +01:00
Janne Grunau
c3e10ae412 rv20: prevent calling ff_h263_decode_mba() with unset height/width
Prevents a crash of VLC during playback of a invalid matroska file,
found by John Villamil <johnv@matasano.com>.

CC: libav-stable@libav.org
2012-01-25 16:18:54 +01:00
Nicolas George
4a68949cd8 lavfi: Makefile: cosmetics: align FFLIBS. 2012-01-25 16:12:52 +01:00
Diego Biurrun
4e81b5f517 tools: K&R reformatting cosmetics 2012-01-25 15:31:11 +01:00
Diego Biurrun
50639cbefe Ignore generated aviocat and ismindex tools. 2012-01-25 15:04:35 +01:00
Diego Biurrun
07a873a277 build: Automatically include architecture-specific library Makefile snippets. 2012-01-25 15:04:28 +01:00
Janne Grunau
366ac22ea5 indeo5: prevent null pointer dereference on broken files
Found by John Villamil <johnv@matasano.com>
2012-01-25 14:31:57 +01:00
Martin Storsjö
7072a6a4bb pktdumper: Use usleep instead of sleep
MinGW doesn't have sleep, only _sleep (which is deprecated),
Sleep (which is defined in winbase.h and not in the standard
C headers) and usleep.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 14:34:51 +02:00
Diego Biurrun
33ad8c3cab cosmetics: Remove some unnecessary block braces. 2012-01-25 13:14:49 +01:00
Diego Biurrun
abe655a472 Drop unnecessary prefix from *sink* variable and struct names. 2012-01-25 12:28:36 +01:00
Martin Storsjö
33ec9ef96d Add a tool for creating smooth streaming manifests
It can also optionally split the file into individual fragments,
which allows it to be served from any web server without any
server side support.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:42 +02:00
Martin Storsjö
bc7d05177f movdec: Calculate an average bit rate for fragmented streams, too
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
3b5d4428ac movenc: Write the sample rate instead of time scale in the stsd atom
For ismv/isma, the time scale might not be the same as the sample
rate.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
4ddd54dab4 movenc: Add a separate ismv/isma (smooth streaming) muxer
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
b613ff5e93 movenc: Allow the caller to decide on fragmentation
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
f1caf01d5e libavformat: Add a flag for muxers that support write_packet(NULL) for flushing
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
83988d58ed movenc: Add support for writing fragmented mov files
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:41 +02:00
Martin Storsjö
6ca3856894 movenc: Add a separate start_pts
This fixes calculation of trackDuration if the MOVIentry array
is cleared. This is required by the fragmentation support in the
next patch.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-25 12:15:40 +02:00