ffmpeg

Author	SHA1	Message	Date
Luca Barbato	c25bbb6fdb	4xm: Reject not a multiple of 16 dimension Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `2f034f255c`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 22:37:12 +02:00
Luca Barbato	12dc01bb1f	4xm: do not overread the prestream buffer Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `be373cb50d`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 22:37:06 +02:00
Luca Barbato	cd9b0bb07a	4xm: validate the buffer size before parsing it Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `de2e5777e2`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 22:37:03 +02:00
Luca Barbato	53c76b6803	indeo: Do not reference mismatched tiles Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `f9e5261cab`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 21:48:57 +02:00
Luca Barbato	7999ff8966	indeo: Sanitize ff_ivi_init_planes fail paths Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `28dda8a691`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 21:48:30 +02:00
Luca Barbato	a0b8f85f29	indeo: Bound-check before applying motion compensation Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `25a6666f6c`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 21:41:49 +02:00
Luca Barbato	c02b9e6e63	indeo: Bound-check before applying transform Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `dc79685195`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/ivi_common.c	2013-09-29 21:41:12 +02:00
Luca Barbato	efe710f8a0	indeo: reject negative array indexes Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `6a10142faa`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 21:39:02 +02:00
Luca Barbato	aedde1a48d	indeo: Cosmetic formatting Trim some overly long lines. (cherry picked from commit `6dfacd7ab1`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/ivi_common.c	2013-09-29 21:38:28 +02:00
Luca Barbato	c5da487a38	indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks Spin large and mostly self contained blocks into stand alone functions. (cherry picked from commit `62256010e9`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 21:19:17 +02:00
Luca Barbato	f21dce6044	indeo: Refactor ff_ivi_dec_huff_desc Spare an indentation level. (cherry picked from commit `f6f36ca8ca`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-29 21:03:27 +02:00
Mashiat Sarker Shakkhar	89d56f3be1	vc1dec: Do not use random pred_flag if motion vector data is skipped This fixes SA10143.vc1 from test-suite. Also partially fixes MC-VC1.ts from videolan streams archive. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `082829520e`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.10.9	2013-09-27 03:03:40 +02:00
Michael Niedermayer	0d1ae06fe9	update for 0.10.9 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 02:52:04 +02:00
Michael Niedermayer	f66ecdb1b4	avcodec: add emuedge_linesize_type Currently all uses of the emu edge code as well as the code itself assume int linesize changing some but not changing all would introduce a security issue once all use this typedef a simple search and replace can be done to switch them all to ptrdiff_t Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `2ffead98dd`) Conflicts: libavcodec/mpegvideo_common.h libavcodec/videodsp.h libavcodec/videodsp_template.c libavcodec/x86/videodsp_init.c	2013-09-27 02:52:04 +02:00
Michael Niedermayer	f6057c5a62	avcodec/ffv1enc: update buffer check for 16bps Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3728603f18`) Conflicts: libavcodec/ffv1enc.c (cherry picked from commit c900c6e5c26cd86cf34f9c8d4347cedbd01f3935)	2013-09-27 02:52:04 +02:00
Michael Niedermayer	f3dc3bef4b	avcodec/truemotion2: Fix av_freep arguments Fixes null pointer dereference Fixes Ticket2944 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `c54aa2fb0f`) Conflicts: libavcodec/truemotion2.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 02:52:04 +02:00
Michael Niedermayer	4a5bb426e2	avcodec/mjpegdec: Add some sanity checks to ljpeg_decode_rgb_scan() These prevent the rgb ljpeg code from being run on parameters that it doesnt support. No testcase available but it seems possible to trigger these. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `61c68000ed`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 02:52:04 +02:00
Michael Niedermayer	a99aff4e4b	avcodec/dsputil: fix signedness in sizeof() comparissions Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `454a11a1c9`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 02:52:04 +02:00
Michael Niedermayer	9300b1f64e	avcodec/pngdsp: fix (un)signed type in end comparission Fixes out of array accesses Fixes Ticket2919 Found_by: ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `86736f59d6`) Conflicts: libavcodec/pngdsp.c	2013-09-27 02:52:04 +02:00
Michael Niedermayer	5230f1529a	matroska_read_seek: Fix used streams for subtitle index compensation Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `4758e32a6c`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 00:35:00 +02:00
Michael Niedermayer	1a311ad99a	jpeg2000: check log2_cblk dimensions Fixes out of array access Fixes Ticket2895 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `9a271a9368`) Conflicts: libavcodec/jpeg2000dec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Conflicts: libavcodec/j2kdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 00:35:00 +02:00
Michael Niedermayer	ef8145270f	avcodec/rpza: Perform pointer advance and checks before using the pointers Fixes out of array accesses Fixes Ticket2850 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3819db745d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 00:18:12 +02:00
Michael Niedermayer	e288124394	avcodec/flashsv: check diff_start/height Fixes out of array accesses Fixes Ticket2844 Found-by: ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `880c73cd76`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-27 00:18:12 +02:00
Michael Niedermayer	20854f9bff	avcodec/parser: reset indexes on realloc failure Fixes Ticket2982 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f31011e9ab`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-26 23:24:52 +02:00
Michael Niedermayer	d8af960e7e	Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: lavf: fix the comparison in an overflow check Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-26 00:27:46 +02:00
