ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	5d6982c13b	indeo4: check that num_mbs matches Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d3db8988d5befd8702a748cf1957415677bfe75c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-03 01:31:07 +02:00
Michael Niedermayer	e11fa0879a	dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-03 01:27:33 +02:00
Michael Niedermayer	e70d202275	vqavideodev: Check image dimensions Fixes out of heap array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d) Independently-Found-by: Fabian Yamaguchi Fixes: CVE-2012-0947 Conflicts: libavcodec/vqavideo.c	2012-05-03 00:29:18 +02:00
Michael Niedermayer	9de0c8c60c	sonic: update to new API Fixes Ticket1075 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6f9803e5e02c557e1003cface9f3084a7e1e43e4) Conflicts: libavcodec/sonic.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-03 00:28:35 +02:00
Michael Niedermayer	db041fd115	qpeg: Fix out of array writes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-05-03 00:28:35 +02:00
Fabian Greffrath	7a877418e3	srtdec: fix a format string vulnerability. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit aaa1173de775b9b865a714abcc270816d2f59dff)	2012-05-03 00:28:35 +02:00
ami_stuff	cf9b04c6f2	Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Fixes an AAC decoding issue with the sample from ticket #213 on machines with SSE but without SSE2. Based on 89411a by Reimar. (cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928)	2012-04-04 09:16:02 +02:00
Michael Niedermayer	89f2d6c349	h264: fix seeking in low delay streams without IDR Fixes Ticket1165 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3360b8517a1f478c4102072e5eadd8ba78be0538)	2012-04-04 08:41:14 +02:00
Franz Brauße	32a79b5649	smacker audio: sign-extend the initial 16-bit predicted value Fixes Bug #265 Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 12cbbbb4abda2de0ea123282ccf7ebee61517f7d)	2012-04-01 14:00:13 +02:00
Michael Niedermayer	63945e2226	indeo4: fix LE reader define for backport Fixes Ticket920 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-16 22:26:52 +01:00
Carl Eugen Hoyos	ad6eefc0d8	Fix compilation with yasm-0.6.2.	2012-01-12 16:53:42 +01:00
John Brooks	e540446f6c	vc1dec: fix invalid memory access for small video dimensions For small video dimensions, these calculations of the upper bound for pixel access may have a negative result. Using an unsigned comparison to bound a potentially negative value only works if the greater operand is non-negative. Fixed by doing edge emulation when the upper bound is probably negative, everywhere that this pattern appears. Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit d209c27b09234cc40bbdbd680aa502b493edf595) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-05 02:23:08 +01:00
John Brooks	fc9c5ad9ea	rv34: fix invalid memory access for small video dimensions For small video dimensions calculations of the upper bound for pixel access may result in negative value. Using an unsigned comparison works only if the greater operand is non-negative. This is fixed by doing edge emulation explicitly for such conditions. Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit aacf6b3a2fd8bc8603e3deaa6e612ea03cf08707) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-05 02:23:02 +01:00
Michael Niedermayer	58afa73338	vorbis: make sure ch is non zero before calling vorbis_residue_decode This possibly makes part of the CVE-2011-3895 fix unneeded. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ff7f198d7f9504f71676327be0be47661cfe39d6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:19:02 +01:00
Chris Evans	68ee43468e	vorbis: An additional defense in the Vorbis codec. BUG=101458 Review URL: http://codereview.chromium.org/8414025 Fixes second part of CVE-2011-3895 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f74ce3a60d6ef49080df85c44b54280357109f56) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:19:00 +01:00
Chris Evans	80440c5b1d	vorbis: Fix decoder bug. BUG=101458 Review URL: http://codereview.chromium.org/8413019 This fixes part of 2011-3895 bigned-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 68226ed9ecef675895dc55a0c58d587014639a0e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:19:00 +01:00
