ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	43aae00455	avcodec/vmnc: Check that rectangles are within the picture Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Conflicts: libavcodec/vmnc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-21 17:07:10 +01:00
Michael Niedermayer	02ac859dfe	avcodec/jpeglsdec: check err value for ls_get_code_runterm() Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-10-30 23:39:40 +01:00
Michael Niedermayer	04fb6bb915	avcodec/parser: reset indexes on realloc failure Fixes Ticket2982 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-26 23:25:09 +02:00
Michael Niedermayer	617a9eedc6	avcodec/ffv1enc: update buffer check for 16bps Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f) Conflicts: libavcodec/ffv1enc.c (cherry picked from commit c900c6e5c26cd86cf34f9c8d4347cedbd01f3935)	2013-09-09 20:51:05 +02:00
Michael Niedermayer	e7484d5425	avcodec/dsputil: fix signedness in sizeof() comparissions Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 454a11a1c9c686c78aa97954306fb63453299760) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-08-30 23:49:58 +02:00
Michael Niedermayer	fde0b7d91c	avcodec/rpza: Perform pointer advance and checks before using the pointers Fixes out of array accesses Fixes Ticket2850 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34) Conflicts: libavcodec/rpza.c (cherry picked from commit edba432b8b01d68c22e70a508f47553359f59fb5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-08-22 01:44:37 +02:00
Michael Niedermayer	5f5bf9faf9	avcodec_align_dimensions2: Ensure cinepak has large enough buffers. This is partly redundant with the following patches, but its safer Found-by: u-bo1b@0w.se Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f5c00b347dc76285c639d9878a014c40395c5228) Conflicts: libavcodec/utils.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2b6f3be08250683407c7a9846d7133b116661eae) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-28 03:52:07 +01:00
Michael Niedermayer	c2d3f06882	wma: check byte_offset_bits Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 984add64a41c3296a8a82051cc90bff2eb449609) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-28 03:51:23 +01:00
Michael Niedermayer	01c90eea6c	vqavideo: fix return type Fixes Ticket2281 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1fd86f9a2136165205b0370d5a6e916499f1da7f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-28 03:50:15 +01:00
Michael Niedermayer	13093f9767	vqavideo: check chunk sizes before reading chunks Fixes out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ab6c9332bfa1e20127a16392a0b85a4aa4840889) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-17 04:24:30 +01:00
Michael Niedermayer	fee26d352a	roqvideodec: check dimensions validity Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3ae610451170cd5a28b33950006ff0bd23036845) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-17 04:24:30 +01:00
Michael Niedermayer	a23a3dba25	qdm2: check array index before use, fix out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-17 03:50:41 +01:00
Michael Niedermayer	deaaacbc3f	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: mpeg12: do not decode extradata more than once. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-13 13:37:34 +01:00
Anton Khirnov	0b25c3b67c	mpeg12: do not decode extradata more than once. Fixes CVE-2012-2803. (cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2) (cherry picked from commit 301761792a693a1f3303a2af34a0fb066a03c10c) Conflicts: libavcodec/mpeg12.c	2013-02-12 07:12:00 +01:00
Michael Niedermayer	10ec2308b0	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: (21 commits) vp6: properly fail on unsupported feature vp56: release frames on error shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure h264: check context state before decoding slice data partitions oggdec: check memory allocation Fix uninitialized reads on malformed ogg files. lavf: avoid integer overflow in ff_compute_frame_duration() yuv4mpeg: reject unsupported codecs tiffenc: Check av_malloc() results. mpegaudiodec: fix short_start calculation h264: avoid stuck buffer pointer in decode_nal_units yuv4mpeg: return proper error codes. avidec: return 0, not packet size from read_packet(). cavsdec: check for changing w/h. avidec: use actually read size instead of requested size bytestream: add a new set of bytestream functions with overread checking avsdec: Set dimensions instead of relying on the demuxer. lavfi: avfilter_merge_formats: handle case where inputs are same bmpdec: only initialize palette for pal8. ... Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-11 12:29:32 +01:00
