ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	1b05b0005b	matroska_read_seek: Fix used streams for subtitle index compensation Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4758e32a6c48044f77102a49110c79b4f338f648) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-10-06 03:13:28 +02:00
Michael Niedermayer	9b0736c08a	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update changelog for 0.7.8 release aac: check the maximum number of channels oggdec: fix faulty cleanup prototype qdm2: check that the FFT size is a power of 2 rv10: check that extradata is large enough lavf: make sure stream probe data gets freed. dfa: check for invalid access in decode_wdlt(). avfiltergraph: check for sws opts being non-NULL before using them. Conflicts: Changelog libavformat/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:43:33 +02:00
Michael Niedermayer	70a1182a48	Merge commit 'f844cb9bced3148fca2db5bbb092929526108005' into release/0.8 * commit 'f844cb9bced3148fca2db5bbb092929526108005': iff: validate CMAP palette size wmaprodec: require block_align to be set. lzo: fix overflow checking in copy_backptr() flacdec: simplify bounds checking in flac_probe() atrac3: avoid oversized shifting in decode_bytes() lavf: fix arithmetic overflows in avformat_seek_file() Conflicts: libavformat/iff.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:36:39 +02:00
Michael Niedermayer	0a41da3e9d	Merge commit 'd785f6940144eb6ce4c24309ed034056b81395bc' into release/0.8 * commit 'd785f6940144eb6ce4c24309ed034056b81395bc': shorten: validate that the channel count in the header is not <= 0 matroskadec: request a read buffer for the wav header h264: check for luma and chroma bit depth being equal xxan: fix invalid memory access in xan_decode_frame_type0() wmadec: require block_align to be set. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:22:53 +02:00
Michael Niedermayer	afe09e490a	Merge commit '5025dbc577c9a9e0109cb363ac630a9eeda6dc1d' into release/0.8 * commit '5025dbc577c9a9e0109cb363ac630a9eeda6dc1d': wmaprodec: return an error, not 0, when the input is too small. vorbisdec: Error on bark_map_size equal to 0. Update RELEASE file for 0.7.8 update year to 2013 oggdec: make sure the private parse data is cleaned up indeo5: update AVCodecContext width/height on size change doc: filters: Correct BNF FILTER description Conflicts: RELEASE Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-09-22 17:17:10 +02:00
Michael Niedermayer	c997dcd38b	mpegts: only reopen pmt_cb filter if its different from the previous. Fixes Ticket2632 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b009267910df10c004b5f340a090d45da29089a0)	2013-07-07 19:06:16 +02:00
Carl Eugen Hoyos	2a1bebfc83	Autodetect idcin only if audio properties allow decoding. Fixes ticket #2688. (cherry picked from commit 06bede95fcea47d2e51e8ff248c15311f335b898)	2013-06-19 23:50:09 +02:00
Luca Barbato	053c19cd88	oggdec: fix faulty cleanup prototype (cherry picked from commit fba8e5b608577fc660989d0057a55818254a3744) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 20:05:53 +02:00
Kostya Shishkov	f844cb9bce	iff: validate CMAP palette size Fixes CVE-2013-2495 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Luca Barbato <lu_zero@gentoo.org> CC: libav-stable@libav.org (cherry picked from commit 50c449ac24fbb4c03c15d2e2026cef2204b80385) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 31a77177ff323ef83944c60a8654891213ab6691) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 20:05:52 +02:00
Anton Khirnov	76c97f1963	lavf: make sure stream probe data gets freed. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit dbb1425811a672eddf4acf0513237cdf20f83756) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 20:05:52 +02:00
Xi Wang	f8d3bb8961	flacdec: simplify bounds checking in flac_probe() Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'. Avoid a possible out-of-bounds pointer, which is undefined behavior in C. CC: libav-stable@libav.org Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 8425d693eefbedbb41f91735614d41067695aa37)	2013-05-09 11:29:05 +02:00
Mans Rullgard	c65763a2c6	lavf: fix arithmetic overflows in avformat_seek_file() The values compared here can be more than INT64_MAX apart. Since the difference is always positive, converting to uint64_t before subtracting gives the correct result without overflows. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 91ac403b1316d59b4f43c4ea0f237e24cec2819a) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-05-09 11:29:05 +02:00
Luca Barbato	5bfa208e65	matroskadec: request a read buffer for the wav header Solve an infiniloop. CC: libav-stable@libav.org (cherry picked from commit 37cb3b180a1dc3d6f123f68e0806585ebc2578b6) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-05-09 11:20:11 +02:00
Luca Barbato	ee6b868ac8	oggdec: make sure the private parse data is cleaned up Related to CVE-2012-2882 (cherry picked from commit d894f74762bc95310ba23f804b7ba8dffc8f6646) Conflicts: libavformat/oggdec.h libavformat/oggparsevorbis.c (cherry picked from commit b0240165d93d4a08d15d244953219a4d4e725d3f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-09 11:20:10 +02:00