Michael Niedermayer	89bd49b25c	vorbisdec: Make sure blocksize is not set to an invalid value. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 405e99bdfdb363e8dfda275faad9d4fdc9646434) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:18:59 +01:00
Michael Niedermayer	d7e5301e43	vorbis: Fix last quarter of CVE-2011-3893 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:18:58 +01:00
Chris Evans	6a3fed8749	ogg: Avoid the possibility to read out-of-bounds of a static global array in Vorbis decoding. BUG=100543 Review URL: http://codereview.chromium.org/8365014 This fixes 25% of CVE-2011-3893 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7149fce2cac0474a5fbc5b47add1158cd8bb283e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:18:56 +01:00
Philippe Saint-Pierre	1bd1103175	Fix possible infinite loop decoding als. Reviewed-by: Thilo Borgmann (cherry picked from commit f0f2babca23a3d099bcd5a1e18cf5d0eae2f4ef3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:18:53 +01:00
Michael Niedermayer	66569b375c	jpegdec: Fix vlc table check for progressive jpegs. Fixes Ticket834 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 15b219fae9da1691dfb264f51637805e1ca63d1a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-04 22:18:01 +01:00
Carl Eugen Hoyos	9f561ec398	Revert "wavpack: Clip samples after shifting" This reverts commit 8d055e9079f151f13d34e8e04f4aa7ca0273c448. The original commit introduced ticket #871, do not import the problem into the release branch.	2012-01-04 20:34:45 +01:00
Hendrik Leppkes	7e97d98033	wavpack: determine sample_fmt before requesting a buffer Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 14165fe1256e0f11ba3d9cf574492ae528e5c9cf) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:53:17 +01:00
Michael Bradshaw	632fd58a8f	Added yuva420p decoding support for libopenjpeg Signed-off-by: Michael Bradshaw <mbradshaw@sorensonmedia.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2ba3416362345f275c63e70f44f4cfbf9b66fb35) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:52:44 +01:00
Michael Bradshaw	68874c42e7	Added RGBA and YUV440 decoding support for libopenjpeg decoder Reviewed-by: Jean First <jeanfirst@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3f07ef1dfff036a6b35c1605e6346bad2e17da68) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:52:39 +01:00
Michael Bradshaw	a598f0a5d7	Fixed openjpeg decoding bug with width/linesize issue The original code wasn't taking into account the fact that linesize may not equal the frame's width. This is to correct that. Signed-off-by: Michael Bradshaw <mbradshaw@sorensonmedia.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d1669e5fe3d61dc4181f96138eb4355aaaf231ea) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:52:21 +01:00
Michael Niedermayer	80695c9d1f	jpegdec: non interleaved rgb ljpeg support. Fixes Ticket856 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 45552371e3434fb7aa4d0bc566fd4ef954f9af14) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:51:48 +01:00
Michael Niedermayer	17c3ec77c2	jpegdec: 9-16 bit yuv/gray ljpeg support. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 465eb0eb48a14f5308d7fa52c388e7be7170cc3e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:51:42 +01:00
Michael Niedermayer	e8c8b27f66	jpegdec: Only enable rgb mode when there are 3 components. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 24964f21e4976edab156dc934c3b5ec3746b16eb) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:51:28 +01:00
Justin Ruggles	4eff392a4b	bmv audio: implement new audio decoding API (cherry picked from commit 8893fbdf7a5b941ce353fd560817ae6a2c34cfff) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:50:30 +01:00
Paul B Mahol	e5ae872309	y41p encoder and decoder y41p is a packed 12-bit 4:1:1 YUV format used by Brooktree. Fixes issue 1123 / ticket #102. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dfa77dead2c97ec84092066102b14a2524d4d88b) Conflicts: Changelog libavcodec/version.h Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:50:03 +01:00
Jean First	3fe4055c5f	j2kdec: av_log formatting use %tx instead of %x Signed-off-by: Jean First <jeanfirst@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b1031562351d81fb56f9338df5876dc2153d9f26) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:48:40 +01:00
