ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	049b08d04c	atrac3: Fix crash in tonal component decoding. Fixes Ticket780 Bug Found by: cosminamironesei Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 21:54:09 +01:00
Michael Niedermayer	8454d81ebe	h264: check chroma_format_idc range. Fixes Ticket758 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7fff64e00d886fde11d61958888c82b461cf99b9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 21:52:50 +01:00
Michael Niedermayer	6f0e349a02	aacsbr: Fix memory corruption. Fixes Ticket760 and Ticket761 Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 944f5b2779e4aa63f7624df6cd4de832a53db81b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 21:52:43 +01:00
Michael Niedermayer	56173eabb6	j2kdec: Fix integer overflow leading to a segfault Fixes Ticket776 Bug found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1f99939a6361e2e6d6788494dd7c682b051c6c34) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 21:52:31 +01:00
Michael Niedermayer	d80db23e7d	ws_snd1: Fix wrong samples count and crash. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5257743aee0c3982f0079e6553aabc6aa39401d2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 21:52:10 +01:00
Stefano Sabatini	c4cc8584d0	lavfi: add missing check in avfilter_filter_samples() Avoid out-of-buffer data access when nb_channels is 8. (cherry picked from commit ae21776207e8a2bbe268e7c9e203f7599dd87ddb) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 21:52:03 +01:00
Michael Niedermayer	1c1af2af0d	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update Changelog for 0.7.4 release Update RELEASE file for 0.7.4 swscale: fix crash in fast_bilinear code when compiled with -mred-zone. vorbis: An additional defense in the Vorbis codec. vorbisdec: Fix decoding bug with channel handling Conflicts: Changelog RELEASE Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-12 20:55:46 +01:00
Reinhard Tartler	d4653e882f	Update Changelog for 0.7.4 release	2012-01-11 11:40:38 +01:00
Reinhard Tartler	8f17d7dd4b	Update RELEASE file for 0.7.4	2012-01-10 21:00:09 +01:00
Ronald S. Bultje	dd8228dcff	swscale: fix crash in fast_bilinear code when compiled with -mred-zone. Additional comments from Måns Rullgard have been integrated by Reinhard Tartler. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b14fa5572c2a3bb1d8cd6327c4687a2eee363bbb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-10 21:00:09 +01:00
Michael Niedermayer	c0cbf3af01	Merge branch 'release/0.8' into release/0.7 * release/0.8: matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() vorbis: Avoid some out-of-bounds reads vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) avserver: Fix a bug where the socket is IPv4, but IPv6 is autoselected for the loopback address. vp3: fix streams with non-zero last coefficient Update for 0.8.9 vp3: fix regression with mplayer-crash.ogv h264: fix init of topleft ref/mv. Fixes Ticket778 Update for 0.8.8 Conflicts: Doxyfile RELEASE VERSION Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-09 00:08:15 +01:00
Chris Evans	b0283ccb9e	vorbis: An additional defense in the Vorbis codec. Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit afb2aa537954db537d54358997b68f46561fd5a7) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-08 09:11:02 +01:00
Reinhard Tartler	97f23c72a3	vorbisdec: Fix decoding bug with channel handling Fixes Bug: #191 Chromium Bug: #101458 CVE-2011-3895 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e6d527ff729e42d80e4756cab779ff4ad693631b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-08 09:10:55 +01:00
Michael Niedermayer	3b0b8c6531	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() vorbis: Avoid some out-of-bounds reads vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) avserver: Fix a bug where the socket is IPv4, but IPv6 is autoselected for the loopback address. vp3: fix streams with non-zero last coefficient Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-08 06:53:38 +01:00
Chris Evans	1f625431e2	matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() Fixes bug #190 Chromium bug #100492 related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry-picked from commit faaec4676cb4c7a2303d50df66c6290bc96a7657) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 22:01:19 +01:00
Chris Evans	4a94678f1b	vorbis: Avoid some out-of-bounds reads Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 57cd6d709565e84e84385f8f2a9641ca3fa718be) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 21:59:02 +01:00
Ronald S. Bultje	c624935554	vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) Fixes: #189 Chromium-Bug: 101172,100465 CVE-2011-3892 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 09:24:52 +01:00
