ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	7adf4a92a1	avcodec/vmnc: Check that rectangles are within the picture Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Conflicts: libavcodec/vmnc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 04:50:17 +01:00
Michael Niedermayer	e04f68f7c5	dnxhdenc: fix mb_rc size Fixes out of array access with RC_VARIANCE set to 0 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-04 04:50:17 +01:00
Anton Khirnov	62ed6da016	h264: check that an IDR NAL only contains I slices Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 8b2e5e42bb9d6a59ede5af2e6df4aaf7750d1195) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:46 -05:00
Michael Niedermayer	3cc8d9bc1f	vc1: Always reset numref when parsing a new frame header. Fixes an issue where the B-frame coding mode switches from interlaced fields to interlaced frames, causing incorrect decisions in the motion compensation code and resulting in visual artifacts. CC: libav-stable@libav.org Signed-off-by: Tim Walker <tdskywalker@gmail.com> (cherry picked from commit dd2d0039b6405dc724e4fef0d5b8f49530eea3aa) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 23:51:46 -05:00
Anton Khirnov	299c5dcfb0	h264: reset num_reorder_frames if it is invalid An invalid VUI is not considered a fatal error, so the SPS containing it may still be used. Leaving an invalid value of num_reorder_frames there can result in writing over the bounds of H264Context.delayed_pic. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 9ecabd7892ff073ae60ded3fc0a1290f5914ed5c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/h264_ps.c	2014-02-01 23:51:46 -05:00
Luca Barbato	c85e5f13f6	cavs: Check for negative cbp Sample-Id: 00000647-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Luca Barbato	f1476459b7	vmnc: K&R formatting cosmetics Signed-off-by: Diego Biurrun <diego@biurrun.de>	2014-02-01 14:59:50 -05:00
Anton Khirnov	b5275ca1a8	h264_cavlc: check the size of the intra PCM data. Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Michael Niedermayer	d9c82cea11	h263: Check init_get_bits return value And use init_get_bits8 to check for integer overflows while at it. CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2014-02-01 14:59:50 -05:00
Luca Barbato	4b24eb1a03	vmnc: Check the cursor dimensions And manage the reallocation failure path. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 5e992a4682d2c09eed3839c6cacf70db3b65c2f4)	2014-02-01 14:59:50 -05:00
Anton Khirnov	969028870c	cavsdec: check ff_get_buffer() return value Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Luca Barbato	9f9e773881	vmnc: Port to bytestream2 Fix some buffer overreads. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org	2014-02-01 14:59:50 -05:00
Michael Niedermayer	10d48fe6d3	flashsv: Check diff_start diff_height values Fix out of array accesses. Found-by: ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Adresses: CVE-2013-7015 (cherry picked from commit 57070b1468edc6ac8cb3696c817f3c943975d4c1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 13:56:58 -05:00
Michael Niedermayer	af9799790d	dsputil/pngdsp: fix signed/unsigned type in end comparison Fixes out of array accesses and integer overflows. (cherry picked from commit d1916d13e28b87f4b1b214231149e12e1d536b4b) Adresses: CVE-2013-7010, CVE-2013-7014 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-02-01 13:53:41 -05:00
Michael Niedermayer	6fa9741357	avcodec/aacdec: Dont fail if channels arent known yet Fixes Ticket3312 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 676a395ab903cac623c5d6ddd0928c789e08a59e) Conflicts: libavcodec/aacdec.c	2014-01-19 14:58:22 +01:00
Michael Niedermayer	bb26a88193	avcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the bitstream Fixes Ticket3303 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 31e703e899bee74c50efd8eb62c3d012ef5ab26d)	2014-01-19 14:57:56 +01:00
Michael Niedermayer	55a4228ac2	avcodec/mjpegdec: only run EOI emulation code when there was a scan Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 361e27a3d8096baacc45d2551a1ebfcbfdaa6a67)	2014-01-19 14:56:18 +01:00
Michael Niedermayer	3ae81880e1	avcodec/mjpegdec: update cur_scan also for non-LS jpeg This should make no difference but the variable will be used in a subsequent commit Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d) Conflicts: libavcodec/mjpegdec.c	2014-01-19 14:56:08 +01:00
Michael Niedermayer	9f47f95e70	Merge remote-tracking branch 'qatar/release/9' into release/1.1 * qatar/release/9: prores: Error out only on surely incomplete ac_coeffs Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 15:14:13 +01:00
Luca Barbato	9aa22918c2	prores: Error out only on surely incomplete ac_coeffs (cherry picked from commit 2df7f7714a12a59d31058aba15fb1e348e36b0ab) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2014-01-13 14:18:37 +01:00
