ffmpeg

Author	SHA1	Message	Date
Martin Storsjö	8c0bbe5156	vlc/rl: Add ff_ prefix to the nonstatic symbols Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit e96b4a53df101403c54e329abfadad2edddc47c4) Conflicts: libavcodec/4xm.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-29 09:34:19 +02:00
Martin Storsjö	6d1b91324c	h263: Add ff_ prefix to nonstatic symbols Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit ddce8953a5056800ec795df2dfd84fc17a11b5fc) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-29 09:34:19 +02:00
Michael Niedermayer	a1b127515b	alsdec: check opt_order. Fixes out of array write in quant_cof. Also make sure no invalid opt_order stays in the context. Fixes CVE-2012-2775 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 9853e41aa0a6cfff629ff7009685eb8bf8d64e7f) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:20:11 +02:00
Justin Ruggles	d9ffa2aca1	golomb: check remaining bits during unary decoding in get_ur_golomb_jpegls() Fixes infinite loop in FLAC decoding in case of a truncated bitstream due to the safe bitstream reader returning 0's at the end. Fixes Bug 310. CC:libav-stable@libav.org (cherry picked from commit 4795362660a526a38a7a60f06826bce97a092b59) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:07:00 +02:00
Michael Niedermayer	da0c457663	mpegvideo: Don't use ff_mspel_motion() for vc1 Using ff_mspel_motion assumes that s (a MpegEncContext poiinter) really is a Wmv2Context. This fixes crashes in error resilience on vc1/wmv3 videos. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 18f2d5cb9c48d06895960f37467576725c9dc2d1) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:06:18 +02:00
Janne Grunau	7a7229b52d	imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt CC: libav-stable@libav.org (cherry picked from commit 39bb27bf79bc4c2d8beaed637a14176264cb1916) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:06:02 +02:00
Janne Grunau	6704522ca9	nuv: check RTjpeg header for validity CC: libav-stable@libav.org (cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:05:24 +02:00
Janne Grunau	fdb7080781	Revert "nuv: check per-frame header for validity." The check is bogus since the nuv frameheader is already skipped and the (decompressed) RTjpeg header is checked. This reverts commit f6afacdb3b708720c9fb85984b4f7fdbca2b2036. CC: libav-stable@libav.org (cherry picked from commit 110d015ad450ea1b2fd40f0e9ce1c53507cdec5d) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:05:11 +02:00
Anton Khirnov	bed5847563	bmpdec: only initialize palette for pal8. Gray8 is not considered to be paletted, so this would cause an invalid write. Fixes bug 367. CC: libav-stable@libav.org (cherry picked from commit 8b78c2969a5b7dca939d93bf525aa2bcd737b5d9) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:04:43 +02:00
Reimar Döffinger	e9ac06160f	sipr: fall back to setting mode based on bit_rate. Not all applications (e.g. MPlayer) set block_align, and when using a different demuxer it might not even be easily available. So fall back to selecting mode based on bit rate as before if block_align has not useful value. It can't be worse than failing to decode completely. (cherry picked from commit 1d0d63052b82c76e10c45cd38cdd27677de72e81) CC: libav-stable@libav.org Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c54e00610f20d2342fe9b17a5460abfbd411c8fb) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:04:33 +02:00
Kostya Shishkov	02b7239462	vc1dec: add flush function for WMV9 and VC-1 decoders CC: libav-stable@libav.org (cherry picked from commit 4dc8c8386eef942dba35c4f2fb3210e22b511a5b) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-09-28 08:04:33 +02:00
Mans Rullgard	e1608014c5	h264: allow cropping to AVCodecContext.width/height Override the frame size from the SPS with AVCodecContext values if the latter specify a size smaller by less than one macroblock. This is required for correct cropping of MOV files from Canon cameras. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 30f515091c323da59c0f1b533703dedca2f4b95d) Conflicts: libavcodec/h264.c	2012-06-10 09:47:45 +02:00
Ronald S. Bultje	d34e9e61dd	png: check bit depth for PAL8/Y400A pixel formats. Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:04:51 +02:00
Ronald S. Bultje	c38d3e1a39	qdm2: clip array indices returned by qdm2_get_vlc(). Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c	2012-06-02 19:17:53 -04:00
Michael Niedermayer	5872580e65	tqi: Pass errors from the MB decoder This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-23 20:43:42 +02:00
Alexander Strange	4713234518	h264: Add check for invalid chroma_format_idc Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef4063957aa5025c8d2cd757b6a537e4b6874df) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-22 21:57:38 +02:00
Michael Niedermayer	5836110018	h263dec: Disallow width/height changing with frame threads. Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba) Conflicts: libavcodec/h263dec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-22 21:51:58 +02:00
Mans Rullgard	d5207e2af8	vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:14:26 +02:00
Alex Converse	9ea94c44b1	celp filters: Do not read earlier than the start of the 'out' vector. CC: libav-stable@libav.org (cherry picked from commit 37ddd3833219fa7b913fff3f5cccc6878b047e6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Alex Converse	aaa6a66677	motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Ronald S. Bultje	7240cc3f8b	jpeg: handle progressive in second field of interlaced. Progressive data is allocated later in decode_sof(), not allocating that data leads to NULL dereferences. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 5eec5a79da118170f3cfe185a862783d3fa50abe) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Ronald S. Bultje	7fe4c8cb76	h263: more strictly forbid frame size changes with frame-mt. Prevents crashes because the old check was incomplete. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 2d22d4307dcc1461f39a2ffb9c8db6c6b23fd080) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Ronald S. Bultje	746f1594d7	h264: additional protection against unsupported size/bitdepth changes. Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 732f9fcfe54fc9a0a7bbce53fe86b38744c2d301) Conflicts: libavcodec/h264.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 22:09:27 +02:00
Ronald S. Bultje	0e4bb0530f	tta: prevents overflows for 32bit integers in header. This prevents sample_rate/data_length from going negative, which caused various crashes and undefined behaviour further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ac80b812cd177553339467ea12548d71c9ef6865) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:45 +02:00