Luca Barbato	b9500bf864	vp6: properly fail on unsupported feature Interlacing is not supported at all and mismanaged down the normal codepaths causing possible buffer management issues. Fixes: CVE-2012-2783 (cherry picked from commit be75fed9755c1285ba084574aff2d7ee0f81110d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4ede95e69cf964cd46b1e9fcd48da80d8d92c433) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:16 +01:00
Luca Barbato	4f8f4458a5	vp56: release frames on error Fixes CVE-2012-2783 CC: libav-stable@libav.org (cherry picked from commit f33b5ba63eee96c9d1c7f0e568169cb0c3694238) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 7fd7950174f9f2935fbf5bf1435fd0dc37be5c61) Conflicts: libavcodec/vp56.c	2013-02-10 18:01:16 +01:00
Michael Niedermayer	9def5c4666	shorten: Use separate pointers for the allocated memory for decoded samples. Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:15 +01:00
Justin Ruggles	7aeb281aa5	shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Conflicts: libavcodec/shorten.c	2013-02-10 18:01:15 +01:00
Janne Grunau	a49599b125	h264: check context state before decoding slice data partitions Fixes mov_h264_aac__Demo_FlagOfOurFathers.mov.SIGSEGV.4e9.656. Found-by: Mateusz "j00ru" Jurczyk CC: libav-stable@libav.org (cherry-picked from commit c1fcf563b13051f280db169ba41c6a1b21b25e08) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:15 +01:00
Alex Converse	80f89a9b40	tiffenc: Check av_malloc() results. (cherry picked from commit b92dfb56d4582633571db18c3d904f8602eaa2a6) Conflicts: libavcodec/tiffenc.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:15 +01:00
Luca Barbato	5235db68c0	mpegaudiodec: fix short_start calculation The value should be always 3, as it follows from the specification. Fix a stack buffer overflow in exponents_from_scale_factors as reported by asan. Thanks to Dale Curtis for the sample vector. (cherry picked from commit 97cfa55eea39cef30abe14682c56c1e4e7f6f10d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:15 +01:00
Jindřich Makovička	6731776795	h264: avoid stuck buffer pointer in decode_nal_units When decode_nal_units() previously encountered a NAL_END_SEQUENCE, and there are some junk bytes left in the input buffer, but no start codes, buf_index gets stuck 3 bytes before the end of the buffer. This can trigger an infinite loop in the caller code, eg. in try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes, with 3 bytes of the input packet still available. With this change, the remaining bytes are skipped so the whole packet gets consumed. CC:libav-stable@libav.org Signed-off-by: Jindřich Makovička <makovick@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 1a8c6917f68f7378465e18f7615762bfd22704c2) Conflicts: libavcodec/h264.c	2013-02-10 18:01:15 +01:00
Michael Niedermayer	4fac60d568	cavsdec: check for changing w/h. Our decoder does not support changing w/h. Fixes CVE-2012-2777 and CVE-2012-2784. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit c20a69630619d14ae92c5541d52c579d7c8f3e94) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:15 +01:00
Aneesh Dogra	c28c631d29	bytestream: add a new set of bytestream functions with overread checking Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>	2013-02-10 18:01:15 +01:00
Michael Niedermayer	6b97e76dfc	avsdec: Set dimensions instead of relying on the demuxer. The decode function assumes that the video will have those dimensions. Fixes CVE-2012-2801 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 85f477935cd6b34e6ec2716b20e15ce748277a89) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:15 +01:00
Anton Khirnov	0f6d4da8de	bmpdec: only initialize palette for pal8. Gray8 is not considered to be paletted, so this would cause an invalid write. Fixes bug 367. CC: libav-stable@libav.org (cherry picked from commit 8b78c2969a5b7dca939d93bf525aa2bcd737b5d9) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2013-02-10 18:01:15 +01:00
Michael Niedermayer	ac476bfa9f	huffyuvdec: Skip len==0 cases Fixes vlc decoding for hypothetical files that would contain such cases. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 9bc70fe1ae50fd2faa0b9429d47cfbda01a92ebc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-29 19:29:08 +01:00
Michael Niedermayer	272e7f6443	huffyuvdec: Check init_vlc() return codes. Prevents out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f67a0d115254461649470452058fa3c28c0df294) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-29 18:36:16 +01:00
