ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	acc665f22c	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: Bump version number for 0.5.9 release. png: check bit depth for PAL8/Y400A pixel formats. tqi: Pass errors from the MB decoder eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c ea: check chunk_size for validity. vfwcap: Include windows.h before vfw.h since the latter requires defines from the former. Patch by kemuri <kemuri9 at gmail dot com> mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one mingw32: properly check if vfw capture is supported by the system headers Replace every usage of -lvfw32 with what is particularly necessary for that case: Avisynth -> -lavifil32 VFW Cap -> -lavicap32 Patch by kemuri <kemuri9 at gmail dot com> configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code. qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. adpcm: ADPCM Electronic Arts has always two channels h264: Add check for invalid chroma_format_idc dpcm: ignore extra unpaired bytes in stereo streams. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-04 12:29:25 +02:00
Ronald S. Bultje	8ba939fcda	ea: check chunk_size for validity. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 273e6af47b38391f2bcc157cca0423fe7fcbf55c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6a86b705e1d4b72f0dddfbe23ad3eed9947001d5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e74bc64dd376c4691a610ba62a66ed30affc97ec) Conflicts: libavformat/electronicarts.c (cherry picked from commit 38c45adfca299e3d96c07a700032695ec7ff2aeb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Michael Niedermayer	123e925956	mmdemux: dont set pkt->size to an invalid value. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0c97fd336e17535239ab44d755a0d957dc2688f3)	2012-05-11 22:39:37 +02:00
Michael Niedermayer	5e3cd42b6d	4xmdemux: Check chunk size Fixes over reading the header array Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 474e31c904f766b6989fe614c3fb093e697c847f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-11 22:38:28 +02:00
Michael Niedermayer	782c3ab777	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: Bump version number for 0.5.8 release. Release notes and changelog for 0.5.7 vqavideo: return error if image size is not a multiple of block size motionpixels: Clip YUV values after applying a gradient. mjpegbdec: Fix overflow in SOS. atrac3: Fix crash in tonal component decoding. dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. dv: Fix null pointer dereference due to ach=0 dv: check stype nsvdec: Propagate errors nsvdec: Be more careful with av_malloc(). nsvdec: Fix use of uninitialized streams. Conflicts: libavcodec/atrac3.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-11 22:02:11 +02:00
Alex Converse	5a92aa378d	dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 00fa6ffe1a0b252d6a81815e51f125225cd0b97a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a8f4db0acd9b588ba33e3b8c0c21feea5916cfd1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:41:57 +02:00
Michael Niedermayer	c4e8c99507	dv: Fix null pointer dereference due to ach=0 dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 44e182d41e3a73548f3f5e8445ec428d3846e6d6) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b46141b0d1d7efb74dad172b7c1b52413441592f) Conflicts: libavformat/dv.c	2012-04-21 15:41:30 +02:00
Michael Niedermayer	479869c499	dv: check stype dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit bb737d381f6d6413899a0697f426fb082eac66fc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 38421f27b3899a930552750fe1e0dffd45b71b8e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:39:00 +02:00
Alex Converse	ec4979e16e	nsvdec: Propagate errors Related to CVE-2011-3940. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5) Conflicts: libavformat/nsvdec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 0100c4b1b0736e0f5b3c98f9b0ab8acbef574888) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 3253dd2b420583a7f10afa87e47b9cb73e950e2a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:38:44 +02:00
Alex Converse	056c909d9d	nsvdec: Be more careful with av_malloc(). Check results for av_malloc() and fix an overflow in one call. Related to CVE-2011-3940. Based in part on work from Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit be524c186b50337db64d34a5726dfe3e8ea94f09) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 87007519c81c37d8a3de424de3db14078ae84333) Conflicts: libavformat/nsvdec.c	2012-04-21 15:38:10 +02:00
Michael Niedermayer	bde4b66063	nsvdec: Fix use of uninitialized streams. Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write) Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 6a89b41d9780325ba6d89a37f2aeb925aa68e6a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 65beb8c1173906b0541442713cb29e8ba44c47ef) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1edf848a81464afd514afbbbcb97b471d334e14a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:36:40 +02:00
