ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	4169912f39	Update for 0.8.11 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> n0.8.11	2012-04-09 18:50:08 +02:00
Michael Niedermayer	3b18d820cc	Changelog, delete, its too inaccurate, git log is better. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-09 17:53:17 +02:00
Michael Niedermayer	c9d12a4692	pngenc: Fix incorrect mask used for interlaced mode. Fixes Ticket1109 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 15db6a959057b92245a384909ec7d413d5c16461) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-09 15:39:02 +02:00
Michael Niedermayer	7ca2ed716d	dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-09 15:37:55 +02:00
Michael Niedermayer	4f85e7b6ec	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update changelog for 0.7.5 release Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-08 21:08:46 +02:00
ami_stuff	10848d0862	Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Fixes an AAC decoding issue with the sample from ticket #213 on machines with SSE but without SSE2. Based on 89411a by Reimar. (cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928)	2012-04-04 09:14:46 +02:00
Michael Niedermayer	b6cc1c77fd	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: (84 commits) id3v2: fix skipping extended header in id3v2.4 Update RELEASE file for 0.7.5 lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN kgv1dec: Increase offsets array size so it is large enough. kgv1: use avctx->get/release_buffer(). kvmc: fix invalid reads nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). mjpegbdec: Fix overflow in SOS. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) atrac3: Fix crash in tonal component decoding. ws_snd1: Fix wrong samples count and crash. ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4) ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 h264: stricter reference limit enforcement. jvdec: unbreak video decoding xxan: don't read before start of buffer in av_memcpy_backptr(). dsicinvideo: validate buffer offset before copying pixels. huffyuv: add padding to classic (v1) huffman tables. ... Conflicts: RELEASE libavcodec/atrac3.c libavcodec/h264.c libavcodec/h264_parser.c libavcodec/kgv1dec.c libavcodec/shorten.c libavcodec/svq3.c libavcodec/ws-snd1.c libavcodec/xxan.c libswscale/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-02 01:25:31 +02:00
Reinhard Tartler	808686375d	Update changelog for 0.7.5 release	2012-04-01 22:47:53 +02:00
Anton Khirnov	bc5d86d23d	id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-04-01 19:20:50 +02:00
Reinhard Tartler	1687c55e24	Update RELEASE file for 0.7.5	2012-04-01 19:08:06 +02:00
Reinhard Tartler	fd53da21a1	lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN While bogus, this change avoids the necessity to backport AVERROR_UNKNOWN, which is not entirely trivial. Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:30 +02:00
Michael Niedermayer	a0b65938b7	kgv1dec: Increase offsets array size so it is large enough. Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit a02e8df973f5478ec82f4c507f5b5b191a5ecb6b) (cherry picked from commit d5f2382d0389ed47a566ea536887af908bf9b14f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	cb8a17ddac	kgv1: use avctx->get/release_buffer(). Also fixes crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 33cd32b389864f2437c94e6fd7dc109ff5f0ed06) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit e537dc230b2e123be8aebdaeee5a7d7787328b0b) Conflicts: libavcodec/kgv1dec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Gaurav Narula	24eabc53ba	kvmc: fix invalid reads Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit ad3161ec1d70291efcf40121d703ef73c0b08e5b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Diego Biurrun	6fe5038753	nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). This eliminates a warning about a set-but-unused variable. (cherry picked from commit 35fa0d47585cef28cd8191dccf0607d90c7667a6) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Alex Converse	6ae95a0b93	mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 083a8a00373b12dc06b8ae4c49eec61fb5e55f4b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Michael Niedermayer	96ed18cab1	shorten: Use separate pointers for the allocated memory for decoded samples. Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6fc3287b9ccece290c5881b92948772bbf72e68c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Justin Ruggles	a207a2fecc	shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Michael Niedermayer	f728ad26f0	atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f43b6e2b1ed47a1254a5d44c700a7fad5e9784be) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Michael Niedermayer	e676bbb8cf	ws_snd1: Fix wrong samples count and crash. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9fb7a5af97d8c084c3af2566070d09eae0ab49fc) Addresses CVE-2012-0848 Reviewed-by: Justin Ruggles <justin.ruggles@gmail.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 697a45d861b7cd6a96718383a44f41348487f844) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Justin Ruggles	847c7cd0c8	ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Justin Ruggles	137007b5bf	ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. 8-bit unsigned is the native sample format. (cherry picked from commit 2322ced8da990835717a176b8d2c32961cfecd3e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Kostya Shishkov	90db3c435e	dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	8b819fd9d3	h264: stricter reference limit enforcement. Progressive images can have only 16 references, error out if there are more, since the data is almost certainly corrupt, and the invalid value will lead to random crashes or invalid writes later on. