ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	20446996f3	avformat/vqf: Use 64bit for ret to avoid overflow Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cb08687180683a755d0fe9d425280d0e4d1e6db2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
Michael Niedermayer	286915cb84	avformat/gxf: Use 64bit for res to avoid overflow Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 12987f89007ee82b9d3a6090085dfaef8461ab8b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
Michael Niedermayer	f3a776a943	avformat/thp: Check av_get_packet() for failure not only for partial output Fixes null pointer dereference Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f2579dbb4b31e6ae731e7f5555680528ef3020ab) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
Michael Niedermayer	c68fe8ac8b	avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 05e161952954acf247e0fd1fdef00559675c4d4d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
wm4	a58b8e99c4	avformat/mpc8: fix broken pointer math This could overflow and crash at least on 32 bit systems. Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa) Conflicts: libavformat/mpc8.c (cherry picked from commit 49dd89f9027f3def12e170bb7d986d37812eedba) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
wm4	42b4ba4a8a	avformat/mpc8: fix hang with fuzzed file This can lead to an endless loop by seeking back a few bytes after each attempted chunk read. Assuming negative sizes are always invalid, this is easy to fix. Other code in this demuxer treats negative sizes as invalid as well. Fixes ticket #4262. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 56cc024220886927350cfc26ee695062ca7ecaf4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
Michael Niedermayer	8cf62b34e4	avformat/smacker: Fix number suffix Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 465f3705b1ef832fd6904750d018f81f9044f3ab) Conflicts: libavformat/smacker.c (cherry picked from commit ef3687998fb46d7d936bb6023f25c1dc324a4640)	2015-03-12 00:47:05 +01:00
Michael Niedermayer	127a290253	smackerdemuxer: check some values before instead of just after malloc() Fixes Ticket777 Bug Found by: Diana Elena Muscalu Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c402c1c976dc5bd63908d1aaff5b60521cbbee92) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
Michael Niedermayer	42f8a33c3c	avformat/utils: Fix number suffixes in tb_unreliable() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4b15bba2aec93776bfdc69a1bca42a4795a7d191) Conflicts: libavformat/utils.c (cherry picked from commit e651a2f88c219e74c9851563e74100f7652a6005)	2015-03-12 00:47:05 +01:00
Michael Niedermayer	1aedd7645a	avformat/aviobuf: Check that avio_seek() target is non negative Fixes out of array access Suggested-by: Andrew Scherkus <scherkus@google.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ed86dbd05d61363dc1c0d33f3267e2177c985fdd) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
Michael Niedermayer	79891f5b87	avformat/mpegts: Check desc_len / get8() return code Fixes out of array read Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:47:05 +01:00
Dale Curtis	c3ece52dec	matroska: Fix use after free Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit ae3d41636942cbc0236bad21ad06c65f4eb0f096) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 00:43:38 +01:00
Michael Niedermayer	1049328cf0	avformat/utils: do not override pts in h264 when they are provided from the demuxer Fixes Ticket2143 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1e5271a9fd6ddcceb083f2185a4bbd8d44c9a813)	2013-10-27 19:58:11 +01:00
