ffmpeg

Author	SHA1	Message	Date
Luca Barbato	aed12df7fe	mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac Prevent out of buffer write when decoding broken samples. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cfbd98abe82cfcb9984a18d08697251b72b110c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-31 23:00:31 +02:00
Luca Barbato	7923a25fdd	mjpeg: Validate sampling factors They must be non-zero. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8aa3500905fec6c4e657bb291b861d43c34d3de9) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-31 23:00:31 +02:00
Luca Barbato	510a96a211	ljpeg: use the correct number of components in yuv Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a030279a67ef883df8cf3707774656fa1be81078) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-31 23:00:31 +02:00
Luca Barbato	0af5a774eb	jpegls: check the scan offset Prevent an out of array bound write. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit abad374909e6416e941351094f4f1446a71f8d23) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/jpeglsdec.c	2013-05-31 23:00:30 +02:00
Luca Barbato	aaeef7fa0d	mjpegdec: properly report unsupported disabled features When JPEG-LS support is disabled the decoder would feed the data to the JPEG Lossless decode_*_scan function resulting in faulty decoding. CC: libav-stable@libav.org (cherry picked from commit b25e49b187617c486ae3f50a5cbb356fc0e868bb) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-31 23:00:30 +02:00
Luca Barbato	c340319559	wavpack: validate samples size parsed in wavpack_decode_block Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ed50673066956d6f2201a57c3254569f2ab08d9d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/wavpack.c	2013-05-31 23:00:30 +02:00
Reinhard Tartler	582aec4989	jpegls: factorize return paths Conflicts: libavcodec/jpeglsdec.c (cherry picked from commit 4a4107b48944397c914aa39ee16a82fe44db8c4c)	2013-05-31 23:00:30 +02:00
Luca Barbato	9eecf633f7	jpegls: return meaningful errors (cherry picked from commit a5a0ef5e13a59ff53318a45d77c5624b23229c6f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/jpeglsdec.c	2013-05-31 23:00:30 +02:00
Jindrich Makovicka	7f451cb01f	mpegvideo: allocate sufficiently large scratch buffer for interlaced vid MPV_decode_mb_internal needs 3 * 16 * linesize bytes of scratch buffer For interlaced content, linesize is multiplied by two after the allocation of the scratch buffer, and the dest_cr pointer ends past the buffer. This patch makes ff_mpv_frame_size_alloc allocate a total of (aligned line_size) * 2 * 16 * 3 bytes, which suffices even for the interlaced case. CC:libav-stable@libav.org Signed-off-by: Jindrich Makovicka <makovick@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 259af1b92370b32f6d0b9a6de314db4b44c2481d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-31 23:00:30 +02:00
Michael Niedermayer	a987750267	h264_cavlc: fix reading skip run Fixes Ticket2606 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 826b3a75cd295c03720e00d3de83e1abcbedd4b9) Conflicts: libavcodec/h264_cavlc.c	2013-05-30 22:35:21 +02:00
Michael Niedermayer	6f585f1e66	smacker: remove av_clip_int16() Fixes Ticket2425 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2211c76287e073a9e176fde7dbb9a63ceb2af8d1)	2013-05-20 23:59:09 +02:00
Michael Niedermayer	91138821fb	gifdec: check that the last keyframe exists and has been successfully parsed. Prevents inconsistent state and null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 46cb61819d867961e8f2052a8f13bcf2027d484f) Conflicts: libavcodec/gifdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:58:49 +02:00
Michael Niedermayer	a4681d1043	gifdec: reset previous Graphic Control Extension disposal type This fixes out of array accesses. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d23b8462b5a4a9da78ed45c4a7a3b35d538df909) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7ee5e97c46e30fb3d6f9f78cc3313dbc06528b37) Conflicts: libavcodec/gifdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:46:27 +02:00