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e0febda22d0e0fab094a9c886b0e0f0f662df1ef) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Paul B Mahol	81c5b4ddcb	jvdec: unbreak video decoding The safe bitstream reader broke it since the buffer size was specified in bytes instead of bits. Signed-off-by: Janne Grunau <janne-libav@jannau.net> CC: libav-stable@libav.org (cherry picked from commit a1c036e961a32f7208e7315dabfa0ee99d779edb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	5ae49ddaa4	xxan: don't read before start of buffer in av_memcpy_backptr(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit f1279e286b00e99f343adb51e251f036a3df6f32) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	311361348d	dsicinvideo: validate buffer offset before copying pixels. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c95fefa0420be9cc0f09a95041acf11114aaacd0) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	99536be9d4	huffyuv: add padding to classic (v1) huffman tables. We slightly overread the input buffer, so we require padding at the end of the buffer, as is documented in the get_bits API. Without padding, we'll read uninitialized data or beyond the end of the .rodata, which may crash. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 4ffe5e2aa5241f8da9afd2c8fbc854dcc916c5f9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Alex Converse	bbe316dfb4	tiffdec: Prevent illegal memory access caused by recycled pointers. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit fd0be63049ed46660993d0550a4f0847a0b942ea) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	b4a223fd19	wma: fix off-by-one in array bounds check. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b4bccf3e4e58f6fe58043791ca09db01a4343fac) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	4924520513	raw: move buffer size check up. This way, it protects against overreads for 4bpp/2bpp content also. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cc5dd632cecc5114717d0b90f8c2be162b1c6ee8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	f2e412d050	smacker: error out if palette copy-with-offset overruns palette size. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a93b572ae4f517ce0c35cf085167c318e9215908) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Ronald S. Bultje	6dfe865aed	svq3: protect against negative quantizers. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 11b940a1a8e7e5d5b212935a3ce78aeda577f5f2) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	853ce33dbc	mov: Add more HDV and XDCAM FourCCs. Reference: VLC (cherry picked from commit b142496c5630b9bc88fb9eaccae7f6bd62fb23e7) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	5015ada0ec	mov: Add support for MPEG2 HDV 720p24 (hdv4) (cherry picked from commit 0ad522afb3a3b3d22402ecb82dd4609f7655031b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Michael Niedermayer	4be63587e1	h263dec: Disallow width/height changing with frame threads. Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba) Conflicts: libavcodec/h263dec.c Signed-off-by: Alex Converse <alex.converse@gmail.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	a642953b0f	tiff: Make the TIFF_LONG and TIFF_SHORT types unsigned. TIFF v6.0 (unimplemented) adds signed equivalents. (cherry picked from commit e32548d1331ce05a054f1028fcdda8823a4f215a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	f5ce67d837	svq3: Prevent illegal reads while parsing extradata. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 9e1db721c4329f4ac166a0bcc002c8d75f831aba) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	b0888b8a48	dv: Fix small overread in audio frequency table. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 0ab3687924457cb4fd81897bd39ab3cc5b699588) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Mans Rullgard	2c199cb253	ac3: Do not read past the end of ff_ac3_band_start_tab. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 034b03e7a0e8e4f8f66c82b736f2c0aa7c063ec0) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	00fa6ffe1a	dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Michael Niedermayer	44e182d41e	dv: Fix null pointer dereference due to ach=0 dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Michael Niedermayer	bb737d381f	dv: check stype dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	0100c4b1b0	nsvdec: Propagate errors Related to CVE-2011-3940. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5) Conflicts: libavformat/nsvdec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	be524c186b	nsvdec: Be more careful with av_malloc(). Check results for av_malloc() and fix an overflow in one call. Related to CVE-2011-3940. Based in part on work from Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Michael Niedermayer	65beb8c117	nsvdec: Fix use of uninitialized streams. Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write) Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 6a89b41d9780325ba6d89a37f2aeb925aa68e6a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Fabian Greffrath	f375e19f37	Fix format string vulnerability detected by -Wformat-security. Signed-off-by: Diego Biurrun <diego@biurrun.de> (cherry picked from commit c9dbac36ad4bac07f6c1d06d465e361ab55bcb95) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Ronald S. Bultje	54e947273c	h264: fix mmxext chroma deblock to use correct TC values. (cherry picked from commit b0c4f04338234ee011d7b704621347ef232294fe) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Ronald S. Bultje	e3e05963c1	cscd: use negative error values to indicate decode_init() failures. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8a9faf33f2b4f40afbc3393b2be49867cea0c92d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Ronald S. Bultje	bd37b95383	h264: prevent overreads in intra PCM decoding. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d1604b3de96575195b219028e2c4f08b2259aa7d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00

1 2 3 4 5 ...

31752 Commits