The decoder assumes a single bit depth for all the planes
while the specification allows different bit depths for luma
and chroma.
Avoid the possible problems described in CVE-2013-2277
CC: libav-stable@libav.org
(cherry picked from commit 4987faee78b9869f8f4646b8dd971d459df218a5)
Conflicts:
libavcodec/h264.c
This prevents various values from becoming stuck at NAN and
output to become silent
If someone knows a cleaner solution, thats welcome!
Fixes Ticket2335
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8978c743fb1d1f5a0d6dbdd83ff05817f8a41230)
The IIR filter numerically diverges in such cases, this could easily be
fixed but would make the filter slower on some platforms
Fixes Ticket2246
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fee5da6b0a79bed9dc849f216b6da1e03132b668)
Fix linking failures with -all_load due to multiple log2_tabs
Signed-off-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
(cherry picked from commit 03148fd1743fca98c2f4b5920b796f381e820045)
* qatar/release/9:
update Changelog
h264: set ref_count to 0 for intra slices.
h264: on reference overflow, reset the reference count to 0, not 1.
flvdec: Check the return value of a malloc
Conflicts:
Changelog
libavcodec/h264.c
libavformat/flvdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket2292
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 02ac3398eb52679301028c2fd3ebad1b6261b4da)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
CC:libav-stable@libav.org
(cherry picked from commit 437211ae73ef1ed8285b4fed7620502ea4999e11)
Fixes deadlocks waiting for non-existing references with some fuzzed files.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Since decode_slice_header() returns before the reference lists are
constructed, there are zero valid references.
CC:libav-stable@libav.org
(cherry picked from commit 668e16a0dd1ff56d4beeff5c658d8a2a08dbfac8)
Conflicts:
libavcodec/h264.c
The callers of this function can't report errors sanely. If this
one malloc fails, don't write the extradata byte, make sure we
try to malloc it the next time we're called instead, and make sure
we still consume the input data byte.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c5a738ca4e9789b4678b10240777d931e7dc24c9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This header byte is only present when actually reading a VP6 frame,
not when reading the codec type field in the metadata. This
potential bug has been present since 5b54a90c.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c91c63b5380bf79655c09320774a022f84d76fd5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.
Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b447db1e436dcf3fc4a57e604616e6c)
Two instances of non-ascii characters have crept into file
doc/filters.texi which causes pod2man to error out and
break the build.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The specification does not prevent an encoder to write the amplitude 0
as 0 amplitude_bits.
Our get_bits() implementation might not support a zero sized read
properly, thus the additional branch.
(cherry picked from commit 23bd9ef4b209c789d5473d75f89a2e411d343d80)
Conflicts:
libavcodec/vorbisdec.c
The value is used to calculate output LSP curve and a division by zero
and out of array accesses would occur.
CVE-2013-0894
CC: libav-stable@libav.org
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 11dcecfcca0eca1a571792c4fa3c21fb2cfddddc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Rate and order must not be 0 even if the specification does not say that
explicitly.
(cherry picked from commit 5b47c19bfda92273ae49e83db26a565afcaed80a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Damaged frames can lead to a mismatch, which can cause a segfault
due to using an incorrect channel mapping.
CC:libav-stable@libav.org
(cherry picked from commit d7c450436fcb9d3ecf59884a574e7684183e753d)
Conflicts:
libavcodec/ac3dec.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f3bc5122822687dc388f7352c92cf6db456cf7c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 33d6330652c088dadde163da569b1a2f6c7603c0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ad6802f975a91bf6757fe3729ef8c6f10e6796b7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9f16cb9e50a5a196af9244dc7d33ed193227528a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket1918
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6f77122bf5712da1d860a0ad7174181fd0bcffd9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/9:
doc: developer: Allow tabs in the vim configuration for Automake files
doc: filters: Correct BNF FILTER description
Prepare for 9.3 Release
update Changelog
cavs: initialize various context tables to 0
4xm: check the return value of read_huffman_tables().
qtrle: add more checks against pixel_ptr being negative.
mlpdec: do not try to allocate a zero-sized output buffer.
av_memcpy_backptr: avoid an infinite loop for back = 0
flicvideo: avoid an infinite loop in byte run compression
lagarith: avoid infinite loop in lag_rac_refill()
mov: use the format context for logging.
loco: check that there is data left after decoding a plane.
update Changelog
x86: h264: Don't use redzone in AVX h264_deblock on Win64
Conflicts:
Changelog
RELEASE
libavcodec/4xm.c
libavcodec/loco.c
libavcodec/qtrle.c
libavutil/mem.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4f8b73129bb3845d9aadbf3dec3027b1136092a6)
Write the packet unaltered if found.
Fixes ticket #1917
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b454c64e0311d813fef9c22cf34f83c2ce77ab23)
While we do not use Automake in libav, this allows our config to be
used more globally without introducing unwanted breakage.
(cherry picked from commit 040c565e51985477a8fa5e42d2ddfb26ebde6608)
Conflicts:
doc/developer.texi
When byte_run is 0, pixel_countdown is not touched and the loop will run
forever.
CC:libav-stable@libav.org
(cherry picked from commit ddfe1246d98f70cdce368a2176196ba26ed7bf2d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Thanks-to: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 82a4a4e7caa96cea9aa2185c4c3110a5e9fde7c2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
