generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
32,257 Commits 24 Branches 241 Tags
Commit Graph

15392 Commits

Author SHA1 Message Date
Luca Barbato
9c779b5dd0 bink: Bound check the quantization matrix. 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9991298f2c4d9022ad56057f15d037e18d454157)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 19:41:08 -04:00
Luca Barbato
8006716f21 xl: Make sure the width is valid 
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 19:25:50 -04:00
Luca Barbato
246e0e2c99 alsdec: Fix the clipping range 
mcc_weightings is only 32 elements.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 70ecc175c7b513a153ac87d1c5d219556ca55070)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 19:22:22 -04:00
Luca Barbato
0d24adbe8d dsicinav: Bound-check the source buffer when needed 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dd0bfc3a6a310e3e3674ce7742672d689a9a0e93)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 19:18:39 -04:00
Martin Storsjö
729143e2d2 ac3dec: Don't consume more data than the actual input packet size 
This was handled properly in the normal return case at the end
of the function, but not in this special case.

Returning a value larger than the input packet size can cause
problems for certain library users.

Returning the actual input buffer size unconditionally, since
it is not guaranteed that frame_size is set to a sensible
value at this point.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f24c12be7a3b3ea105e67bba9a867fe210a2333)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 19:14:14 -04:00
Luca Barbato
36921fcdd3 indeo: Reject impossible FRAMETYPE_NULL 
A frame marked FRAMETYPE_NULL cannot be scalable and requires a
previous frame successfully decoded.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5b2a29552ca09edd4646b6aa1828b32912b7ab36)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 19:11:37 -04:00
Luca Barbato
e2dcb8208e indeo5: return proper error codes 
(cherry picked from commit b0eeb9d442e4b7e82f6797d74245434ea33110a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 19:09:10 -04:00
Luca Barbato
609345cd5e indeo4: Validate scantable dimension 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd78e934c246d1b2510f8fba0abfe40bb75795f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 18:54:13 -04:00
Luca Barbato
06c52faef2 indeo4: Check the quantization matrix index 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6255ccf7d51c82ab79bf0cd47a921f572dda4489)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-23 18:53:01 -04:00
Luca Barbato
ba5dfc25ee indeo4: Do not access missing reference MV 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8435bca087c0e79385763c51de009fd89390b6a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:

	libavcodec/indeo4.c
 2013-09-23 18:52:16 -04:00
Luca Barbato
68b1008719 adpcm: Unbreak ima-dk4 
Was broken by commit b9dea1a085c4705e480bd17dfa8c8ce227fdce76
 2013-09-21 15:33:11 +02:00
Justin Ruggles
763519536b ac3dec: validate channel output mode against channel count 
Damaged frames can lead to a mismatch, which can cause a segfault
due to using an incorrect channel mapping.

CC:libav-stable@libav.org
(cherry picked from commit d7c450436fcb9d3ecf59884a574e7684183e753d)

Conflicts:

	libavcodec/ac3dec.c
 2013-09-21 15:21:54 +02:00
Luca Barbato
521cbcb7d3 dca: Respect the current limits in the downmixing capabilities 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3802833bc1f79775a1547c5e427fed6e92b77e53)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-21 15:19:06 +02:00
Luca Barbato
ce3ce08850 dca: Error out on missing DSYNC 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f261e508459e28beca59868a878e1519a44bb678)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-21 15:17:28 +02:00
Luca Barbato
62c3547539 pcm: always use codec->id instead of codec_id 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c82da343e635663605bd81c59d872bee3182da73)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/pcm.c
 2013-09-21 15:15:34 +02:00
Luca Barbato
47baf9ca87 mlpdec: Do not set invalid context in read_restart_header 
The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e9d394f3fad7e8fd8fc80e3b33cb045bbaceb446)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/mlpdec.c
 2013-09-21 15:14:29 +02:00
Luca Barbato
9c3c08ba98 pcx: Do not overread source buffer in pcx_rle_decode 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3abde1a3b49cf299f2aae4eaae6b6cb5270bdc22)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-21 15:11:27 +02:00
Luca Barbato
9c05debdcd wmavoice: conceal clearly corrupted blocks 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d14a26edb7c4487df581f11e5c6911dc0e623d08)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-21 15:11:18 +02:00
Luca Barbato
195b9f290c iff: Do not read over the source buffer 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7d65e960c72f36b73ae7fe84f8e427d758e61da9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/iff.c
 2013-09-21 15:11:07 +02:00
Luca Barbato
57efb6d94c qdm2: Conceal broken samples 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4ecdb5ed44591aba8a0ddb7d443cace836f761f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/qdm2.c
 2013-09-21 15:08:50 +02:00
Luca Barbato
b64bd2e18b qdm2: refactor joined stereo support 
qdm2 does support only two channels. Loop over the run once.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit adadc3f2443d25b375e21e801516ccfd78e0b080)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-21 15:02:49 +02:00
Luca Barbato
b9dea1a085 adpcm: Write the correct number of samples for ima-dk4 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 12576afe206d35231ccd61f9033c5fdab6a11e80)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/adpcm.c
 2013-09-13 15:50:41 +02:00
Luca Barbato
90acd3bfe7 imc: Catch a division by zero 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bbf6a4aa20bfe3d7869b2218e66063602dfb8aa7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/imc.c
 2013-09-13 15:49:23 +02:00
Luca Barbato
40ee4de6a6 atrac3: Error on impossible encoding/channel combinations 
Joint stereo encoded mono is impossible.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/atrac3.c
 2013-09-13 15:47:43 +02:00
Luca Barbato
e06623c480 atrac3: set the getbits context the right buffer_end 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 22e76ec635bafdd1d1ec35581a7ac09e69e3c43e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/atrac3.c
 2013-09-13 15:44:49 +02:00
Luca Barbato
09a098fb8b atrac3: fix error handling 
decode_tonal_components returns a proper AVERROR.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 874c8a17ac9b04fb7ac23d003e54e3662dd23b4e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/atrac3.c
 2013-09-13 15:42:08 +02:00
Luca Barbato
7296ee7af1 qdm2: check and reset dithering index per channel 
Checking per subband would have the index exceed the
dithering noise table size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996641888d477a3981d609e79eeb69ea9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/qdm2.c
 2013-09-13 15:39:06 +02:00
Luca Barbato
c6942a4b03 vqavideo: check the version 
Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c4abc9098cacb227dba39bac6aea16b2bceba0d0)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-09-13 15:26:52 +02:00
Luca Barbato
79edb9adf6 kmvc: Clip pixel position to valid range 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4e7f0b082d8c4b360312216b9241bec65ff63b35)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/kmvc.c
 2013-07-07 21:11:35 +02:00
Luca Barbato
e22a5d490d kmvc: use fixed sized arrays in the context 
Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit 8f689770548c86151071ef976cf9b6998ba21c2a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/kmvc.c
 2013-07-07 21:11:35 +02:00
Luca Barbato
c9d8424395 indeo: use a typedef for the mc function pointer 
(cherry picked from commit e6d8acf6a8fba4743eb56eabe72a741d1bbee3cb)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-07-07 21:11:34 +02:00
Luca Barbato
e6a365b5d2 lavc: check for overflow in init_get_bits 
Fix an undefined behaviour and make the function return a proper
error in case of overflow.

