ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	ef0c89e969	Merge branch 'release/0.8' into release/0.7 * release/0.8: (22 commits) Update Changelog for 0.7.3 release 4xm: Add a check in decode_i_frame to prevent buffer overreads wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. Update RELEASE file for 0.7.3 swscale: #include "libavutil/mathematics.h" vp3dec: Check coefficient index in vp3_dequant() svq1dec: call avcodec_set_dimensions() after dimensions changed. mpegtsenc: fix handling of large audio packets (sorry i have no sample, just a user report) h264: Use mismatching frame numbers in fields swscale: Readd #define _SVID_SOURCE vp6: Fix illegal read. vp6: Fix illegal read. vp6: Reset the internal state when aborting key frames header parsing vp6: Check for huffman tree build errors vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling imgutils: Fix illegal read. qdm2: check output buffer size before decoding Fix out of bound reads in the QDM2 decoder. Check for out of bound writes in the QDM2 decoder. vmd: fix segfaults on corruped streams ... Conflicts: Doxyfile RELEASE VERSION Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-25 19:57:17 +01:00
Michael Niedermayer	df825c956a	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 This merge is primary for metadata, theres little actually changed except cosmetics * qatar/release/0.7: 4xm: Add a check in decode_i_frame to prevent buffer overreads wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. Update RELEASE file for 0.7.3 swscale: #include "libavutil/mathematics.h" vp3dec: Check coefficient index in vp3_dequant() svq1dec: call avcodec_set_dimensions() after dimensions changed. swscale: Readd #define _SVID_SOURCE Conflicts: RELEASE libavcodec/4xm.c libavcodec/vp3.c libswscale/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-12-24 01:41:43 +01:00
Shitiz Garg	d912a30c7d	4xm: Add a check in decode_i_frame to prevent buffer overreads Fixes bugzilla #135 Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 355d917c0bd8163a3f1c7d4a6866dac749efdb84) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 22:27:02 +01:00
Justin Ruggles	8dba5608dc	wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. The initial values are not checked against the number of block sizes. Initializing them to frame_len_bits will result in a block size index of 0 in these cases instead of something that might be out-of-range. Fixes Bug 81. (cherry picked from commit 05d1e45d1f42cc90d1f2f36c546d0096cea126a8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 22:27:02 +01:00
Reinhard Tartler	bba709214a	vp3dec: Check coefficient index in vp3_dequant() Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes NGS00145, CVE-2011-4352 Found-by: Phillip Langlois Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 8b94df0f2047e9728cb872adc9e64557b7a5152f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:56:01 +01:00
Michael Niedermayer	0eca0da06e	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6e24b9488e67849a28e64a8056e05f83cf439229) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-23 15:55:38 +01:00
Michael Niedermayer	ba5bb0562b	h264: Use mismatching frame numbers in fields to synchronize the first/second field state independant of them being reference or not. Fixes Ticket354 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 545ec935a4b4e0f032ebd975907b41f6fe4465c9)	2011-12-06 23:39:42 +01:00
Michael Niedermayer	1550c0885d	h264: Use mismatching frame numbers in fields to synchronize the first/second field state independant of them being reference or not. Fixes Ticket354 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 545ec935a4b4e0f032ebd975907b41f6fe4465c9)	2011-12-06 23:31:39 +01:00
Thierry Foucu	ba4b08b789	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:21:09 +01:00
Alex Converse	67a7ed623b	vp6: Fix illegal read. (cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:49 +01:00
Laurent Aimar	c76505e0de	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit a72cad0a6c05aa74940101e937cb3dc602d7d67b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:28 +01:00
Laurent Aimar	30c08e2261	vp6: Check for huffman tree build errors Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 066fff755a5d8edc660c010ddb08474d208eeade) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:20:10 +01:00
Dustin Brody	7367cbec1b	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 09:19:29 +01:00
Justin Ruggles	7347205351	qdm2: check output buffer size before decoding (cherry picked from commit 7d49f79f1cd47783a963a757a6563b9cac29db62) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 08:55:55 +01:00
Laurent Aimar	0d93d5c461	Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 08:55:55 +01:00
Laurent Aimar	a31ccacb1a	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 291d74a46d32183653db07818c7b3407fd50a288) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-04 08:44:09 +01:00
