ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	272e7f6443	huffyuvdec: Check init_vlc() return codes. Prevents out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f67a0d115254461649470452058fa3c28c0df294) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-29 18:36:16 +01:00
Michael Niedermayer	776fb2e10d	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: lavfi: avfilter_merge_formats: handle case where inputs are same mpegvideo: Don't use ff_mspel_motion() for vc1 imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt nuv: check RTjpeg header for validity vc1dec: add flush function for WMV9 and VC-1 decoders Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-10-16 18:04:22 +02:00
Mina Nagy Zaki	0dfcbe5285	lavfi: avfilter_merge_formats: handle case where inputs are same This fixes a double-free crash if lists are the same due to the two merge_ref() calls at the end of the (useless) merging that happens. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 11b6a82412bcd372adf694a26d83b07d337e1325) Conflicts: libavfilter/formats.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e5f4e249422834f727bcd432b73af971277f1371) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit b6c5848a1f8fc2755ea70d325acaddae9fac45ab) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit a4e277312cacfb78ef7583ed0b4fe4ccf5a0bcb1) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:35:38 +02:00
Michael Niedermayer	6d6373dc64	mpegvideo: Don't use ff_mspel_motion() for vc1 Using ff_mspel_motion assumes that s (a MpegEncContext poiinter) really is a Wmv2Context. This fixes crashes in error resilience on vc1/wmv3 videos. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 18f2d5cb9c48d06895960f37467576725c9dc2d1) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit da0c457663479bc1828918e1bb3e4a5e4de0d557) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 899d95efe12f1e250b361837c1c8c06df9ac9b86) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit c82ae85a8a78a98f7c7fea68d24a4ac0ca74d01f) Conflicts: libavcodec/mpegvideo_common.h Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:35:19 +02:00
Janne Grunau	7296a6b5e9	imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt CC: libav-stable@libav.org (cherry picked from commit 39bb27bf79bc4c2d8beaed637a14176264cb1916) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 7a7229b52d1900279041991fadbd29b27e8dfe95) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 8812b5f164109553f009ce385e17a1af16b6ea53) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit fd7426ed898533bed98e6b472ff5f5c8e47f2eb5) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:34:11 +02:00
Janne Grunau	f695be22d8	nuv: check RTjpeg header for validity CC: libav-stable@libav.org (cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 6704522ca9dd32c858ee474492be568c386910f9) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit f31170d4e7f9671e019315391160d454b18d7296) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 459feb7cce03af7154c098171fc9d36fc9d472f6) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:34:04 +02:00
Kostya Shishkov	9125aa9218	vc1dec: add flush function for WMV9 and VC-1 decoders CC: libav-stable@libav.org (cherry picked from commit 4dc8c8386eef942dba35c4f2fb3210e22b511a5b) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 02b72394627933dc8ce26445231a69f00dba491b) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 0173a7966b331105158a88f96b9afcc431d2fef8) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit aa4121276777b20eaaa83bf9bd544b00748c865c) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:33:49 +02:00
Carl Eugen Hoyos	09a278fdd1	Fix muxing mjpeg in swf. (cherry picked from commit 79234907128390d775ceb1206dd0fed111a17896)	2012-09-13 09:27:14 +02:00
Michael Niedermayer	9eaec5b8f0	update for 0.5.10 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.5.10	2012-06-09 22:18:07 +02:00
Michael Niedermayer	48ef116631	wmv1: check that the input buffer is large enough Fixes null ptr deref Fixes Ticket1367 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f23a2418fb0ccc56fdae4dbf83a5994cc917c475) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:40:36 +02:00
Michael Niedermayer	cc511b36f3	truemotion1: Check index, fix out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fd4c1c0b70b5a06dd572d7e27799a2f4c3d9b984) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:40:13 +02:00
Michael Niedermayer	85b22a8924	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: Release notes for 0.5.9 Update changelog for 0.5.9 release Conflicts: RELEASE Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 19:02:31 +02:00
Reinhard Tartler	6ec1d3b3ba	Release notes for 0.5.9	2012-06-09 12:13:27 +02:00
Derek Buitenhuis	d843e7dc94	Update changelog for 0.5.9 release Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2012-06-08 15:41:31 -04:00
Michael Niedermayer	acc665f22c	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: Bump version number for 0.5.9 release. png: check bit depth for PAL8/Y400A pixel formats. tqi: Pass errors from the MB decoder eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c ea: check chunk_size for validity. vfwcap: Include windows.h before vfw.h since the latter requires defines from the former. Patch by kemuri <kemuri9 at gmail dot com> mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one mingw32: properly check if vfw capture is supported by the system headers Replace every usage of -lvfw32 with what is particularly necessary for that case: Avisynth -> -lavifil32 VFW Cap -> -lavicap32 Patch by kemuri <kemuri9 at gmail dot com> configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code. qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. adpcm: ADPCM Electronic Arts has always two channels h264: Add check for invalid chroma_format_idc dpcm: ignore extra unpaired bytes in stereo streams. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-04 12:29:25 +02:00
