ffmpeg

Author	SHA1	Message	Date
Piotr Bandurski	f3c8a8b087	avcodec/lcldec: fix decoding of YUV444 sample Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a3329a09f93455a44ff3c9c64886c4da1f66bcfb) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:56:15 +02:00
Christophe Gisquet	60f94f7084	alacenc: fix extra bits extraction The raw coded bits are extracted prior to decorrelation, as is correctly performed by the decoder, and not after. Fixes ticket #2768. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 96d217832598da7001bc204706476dd1e37f377e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:53:11 +02:00
Christophe Gisquet	7f7cf051ed	alacenc: increase predictor buffer This change is almost cosmetical only, and reduces the changes needed to fix the 24bps case. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c0d18cc085b13cdfb05ea90a20b46235fb4fa0a9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:53:06 +02:00
Christophe Gisquet	3231e7ab64	wavpack: report if there is no bits left Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 11a39bdf534a4ead634b4a593c66ebf756910b9b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:52:07 +02:00
Jon Morley	552fe9b07f	avcodec/adpcm: Fix incorrect AVSampleFormat for sample_fmts_s16p The AVSampleFormat list of sample_fmts_s16p is missing the trailing "P" for planar formats. AV_SAMPLE_FMT_S16 vs AV_SAMPLE_FMT_S16P Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 18e70006e7d39f256079cd461a0fe75f1e9cbfd2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:51:05 +02:00
Michael Niedermayer	96d1a8f014	avcodec/snow: check coeffs for validity Fixes deadlock Fixes integer overflow Fixes Ticket 3892 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 596636a474ab201badaae269f3a2cef4824b8c1f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:37:43 +02:00
Michael Niedermayer	0bf0de7185	avcodec/utils: add GBRP16 to avcodec_align_dimensions2() Fixes Ticket3869 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3fe9e7be4c70c8fccdcd56fd19276e668cfb7de8) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:33:09 +02:00
Michael Niedermayer	c58d7f9eb5	avcodec: fix aac/ac3 parser bitstream buffer size Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fccd85b9f30525f88692f53134eba41f1f2d90db) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:33:09 +02:00
Christophe Gisquet	11a61dd0e2	proresenc_kostya: report buffer overflow If the allocated size, despite best efforts, is too small, exit with the appropriate error. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 52b81ff4635c077b2bc8b8d3637d933b6629d803) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:13:11 +02:00
Michael Niedermayer	5865d599c3	avcodec/iff: check pixfmt for rgb8 / rgbn Fixes out of array access Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3539d6c63a16e1b2874bb037a86f317449c58770) Conflicts: libavcodec/iff.c (cherry picked from commit 656f930160db48e0b7b25069c62abc340e7f0628) Conflicts: libavcodec/iff.c (cherry picked from commit abc1fa7c5a1dca1345b9471b81cfcda00c56220d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 21:13:11 +02:00
Michael Niedermayer	081f4f5f56	Merge commit 'e4fb53c73abece15a7c5df0019df9a0371db2297' into release/1.1 * commit 'e4fb53c73abece15a7c5df0019df9a0371db2297': ffv1dec: check that global parameters do not change in version 0/1 Conflicts: libavcodec/ffv1dec.c See: f78a3868fd3d8f66da68338c0783aa15f98833bf Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-30 20:47:54 +02:00
Michael Niedermayer	e4fb53c73a	ffv1dec: check that global parameters do not change in version 0/1 Such changes are neither allowed nor supported Found-by: ami_stuff Bug-Id: CVE-2013-7020 CC: libav-stable@libav.org Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit da7d839a0d3ec40423a665dc85e0cfaed3f92eb8) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-08-12 10:35:09 +00:00
Michael Niedermayer	a04bb8d6e7	avcodec/dvdsub_parser: print message if packet is smaller than the packet size field Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bcc898dd2643c883522ffa565be4b226ce798c78) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 16:19:48 +02:00
