ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	466911f000	wmaprodec: tighter check for num_vec_coeffs Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b21ba20cc83c80fe56192fee3626a8087f37d806) Conflicts: libavcodec/wmaprodec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.10.8	2013-07-31 02:30:56 +02:00
Michael Niedermayer	e3e2577794	ffserver: fix order of evaluation bugs Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d40c0e4a6733ade9aaafc687bcaccc0cba1183b4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 04:57:11 +02:00
Michael Niedermayer	5bb347a3b4	dct-test: fix order of evaluation bug Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dd081f98dded8e268a70468a43b25b077c8c3571) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 04:56:48 +02:00
Michael Niedermayer	4e17e9f8af	update for 0.10.8 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 04:41:57 +02:00
Michael Niedermayer	62d9d4d9d4	Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: swfdec: do better validation of tag length Changelog for 0.8.8 kmvc: Clip pixel position to valid range kmvc: use fixed sized arrays in the context indeo: use a typedef for the mc function pointer lavc: check for overflow in init_get_bits indeo: check for reference when inheriting mvs indeo: use proper error code indeo: Properly forward the error codes wmapro: error out on impossible scale factor offsets wmapro: check the min_samples_per_subframe wmapro: return early on unsupported condition wmapro: check num_vec_coeffs against the actual available buffer Conflicts: Changelog libavformat/swfdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 04:26:30 +02:00
Michael Niedermayer	a3539d26ec	Merge commit '4ff5167ee7fdee6d35c1bb2558172329ae6ec770' into release/0.10 * commit '4ff5167ee7fdee6d35c1bb2558172329ae6ec770': wmapro: make sure there is room to store the current packet lavc: move put_bits_left in put_bits.h 4xm: do not overread the source buffer in decode_p_block 4xm: check bitstream_size boundary before using it 4xm: reject frames not compatible with the declared version 4xm: use the correct logging context 4xm: check the return value of read_huffman_tables(). 4xm: don't rely on get_buffer() initializing the frame. vmdav: convert to bytestream2 smacker: check frame size validity smacker: pad the extradata allocation smacker: check the return value of smacker_decode_tree smacker: fix an off by one in huff.length computation Prepare for 0.8.8 Release tiff: do not overread the source buffer apetag: use int64_t for filesize wavpack: return meaningful errors Conflicts: RELEASE libavcodec/4xm.c libavcodec/vmdav.c libavformat/smacker.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 03:56:26 +02:00
Michael Niedermayer	7118358a95	Merge commit '42fed7f433e6d2167ffd4aae31905b583a53b988' into release/0.10 * commit '42fed7f433e6d2167ffd4aae31905b583a53b988': wavpack: check packet size early mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac mjpeg: Validate sampling factors ljpeg: use the correct number of components in yuv wavpack: validate samples size parsed in wavpack_decode_block jpegls: check the scan offset jpegls: factorize return paths jpegls: return meaningful errors mjpegdec: properly report unsupported disabled features update Changelog proresdec: support mixed interlaced/non-interlaced content update Changelog wav: Always seek to an even offset id3v2: check for end of file while unescaping tags indeo3: fix off by one in MV validity check aac: check the maximum number of channels update Changelog oggdec: fix faulty cleanup prototype Conflicts: Changelog libavcodec/jpeglsdec.c libavcodec/mjpegdec.c libavformat/id3v2.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 03:16:38 +02:00
Michael Niedermayer	be90f0279d	Merge commit '43c0a87279e717c1384314c6da7155c306ee7c60' into release/0.10 * commit '43c0a87279e717c1384314c6da7155c306ee7c60': qdm2: check that the FFT size is a power of 2 indeo3: switch parsing the header to bytestream2 indeo3: check motion vectors. rv10: check that extradata is large enough indeo3: fix data size check lavf: make sure stream probe data gets freed. dfa: check for invalid access in decode_wdlt(). xmv: check audio track parameters validity. bmv: check for len being valid in bmv_decode_frame(). xmv: do not leak memory in the error paths in xmv_read_header() avfiltergraph: check for sws opts being non-NULL before using them. oma: Validate sample rates Prepare for 0.8.7 Release Conflicts: RELEASE libavcodec/indeo3.c libavfilter/avfiltergraph.c libavformat/utils.c libavformat/xmv.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 02:35:24 +02:00
Michael Niedermayer	f3c300d0a4	update all trac links to use the trac subdomain Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-07-29 01:30:08 +02:00
Justin Ruggles	e786cc3331	swfdec: do better validation of tag length Avoids trying to read a packet with 0 or negative size. Avoids a potential infinite loop due to seeking backwards. Partially based on a patch by Michael Niedermayer. (cherry picked from commit e70c5b034c4787377e82cab2d5565486baec0c2a) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-07-10 10:25:50 +02:00