Michael Niedermayer	151c2ca8c7	avcodec/cdgraphics: check buffer size before use Fixes out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ad002e1a13a8df934bd6cb2c84175a4780ab8942) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:45:21 +02:00
Michael Niedermayer	dafd8228bc	sanm: Check dimensions before use Fixes integer overflow and out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9dd04f6d8cdd1c10c28b2cb4252c1a41df581915) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:45:16 +02:00
Michael Niedermayer	e9d9fd1137	vmdav: Try to fix unpack_rle() This fixes out of array accesses The code prior to this commit could not have worked, thus obviously was untested. I was also not able to find a valid sample that uses this code. This fix is thus only based on the description of the format If someone has a sample that uses unpack_rle(), please mail me. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c1f2c4c3b49277d65b71ccdd3b6b2878f1b593eb) Conflicts: libavcodec/vmdav.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:44:44 +02:00
Michael Niedermayer	e4bae0a140	mmvideo/mm_decode_intra: check horizontal coordinate too Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ae2132ac90f02330b0988e6e26ee0d53e41cd196) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:44:27 +02:00
Michael Niedermayer	520c3d2303	mmvideo/mm_decode_inter: check horizontal coordinate too Fixes out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8d3c99e825317b7efda5fd12e69896b47c700303) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:44:22 +02:00
Michael Niedermayer	82a627c2c3	mjpegdec: fix overlapping memcpy with upscale_v Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b39fd7d63648442c20671c3e4b357268ec5c49f2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:44:12 +02:00
Michael Niedermayer	0cb4887b83	avcodec/mpegvideo: Fix edge emu with lowres Fixes a few green artifacts at the top Fixes rest of Ticket 2535 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c67bca2b5a94efb8fb3c2ba2c7d9b1b413468838) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:43:04 +02:00
Michael Niedermayer	4a45535836	avcodec/mpegvideo: Fix block height for lowres 3 interlaced blocks Fixes green trash Fixes part of Ticket2535 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bca50e5cd52240d885afeb3edb0fa2c74b352add) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:42:33 +02:00
Michael Niedermayer	731f4bb6fd	xbmdec: fix off by one error in scanf() Fixes out of array access Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-13 00:35:04 +02:00
Michael Niedermayer	898ce4d6e2	Merge remote-tracking branch 'qatar/release/9' into release/1.1 * qatar/release/9: update Changelog af_asyncts: fix offset calculation oma: properly forward errors in oma_read_packet indeo3: use unaligned reads on reference blocks. Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 14:39:09 +02:00
Michael Niedermayer	204c8798a8	Merge commit '0662967d2bbdbe90540eaa8c847f521fa4b75aab' into release/1.1 * commit '0662967d2bbdbe90540eaa8c847f521fa4b75aab': hls, segment: fix splitting for audio-only streams. afifo: fix request_samples on the last frame in certain cases id3v2: check for end of file while unescaping tags indeo3: fix off by one in MV validity check Conflicts: libavformat/id3v2.c libavformat/segment.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 14:25:50 +02:00
Michael Niedermayer	9767d7513c	Merge commit '46fd6e4f2ebbcd5a00847cdb05fe416466d06d37' into release/1.1 * commit '46fd6e4f2ebbcd5a00847cdb05fe416466d06d37': aac: check the maximum number of channels update Changelog riff: check for eof if chunk size and code are 0 oggdec: fix faulty cleanup prototype Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 14:11:03 +02:00
Michael Niedermayer	d2b9da2f37	Merge commit 'c8462bd17f35f435192281a2ea4ce8008a7398d3' into release/1.1 * commit 'c8462bd17f35f435192281a2ea4ce8008a7398d3': mp3dec: fallback to generic seeking when a TOC is not present svq1dec: clip motion vectors to the frame size. svq1dec: check that the reference frame has the same dimensions as the current one qdm2: check that the FFT size is a power of 2 Conflicts: libavcodec/svq1dec.c libavformat/mp3dec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 13:55:06 +02:00