CC: libav-stable@libav.org
(cherry picked from commit d9cf5f516974c64e01846ca685301014b38cf224)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 7a2ee770f520ae4fd5f009cfc361a18e993dec91)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-07-07 21:11:34 +02:00
Luca Barbato
0a1d02ca77 indeo: check for reference when inheriting mvs 
The same is done already for qdelta.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b36e1893ef3430f039c1eaddeedcbb378f9c4444)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-07-06 10:10:18 +02:00
Luca Barbato
7eff48029f indeo: use proper error code 
(cherry picked from commit dd3754a48854cd570d38db72394491aab0f36570)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/ivi_common.c
 2013-07-06 10:10:17 +02:00
Luca Barbato
7658333c17 indeo: Properly forward the error codes 
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/ivi_common.c
 2013-07-06 10:10:17 +02:00
Luca Barbato
f16aa5843f wmapro: error out on impossible scale factor offsets 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 02ec656af72030eea4f3d63e30b25625cce6a3df)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-07-06 10:10:17 +02:00
Luca Barbato
bd5ff335ec wmapro: check the min_samples_per_subframe 
Must be at least WMAPRO_BLOCK_MIN_SIZE.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408da4bd63acc02cd8f9ebe378a2ad65a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wmaprodec.c
 2013-07-06 10:10:17 +02:00
Luca Barbato
46e09894ac wmapro: return early on unsupported condition 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6652338f43ef623045912d7f28b61adea05d27ae)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/wmaprodec.c
 2013-07-06 10:06:11 +02:00
Luca Barbato
4e1999ebcb wmapro: check num_vec_coeffs against the actual available buffer 
Prevent yet another buffer overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 38229362529ed1619d8ebcc81ecde85b23b45895)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-07-06 10:06:11 +02:00
Luca Barbato
4ff5167ee7 wmapro: make sure there is room to store the current packet 
Prevent horrid and hard to trace struct overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e30b068ef79f604ff439418da07f7e2efd01d4ea)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-07-06 10:06:11 +02:00
Reinhard Tartler
b20004b2e6 lavc: move put_bits_left in put_bits.h 
(cherry picked from commit afe03092dd693d025d43e1620283d8d285c92772)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/dv.c
 2013-07-06 10:06:11 +02:00
Luca Barbato
0c943d1cdd 4xm: do not overread the source buffer in decode_p_block 
Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

(cherry picked from commit 94aefb1932be882fd93f66cf790ceb19ff575c19)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/4xm.c
 2013-06-30 16:39:08 +02:00
Luca Barbato
6a4f1e784e 4xm: check bitstream_size boundary before using it 
Prevent buffer overread.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 59d7bb99b6a963b7e11c637228b2203adf535eee)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/4xm.c
 2013-06-30 16:25:06 +02:00
Luca Barbato
e5679444fd 4xm: reject frames not compatible with the declared version 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 145023f57262d21474e35b4a6069cf95136339d4)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/4xm.c
 2013-06-30 16:25:06 +02:00
Luca Barbato
284ac9191b 4xm: use the correct logging context 
(cherry picked from commit 08859d19b429c522d6494c186656f4a2d3ff8e21)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

Conflicts:
	libavcodec/4xm.c
 2013-06-30 16:19:24 +02:00
Anton Khirnov
e797b7787b 4xm: check the return value of read_huffman_tables(). 
CC:libav-stable@libav.org
(cherry picked from commit 8097fc9a2dd49d8e467b16c8bafaa96242b7fe46)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit bb3f1cad171b31537b64a9d19cabdbff50aca260)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/4xm.c
 2013-06-30 16:16:46 +02:00
Anton Khirnov
078e68d261 4xm: don't rely on get_buffer() initializing the frame. 
(cherry picked from commit b047c68783aa4042b322af7af043b643d5daf09c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-06-30 16:15:04 +02:00
Alexandra Khirnova
9248f789d1 vmdav: convert to bytestream2 
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0afcf97e1ece51d29bb791698b00cd1b7ba97dcf)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/vmdav.c
 2013-06-30 16:10:46 +02:00
Kostya Shishkov
d7b7b10518 smacker: check the return value of smacker_decode_tree 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a2f9937bb04b23a341b0ec0eb1d923bbeb420277)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-06-30 16:06:30 +02:00
Kostya Shishkov
e96aaa5622 smacker: fix an off by one in huff.length computation 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ee205588b250fe5cae0681be8eba51a5403c3272)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2013-06-30 16:06:26 +02:00