Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/master: (28 commits)
dfa: use more meaningful return codes
eatgv: check vector_bits
eatgv: check motion vectors
Mark a number of variables only used in av_dlog() calls as av_unused.
dvdec: drop const qualifier from variable to eliminate a warning
avcodec: Improve comment for thread_safe_callbacks to avoid misinterpretation.
tests/utils: don't ignore the return value of fwrite()
lavfi/formats: use sizeof(var) instead of sizeof(type).
lavfi: remove avfilter_default_config_input_link() declaration
lavfi: always enable the scale filter and depend on sws.
vf_split: support user-specifiable number of outputs.
avconv: remove stray useless comment.
mpegmux: add stuffing to avoid incomplete PCM frames
rtsp: avoid const warnings from strtol() call
avserver: check return value of ftruncate()
lagarith: make offset array type unsigned
dfa: add some checks to ensure that decoder won't write past frame end
aacps: NEON optimisations
aacps: align some arrays
aacps: move some loops to function pointers
...
Conflicts:
configure
doc/filters.texi
libavcodec/dfa.c
libavcodec/eatgv.c
libavfilter/Makefile
libavfilter/allfilters.c
libavfilter/avfilter.h
libavfilter/formats.c
libavfilter/vf_split.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
tests: Refactor rotozoom/videogen common code into a separate file.
tests: Mark some file-internal symbols as static.
build: Drop leftover .exp pattern from LIBSUFFIXES list.
vsrc_buffer: return EAGAIN if no frame is available.
WMAL: Shift output samples by the specified number of padding zeroes.
WMAL: Restore removed code in mclms_predict()
rtpdec_h264: Remove a useless ifdef
rtpdec_h264: Remove outdated/useless/incorrect comments
rtpdec_h264: Remove useless memory corruption checks
rtpdec_h264: Return proper error codes
rtpdec_h264: Check the available data length before reading
rtpdec_h264: Add input size checks
png: check bit depth for PAL8/Y400A pixel formats.
ea: check chunk_size for validity.
celp filters: Do not read earlier than the start of the 'out' vector.
Conflicts:
libavcodec/pngdec.c
libavfilter/src_buffer.c
tests/rotozoom.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mpeg12: fixed parsing in some mpeg2 streams
Add SMPTE240M transfer characteristics flag.
mpegts: Some additional HDMV types and reg descriptors for mpegts
motionpixels: Clip YUV values after applying a gradient.
jpeg: handle progressive in second field of interlaced.
ituh263dec: Implement enough of Annex O (scalability) to fix a FPE.
h263: more strictly forbid frame size changes with frame-mt.
h264: additional protection against unsupported size/bitdepth changes.
tta: prevents overflows for 32bit integers in header.
configure: remove malloc_aligned.
vp8: update frame size changes on thread context switches.
snowdsp: explicitily state instruction size.
wmall: fix reconstructing audio with uncoded channels
WMAL cosmetics: fix indentation
gitignore: add Win32 library suffixes
Conflicts:
configure
libavcodec/h263dec.c
libavcodec/h264.c
libavcodec/ituh263dec.c
libavcodec/mjpegdec.c
libavcodec/wmalosslessdec.c
libavcodec/x86/snowdsp_mmx.c
libavformat/mpegts.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
avplay: use libavresample for sample format conversion and channel mixing
Fix compilation with YASM/NASM without AVX support.
WMAL: do not output last frame again if nothing was decoded in current packet
WMAL: do not start decoding if frame does not end in current packet
adpcm-thp: fix invalid array indexing
ppc: add const where needed in scalarproduct_int16_altivec()
ppc: remove shift parameter from scalarproduct_int16_altivec()
ppc: dsputil: do unaligned block accesses correctly
dvenc: do not call dsputil functions with stride not a multiple of 16
APIchanges: fill in some dates and commit hashes
Conflicts:
doc/APIchanges
ffplay.c
libavcodec/adpcm.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
vsrc_buffer: fix check from 7ae7c41.
libxvid: Reorder functions to avoid forward declarations; make functions static.
libxvid: drop some pointless dead code
wmal: vertical alignment cosmetics
wmal: Warn about missing bitstream splicing feature and ask for sample.
wmal: Skip seekable_frame_in_packet.
wmal: Drop unused variable num_possible_block_size.
avfiltergraph: make the AVFilterInOut alloc/free API public
graphparser: allow specifying sws flags in the graph description.
graphparser: fix the order of connecting unlabeled links.
graphparser: add avfilter_graph_parse2().
vsrc_buffer: allow using a NULL buffer to signal EOF.
swscale: handle last pixel if lines have an odd width.
qdm2: fix a dubious pointer cast
WMAL: Do not try to read rawpcm coefficients if bits is invalid
mov: Fix detecting there is no sync sample.
tiffdec: K&R cosmetics
avf: has_duration does not check the global one
dsputil: fix optimized emu_edge function on Win64.