Paul B Mahol	994c0efcc7	ttadec: CRC checking Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 2af3dc8698707f800f83f5fc890571a6a119866e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:35 +02:00
Paul B Mahol	cf5e119d4a	tta: use skip_bits_long() Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 9aff2d17533576f4ff52531e534f1319fb36a590) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-04 21:28:28 +02:00
Michael Niedermayer	e8050f313e	apedec: check bits <= 32. Fixes a floating-point exception further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> (cherry picked from commit 420d1df2e2a857eae45fa947e16eae7494793d57) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	be424d86a8	truemotion: forbid invalid VLC bitsizes and token values. SHOW_UBITS() is only defined up to n_bits is 25, therefore forbid values larger than this in get_vlc2() (max_bits). tokens[][] can be used as an index in deltas[], which has a size of 64, so ensure the values are smaller than that. This prevents crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b7b1509d06d3696d3b944791227fe198ded0654b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	46f8bbfc6d	truemotion2: handle out-of-frame motion vectors through edge extension. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bf39d3b59d85e5734babe48b61b8d92d18188185) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	562c6a7bf1	lzw: prevent buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ddcf67c8a51c67b122a826d8b5819e96d591d813) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	e711ccee4d	truemotion2: convert packet header reading to bytestream2. Also use correct buffer sizes in calls to tm2_read_stream(). Together, this prevents overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bd508d435b94584db460c684e30ea7ce180cf50f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	d6372e80fe	lagarith: fix buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 0a82f5275f719e6e369a807720a2c3603aa0ddd9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:03 +02:00
Ronald S. Bultje	29d91e9161	raw: forward avpicture_fill() error code in raw_decode(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 98df2e24141cd00a557ef10ed7af2b956200cd80) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Mashiat Sarker Shakkhar	583f57f04a	vc1: Do not read from array if index is invalid. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 95b192de5d05f3e1542e7b2378cdefbc195f5185) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Ronald S. Bultje	f8f6c14f54	utvideo: port header reading to bytestream2. Fixes crash during slice size reading if slice_end goes negative. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ec0ed97b046d46421db72c4911d2bbe28bbe5741) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Paul B Mahol	9e24f2a1f0	bytestream: add more unchecked variants for bytestream2 API Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f1ce053cd0e0d7dc67fa61f32bcd8b6ee5e5c490) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Aneesh Dogra	e788c6e9cb	bytestream: K&R formatting cosmetics Signed-off-by: Diego Biurrun <diego@biurrun.de> (cherry picked from commit ab9ae401525d301a31ec695bf39103502db6afeb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Aneesh Dogra	2e681cf50f	bytestream: Add bytestream2 writing API. Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit db7d45237ab6fc7fe90ec861cb756b2a109504a4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Alex Converse	9ddd3abe78	aac: Reset PS parameters on header decode failure. If the next header frame codes zero envelopes the previous frame's values will be used. Consequently the invalid values must be cleared. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a237b38021cd3009cc78eeb974b596085f2fe393) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:02 +02:00
Ronald S. Bultje	c21b858b27	vqa: check palette chunk size before reading data. Prevents overreads beyond buffer boundaries. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 75d7975268394f4f16294b68ec6d6d5ac30da3ac) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Paul B Mahol	0b9bb581fd	vqavideo: port to bytestream2 API Protects against overreads. Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 5a3a906ba29b53fa34d3047af78d9f8fd7678256) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	105601c151	wmavoice: fix stack overread. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 262196445cf03fda0f7e41c4b968f4f7bf060e6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	3a4949aa50	indeo4: fix out-of-bounds function call. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit 68fd077f68bdde864bb7328d72a040849c616261) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	bf3998d71e	mimic: don't use self as reference, and report completion at end of decode(). Fixes hangs on corrupt samples that reference self-frames. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 80387f0e2568746dce4a68e2217297029a053dae) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Ronald S. Bultje	87208b8fc4	mpeg4: report frame decoding completion at ff_MPV_frame_end(). Prevents hangs on corrupt input. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c6ccb96bc955b2087ec71033d99b3dcd5203eaf2) Conflicts: libavcodec/mpegvideo.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-29 22:07:01 +02:00
Kostya Shishkov	1ee0cd1ad7	dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 Signed-off-by: Janne Grunau <janne-libav@jannau.net>	2012-03-14 23:32:15 +01:00
Ronald S. Bultje	b594732475	dca: don't use av_clip_uintp2(). The argument is not a literal, thus causing the ARM v6 or later builds to break. Signed-off-by: Janne Grunau <janne-libav@jannau.net>	2012-03-14 23:30:19 +01:00
Michael Niedermayer	ce15406e78	snow: check reference frame indices. Fixes NULL ptr dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 1f8ff2b13cbfef790385818664ed12e763e7c75b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:35:09 +01:00
Michael Niedermayer	c9e95636a8	snow: reject unsupported chroma shifts. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit c9837954e7b968d44f82e7cdb7618e9f523b196c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:34:55 +01:00
Ronald S. Bultje	6e5c07f4c8	xa_adpcm: limit filter to prevent xa_adpcm_table[] array bounds overruns. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 86020073dbb9a3a9d1fbb76345b2ca29ba1f13d2) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-03-14 21:34:36 +01:00

1 2 3 4 5 ...

15278 Commits