Commit Graph

35152 Commits

Author SHA1 Message Date
Justin Ruggles
56b6a43056 ac3dec: ensure get_buffer() gets a buffer for the correct number of channels
If there is an error during frame parsing, but AVCodecContext.channels was
changed and AC3DecodeContext.out_channels was set previously, the two may not
match.

Fixes CVE-2012-2802
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

CC: libav-stable@libav.org
2012-10-01 00:10:59 -04:00
Jindřich Makovička
1a8c6917f6 h264: avoid stuck buffer pointer in decode_nal_units
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.

This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.

With this change, the remaining bytes are skipped so the whole packet gets
consumed.

CC:libav-stable@libav.org

Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:31:17 +02:00
Anton Khirnov
0f583d20d5 mpeg12: fix the semantics of the int* parameter of decode()
It is got_output, not data_size.
2012-09-29 19:18:39 +02:00
Anton Khirnov
d9a2e87b1c mpeg12: move mpeg_decode_frame() lower
Avoids a forward declaration of decode_chunks().
2012-09-29 19:18:24 +02:00
Michael Niedermayer
85f477935c avsdec: Set dimensions instead of relying on the demuxer.
The decode function assumes that the video will have those dimensions.

Fixes CVE-2012-2801

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:18:07 +02:00
Michael Niedermayer
d65d834731 wmalosslessdec: Reset put bit buffer when num_saved_bits is reset.
Fixes CVE-2012-2799

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:17:38 +02:00
Anton Khirnov
d05f72c754 dfa: improve boundary checks in decode_dds1()
Fixes CVE-2012-2798

CC:libav-stable@libav.org
2012-09-29 19:17:07 +02:00
Anton Khirnov
6a99310fce wmalosslessdec: Fix reading too many bits in decode_channel_residues()
Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Based on a patch by Michael Niedermayer <michaelni@gmx.at>

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 19:16:32 +02:00
Michael Niedermayer
f48fbf2eb5 wmalosslessdec: fix a get_bits(0) in decode_ac_filter
Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:15:27 +02:00
Michael Niedermayer
607f57152c wmalosslessdec: make MCLMS arrays big enough for what is written into them.
Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:14:25 +02:00
Anton Khirnov
ae3da0ae55 indeo4/5: check empty tile size in decode_mb_info().
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.

Based on a patch by Michael Niedermayer <michaelni@gmx.at>

Fixes CVE-2012-2800

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 19:13:45 +02:00
Anton Khirnov
5d2170c53b ivi_common: make ff_ivi_process_empty_tile() static.
It's not used outside of ivi_common.c
2012-09-29 19:12:57 +02:00
Michael Niedermayer
2d09cdbaf2 indeo5: check tile size in decode_mb_info().
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.

Fixes CVE-2012-2794

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:12:36 +02:00
Anton Khirnov
e4d4044339 indeo3: fix out of cell write.
Fixes CVE-2012-2776.

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 19:12:04 +02:00
Anton Khirnov
065b3a1cfa wmalosslessdec: increase channel_coeffs/residues size
Fixes CVE-2012-2792

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 10:29:53 +02:00
Anton Khirnov
4a969030e4 wmalosslessdec: increase WMALL_BLOCK_MAX_BITS to 14. 2012-09-29 10:29:52 +02:00
Michael Niedermayer
b631e4ed64 lagarith: check count before writing zeros.
Fixes CVE-2012-2793

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:28:32 +02:00
Michael Niedermayer
99f392a584 wmaprodec: check num_vec_coeffs for validity
Fixes CVE-2012-2789

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:28:15 +02:00
Anton Khirnov
0af49a63c7 avidec: use actually read size instead of requested size
Fixes CVE-2012-2788
2012-09-29 09:27:59 +02:00
Anton Khirnov
eeade678f0 avidec: return 0, not packet size from read_packet(). 2012-09-29 09:27:51 +02:00
Michael Niedermayer
b146d74730 indeo4: update AVCodecContext width/height on size change
Fixes CVE-2012-2787

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:27:32 +02:00
Anton Khirnov
ee715f49a0 dfa: check that the caller set width/height properly.
Fixes CVE-2012-2786.
2012-09-29 09:27:08 +02:00
Michael Niedermayer
891918431d indeo5dec: Make sure we have had a valid gop header.
This prevents decoding happening on a half initialized context.

Fixes CVE-2012-2779

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:26:30 +02:00
Michael Niedermayer
c20a696306 cavsdec: check for changing w/h.
Our decoder does not support changing w/h.

