The value is used to calculate output LSP curve and a division by zero
and out of array accesses would occur.
CVE-2013-0894
CC: libav-stable@libav.org
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* commit 'ee6ca11b657515ad736ec0d2b8635e098d0a2680':
vorbis: decode directly to the user-provided AVFrame
vmdaudio: decode directly to the user-provided AVFrame
twinvq: decode directly to the user-provided AVFrame
tta: decode directly to the user-provided AVFrame
truespeech: decode directly to the user-provided AVFrame
Conflicts:
libavcodec/tta.c
libavcodec/twinvq.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ce378f0dd0c4e5350b3280e6b3e8d6b46fe4b0a3':
fate: Use wmv2 IDCT for wmv2 tests
vorbisdsp: change block_size type from int to intptr_t.
Conflicts:
tests/fate-run.sh
tests/fate/vcodec.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
lavc: Move vector_fmul_window to AVFloatDSPContext
rtpdec_mpeg4: Check the remaining amount of data before reading
Conflicts:
libavcodec/dsputil.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This fixes potential divisions by zero and out of array accesses.
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7c278d2ae410a64bdd89f1777026b4b963c30a1a':
alacenc: support 24-bit encoding
pcmdec: use planar sample format for pcm_s16le_planar
vorbisdec: use float planar sample format
Conflicts:
libavcodec/pcm.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
In both usages of FASTDIV the denominator might be 1.
Using a branch could make the function slower than using a normal
division.
Both denominator and numerator can be multiplied by 2 safely and
using shifts is faster than using a branch.
* qatar/master:
lavr: add x86-optimized functions for mixing 1-to-2 s16p with flt coeffs
lavr: add x86-optimized functions for mixing 1-to-2 fltp with flt coeffs
Add Dolby/DPLII downmix support to libavresample
vorbisdec: replace div/mod in loop with a counter
fate: vorbis: add 5.1 surround test
rtpenc: Allow requesting H264 RTP packetization mode 0
configure: Sort the library listings in the help text alphabetically
dwt: remove variable-length arrays
RTMPT protocol support
http: Properly handle chunked transfer-encoding for replies to post data
http: Fail reading if the connection has gone away
amr: Mark an array const
amr: More space cleanup
rtpenc: Fix memory leaks in the muxer open function
Conflicts:
Changelog
configure
doc/APIchanges
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
float_dsp: ppc: add a separate header for Altivec function prototypes
ARM: fix float_dsp breakage from d5a7229
Add a float DSP framework to libavutil
PPC: Move types_altivec.h and util_altivec.h from libavcodec to libavutil
ARM: Move asm.S from libavcodec to libavutil
vc1dsp: mark put/avg_vc1_mspel_mc() always_inline
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
vorbis: Validate that the floor 1 X values contain no duplicates.
avprobe: Identify codec probe failures rather than calling them unsupported codecs.
avformat: Probe codecs at score 0 on buffer exhaustion conditions.
avformat: Factorize codec probing.
Indeo Audio decoder
imc: make IMDCT support stereo output
imc: move channel-specific data into separate context
lavfi: remove request/poll and drawing functions from public API on next bump
lavfi: make avfilter_insert_pad and pals private on next bump.
lavfi: make formats API private on next bump.
avplay: use buffersrc instead of custom input filter.
avtools: move buffer management code from avconv to cmdutils.
avconv: don't use InputStream in the buffer management code.
avconv: fix exiting when max frames is reached.
mpc8: fix maximum bands handling
aacdec: Turn PS off when switching to stereo and turn it to implicit when switching to mono.
Conflicts:
Changelog
cmdutils.h
ffmpeg.c
ffplay.c
ffprobe.c
libavcodec/avcodec.h
libavcodec/mpc8.c
libavcodec/v210dec.h
libavcodec/version.h
libavcodec/vorbisdec.c
libavfilter/avfilter.c
libavfilter/avfilter.h
libavfilter/buffersrc.c
libavfilter/formats.c
libavfilter/src_movie.c
libavfilter/vf_aspect.c
libavfilter/vf_blackframe.c
libavfilter/vf_boxblur.c
libavfilter/vf_crop.c
libavfilter/vf_cropdetect.c
libavfilter/vf_delogo.c
libavfilter/vf_drawbox.c
libavfilter/vf_drawtext.c
libavfilter/vf_fade.c
libavfilter/vf_fifo.c
libavfilter/vf_format.c
libavfilter/vf_frei0r.c
libavfilter/vf_gradfun.c
libavfilter/vf_hflip.c
libavfilter/vf_hqdn3d.c
libavfilter/vf_libopencv.c
libavfilter/vf_lut.c
libavfilter/vf_overlay.c
libavfilter/vf_pad.c
libavfilter/vf_scale.c
libavfilter/vf_select.c
libavfilter/vf_showinfo.c
libavfilter/vf_transpose.c
libavfilter/vf_unsharp.c
libavfilter/vf_yadif.c
libavfilter/vsrc_color.c
libavfilter/vsrc_testsrc.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
All code should use the local variable, the
AVCodecContext might not yet have the updated value.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* qatar/master:
rtpdec_asf: Set the no_resync_search option for the chained asf demuxer
asfdec: Add an option for not searching for the packet markers
cosmetics: Clean up the tiffenc pix_fmts declaration to match the style of others
cosmetics: Align codec declarations
cosmetics: Convert mimic.c to utf-8
avconv: remove an unused function parameter.
