Commit Graph

35060 Commits

Author SHA1 Message Date
Diego Biurrun
d3c40a7d1d avformat: const correctness for av_hex_dump / av_hex_dump_log 2012-10-01 13:18:28 +02:00
Diego Biurrun
d25fe4cc65 wmadec: Adjust debug printf argument length modifier 2012-10-01 12:46:41 +02:00
Diego Biurrun
1218777ffd avcodec: Convert some commented-out printf/av_log instances to av_dlog 2012-10-01 10:24:28 +02:00
Diego Biurrun
9c6cf7f2c9 avcodec: Drop silly and/or broken printf debug output 2012-10-01 10:24:28 +02:00
Diego Biurrun
6f6b0311a3 avcodec: Drop some silly commented-out av_log() invocations 2012-10-01 10:24:28 +02:00
Diego Biurrun
72eaba5e4f avformat: Convert some commented-out printf/av_log instances to av_dlog 2012-10-01 10:24:28 +02:00
Diego Biurrun
11d4e92ed9 avformat: Remove non-compiling and/or silly commented-out printf/av_log statements 2012-10-01 10:24:28 +02:00
Diego Biurrun
14d3e7ad11 Remove some silly disabled code. 2012-10-01 10:24:28 +02:00
Justin Ruggles
56b6a43056 ac3dec: ensure get_buffer() gets a buffer for the correct number of channels
If there is an error during frame parsing, but AVCodecContext.channels was
changed and AC3DecodeContext.out_channels was set previously, the two may not
match.

Fixes CVE-2012-2802
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

CC: libav-stable@libav.org
2012-10-01 00:10:59 -04:00
Jindřich Makovička
1a8c6917f6 h264: avoid stuck buffer pointer in decode_nal_units
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.

This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.

With this change, the remaining bytes are skipped so the whole packet gets
consumed.

CC:libav-stable@libav.org

Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:31:17 +02:00
Anton Khirnov
0f583d20d5 mpeg12: fix the semantics of the int* parameter of decode()
It is got_output, not data_size.
2012-09-29 19:18:39 +02:00
Anton Khirnov
d9a2e87b1c mpeg12: move mpeg_decode_frame() lower
Avoids a forward declaration of decode_chunks().
2012-09-29 19:18:24 +02:00
Michael Niedermayer
85f477935c avsdec: Set dimensions instead of relying on the demuxer.
The decode function assumes that the video will have those dimensions.

Fixes CVE-2012-2801

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:18:07 +02:00
Michael Niedermayer
d65d834731 wmalosslessdec: Reset put bit buffer when num_saved_bits is reset.
Fixes CVE-2012-2799

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:17:38 +02:00
Anton Khirnov
d05f72c754 dfa: improve boundary checks in decode_dds1()
Fixes CVE-2012-2798

CC:libav-stable@libav.org
2012-09-29 19:17:07 +02:00
Anton Khirnov
6a99310fce wmalosslessdec: Fix reading too many bits in decode_channel_residues()
Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Based on a patch by Michael Niedermayer <michaelni@gmx.at>

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 19:16:32 +02:00
Michael Niedermayer
f48fbf2eb5 wmalosslessdec: fix a get_bits(0) in decode_ac_filter
Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:15:27 +02:00
Michael Niedermayer
607f57152c wmalosslessdec: make MCLMS arrays big enough for what is written into them.
Fixes a part of CVE-2012-2795

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:14:25 +02:00
Anton Khirnov
ae3da0ae55 indeo4/5: check empty tile size in decode_mb_info().
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.

Based on a patch by Michael Niedermayer <michaelni@gmx.at>

Fixes CVE-2012-2800

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 19:13:45 +02:00
Anton Khirnov
5d2170c53b ivi_common: make ff_ivi_process_empty_tile() static.
It's not used outside of ivi_common.c
2012-09-29 19:12:57 +02:00
Michael Niedermayer
2d09cdbaf2 indeo5: check tile size in decode_mb_info().
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.

Fixes CVE-2012-2794

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 19:12:36 +02:00
Anton Khirnov
e4d4044339 indeo3: fix out of cell write.
Fixes CVE-2012-2776.