Nathan Caldwell	06df542067	avserver: Fix a bug where the socket is IPv4, but IPv6 is autoselected for the loopback address. This fixes bind(8080): Address family not supported by protocol. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit f5e717f3c735af5c941b458d42615c97028aa916) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-05 22:26:55 +01:00
Janne Grunau	82a11fcff2	vp3: fix streams with non-zero last coefficient Fixes a regression introduced in 8b94df0f2047e972. (cherry picked from commit 9b4767e4784577f3107730316fe652ccaccd9b3a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-05 20:59:29 +01:00
Michael Niedermayer	cee1568ae1	Update for 0.8.9 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.8.9	2012-01-02 20:20:14 +01:00
Michael Niedermayer	870e74dc43	Update for 0.7.10 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.7.10	2012-01-02 20:19:40 +01:00
Michael Niedermayer	1218f8ed49	vp3: fix regression with mplayer-crash.ogv Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a2a12e3358c3bbdc0246ffc94973e58eba50ee30)	2012-01-02 17:24:43 +01:00
Michael Niedermayer	c409ac5adc	vp3: fix regression with mplayer-crash.ogv Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a2a12e3358c3bbdc0246ffc94973e58eba50ee30)	2012-01-02 17:24:31 +01:00
Michael Niedermayer	575cbbffaa	h264: fix init of topleft ref/mv. Fixes Ticket778 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 680880c98db2817437e19c3fc7f6349261bbbbb0)	2011-12-28 02:17:28 +01:00
Michael Niedermayer	680880c98d	h264: fix init of topleft ref/mv. Fixes Ticket778 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-27 21:33:32 +01:00
Michael Niedermayer	d75909f247	Update for 0.8.8 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.8.8	2011-12-25 21:45:57 +01:00
Michael Niedermayer	ccdc68eb35	Update for 0.7.9 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.7.9	2011-12-25 21:45:24 +01:00
Michael Niedermayer	ef0c89e969	Merge branch 'release/0.8' into release/0.7 * release/0.8: (22 commits) Update Changelog for 0.7.3 release 4xm: Add a check in decode_i_frame to prevent buffer overreads wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. Update RELEASE file for 0.7.3 swscale: #include "libavutil/mathematics.h" vp3dec: Check coefficient index in vp3_dequant() svq1dec: call avcodec_set_dimensions() after dimensions changed. mpegtsenc: fix handling of large audio packets (sorry i have no sample, just a user report) h264: Use mismatching frame numbers in fields swscale: Readd #define _SVID_SOURCE vp6: Fix illegal read. vp6: Fix illegal read. vp6: Reset the internal state when aborting key frames header parsing vp6: Check for huffman tree build errors vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling imgutils: Fix illegal read. qdm2: check output buffer size before decoding Fix out of bound reads in the QDM2 decoder. Check for out of bound writes in the QDM2 decoder. vmd: fix segfaults on corruped streams ... Conflicts: Doxyfile RELEASE VERSION Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-25 19:57:17 +01:00
Michael Niedermayer	8413f12e1b	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update Changelog for 0.7.3 release Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-25 19:25:27 +01:00
Michael Niedermayer	df825c956a	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 This merge is primary for metadata, theres little actually changed except cosmetics * qatar/release/0.7: 4xm: Add a check in decode_i_frame to prevent buffer overreads wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. Update RELEASE file for 0.7.3 swscale: #include "libavutil/mathematics.h" vp3dec: Check coefficient index in vp3_dequant() svq1dec: call avcodec_set_dimensions() after dimensions changed. swscale: Readd #define _SVID_SOURCE Conflicts: RELEASE libavcodec/4xm.c libavcodec/vp3.c libswscale/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-24 01:41:43 +01:00
Reinhard Tartler	d61b38b9db	Update Changelog for 0.7.3 release	2011-12-23 22:40:24 +01:00
Shitiz Garg	d912a30c7d	4xm: Add a check in decode_i_frame to prevent buffer overreads Fixes bugzilla #135 Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 355d917c0bd8163a3f1c7d4a6866dac749efdb84) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 22:27:02 +01:00
Justin Ruggles	8dba5608dc	wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. The initial values are not checked against the number of block sizes. Initializing them to frame_len_bits will result in a block size index of 0 in these cases instead of something that might be out-of-range. Fixes Bug 81. (cherry picked from commit 05d1e45d1f42cc90d1f2f36c546d0096cea126a8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 22:27:02 +01:00
Reinhard Tartler	7ce728050b	Update RELEASE file for 0.7.3	2011-12-23 16:00:17 +01:00
