ffmpeg

Author	SHA1	Message	Date
ami_stuff	b56606e6bc	Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Fixes an AAC decoding issue with the sample from ticket #213 on machines with SSE but without SSE2. Based on 89411a by Reimar. (cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928)	2012-04-04 09:10:25 +02:00
Michael Niedermayer	113ca1b8db	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: id3v2: fix skipping extended header in id3v2.4 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-02 02:19:17 +02:00
Anton Khirnov	f70c720d42	id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303) Conflicts: libavformat/id3v2.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-04-01 19:35:11 +02:00
Michael Niedermayer	1014e20492	atrac3: Fix crash in tonal component decoding. Fixes Ticket780 Bug Found by: cosminamironesei Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.6.5	2012-01-12 22:10:33 +01:00
Michael Niedermayer	431cf16963	h264: check chroma_format_idc range. Fixes Ticket758 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7fff64e00d886fde11d61958888c82b461cf99b9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 22:09:56 +01:00
Michael Niedermayer	e85296beae	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: Release notes and changelog for 0.6.5 Bump version number for 0.6.5 release. vorbis: An additional defense in the Vorbis codec. vorbisdec: Fix decoding bug with channel handling Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 22:06:50 +01:00
Reinhard Tartler	62c4739348	Release notes and changelog for 0.6.5	2012-01-10 21:17:30 +01:00
Reinhard Tartler	7efa13b4b4	Bump version number for 0.6.5 release.	2012-01-10 21:02:32 +01:00
Chris Evans	a5e0afe3c9	vorbis: An additional defense in the Vorbis codec. Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit afb2aa537954db537d54358997b68f46561fd5a7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b0283ccb9e8945ce9e56f7c6ba0c676e7179d7a3) Conflicts: libavcodec/vorbis_dec.c	2012-01-08 09:29:16 +01:00
Reinhard Tartler	42f0a66968	vorbisdec: Fix decoding bug with channel handling Fixes Bug: #191 Chromium Bug: #101458 CVE-2011-3895 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e6d527ff729e42d80e4756cab779ff4ad693631b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 97f23c72a3815739ab28e297ce60f943349f6939) Conflicts: libavcodec/vorbis_dec.c	2012-01-08 09:24:13 +01:00
Michael Niedermayer	f1c9dbe40b	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() vorbis: Avoid some out-of-bounds reads vp3: fix streams with non-zero last coefficient vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-08 05:13:49 +01:00
Michael Niedermayer	b945f558c7	vp3: fix regression with mplayer-crash.ogv Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a2a12e3358c3bbdc0246ffc94973e58eba50ee30) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-08 05:13:32 +01:00
Chris Evans	90a4a46747	matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() Fixes bug #190 Chromium bug #100492 related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry-picked from commit faaec4676cb4c7a2303d50df66c6290bc96a7657) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1f625431e2bb9564760fba3ab8077ae07ce7c7a1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 22:03:48 +01:00
Chris Evans	6d6254ba9f	vorbis: Avoid some out-of-bounds reads Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 57cd6d709565e84e84385f8f2a9641ca3fa718be) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4a94678f1be4b7d47f862e9523ca3358255da5d4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 22:03:34 +01:00
Janne Grunau	ae24b5ce3a	vp3: fix streams with non-zero last coefficient Fixes a regression introduced in 8b94df0f2047e972. (cherry picked from commit 9b4767e4784577f3107730316fe652ccaccd9b3a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 82a11fcff24d9827070d77f1a3c6ba5d4dc12984) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 21:33:24 +01:00
Ronald S. Bultje	c9c7db0af2	vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) Fixes: #189 Chromium-Bug: 101172,100465 CVE-2011-3892 Removed the parts that are related to multi-threading, which is not included before 0.7. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c624935554332f8921a15265b8720f0c7b3c8cc2) Conflicts: libavcodec/vp3.c	2012-01-07 09:35:15 +01:00
Michael Niedermayer	e1a2bcbec8	h264: fix init of topleft ref/mv. Fixes Ticket778 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 680880c98db2817437e19c3fc7f6349261bbbbb0)	2011-12-28 02:20:09 +01:00
Michael Niedermayer	d32ea79ea2	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: Release notes and changelog for 0.6.4 Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at> n0.6.4	2011-12-25 20:11:09 +01:00
Reinhard Tartler	6b156c4563	Release notes and changelog for 0.6.4	2011-12-25 10:03:08 +01:00
Michael Niedermayer	57eb787ed3	Merge remote-tracking branch 'qatar/release/0.6' into release/0.6 * qatar/release/0.6: (58 commits) Bump version number for 0.6.4 release. qdm2: check output buffer size before decoding Fix qdm2 decoder packet handling to match the api 4xm: Add a check in decode_i_frame to prevent buffer overreads wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. swscale: #include "libavutil/mathematics.h" vp3dec: Check coefficient index in vp3_dequant() svq1dec: call avcodec_set_dimensions() after dimensions changed. vp6: Fix illegal read. vp6: Fix illegal read. vp6: Reset the internal state when aborting key frames header parsing vp6: Check for huffman tree build errors vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Fix out of bound reads in the QDM2 decoder. Check for out of bound writes in the QDM2 decoder. vmd: fix segfaults on corruped streams rv34: Check for invalid slice offsets rv34: Fix potential overreads rv34: Avoid NULL dereference on corrupted bitstream rv10: Reject slices that does not have the same type as the first one ... Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-25 01:24:40 +01:00
Reinhard Tartler	dbe7e209df	Bump version number for 0.6.4 release.	2011-12-24 15:59:10 +01:00
Justin Ruggles	cfb9b47a1e	qdm2: check output buffer size before decoding (cherry picked from commit 7d49f79f1cd47783a963a757a6563b9cac29db62) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 73472053516f82b7d273a3d42c583f894077a191) Conflicts: libavcodec/qdm2.c	2011-12-24 15:57:17 +01:00
Baptiste Coudurier	b26c1a8b7e	Fix qdm2 decoder packet handling to match the api Originally committed as revision 25767 to svn://svn.ffmpeg.org/ffmpeg/trunk	2011-12-24 15:54:51 +01:00
