The s390 architecture requires shared libraries to be built in PIC mode.
Otherwise applications will get wrong relocations at run-time, leading
to confusing segmentation faults.
CC: libav-stable@libav.org
(cherry picked from commit 5ddc9f5052316608799b932c604f9e7561f8ce24)
(cherry picked from commit 7509c2c4ea2180733cc60ab1a0e0fe4ce2f02a69)
Avoid a division by 0 in ff_mpeg4_set_one_direct_mv.
Sample-Id: 00000168-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 9514440337875e0c63b409abcd616b68c518283f)
(cherry picked from commit 5df52b0131d3d4d804ad6e221bc9a2cd8b201ef2)
f777504f640260337974848c7d5d7a3f064bbb45 changed a - in +
CC: libav-stable@libav.org
(cherry picked from commit d922c5a5fbaf0b6c73bd8c81ae059bc6e406961c)
(cherry picked from commit 3ce77e04c2ca4b9e7fa6b94b51e8d7c5f188da86)
Fixes invalid writes on pixel format changes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 4c3e1956ee35fdcc5ffdb28782050164b4623c0b)
And use the value from the specification.
Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit f777504f640260337974848c7d5d7a3f064bbb45)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)
Conflicts:
libavcodec/h264.c
* qatar/release/9:
Update Changelog for 9.11
oggparseogm: check timing variables
mathematics: remove asserts from av_rescale_rnd()
vc1: Always reset numref when parsing a new frame header.
h264: reset num_reorder_frames if it is invalid
Conflicts:
Changelog
libavcodec/vc1.c
libavutil/mathematics.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '62ed6da016b789eee00e0fff517df4a254e12e5d':
h264: check that an IDR NAL only contains I slices
mov: Free an earlier allocated array if allocating a new one
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '44079902c49e526f464bb4eb855665e1af867e91':
mov: Free intermediate arrays in the normal cleanup function
segafilm: fix leaks if reading the header fails
h264_cavlc: check the size of the intra PCM data.
h263: Check init_get_bits return value
cavsdec: check ff_get_buffer() return value
Conflicts:
libavcodec/cavsdec.c
libavcodec/h263dec.c
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c85e5f13f6ac9c4c90125e7671d89009e57f9df9':
cavs: Check for negative cbp
avi: DV in AVI must be considered single stream
vmnc: Check the cursor dimensions
vmnc: Port to bytestream2
Conflicts:
libavcodec/cavsdec.c
libavcodec/vmnc.c
libavformat/avidec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This removes the initialization of 2 unused fields
The change was part of c1868e7ee7b07b40a0fe15f50df89fe499a01a50
but wasnt merged as the fields could still be used
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 05c78f345b623a3eed203ab17da6e1419d56abd0)
Conflicts:
libavformat/utils.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 05886c9d4edddb07a4cdc6afee8b30cd9c80b4db)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The check could fail if avio_read() read less than requested
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8c3b026a0eeb49464d957b61b0c01cceecc416fd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6a2064820b52568c05a9ec8f418f18840e7c43cc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '8575f5362f98c937758b20ff8512d6767a56208e':
lavf: make av_probe_input_buffer more robust
lavf: use a fixed width type
lavf: simplify handling of offset in av_probe_input_buffer()
Conflicts:
libavformat/utils.c
See: cdce0e8a506cafebe47736d891f5b645b57d14b2 and previous commits
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c4810fbe4f53d312ba70f251f7ee4f484cbca565)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d)
Conflicts:
libavcodec/vmnc.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access with RC_VARIANCE set to 0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It is a public function, it must not assert on its parameters.
(cherry picked from commit 94a417acc05cc5151b473abc0bf51fad26f8c5a0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fixes an issue where the B-frame coding mode switches from interlaced
fields to interlaced frames, causing incorrect decisions in the motion
compensation code and resulting in visual artifacts.
CC: libav-stable@libav.org
Signed-off-by: Tim Walker <tdskywalker@gmail.com>
(cherry picked from commit dd2d0039b6405dc724e4fef0d5b8f49530eea3aa)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
An invalid VUI is not considered a fatal error, so the SPS containing it
may still be used. Leaving an invalid value of num_reorder_frames there
can result in writing over the bounds of H264Context.delayed_pic.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 9ecabd7892ff073ae60ded3fc0a1290f5914ed5c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/h264_ps.c
These arrays are normally freed at the end of mov_read_trak,
but make sure they're freed in case mov_read_trak returned
early (due to errors) or in case the atoms that allocate arrays
are encountered at some other point than within a trak (which
we don't have checks against).
Sample-Id: 00000496-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d51f09962d5b4bc999fb70c040f330dd1873212e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
It could probably also be considered an error if the pointer isn't
null at this point, but then we might risk rejecting some
slightly broken files that we might have handled so far.
Sample-Id: 00000496-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2620df13104ddaa136158eb6bb1195adbf9d7692)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
And manage the reallocation failure path.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5e992a4682d2c09eed3839c6cacf70db3b65c2f4)
Fixes out of array accesses and integer overflows.
(cherry picked from commit d1916d13e28b87f4b1b214231149e12e1d536b4b)
Adresses: CVE-2013-7010, CVE-2013-7014
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