Michael Niedermayer	395538e073	Merge commit '95db1624ef98ccc4ba7ff70d50c4b4d0f8ffed54' into release/1.1 * commit '95db1624ef98ccc4ba7ff70d50c4b4d0f8ffed54': indeo3: switch parsing the header to bytestream2 indeo3: check motion vectors. rv10: check that extradata is large enough indeo3: fix data size check Conflicts: libavcodec/indeo3.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 13:44:08 +02:00
Michael Niedermayer	a367ab657f	Merge commit '8f558c3e101859aec9adcb4b4b270ae1ef8f88b5' into release/1.1 * commit '8f558c3e101859aec9adcb4b4b270ae1ef8f88b5': af_channelmap: sanity check input channel indices in all cases. id3v2: pad the APIC packets as required by lavc. lavf: make sure stream probe data gets freed. dfa: check for invalid access in decode_wdlt(). Conflicts: libavformat/id3v2.c libavformat/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 13:35:30 +02:00
Michael Niedermayer	63235b8d41	Merge commit '858864d350320dd807e349bda017026e61a47fe0' into release/1.1 * commit '858864d350320dd807e349bda017026e61a47fe0': xmv: check audio track parameters validity. bmv: check for len being valid in bmv_decode_frame(). xmv: do not leak memory in the error paths in xmv_read_header() matroska: pass the lace size to the matroska_parse_rm_audio Conflicts: libavformat/matroskadec.c libavformat/xmv.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 13:19:54 +02:00
Michael Niedermayer	1ace588f4a	Merge commit 'fc6825ebb6585138e8ee2bb3484a04542c5d8b6a' into release/1.1 * commit 'fc6825ebb6585138e8ee2bb3484a04542c5d8b6a': vp8: Fix pthread_cond and pthread_mutex leaks configure: Refactor dxva2api.h dependency declarations flvdec: read audio sample size and channels metadata flvdec: use the correct audio codec id when parsing metadata Conflicts: configure Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-05-12 12:41:03 +02:00
Michael Smith	1fa37f2bfa	proresdec: support mixed interlaced/non-interlaced content Set interlaced to false if we don't have an interlaced frame Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 0881cbf314982cce8448bd12644ce2a6e0b8c576) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-12 08:38:36 +02:00
Anton Khirnov	7f8b55b560	indeo3: use unaligned reads on reference blocks. They are not guaranteed to be aligned. Fixes Bug 503. CC:libav-stable@libav.org (cherry picked from commit a97d8cc16e0da30c9ffefa1ede2a0adf3db5f3f8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-05-11 12:00:54 +02:00
Michael Niedermayer	1ab4578c88	lavc: Fix assignments in if() when calling ff_af_queue_add Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 1d7ffd06e41e44d8932d0dd62caa2da17947d8c4) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-05-08 19:05:21 +02:00
Carl Eugen Hoyos	46e1d05991	Fix type of shared flac table ff_flac_blocksize_table[]. Fixes ticket #2533. (cherry picked from commit a07ac1f7888fd08e42da2bed0421e74f1cfac177)	2013-05-05 20:39:53 +02:00
Anton Khirnov	d8745de6ae	indeo3: fix off by one in MV validity check CC:libav-stable@libav.org (cherry picked from commit 95220be1faac628d849a004644c0d102df0aa98b) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-05-03 19:21:45 +02:00
Luca Barbato	46fd6e4f2e	aac: check the maximum number of channels Broken bitstreams could report a larger than specified number of channels and cause outbound writes. CC:libav-stable@libav.org (cherry picked from commit a943a132f36f4df8fe2f749744677b71984abce7) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2013-04-28 00:43:43 +02:00
Anton Khirnov	a3410b5a1f	svq1dec: clip motion vectors to the frame size. Fixes invalid reads for corrupted files. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit ecff5acb5a738fcb4f9e206a12070dac4bf259b3) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-04-18 22:06:09 +02:00