Michael Niedermayer	f75964ad1f	mpeg12dec: avoid reinitialization on PS changes when possible. Fixes Ticket2574 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 970c8df73528659925819dec31c4c8c0887f0321) Conflicts: libavcodec/mpeg12dec.c	2013-07-09 00:53:51 +02:00
Reinhard Tartler	8c62082b51	Changelog for 0.8.8	2013-07-07 21:11:35 +02:00
Luca Barbato	79edb9adf6	kmvc: Clip pixel position to valid range Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 4e7f0b082d8c4b360312216b9241bec65ff63b35) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/kmvc.c	2013-07-07 21:11:35 +02:00
Luca Barbato	e22a5d490d	kmvc: use fixed sized arrays in the context Avoid some boilerplate code to dynamically allocate and then free the buffers. (cherry picked from commit 8f689770548c86151071ef976cf9b6998ba21c2a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/kmvc.c	2013-07-07 21:11:35 +02:00
Luca Barbato	c9d8424395	indeo: use a typedef for the mc function pointer (cherry picked from commit e6d8acf6a8fba4743eb56eabe72a741d1bbee3cb) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-07-07 21:11:34 +02:00
Luca Barbato	e6a365b5d2	lavc: check for overflow in init_get_bits Fix an undefined behaviour and make the function return a proper error in case of overflow. CC: libav-stable@libav.org (cherry picked from commit d9cf5f516974c64e01846ca685301014b38cf224) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 7a2ee770f520ae4fd5f009cfc361a18e993dec91) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-07-07 21:11:34 +02:00
Michael Niedermayer	e445dc9237	avformat/mov: Fix duration of fragmented mov Fixes Ticket2757 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dc2a13aa802fc691c25d5e0194818831058316ee) Conflicts: libavformat/mov.c	2013-07-07 18:58:36 +02:00
Michael Niedermayer	c25c89a530	mpegts: only reopen pmt_cb filter if its different from the previous. Fixes Ticket2632 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b009267910df10c004b5f340a090d45da29089a0)	2013-07-07 18:56:03 +02:00
Michael Niedermayer	8514e3e08e	rmdec: Pass AVIOContext to rm_read_metadata() Fix null pointer dereference Fixes Ticket2588 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bf87908cd8da31e8f8fe75c06577170928ea70a8) Conflicts: libavformat/rmdec.c	2013-07-07 18:55:17 +02:00
Luca Barbato	0a1d02ca77	indeo: check for reference when inheriting mvs The same is done already for qdelta. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b36e1893ef3430f039c1eaddeedcbb378f9c4444) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-07-06 10:10:18 +02:00
Luca Barbato	7eff48029f	indeo: use proper error code (cherry picked from commit dd3754a48854cd570d38db72394491aab0f36570) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/ivi_common.c	2013-07-06 10:10:17 +02:00
Luca Barbato	7658333c17	indeo: Properly forward the error codes If the tile data size does not match the buffer size it did not return an AVERROR_INVALIDDATA causing futher corruption later. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/ivi_common.c	2013-07-06 10:10:17 +02:00
Luca Barbato	f16aa5843f	wmapro: error out on impossible scale factor offsets Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 02ec656af72030eea4f3d63e30b25625cce6a3df) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-07-06 10:10:17 +02:00
Luca Barbato	bd5ff335ec	wmapro: check the min_samples_per_subframe Must be at least WMAPRO_BLOCK_MIN_SIZE. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d4a217a408da4bd63acc02cd8f9ebe378a2ad65a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/wmaprodec.c	2013-07-06 10:10:17 +02:00
Luca Barbato	4ff5167ee7	wmapro: make sure there is room to store the current packet Prevent horrid and hard to trace struct overwrite. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e30b068ef79f604ff439418da07f7e2efd01d4ea) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-07-06 10:06:11 +02:00
Luca Barbato	46e09894ac	wmapro: return early on unsupported condition Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 6652338f43ef623045912d7f28b61adea05d27ae) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/wmaprodec.c	2013-07-06 10:06:11 +02:00
Reinhard Tartler	b20004b2e6	lavc: move put_bits_left in put_bits.h (cherry picked from commit afe03092dd693d025d43e1620283d8d285c92772) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/dv.c	2013-07-06 10:06:11 +02:00
Luca Barbato	4e1999ebcb	wmapro: check num_vec_coeffs against the actual available buffer Prevent yet another buffer overwrite. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 38229362529ed1619d8ebcc81ecde85b23b45895) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-07-06 10:06:11 +02:00
Luca Barbato	0c943d1cdd	4xm: do not overread the source buffer in decode_p_block Check for out of picture macroblocks before calling mcdc. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 94aefb1932be882fd93f66cf790ceb19ff575c19) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/4xm.c	2013-06-30 16:39:08 +02:00
Luca Barbato	6a4f1e784e	4xm: check bitstream_size boundary before using it Prevent buffer overread. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 59d7bb99b6a963b7e11c637228b2203adf535eee) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/4xm.c	2013-06-30 16:25:06 +02:00