Michael Niedermayer	1298aa8318	avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 16:19:48 +02:00
Michael Niedermayer	e5fcc16a1f	avcodec/dvdsub_parser: never return 0 when the input isnt 0 Fixes a infinite loop Fixes Ticket3804 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cfdb30d2f1241de9354a8efdbf8252d0f1a6f933) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 16:19:48 +02:00
Michael Niedermayer	b65c290f7f	Merge commit '52254067b312e78d30bbe79fc33dbdf995b22b4e' into release/1.1 * commit '52254067b312e78d30bbe79fc33dbdf995b22b4e': error_concealment: avoid using the picture if not fully setup Conflicts: libavcodec/error_resilience.c See: 68a0477bc0af026db971ddba22541029a9e8715b Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 16:06:27 +02:00
Michael Niedermayer	437848e37a	vp3: Copy all 3 frames for thread updates Fixes a double release of the current frame on deinit. Bug-Id: CVE-2011-3934 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2014-08-08 14:57:01 +01:00
Michael Niedermayer	09e3fe79fc	avcodec/svq1dec: Fix multiple bugs from "svq1: do not modify the input packet" Add padding, clear size, use the correct pointer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4213fc5b9eebec53c7d22b770c3f1ceecca1c113) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 15:49:50 +02:00
Michael Niedermayer	e4b1cffade	Merge commit 'af9b62654d5aa023a96906215365532d18541a09' into release/1.1 * commit 'af9b62654d5aa023a96906215365532d18541a09': svq1: do not modify the input packet Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 15:48:57 +02:00
Michael Niedermayer	06f7e87e15	Merge commit '80c268eaaee402695a74d14acf76063100692a99' into release/1.1 * commit '80c268eaaee402695a74d14acf76063100692a99': cdgraphics: do not return 0 from the decode function Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 15:47:34 +02:00
Michael Niedermayer	420f63984b	Merge commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83' into release/1.1 * commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83': cdgraphics: switch to bytestream2 Conflicts: libavcodec/cdgraphics.c See: ad002e1a13a8df934bd6cb2c84175a4780ab8942 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 15:45:19 +02:00
Michael Niedermayer	91437631d7	Merge commit 'c53effc41b9359261b17c8da3b7062369cafd686' into release/1.1 * commit 'c53effc41b9359261b17c8da3b7062369cafd686': huffyuvdec: check width size for yuv422p Conflicts: libavcodec/huffyuvdec.c See: 6abb9a901fca27da14d4fffbb01948288b5da3ba Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 15:20:18 +02:00
Michael Niedermayer	02018a359e	Merge commit '146b187113e3cc20c2a97c5f264da13e701ca247' into release/1.1 * commit '146b187113e3cc20c2a97c5f264da13e701ca247': lavc: Check the image size before calling get_buffer Conflicts: libavcodec/utils.c See: 668494acd8b20f974c7722895d4a6a14c1005f1e Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 14:54:53 +02:00
Michael Niedermayer	451bc8ee2f	Merge commit '43d676432740c6d5e5234ed343f13902909fd124' into release/1.1 * commit '43d676432740c6d5e5234ed343f13902909fd124': huffyuv: Check and propagate function return values Conflicts: libavcodec/huffyuvdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 14:38:20 +02:00
Michael Niedermayer	0bcf514198	Merge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1 * commit '01f9540320279954b2764645ab7136847d53d89f': h264_sei: check SEI size Conflicts: libavcodec/h264_sei.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 14:24:54 +02:00
Michael Niedermayer	1ee5e2ce3d	Merge commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec' into release/1.1 * commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec': pgssubdec: Check RLE size before copying See: c0d68be555f5858703383040e04fcd6529777061 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 14:20:41 +02:00
Michael Niedermayer	6e83c26620	Merge commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0' into release/1.1 * commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0': fate: Add dependencies for dct/fft/mdct/rdft tests Conflicts: libavcodec/fft-test.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 14:14:06 +02:00