Anton Khirnov	43039f9386	svq1dec: check that the reference frame has the same dimensions as the current one They can be different if the last keyframe failed to decode correctly. Fixes possible invalid reads in such a case. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit b1bb8fb860b47e90dd67f0c5740698128fc82dcc) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-04-18 22:05:55 +02:00
Anton Khirnov	d0c4d61c8b	qdm2: check that the FFT size is a power of 2 Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 34f87a58532ed652a6e0283c1d044ee5df0aef0b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-04-18 22:05:20 +02:00
Anton Khirnov	95db1624ef	indeo3: switch parsing the header to bytestream2 Also add an additional sanity check to the alt_quant table. Fixes invalid reads with corrupted files. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 66531d634e75b834e89e4a6a0f7470ca018712a1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-04-18 22:05:09 +02:00
Anton Khirnov	b0b33ce148	indeo3: check motion vectors. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit a0a872d0733f60876b0c93f236bc4606f36fbf89) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-04-18 22:04:53 +02:00
Anton Khirnov	fa4192e31f	rv10: check that extradata is large enough Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 01d376f598fe95478036f5d1e3e5e14ffe32d4bf) Conflicts: libavcodec/rv10.c	2013-04-18 22:03:32 +02:00
Anton Khirnov	4c412580fd	indeo3: fix data size check The data offsets are relative to the bistream header, which is 16 bytes after the start of the data. Fixes invalid reads with corrupted files. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 34e6af9e204ca6bb18d8cf8ec68fe19b0e083e95) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-04-18 22:01:24 +02:00
Anton Khirnov	62f9253781	dfa: check for invalid access in decode_wdlt(). This can happen when the number of skipped lines is not consistent with the number of coded lines. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 3623589edc7b1257bb45aa9e52c9631e133f22b6) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-04-06 11:47:56 +02:00
Anton Khirnov	ba31b72f46	bmv: check for len being valid in bmv_decode_frame(). It can be 0 or -1 for invalid files, which may result in invalid memory access. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b88f902125ee808c8366e9dcb3f21e4c227483fc) Conflicts: libavcodec/bmv.c	2013-04-06 11:47:01 +02:00
Matt Wolenetz	fc6825ebb6	vp8: Fix pthread_cond and pthread_mutex leaks CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 1d6e618939c1ba9c333d513fc7826719dae34031) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-03-31 10:38:22 +02:00
Michael Niedermayer	3d5323a351	dnxhddec: return the correct number of bytes from decode_frame Fixes Ticket2022 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dae38a66ebd8a71aad51a29311f1c50df3ae3a2e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-03-18 03:34:25 +01:00
ArnoB	69659389a3	dpxenc: fix data offset Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 361319d0f49475bc14c744194870f9bab78a8a83) Conflicts: tests/ref/lavf/dpx Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2013-03-18 03:27:33 +01:00
Michael Niedermayer	bd593a98dc	Merge commit 'c50241080d7599c90fc8b4e74c5f8d62a4caae52' into release/1.1 * commit 'c50241080d7599c90fc8b4e74c5f8d62a4caae52': vf_hqdn3d: fix uninitialized variable use lzo: fix overflow checking in copy_backptr() flacdec: simplify bounds checking in flac_probe() atrac3: avoid oversized shifting in decode_bytes() shorten: use the unsigned type where needed shorten: report meaningful errors shorten: K&R formatting cosmetics shorten: set invalid channels count to 0 Conflicts: libavcodec/shorten.c libavformat/flacdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-03-18 03:05:36 +01:00
Carl Eugen Hoyos	6f787aa79b	Do not (re-)set libx264 parameter b_tff if interlaced encoding was not requested. Reconfiguring can break x264 lossless encoding. Fixes ticket #2165. (cherry picked from commit 75c7e4583f4fd727d236a12763a265502fe00988)	2013-03-18 02:13:34 +01:00

... 8 9 10 11 12 ...

22711 Commits