Michael Niedermayer	0ca3dbbfce	Merge tag 'n0.8.15' into release/0.7 FFmpeg 0.8.15 release * tag 'n0.8.15': (49 commits) update for 0.8.15 avcodec/ffv1enc: update buffer check for 16bps avcodec/dsputil: fix signedness in sizeof() comparissions avcodec/pngdsp: fix (un)signed type in end comparission matroska_read_seek: Fix used streams for subtitle index compensation jpeg2000: check log2_cblk dimensions avcodec/rpza: Perform pointer advance and checks before using the pointers update all trac links to use the trac subdomain doc/APIchanges: List merge commit hashes and version numbers apichanges: fix 2 wrong hashes avcodec/parser: reset indexes on realloc failure mpeg12dec: avoid reinitialization on PS changes when possible. mpegts: only reopen pmt_cb filter if its different from the previous. Autodetect idcin only if audio properties allow decoding. alacenc: Fix missing sign_extend() h264_cavlc: fix reading skip run Update changelog for 0.7.8 release aac: check the maximum number of channels oggdec: fix faulty cleanup prototype qdm2: check that the FFT size is a power of 2 ... Conflicts: Doxyfile RELEASE VERSION libavformat/matroskadec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-10-06 19:04:27 +02:00
Michael Niedermayer	1b05b0005b	matroska_read_seek: Fix used streams for subtitle index compensation Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4758e32a6c48044f77102a49110c79b4f338f648) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-10-06 03:13:28 +02:00
Michael Niedermayer	9b0736c08a	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update changelog for 0.7.8 release aac: check the maximum number of channels oggdec: fix faulty cleanup prototype qdm2: check that the FFT size is a power of 2 rv10: check that extradata is large enough lavf: make sure stream probe data gets freed. dfa: check for invalid access in decode_wdlt(). avfiltergraph: check for sws opts being non-NULL before using them. Conflicts: Changelog libavformat/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:43:33 +02:00
Michael Niedermayer	70a1182a48	Merge commit 'f844cb9bced3148fca2db5bbb092929526108005' into release/0.8 * commit 'f844cb9bced3148fca2db5bbb092929526108005': iff: validate CMAP palette size wmaprodec: require block_align to be set. lzo: fix overflow checking in copy_backptr() flacdec: simplify bounds checking in flac_probe() atrac3: avoid oversized shifting in decode_bytes() lavf: fix arithmetic overflows in avformat_seek_file() Conflicts: libavformat/iff.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:36:39 +02:00
Michael Niedermayer	0a41da3e9d	Merge commit 'd785f6940144eb6ce4c24309ed034056b81395bc' into release/0.8 * commit 'd785f6940144eb6ce4c24309ed034056b81395bc': shorten: validate that the channel count in the header is not <= 0 matroskadec: request a read buffer for the wav header h264: check for luma and chroma bit depth being equal xxan: fix invalid memory access in xan_decode_frame_type0() wmadec: require block_align to be set. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:22:53 +02:00
Michael Niedermayer	afe09e490a	Merge commit '5025dbc577c9a9e0109cb363ac630a9eeda6dc1d' into release/0.8 * commit '5025dbc577c9a9e0109cb363ac630a9eeda6dc1d': wmaprodec: return an error, not 0, when the input is too small. vorbisdec: Error on bark_map_size equal to 0. Update RELEASE file for 0.7.8 update year to 2013 oggdec: make sure the private parse data is cleaned up indeo5: update AVCodecContext width/height on size change doc: filters: Correct BNF FILTER description Conflicts: RELEASE Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:17:10 +02:00
Michael Niedermayer	dc61d44842	mpegts: only reopen pmt_cb filter if its different from the previous. Fixes Ticket2632 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b009267910df10c004b5f340a090d45da29089a0)	2013-07-07 19:08:47 +02:00
Michael Niedermayer	c997dcd38b	mpegts: only reopen pmt_cb filter if its different from the previous. Fixes Ticket2632 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b009267910df10c004b5f340a090d45da29089a0)	2013-07-07 19:06:16 +02:00
Carl Eugen Hoyos	dba1211a3e	Autodetect idcin only if audio properties allow decoding. Fixes ticket #2688. (cherry picked from commit 06bede95fcea47d2e51e8ff248c15311f335b898)	2013-06-19 23:50:59 +02:00
Carl Eugen Hoyos	2a1bebfc83	Autodetect idcin only if audio properties allow decoding. Fixes ticket #2688. (cherry picked from commit 06bede95fcea47d2e51e8ff248c15311f335b898)	2013-06-19 23:50:09 +02:00
Luca Barbato	053c19cd88	oggdec: fix faulty cleanup prototype (cherry picked from commit fba8e5b608577fc660989d0057a55818254a3744) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 20:05:53 +02:00
