generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
49,674 Commits 24 Branches 241 Tags
Commit Graph

22682 Commits

Author SHA1 Message Date
Michael Niedermayer
15d96c605b avcodec/jpeglsdec: check err value for ls_get_code_runterm() 
Fixes infinite loop
Fixes Ticket3086

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2014-03-07 04:04:07 +01:00
Michael Niedermayer
8b0880ff1b avcodec/avpacket/av_packet_split_side_data: ensure that side data padding is initialized 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 240fd8c96f59ebe9dcfc4152a1086cd3f63400c0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e48318802b3caa493a40c0584afc30cc866d9d0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2014-03-07 04:04:07 +01:00
Michael Niedermayer
f1f06710c4 Merge remote-tracking branch 'qatar/release/9' into release/1.1 
* qatar/release/9:
  arm: hpeldsp: prevent overreads in armv6 asm

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-03-07 03:59:18 +01:00
Michael Niedermayer
993c2a256d Merge commit '798c715f4fa5cde37456af6202a32ee62cfb96d9' into release/1.1 
* commit '798c715f4fa5cde37456af6202a32ee62cfb96d9':
  configure: enable PIC on s390(x)
  ituh263: reject b-frame with pp_time = 0
  lagarith: reallocate rgb_planes when needed
  truemotion1: check the header size
  shorten: pad the internal bitstream buffer
  samplefmt: avoid integer overflow in av_samples_get_buffer_size()

Conflicts:
	libavcodec/lagarith.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-03-07 03:54:51 +01:00
Michael Niedermayer
c9fef27deb Merge commit '8883b5f85bfe35509633bc590d19b6a1b495690e' into release/1.1 
* commit '8883b5f85bfe35509633bc590d19b6a1b495690e':
  h264: Fix a typo from the previous commit
  h264: Lower bound check for slice offsets
  Add missing header to fix compilation after d2a0654
  Prepare for 9.12 RELEASE
  configure: Add missing dependency of Snow decoder on videodsp
  rpza: limit the number of blocks to the total remaining blocks in the frame

Conflicts:
	RELEASE

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-03-07 03:10:13 +01:00
Janne Grunau
460b948283 arm: hpeldsp: prevent overreads in armv6 asm 
Based on a patch by Russel King <rmk+libav@arm.linux.org.uk>

Bug-Id: 646
CC: libav-stable@libav.org
 2014-03-05 19:45:00 +01:00
Keiji Costantini
aa2a3ca27a ituh263: reject b-frame with pp_time = 0 
Avoid a division by 0 in ff_mpeg4_set_one_direct_mv.

Sample-Id: 00000168-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit 9514440337875e0c63b409abcd616b68c518283f)
(cherry picked from commit 5df52b0131d3d4d804ad6e221bc9a2cd8b201ef2)
 2014-03-02 11:45:32 -05:00
Luca Barbato
8883b5f85b h264: Fix a typo from the previous commit 
f777504f640260337974848c7d5d7a3f064bbb45 changed a - in +

CC: libav-stable@libav.org
(cherry picked from commit d922c5a5fbaf0b6c73bd8c81ae059bc6e406961c)
(cherry picked from commit 3ce77e04c2ca4b9e7fa6b94b51e8d7c5f188da86)
 2014-02-28 23:05:53 -05:00
Anton Khirnov
b4d72f901c lagarith: reallocate rgb_planes when needed 
Fixes invalid writes on pixel format changes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 4c3e1956ee35fdcc5ffdb28782050164b4623c0b)
 2014-02-28 23:05:53 -05:00
Vittorio Giovara
7c70cee29c h264: Lower bound check for slice offsets 
And use the value from the specification.

Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit f777504f640260337974848c7d5d7a3f064bbb45)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)

