Anton Khirnov
e1f0c41e1a
avconv: fix parsing the AVOptions for -target
...
CC: libav-stable@libav.org
(cherry picked from commit f5245a9c62anton@khirnov.net >
(cherry picked from commit f7395926f2anton@khirnov.net >
2014-08-27 06:37:00 +00:00
Anton Khirnov
8d7839fc7c
avconv: fix the muxrate values for -target
...
The mpegenc private option values are in 50-byte units.
CC: libav-stable@libav.org
(cherry picked from commit 1688eef253anton@khirnov.net >
(cherry picked from commit 7bc37641e3anton@khirnov.net >
2014-08-27 06:36:55 +00:00
Anton Khirnov
bbd632082b
mpegenc: limit the maximum muxrate
...
It is written to the file as a 22-bit value.
CC: libav-stable@libav.org
(cherry picked from commit 75bbaf2493anton@khirnov.net >
Conflicts:
libavformat/mpegenc.c
(cherry picked from commit 3ac0638d57anton@khirnov.net >
2014-08-27 06:36:48 +00:00
Michael Niedermayer
e4fb53c73a
ffv1dec: check that global parameters do not change in version 0/1
...
Such changes are neither allowed nor supported
Found-by: ami_stuff
Bug-Id: CVE-2013-7020
CC: libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net >
(cherry picked from commit da7d839a0danton@khirnov.net >
2014-08-12 10:35:09 +00:00
Reinhard Tartler
bd41211395
Re-release 9.15 as 9.16
...
This is a clean fixup of the tagging mistake in the v9.15 release
2014-08-09 08:55:45 -04:00
Reinhard Tartler
e86074e6ef
Prepare for 9.15 Release
2014-08-08 21:57:46 -04:00
Reinhard Tartler
8da037af33
Update Changelog for v9.15
2014-08-08 20:46:15 -04:00
Michael Niedermayer
41e8591515
update for 1.1.13
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 22:45:52 +02:00
Michael Niedermayer
a04bb8d6e7
avcodec/dvdsub_parser: print message if packet is smaller than the packet size field
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
(cherry picked from commit bcc898dd26michaelni@gmx.at >
2014-08-08 16:19:48 +02:00
Michael Niedermayer
1298aa8318
avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
(cherry picked from commit 81c1657a59michaelni@gmx.at >
2014-08-08 16:19:48 +02:00
Michael Niedermayer
e5fcc16a1f
avcodec/dvdsub_parser: never return 0 when the input isnt 0
...
Fixes a infinite loop
Fixes Ticket3804
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
(cherry picked from commit cfdb30d2f1michaelni@gmx.at >
2014-08-08 16:19:48 +02:00
Michael Niedermayer
fe461238d3
avformat/utils: do not wait for packets from discarded streams for genpts
...
Fixes long loop
Fixes Ticket3208
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
(cherry picked from commit 8202c49b43michaelni@gmx.at >
2014-08-08 16:19:48 +02:00
Michael Niedermayer
b52952c6e9
Merge commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4' into release/1.1
...
* commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4':
Update Changelog for v9.15
Conflicts:
Changelog
Not merged as the changelog doesnt apply 1:1 to FFmpeg
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 16:08:16 +02:00
Michael Niedermayer
b65c290f7f
Merge commit '52254067b312e78d30bbe79fc33dbdf995b22b4e' into release/1.1
...
* commit '52254067b312e78d30bbe79fc33dbdf995b22b4e':
error_concealment: avoid using the picture if not fully setup
Conflicts:
libavcodec/error_resilience.c
See: 68a0477bc0michaelni@gmx.at >
2014-08-08 16:06:27 +02:00
Michael Niedermayer
437848e37a
vp3: Copy all 3 frames for thread updates
...
Fixes a double release of the current frame on deinit.
Bug-Id: CVE-2011-3934
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com >
2014-08-08 14:57:01 +01:00
Michael Niedermayer
09e3fe79fc
avcodec/svq1dec: Fix multiple bugs from "svq1: do not modify the input packet"
...
Add padding, clear size, use the correct pointer.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at >
(cherry picked from commit 4213fc5b9emichaelni@gmx.at >
2014-08-08 15:49:50 +02:00
Michael Niedermayer
e4b1cffade
Merge commit 'af9b62654d5aa023a96906215365532d18541a09' into release/1.1
...
* commit 'af9b62654d5aa023a96906215365532d18541a09':
svq1: do not modify the input packet
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 15:48:57 +02:00
Michael Niedermayer
06f7e87e15
Merge commit '80c268eaaee402695a74d14acf76063100692a99' into release/1.1
...
* commit '80c268eaaee402695a74d14acf76063100692a99':
cdgraphics: do not return 0 from the decode function
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 15:47:34 +02:00
Michael Niedermayer
420f63984b
Merge commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83' into release/1.1
...
* commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83':
cdgraphics: switch to bytestream2
Conflicts:
libavcodec/cdgraphics.c
See: ad002e1a13michaelni@gmx.at >
2014-08-08 15:45:19 +02:00
Michael Niedermayer
91437631d7
Merge commit 'c53effc41b9359261b17c8da3b7062369cafd686' into release/1.1
...
* commit 'c53effc41b9359261b17c8da3b7062369cafd686':
huffyuvdec: check width size for yuv422p
Conflicts:
libavcodec/huffyuvdec.c
See: 6abb9a901fmichaelni@gmx.at >
2014-08-08 15:20:18 +02:00
Michael Niedermayer
0d6ed2f13f
Merge commit 'ede738880032db62b7dc5b3712f769d3826f5974' into release/1.1
...
* commit 'ede738880032db62b7dc5b3712f769d3826f5974':
mmvideo: check horizontal coordinate too
See: See: 8d3c99e825michaelni@gmx.at >
2014-08-08 15:17:14 +02:00
Michael Niedermayer
a88236f3d5
Merge commit '36d8914f1b94e4731d2fc67162902839c106e72e' into release/1.1
...
* commit '36d8914f1b94e4731d2fc67162902839c106e72e':
wmalosslessdec: fix mclms_coeffs* array size
See: ec9578d54dmichaelni@gmx.at >
2014-08-08 14:57:28 +02:00
Michael Niedermayer
02018a359e
Merge commit '146b187113e3cc20c2a97c5f264da13e701ca247' into release/1.1
...
* commit '146b187113e3cc20c2a97c5f264da13e701ca247':
lavc: Check the image size before calling get_buffer
Conflicts:
libavcodec/utils.c
See: 668494acd8michaelni@gmx.at >
2014-08-08 14:54:53 +02:00
Michael Niedermayer
451bc8ee2f
Merge commit '43d676432740c6d5e5234ed343f13902909fd124' into release/1.1
...
* commit '43d676432740c6d5e5234ed343f13902909fd124':
huffyuv: Check and propagate function return values
Conflicts:
libavcodec/huffyuvdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 14:38:20 +02:00
Michael Niedermayer
ae7ea2eabf
Merge commit '512354191328c559fcff56070dab897ee2a1b4c1' into release/1.1
...
* commit '512354191328c559fcff56070dab897ee2a1b4c1':
h264: prevent theoretical infinite loop in SEI parsing
Conflicts:
libavcodec/h264_sei.c
See: 9decfc17bbmichaelni@gmx.at >
2014-08-08 14:33:21 +02:00
Michael Niedermayer
0bcf514198
Merge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1
...
* commit '01f9540320279954b2764645ab7136847d53d89f':
h264_sei: check SEI size
Conflicts:
libavcodec/h264_sei.c
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 14:24:54 +02:00
Michael Niedermayer
1ee5e2ce3d
Merge commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec' into release/1.1
...
* commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec':
pgssubdec: Check RLE size before copying
See: c0d68be555michaelni@gmx.at >
2014-08-08 14:20:41 +02:00
Michael Niedermayer
6e83c26620
Merge commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0' into release/1.1
...
* commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0':
fate: Add dependencies for dct/fft/mdct/rdft tests
Conflicts:
libavcodec/fft-test.c
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 14:14:06 +02:00
Michael Niedermayer
a4de70df20
Merge commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e' into release/1.1
...
* commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e':
video4linux2: Avoid a floating point exception
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 14:13:40 +02:00
Michael Niedermayer
eaf64192d8
Merge commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83' into release/1.1
...
* commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83':
vf_select: Drop a debug av_log with an unchecked double to enum conversion
Conflicts:
libavfilter/f_select.c
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 14:06:36 +02:00
Michael Niedermayer
c074feed29
Merge commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8' into release/1.1
...
* commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8':
eamad: use the bytestream2 API instead of AV_RL
Conflicts:
libavcodec/eamad.c
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 13:55:06 +02:00
Michael Niedermayer
53c3abc108
Merge commit '3ecbd911ff9177097820e5d00401c9bf29e5d167' into release/1.1
...
* commit '3ecbd911ff9177097820e5d00401c9bf29e5d167':
Update Changelog for v9.14
Prepare for 9.14 Release
Conflicts:
Changelog
RELEASE
Not merged as this doesnt apply 1:1 to our releases
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 13:48:19 +02:00
Michael Niedermayer
6333c6c17d
Merge commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240' into release/1.1
...
* commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240':
adpcm: Write the proper predictor in trellis mode in IMA QT
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 13:32:56 +02:00
Michael Niedermayer
5fa56e6e62
Merge commit '744e7eea5d815efea777b6179d96e8d94b63ccfa' into release/1.1
...