Kostya Shishkov	f844cb9bce	iff: validate CMAP palette size Fixes CVE-2013-2495 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Luca Barbato <lu_zero@gentoo.org> CC: libav-stable@libav.org (cherry picked from commit 50c449ac24fbb4c03c15d2e2026cef2204b80385) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 31a77177ff323ef83944c60a8654891213ab6691) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 20:05:52 +02:00
Anton Khirnov	76c97f1963	lavf: make sure stream probe data gets freed. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit dbb1425811a672eddf4acf0513237cdf20f83756) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 20:05:52 +02:00
Xi Wang	f8d3bb8961	flacdec: simplify bounds checking in flac_probe() Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'. Avoid a possible out-of-bounds pointer, which is undefined behavior in C. CC: libav-stable@libav.org Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 8425d693eefbedbb41f91735614d41067695aa37)	2013-05-09 11:29:05 +02:00
Mans Rullgard	c65763a2c6	lavf: fix arithmetic overflows in avformat_seek_file() The values compared here can be more than INT64_MAX apart. Since the difference is always positive, converting to uint64_t before subtracting gives the correct result without overflows. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 91ac403b1316d59b4f43c4ea0f237e24cec2819a) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-05-09 11:29:05 +02:00
Luca Barbato	5bfa208e65	matroskadec: request a read buffer for the wav header Solve an infiniloop. CC: libav-stable@libav.org (cherry picked from commit 37cb3b180a1dc3d6f123f68e0806585ebc2578b6) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-05-09 11:20:11 +02:00
Luca Barbato	ee6b868ac8	oggdec: make sure the private parse data is cleaned up Related to CVE-2012-2882 (cherry picked from commit d894f74762bc95310ba23f804b7ba8dffc8f6646) Conflicts: libavformat/oggdec.h libavformat/oggparsevorbis.c (cherry picked from commit b0240165d93d4a08d15d244953219a4d4e725d3f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 11:20:10 +02:00
Paul B Mahol	8c5140df2b	smacker: fix off by one error Regression since a93b572ae4f517ce0c35cf085167c318e9215908. Fixes #2426. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit e3cc92a623a6ece42816c7a692c8815688a99ab0)	2013-04-03 15:17:59 +02:00
Paul B Mahol	537c173853	smacker: fix off by one error Regression since a93b572ae4f517ce0c35cf085167c318e9215908. Fixes #2426. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit e3cc92a623a6ece42816c7a692c8815688a99ab0)	2013-04-03 15:17:54 +02:00
Michael Niedermayer	7378101d41	Merge branch 'release/0.8' into release/0.7 * release/0.8: (92 commits) Update for 0.8.13 pngdec/filter: dont access out of array elements at the end aacdec: check channel count vqavideo: check chunk sizes before reading chunks eamad: fix out of array accesses roqvideodec: check dimensions validity qdm2: check array index before use, fix out of array accesses alsdec: check block length huffyuvdec: Skip len==0 cases huffyuvdec: Check init_vlc() return codes. Update changelog for 0.7.7 release mpeg12: do not decode extradata more than once. indeo4/5: check empty tile size in decode_mb_info(). dfa: improve boundary checks in decode_dds1() indeo5dec: Make sure we have had a valid gop header. rv34: error out on size changes with frame threading rtmp: fix buffer overflows in ff_amf_tag_contents() rtmp: fix multiple broken overflow checks Revert "h264: allow cropping to AVCodecContext.width/height" h264: check ref_count validity for num_ref_idx_active_override_flag ... Conflicts: Doxyfile RELEASE VERSION libavcodec/rv34.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-02-18 00:56:01 +01:00
Xi Wang	b59ee5dcf1	rtmp: fix buffer overflows in ff_amf_tag_contents() A negative `size' will bypass FFMIN(). In the subsequent memcpy() call, `size' will be considered as a large positive value, leading to a buffer overflow. Change the type of `size' to unsigned int to avoid buffer overflow, and simplify overflow checks accordingly. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4e692374f7962ea358c329de38c380103f8991b6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-23 05:55:20 +01:00