Conflicts:
	libavcodec/h264.c
 2014-02-28 23:05:53 -05:00
Anton Khirnov
13fd80837f truemotion1: check the header size 
Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 2240e2078d53d3cfce8ff1dda64e58fa72038602)
 2014-02-28 23:05:53 -05:00
Anton Khirnov
f1a7bfea41 shorten: pad the internal bitstream buffer 
Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 1713eec29add37b654ec6bf262b843d139c1ffc6)
 2014-02-28 23:05:53 -05:00
Anton Khirnov
8ba514117b Add missing header to fix compilation after d2a0654 
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2014-02-28 23:05:08 -05:00
Anton Khirnov
d2a065437a rpza: limit the number of blocks to the total remaining blocks in the frame 
Fixes invalid writes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 77bb0004bbe18f1498cfecdc68db5f10808b6599)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2014-02-14 11:31:35 +01:00
Michael Niedermayer
08dde7567d Merge remote-tracking branch 'qatar/release/9' into release/1.1 
* qatar/release/9:
  Update Changelog for 9.11
  oggparseogm: check timing variables
  mathematics: remove asserts from av_rescale_rnd()
  vc1: Always reset numref when parsing a new frame header.
  h264: reset num_reorder_frames if it is invalid

Conflicts:
	Changelog
	libavcodec/vc1.c
	libavutil/mathematics.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 06:41:15 +01:00
Michael Niedermayer
cb8180885f Merge commit '62ed6da016b789eee00e0fff517df4a254e12e5d' into release/1.1 
* commit '62ed6da016b789eee00e0fff517df4a254e12e5d':
  h264: check that an IDR NAL only contains I slices
  mov: Free an earlier allocated array if allocating a new one

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 06:32:48 +01:00
Michael Niedermayer
e2781db62a Merge commit '44079902c49e526f464bb4eb855665e1af867e91' into release/1.1 
* commit '44079902c49e526f464bb4eb855665e1af867e91':
  mov: Free intermediate arrays in the normal cleanup function
  segafilm: fix leaks if reading the header fails
  h264_cavlc: check the size of the intra PCM data.
  h263: Check init_get_bits return value
  cavsdec: check ff_get_buffer() return value

Conflicts:
	libavcodec/cavsdec.c
	libavcodec/h263dec.c
	libavformat/mov.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 06:23:46 +01:00
Michael Niedermayer
9ac7d8f85d Merge commit 'c85e5f13f6ac9c4c90125e7671d89009e57f9df9' into release/1.1 
* commit 'c85e5f13f6ac9c4c90125e7671d89009e57f9df9':
  cavs: Check for negative cbp
  avi: DV in AVI must be considered single stream
  vmnc: Check the cursor dimensions
  vmnc: Port to bytestream2

Conflicts:
	libavcodec/cavsdec.c
	libavcodec/vmnc.c
	libavformat/avidec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 06:05:36 +01:00
Michael Niedermayer
fd856693de Merge commit 'f1476459b7013d306eb911573f1dc81e74ccd082' into release/1.1 
* commit 'f1476459b7013d306eb911573f1dc81e74ccd082':
  vmnc: K&R formatting cosmetics
  flashsv: Check diff_start diff_height values
  dsputil/pngdsp: fix signed/unsigned type in end comparison

Conflicts:
	libavcodec/dsputil.c
	libavcodec/flashsv.c
	libavcodec/vmnc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 05:43:42 +01:00
Michael Niedermayer
af74599e66 avcodec/vc1: reset fcm/field_mode in non advanced header parsing 
Fixes NULL pointer dereference
Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 04:50:17 +01:00
Michael Niedermayer
74821341b9 avcodec/takdec: always check bits_per_raw_sample 
Fixes out of array access
Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 04:50:17 +01:00
Michael Niedermayer
7adf4a92a1 avcodec/vmnc: Check that rectangles are within the picture 
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d)

Conflicts:

	libavcodec/vmnc.c

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 04:50:17 +01:00
Michael Niedermayer
e04f68f7c5 dnxhdenc: fix mb_rc size 
Fixes out of array access with RC_VARIANCE set to 0

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
 2014-02-04 04:50:17 +01:00
Anton Khirnov
62ed6da016 h264: check that an IDR NAL only contains I slices 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 8b2e5e42bb9d6a59ede5af2e6df4aaf7750d1195)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2014-02-01 23:51:46 -05:00
Michael Niedermayer
3cc8d9bc1f vc1: Always reset numref when parsing a new frame header. 
Fixes an issue where the B-frame coding mode switches from interlaced
fields to interlaced frames, causing incorrect decisions in the motion
compensation code and resulting in visual artifacts.