Reinhard Tartler	4c223fe519	Bump version number for 0.5.9 release.	2012-06-03 22:42:30 +02:00
Reinhard Tartler	5a9588b088	png: check bit depth for PAL8/Y400A pixel formats. Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b8d6ba9d50e80fdce2ed74cdaffd4960df8a21c5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 33f93005f1a86c108302b4c5978aa1a3d8e092cc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4c8c2660bd9252775c9a1dc2e2f36cb34718595a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/pngdec.c	2012-06-03 19:35:50 +02:00
Michael Niedermayer	02cd93f4ad	tqi: Pass errors from the MB decoder This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5872580e65aab026b77754eb184f97ba7cc6ea35) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2f2fd8c6d1c51a6b817e6c0bc4eff308b8f9cd18) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c3edce42704142f4c66954e9f24d7fbf0e5ae423) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Reimar Döffinger	f8a31e2113	eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c Originally committed as revision 18927 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 1eda87ce6366189eebf9956f826dfd92d9e64d9c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Ronald S. Bultje	8ba939fcda	ea: check chunk_size for validity. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 273e6af47b38391f2bcc157cca0423fe7fcbf55c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6a86b705e1d4b72f0dddfbe23ad3eed9947001d5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e74bc64dd376c4691a610ba62a66ed30affc97ec) Conflicts: libavformat/electronicarts.c (cherry picked from commit 38c45adfca299e3d96c07a700032695ec7ff2aeb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
kemuri	79674d27d9	vfwcap: Include windows.h before vfw.h since the latter requires defines from the former. Patch by kemuri <kemuri9 at gmail dot com> Originally committed as revision 21411 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 420755dd282a913c2163d5589706d6a99a18d10f) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2012-06-02 19:25:58 -04:00
Ramiro Polla	b061ee9a5d	mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one Originally committed as revision 24204 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit e26011d0f495de1148b8014995cbe923611b6b76) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2012-06-02 19:25:58 -04:00
Ramiro Polla	baba561c0b	mingw32: properly check if vfw capture is supported by the system headers Remove check for an specific w32api version, checking instead if vfw.h supports vfw capture. The defines in w32api 3.12 were wrong, so this must be accounted for in the check. Originally committed as revision 24203 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit ec1ee802a2e1cb3317bd44851cc28f95b5916051) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: configure	2012-06-02 19:25:58 -04:00
kemuri	f6147effd2	Replace every usage of -lvfw32 with what is particularly necessary for that case: Avisynth -> -lavifil32 VFW Cap -> -lavicap32 Patch by kemuri <kemuri9 at gmail dot com> Originally committed as revision 21410 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit a1b3c5a377976d21b9daa878265c6eada24c2543) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: configure	2012-06-02 19:25:57 -04:00
Ramiro Polla	b990187f99	configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code. Originally committed as revision 24156 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 0a4307d6307516d333ce2cde2a2ffa0f50bc176c) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2012-06-02 19:25:57 -04:00
Ronald S. Bultje	ae6c57859c	qdm2: clip array indices returned by qdm2_get_vlc(). Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c	2012-06-02 19:25:57 -04:00
Alex Converse	5629c39101	kmvc: Check palsize. Fixes: CVE-2011-3952 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Based on fix by Michael Niedermayer (cherry picked from commit 386741f887714d3e46c9e8fe577e326a7964037b) (cherry picked from commit 416849f2e06227b1b4a451c392f100db1d709a0c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e7392dc349291eb94379d8cfb7ef73d32a768858) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Janne Grunau	7867cbaf6c	adpcm: ADPCM Electronic Arts has always two channels Fixes half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Adresses CVE-2012-0852 (cherry picked from commit bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716) Conflicts: libavcodec/adpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b581580bd1cc8506befa65b0a5c9ae429240f21f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a0f58c3a605b8123039628d1598cb36f1da0e815) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Alexander Strange	0bf8e22cdb	h264: Add check for invalid chroma_format_idc Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef4063957aa5025c8d2cd757b6a537e4b6874df) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 47132345184dc3d0ff962a57a1225564fe979548) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c5f7c755cfccd7aa01010a2d566104c2b0fa6d86) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 00d2c432581cf61326973a1a48f2e63690b65515)	2012-05-28 23:46:08 +02:00
Alex Converse	7944a87ba8	dpcm: ignore extra unpaired bytes in stereo streams. Fixes: CVE-2011-3951 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit ce7aee9b733134649a6ce2fa743e51733f33e67e) (cherry picked from commit eaeaeb265fe46e1d81452960de918227541873b4) Conflicts: libavcodec/dpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1ce9c93198fc997e8f23934a78e2937af670e4e9) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 41f1f146c9e29dde63e293078819474c9b8111a1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Michael Niedermayer	a55db1fc49	dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e) n0.5.9	2012-05-11 22:39:50 +02:00