Luca Barbato	e5679444fd	4xm: reject frames not compatible with the declared version Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 145023f57262d21474e35b4a6069cf95136339d4) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/4xm.c	2013-06-30 16:25:06 +02:00
Luca Barbato	284ac9191b	4xm: use the correct logging context (cherry picked from commit 08859d19b429c522d6494c186656f4a2d3ff8e21) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/4xm.c	2013-06-30 16:19:24 +02:00
Anton Khirnov	e797b7787b	4xm: check the return value of read_huffman_tables(). CC:libav-stable@libav.org (cherry picked from commit 8097fc9a2dd49d8e467b16c8bafaa96242b7fe46) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit bb3f1cad171b31537b64a9d19cabdbff50aca260) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/4xm.c	2013-06-30 16:16:46 +02:00
Anton Khirnov	078e68d261	4xm: don't rely on get_buffer() initializing the frame. (cherry picked from commit b047c68783aa4042b322af7af043b643d5daf09c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-06-30 16:15:04 +02:00
Alexandra Khirnova	9248f789d1	vmdav: convert to bytestream2 Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 0afcf97e1ece51d29bb791698b00cd1b7ba97dcf) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/vmdav.c	2013-06-30 16:10:46 +02:00
Kostya Shishkov	b40870e636	smacker: check frame size validity Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 07423ad7836325e03894f2f87ba46a531a1cc0b3) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-06-30 16:06:34 +02:00
Kostya Shishkov	db0c8061fe	smacker: pad the extradata allocation Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 4c22baf65363433f8c20efd1022b4ba2d8cf2288) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-06-30 16:06:32 +02:00
Kostya Shishkov	d7b7b10518	smacker: check the return value of smacker_decode_tree Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit a2f9937bb04b23a341b0ec0eb1d923bbeb420277) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-06-30 16:06:30 +02:00
Kostya Shishkov	e96aaa5622	smacker: fix an off by one in huff.length computation Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit ee205588b250fe5cae0681be8eba51a5403c3272) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-06-30 16:06:26 +02:00
Hendrik Leppkes	5e6135f68d	mathops/x86: work around inline asm miscompilation with GCC 4.8.1 The volatile is not required here, and prevents a miscompilation with GCC 4.8.1 when building on x86 with --cpu=i686 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 659df32a9d8984081ccd54adc3aee7daeb33388d)	2013-06-24 08:51:25 +02:00
Anton Khirnov	e98f95670b	Prepare for 0.8.8 Release	2013-06-22 08:53:39 +02:00
Luca Barbato	42fed7f433	wavpack: check packet size early Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit fd06291239c1bb616bf303b5696cc432710b2530) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-06-22 08:51:56 +02:00
Luca Barbato	96de1c5ed9	tiff: do not overread the source buffer At least 2 bytes from the source are read every loop. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 9c2216976907336dfae0e8e38a4d70ca2465a92c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/tiff.c	2013-06-22 08:51:56 +02:00
Anton Khirnov	ea7ba1d871	apetag: use int64_t for filesize CC: libav-stable@libav.org (cherry picked from commit e816aaacd68201b67182f9c70dc680e89a0123e9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-06-22 08:51:56 +02:00
Luca Barbato	5a6af4fd74	wavpack: return meaningful errors And forward those that were already meaningful. (cherry picked from commit 8c34558131d846d2b10389564caadaa206372fd4) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/wavpack.c	2013-06-22 08:51:56 +02:00
Luca Barbato	7ca8d8223d	mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac Prevent out of buffer write when decoding broken samples. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cfbd98abe82cfcb9984a18d08697251b72b110c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-06-22 08:48:37 +02:00
Luca Barbato	33492ad810	mjpeg: Validate sampling factors They must be non-zero. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8aa3500905fec6c4e657bb291b861d43c34d3de9) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/mjpegdec.c	2013-06-22 08:48:24 +02:00
Luca Barbato	da5cf7e452	ljpeg: use the correct number of components in yuv Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a030279a67ef883df8cf3707774656fa1be81078) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-06-22 08:47:16 +02:00
Luca Barbato	6711d410dc	wavpack: validate samples size parsed in wavpack_decode_block Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ed50673066956d6f2201a57c3254569f2ab08d9d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/wavpack.c	2013-06-22 08:40:13 +02:00
Luca Barbato	d26bc6c6b6	jpegls: check the scan offset Prevent an out of array bound write. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit abad374909e6416e941351094f4f1446a71f8d23) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/jpeglsdec.c	2013-06-22 08:40:02 +02:00

1 2 3 4 5 ...

37807 Commits