CC: libav-stable@libav.org
Signed-off-by: Tim Walker <tdskywalker@gmail.com>
(cherry picked from commit dd2d0039b6405dc724e4fef0d5b8f49530eea3aa)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2014-02-01 23:51:46 -05:00
Anton Khirnov
299c5dcfb0 h264: reset num_reorder_frames if it is invalid 
An invalid VUI is not considered a fatal error, so the SPS containing it
may still be used. Leaving an invalid value of num_reorder_frames there
can result in writing over the bounds of H264Context.delayed_pic.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 9ecabd7892ff073ae60ded3fc0a1290f5914ed5c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/h264_ps.c
 2014-02-01 23:51:46 -05:00
Luca Barbato
c85e5f13f6 cavs: Check for negative cbp 
Sample-Id: 00000647-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
 2014-02-01 14:59:50 -05:00
Luca Barbato
f1476459b7 vmnc: K&R formatting cosmetics 
Signed-off-by: Diego Biurrun <diego@biurrun.de>
 2014-02-01 14:59:50 -05:00
Anton Khirnov
b5275ca1a8 h264_cavlc: check the size of the intra PCM data. 
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
 2014-02-01 14:59:50 -05:00
Michael Niedermayer
d9c82cea11 h263: Check init_get_bits return value 
And use init_get_bits8 to check for integer overflows while at it.

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2014-02-01 14:59:50 -05:00
Luca Barbato
4b24eb1a03 vmnc: Check the cursor dimensions 
And manage the reallocation failure path.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5e992a4682d2c09eed3839c6cacf70db3b65c2f4)
 2014-02-01 14:59:50 -05:00
Anton Khirnov
969028870c cavsdec: check ff_get_buffer() return value 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
 2014-02-01 14:59:50 -05:00
Luca Barbato
9f9e773881 vmnc: Port to bytestream2 
Fix some buffer overreads.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
 2014-02-01 14:59:50 -05:00
Michael Niedermayer
10d48fe6d3 flashsv: Check diff_start diff_height values 
Fix out of array accesses.

Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Adresses: CVE-2013-7015
(cherry picked from commit 57070b1468edc6ac8cb3696c817f3c943975d4c1)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2014-02-01 13:56:58 -05:00
Michael Niedermayer
af9799790d dsputil/pngdsp: fix signed/unsigned type in end comparison 
Fixes out of array accesses and integer overflows.

(cherry picked from commit d1916d13e28b87f4b1b214231149e12e1d536b4b)
Adresses: CVE-2013-7010, CVE-2013-7014

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2014-02-01 13:53:41 -05:00
Michael Niedermayer
6fa9741357 avcodec/aacdec: Dont fail if channels arent known yet 
Fixes Ticket3312

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 676a395ab903cac623c5d6ddd0928c789e08a59e)

Conflicts:
	libavcodec/aacdec.c
 2014-01-19 14:58:22 +01:00
Michael Niedermayer
bb26a88193 avcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the bitstream 
Fixes Ticket3303

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 31e703e899bee74c50efd8eb62c3d012ef5ab26d)
 2014-01-19 14:57:56 +01:00
Michael Niedermayer
55a4228ac2 avcodec/mjpegdec: only run EOI emulation code when there was a scan 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 361e27a3d8096baacc45d2551a1ebfcbfdaa6a67)
 2014-01-19 14:56:18 +01:00
Michael Niedermayer
3ae81880e1 avcodec/mjpegdec: update cur_scan also for non-LS jpeg 
This should make no difference but the variable will be used in a subsequent commit

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d)

Conflicts:
	libavcodec/mjpegdec.c
 2014-01-19 14:56:08 +01:00
Michael Niedermayer
9f47f95e70 Merge remote-tracking branch 'qatar/release/9' into release/1.1 
* qatar/release/9:
  prores: Error out only on surely incomplete ac_coeffs

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-01-13 15:14:13 +01:00
Luca Barbato
9aa22918c2 prores: Error out only on surely incomplete ac_coeffs 
(cherry picked from commit 2df7f7714a12a59d31058aba15fb1e348e36b0ab)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
 2014-01-13 14:18:37 +01:00
Michael Niedermayer
f479c17894 Merge commit '65830277d2d2ee3658e1f070a61044fff261ed3e' into release/1.1 
* commit '65830277d2d2ee3658e1f070a61044fff261ed3e':
  prores: Add a codepath for decoding errors
  nut: Fix unchecked allocations
  avi: directly resync on DV in AVI read failure
  mov: Don't allocate arrays with av_malloc that will be realloced
  shorten: Extend fixed_coeffs to properly support pred_order 0
  Prepare for 9.11 RELEASE
  avi: properly fail if the dv demuxer is missing
  prores: Reject negative run and level values
  audio_mix: fix channel order in mix_1_to_2_fltp_flt_c
  indeo4: Check the inherited quant_mat

