ffmpeg

Author	SHA1	Message	Date
Ronald S. Bultje	7fe4c8cb76	h263: more strictly forbid frame size changes with frame-mt. Prevents crashes because the old check was incomplete. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `2d22d4307d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Ronald S. Bultje	746f1594d7	h264: additional protection against unsupported size/bitdepth changes. Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `732f9fcfe5`) Conflicts: libavcodec/h264.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Ronald S. Bultje	0e4bb0530f	tta: prevents overflows for 32bit integers in header. This prevents sample_rate/data_length from going negative, which caused various crashes and undefined behaviour further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `ac80b812cd`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:45 +02:00
Paul B Mahol	994c0efcc7	ttadec: CRC checking Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `2af3dc8698`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:35 +02:00
Paul B Mahol	cf5e119d4a	tta: use skip_bits_long() Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `9aff2d1753`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:28 +02:00
Michael Niedermayer	1ee1e9e43f	vqavideodev: Check image dimensions Fixes out of heap array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3583c8706d`) Independently-Found-by: Fabian Yamaguchi Fixes: CVE-2012-0947 Conflicts: libavcodec/vqavideo.c	2012-05-03 00:22:32 +02:00
Michael Niedermayer	15e9aee544	Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: (24 commits) apedec: check bits <= 32. truemotion: forbid invalid VLC bitsizes and token values. mov: don't overwrite existing indexes. truemotion2: handle out-of-frame motion vectors through edge extension. lzw: prevent buffer overreads. truemotion2: convert packet header reading to bytestream2. lagarith: fix buffer overreads. raw: forward avpicture_fill() error code in raw_decode(). vc1: Do not read from array if index is invalid. utvideo: port header reading to bytestream2. bytestream: add more unchecked variants for bytestream2 API bytestream: K&R formatting cosmetics bytestream: Add bytestream2 writing API. aac: Reset PS parameters on header decode failure. mov: Do not read past the end of the ctts_data table. xwma: Validate channels and bits_per_coded_sample. asf: reset side data elements on packet copy. vqa: check palette chunk size before reading data. vqavideo: port to bytestream2 API wmavoice: fix stack overread. ... Conflicts: cmdutils.c cmdutils.h libavcodec/lagarith.c libavcodec/truemotion2.c libavcodec/vqavideo.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-03 00:20:54 +02:00
Michael Niedermayer	e8050f313e	apedec: check bits <= 32. Fixes a floating-point exception further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> (cherry picked from commit `420d1df2e2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	be424d86a8	truemotion: forbid invalid VLC bitsizes and token values. SHOW_UBITS() is only defined up to n_bits is 25, therefore forbid values larger than this in get_vlc2() (max_bits). tokens[][] can be used as an index in deltas[], which has a size of 64, so ensure the values are smaller than that. This prevents crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `b7b1509d06`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	a08cb950b2	mov: don't overwrite existing indexes. Prevents all kind of badness if files contain multiple indexes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `4f7c7624c0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	46f8bbfc6d	truemotion2: handle out-of-frame motion vectors through edge extension. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `bf39d3b59d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	562c6a7bf1	lzw: prevent buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `ddcf67c8a5`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	e711ccee4d	truemotion2: convert packet header reading to bytestream2. Also use correct buffer sizes in calls to tm2_read_stream(). Together, this prevents overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `bd508d435b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	d6372e80fe	lagarith: fix buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `0a82f5275f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	29d91e9161	raw: forward avpicture_fill() error code in raw_decode(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `98df2e2414`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Mashiat Sarker Shakkhar	583f57f04a	vc1: Do not read from array if index is invalid. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `95b192de5d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Ronald S. Bultje	f8f6c14f54	utvideo: port header reading to bytestream2. Fixes crash during slice size reading if slice_end goes negative. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `ec0ed97b04`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Paul B Mahol	9e24f2a1f0	bytestream: add more unchecked variants for bytestream2 API Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `f1ce053cd0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Aneesh Dogra	e788c6e9cb	bytestream: K&R formatting cosmetics Signed-off-by: Diego Biurrun <diego@biurrun.de> (cherry picked from commit `ab9ae40152`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Aneesh Dogra	2e681cf50f	bytestream: Add bytestream2 writing API. Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `db7d45237a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Alex Converse	9ddd3abe78	aac: Reset PS parameters on header decode failure. If the next header frame codes zero envelopes the previous frame's values will be used. Consequently the invalid values must be cleared. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `a237b38021`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Alex Converse	86bd0244ec	mov: Do not read past the end of the ctts_data table. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `86f2ae06b9`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Alex Converse	15de658c04	xwma: Validate channels and bits_per_coded_sample. This prevents a SIGFPE later on. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `5023b89bba`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Ronald S. Bultje	19d3f7d8ac	asf: reset side data elements on packet copy. Prevents crash (double free) when free()ing the original packet. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `e73c6aaabf`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Ronald S. Bultje	c21b858b27	vqa: check palette chunk size before reading data. Prevents overreads beyond buffer boundaries. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `75d7975268`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Paul B Mahol	0b9bb581fd	vqavideo: port to bytestream2 API Protects against overreads. Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `5a3a906ba2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	105601c151	wmavoice: fix stack overread. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `262196445c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	3a4949aa50	indeo4: fix out-of-bounds function call. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit `68fd077f68`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Reinhard Tartler	ec554ee747	Read preset files with suffix .avpreset The preset files have been renamed some time ago. CC: libav-stable@libav.org (cherry picked from commit `050dc12778`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	bf3998d71e	mimic: don't use self as reference, and report completion at end of decode(). Fixes hangs on corrupt samples that reference self-frames. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `80387f0e25`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	87208b8fc4	mpeg4: report frame decoding completion at ff_MPV_frame_end(). Prevents hangs on corrupt input. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `c6ccb96bc9`) Conflicts: libavcodec/mpegvideo.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	265a628f16	h264: use struct offsets in get_cabac_bypass_sign_x86(). (cherry picked from commit `db025929f2`)	2012-04-21 21:41:30 +02:00
ami_stuff	a854d00acd	Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Fixes an AAC decoding issue with the sample from ticket #213 on machines with SSE but without SSE2. Based on 89411a by Reimar. (cherry picked from commit `f6b7863808`)	2012-04-04 09:16:49 +02:00
Stefano Sabatini	d076d0febd	lavfi/fade: fix black level for non studio-level pixel formats Fix trac ticket #1139, regression introduced in `8c1fb50d07`. (cherry picked from commit `95ce0ddcfe`)	2012-04-04 09:04:15 +02:00
Michael Niedermayer	a56eaa024f	mpeg4: dont reset picture_num for xvid Fixes Ticket1162 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a4e359a3f9`)	2012-04-04 08:38:18 +02:00
Michael Niedermayer	fdc6f6507c	h264: fix seeking in low delay streams without IDR Fixes Ticket1165 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3360b8517a`)	2012-04-04 08:38:06 +02:00
Michael Niedermayer	976d173606	Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: id3v2: fix skipping extended header in id3v2.4 Conflicts: libavformat/id3v2.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-02 00:52:23 +02:00
Anton Khirnov	989431c02f	id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit `ddb4431208`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-04-01 19:30:21 +02:00
Franz Brauße	f9bdc93723	smacker audio: sign-extend the initial 16-bit predicted value Fixes Bug #265 Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `12cbbbb4ab`)	2012-04-01 13:57:49 +02:00
Tomas Härdin	e687d77d15	mxfdec: Only parse next partition pack if parsing forward This fixes ticket #1099. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `393b81f093`)	2012-03-21 13:25:59 +01:00
Michael Niedermayer	abfafb6c81	pngenc: Fix incorrect mask used for interlaced mode. Fixes Ticket1109 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `15db6a9590`)	2012-03-21 10:50:58 +01:00
Michael Niedermayer	f139838d64	Update for 0.10.2 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.10.2	2012-03-17 09:14:13 +01:00
Kelly Anderson	0a224ab102	libx264: fix duplicate stats entry Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-03-17 08:56:59 +01:00
Michael Niedermayer	d39b183d8d	Update for 0.10.1 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.10.1	2012-03-17 01:41:41 +01:00
Stefano Sabatini	dc8054128a	lavfi: port MP swapuv filter (cherry picked from commit `fa35d880aa`) Conflicts: Changelog libavfilter/version.h Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-03-17 00:36:18 +01:00
Michael Niedermayer	001f4c7dc6	jpeglsdec: Prevent out of array write. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `00ab9cdae1`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-03-16 16:46:30 +01:00
Michael Niedermayer	313ddbfe48	proresdec: Fix read via negative index in a global array. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `0065080320`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-03-16 16:42:49 +01:00
Michael Niedermayer	7f5bd6c72b	diracdec: Correct the bytestream end pointer. This fixes some arith decoder overreads and a potential infinite loop. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `0f13cc732b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-03-16 16:00:07 +01:00
Michael Niedermayer	0be85fd80f	diracdec: Check for negative quants which would cause out of array reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5cd8afee99`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-03-16 15:59:30 +01:00
Michael Niedermayer	9f253ebb41	diracdec: Fix integer overflow leading to out of global array read. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `9729f140ae`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-03-16 15:59:21 +01:00

1 2 3 4 5 ...

37466 Commits