Paul B Mahol	537c173853	smacker: fix off by one error Regression since a93b572ae4f517ce0c35cf085167c318e9215908. Fixes #2426. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit e3cc92a623a6ece42816c7a692c8815688a99ab0)	2013-04-03 15:17:54 +02:00
Xi Wang	b59ee5dcf1	rtmp: fix buffer overflows in ff_amf_tag_contents() A negative `size' will bypass FFMIN(). In the subsequent memcpy() call, `size' will be considered as a large positive value, leading to a buffer overflow. Change the type of `size' to unsigned int to avoid buffer overflow, and simplify overflow checks accordingly. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4e692374f7962ea358c329de38c380103f8991b6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-23 05:55:20 +01:00
Xi Wang	e163d884ef	rtmp: fix multiple broken overflow checks Sanity checks like `data + size >= data_end \|\| data + size < data' are broken, because `data + size < data' assumes pointer overflow, which is undefined behavior in C. Many compilers such as gcc/clang optimize such checks away. Use `size < 0 \|\| size >= data_end - data' instead. Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 902cfe2f74d777a7dc20ac68f2393b9f84b790c1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-23 05:55:19 +01:00
Michael Niedermayer	685321e4bd	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: h264: check ref_count validity for num_ref_idx_active_override_flag h264: check context state before decoding slice data partitions oggdec: free the ogg streams on read_header failure oggdec: check memory allocation Fix uninitialized reads on malformed ogg files. rtsp: Recheck the reordering queue if getting a new packet alacdec: do not be too strict about the extradata size h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles h264: check sps.log2_max_frame_num for validity ppc: always use pic for shared libraries h264: enable low delay only if no delayed frames were seen lavf: avoid integer overflow in ff_compute_frame_duration() Conflicts: libavformat/oggdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-17 03:16:46 +01:00
Michael Niedermayer	3f1a58db6f	Merge commit 'b143844ea0f6246e0d5a938d743e2e8a98453bec' into release/0.8 * commit 'b143844ea0f6246e0d5a938d743e2e8a98453bec': (22 commits) aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN. vp6: properly fail on unsupported feature h264: Fix parameters to ff_er_add_slice() call flacenc: ensure the order is within the min/max range in LPC order search yuv4mpeg: reject unsupported codecs vp8: reset loopfilter delta values at keyframes. vp56: release frames on error vp56: make parse_header return standard error codes ivi_common: check that scan pattern is set before using it. Update RELEASE file for 0.7.7 tiffenc: Check av_malloc() results. mpegaudiodec: fix short_start calculation h264: avoid stuck buffer pointer in decode_nal_units yuv4mpeg: return proper error codes. smacker audio: sign-extend the initial 16-bit predicted value vf_pad: don't give up its own reference to the output buffer. avidec: return 0, not packet size from read_packet(). wmapro: prevent division by zero when sample rate is unspecified alsdec: fix number of decoded samples in first sub-block in BGMC mode. alsdec: remove dead assignments ... Conflicts: RELEASE libavformat/avidec.c libavformat/yuv4mpeg.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-17 03:03:39 +01:00
Michael Niedermayer	597d709eb4	Merge commit 'aa45b90804ab21175b8c116bd8e5eb4b4e85fbcb' into release/0.8 * commit 'aa45b90804ab21175b8c116bd8e5eb4b4e85fbcb': (22 commits) alsdec: Check k used for rice decoder. cavsdec: check for changing w/h. avidec: use actually read size instead of requested size wmaprodec: check num_vec_coeffs for validity lagarith: check count before writing zeros. indeo5: check tile size in decode_mb_info(). indeo5: prevent null pointer dereference on broken files indeo: check for invalid motion vectors indeo: clear allocated band buffers indeo: check custom Huffman tables for errors dfa: add some checks to ensure that decoder won't write past frame end dfa: check that the caller set width/height properly. bytestream: add a new set of bytestream functions with overread checking avsdec: Set dimensions instead of relying on the demuxer. lavfi: avfilter_merge_formats: handle case where inputs are same rv34: use AVERROR return values in ff_rv34_decode_frame() h263: Add ff_ prefix to nonstatic symbols eval: fix swapping of lt() and lte() bmpdec: only initialize palette for pal8. vc1dec: add flush function for WMV9 and VC-1 decoders ... Conflicts: libavcodec/avs.c libavcodec/mpegvideo_enc.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-01-17 02:56:12 +01:00
Reinhard Tartler	3bc9cfe66e	oggdec: free the ogg streams on read_header failure Plug an annoying memory leak on broken files. (cherry picked from commit 89b51b570daa80e6e3790fcd449fe61fc5574e07) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 42bd6d9cf681306d14c92af97a40116fe4eb2522) Conflicts: libavformat/oggdec.c Conflicts: libavformat/oggdec.c	2013-01-12 19:36:27 +01:00