Laurent Aimar	494cfacdb9	vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-03 21:07:07 +01:00
Sergiy Gur'yev	4f58d8ebc1	Fix adts format creation in aac+ encoder modified: libavcodec/libaacplus.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 32ed7da1350e551ec005b75e482da74f2e93fbb9)	2011-11-24 14:53:04 +01:00
Sergiy Gur'yev	47b5fabd6a	Fix adts format creation in aac+ encoder modified: libavcodec/libaacplus.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 32ed7da1350e551ec005b75e482da74f2e93fbb9)	2011-11-24 14:48:03 +01:00
Michael Niedermayer	a12dec4699	Merge branch 'release/0.8' into release/0.7 * release/0.8: (31 commits) svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148 vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145 qdm2dec: fix buffer overflow. Fixes NGS00144 h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312 mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655 imgutils: Fix illegal read. ac3probe: Detect Sonic Foundry Soft Encode AC3 as raw AC3. Our ac3 code chain can handle it fine. More ideal would be to write a demuxer that actually extracts what can be from the additional headers and uses it for whatever it can be used for. mjpeg: support mpo Fixes stereoscopic_photo.mpo Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info. lavf: fix multiplication overflow in avformat_find_stream_info() lavf: fix invalid reads in avformat_find_stream_info() lavf: add avformat_find_stream_info() lavc: fix parentheses placement in avcodec_open2(). lavc: introduce avcodec_open2() as a replacement for avcodec_open(). rawdec: use a default sample rate if none is specified. Fixes "ffmpeg -f s16le -i /dev/zero" rawdec: add check on sample_rate qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads. cinepak: check strip_size wma: Check channel number before init. Fixes Ticket240 Do not try to read 16bit gray png files with alpha channel. ... Conflicts: libavcodec/version.h libavformat/version.h Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-21 19:41:08 +01:00
Michael Niedermayer	661ee45f88	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4931c8f0f10bf8dedcf626104a6b85bfefadc6f2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-21 18:31:30 +01:00
Michael Niedermayer	fa5292d9d4	vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit eef5c35b4352ec49ca41f6198bee8a976b1f81e5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-21 18:31:23 +01:00
Michael Niedermayer	a6a61a6d1d	qdm2dec: fix buffer overflow. Fixes NGS00144 This also adds a few lines of code from master that are needed for this fix. Thanks to Phillip for suggestions to improve the patch. Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-21 18:29:17 +01:00
Michael Niedermayer	b8fc301769	h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 833a195905405fc9646c7544ce9d0f3279608977) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-21 16:48:40 +01:00
Michael Niedermayer	9b667da05d	mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 50d6f8195658d529c57bb42dfd8d7a71d60a9f1d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-21 16:48:25 +01:00
Michael Niedermayer	14d4eee547	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info. lavf: fix multiplication overflow in avformat_find_stream_info() lavf: fix invalid reads in avformat_find_stream_info() lavf: add avformat_find_stream_info() lavc: fix parentheses placement in avcodec_open2(). lavc: introduce avcodec_open2() as a replacement for avcodec_open(). Conflicts: doc/APIchanges libavcodec/utils.c libavcodec/version.h libavformat/avformat.h libavformat/version.h Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-20 03:27:50 +01:00
Anton Khirnov	07624cfeaa	Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.	2011-11-19 10:22:27 +01:00
Baptiste Coudurier	23f0d0f16b	lavc: fix parentheses placement in avcodec_open2(). Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 1d36fb13b088f55ece155153fb6ca8ea278fc837) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2011-11-19 10:22:27 +01:00
Anton Khirnov	47953c33ea	lavc: introduce avcodec_open2() as a replacement for avcodec_open(). Adds support for decoder-private options and makes setting other options simpler. (cherry picked from commit 0b950fe240936fa48fd41204bcfd04f35bbf39c3) Conflicts: libavcodec/avcodec.h Signed-off-by: Anton Khirnov <anton@khirnov.net>	2011-11-19 10:22:26 +01:00
Michael Niedermayer	8120a1d9bd	qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 14db3af4f26dad8e6ddf2147e96ccc710952ad4d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-18 21:05:12 +01:00
Michael Niedermayer	211a107208	cinepak: check strip_size Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cea0c82d9b9771dfa2ac729c13c0d9e03ea352a7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-18 21:05:12 +01:00
