* commit '9b79a05289d91d1184455d12e6c4df457f0657c4':
wmaprodec: return an error, not 0, when the input is too small.
vmdaudio: fix invalid reads when packet size is not a multiple of chunk size
vorbisdec: Error on bark_map_size equal to 0.
configure: clean up Altivec detection
Update RELEASE file for 0.8.6
update year to 2013
oggdec: make sure the private parse data is cleaned up (cherry picked from commit d894f74762bc95310ba23f804b7ba8dffc8f6646)
build: Fix CAF demuxer dependencies
doc: developer: Allow tabs in the vim configuration for Automake files
doc: filters: Correct BNF FILTER description
Conflicts:
RELEASE
cmdutils.c
libavcodec/vmdav.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '60a1ee6e419e244dc2363fdc4ddf8350d506f2ae':
doc: Fix some obsolete references to av* tools as ff* tools
Conflicts:
doc/indevs.texi
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Regression since a93b572ae4f517ce0c35cf085167c318e9215908.
Fixes#2426.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit e3cc92a623a6ece42816c7a692c8815688a99ab0)
Fixes decoding with picky media players.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b448c0a68d0cc7dfef736267dfdaed0e213c020b)
Conflicts:
libavformat/movenc.c
Many players ignore broken aac frames, so don't abort mov or flv
muxing when encountering one, just print a warning instead.
Fixes ticket #2380.
(cherry picked from commit 1741fece7073f51efdd837a4f307ea2cdf3d1cfb)
Conflicts:
libavformat/flvenc.c
Returning 0 may result in an infinite loop in valid calling programs. A
decoder should never return 0 without producing any output.
CC:libav-stable@libav.org
(cherry picked from commit 4c0080b7e7d501e2720d2a61f5186a18377f9d63)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 60dd8b5733f9ec4919fbc732ace1be8184dde880)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The value is used to calculate output LSP curve and a division by zero
and out of array accesses would occur.
CVE-2013-0894
CC: libav-stable@libav.org
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 11dcecfcca0eca1a571792c4fa3c21fb2cfddddc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 494ddd377ada76ed555f7a3f49391455daa099c9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
There used to be one test for Altivec intrinsics support and a
separate test to determine which of two possible syntaxes to use
for vector literals. Since 2008, we only support the more common
of these so the split test no longer makes sense.
This combines the tests into one and also changes the hard error on
failure to a warning. The test can reasonably fail if no --cpu flag
is provided (or is provided with an unknown CPU) and the compiler
default target does not support Altivec. Aborting in this case is
probably over-reacting.
Fixes: #464, http://bugs.debian.org/701710
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 20bcce507aa6b9c866e34eee75d80305109767a8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit d894f74762bc95310ba23f804b7ba8dffc8f6646)
Related to CVE-2012-2882
Conflicts:
libavformat/oggdec.h
libavformat/oggparsevorbis.c
If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.
Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b447db1e436dcf3fc4a57e604616e6c)
While we do not use Automake in libav, this allows our config to be
used more globally without introducing unwanted breakage.
(cherry picked from commit 040c565e51985477a8fa5e42d2ddfb26ebde6608)
Conflicts:
doc/developer.texi
The QuickTime specification does not contain any hint that the atom
must not be written in some cases and both the QuickTime and the
AVID decoders do not fail if the atom is present.
This change allows to signal (visually) interlaced streams with
a codec different from uncompressed video.
As a side-effect, this fixes ticket #2202
(cherry picked from commit 7d0e3b197c817b307d599a23704a44763ed0bbdd)
Conflicts:
libavformat/movenc.c
tests/ref/lavf/mov
tests/ref/seek/lavf_mov
tests/ref/vsynth/vsynth1-avui
tests/ref/vsynth/vsynth1-dnxhd-1080i
tests/ref/vsynth/vsynth1-mpeg4
tests/ref/vsynth/vsynth2-avui
tests/ref/vsynth/vsynth2-dnxhd-1080i
tests/ref/vsynth/vsynth2-mpeg4
* qatar/release/0.8:
pthread: set the frame properties from the thread context, not user.
mp3: exit on parsing error in mp_decode_frame
indeo3: initialise pixel planes on allocation
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes vlc decoding for hypothetical files that would contain such cases.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f)
Conflicts:
libavcodec/huffyuv.c
(cherry picked from commit 9bc70fe1ae50fd2faa0b9429d47cfbda01a92ebc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f67a0d115254461649470452058fa3c28c0df294)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc)
Conflicts:
libavcodec/huffyuv.c
(cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7962ea358c329de38c380103f8991b6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74d777a7dc20ac68f2393b9f84b790c1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f014567cfd63e58156f60666f1a61ba147276ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Right now, the frame properties are set from the user-facing
AVCodecContext before it is updated from the thread context, which is
wrong since they may be invalid or obsolete.
