Fixes invalid free() if any of the buffers are not allocated due to either
not decoding a header or an error prior to allocating all buffers.
Fixes CVE-2012-0858
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Add a check to avoid writing past the end of the channel_unit.components[]
array.
Bug Found by: cosminamironesei
Fixes CVE-2012-0853
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conversion of the luma intra prediction mode to one of the constrained
("alzheimer") ones can happen by crafting special bitstreams, causing
a crash because we'll call a NULL function pointer for 16x16 block intra
prediction, since constrained intra prediction functions are only
implemented for chroma (8x8 blocks).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 45b7bd7c53b41bc5ff6fc2158831f2b1b1256113)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Earlier, calling avcodec_encode_audio worked fine even if time_base
wasn't set. Now it crashes due to trying to scale the output pts to
the codec context time base. This affects e.g. VLC.
If no time_base is set for audio codecs, set it to the sample
rate.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 9a7dc618c50902e7a171f2deda6430d52c277a95)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This way, if the AVCodecContext is allocated for a specific codec, the
caller doesn't need to store this codec separately and then pass it
again to avcodec_open2().
It also allows to set codec private options using av_opt_set_* before
opening the codec.
(cherry picked from commit bc901998487bf9b77a423961d9f961bcc28a9291)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
I.e. free the priv_data and other stuff allocated in
avcodec_alloc_context3() and not segfault.
(cherry picked from commit 0e72ad95f9fef6a6b8ae55e47339a5c40526502f)
It allows to check whether an AVCodecContext is open in a documented
way. Right now the undocumented way this check is done in lavf/lavc is
by checking whether AVCodecContext.codec is NULL. However it's desirable
to be able to set AVCodecContext.codec before avcodec_open2().
(cherry picked from commit af08d9aeea870de017139f7b1c44b7d816cf8e56)
Conflicts:
doc/APIchanges
Since we are clipping before we shift the values to
16 or 32 bits, we should not shift the min/max clip
values to compensate.
Fixes 8 and 24 bit lossy decoding.
Fixes ticket #871.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 480b133e6f79c470aff0f84d9ed3648d37c32b03)
This has been implemented more correctly.
This reverts commit a915618a29f3f4197832151a4ed03ccdd585f9cf.
(cherry picked from commit 32e74395a8e88dee1c149aeb36e7a21df431c181)
This reverts e6e7bfc1 and 365e1ec2.
The code may be incorrect both before and after the revert, but we
do not have any samples that were fixed by the original commits.
Fixes ticket #871.
(cherry picked from commit a915618a29f3f4197832151a4ed03ccdd585f9cf)
we dont carry the whole git history in releases so theres no
point in having this in them either.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8801fac365549a43a639e239faba409d8f91ef86)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes not yet fixed parts of CVE-2011-3946.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (22 commits)
wma: Clip WMA1 and WMA2 frame length to 11 bits.
movenc: Don't require frame_size to be set for modes other than mov
doc: Update APIchanges with info on muxer flushing
movenc: Reindent a block
tools: Remove some unnecessary #undefs.
rv20: prevent calling ff_h263_decode_mba() with unset height/width
tools: K&R reformatting cosmetics
Ignore generated aviocat and ismindex tools.
build: Automatically include architecture-specific library Makefile snippets.
indeo5: prevent null pointer dereference on broken files
pktdumper: Use usleep instead of sleep
cosmetics: Remove some unnecessary block braces.
Drop unnecessary prefix from *sink* variable and struct names.
Add a tool for creating smooth streaming manifests
movdec: Calculate an average bit rate for fragmented streams, too
movenc: Write the sample rate instead of time scale in the stsd atom
movenc: Add a separate ismv/isma (smooth streaming) muxer
movenc: Allow the caller to decide on fragmentation
libavformat: Add a flag for muxers that support write_packet(NULL) for flushing
movenc: Add support for writing fragmented mov files
...
Conflicts:
Changelog
cmdutils.c
cmdutils.h
doc/APIchanges
ffmpeg.c
ffplay.c
libavfilter/Makefile
libavformat/Makefile
libavformat/avformat.h
libavformat/movenc.c
libavformat/movenc.h
libavformat/version.h
tools/graph2dot.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.
Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The field frame_size isn't written to the output anywhere except
than in mov.
This facilitates stream copy from formats that don't set frame_size.
Signed-off-by: Martin Storsjö <martin@martin.st>
Also add some space around operators and wrap a comment
that extends past the 80 char "limit"/guideline.
Signed-off-by: Martin Storsjö <martin@martin.st>