Luca Barbato	910c1f2352	oggdec: check memory allocation (cherry picked from commit ba064ebe48376e199f353ef0b335ed8a39c638c5) Conflicts: libavformat/oggdec.c	2013-01-12 19:34:40 +01:00
Dale Curtis	55065315ca	Fix uninitialized reads on malformed ogg files. The ogg decoder wasn't padding the input buffer with the appropriate FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in various pieces of parsing code when they thought they had more data than they actually did. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit ef0d779706c77ca9007527bd8d41e9400682f4e4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:34:40 +01:00
Martin Storsjö	8081879655	rtsp: Recheck the reordering queue if getting a new packet If we timed out and consumed a packet from the reordering queue, but didn't return a packet to the caller, recheck the queue status. Otherwise, we could end up in an infinite loop, trying to consume a queued packet that has already been consumed. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 8729698d50739524665090e083d1bfdf28235724) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:34:40 +01:00
Janne Grunau	10ff052c60	lavf: avoid integer overflow in ff_compute_frame_duration() Scaling the denominator instead of the numerator if it is too large loses precision. Fixes an assert caused by a negative frame duration in the fuzzed sample nasa-8s2.ts_s202310. CC: libav-stable@libav.org (cherry picked from commit 7709ce029a7bc101b9ac1ceee607cda10dcb89dc) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:27:42 +01:00
Luca Barbato	f3f22f183f	yuv4mpeg: reject unsupported codecs The muxer already rejects unsupported pixel formats, reject also unsupported codecs to prevent dangerous misuses. (cherry picked from commit 424b1e764263b1493de4c34365ef367ddae856db) Conflicts: libavformat/yuv4mpeg.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-12 19:20:27 +01:00
Anton Khirnov	5754176b5b	yuv4mpeg: return proper error codes. Fixes Bug 373. CC:libav-stable@libav.org (cherry picked from commit d3a72becc6371563185a509b94f5daf32ddbb485) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-04 07:43:38 +01:00
Anton Khirnov	562d6fd5b5	avidec: return 0, not packet size from read_packet(). (cherry picked from commit eeade678f0a2bac127aeed2fb68d8717a6463420) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2013-01-04 07:43:38 +01:00
Anton Khirnov	05f5a2eb62	avidec: use actually read size instead of requested size Fixes CVE-2012-2788 (cherry picked from commit 0af49a63c7f87876486ab09482d5b26b95abce60) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-01-04 07:43:37 +01:00
Michael Niedermayer	e28814e0e1	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: vorbis: Validate that the floor 1 X values contain no duplicates. vorbisenc: check all allocations for failure lavfi: avfilter_merge_formats: handle case where inputs are same alsdec: check opt_order. lavf: don't segfault when a NULL filename is passed to avformat_open_input() mpegvideo: Don't use ff_mspel_motion() for vc1 imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt nuv: check RTjpeg header for validity vc1dec: add flush function for WMV9 and VC-1 decoders ffmpeg: fix -force_key_frames mov: set AVCodecContext.width/height for h264 h264: allow cropping to AVCodecContext.width/height Conflicts: libavcodec/mpegvideo_common.h libavcodec/nuv.c libavcodec/vorbisenc.c libavfilter/formats.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-10-16 17:57:12 +02:00
Anton Khirnov	77d43bf42d	lavf: don't segfault when a NULL filename is passed to avformat_open_input() This can easily happen when the caller is using a custom AVIOContext. Behave as if the filename was an empty string in this case. CC: libav-stable@libav.org (cherry picked from commit a5db8e4a1a5449cc7a61e963c9fa698a4f22131b) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 7124fa5d3640e5b8089dd13b22a09038b2ec5216) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 09:40:46 +02:00
Carl Eugen Hoyos	8582e6e9a3	Fix muxing mjpeg in swf. (cherry picked from commit 7680d99b4302e476076cc1b8f2567f47c2aaef4d)	2012-09-13 09:22:24 +02:00
Mans Rullgard	0054d70f23	mov: set AVCodecContext.width/height for h264 This is required for correct cropping of files from Canon cameras. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 8aa93e900449c88c3169ff5636fed03f41779cac) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2fb4be9a99a2c2a9435339830e3d940171cc0d9b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-10 11:23:47 +02:00
Michael Niedermayer	b3e5c8de6a	ape: Fix null ptr dereference with files missing a seekatable. Such files are currently not supported as the table is used at several points Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e7cb161515fc9fb6d30d1681d64d9ba7ad737a4e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:06:57 +02:00
Michael Niedermayer	ee6c1670df	4xm: fix division by zero caused by bps<8 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1b8741a6843f3f4667c81c2d63d3182858aa534f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-09 21:06:52 +02:00