Michael Niedermayer	f479c17894	Merge commit '65830277d2d2ee3658e1f070a61044fff261ed3e' into release/1.1 * commit '65830277d2d2ee3658e1f070a61044fff261ed3e': prores: Add a codepath for decoding errors nut: Fix unchecked allocations avi: directly resync on DV in AVI read failure mov: Don't allocate arrays with av_malloc that will be realloced shorten: Extend fixed_coeffs to properly support pred_order 0 Prepare for 9.11 RELEASE avi: properly fail if the dv demuxer is missing prores: Reject negative run and level values audio_mix: fix channel order in mix_1_to_2_fltp_flt_c indeo4: Check the inherited quant_mat Conflicts: RELEASE libavcodec/indeo4.c libavcodec/shorten.c libavformat/nut.c libavformat/nutdec.c libavformat/nutenc.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-12 16:51:26 +01:00
Michael Niedermayer	1203e92181	Merge commit '0358a099f8abe60230dc2e5bec59bfceb7d1be07' into release/1.1 * commit '0358a099f8abe60230dc2e5bec59bfceb7d1be07': indeo4: Check the block size if reusing the band configuration ffv1: Assume bitdepth 0 means 8bit alsa-audio-dec: explicitly cast the delay to a signed int64 matroskadec: pad EBML_BIN data. motionpixels: clip VLC codes. avidec: fix a memleak in the dv init code. Conflicts: libavcodec/ffv1dec.c libavcodec/indeo4.c libavdevice/alsa-audio-dec.c libavformat/matroskadec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-12 16:37:42 +01:00
Michael Niedermayer	c693ccb89a	Merge commit '7b337b122959b9bf634c31b549892df974f35b40' into release/1.1 * commit '7b337b122959b9bf634c31b549892df974f35b40': truemotion1: make sure index does not go out of bounds pcx: round up in bits->bytes conversion in a buffer size check omadec: Fix wrong number of array elements omadec: check GEOB sizes against buffer size ac3dec: fix outptr increment. avio: Use AVERROR_PROTOCOL_NOT_FOUND Conflicts: libavcodec/ac3dec.c libavcodec/pcx.c libavformat/omadec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-12 16:16:58 +01:00
Michael Niedermayer	7e34379897	Merge commit '0e8ae6d10c609bb968c141aa2436413a55852590' into release/1.1 * commit '0e8ae6d10c609bb968c141aa2436413a55852590': mpegvideo: Drop a faulty assert lavr: check that current_buffer is not NULL before using it pmpdec: check that there is at least one audio packet. lzw: switch to bytestream2 gifdec: convert to bytestream2 Conflicts: libavcodec/gifdec.c libavcodec/lzw.c libavcodec/lzw.h libavformat/pmpdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-12 16:08:27 +01:00
Michael Niedermayer	ce795ac0f5	Merge commit 'c5c7e3e6f7cf17943c04bd078f260eaf789afbc9' into release/1.1 * commit 'c5c7e3e6f7cf17943c04bd078f260eaf789afbc9': gifdec: check that the image dimensions are non-zero gifdec: return meaningful error codes. eacmv: check the framerate before setting it. rv30: fix extradata size check. sdp: Check that fmt->oformat is non-null before accessing it matroskadec: use correct compression parameters for current track CodecPrivate vc1: Reset numref if fieldmode is not set Conflicts: libavcodec/gifdec.c libavcodec/rv30.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-12 15:48:39 +01:00
Michael Niedermayer	5ea2a8d43e	avcodec/msvideo1enc: fix SKIPS_MAX Fixes Ticket3270 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fb8f5d0510619cea2204246631f1c0dcd994ee25)	2014-01-09 11:52:48 +01:00
Tim Walker	a0866c7129	shorten: Fix out-of-array read pred_order == FF_ARRAY_ELEMS(fixed_coeffs) is invalid too. Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 5f5ada3dbf97e306a74250ba8dcf8619ad59b020) Signed-off-by: Tim Walker <tdskywalker@gmail.com>	2014-01-06 16:36:56 +01:00
Luca Barbato	65830277d2	prores: Add a codepath for decoding errors (cherry picked from commit 44690dfa683f620c77e9f0e8e9bc5682608636b1) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>	2014-01-06 02:31:17 +00:00
Luca Barbato	5bbee02ae0	shorten: Extend fixed_coeffs to properly support pred_order 0 Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b2148faca9e9e553c14b27844b56e367c85a777e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:30:53 -05:00
Luca Barbato	1d7a453dcf	prores: Reject negative run and level values Sample-Id: 00000611-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c0de9a23c7080e2fac8f879b9d9a0ce2b64ea953) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:21:35 -05:00
Luca Barbato	03457cabd6	indeo4: Check the inherited quant_mat Invalidate it if not supported. Sample-Id: 00000262-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c9ef6b09326a24010bf86d6b0d19cfa42df4d546) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/indeo4.c	2014-01-05 17:21:07 -05:00
Luca Barbato	0358a099f8	indeo4: Check the block size if reusing the band configuration Sample-Id: 00000287-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 0cb83c563848bf8f8365e7bd30e7e6b57ef360f0) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:16:42 -05:00
Luca Barbato	2656036757	ffv1: Assume bitdepth 0 means 8bit CC: libav-stable@libav.org Reported-by: debian/726189 (cherry picked from commit a90905db2e6ab1840890f3a88bfd3bf008b9d886) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:15:41 -05:00
Anton Khirnov	26221a54ec	motionpixels: clip VLC codes. Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit ca41c72c6d9515d9045bd3b68104525dee81b8d0) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:13:08 -05:00
