This prevents some crashes when corrupted bitstream reports e.g. P-type
slice in I-frame. Official RealVideo decoder demands all slices to be
of the same type too.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 23a1f0c59241465ba30103388029a7afc0ead909)
Ignore resolution change if resolution not defined in extradata.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 09c5f990bc7629dfbee8c760fd485936c60a7b40)
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4cc7732386eb36661ed22d1200339b38a5fa60bc)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
rv34_decode_slice() can return without allocating any pictures.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d0f6ab0298f2309c6104626787ed73416298b019)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents crashes with some corrupted bitstreams.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4a29b471869353c3077fb4b25b6518eb1047afb7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6489455495fc5bfbebcfe3f57e5d4fdd6a781091)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 9676ffba8346791f494451e68d2a3b37a2918a9b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/release/0.5:
Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.
cavs: fix some crashes with invalid bitstreams
mjpeg: Detect overreads in mjpeg_decode_scan() and error out.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This removes all valgrind-reported invalid writes with one
specific test file.
Fixes http://www.ocert.org/advisories/ocert-2011-002.html
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 4a71da0f3ab7f5542decd11c81994f849d5b2c78)
Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Ronald S. Bultje <rbultje@google.com>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
when frame dimensions change in RV3/4.
Originally committed as revision 20595 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit d90aeeaf569e4a08c30b3d1d09c3cff3a86eb431)
Patch discussed and taken from https://roundup.ffmpeg.org/issue2584
(cherry picked from commit 2bbec1eda46d907605772a8b6e8263caa4bc4c82)
Change related to CVE-2011-0723
private in dv.c for some reason). See "[PATCH] get_bits_left()" thread.
Originally committed as revision 20490 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit c47ca25e74bbe465cdc8b99d4f6ab4f0ad5e4229)
Fixes issue 2322.
Originally committed as revision 25591 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 3dde66752d59dfdd0f3727efd66e7202b3c75078)
Addresses: CVE-2010-4704
New max size is 16bit * 4 samples (RGBA).
Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 445f0a8b666a34e6402f6ae96c6804c8bc024baa)
Addresses: CVE-2010-3908
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This may be security relevant.
Based on 2 patches by chrome.
backport r19975 by michael
Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
As discussed with Diego, we'll go for bumping micro in 0.5 and will
consider adding a RELEASEVERSION macro for trunk and 0.6 seperatly
Originally committed as revision 22087 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
First commit:
Make decode_init fail if the huffman tables are invalid and thus init_vlc fails.
Otherwise this will crash during decoding because the vlc tables are NULL.
Partially fixes ogv/smclock.ogv.1.101.ogv from issue 1240.
backport r19355 by reimar
Second commit:
Add extra validation checks to ff_vorbis_len2vlc.
They should not be necessary, but it seems like a reasonable precaution.
r19374 by reimar
Originally committed as revision 22076 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
now compiles with x264 API versions 65 up to 85
patch prepared by darkshikari
Originally committed as revision 22042 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
backported r20083 by diego
This commit does not introduce functional changes. It was applied in
order to faciliate reviewing the proposed libx264.c backport
Originally committed as revision 21832 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
Probably only DoS, init_get_bits sets buffer to NULL, thus causing a
NULL-dereference directly after.
backport r21426 by reimar
Originally committed as revision 21759 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
This might have been exploitable.
Fixes first crash of issue840.
backport r18388 by michael
Originally committed as revision 21757 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
as discussed with diego on irc, the spurious newline deletion and the
LIBAVCODEC_VERSION_MINOR bump are being reverted based on comments on
ffmpeg-cvslog by ramiro, uoti and michael.
See http://comments.gmane.org/gmane.comp.video.ffmpeg.cvs/28112 for the
full context.
Originally committed as revision 21755 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
Allows an application to register a callback that manages mutexes
on behalf of FFmpeg.
With this callback registered FFmpeg is fully thread safe.
backport r19025 by andoma
NB: This is a feature backport with little regression potential. It was
requested at FOSDEM 2010 by ben@geexbox.org for use by geexbox and the
enna mediacenter in the upcoming debian/squeeze and ubuntu/lucid
release.
Approved by DonDiego on #ffmpeg-devel
Originally committed as revision 21731 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
10_vorbis_submap_indexes.patch by chrome.
I am applying this even though Reimar had some comments to improve it as it fixes
a serious security issue and I do not want to leave such things unfixed.
backport r20001 by michael
Originally committed as revision 21730 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
23_vorbis_sane_partition.patch by chrome.
Also this should be better documented but i prefer not to leave potential
security issues open due to missing documentation.
r19996 by michael
Originally committed as revision 21729 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
12_vorbis_mode_indexes.patch by chrome
maybe exploitable
r19990 by michael
Originally committed as revision 21726 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
