Michael Niedermayer
af9799790d
dsputil/pngdsp: fix signed/unsigned type in end comparison
...
Fixes out of array accesses and integer overflows.
(cherry picked from commit d1916d13e2siretart@tauware.de >
2014-02-01 13:53:41 -05:00
Anton Khirnov
8575f5362f
lavf: make av_probe_input_buffer more robust
...
Always use the actually read size as the offset instead of making
possibly invalid assumptions.
Addresses: CVE-2012-6618
(cherry picked from commit 2115a35974anton@khirnov.net >
2014-01-13 15:32:24 +01:00
Anton Khirnov
539d255871
lavf: use a fixed width type
...
It's shorter and more consistent with the rest of the code.
(cherry picked from commit 8b76362836anton@khirnov.net >
2014-01-13 15:32:17 +01:00
Anton Khirnov
e38c62fe0c
lavf: simplify handling of offset in av_probe_input_buffer()
...
(cherry picked from commit c1868e7ee7anton@khirnov.net >
2014-01-13 15:24:08 +01:00
Luca Barbato
9aa22918c2
prores: Error out only on surely incomplete ac_coeffs
...
(cherry picked from commit 2df7f7714alu_zero@gentoo.org >
2014-01-13 14:18:37 +01:00
Tim Walker
a0866c7129
shorten: Fix out-of-array read
...
pred_order == FF_ARRAY_ELEMS(fixed_coeffs) is invalid too.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org >
(cherry picked from commit 5f5ada3dbftdskywalker@gmail.com >
2014-01-06 16:36:56 +01:00
Luca Barbato
65830277d2
prores: Add a codepath for decoding errors
...
(cherry picked from commit 44690dfa68derek.buitenhuis@gmail.com >
2014-01-06 02:31:17 +00:00
Derek Buitenhuis
5ae7ed3aa4
nut: Fix unchecked allocations
...
CC: libav-stable@libav.org
(cherry picked from commit b1fcdc08cederek.buitenhuis@gmail.com >
2014-01-06 02:31:05 +00:00
Luca Barbato
61057f4604
avi: directly resync on DV in AVI read failure
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit ceec6e792esiretart@tauware.de >
2014-01-05 17:34:06 -05:00
Martin Storsjö
d149c14a22
mov: Don't allocate arrays with av_malloc that will be realloced
...
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st >
(cherry picked from commit b698542ad8siretart@tauware.de >
2014-01-05 17:31:06 -05:00
Luca Barbato
5bbee02ae0
shorten: Extend fixed_coeffs to properly support pred_order 0
...
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b2148faca9siretart@tauware.de >
2014-01-05 17:30:53 -05:00
Reinhard Tartler
f53a5332b0
Prepare for 9.11 RELEASE
2014-01-05 17:23:12 -05:00
Luca Barbato
e361fde8b0
avi: properly fail if the dv demuxer is missing
...
CC: libav-stable@libav.org
(cherry picked from commit 1cac9accbdsiretart@tauware.de >
2014-01-05 17:21:47 -05:00
Luca Barbato
1d7a453dcf
prores: Reject negative run and level values
...
Sample-Id: 00000611-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c0de9a23c7siretart@tauware.de >
2014-01-05 17:21:35 -05:00
Anton Khirnov
481e55eba7
audio_mix: fix channel order in mix_1_to_2_fltp_flt_c
...
CC:libav-stable@libav.org
(cherry picked from commit df6737a55fsiretart@tauware.de >
2014-01-05 17:21:24 -05:00
Luca Barbato
03457cabd6
indeo4: Check the inherited quant_mat
...
Invalidate it if not supported.
Sample-Id: 00000262-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c9ef6b0932siretart@tauware.de >
Conflicts:
libavcodec/indeo4.c
2014-01-05 17:21:07 -05:00
Luca Barbato
0358a099f8
indeo4: Check the block size if reusing the band configuration
...
Sample-Id: 00000287-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 0cb83c5638siretart@tauware.de >
2014-01-05 17:16:42 -05:00
Luca Barbato
2656036757
ffv1: Assume bitdepth 0 means 8bit
...
CC: libav-stable@libav.org
Reported-by: debian/726189
(cherry picked from commit a90905db2esiretart@tauware.de >
2014-01-05 17:15:41 -05:00
Anton Khirnov
f9f2591beb
alsa-audio-dec: explicitly cast the delay to a signed int64
...