Michael Niedermayer	776fb2e10d	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: lavfi: avfilter_merge_formats: handle case where inputs are same mpegvideo: Don't use ff_mspel_motion() for vc1 imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt nuv: check RTjpeg header for validity vc1dec: add flush function for WMV9 and VC-1 decoders Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-10-16 18:04:22 +02:00
Michael Niedermayer	6d6373dc64	mpegvideo: Don't use ff_mspel_motion() for vc1 Using ff_mspel_motion assumes that s (a MpegEncContext poiinter) really is a Wmv2Context. This fixes crashes in error resilience on vc1/wmv3 videos. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 18f2d5cb9c48d06895960f37467576725c9dc2d1) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit da0c457663479bc1828918e1bb3e4a5e4de0d557) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 899d95efe12f1e250b361837c1c8c06df9ac9b86) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit c82ae85a8a78a98f7c7fea68d24a4ac0ca74d01f) Conflicts: libavcodec/mpegvideo_common.h Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:35:19 +02:00
Janne Grunau	7296a6b5e9	imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt CC: libav-stable@libav.org (cherry picked from commit 39bb27bf79bc4c2d8beaed637a14176264cb1916) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 7a7229b52d1900279041991fadbd29b27e8dfe95) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 8812b5f164109553f009ce385e17a1af16b6ea53) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit fd7426ed898533bed98e6b472ff5f5c8e47f2eb5) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:34:11 +02:00
Janne Grunau	f695be22d8	nuv: check RTjpeg header for validity CC: libav-stable@libav.org (cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 6704522ca9dd32c858ee474492be568c386910f9) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit f31170d4e7f9671e019315391160d454b18d7296) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 459feb7cce03af7154c098171fc9d36fc9d472f6) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:34:04 +02:00
Kostya Shishkov	9125aa9218	vc1dec: add flush function for WMV9 and VC-1 decoders CC: libav-stable@libav.org (cherry picked from commit 4dc8c8386eef942dba35c4f2fb3210e22b511a5b) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 02b72394627933dc8ce26445231a69f00dba491b) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 0173a7966b331105158a88f96b9afcc431d2fef8) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit aa4121276777b20eaaa83bf9bd544b00748c865c) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:33:49 +02:00
Michael Niedermayer	48ef116631	wmv1: check that the input buffer is large enough Fixes null ptr deref Fixes Ticket1367 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f23a2418fb0ccc56fdae4dbf83a5994cc917c475) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:40:36 +02:00
Michael Niedermayer	cc511b36f3	truemotion1: Check index, fix out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fd4c1c0b70b5a06dd572d7e27799a2f4c3d9b984) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:40:13 +02:00
Michael Niedermayer	acc665f22c	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: Bump version number for 0.5.9 release. png: check bit depth for PAL8/Y400A pixel formats. tqi: Pass errors from the MB decoder eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c ea: check chunk_size for validity. vfwcap: Include windows.h before vfw.h since the latter requires defines from the former. Patch by kemuri <kemuri9 at gmail dot com> mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one mingw32: properly check if vfw capture is supported by the system headers Replace every usage of -lvfw32 with what is particularly necessary for that case: Avisynth -> -lavifil32 VFW Cap -> -lavicap32 Patch by kemuri <kemuri9 at gmail dot com> configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code. qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. adpcm: ADPCM Electronic Arts has always two channels h264: Add check for invalid chroma_format_idc dpcm: ignore extra unpaired bytes in stereo streams. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-04 12:29:25 +02:00
Reinhard Tartler	5a9588b088	png: check bit depth for PAL8/Y400A pixel formats. Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b8d6ba9d50e80fdce2ed74cdaffd4960df8a21c5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 33f93005f1a86c108302b4c5978aa1a3d8e092cc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4c8c2660bd9252775c9a1dc2e2f36cb34718595a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/pngdec.c	2012-06-03 19:35:50 +02:00
