This prevents decoding happening on a half initialized context.
Fixes CVE-2012-2779
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/master:
indeo: Make ivi_calc_band_checksum() static, it is only used in one file.
indeo: Drop unused debug function ivi_check_band().
avcodec/utils: cast a function argument to shut up a compiler warning
truemotion1: remove disabled code
fix typo in comment
fate: fix dependencies for non-SAMPLES avconv tests
indeo: check for invalid motion vectors
indeo: check that band output buffer exists
indeo: clear allocated band buffers
indeo: track tile macroblock size
indeo: check custom Huffman tables for errors
factor out common decoding code for Indeo 4 and Indeo 5
mp3: fix start band index for block type 2 in 8kHz audio
lavf: change some (de)muxer names to lowercase
lavf: make output format matching case insensitive
Conflicts:
libavcodec/indeo4.c
libavcodec/indeo5.c
libavcodec/ivi_common.c
libavcodec/utils.c
tests/fate/video.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
avcodec: remove AVCodecContext.dsp_mask
avconv: fix a segfault when default encoder for a format doesn't exist.
utvideo: general cosmetics
aac: Handle HE-AACv2 when sniffing a channel order.
movenc: Support high sample rates in isomedia formats by setting the sample rate field in stsd to 0.
xxan: Remove write-only variable in xan_decode_frame_type0().
ivi_common: Initialize a variable at declaration in ff_ivi_decode_blocks().
Conflicts:
ffmpeg.c
libavcodec/utvideo.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
cabac: Move code only used within the CABAC test program into the test program.
vp56: Drop unnecessary cabac.h #include.
h264-test: Initialize AVCodecContext.av_class.
build: Skip compiling network.h and rtsp.h if networking is not enabled.
cosmetics: drop some pointless parentheses
Disable annoying warning without changing behavior
faq: Solutions for common problems with sample paths when running FATE.
avcodec: attempt to clarify the CODEC_CAP_DELAY documentation
avcodec: fix avcodec_encode_audio() documentation.
FATE: xmv-demux test; exercise the XMV demuxer without decoding the perceptual codecs inside.
vqf: recognize more metadata chunks
FATE test: BMV demuxer and associated video and audio decoders.
FATE: indeo4 video decoder test.
FATE: update xxan-wc4 test to a sample with more code coverage.
Change the recent h264_mp4toannexb bitstream filter test to output to an elementary stream rather than a program stream.
g722enc: validate AVCodecContext.trellis
g722enc: set frame_size, and also handle an odd number of input samples
g722enc: split encoding into separate functions for trellis vs. no trellis
mpegaudiodec: Use clearer pointer math
tta: Fix returned error code at EOF
...
Conflicts:
libavcodec/h264.c
libavcodec/indeo3.c
libavcodec/interplayvideo.c
libavcodec/ivi_common.c
libavcodec/libxvidff.c
libavcodec/mpegvideo.c
libavcodec/ppc/mpegvideo_altivec.c
libavcodec/tta.c
libavcodec/utils.c
libavfilter/vsrc_buffer.c
libavformat/Makefile
tests/fate/indeo.mak
tests/ref/acodec/g722
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
build: fix standalone compilation of OMA muxer
build: fix standalone compilation of Microsoft XMV demuxer
build: fix standalone compilation of Core Audio Format demuxer
kvmc: fix invalid reads
4xm: Add a check in decode_i_frame to prevent buffer overreads
adpcm: fix IMA SMJPEG decoding
options: set minimum for "threads" to zero
bsd: use number of logical CPUs as automatic thread count
windows: use number of CPUs as automatic thread count
linux: use number of CPUs as automatic thread count
pthreads: reset active_thread_type when slice thread_init returrns early
v410dec: include correct headers
Drop ALT_ prefix from BITSTREAM_READER_LE name.
lavfi: always build vsrc_buffer.
ra144enc: zero the reflection coeffs if the filter is unstable
sws: readd PAL8 to isPacked()
mov: Don't stick the QuickTime field ordering atom in extradata.
truespeech: fix invalid reads in truespeech_apply_twopoint_filter()
Conflicts:
configure
libavcodec/4xm.c
libavcodec/avcodec.h
libavfilter/Makefile
libavfilter/allfilters.c
libavformat/Makefile
libswscale/swscale_internal.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
out of the block decoding loop. Indeo4 doesn't use any scale table but the quant
level itself as scale. Therefore access scale table only if its pointer != NULL.
Originally committed as revision 23569 to svn://svn.ffmpeg.org/ffmpeg/trunk
Passing an explicit filename to this command is only necessary if the
documentation in the @file block refers to a file different from the
one the block resides in.
Originally committed as revision 22921 to svn://svn.ffmpeg.org/ffmpeg/trunk
it does not ignore coefficient value = 256.
Patch by Maxim ((!min)_pole \at gmx dot/ de)
Originally committed as revision 22275 to svn://svn.ffmpeg.org/ffmpeg/trunk
Indeo 5 into single structure IVIHuffTab and factorize code using it.
Based on patch by Maxim (max_pole at German GMX)
Originally committed as revision 22092 to svn://svn.ffmpeg.org/ffmpeg/trunk
Indeo 5, so make them global and move their initialization to the common place
as well. And fix static VLC initialization, as ff_ivi_create_huff_from_desc()
used old way to do so.
Originally committed as revision 21962 to svn://svn.ffmpeg.org/ffmpeg/trunk
Reviewed and corrected by myself because there were no other volunteers in the
last weeks.
Originally committed as revision 21531 to svn://svn.ffmpeg.org/ffmpeg/trunk