Otherwise the expression will be evaluated as unsigned, which will break
when the result should be negative.
CC:libav-stable@libav.org
(cherry picked from commit 089fac77a6siretart@tauware.de >
2014-01-05 17:15:04 -05:00
Anton Khirnov
cbf51c4d36
matroskadec: pad EBML_BIN data.
...
It might be passed to code requiring padding, such as lzo decompression.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 30be1ea33esiretart@tauware.de >
2014-01-05 17:13:19 -05:00
Anton Khirnov
26221a54ec
motionpixels: clip VLC codes.
...
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit ca41c72c6dsiretart@tauware.de >
2014-01-05 17:13:08 -05:00
Anton Khirnov
7c214e313c
avidec: fix a memleak in the dv init code.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit ce9bba5340siretart@tauware.de >
2014-01-05 17:12:52 -05:00
Anton Khirnov
7b337b1229
truemotion1: make sure index does not go out of bounds
...
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit c918e08b9csiretart@tauware.de >
2014-01-05 17:12:39 -05:00
Anton Khirnov
51ff11647f
pcx: round up in bits->bytes conversion in a buffer size check
...
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 430d121964siretart@tauware.de >
2014-01-05 17:12:31 -05:00
Michael Niedermayer
35f9a0896e
omadec: Fix wrong number of array elements
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: David Goldwich <david.goldwich@gmail.com >
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net >
(cherry picked from commit 97f50e92b5siretart@tauware.de >
2014-01-05 17:12:19 -05:00
Michael Niedermayer
cdc47c4813
omadec: check GEOB sizes against buffer size
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: David Goldwich <david.goldwich@gmail.com >
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net >
(cherry picked from commit 1c736bedd9siretart@tauware.de >
2014-01-05 17:12:06 -05:00
Michael Niedermayer
e776a1e8f3
ac3dec: fix outptr increment.
...
Fixes corrupt data errors when downmixing in the AC-3 decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com >
CC:libav-stable@libav.org
(cherry picked from commit 6c82c87dbbsiretart@tauware.de >
2014-01-05 17:11:54 -05:00
Luca Barbato
d6d2617d07
avio: Use AVERROR_PROTOCOL_NOT_FOUND
...
When the protocol is missing ffurl_alloc() should return
AVERROR_PROTOCOL_NOT_FOUND instead of AVERROR(ENOENT).
Bug-Id: 577
CC: libav-stable@libav.org
(cherry picked from commit ea71aafd68siretart@tauware.de >
2014-01-05 17:08:19 -05:00
Luca Barbato
0e8ae6d10c
mpegvideo: Drop a faulty assert
...
That check is easily reachable by faulty input.
CC:libav-stable@libav.org
Reported-by: Torsten Sadowski <tsadowski@gmx.net >
(cherry picked from commit 72072bf9desiretart@tauware.de >
2014-01-05 17:08:03 -05:00
Justin Ruggles
24a8dfd37b
lavr: check that current_buffer is not NULL before using it
...
Fixes a segfault during resampling when compiled with -DDEBUG.
Fixes all fate-lavr-resample tests with -DDEBUG.
CC:libav-stable@libav.org
(cherry picked from commit 211ca69b13siretart@tauware.de >
2014-01-05 17:07:46 -05:00
Anton Khirnov
a8f6d93071
pmpdec: check that there is at least one audio packet.
...
The code cannot handle there being none, but that should not happen for
valid files.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 1b5d065ca7siretart@tauware.de >
2014-01-05 17:01:18 -05:00
Anton Khirnov
ffa83bcc49
lzw: switch to bytestream2
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit e89aa4bf56siretart@tauware.de >
2014-01-05 17:01:03 -05:00
Anton Khirnov
819541ff83
gifdec: convert to bytestream2
...
(cherry picked from commit 1f3e56b6dcsiretart@tauware.de >
2014-01-05 17:00:51 -05:00
Anton Khirnov
c5c7e3e6f7
gifdec: check that the image dimensions are non-zero
...
Also add an error message an return a more suitable error code
(INVALIDDATA, not EINVAL);
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit c453723ad7siretart@tauware.de >
2014-01-05 17:00:40 -05:00
Anton Khirnov
5e7a5dd70b
gifdec: return meaningful error codes.