Michael Niedermayer	fdd09e5d7b	wma: Check channel number before init. Fixes Ticket240 Based on patch by ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 20431a9982b9bd2c475042d919890a941ad70c71) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-18 21:05:12 +01:00
Carl Eugen Hoyos	00d35e82b2	Do not try to read 16bit gray png files with alpha channel. FFmpeg does not support gray16a. Fixes the crash in ticket #644. (cherry picked from commit 0c5fd6372e6c257912d7ae64cbfc4d8541f0452f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-18 21:05:12 +01:00
K.Y.H	807342e1cf	cook: fix apparent typo in extradata parsing Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 554caed2d397e137286f2cc71c6bac477b41fa96) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-18 21:05:12 +01:00
Alex Converse	f62fa1ce9f	vp5: Fix illegal read. Found with Address Sanitizer (cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-18 14:29:52 +01:00
Thierry Foucu	8a63deab15	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-18 14:29:52 +01:00
Reimar Döffinger	3970d4e728	nuv: Fix combination of size changes and LZO compression. There were multiple issues, for example might we have to re-run the decompression when the size of the buffer increased, we should always use a decompression buffer large enough for the header (so we do not get stuck when the size is too small). Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>	2011-11-08 20:38:31 +01:00
Reimar Döffinger	d58c5586ec	nuv: Fix combination of size changes and LZO compression. There were multiple issues, for example might we have to re-run the decompression when the size of the buffer increased, we should always use a decompression buffer large enough for the header (so we do not get stuck when the size is too small). Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>	2011-11-08 19:48:14 +01:00
Michael Niedermayer	3e17543491	Merge branch 'release/0.8' into release/0.7 * release/0.8: (96 commits) Version numbers for 0.8.6 snow: emu edge support Fixes Ticket592 imc: validate channel count imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263) libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf) configure: fix arch x86_32 mp3enc: avoid truncating id3v1 tags by one byte asfdec: Check packet_replic_size earlier cin audio: validate the channel count binkaudio: add some buffer overread checks. atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872) atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e) vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) apedec: set s->currentframeblocks after validating nblocks apedec: use unsigned int for 'nblocks' and make sure that it's within int range apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d7486e879926488404b3b79af774f0f2d) apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313d11b37772c05a28da20fbc112db478) mpegaudiodec: check output data size based on avctx->frame_size resample: Fix array size resample2: fix potential overflow ... Conflicts: Doxyfile RELEASE VERSION Merged-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 20:20:37 +01:00
Michael Niedermayer	c4a34f4025	snow: emu edge support Fixes Ticket592 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4416931fc069332e267ab6df037a1227c051d7b1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 13:36:28 +01:00
Justin Ruggles	cba03dc667	imc: validate channel count ask for a sample if not mono (cherry picked from commit 7b7f47e73356d113cace74b922eee0b6ff5ffe0b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 13:34:42 +01:00
Justin Ruggles	5a3f494466	imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 13:34:35 +01:00
Justin Ruggles	112431705d	libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 13:33:38 +01:00
Justin Ruggles	711e6c947b	cin audio: validate the channel count Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 13:32:18 +01:00
Justin Ruggles	8491677ab6	binkaudio: add some buffer overread checks. This stops decoding before overreads instead of after. (cherry picked from commit 101ef19ef4dc9f5c3d536aee8fcc10fff2af4d9e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 13:31:15 +01:00
Justin Ruggles	f98bb0d3ec	atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 03:40:42 +01:00
Justin Ruggles	346e089d25	atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 03:40:35 +01:00
Ronald S. Bultje	0ac6777a34	vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 03:37:06 +01:00
Justin Ruggles	ae2d3d6be0	apedec: set s->currentframeblocks after validating nblocks	2011-11-04 03:32:39 +01:00
Justin Ruggles	998fc04bcf	apedec: use unsigned int for 'nblocks' and make sure that it's within int range Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2011-11-04 03:30:44 +01:00

1 2 3 4 5 ...

14796 Commits