Michael Niedermayer	64bc5f3bf7	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update RELEASE file for 0.7.6 Update changelog for 0.7.6 release ea: check chunk_size for validity. png: check bit depth for PAL8/Y400A pixel formats. x86: fix build with gcc 4.7 qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. aacsbr: prevent out of bounds memcpy(). rtpdec_asf: Fix integer underflow that could allow remote code execution dpcm: ignore extra unpaired bytes in stereo streams. tqi: Pass errors from the MB decoder h264: Add check for invalid chroma_format_idc adpcm: ADPCM Electronic Arts has always two channels h263dec: Disallow width/height changing with frame threads. vqavideo: return error if image size is not a multiple of block size celp filters: Do not read earlier than the start of the 'out' vector. motionpixels: Clip YUV values after applying a gradient. h263: more strictly forbid frame size changes with frame-mt. h264: additional protection against unsupported size/bitdepth changes. Conflicts: Changelog RELEASE libavcodec/aacsbr.c libavcodec/h264_ps.c libavcodec/pngdec.c libavformat/rtpdec_asf.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-06-04 13:05:25 +02:00
Ronald S. Bultje	50336dc4f1	ea: check chunk_size for validity. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 273e6af47b38391f2bcc157cca0423fe7fcbf55c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6a86b705e1d4b72f0dddfbe23ad3eed9947001d5) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:16:37 +02:00
Michael Niedermayer	b15e85d820	rtpdec_asf: Fix integer underflow that could allow remote code execution Fixes MSVR-11-0088 Fixes CVE-2011-4031 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 5ea091fb5a12dc0210b8efdf30b573b87e21652b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 20:55:34 +02:00
Michael Niedermayer	b6cc1c77fd	Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: (84 commits) id3v2: fix skipping extended header in id3v2.4 Update RELEASE file for 0.7.5 lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN kgv1dec: Increase offsets array size so it is large enough. kgv1: use avctx->get/release_buffer(). kvmc: fix invalid reads nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). mjpegbdec: Fix overflow in SOS. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) atrac3: Fix crash in tonal component decoding. ws_snd1: Fix wrong samples count and crash. ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4) ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 h264: stricter reference limit enforcement. jvdec: unbreak video decoding xxan: don't read before start of buffer in av_memcpy_backptr(). dsicinvideo: validate buffer offset before copying pixels. huffyuv: add padding to classic (v1) huffman tables. ... Conflicts: RELEASE libavcodec/atrac3.c libavcodec/h264.c libavcodec/h264_parser.c libavcodec/kgv1dec.c libavcodec/shorten.c libavcodec/svq3.c libavcodec/ws-snd1.c libavcodec/xxan.c libswscale/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2012-04-02 01:25:31 +02:00
Anton Khirnov	bc5d86d23d	id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-04-01 19:20:50 +02:00
Diego Biurrun	6fe5038753	nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). This eliminates a warning about a set-but-unused variable. (cherry picked from commit 35fa0d47585cef28cd8191dccf0607d90c7667a6) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:29 +02:00
Ronald S. Bultje	f2e412d050	smacker: error out if palette copy-with-offset overruns palette size. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a93b572ae4f517ce0c35cf085167c318e9215908) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	853ce33dbc	mov: Add more HDV and XDCAM FourCCs. Reference: VLC (cherry picked from commit b142496c5630b9bc88fb9eaccae7f6bd62fb23e7) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	5015ada0ec	mov: Add support for MPEG2 HDV 720p24 (hdv4) (cherry picked from commit 0ad522afb3a3b3d22402ecb82dd4609f7655031b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	b0888b8a48	dv: Fix small overread in audio frequency table. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 0ab3687924457cb4fd81897bd39ab3cc5b699588) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	00fa6ffe1a	dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Michael Niedermayer	44e182d41e	dv: Fix null pointer dereference due to ach=0 dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Michael Niedermayer	bb737d381f	dv: check stype dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	0100c4b1b0	nsvdec: Propagate errors Related to CVE-2011-3940. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5) Conflicts: libavformat/nsvdec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00
Alex Converse	be524c186b	nsvdec: Be more careful with av_malloc(). Check results for av_malloc() and fix an overflow in one call. Related to CVE-2011-3940. Based in part on work from Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-01 18:33:28 +02:00

1 2 3 4 5 ...

8105 Commits