...
(cherry picked from commit 048ffb9bb2siretart@tauware.de >
2014-01-05 16:59:55 -05:00
Anton Khirnov
f194f2be41
eacmv: check the framerate before setting it.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 24057c8320siretart@tauware.de >
Conflicts:
libavcodec/eacmv.c
2014-01-05 16:57:17 -05:00
Anton Khirnov
343c87ac19
rv30: fix extradata size check.
...
It has been checking the number of bits in the offset instead of the
actual offset.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit a6a2282c25siretart@tauware.de >
2014-01-05 16:52:11 -05:00
Martin Storsjö
12479588d7
sdp: Check that fmt->oformat is non-null before accessing it
...
This avoids crashes when avserver tries to create an SDP, since
d77f4aflibav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st >
(cherry picked from commit 82b9799bb2siretart@tauware.de >
2014-01-05 16:49:49 -05:00
Aurelien Jacobs
3e089e8f71
matroskadec: use correct compression parameters for current track CodecPrivate
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net >
(cherry picked from commit 8b516f154asiretart@tauware.de >
2014-01-05 16:49:15 -05:00
Kostya Shishkov
5dcc179924
vc1: Reset numref if fieldmode is not set
...
There are samples in the wild with B-frames and P-frames with different
interlace mode.
CC: libav-stable@libav.org
Reported-by: Jean-Baptiste Kempf <jb@videolan.org >
Signed-off-by: Luca Barbato <lu_zero@gentoo.org >
(cherry picked from commit de44dfc7c0siretart@tauware.de >
2014-01-05 16:48:34 -05:00
Martin Storsjö
bdb975ab69
arm: Don't clobber callee saved registers in scalarproduct
...
q4-q7/d8-d15 are supposed to not be clobbered by the callee.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st >
(cherry picked from commit d307e408d4martin@martin.st >
2013-12-20 21:26:12 +02:00
Reinhard Tartler
3f7d89034b
alsdec: check block length
...
Fix writing over the end
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Addresses: CVE-2013-0845
(cherry picked from commit 2a0fb7286dsiretart@tauware.de >
2013-12-14 12:51:40 -05:00
Anton Khirnov
718a2ddcb8
h264/mpegvideo: do not provide pixel formats for hwaccels that are not compiled in
2013-11-29 20:09:44 +01:00
Anton Khirnov
bd405475ce
mpeg4video_parser: init mpeg4 static tables.
...
They are used when decoding the frame header.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net >
2013-11-27 09:51:42 +01:00
Anton Khirnov
56eded8bc7
mpeg4videodec: split initializing static tables into a separate function
...
Signed-off-by: Anton Khirnov <anton@khirnov.net >
2013-11-27 09:47:01 +01:00
Diego Biurrun
a3f8c6a427
x86: ac3dsp: Remove 3dnow version of ff_ac3_extract_exponents
...
The function requires increasing the fuzz factor for the ac3/eac3 encode
tests and even so makes fate fail. It only provides a slight encoding
speedup for legacy CPUs that do not support SSE2. Thus its benefit is not
worth the trouble it creates and fixing it would be a waste of time.
2013-10-31 12:09:55 +01:00
Ben Jackson
311583e779
pthread: Avoid spurious wakeups
...
pthread_wait_cond can wake up unexpectedly (Wikipedia: Spurious_wakeup).
The FF_THREAD_SLICE thread mechanism could spontaneously execute
jobs or allow the caller of avctx->execute to return before all
jobs were complete.
Test both cases to ensure the wakeup is real.
Signed-off-by: Ben Jackson <ben@ben.com >
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com >
Signed-off-by: Luca Barbato <lu_zero@gentoo.org >
2013-10-21 12:25:26 -04:00
Derek Buitenhuis
1a5a6ac01b
pthread: Fix deadlock during thread initialization
...
Sometimes, if pthread_create() failed, then pthread_cond_wait() could
accidentally be called in the worker threads after the uninit function
had already called pthread_cond_broadcast(), leading to a deadlock.
Don't call pthread_cond_wait() if c->done is set.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com >
2013-10-21 12:25:16 -04:00
Reinhard Tartler
bb81b2b2e0
Fix top-level description
2013-10-10 09:56:40 -04:00
Reinhard Tartler
58287d3b10
update Changelog
2013-10-10 08:50:09 -04:00