Shitiz Garg	ccd2ca0246	4xm: Add a check in decode_i_frame to prevent buffer overreads Fixes bugzilla #135 Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 355d917c0bd8163a3f1c7d4a6866dac749efdb84) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit d912a30c7d5cf9b8fdb26402804c9b0f999b4ff1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Justin Ruggles	92b964969b	wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. The initial values are not checked against the number of block sizes. Initializing them to frame_len_bits will result in a block size index of 0 in these cases instead of something that might be out-of-range. Fixes Bug 81. (cherry picked from commit 05d1e45d1f42cc90d1f2f36c546d0096cea126a8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 8dba5608dcf76032d8a9aa4bd8a3fc1392682281) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Reinhard Tartler	ca87ec53e9	swscale: #include "libavutil/mathematics.h" this file uses the M_PI macro since 4e74187db2f5db52f88729efc662df9d6bc763e1, so include the correct header directly. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5089ce1b5abe2ecbbfd7235aeb0ad47ba38305c1) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 851098c9e004b2ce294b687cb18633b038dcc3fe) Conflicts: libswscale/utils.c	2011-12-24 15:47:57 +01:00
Reinhard Tartler	bd071de29a	vp3dec: Check coefficient index in vp3_dequant() Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes NGS00145, CVE-2011-4352 Found-by: Phillip Langlois Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 8b94df0f2047e9728cb872adc9e64557b7a5152f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit bba709214a51ffd665a67404d3beb3727bb3f319) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Michael Niedermayer	8ddc0b491d	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6e24b9488e67849a28e64a8056e05f83cf439229) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 0eca0da06e40b73af495cc05fbcfaa030fcf78ea) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Thierry Foucu	94aacaf508	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit ba4b08b78918f399f9c9524750b26e904d146078) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Alex Converse	8d68083298	vp6: Fix illegal read. (cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 67a7ed623b678a84c992dd7bf3e3d0329f83621b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Laurent Aimar	e28bb18fdc	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit a72cad0a6c05aa74940101e937cb3dc602d7d67b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c76505e0dee0890e39636ddebd2707ab3ea5b8de) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Laurent Aimar	a62779d986	vp6: Check for huffman tree build errors Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 066fff755a5d8edc660c010ddb08474d208eeade) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 30c08e226156e5a36a835c008c67114f22c8da8f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:57 +01:00
Dustin Brody	201fcfb894	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 7367cbec1b8cf0cbb49707fb0fdfded8ec397b0d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:47:56 +01:00
Laurent Aimar	8856c4c5c9	Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 0d93d5c4614fafea74bdac681673f5b32eb49063) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:17:00 +01:00
Laurent Aimar	0f7bf1786e	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 291d74a46d32183653db07818c7b3407fd50a288) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:16:51 +01:00
Laurent Aimar	b99366faef	vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 15:16:36 +01:00
Laurent Aimar	da0900e8bb	rv34: Check for invalid slice offsets Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 4cc7732386eb36661ed22d1200339b38a5fa60bc) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 2bbb142a140173e1870017b66c439f4d430a6f67) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	d5551d7884	rv34: Fix potential overreads Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit b4ed3d78cb6c41c9d3ee5918c326ab925edd6a89) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit b4a1bf0bbf53cc6a736a608732b2ac1de5c2447b) Conflicts: libavcodec/rv34.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	35f1888585	rv34: Avoid NULL dereference on corrupted bitstream rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d0f6ab0298f2309c6104626787ed73416298b019) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	7cd7461ec8	rv10: Reject slices that does not have the same type as the first one This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 4a29b471869353c3077fb4b25b6518eb1047afb7) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 28d948ac44e38e8bec2f6268ccf4747ff4d992a9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	23f622de60	oggdec: fix out of bound write in the ogg demuxer Between ogg_save() and ogg_restore() calls, the number of streams could have been reduced. Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit a3d471e500674c31fa4f52a62ef789d5e7fdbd3c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Michael Niedermayer	19a99b6e6b	smacker: fix a few off by 1 errors stereo & 16bit is untested due to lack of samples Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 5166376f24545207607f61ed8ff4e1b0572ff320) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 78cd2e18a4aa2835f6d04cf145121fc82099c1a5) Conflicts: libavcodec/smacker.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	117e04cdfa	Check for invalid VLC value in smacker decoder. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 6489455495fc5bfbebcfe3f57e5d4fdd6a781091) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	5d6fe49ac9	Check and propagate errors when VLC trees cannot be built in smacker decoder. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 9676ffba8346791f494451e68d2a3b37a2918a9b) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	9f28eede5e	Fixed off by one packet size allocation in the smacker demuxer. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	6f70111e81	Check for invalid packet size in the smacker demuxer. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	4492523938	ape demuxer: fix segfault on memory allocation failure. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 4ee014309c377f7cfaa9578a393864ae500136f6) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	a97e82c487	Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6aaaf8c2dda4eb5d676974c349fae85) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Kostya Shishkov	f79f3a946f	smacker demuxer: handle possible av_realloc() failure. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 47a8589f7bc69d1a29da1dfdfbd0dfa78a9e31fd) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 0b9b3570a3e3f3eff088ee061dbab165ff3eff2f) Conflicts: libavformat/smacker.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00
Laurent Aimar	5394cdf775	Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 12:20:33 +01:00

1 2 3 4 5 ...

24177 Commits