Xi Wang	e163d884ef	rtmp: fix multiple broken overflow checks Sanity checks like `data + size >= data_end \|\| data + size < data' are broken, because `data + size < data' assumes pointer overflow, which is undefined behavior in C. Many compilers such as gcc/clang optimize such checks away. Use `size < 0 \|\| size >= data_end - data' instead. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 902cfe2f74d777a7dc20ac68f2393b9f84b790c1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-23 05:55:19 +01:00
Michael Niedermayer	685321e4bd	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: h264: check ref_count validity for num_ref_idx_active_override_flag h264: check context state before decoding slice data partitions oggdec: free the ogg streams on read_header failure oggdec: check memory allocation Fix uninitialized reads on malformed ogg files. rtsp: Recheck the reordering queue if getting a new packet alacdec: do not be too strict about the extradata size h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles h264: check sps.log2_max_frame_num for validity ppc: always use pic for shared libraries h264: enable low delay only if no delayed frames were seen lavf: avoid integer overflow in ff_compute_frame_duration() Conflicts: libavformat/oggdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-17 03:16:46 +01:00
Michael Niedermayer	3f1a58db6f	Merge commit 'b143844ea0f6246e0d5a938d743e2e8a98453bec' into release/0.8 * commit 'b143844ea0f6246e0d5a938d743e2e8a98453bec': (22 commits) aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN. vp6: properly fail on unsupported feature h264: Fix parameters to ff_er_add_slice() call flacenc: ensure the order is within the min/max range in LPC order search yuv4mpeg: reject unsupported codecs vp8: reset loopfilter delta values at keyframes. vp56: release frames on error vp56: make parse_header return standard error codes ivi_common: check that scan pattern is set before using it. Update RELEASE file for 0.7.7 tiffenc: Check av_malloc() results. mpegaudiodec: fix short_start calculation h264: avoid stuck buffer pointer in decode_nal_units yuv4mpeg: return proper error codes. smacker audio: sign-extend the initial 16-bit predicted value vf_pad: don't give up its own reference to the output buffer. avidec: return 0, not packet size from read_packet(). wmapro: prevent division by zero when sample rate is unspecified alsdec: fix number of decoded samples in first sub-block in BGMC mode. alsdec: remove dead assignments ... Conflicts: RELEASE libavformat/avidec.c libavformat/yuv4mpeg.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-17 03:03:39 +01:00
Michael Niedermayer	597d709eb4	Merge commit 'aa45b90804ab21175b8c116bd8e5eb4b4e85fbcb' into release/0.8 * commit 'aa45b90804ab21175b8c116bd8e5eb4b4e85fbcb': (22 commits) alsdec: Check k used for rice decoder. cavsdec: check for changing w/h. avidec: use actually read size instead of requested size wmaprodec: check num_vec_coeffs for validity lagarith: check count before writing zeros. indeo5: check tile size in decode_mb_info(). indeo5: prevent null pointer dereference on broken files indeo: check for invalid motion vectors indeo: clear allocated band buffers indeo: check custom Huffman tables for errors dfa: add some checks to ensure that decoder won't write past frame end dfa: check that the caller set width/height properly. bytestream: add a new set of bytestream functions with overread checking avsdec: Set dimensions instead of relying on the demuxer. lavfi: avfilter_merge_formats: handle case where inputs are same rv34: use AVERROR return values in ff_rv34_decode_frame() h263: Add ff_ prefix to nonstatic symbols eval: fix swapping of lt() and lte() bmpdec: only initialize palette for pal8. vc1dec: add flush function for WMV9 and VC-1 decoders ... Conflicts: libavcodec/avs.c libavcodec/mpegvideo_enc.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-17 02:56:12 +01:00
Reinhard Tartler	3bc9cfe66e	oggdec: free the ogg streams on read_header failure Plug an annoying memory leak on broken files. (cherry picked from commit 89b51b570daa80e6e3790fcd449fe61fc5574e07) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 42bd6d9cf681306d14c92af97a40116fe4eb2522) Conflicts: libavformat/oggdec.c Conflicts: libavformat/oggdec.c	2013-01-12 19:36:27 +01:00