Reinhard Tartler	851098c9e0	swscale: #include "libavutil/mathematics.h" this file uses the M_PI macro since 4e74187db2f5db52f88729efc662df9d6bc763e1, so include the correct header directly. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5089ce1b5abe2ecbbfd7235aeb0ad47ba38305c1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:58:31 +01:00
Reinhard Tartler	bba709214a	vp3dec: Check coefficient index in vp3_dequant() Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes NGS00145, CVE-2011-4352 Found-by: Phillip Langlois Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 8b94df0f2047e9728cb872adc9e64557b7a5152f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:56:01 +01:00
Michael Niedermayer	0eca0da06e	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6e24b9488e67849a28e64a8056e05f83cf439229) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:55:38 +01:00
Michael Niedermayer	0125c10217	mpegtsenc: fix handling of large audio packets (sorry i have no sample, just a user report) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e31c5ebe1146d98d17a5121312c5444432c81904) Conflicts: libavformat/mpegtsenc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-09 10:29:52 +01:00
Michael Niedermayer	d38580a7bb	mpegtsenc: fix handling of large audio packets (sorry i have no sample, just a user report) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e31c5ebe1146d98d17a5121312c5444432c81904) Conflicts: libavformat/mpegtsenc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-09 03:45:40 +01:00
Michael Niedermayer	8acf9905a1	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 Note, all these commits where already in our release, this merge thus changes nothing, its just for metadata * qatar/release/0.7: vp6: Fix illegal read. vp6: Fix illegal read. vp6: Reset the internal state when aborting key frames header parsing vp6: Check for huffman tree build errors vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling imgutils: Fix illegal read. qdm2: check output buffer size before decoding Fix out of bound reads in the QDM2 decoder. Check for out of bound writes in the QDM2 decoder. vmd: fix segfaults on corruped streams Conflicts: libavcodec/qdm2.c libavcodec/vmdav.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-08 01:14:02 +01:00
Michael Niedermayer	ba5bb0562b	h264: Use mismatching frame numbers in fields to synchronize the first/second field state independant of them being reference or not. Fixes Ticket354 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 545ec935a4b4e0f032ebd975907b41f6fe4465c9)	2011-12-06 23:39:42 +01:00
Michael Niedermayer	1550c0885d	h264: Use mismatching frame numbers in fields to synchronize the first/second field state independant of them being reference or not. Fixes Ticket354 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 545ec935a4b4e0f032ebd975907b41f6fe4465c9)	2011-12-06 23:31:39 +01:00
Martin Storsjö	38a511e84c	swscale: Readd #define _SVID_SOURCE This was removed erroneously in 046f081b46c8479820409cf8f530b988221bd15b. This define still is necessary for getting MAP_ANONYMOUS defined on linux/glibc, despite the define reshuffling done in that commit. Without MAP_ANONYMOUS defined, the mprotect calls for setting the generated mmx2 scaler code pages executable are left out, causing crashes if that codepath is chosen. This patch fixes scaling from 192x144 to 320x240 with -sws_flags fast_bilinear, which crashes on linux at the moment. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit f32dfad9dc64acf0fd1bb867e127a9efe6380676) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-05 21:12:11 +01:00
Thierry Foucu	ba4b08b789	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:21:09 +01:00
Alex Converse	67a7ed623b	vp6: Fix illegal read. (cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:49 +01:00
Laurent Aimar	c76505e0de	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit a72cad0a6c05aa74940101e937cb3dc602d7d67b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:28 +01:00
Laurent Aimar	30c08e2261	vp6: Check for huffman tree build errors Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 066fff755a5d8edc660c010ddb08474d208eeade) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:10 +01:00
Dustin Brody	7367cbec1b	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:19:29 +01:00
Thierry Foucu	28acce2861	imgutils: Fix illegal read. Found with address sanitizer. Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit c693aa6f71b4f539cf9df67ba42f4b1932981687) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:18:17 +01:00
Justin Ruggles	7347205351	qdm2: check output buffer size before decoding (cherry picked from commit 7d49f79f1cd47783a963a757a6563b9cac29db62) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 08:55:55 +01:00

... 3 4 5 6 7 ...

31843 Commits