Reimar Döffinger	b8cc9e206b	Avoid uninitialized data in lcldec when ofs is 0 in MSZH. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> (cherry picked from commit 42a1f1d7a8cf67eed68db596d6a1e53c0c36e4ab) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:44:47 +01:00
Michael Niedermayer	0064fcb486	mlp_parser: Fix infinite loop with 0 bytes_left. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e146ad95d79b1a6e6b9e566366b832825c79679f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:43:02 +01:00
Michael Niedermayer	3ccbd6b06d	ljpegdec: fix point transform injection. Fix Ticket842 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b0143da80656f286b3e2363f3ddb6f81c4a0fbf5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:41:59 +01:00
Michael Niedermayer	f246d46ee6	indeo5: Fix null pointer dereferences of ref_mb Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f41a6c8f3aeb51332bb359038cb504d3fb562a52) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:40:58 +01:00
Michael Niedermayer	94773637ba	h264_mp4toannexb_filter: pass error code through. Bug-Found-by and Suggested bugfix: Tanami, Ohad Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7ae251b4d8a18bc63734e58f1baafac634c67e01) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:40:49 +01:00
Michael Niedermayer	7cd9732b33	qpeg: Check for overread in qpeg_decode_intra. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e7c1e38ba632f7315e332dd350b38f782f428884) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:40:17 +01:00
Michael Niedermayer	acdc505b2a	indeo5: fix division by 0 in ff_ivi_init_tiles() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 92e2b59dec8c0124a209ce24f23450df9607d9d8) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:39:40 +01:00
Michael Niedermayer	f09bbd38b0	indeo5: Fix crash due to partially initialized gop vars. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d46bc4133c104188dd6719365605e42bd1b5e2ff) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:38:58 +01:00
Michael Niedermayer	690fda3ae4	indeo5: fix null pointer crash with ref_mb Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4b35ee0b7c0c4cbac3541a25a5e8c00b657c8f95) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:38:35 +01:00
Michael Niedermayer	0280cf9aa7	vcr1dec: Check that there is sufficient input data. Fixes crash. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8e09482e4d27d65bbce2ce5c2f4392216011ed09) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:38:22 +01:00
Michael Niedermayer	a47c277205	v410dec: Check for sufficient input data. Fixes crash Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 11ca3416f92744f376c08e5f31bcbe5d9b44acb2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:38:16 +01:00
Kostya Shishkov	b0355d3253	Indeo 4 decoder Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit adfe0c942e71545f003f9c4d148fbf5d220681bc) Conflicts: Changelog libavcodec/version.h Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:38:07 +01:00
Carl Eugen Hoyos	e9ce8a4480	Fix a crash when reading gray pam files. Fixes ticket #837. (cherry picked from commit 190a0998c353879c8f79f47678752dbb8fa62bb2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:36:22 +01:00
Michael Niedermayer	6caca26533	shorten: validate values in fmt chunk search Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5e9a56a0350c518cd4b38845aff49d41a9c952ae) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:33:21 +01:00
Michael Niedermayer	446d11f5ed	shorten: Fix invalid free() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 18bcfc912e48bf77a5202a0e24a3b884b9b2ff2c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:33:15 +01:00
Michael Niedermayer	7c67d9c6fb	golomb: Fix infinite loop in svq3_get_ue_golomb() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 964506bb979e8c972833c7421a39f3275d3cd3c0) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:32:19 +01:00
Michael Niedermayer	49db360005	ws_snd1: Fix wrong samples count and crash. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5257743aee0c3982f0079e6553aabc6aa39401d2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:32:14 +01:00
Michael Niedermayer	6210d62c5f	vmdav: check that theres enough space for a chunk remaining. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2278ecc434d390bccd32a083a12ab964a6b7b0ce) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2012-01-03 22:31:46 +01:00

1 2 3 4 5 ...

16756 Commits