Luca Barbato	910c1f2352	oggdec: check memory allocation (cherry picked from commit ba064ebe48376e199f353ef0b335ed8a39c638c5) Conflicts: libavformat/oggdec.c	2013-01-12 19:34:40 +01:00
Dale Curtis	55065315ca	Fix uninitialized reads on malformed ogg files. The ogg decoder wasn't padding the input buffer with the appropriate FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in various pieces of parsing code when they thought they had more data than they actually did. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit ef0d779706c77ca9007527bd8d41e9400682f4e4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:34:40 +01:00
Martin Storsjö	8081879655	rtsp: Recheck the reordering queue if getting a new packet If we timed out and consumed a packet from the reordering queue, but didn't return a packet to the caller, recheck the queue status. Otherwise, we could end up in an infinite loop, trying to consume a queued packet that has already been consumed. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 8729698d50739524665090e083d1bfdf28235724) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:34:40 +01:00
Janne Grunau	10ff052c60	lavf: avoid integer overflow in ff_compute_frame_duration() Scaling the denominator instead of the numerator if it is too large loses precision. Fixes an assert caused by a negative frame duration in the fuzzed sample nasa-8s2.ts_s202310. CC: libav-stable@libav.org (cherry picked from commit 7709ce029a7bc101b9ac1ceee607cda10dcb89dc) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:27:42 +01:00
Luca Barbato	f3f22f183f	yuv4mpeg: reject unsupported codecs The muxer already rejects unsupported pixel formats, reject also unsupported codecs to prevent dangerous misuses. (cherry picked from commit 424b1e764263b1493de4c34365ef367ddae856db) Conflicts: libavformat/yuv4mpeg.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:20:27 +01:00
Anton Khirnov	5754176b5b	yuv4mpeg: return proper error codes. Fixes Bug 373. CC:libav-stable@libav.org (cherry picked from commit d3a72becc6371563185a509b94f5daf32ddbb485) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-04 07:43:38 +01:00
Anton Khirnov	562d6fd5b5	avidec: return 0, not packet size from read_packet(). (cherry picked from commit eeade678f0a2bac127aeed2fb68d8717a6463420) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2013-01-04 07:43:38 +01:00
Anton Khirnov	05f5a2eb62	avidec: use actually read size instead of requested size Fixes CVE-2012-2788 (cherry picked from commit 0af49a63c7f87876486ab09482d5b26b95abce60) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-04 07:43:37 +01:00
Michael Niedermayer	e28814e0e1	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: vorbis: Validate that the floor 1 X values contain no duplicates. vorbisenc: check all allocations for failure lavfi: avfilter_merge_formats: handle case where inputs are same alsdec: check opt_order. lavf: don't segfault when a NULL filename is passed to avformat_open_input() mpegvideo: Don't use ff_mspel_motion() for vc1 imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt nuv: check RTjpeg header for validity vc1dec: add flush function for WMV9 and VC-1 decoders ffmpeg: fix -force_key_frames mov: set AVCodecContext.width/height for h264 h264: allow cropping to AVCodecContext.width/height Conflicts: libavcodec/mpegvideo_common.h libavcodec/nuv.c libavcodec/vorbisenc.c libavfilter/formats.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-10-16 17:57:12 +02:00
Anton Khirnov	77d43bf42d	lavf: don't segfault when a NULL filename is passed to avformat_open_input() This can easily happen when the caller is using a custom AVIOContext. Behave as if the filename was an empty string in this case. CC: libav-stable@libav.org (cherry picked from commit a5db8e4a1a5449cc7a61e963c9fa698a4f22131b) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 7124fa5d3640e5b8089dd13b22a09038b2ec5216) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 09:40:46 +02:00
Carl Eugen Hoyos	3ed505863b	Fix muxing mjpeg in swf. (cherry picked from commit 7680d99b4302e476076cc1b8f2567f47c2aaef4d)	2012-09-13 09:23:05 +02:00

1 2 3 4 5 ...

8155 Commits