Michael Niedermayer	c8ca385676	Merge commit 'b0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7' into release/0.10 * commit 'b0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7': dv: Add a guard to not overread the ppcm array mpegvideo: Avoid 32-bit wrapping of linesize multiplications mjpegb: Detect changing number of planes in interlaced video matroskadec: Check that .lang was allocated and set before reading it ape demuxer: check for EOF in potentially long loops lavf: avoid integer overflow when estimating bitrate pictordec: break out of both decoding loops when y drops below 0 ac3: Return proper error codes Conflicts: libavcodec/pictordec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-26 00:18:12 +02:00
Michael Niedermayer	c6a4397410	Merge commit '37e69e2dee7c5167083bb42d669f73f038111a79' into release/0.10 * commit '37e69e2dee7c5167083bb42d669f73f038111a79': ac3: Clean up the error paths ac3: Do not clash with normal AVERROR dxa: Make sure the reference frame exists h261: check the mtype index segafilm: Error out on impossible packet size ogg: Always alloc the private context in vorbis_header vc1: check mb_height validity. Conflicts: libavcodec/h261dec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-25 23:35:30 +02:00
Michael Niedermayer	210a437e10	Merge commit '54e03863691dcae73260f70108b3731b70773e7c' into release/0.10 * commit '54e03863691dcae73260f70108b3731b70773e7c': vc1: check the source buffer in vc1_mc functions bink: Bound check the quantization matrix. xl: Make sure the width is valid alsdec: Fix the clipping range dsicinav: Bound-check the source buffer when needed mov: Do not allow updating the time scale after it has been set ac3dec: Don't consume more data than the actual input packet size indeo: Reject impossible FRAMETYPE_NULL Conflicts: libavcodec/alsdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-25 23:03:08 +02:00
Michael Niedermayer	3308b443f9	Merge commit 'e2dcb8208e8f6cffef58a85127765047f5ef8868' into release/0.10 * commit 'e2dcb8208e8f6cffef58a85127765047f5ef8868': indeo5: return proper error codes indeo4: Validate scantable dimension Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-25 22:55:03 +02:00
Michael Niedermayer	91ad27e8f5	Merge commit '06c52faef27e5bded4ceda7e6d1541f9fb20e84c' into release/0.10 * commit '06c52faef27e5bded4ceda7e6d1541f9fb20e84c': indeo4: Check the quantization matrix index indeo4: Do not access missing reference MV Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-25 22:54:14 +02:00
Anton Khirnov	9978c24abf	lavf: fix the comparison in an overflow check CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit `26f027fba1`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:54:13 -04:00
Luca Barbato	b0ca5fef09	dv: Add a guard to not overread the ppcm array Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `7ee191cab0`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavformat/dv.c	2013-09-23 19:54:02 -04:00
Martin Storsjö	5473d23ece	mpegvideo: Avoid 32-bit wrapping of linesize multiplications This makes sure that linesize * start_y doesn't overflow, so that emulated_edge_mc can get back the original value if needed. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `a711a2cb47`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:53:02 -04:00
Michael Niedermayer	7a9af1da39	mjpegb: Detect changing number of planes in interlaced video Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `af11fa5409`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:52:45 -04:00
Martin Storsjö	068c867286	matroskadec: Check that .lang was allocated and set before reading it Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `5bcd3ae5b1`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:50:54 -04:00
Anton Khirnov	23f73fc241	ape demuxer: check for EOF in potentially long loops Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry-picked from commit `488b2984fe`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:48:52 -04:00
Anton Khirnov	8d2a86a290	lavf: avoid integer overflow when estimating bitrate Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `df33a58e53`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:47:41 -04:00
Anton Khirnov	5773065a71	pictordec: break out of both decoding loops when y drops below 0 Otherwise picmemset can get called with negative y, resulting in an invalid write. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `5f7aecde02`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:46:49 -04:00
Luca Barbato	c225c620c6	ac3: Return proper error codes (cherry picked from commit `b1f9cdc37f`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:45:33 -04:00
Luca Barbato	37e69e2dee	ac3: Clean up the error paths (cherry picked from commit `818d1f1a3e`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:45:22 -04:00
Luca Barbato	3dff283de1	ac3: Do not clash with normal AVERROR The parsing function return AVERROR and AAC_AC3_PARSE_ERROR values, make sure they are not misunderstood. (cherry picked from commit `6258d362b8`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:45:05 -04:00
Luca Barbato	86c169c5b6	dxa: Make sure the reference frame exists Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `5ef7c84a93`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/dxa.c	2013-09-23 19:43:07 -04:00
Luca Barbato	91355bec88	h261: check the mtype index Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `c59967fa7c`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/h261dec.c	2013-09-23 19:42:57 -04:00
Luca Barbato	54e0386369	vc1: check the source buffer in vc1_mc functions Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `090cd06311`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/vc1dec.c	2013-09-23 19:41:09 -04:00
Luca Barbato	896baaaad8	segafilm: Error out on impossible packet size Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `5268bd2900`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:41:09 -04:00
Luca Barbato	15620c153a	ogg: Always alloc the private context in vorbis_header It is possible to have an initial broken header and then valid packets. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `3562684db7`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:41:09 -04:00
Luca Barbato	75b1b13aff	vc1: check mb_height validity. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `43bacd5b7d`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:41:09 -04:00
Luca Barbato	9c779b5dd0	bink: Bound check the quantization matrix. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `9991298f2c`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:41:08 -04:00
Luca Barbato	8006716f21	xl: Make sure the width is valid CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:25:50 -04:00
Luca Barbato	246e0e2c99	alsdec: Fix the clipping range mcc_weightings is only 32 elements. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `70ecc175c7`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-09-23 19:22:22 -04:00

... 5 6 7 8 9 ...

38200 Commits