* commit '744e7eea5d815efea777b6179d96e8d94b63ccfa':
adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 13:31:09 +02:00
Michael Niedermayer
cf7f798984
Merge commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f' into release/1.1
...
* commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f':
Check mp3 header before calling avpriv_mpegaudio_decode_header().
Conflicts:
libavformat/mp3enc.c
See: See: 2dd0da787cmichaelni@gmx.at >
2014-08-08 12:52:20 +02:00
Michael Niedermayer
244a58fff0
Merge commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f' into release/1.1
...
* commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f':
Check if an mp3 header is using a reserved sample rate.
Merged-by: Michael Niedermayer <michaelni@gmx.at >
2014-08-08 12:48:55 +02:00
Luca Barbato
addbaf1348
mpegts: Do not try to write a PMT larger than SECTION_SIZE
...
Prevent out of array write.
Similar to what Michael Niedermayer did to address the same issue.
Bug-Id: CVE-2014-2263
CC: libav-stable@libav.org
2014-08-07 20:07:31 +02:00
Luca Barbato
694b7cd873
mpegts: Define the section length with a constant
...
The specification says the value is expressed in 10 bits including
the 4-byte CRC.
2014-08-07 13:30:21 +02:00
Reinhard Tartler
ecda9b90ec
Update Changelog for v9.15
2014-08-06 20:07:33 -04:00
Michael Niedermayer
52254067b3
error_concealment: avoid using the picture if not fully setup
...
Fixes state becoming inconsistent and a null pointer dereference.
CC: libav-stable@libav.org
Bug-Id: CVE-2013-0860
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com >
Signed-off-by: Anton Khirnov <anton@khirnov.net >
2014-08-06 19:25:56 +00:00
Anton Khirnov
af9b62654d
svq1: do not modify the input packet
...
The input data must remain constant, make a copy instead. This is in
theory a performance hit, but since I failed to find any samples
using this feature, this should not matter in practice.
Also, check the size of the header, avoiding invalid reads on truncated
data.
CC:libav-stable@libav.org
(cherry picked from commit 7b588bb691anton@khirnov.net >
Conflicts:
libavcodec/svq1dec.c
2014-08-06 19:10:28 +00:00
Anton Khirnov
80c268eaae
cdgraphics: do not return 0 from the decode function
...
0 means no data consumed, so it can trigger an infinite loop in the
caller.
CC:libav-stable@libav.org
(cherry picked from commit c7d9b473e2anton@khirnov.net >
Conflicts:
libavcodec/cdgraphics.c
2014-08-06 18:46:36 +00:00
Anton Khirnov
8cd67ddde4
cdgraphics: switch to bytestream2
...
Fixes possible invalid memory accesses on corrupted data.
CC:libav-stable@libav.org
Bug-ID: CVE-2013-3674
(cherry picked from commit a1599f3f7eanton@khirnov.net >
2014-08-06 18:45:57 +00:00
Michael Niedermayer
c53effc41b
huffyuvdec: check width size for yuv422p
...
Avoid out of array accesses.
CC: libav-stable@libav.org
Bug-Id: CVE-2013-0848
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com >
Signed-off-by: Anton Khirnov <anton@khirnov.net >
(cherry picked from commit a7153444dfanton@khirnov.net >
2014-08-05 20:11:08 +00:00
Michael Niedermayer
ede7388800
mmvideo: check horizontal coordinate too
...
Fixes out of array accesses.
Bug-Id: CVE-2013-3672
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com >
Signed-off-by: Anton Khirnov <anton@khirnov.net >
(cherry picked from commit 70cd3b8e65anton@khirnov.net >
2014-08-05 19:28:47 +00:00
Michael Niedermayer
36d8914f1b
wmalosslessdec: fix mclms_coeffs* array size
...
Fixes corruption of context
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Bug-Id: CVE-2014-2098
Signed-off-by: Anton Khirnov <anton@khirnov.net >
(cherry picked from commit 849b9d34c7anton@khirnov.net >
2014-08-05 15:05:22 +00:00
Luca Barbato
146b187113
lavc: Check the image size before calling get_buffer
...
Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-08-04 14:15:45 +02:00
Diego Biurrun
43d6764327
huffyuv: Check and propagate function return values
...
Bug-Id: CVE-2013-0868
inspired by a patch from Michael Niedermayer <michaelni@gmx.at >
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 744b406ff3diego@biurrun.de >
Conflicts:
libavcodec/huffyuvdec.c
2014-08-03 16:08:59 -07:00
Vittorio Giovara
5123541913
h264: prevent theoretical infinite loop in SEI parsing
...
Properly address CVE-2011-3946 and parse bitstream as described in the spec.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2014-08-01 13:36:37 +01:00
Michael Niedermayer
01f9540320
h264_sei: check SEI size
...
Signed-off-by: Anton Khirnov <anton@khirnov.net >
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com >
2014-08-01 13:36:37 +01:00
