Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 282bb02839b1ce73963c8e3ee46804f1ade8b12a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3eedf9f716733b3b4c5205726d2c1ca52b3d3d78)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket780
Bug Found by: cosminamironesei
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket758
Bug found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7fff64e00d886fde11d61958888c82b461cf99b9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket760 and Ticket761
Bug Found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 944f5b2779e4aa63f7624df6cd4de832a53db81b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket776
Bug found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1f99939a6361e2e6d6788494dd7c682b051c6c34)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5257743aee0c3982f0079e6553aabc6aa39401d2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
Update Changelog for 0.7.4 release
Update RELEASE file for 0.7.4
swscale: fix crash in fast_bilinear code when compiled with -mred-zone.
vorbis: An additional defense in the Vorbis codec.
vorbisdec: Fix decoding bug with channel handling
Conflicts:
Changelog
RELEASE
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
vorbis: Avoid some out-of-bounds reads
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f)
avserver: Fix a bug where the socket is IPv4, but IPv6 is autoselected for the loopback address.
vp3: fix streams with non-zero last coefficient
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes a regression introduced in 8b94df0f2047e972.
(cherry picked from commit 9b4767e4784577f3107730316fe652ccaccd9b3a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This merge is primary for metadata, theres little actually changed
except cosmetics
* qatar/release/0.7:
4xm: Add a check in decode_i_frame to prevent buffer overreads
wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits.
Update RELEASE file for 0.7.3
swscale: #include "libavutil/mathematics.h"
vp3dec: Check coefficient index in vp3_dequant()
svq1dec: call avcodec_set_dimensions() after dimensions changed.
swscale: Readd #define _SVID_SOURCE
Conflicts:
RELEASE
libavcodec/4xm.c
libavcodec/vp3.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The initial values are not checked against the number of block sizes.
Initializing them to frame_len_bits will result in a block size index of 0
in these cases instead of something that might be out-of-range.
Fixes Bug 81.
(cherry picked from commit 05d1e45d1f42cc90d1f2f36c546d0096cea126a8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes NGS00145, CVE-2011-4352
Found-by: Phillip Langlois
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 8b94df0f2047e9728cb872adc9e64557b7a5152f)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
to synchronize the first/second field state independant of them being reference or not.
Fixes Ticket354
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 545ec935a4b4e0f032ebd975907b41f6fe4465c9)
Found with Address Sanitizer
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
It prevents leaving the state only half initialized.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit a72cad0a6c05aa74940101e937cb3dc602d7d67b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fixes NGS00144
This also adds a few lines of code from master that are needed for this fix.
Thanks to Phillip for suggestions to improve the patch.
Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket312
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 833a195905405fc9646c7544ce9d0f3279608977)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket655
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 50d6f8195658d529c57bb42dfd8d7a71d60a9f1d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
Conflicts:
doc/APIchanges
libavcodec/utils.c
libavcodec/version.h
libavformat/avformat.h
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 1d36fb13b088f55ece155153fb6ca8ea278fc837)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Adds support for decoder-private options and makes setting other options
simpler.
(cherry picked from commit 0b950fe240936fa48fd41204bcfd04f35bbf39c3)
Conflicts:
libavcodec/avcodec.h
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This is neccessary but likely not sufficient to prevent out of array reads.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 14db3af4f26dad8e6ddf2147e96ccc710952ad4d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cea0c82d9b9771dfa2ac729c13c0d9e03ea352a7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket240
Based on patch by ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 20431a9982b9bd2c475042d919890a941ad70c71)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
FFmpeg does not support gray16a.
Fixes the crash in ticket #644.
(cherry picked from commit 0c5fd6372e6c257912d7ae64cbfc4d8541f0452f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 554caed2d397e137286f2cc71c6bac477b41fa96)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with Address Sanitizer
(cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with Address Sanitizer
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
There were multiple issues, for example might we have to re-run
the decompression when the size of the buffer increased,
we should always use a decompression buffer large enough for
the header (so we do not get stuck when the size is too small).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