Conflicts:
doc/APIchanges
libavcodec/libxvid_rc.c
libavcodec/libxvidff.c
libavcodec/tiff.c
libavcodec/wmalosslessdec.c
libavfilter/avfiltergraph.h
libavfilter/graphparser.c
libavfilter/version.h
libavfilter/vsrc_buffer.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
There is no point in storing the value in a variable, since it is not
used anywhere else in the decoder.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
The samples_per_frame check is ported from wmaprodec.c
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If channel residues are have not been decoded from bitstream, they should be
initialized to 0 instead of using values from previous subframe.
This causes bursts of noise in silent parts of some files.
This patch fixes bug #1055
Reviewed-by: Benjamin Larsson <benjamin@southpole.se>
Reviewed-by: Mashiat Sarker Shakkhar <mashiat.sarker@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mp3dec: perform I/S and M/S only when frame mode is joint stereo.
id3v2: add another mimetype for JPEG image
lzw: prevent buffer overreads.
WMAL: Remove inaccurate and unnecessary doxy
h264: fix cabac-on-stack after safe cabac reader.
truemotion2: convert packet header reading to bytestream2.
Conflicts:
libavcodec/lzw.c
libavcodec/truemotion2.c
libavformat/id3v2.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
asf: only set index_read if the index contained entries.
cabac: add overread protection to BRANCHLESS_GET_CABAC().
cabac: increment jump locations by one in callers of BRANCHLESS_GET_CABAC().
cabac: remove unused argument from BRANCHLESS_GET_CABAC_UPDATE().
cabac: use struct+offset instead of memory operand in BRANCHLESS_GET_CABAC().
h264: add overread protection to get_cabac_bypass_sign_x86().
h264: reindent get_cabac_bypass_sign_x86().
h264: use struct offsets in get_cabac_bypass_sign_x86().
h264: fix overreads in cabac reader.
wmall: fix seeking.
lagarith: fix buffer overreads.
dvdec: drop unnecessary dv_tablegen.h #include
build: fix doc generation errors in parallel builds
Replace memset(0) by zero initializations.
faandct: Remove FAAN_POSTSCALE define and related code.
dvenc: print allowed profiles if the video doesn't conform to any of them.
avcodec_encode_{audio,video}: only reallocate output packet when it has non-zero size.
FATE: add a test for vp8 with changing frame size.
fate: add kgv1 fate test.
oggdec: calculate correct timestamps in Ogg/FLAC
Conflicts:
libavcodec/4xm.c
libavcodec/cook.c
libavcodec/dvdata.c
libavcodec/dvdsubdec.c
libavcodec/lagarith.c
libavcodec/lagarithrac.c
libavcodec/utils.c
tests/fate/video.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
A call to decode_packet() does not always decode a complete WMA packet.
Moreover, this is not the correct place to document calls that are part
of the public API.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
* qatar/master:
xwma: Validate channels and bits_per_coded_sample.
mov: Do not read past the end of the ctts_data table.
mov: Add missing terminator to mov_ch_layout_map_1ch.
asf: reset side data elements on packet copy.
wmavoice: fix stack overread.
wmalossless: error out if a subframe is not used by any channel.
vqa: check palette chunk size before reading data.
wmalossless: reset sample pointer for each subframe.
wmalossless: error out on invalid values for order.
Conflicts:
libavcodec/vqavideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
FATE: Add ZeroCodec test
oggparseogm: fix order of arguments of avpriv_set_pts_info().
pngenc: better upper bound for encoded frame size.
aiffdec: set block_duration to 1 for PCM codecs that are supported in AIFF-C
aiffdec: factor out handling of integer PCM for AIFF-C and plain AIFF
aiffdec: use av_get_audio_frame_duration() to set block_duration for AIFF-C
aiffdec: do not set bit rate if block duration is unknown
wmall: output packet only if we have decoded some samples
Conflicts:
libavcodec/pngenc.c
tests/fate/lossless-video.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
sbrdsp.asm: convert all instructions to float/SSE ones.
dv: cosmetics.
dv: check buffer size before reading profile.
Revert "AAC SBR: group some writes."
udp: Print an error message if bind fails
cook: extend channel uncoupling tables so the full bit range is covered.
roqvideo: cosmetics.
roqvideo: convert to bytestream2 API.
dca: don't use av_clip_uintp2().
wmall: fix build with -DDEBUG enabled.
smc: port to bytestream2 API.
AAC SBR: group some writes.
dsputil: remove shift parameter from scalarproduct_int16
SBR DSP: unroll sum_square
rv34: remove dead code in intra availability check
rv34: clean a bit availability checks.
v4l2: update documentation
tgq: convert to bytestream2 API.
parser: remove forward declaration of MpegEncContext
dca: prevent accessing static arrays with invalid indexes.
...
Conflicts:
doc/indevs.texi
libavcodec/Makefile
libavcodec/dca.c
libavcodec/dvdata.c
libavcodec/eatgq.c
libavcodec/mmvideo.c
libavcodec/roqvideodec.c
libavcodec/smc.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>