If there is an error during frame parsing, but AVCodecContext.channels was
changed and AC3DecodeContext.out_channels was set previously, the two may not
match.
Fixes CVE-2012-2802
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
* qatar/master:
h264: avoid stuck buffer pointer in decode_nal_units
mpeg12: fix the semantics of the int* parameter of decode()
Conflicts:
libavcodec/mpeg12.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'd9a2e87b1ce44cce23801e7ec6810f8bf994fa23':
mpeg12: move mpeg_decode_frame() lower
avsdec: Set dimensions instead of relying on the demuxer.
wmalosslessdec: Reset put bit buffer when num_saved_bits is reset.
Conflicts:
libavcodec/avs.c
libavcodec/mpeg12.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'd05f72c75445969cd7bdb1d860635c9880c67fb6':
dfa: improve boundary checks in decode_dds1()
wmalosslessdec: Fix reading too many bits in decode_channel_residues()
wmalosslessdec: fix a get_bits(0) in decode_ac_filter
wmalosslessdec: make MCLMS arrays big enough for what is written into them.
indeo4/5: check empty tile size in decode_mb_info().
ivi_common: make ff_ivi_process_empty_tile() static.
indeo5: check tile size in decode_mb_info().
indeo3: fix out of cell write.
Conflicts:
libavcodec/dfa.c
libavcodec/indeo3.c
libavcodec/indeo5.c
libavcodec/ivi_common.c
libavcodec/wmalosslessdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.
This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.
With this change, the remaining bytes are skipped so the whole packet gets
consumed.
CC:libav-stable@libav.org
Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The decode function assumes that the video will have those dimensions.
Fixes CVE-2012-2801
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2012-2800
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Fixes CVE-2012-2794
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Add a small table of integers instead as this is simpler and
avoid rounding issues (though such rounding issues are unlikely in this case)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The values are checked in the wraper function used to call this code.
This was introduced by: ee715f49a06bf3898246d01b056284a9bb1bcbb9
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b146d74730ab9ec5abede9066f770ad851e45fbc':
indeo4: update AVCodecContext width/height on size change
dfa: check that the caller set width/height properly.
indeo5dec: Make sure we have had a valid gop header.
cavsdec: check for changing w/h.
lavc: set channel count from channel layout in avcodec_open2().
doc/platform: Rework the Visual Studio linking section
doc/faq: Change the Visual Studio entry to reflect current status
doc/platform: Replace Visual Studio section with build instructions
doc/platform: Nuke section on linking static MinGW-built libs with MSVC
doc/platform: Remove false claim about MinGW installer
doc/platform: Mention MinGW-w64
dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction()
mpegaudiodec: fix short_start calculation
Conflicts:
doc/faq.texi
doc/platform.texi
libavcodec/cavsdec.c
libavcodec/indeo5.c
libavcodec/ivi_common.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
