Fixes invalid writes with very small image heights.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0b39ac6f54505a538c21fe49a626de94c518c903)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit eac49477aa95cf727d87d2741ee8e60be59d394b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 92888e9ed4ea4e761ae953bbe28c85cc658abc8f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* commit '0e8ae6d10c609bb968c141aa2436413a55852590':
mpegvideo: Drop a faulty assert
lavr: check that current_buffer is not NULL before using it
pmpdec: check that there is at least one audio packet.
lzw: switch to bytestream2
gifdec: convert to bytestream2
Conflicts:
libavcodec/gifdec.c
libavcodec/lzw.c
libavcodec/lzw.h
libavformat/pmpdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c5c7e3e6f7cf17943c04bd078f260eaf789afbc9':
gifdec: check that the image dimensions are non-zero
gifdec: return meaningful error codes.
eacmv: check the framerate before setting it.
rv30: fix extradata size check.
sdp: Check that fmt->oformat is non-null before accessing it
matroskadec: use correct compression parameters for current track CodecPrivate
vc1: Reset numref if fieldmode is not set
Conflicts:
libavcodec/gifdec.c
libavcodec/rv30.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also add an error message an return a more suitable error code
(INVALIDDATA, not EINVAL);
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit c453723ad7d14abc5e82677eebaa6025fa598f08)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Prevents inconsistent state and null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 46cb61819d867961e8f2052a8f13bcf2027d484f)
Conflicts:
libavcodec/gifdec.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes out of array accesses.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d23b8462b5a4a9da78ed45c4a7a3b35d538df909)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7ee5e97c46e30fb3d6f9f78cc3313dbc06528b37)
Conflicts:
libavcodec/gifdec.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c10350358da58600884292c08a8690289b81de29)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes the colour of the transparent background (as seen with ffplay),
and makes the background of some non-keyframes transparent that was
incorrectly shown as opaque for some samples.
Add capability of reading multiple frames instead of only first.
Implement support for different gif frame 'disposal methods'.
Add option that allows to change background color resulting from
conversion of gif with transparency to any other format which
not support it.
Also bump lavc minor version.
Signed-off-by: Vitaliy E Sugrobov <vsugrob@hotmail.com>
Replace literals with named constants in several pieces of code
like 'return -1' and 'case 0xab'.
Change the way decoder handles absence of image data in a file:
notify gif_decode_frame() caller with got_picture set to zero
instead of returning -1.
Signed-off-by: Vitaliy E Sugrobov <vsugrob@hotmail.com>
* qatar/master:
rtpdec_asf: Set the no_resync_search option for the chained asf demuxer
asfdec: Add an option for not searching for the packet markers
cosmetics: Clean up the tiffenc pix_fmts declaration to match the style of others
cosmetics: Align codec declarations
cosmetics: Convert mimic.c to utf-8
avconv: remove an unused function parameter.
avconv: remove now pointless variables.
avconv: drop support for building without libavfilter.
nellymoserenc: fix crash due to memsetting the wrong area.
libavformat: Only require first packet to be known for audio/video streams
avplay: Don't try to scale timestamps if the tb isn't set
Conflicts:
Changelog
configure
ffmpeg.c
libavcodec/aacenc.c
libavcodec/bmpenc.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/ffv1.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/libopenjpegdec.c
libavcodec/mpeg12enc.c
libavcodec/mpeg4videodec.c
libavcodec/pamenc.c
libavcodec/pgssubdec.c
libavcodec/pngenc.c
libavcodec/qtrleenc.c
libavcodec/rawdec.c
libavcodec/sgienc.c
libavcodec/tiffenc.c
libavcodec/v210dec.c
libavcodec/wmv2dec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master: (42 commits)
swscale: fix signed overflow in yuv2mono_X_c_template
snow: fix integer overflows
svq1enc: remove stale altivec-related hack
snow: fix signed overflow in byte to 32-bit replication
adx: rename ff_adx_decode_header() to avpriv_adx_decode_header()
avformat: add CRI ADX format demuxer
adx: add an ADX parser.
adx: move header decoding to ADX common code
adx: calculate the number of blocks in a packet
adx: define and use 2 new macro constants BLOCK_SIZE and BLOCK_SAMPLES
adx: check for unsupported ADX formats
adx: simplify encoding by using put_sbits()
adx: calculate correct LPC coeffs
adx: use 12-bit coefficients instead of 14-bit to avoid integer overflow
adx: simplify adx_decode() by using get_sbits() to read residual samples
adx: fix the data offset parsing in adx_decode_header()
adx: remove unneeded post-decode channel interleaving
adx: validate header values
adx: cosmetics: general pretty-printing and comment clean-up
adx: remove useless comments
...
Conflicts:
Changelog
libavcodec/cook.c
libavcodec/fraps.c
libavcodec/nuv.c
libavcodec/pthread.c
libavcodec/version.h
libavformat/Makefile
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata.
H.264: tweak some other x86 asm for Atom
probe: Fix insane flow control.
mpegts: remove invalid error check
s302m: use nondeprecated audio sample format API
lavc: use designated initialisers for all codecs.
x86: cabac: add operand size suffixes missing from 6c32576
Conflicts:
libavcodec/ac3enc_float.c
libavcodec/flacenc.c
libavcodec/frwu.c
libavcodec/pictordec.c
libavcodec/qtrleenc.c
libavcodec/v210enc.c
libavcodec/wmv2dec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
It is pretty hopeless that other considerable projects will adopt
libavutil alone in other projects. Projects that need small footprint
are better off with more specialized libraries such as gnulib or rather
just copy the necessary parts that they need. With this in mind, nobody
is helped by having libavutil and libavcore split. In order to ease
maintenance inside and around FFmpeg and to reduce confusion where to
put common code, avcore's functionality is merged (back) to avutil.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
None of these symbols should be accessed directly, so declare them as
hidden.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit d36beb3f6902b1217beda576aa18abf7eb72b03c)