Michael Niedermayer	0fda37cff9	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: id3v2: fix skipping extended header in id3v2.4 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-02 02:25:49 +02:00
Anton Khirnov	2e693be7e9	id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303) Conflicts: libavformat/id3v2.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-04-01 19:49:37 +02:00
Michael Niedermayer	7209c2b13f	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() vorbis: Avoid some out-of-bounds reads vp3: fix oob read for negative tokens and memleaks on error. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-08 05:03:39 +01:00
Chris Evans	7ee536e87a	matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() Fixes bug #190 Chromium bug #100492 related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry-picked from commit faaec4676cb4c7a2303d50df66c6290bc96a7657) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1f625431e2bb9564760fba3ab8077ae07ce7c7a1) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 90a4a467477be8c292daa08a9516ee78ca0d517b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 22:16:29 +01:00
Ronald S. Bultje	8acc0546bb	matroskadec: fix out of bounds write Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 723229c11f1400e6a09c8a1c9c27193f376eb1d1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d51c7b4cbe022f6b3b026735dc7e29eb50bbf129) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-06 19:49:12 +01:00
Laurent Aimar	23aaa82b1d	vqa: fix double free on corrupted streams Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e3123856c79c36507772ada1bcda6cfe36a1e297) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-06 19:49:12 +01:00
Laurent Aimar	62da9203fd	Check for out of bound writes in the avs demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5d44c061cf511d97be5fac8d76be2f3915c6e798) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-06 19:49:12 +01:00
Laurent Aimar	2e1e3c1e41	Check for corrupted data in avs demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1cce7def0a8eff2e7db294b7d195a0fb1a5043b0) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-06 19:49:12 +01:00
Laurent Aimar	648dc68098	Reject audio tracks with invalid interleaver parameters in RM demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4907f813581acd6cf68f1be9eb163464503e8208) (cherry picked from commit 24e0a9e451e1aae427307a919d78f6790f4e413c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-06 18:32:11 +01:00
Laurent Aimar	71132596ae	segafilm: Fix potential division by 0 on corrupted segafilm streams in the demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-03 03:52:55 +01:00
Laurent Aimar	d6f8b65417	segafilm: Check for memory allocation failures in segafilm demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7cbe02575868e7d25acf3d319ece664702700f0a)	2011-11-03 03:52:55 +01:00
Laurent Aimar	6108f04d4f	Fixed segfault on corrupted smacker streams in the demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d0121e8d969cde74fa7dbd96d3602109b051e701)	2011-11-03 03:33:41 +01:00
Laurent Aimar	52b8edc94c	oggdec: fix out of bound write in the ogg demuxer Between ogg_save() and ogg_restore() calls, the number of streams could have been reduced. Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2011-11-03 03:28:27 +01:00
Laurent Aimar	2e17744a90	Fixed off by one packet size allocation in the smacker demuxer. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2011-11-03 03:27:39 +01:00
Laurent Aimar	19431d4d4e	ape demuxer: fix segfault on memory allocation failure. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2011-11-03 03:27:24 +01:00
Laurent Aimar	ecd6fa11c2	Check for invalid packet size in the smacker demuxer. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2011-11-03 03:27:16 +01:00
Michael Niedermayer	4f07a3aa2c	Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080. Whitespace of the patch cleaned up by Aurel Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8) Further suggestions from Kostya <kostya.shishkov@gmail.com> have been implemented by Reinhard Tartler <siretart@tauware.de> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 77d2ef13a8fa630e5081f14bde3fd20f84c90aec) NB: MSVR-11-0080 doesn't seem to exist. This issue seems to be known as MSVR11-011 instead. Fixes: CVE-2011-3504 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-11-02 21:49:55 +01:00
Kostya	18c5fe919f	Do not attempt to decode APE file with no frames This fixes invalid reads/writes with this sample: http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt (cherry picked from commit 8312e3fc9041027a33c8bc667bb99740fdf41dd5)	2011-03-16 13:27:01 +01:00
Janne Grunau	11f6eebdd3	consolidate .gitignore patters into a single file Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net> (cherry picked from commit 2c3589bfda036c7827ded0bf38b16dfe7630bae1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-10 14:02:23 +01:00