Michael Niedermayer	c074feed29	Merge commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8' into release/1.1 * commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8': eamad: use the bytestream2 API instead of AV_RL Conflicts: libavcodec/eamad.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 13:55:06 +02:00
Michael Niedermayer	6333c6c17d	Merge commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240' into release/1.1 * commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240': adpcm: Write the proper predictor in trellis mode in IMA QT Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 13:32:56 +02:00
Michael Niedermayer	5fa56e6e62	Merge commit '744e7eea5d815efea777b6179d96e8d94b63ccfa' into release/1.1 * commit '744e7eea5d815efea777b6179d96e8d94b63ccfa': adpcm: Avoid reading out of bounds in the IMA QT trellis encoder Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 13:31:09 +02:00
Michael Niedermayer	cf7f798984	Merge commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f' into release/1.1 * commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f': Check mp3 header before calling avpriv_mpegaudio_decode_header(). Conflicts: libavformat/mp3enc.c See: See: 2dd0da787ce5008d4d1b8f461fbd1288c32e2c38 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 12:52:20 +02:00
Michael Niedermayer	244a58fff0	Merge commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f' into release/1.1 * commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f': Check if an mp3 header is using a reserved sample rate. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-08-08 12:48:55 +02:00
Michael Niedermayer	52254067b3	error_concealment: avoid using the picture if not fully setup Fixes state becoming inconsistent and a null pointer dereference. CC: libav-stable@libav.org Bug-Id: CVE-2013-0860 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-08-06 19:25:56 +00:00
Anton Khirnov	af9b62654d	svq1: do not modify the input packet The input data must remain constant, make a copy instead. This is in theory a performance hit, but since I failed to find any samples using this feature, this should not matter in practice. Also, check the size of the header, avoiding invalid reads on truncated data. CC:libav-stable@libav.org (cherry picked from commit 7b588bb691644e1b3c168b99accf74248a24e3cf) Signed-off-by: Anton Khirnov <anton@khirnov.net> Conflicts: libavcodec/svq1dec.c	2014-08-06 19:10:28 +00:00
Anton Khirnov	80c268eaae	cdgraphics: do not return 0 from the decode function 0 means no data consumed, so it can trigger an infinite loop in the caller. CC:libav-stable@libav.org (cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36) Signed-off-by: Anton Khirnov <anton@khirnov.net> Conflicts: libavcodec/cdgraphics.c	2014-08-06 18:46:36 +00:00
Anton Khirnov	8cd67ddde4	cdgraphics: switch to bytestream2 Fixes possible invalid memory accesses on corrupted data. CC:libav-stable@libav.org Bug-ID: CVE-2013-3674 (cherry picked from commit a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-08-06 18:45:57 +00:00
Michael Niedermayer	c53effc41b	huffyuvdec: check width size for yuv422p Avoid out of array accesses. CC: libav-stable@libav.org Bug-Id: CVE-2013-0848 Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit a7153444df9040bf6ae103e0bbf6104b66f974cb) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-08-05 20:11:08 +00:00
Michael Niedermayer	ede7388800	mmvideo: check horizontal coordinate too Fixes out of array accesses. Bug-Id: CVE-2013-3672 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 70cd3b8e659c3522eea5c16a65d14b8658894a94) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-08-05 19:28:47 +00:00
Michael Niedermayer	36d8914f1b	wmalosslessdec: fix mclms_coeffs* array size Fixes corruption of context Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org Bug-Id: CVE-2014-2098 Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 849b9d34c7ef70b370c53e7af3940f51cbc07d0f) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-08-05 15:05:22 +00:00