Michael Niedermayer	123e925956	mmdemux: dont set pkt->size to an invalid value. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0c97fd336e17535239ab44d755a0d957dc2688f3)	2012-05-11 22:39:37 +02:00
Michael Niedermayer	96c6b3a11c	h261: check mtype. Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ec3cd74f2dab8e3e8234ccb994132b23d3098585)	2012-05-11 22:39:31 +02:00
Michael Niedermayer	5e3cd42b6d	4xmdemux: Check chunk size Fixes over reading the header array Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 474e31c904f766b6989fe614c3fb093e697c847f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-11 22:38:28 +02:00
Michael Niedermayer	f73106256d	fix release number Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-11 22:37:20 +02:00
Michael Niedermayer	782c3ab777	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: Bump version number for 0.5.8 release. Release notes and changelog for 0.5.7 vqavideo: return error if image size is not a multiple of block size motionpixels: Clip YUV values after applying a gradient. mjpegbdec: Fix overflow in SOS. atrac3: Fix crash in tonal component decoding. dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. dv: Fix null pointer dereference due to ach=0 dv: check stype nsvdec: Propagate errors nsvdec: Be more careful with av_malloc(). nsvdec: Fix use of uninitialized streams. Conflicts: libavcodec/atrac3.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-11 22:02:11 +02:00
Reinhard Tartler	4b2e02a4c4	Bump version number for 0.5.8 release.	2012-05-10 20:40:38 +02:00
Reinhard Tartler	79fbcd9f03	Release notes and changelog for 0.5.7	2012-05-10 20:15:51 +02:00
Mans Rullgard	468cc41d6d	vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit d5207e2af81580dd5e6277b354c8b459c3624f26) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c71c77e56fcc6d469d45e1c8ce04aa053124d3f8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c90da45d5a7a4045dbf22fba52c63ef55d207269) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:34:07 +02:00
Alex Converse	6c9b404dba	motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit aaa6a666774eb02c351c84e80622a5c69e9b642e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 50073e2395522b6e2b8698ff0dd06ffaf8cbf8ce) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2134e7f6e88959513ba1713ad6fd7a7c8d5a0f41) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:33:49 +02:00
Alex Converse	b2ac7e585e	mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 083a8a00373b12dc06b8ae4c49eec61fb5e55f4b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6ae95a0b93e8df15fe5f364535a7214be0817736) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6ca010f20965ef71d97a53e871edae2eb9c05a5f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:42:28 +02:00
Michael Niedermayer	8bb3ba5541	atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f43b6e2b1ed47a1254a5d44c700a7fad5e9784be) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f728ad26f0ec87650d2986a892785c0e2b97d161) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 224025d852dcc42f752c0922fef7121808d1e42f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:42:10 +02:00
Alex Converse	5a92aa378d	dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 00fa6ffe1a0b252d6a81815e51f125225cd0b97a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a8f4db0acd9b588ba33e3b8c0c21feea5916cfd1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:41:57 +02:00
Michael Niedermayer	c4e8c99507	dv: Fix null pointer dereference due to ach=0 dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 44e182d41e3a73548f3f5e8445ec428d3846e6d6) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b46141b0d1d7efb74dad172b7c1b52413441592f) Conflicts: libavformat/dv.c	2012-04-21 15:41:30 +02:00
Michael Niedermayer	479869c499	dv: check stype dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit bb737d381f6d6413899a0697f426fb082eac66fc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 38421f27b3899a930552750fe1e0dffd45b71b8e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:39:00 +02:00
Alex Converse	ec4979e16e	nsvdec: Propagate errors Related to CVE-2011-3940. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5) Conflicts: libavformat/nsvdec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 0100c4b1b0736e0f5b3c98f9b0ab8acbef574888) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 3253dd2b420583a7f10afa87e47b9cb73e950e2a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:38:44 +02:00
Alex Converse	056c909d9d	nsvdec: Be more careful with av_malloc(). Check results for av_malloc() and fix an overflow in one call. Related to CVE-2011-3940. Based in part on work from Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit be524c186b50337db64d34a5726dfe3e8ea94f09) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 87007519c81c37d8a3de424de3db14078ae84333) Conflicts: libavformat/nsvdec.c	2012-04-21 15:38:10 +02:00
Michael Niedermayer	bde4b66063	nsvdec: Fix use of uninitialized streams. Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write) Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 6a89b41d9780325ba6d89a37f2aeb925aa68e6a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 65beb8c1173906b0541442713cb29e8ba44c47ef) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1edf848a81464afd514afbbbcb97b471d334e14a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:36:40 +02:00
Michael Niedermayer	0fda37cff9	Merge remote-tracking branch 'qatar/release/0.5' into release/0.5 * qatar/release/0.5: id3v2: fix skipping extended header in id3v2.4 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-02 02:25:49 +02:00
Anton Khirnov	2e693be7e9	id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303) Conflicts: libavformat/id3v2.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-04-01 19:49:37 +02:00

1 2 3 4 5 ...

18767 Commits