Janne Grunau	9109a58867	convert svn:ignore properties to .gitignore files Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net> (cherry picked from commit 348b8218f7a59374355c966dbe3b851a7275f952) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-10 14:01:36 +01:00
Reinhard Tartler	2dea9a1266	unbreak compilation and finish backport r24280 by mstorsjo Originally committed as revision 25324 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-10-03 14:50:04 +00:00
Reinhard Tartler	84e6629de3	aviobuf: Do short seeks forward by reading and skipping data instead of a proper seek This improves performance on e.g. seekable http. backport r24280 by mstorsjo Originally committed as revision 24428 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-07-22 11:58:26 +00:00
Reinhard Tartler	c46038f6b7	fix 'seektest' again backport r19270 by rbultje: Remove any reference to ASFContext.packet_size and replace it with AVFormatContext.packet_size. See "[PATCH] asf*.c/h: use AVFormatContext->packet_size instead of own copy" thread on ML. and r19361 by reimar: Check for packet_length 0, it is already treated as invalid by the padding check, but that resulted in a confusing/wrong error message. Originally committed as revision 22147 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-03-02 16:03:06 +00:00
Reinhard Tartler	a317cd5722	Avoid divisions by 0 in the ASF demuxer if packet_size is not valid. r19330 by reimar Originally committed as revision 22080 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-26 15:49:52 +00:00
Reinhard Tartler	ef84190a1a	Fix possible buffer over-read in vorbis_comment, fix it double to be sure. First, make s signed, so that comparisons against end - p will not be made as unsigned, making the check incorrectly pass if p is beyond end. Also ensure that p will never be > end, so the code is correct also if buf is not padded. backported r20014 by reimar Originally committed as revision 21711 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-09 18:51:11 +00:00
Reinhard Tartler	7db16a8173	check stream existence before assignment, fix #1222 backported r19259 by bcoudurier Originally committed as revision 21710 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-09 18:44:49 +00:00
Reinhard Tartler	e91ba7dc9d	add one missing check for stream existence in read_elst, fix #1364 backported patch r19792 by bcoudurier Originally committed as revision 21709 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-09 18:41:17 +00:00
Reinhard Tartler	95f90d27d2	Disable parsing for ogg streams where no ogg header was found, if no header was found the parser was not initialized and thus will crash when trying to use it. Originally committed as revision 21708 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-09 18:24:30 +00:00
Reinhard Tartler	1e9ac36f66	Make arguments of av_set_pts_info() unsigned. Fixes issue1240/mpeg1/smclockmpeg1.avi.3.1 Originally committed as revision 21707 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-09 18:10:07 +00:00
Reinhard Tartler	a9785f58c6	backport symbol versioning patch Originally committed as revision 21595 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-01 16:00:09 +00:00
Baptiste Coudurier	07679e680c	revert r16717, r16718, r16719, EAGAIN handling, this causes FFserver to hang Originally committed as revision 17737 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2009-03-02 20:32:24 +00:00
Diego Biurrun	0ffbc258aa	Change a bunch of codec long_names to be more consistent and descriptive. Originally committed as revision 17716 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-02 05:18:33 +00:00
Aurelien Jacobs	827f7e285b	deprecate old metadata API Originally committed as revision 17690 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-01 16:35:25 +00:00
Aurelien Jacobs	bc718b4720	fix missed usage of old metadata API in mov demuxer Originally committed as revision 17689 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-01 16:06:26 +00:00
Aurelien Jacobs	012867f05b	use new metadata API in libavformat/utils.c Originally committed as revision 17687 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-01 15:38:06 +00:00
Aurelien Jacobs	feacba6c26	use new metadata API in r3d demuxer Originally committed as revision 17686 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-01 15:28:56 +00:00
Aurelien Jacobs	ec26457064	new metadata API is now officially part of public API Originally committed as revision 17682 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-01 14:50:03 +00:00
Aurelien Jacobs	95030323d1	simplify metadata conversion and fixes gcc-2.95 at the same time Originally committed as revision 17681 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-01 14:29:30 +00:00
Michael Niedermayer	4022fe01a6	Change the timebase of the raw demuxer to one that can represent the ts of fields. Originally committed as revision 17675 to svn://svn.ffmpeg.org/ffmpeg/trunk	2009-03-01 03:48:35 +00:00

1 2 3 4 5 ...

4666 Commits