CC:libav-stable@libav.org

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 19:12:04 +02:00
Anton Khirnov
065b3a1cfa wmalosslessdec: increase channel_coeffs/residues size
Fixes CVE-2012-2792

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
2012-09-29 10:29:53 +02:00
Anton Khirnov
4a969030e4 wmalosslessdec: increase WMALL_BLOCK_MAX_BITS to 14. 2012-09-29 10:29:52 +02:00
Michael Niedermayer
b631e4ed64 lagarith: check count before writing zeros.
Fixes CVE-2012-2793

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:28:32 +02:00
Michael Niedermayer
99f392a584 wmaprodec: check num_vec_coeffs for validity
Fixes CVE-2012-2789

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:28:15 +02:00
Anton Khirnov
0af49a63c7 avidec: use actually read size instead of requested size
Fixes CVE-2012-2788
2012-09-29 09:27:59 +02:00
Anton Khirnov
eeade678f0 avidec: return 0, not packet size from read_packet(). 2012-09-29 09:27:51 +02:00
Michael Niedermayer
b146d74730 indeo4: update AVCodecContext width/height on size change
Fixes CVE-2012-2787

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:27:32 +02:00
Anton Khirnov
ee715f49a0 dfa: check that the caller set width/height properly.
Fixes CVE-2012-2786.
2012-09-29 09:27:08 +02:00
Michael Niedermayer
891918431d indeo5dec: Make sure we have had a valid gop header.
This prevents decoding happening on a half initialized context.

Fixes CVE-2012-2779

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:26:30 +02:00
Michael Niedermayer
c20a696306 cavsdec: check for changing w/h.
Our decoder does not support changing w/h.

Fixes CVE-2012-2777 and CVE-2012-2784.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-09-29 09:26:04 +02:00
Anton Khirnov
12e1e83461 lavc: set channel count from channel layout in avcodec_open2().
Some decoders (e.g. nellymoser) only set channel_layout and do not set
channel count.
2012-09-29 09:25:40 +02:00
Derek Buitenhuis
7d1d446990 doc/platform: Rework the Visual Studio linking section
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:52:21 -04:00
Derek Buitenhuis
ed8a2ddeea doc/faq: Change the Visual Studio entry to reflect current status
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:50:45 -04:00
Derek Buitenhuis
f45b54437a doc/platform: Replace Visual Studio section with build instructions
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:50:32 -04:00
Derek Buitenhuis
3e071551af doc/platform: Nuke section on linking static MinGW-built libs with MSVC
This practice is not supported by the MinGW developers, and even requires
patching the MinGW runtimes in newer versions. Furthermore, we now support
build with MSVC, so this section is rendered useless.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:27:59 -04:00
Derek Buitenhuis
55254a3f7f doc/platform: Remove false claim about MinGW installer
This works just fine, and has for quite a while, using the mingw-get
installer.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:27:25 -04:00
Derek Buitenhuis
6a3078bb89 doc/platform: Mention MinGW-w64
This is the toolchain most, including Libav's nightlies, use to build.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2012-09-28 15:27:13 -04:00
Michael Niedermayer
791b5954bc dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction()
This should fix the utvideoenc valgrind failure

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-09-28 12:25:07 -04:00
Luca Barbato
97cfa55eea mpegaudiodec: fix short_start calculation
The value should be always 3, as it follows from the specification.

Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
2012-09-28 16:02:39 +02:00
Nathan Caldwell
d16860a237 libopus: Remap channels using libopus' internal remapping.
This way we can directly remap channels from Opus' channel order to
libav's internal channel order, instead of mapping channels from
Opus' order to Vorbis' order then to libav's order.

Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-28 11:03:32 +02:00
Nicolas George
44617d6ec9 Opus decoder using libopus
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-28 11:03:20 +02:00
Nathan Caldwell
e4aa3831b7 avcodec: document the use of AVCodecContext.delay for audio decoding
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2012-09-28 10:50:07 +02:00
Kostya Shishkov
4dc8c8386e vc1dec: add flush function for WMV9 and VC-1 decoders
CC: libav-stable@libav.org
2012-09-28 07:08:54 +02:00
Duncan Salerno
8bd324e9e4 http: Increase buffer sizes to cope with longer URIs
Use the MAX_URL_SIZE define where applicable. Increase buffer
sizes for all buffers that need to fit a long pathname - buffers
that need to fit only the hostname (and other short strings, but
not the pathname - such as "headers" in http_connect) are kept
at 1024 bytes for now.

Also increase the max line length in http_read_header, since it
might need to contain a full url for Location: redirects.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-09-28 00:09:38 +03:00
Diego Biurrun
bc66827fb1 nutenc: const correctness for ff_put_v_trace/put_s_trace function arguments 2012-09-27 19:32:47 +02:00
Diego Biurrun
6c5b0517e0 h264_refs: Fix debug tprintf argument types 2012-09-27 19:10:10 +02:00
Diego Biurrun
80412997c8 golomb: const correctness for get_ue()/get_se() function arguments 2012-09-27 19:10:10 +02:00
Diego Biurrun
e00215040a get_bits: const correctness for get_bits_trace()/get_xbits_trace() arguments 2012-09-27 19:10:10 +02:00