Anton Khirnov	7b337b1229	truemotion1: make sure index does not go out of bounds Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit c918e08b9cc9ce8d06159c51da55ec5ab018039a) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:12:39 -05:00
Anton Khirnov	51ff11647f	pcx: round up in bits->bytes conversion in a buffer size check Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 430d12196432ded13f011a3bf7690f03c9b2e5d6) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:12:31 -05:00
Michael Niedermayer	e776a1e8f3	ac3dec: fix outptr increment. Fixes corrupt data errors when downmixing in the AC-3 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> CC:libav-stable@libav.org (cherry picked from commit 6c82c87dbbc0582658968eae46cfebeea90a9c5e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:11:54 -05:00
Luca Barbato	0e8ae6d10c	mpegvideo: Drop a faulty assert That check is easily reachable by faulty input. CC:libav-stable@libav.org Reported-by: Torsten Sadowski <tsadowski@gmx.net> (cherry picked from commit 72072bf9de3241848ea86f68d2297b7a5d6ad49b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:08:03 -05:00
Anton Khirnov	ffa83bcc49	lzw: switch to bytestream2 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit e89aa4bf56e5b5c45f569eb12733519789e057da) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:01:03 -05:00
Anton Khirnov	819541ff83	gifdec: convert to bytestream2 (cherry picked from commit 1f3e56b6dcc163a705704e98569d4850a31d651c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:00:51 -05:00
Anton Khirnov	c5c7e3e6f7	gifdec: check that the image dimensions are non-zero Also add an error message an return a more suitable error code (INVALIDDATA, not EINVAL); Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit c453723ad7d14abc5e82677eebaa6025fa598f08) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 17:00:40 -05:00
Anton Khirnov	5e7a5dd70b	gifdec: return meaningful error codes. (cherry picked from commit 048ffb9bb26f30f1995400b8cd3809221ba03441) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 16:59:55 -05:00
Anton Khirnov	f194f2be41	eacmv: check the framerate before setting it. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 24057c83207d6ea8bfd824155ac37be8a33dfd0c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/eacmv.c	2014-01-05 16:57:17 -05:00
Anton Khirnov	343c87ac19	rv30: fix extradata size check. It has been checking the number of bits in the offset instead of the actual offset. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit a6a2282c25abe43e352010a7c3fbc92994c0bc1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 16:52:11 -05:00
Kostya Shishkov	5dcc179924	vc1: Reset numref if fieldmode is not set There are samples in the wild with B-frames and P-frames with different interlace mode. CC: libav-stable@libav.org Reported-by: Jean-Baptiste Kempf <jb@videolan.org> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit de44dfc7c0ec02bda7d846ef713145c890bfae3f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2014-01-05 16:48:34 -05:00
Michael Niedermayer	50ff83e3af	Merge remote-tracking branch 'qatar/release/9' into release/1.1 * qatar/release/9: arm: Don't clobber callee saved registers in scalarproduct alsdec: check block length h264/mpegvideo: do not provide pixel formats for hwaccels that are not compiled in mpeg4video_parser: init mpeg4 static tables. Conflicts: libavcodec/mpeg4video_parser.c libavcodec/mpeg4videodec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-12-21 02:43:44 +01:00
Michael Niedermayer	2d7f139155	Merge commit '56eded8bc7bccdf14245bae3a45b0fecf9d9d122' into release/1.1 * commit '56eded8bc7bccdf14245bae3a45b0fecf9d9d122': mpeg4videodec: split initializing static tables into a separate function x86: ac3dsp: Remove 3dnow version of ff_ac3_extract_exponents pthread: Avoid spurious wakeups Conflicts: libavcodec/mpeg4videodec.c tests/fate/ac3.mak Merged-by: Michael Niedermayer <michaelni@gmx.at>	2013-12-21 02:31:41 +01:00
Martin Storsjö	bdb975ab69	arm: Don't clobber callee saved registers in scalarproduct q4-q7/d8-d15 are supposed to not be clobbered by the callee. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d307e408d4a9ada22df443cc38be77cc5e492694) Signed-off-by: Martin Storsjö <martin@martin.st>	2013-12-20 21:26:12 +02:00
Reinhard Tartler	3f7d89034b	alsdec: check block length Fix writing over the end Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Addresses: CVE-2013-0845 (cherry picked from commit 2a0fb7286d67c47e44aa76c237ede117b22af616) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-12-14 12:51:40 -05:00
Michael Niedermayer	b8eaf47917	avcodec/cabac: force get_cabac to be not inlined works around bug in gccs inline asm register assignment Fixes Ticket3177 gcc from 4.4 to 4.6 is affected at least, no non affected gccs known clang seems not affected Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0538b29ae8002c44f27bae8a1a6fc6e646998be5)	2013-12-09 10:37:41 +01:00

... 3 4 5 6 7 ...

22711 Commits