This reverts 312645e :
"Do not set codec_tag property for matroska muxers."
Also adds dummy codec_tag lists with codecs
supported in mkv but not in wav / avi.
Fixes ticket #2169.
(cherry picked from commit df39c3ce385c02cbd8046298578ea7454c0a0f81)
Conflicts:
libavformat/matroskaenc.c
Properly forward mp_decode_layer3 errors, mp_decode_layer1 and
mp_decode_layer2 do not return errors.
Based on a patch by Michael Niedermayer.
(cherry picked from commit 0c03cc68386443f1e96ab6fb358220faf67cd5ff)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents decoder from reading garbage from it in case of errors later.
(cherry picked from commit 81064a8045028838fd32d18490034c207c8ecc06)
Fixes an invalid read on sample from CVE-2012-2804
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/release/0.8:
Update Changelog
h264: check ref_count validity for num_ref_idx_active_override_flag
h264: check context state before decoding slice data partitions
oggdec: free the ogg streams on read_header failure
oggdec: check memory allocation
Fix uninitialized reads on malformed ogg files.
rtsp: Recheck the reordering queue if getting a new packet
opt: avoid segfault in av_opt_next() if the class does not have an option list
alacdec: do not be too strict about the extradata size
Conflicts:
Changelog
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a335ffd7f4cdaaa6a8fe4187f6f06b0418eea19a':
h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
h264: check sps.log2_max_frame_num for validity
h264: slice-mt: get last_pic_dropable from master context
ppc: always use pic for shared libraries
h264: error out on unset current_picture_ptr for h->current_slice > 0
flashsv: make sure data for zlib priming is available
h264: enable low delay only if no delayed frames were seen
flashsv: check for keyframe before using differential coding
lavf: avoid integer overflow in ff_compute_frame_duration()
aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
APIchanges: Fill in missing commit hashes
Conflicts:
doc/APIchanges
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '01a4e7f623a2e6dc95862f9a56c777f058d7bfaf':
lavf: Bump minor version to distinguish branch and master version numbers
vp6: properly fail on unsupported feature
mp3: properly forward mp_decode_frame errors
mpeg12: do not decode extradata more than once.
indeo3: when freeing buffers, set pointers referencing them to NULL as well
indeo3: ensure that decoded cell data is in 7-bit range as presumed by decoder
avconv: fix copying per-stream metadata.
id3v2: fix reading unsynchronized frames.
h264: Fix parameters to ff_er_add_slice() call
build: fix 'clean' target
Conflicts:
avconv.c
libavcodec/mpeg12.h
libavformat/id3v2.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'dcf8f259d107838ff3778343dcb762398130a1a3':
build: Add 'check' target to run all compile and test targets.
Ignore generated aviocat tool.
avconv: only apply presets when we have an encoder.
flacenc: ensure the order is within the min/max range in LPC order search
yuv4mpeg: reject unsupported codecs
vp8: reset loopfilter delta values at keyframes.
vp56: release frames on error
vp56: make parse_header return standard error codes
ivi_common: check that scan pattern is set before using it.
Prepare for 0.8.5 Release
x86: Require an assembler able to cope with AVX instructions
Conflicts:
RELEASE
avconv.c
doc/developer.texi
libavformat/yuv4mpeg.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes segfault in the fuzzed sample bipbop234.ts_s226407.
CC: libav-stable@libav.org
(cherry-picked from commit 6e5cdf26281945ddea3aaf5eca4d127791f23ca8)
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
The ogg decoder wasn't padding the input buffer with the appropriate
FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in
various pieces of parsing code when they thought they had more data than
they actually did.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit ef0d779706c77ca9007527bd8d41e9400682f4e4)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fixes infinite or long taking loop in frame num gap code in
the fuzzed sample bipbop234.ts_s223302.
CC: libav-stable@libav.org
(cherry picked from commit d7d6efe42b0d2057e67999b96b9a391f533d2333)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
If we timed out and consumed a packet from the reordering queue,
but didn't return a packet to the caller, recheck the queue status.
Otherwise, we could end up in an infinite loop, trying to consume
a queued packet that has already been consumed.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8729698d50739524665090e083d1bfdf28235724)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