Luca Barbato	146b187113	lavc: Check the image size before calling get_buffer Bug-Id: CVE-2011-3935 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind	2014-08-04 14:15:45 +02:00
Diego Biurrun	43d6764327	huffyuv: Check and propagate function return values Bug-Id: CVE-2013-0868 inspired by a patch from Michael Niedermayer <michaelni@gmx.at> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 744b406ff3474e77543bcf86125a2f7bc7deaa18) Signed-off-by: Diego Biurrun <diego@biurrun.de> Conflicts: libavcodec/huffyuvdec.c	2014-08-03 16:08:59 -07:00
Michael Niedermayer	01f9540320	h264_sei: check SEI size Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2014-08-01 13:36:37 +01:00
Vittorio Giovara	5123541913	h264: prevent theoretical infinite loop in SEI parsing Properly address CVE-2011-3946 and parse bitstream as described in the spec. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind	2014-08-01 13:36:37 +01:00
Michael Niedermayer	00915d3cd2	pgssubdec: Check RLE size before copying Make sure the buffer size does not exceed the expected RLE size. Prevent an out of array bound write. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Bug-Id: CVE-2013-0852 Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit a1f7844a11010d8552c75424d1a831b37a0ae5d9) Signed-off-by: Diego Biurrun <diego@biurrun.de>	2014-08-01 05:12:07 -07:00
Diego Biurrun	58d7b835e3	fate: Add dependencies for dct/fft/mdct/rdft tests (cherry picked from commit d396987c303bdc4eea7d1a1ff6776475d9bbd9ea) Signed-off-by: Diego Biurrun <diego@biurrun.de> Conflicts: libavcodec/fft-test.c	2014-07-30 12:15:44 -07:00
Anton Khirnov	e8ff797206	eamad: use the bytestream2 API instead of AV_RL This is safer and possibly fixes invalid reads on truncated data. (cherry-picked from commit 541427ab4d5b4b6f5a90a687a06decdb78e7bc3c) CC:libav-stable@libav.org Conflicts: libavcodec/eamad.c (cherry picked from commit f9204ec56a4cf73843d1e5b8563d3584c2c05b47) Signed-off-by: Diego Biurrun <diego@biurrun.de>	2014-07-30 11:35:41 -07:00
Martin Storsjö	21d3e0ac9e	adpcm: Write the proper predictor in trellis mode in IMA QT The actual predictor value, set by the trellis code, never was written back into the variable that was written into the block header. This was accidentally removed in b304244b. This significantly improves the audio quality of the trellis case, which was plain broken since b304244b. Encoding IMA QT with trellis still actually gives a slightly worse quality than without trellis, since the trellis encoder doesn't use the exact same way of rounding as in adpcm_ima_qt_compress_sample and adpcm_ima_qt_expand_nibble. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 0776e0ef6ba4160281ef3fabea43e670f3792b4a) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2014-06-26 13:43:46 +02:00
Martin Storsjö	744e7eea5d	adpcm: Avoid reading out of bounds in the IMA QT trellis encoder This was broken in 095be4fb - samples+ch (for the previous non-planar case) equals &samples_p[ch][0]. The confusion probably stemmed from the IMA WAV case where it originally was &samples[avctx->channels + ch], which was correctly changed into &samples_p[ch][1]. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 3d79d0c93e5b37a35b1b22d6c18699c233aad1ba) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2014-06-26 13:43:41 +02:00
Justin Ruggles	d7dbc687e3	Check mp3 header before calling avpriv_mpegaudio_decode_header(). As indicated in the function documentation, the header MUST be checked prior to calling it because no consistency check is done there. CC:libav-stable@libav.org (cherry picked from commit f2f2e7627f0c878d13275af5d166ec5932665e28) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2014-06-26 12:52:01 +02:00
Justin Ruggles	7997acee05	Check if an mp3 header is using a reserved sample rate. Fixes an invalid read past the end of avpriv_mpa_freq_tab. Fixes divide-by-zero due to sample_rate being set to 0. Bug-Id: 705 CC:libav-stable@libav.org Conflicts: libavcodec/mpegaudiodecheader.c	2014-06-26 12:51:04 +02:00

1 2 3 4 5 ...

22645 Commits