Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf)
Conflicts:
libavcodec/mjpegdec.c
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037)
Conflicts:
libavcodec/mjpegdec.c
Fixes out of array access
Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0eecf40935b22644e6cd74c586057237ecfd6844)
Conflicts:
libavcodec/mjpegdec.c
Fixes CID1194388
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b4329605289e25bb071ec1c1182bf25fc83b09aa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This should make no difference but the variable will be used in a subsequent commit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d)
Conflicts:
libavcodec/mjpegdec.c
* qatar/release/9:
mpegvideo: Avoid 32-bit wrapping of linesize multiplications
mjpegb: Detect changing number of planes in interlaced video
alac: Check that the channels fit at the given offset
4xm: Check that the read track value is non-negative
Conflicts:
libavcodec/alac.c
libavcodec/mjpegdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
These prevent the rgb ljpeg code from being run on parameters that it doesnt
support. No testcase available but it seems possible to trigger these.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61c68000eda643dfce96dc46b488d39fd5c4e309)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c8fb5d0f383fcbb0da9bdef609c3a826df0064f7':
Update Changelog
indeo: check for reference when inheriting mvs
indeo: use proper error code
indeo: Properly forward the error codes
mjpeg: Check the unescaped size for overflows
wmapro: error out on impossible scale factor offsets
wmapro: check the min_samples_per_subframe
wmapro: return early on unsupported condition
wmapro: check num_vec_coeffs against the actual available buffer
wmapro: make sure there is room to store the current packet
lavc: move put_bits_left in put_bits.h
4xm: do not overread the source buffer in decode_p_block
4xm: check bitstream_size boundary before using it
Conflicts:
Changelog
libavcodec/4xm.c
libavcodec/mjpegdec.c
libavcodec/wmaprodec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '10f77c165c3b3e881bb174a0f57dd62083639072':
pixdesc: mark gray8 as pseudopal
mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac
mjpeg: Validate sampling factors
ljpeg: use the correct number of components in yuv
wavpack: validate samples size parsed in wavpack_decode_block
Conflicts:
libavcodec/mjpegdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
They must be non-zero.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8aa3500905fec6c4e657bb291b861d43c34d3de9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
When JPEG-LS support is disabled the decoder would feed the
data to the JPEG Lossless decode_*_scan function resulting in
faulty decoding.
CC: libav-stable@libav.org
(cherry picked from commit b25e49b187617c486ae3f50a5cbb356fc0e868bb)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b39fd7d63648442c20671c3e4b357268ec5c49f2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket2353
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3c24fbbf651d4ec28eccfd7ef05a2595a11dd55a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '91ac403b1316d59b4f43c4ea0f237e24cec2819a':
lavf: fix arithmetic overflows in avformat_seek_file()
mjpeg: initialize input padding after unescaped buffer to zero
Conflicts:
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This also fixes a long standing comment in the code.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mingw/cygwin: Stop adding -fno-common to gcc CFLAGS
Restructure av_log_missing_feature message
rtp: Support packetization/depacketization of opus
file: Set the return value type for lseek to int64_t.
ppc: fix Altivec build with old compilers
build: add LTO support for PGI compiler
build: add -Mdse to PGI optimisation flags
rtpenc_vp8: Update the packetizer to the latest spec version
rtpdec_vp8: Make the depacketizer implement the latest spec draft
doc: allow building with old texi2html versions
avutil: skip old_pix_fmts.h since it is just a list
Conflicts:
libavcodec/aacdec.c
libavcodec/h264.c
libavcodec/ppc/fmtconvert_altivec.c
libavcodec/utils.c
libavformat/file.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Some invocations include a verb in the log message, others do not. Yet
av_log_missing_feature expects callers to provide a verb. Change the
function to include a verb instead and update the callers accordingly.
The result is a more natural function API and correct English in the
function invocations.