Conflicts:
	RELEASE
	libavcodec/indeo4.c
	libavcodec/shorten.c
	libavformat/nut.c
	libavformat/nutdec.c
	libavformat/nutenc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-01-12 16:51:26 +01:00
Michael Niedermayer
1203e92181 Merge commit '0358a099f8abe60230dc2e5bec59bfceb7d1be07' into release/1.1 
* commit '0358a099f8abe60230dc2e5bec59bfceb7d1be07':
  indeo4: Check the block size if reusing the band configuration
  ffv1: Assume bitdepth 0 means 8bit
  alsa-audio-dec: explicitly cast the delay to a signed int64
  matroskadec: pad EBML_BIN data.
  motionpixels: clip VLC codes.
  avidec: fix a memleak in the dv init code.

Conflicts:
	libavcodec/ffv1dec.c
	libavcodec/indeo4.c
	libavdevice/alsa-audio-dec.c
	libavformat/matroskadec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-01-12 16:37:42 +01:00
Michael Niedermayer
c693ccb89a Merge commit '7b337b122959b9bf634c31b549892df974f35b40' into release/1.1 
* commit '7b337b122959b9bf634c31b549892df974f35b40':
  truemotion1: make sure index does not go out of bounds
  pcx: round up in bits->bytes conversion in a buffer size check
  omadec: Fix wrong number of array elements
  omadec: check GEOB sizes against buffer size
  ac3dec: fix outptr increment.
  avio: Use AVERROR_PROTOCOL_NOT_FOUND

Conflicts:
	libavcodec/ac3dec.c
	libavcodec/pcx.c
	libavformat/omadec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-01-12 16:16:58 +01:00
Michael Niedermayer
7e34379897 Merge commit '0e8ae6d10c609bb968c141aa2436413a55852590' into release/1.1 
* commit '0e8ae6d10c609bb968c141aa2436413a55852590':
  mpegvideo: Drop a faulty assert
  lavr: check that current_buffer is not NULL before using it
  pmpdec: check that there is at least one audio packet.
  lzw: switch to bytestream2
  gifdec: convert to bytestream2

Conflicts:
	libavcodec/gifdec.c
	libavcodec/lzw.c
	libavcodec/lzw.h
	libavformat/pmpdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-01-12 16:08:27 +01:00
Michael Niedermayer
ce795ac0f5 Merge commit 'c5c7e3e6f7cf17943c04bd078f260eaf789afbc9' into release/1.1 
* commit 'c5c7e3e6f7cf17943c04bd078f260eaf789afbc9':
  gifdec: check that the image dimensions are non-zero
  gifdec: return meaningful error codes.
  eacmv: check the framerate before setting it.
  rv30: fix extradata size check.
  sdp: Check that fmt->oformat is non-null before accessing it
  matroskadec: use correct compression parameters for current track CodecPrivate
  vc1: Reset numref if fieldmode is not set

Conflicts:
	libavcodec/gifdec.c
	libavcodec/rv30.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
 2014-01-12 15:48:39 +01:00
Michael Niedermayer
5ea2a8d43e avcodec/msvideo1enc: fix SKIPS_MAX 
Fixes Ticket3270

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fb8f5d0510619cea2204246631f1c0dcd994ee25)
 2014-01-09 11:52:48 +01:00
Tim Walker
a0866c7129 shorten: Fix out-of-array read 
pred_order == FF_ARRAY_ELEMS(fixed_coeffs) is invalid too.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 5f5ada3dbf97e306a74250ba8dcf8619ad59b020)
Signed-off-by: Tim Walker <tdskywalker@gmail.com>
 2014-01-06 16:36:56 +01:00
Luca Barbato
65830277d2 prores: Add a codepath for decoding errors 
(cherry picked from commit 44690dfa683f620c77e9f0e8e9bc5682608636b1)
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
 2014-01-06 02:31:17 +00:00
Luca Barbato
5bbee02ae0 shorten: Extend fixed_coeffs to properly support pred_order 0 
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b2148faca9e9e553c14b27844b56e367c85a777e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2014-01-05 17:30:53 -05:00