Fixes CVE-2012-2777 and CVE-2012-2784.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:26:04 +02:00
Anton Khirnov
12e1e83461 lavc: set channel count from channel layout in avcodec_open2().
Some decoders (e.g. nellymoser) only set channel_layout and do not set
channel count.
2012-09-29 09:25:40 +02:00
Derek Buitenhuis
7d1d446990 doc/platform: Rework the Visual Studio linking section
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:52:21 -04:00
Derek Buitenhuis
ed8a2ddeea doc/faq: Change the Visual Studio entry to reflect current status
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:50:45 -04:00
Derek Buitenhuis
f45b54437a doc/platform: Replace Visual Studio section with build instructions
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:50:32 -04:00
Derek Buitenhuis
3e071551af doc/platform: Nuke section on linking static MinGW-built libs with MSVC
This practice is not supported by the MinGW developers, and even requires
patching the MinGW runtimes in newer versions. Furthermore, we now support
build with MSVC, so this section is rendered useless.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:27:59 -04:00
Derek Buitenhuis
55254a3f7f doc/platform: Remove false claim about MinGW installer
This works just fine, and has for quite a while, using the mingw-get
installer.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:27:25 -04:00
Derek Buitenhuis
6a3078bb89 doc/platform: Mention MinGW-w64
This is the toolchain most, including Libav's nightlies, use to build.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:27:13 -04:00
Michael Niedermayer
791b5954bc dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction()
This should fix the utvideoenc valgrind failure

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-09-28 12:25:07 -04:00
Luca Barbato
97cfa55eea mpegaudiodec: fix short_start calculation
The value should be always 3, as it follows from the specification.

Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
2012-09-28 16:02:39 +02:00
Nathan Caldwell
d16860a237 libopus: Remap channels using libopus' internal remapping.
This way we can directly remap channels from Opus' channel order to
libav's internal channel order, instead of mapping channels from
Opus' order to Vorbis' order then to libav's order.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-28 11:03:32 +02:00
Nicolas George
44617d6ec9 Opus decoder using libopus
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-28 11:03:20 +02:00
Nathan Caldwell
e4aa3831b7 avcodec: document the use of AVCodecContext.delay for audio decoding
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-28 10:50:07 +02:00
Kostya Shishkov
4dc8c8386e vc1dec: add flush function for WMV9 and VC-1 decoders
CC: libav-stable@libav.org
2012-09-28 07:08:54 +02:00
Duncan Salerno
8bd324e9e4 http: Increase buffer sizes to cope with longer URIs
Use the MAX_URL_SIZE define where applicable. Increase buffer
sizes for all buffers that need to fit a long pathname - buffers
that need to fit only the hostname (and other short strings, but
not the pathname - such as "headers" in http_connect) are kept
at 1024 bytes for now.

Also increase the max line length in http_read_header, since it
might need to contain a full url for Location: redirects.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-09-28 00:09:38 +03:00
Diego Biurrun
bc66827fb1 nutenc: const correctness for ff_put_v_trace/put_s_trace function arguments 2012-09-27 19:32:47 +02:00
Diego Biurrun
6c5b0517e0 h264_refs: Fix debug tprintf argument types 2012-09-27 19:10:10 +02:00
Diego Biurrun
80412997c8 golomb: const correctness for get_ue()/get_se() function arguments 2012-09-27 19:10:10 +02:00
Diego Biurrun
e00215040a get_bits: const correctness for get_bits_trace()/get_xbits_trace() arguments 2012-09-27 19:10:10 +02:00
Diego Biurrun
4e5b7f31f7 dwt: Drop unused functions spatial_compose{53|97}i() 2012-09-27 12:08:09 +02:00
Diego Biurrun
83655442fa nutdec: Remove unused and broken debug function stub 2012-09-27 12:02:33 +02:00
Diego Biurrun
0ae3ba8daa avcodec: Drop long-deprecated imgconvert.h header 2012-09-27 12:02:33 +02:00
Nathan Caldwell
bcc1f7caeb Add Opus support to the Ogg muxer.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-27 10:48:35 +02:00
Andrew D'Addesio
2a3d82ab46 Add Opus codec id and codec description.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-27 10:48:35 +02:00
Dale Curtis
0575772fa0 avformat: Identify anonymous AVIO typedef structs.
Anonymous typedef structs prevent forward declaration, this
change gives the AVIOContext and AVIOInterruptCB structures
a name.  These structures are now in line with other common
structures such as AVFormatContext and AVCodecContext.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-27 09:14:22 +02:00
Diego Biurrun
93e81ee81c nutdec: const correctness for get_v_trace/get_s_trace function arguments 2012-09-26 19:10:13 +02:00
Diego Biurrun
2dc1310484 truemotion2: Request samples for old TM2 headers 2012-09-26 19:10:13 +02:00