Michael Niedermayer	02cd93f4ad	tqi: Pass errors from the MB decoder This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5872580e65aab026b77754eb184f97ba7cc6ea35) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2f2fd8c6d1c51a6b817e6c0bc4eff308b8f9cd18) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c3edce42704142f4c66954e9f24d7fbf0e5ae423) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Reimar Döffinger	f8a31e2113	eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c Originally committed as revision 18927 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 1eda87ce6366189eebf9956f826dfd92d9e64d9c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Ronald S. Bultje	ae6c57859c	qdm2: clip array indices returned by qdm2_get_vlc(). Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c	2012-06-02 19:25:57 -04:00
Alex Converse	5629c39101	kmvc: Check palsize. Fixes: CVE-2011-3952 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Based on fix by Michael Niedermayer (cherry picked from commit 386741f887714d3e46c9e8fe577e326a7964037b) (cherry picked from commit 416849f2e06227b1b4a451c392f100db1d709a0c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e7392dc349291eb94379d8cfb7ef73d32a768858) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Janne Grunau	7867cbaf6c	adpcm: ADPCM Electronic Arts has always two channels Fixes half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Adresses CVE-2012-0852 (cherry picked from commit bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716) Conflicts: libavcodec/adpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b581580bd1cc8506befa65b0a5c9ae429240f21f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a0f58c3a605b8123039628d1598cb36f1da0e815) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Alexander Strange	0bf8e22cdb	h264: Add check for invalid chroma_format_idc Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef4063957aa5025c8d2cd757b6a537e4b6874df) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 47132345184dc3d0ff962a57a1225564fe979548) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c5f7c755cfccd7aa01010a2d566104c2b0fa6d86) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 00d2c432581cf61326973a1a48f2e63690b65515)	2012-05-28 23:46:08 +02:00
Alex Converse	7944a87ba8	dpcm: ignore extra unpaired bytes in stereo streams. Fixes: CVE-2011-3951 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit ce7aee9b733134649a6ce2fa743e51733f33e67e) (cherry picked from commit eaeaeb265fe46e1d81452960de918227541873b4) Conflicts: libavcodec/dpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1ce9c93198fc997e8f23934a78e2937af670e4e9) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 41f1f146c9e29dde63e293078819474c9b8111a1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Michael Niedermayer	a55db1fc49	dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e)	2012-05-11 22:39:50 +02:00
Michael Niedermayer	96c6b3a11c	h261: check mtype. Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ec3cd74f2dab8e3e8234ccb994132b23d3098585)	2012-05-11 22:39:31 +02:00
Michael Niedermayer	782c3ab777	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: Bump version number for 0.5.8 release. Release notes and changelog for 0.5.7 vqavideo: return error if image size is not a multiple of block size motionpixels: Clip YUV values after applying a gradient. mjpegbdec: Fix overflow in SOS. atrac3: Fix crash in tonal component decoding. dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. dv: Fix null pointer dereference due to ach=0 dv: check stype nsvdec: Propagate errors nsvdec: Be more careful with av_malloc(). nsvdec: Fix use of uninitialized streams. Conflicts: libavcodec/atrac3.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-11 22:02:11 +02:00
Mans Rullgard	468cc41d6d	vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit d5207e2af81580dd5e6277b354c8b459c3624f26) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c71c77e56fcc6d469d45e1c8ce04aa053124d3f8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c90da45d5a7a4045dbf22fba52c63ef55d207269) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:34:07 +02:00
Alex Converse	6c9b404dba	motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit aaa6a666774eb02c351c84e80622a5c69e9b642e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 50073e2395522b6e2b8698ff0dd06ffaf8cbf8ce) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2134e7f6e88959513ba1713ad6fd7a7c8d5a0f41) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:33:49 +02:00

1 2 3 4 5 ...

9135 Commits