avconv: remove now pointless variables.
avconv: drop support for building without libavfilter.
nellymoserenc: fix crash due to memsetting the wrong area.
libavformat: Only require first packet to be known for audio/video streams
avplay: Don't try to scale timestamps if the tb isn't set
Conflicts:
Changelog
configure
ffmpeg.c
libavcodec/aacenc.c
libavcodec/bmpenc.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/ffv1.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/libopenjpegdec.c
libavcodec/mpeg12enc.c
libavcodec/mpeg4videodec.c
libavcodec/pamenc.c
libavcodec/pgssubdec.c
libavcodec/pngenc.c
libavcodec/qtrleenc.c
libavcodec/rawdec.c
libavcodec/sgienc.c
libavcodec/tiffenc.c
libavcodec/v210dec.c
libavcodec/wmv2dec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
This fixes some invalid memory access caused later in the function
by res_chan[] not being set for all channels. This happens when a
channel doesn't appear a submap. This change simply returns a
decoder error when this situation is detected.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
* qatar/master:
tiertexseq: set correct block_align for audio
tiertexseq: set audio stream start time to 0
voc/avs: Do not change the sample rate mid-stream.
segafilm: use the sample rate as the time base for audio streams
ea: fix audio pts
psx-str: fix audio pts
vqf: set packet duration
tta demuxer: set packet duration
mpegaudio_parser: do not ignore information from the first parsed frame
mpegaudio_parser: be less picky about the start position
thp: set audio packet durations
avcodec: add a Vorbis parser to get packet duration
vorbisdec: read the previous window flag for long windows
lavc: free the output packet when encoding failed or produced no output.
lavc: preserve avpkt->destruct in ff_alloc_packet().
lavc: clarify the meaning of AVCodecContext.frame_number.
mpegts: Pad the packet buffer in handle_packet().
mpegts: Do not call read_sl_header() when no bytes remain in the buffer.
Conflicts:
libavcodec/mpegaudio_parser.c
libavcodec/version.h
libavformat/mpegts.c
tests/ref/fate/pva-demux
Merged-by: Michael Niedermayer <michaelni@gmx.at>
When reading sequentially, we are using the actual flag from the previous
frame, but when seeking we do not know what the previous window flag was, so
we need to read it from the bitstream.
* qatar/master: (34 commits)
mlp_parser: fix the channel mask value used for the top surround channel
vorbisenc: check all allocations for failure
roqaudioenc: return AVERROR codes instead of -1
roqaudioenc: set correct bit rate
roqaudioenc: use AVCodecContext.frame_size correctly.
roqaudioenc: remove unneeded sample_fmt check
ra144enc: use int16_t* for input samples rather than void*
ra144enc: set AVCodecContext.coded_frame
ra144enc: remove unneeded sample_fmt check
nellymoserenc: set AVCodecContext.coded_frame
nellymoserenc: improve error checking in encode_init()
nellymoserenc: return AVERROR codes instead of -1
libvorbis: improve error checking in oggvorbis_encode_init()
mpegaudioenc: return AVERROR codes instead of -1
libfaac: improve error checking and handling in Faac_encode_init()
avutil: add AVERROR_UNKNOWN
check for coded_frame allocation failure in several audio encoders
audio encoders: do not set coded_frame->key_frame.
g722enc: check for trellis data allocation error
libspeexenc: export encoder delay through AVCodecContext.delay
...
Conflicts:
doc/APIchanges
libavcodec/avcodec.h
libavcodec/fraps.c
libavcodec/kgv1dec.c
libavcodec/libfaac.c
libavcodec/libgsm.c
libavcodec/libvorbis.c
libavcodec/mlp_parser.c
libavcodec/roqaudioenc.c
libavcodec/vorbisenc.c
libavutil/avutil.h
libavutil/error.c
libavutil/error.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
libx264: fix indentation.
vorbis: fix overflows in floor1[] vector and inverse db table index.
win64: add a XMM clobber test configure option.
movdec: Parse the dvc1 atom
ARM: ac3: fix ac3_bit_alloc_calc_bap_armv6
swscale: K&R formatting cosmetics for Blackfin code
frwu: lowercase the FRWU codec name
movdec: fix dts generation in fragmented files
fate: make acodec-ac3_fixed test output raw AC3
APIchanges: add missing commit hashes
swscale: implement MMX, SSE2 and AVX functions for RGB32 input.
ra144enc: drop pointless "encoder" from .long_name
bethsoftvideo: fix palette reading.
mpc7: use av_fast_padded_malloc()
mpc7: simplify handling of packet sizes that are not a multiple of 4 bytes
doc: decoding Forward Uncompressed is supported
Fix a typo in the x86 asm version of ff_vector_clip_int32()
pcmenc: Do not set avpkt->size.
ff_alloc_packet: modify the size of the packet to match the requested size
Conflicts:
doc/APIchanges
libavcodec/libx264.c
libavcodec/mpc7.c
libavformat/isom.h
libswscale/Makefile
libswscale/bfin/yuv2rgb_bfin.c
tests/ref/fate/bethsoft-vid
tests/ref/seek/ac3_ac3
Merged-by: Michael Niedermayer <michaelni@gmx.at>