ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	0909b8acf8	avcodec/hevc: Simplify get_qPy_pred() Fixes use of uninitialized memory Fixes: 93728afd9aa074ba14a09bfd93a632fd-asan_static-oob_124a17d_1445_cov_1021181966_DBLK_D_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 64278039e55ffc88d231a8d760ecc257a120760a) Conflicts: libavcodec/hevc_filter.c	2014-02-23 16:44:37 +01:00
Michael Niedermayer	2368d08e70	Merge commit 'e22ebd04bcab7f86548794556c28ecca46d9c2ac' * commit 'e22ebd04bcab7f86548794556c28ecca46d9c2ac': hevc: Bound check cu_qp_delta Conflicts: libavcodec/hevc.c Merged-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a69dd1163b1a91978e596af551c9561d121aeedf) Conflicts: libavcodec/hevc.c	2014-02-23 16:42:21 +01:00
Michael Niedermayer	ea7ccf3748	avcodec/mpeg4videodec: Check for bitstream overread in decode_vol_header() Fixes out of array read Fixes: 08e48e9daae7d8f8ab6dbe3919e797e5-asan_heap-oob_157461c_5295_cov_1266798650_firefing.mpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3edc3b159503d512c919b3d5902f7026e961823a) Conflicts: libavcodec/mpeg4videodec.c	2014-02-23 16:36:01 +01:00
Michael Niedermayer	846a9c67ff	avcodec/h264: use subsample factors of the used pixel format Fixes out of array read Fixes: 1cb91c36c4e55463f14aacb9bdf55b38-asan_heap-oob_106cbce_5617_cov_11212800_h264_mmx_chroma_intra_lf.mp4 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8c55ff393340998faae887dfac19e7ef128e1e58) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 15:04:07 +01:00
Michael Niedermayer	d0d441b350	avcodec/h264: more completely check the loop filter parameters Fixes out of array read Fixes: caa65cc01655505705129b677189f036-signal_sigsegv_fdcc43_2681_cov_3043376737_PPH422I5_Panasonic_A.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 91253839e14cce9793ee93f184cef609ca8195d5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 15:02:14 +01:00
Michael Niedermayer	6341a7006d	avcodec/alsdec: check predictor order against block length Fixes out of array access Fixes: abd3c041acbcb816be113455d138166b-asan_heap-oob_b11634_3707_cov_1707137151_als_05_2ch48k16b.mp4 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 18f94df8af04f2c02a25a7dec512289feff6517f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 15:00:02 +01:00
Michael Niedermayer	7034e808f6	avcodec/hevc_ps: Use get_bits_long() in decode_vui() Fix assertion failure Fixes: a225222ef88a0f5b1e93e1d0432debc3-asan_static-oob_124a17d_1448_cov_77608227_DBLK_E_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b818637b84948e917d11c987f2270cea5b3fcfea) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:58:13 +01:00
Michael Niedermayer	ce5d9a2b4b	avcodec/hevc: make check for previous slice segment tighter This ensures the previous one is matching the curent and not just any Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1a3ed056c523b4670e192301be15dbc521ec8353) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:53:59 +01:00
Michael Niedermayer	aa672f5e6a	avcodec/hevc: clear tab_slice_address of ctb on error. This allows us to detect which areas have failed to decode Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a18f11158216c22f4a69e44f8cbb59b300a7f10c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:53:23 +01:00
Michael Niedermayer	b959e6393e	avcodec/hevc: hls_decode_entry: check that the previous slice segment is available before decoding the next Fixes use of uninitialized memory Fixes out of array read Fixes assertion failure Fixes part of cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ef57f4d9a0920c82237facb0d1f3856b17da9dc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:51:46 +01:00
Michael Niedermayer	69f99f80d1	avcodec/hevc: clear tab_slice_address in hevc_frame_start() Fixes inconsistencies Fixes use of uninitilaized memory Fixes part of cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 56985d26d7054079cbe8865532c4a2cff123f596) Conflicts: libavcodec/hevc.c	2014-02-23 14:51:22 +01:00
Michael Niedermayer	e7b7e69416	avcodec/h264: update current_sps & sps->new only after the whole slice header decoder and init code finished This avoids them being cleared before the full initialization finished Fixes out of array read Fixes: asan_heap-oob_f0c5e6_7071_cov_1605985132_mov_h264_aac__Demo_FlagOfOurFathers.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:49:47 +01:00
Michael Niedermayer	9330bcff9b	avcodec/h264: Disallow pps_id changing between slices Such changes are forbidden in H.264 and lead to race conditions Fixes out of array read Fixes: signal_sigsegv_f9796a_1613_cov_3114610371_FM1_BT_B.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e708424b70bef8641e8a090ec4d9e8c4490db87e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:49:37 +01:00
Michael Niedermayer	9fb364babd	avcodec/aacdec: Fix pulse position checks in decode_pulses() Fixes out of array read Fixes: asan_static-oob_1efed25_1887_cov_2013541199_HeyYa_RA10_AAC_192K_30s.rm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6e42ccb9dbc13836cd52cda594f819d17af9afa2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:49:29 +01:00
Michael Niedermayer	d79419d0f9	avcodec/hevc: propagate error code from hls_coding_quadtree() Fixes use of uninitialized memory Fixes out of array read Fixes: asan_static-oob_123cee5_2630_cov_1869071233_PICSIZE_A_Bossen_1.bin Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 96c4ba2392b9cd55a5e84cb28db5c0c7e53cd390) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:48:30 +01:00
Michael Niedermayer	ebc490e744	avcodec/tiff: reset geotag_count in free_geotags() Fixes null pointer dereference Fixes: signal_sigsegv_19d922e_3688_cov_1577641655_aletrek_tiff.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a744064c4155bde063b9e8a47699542be3b8e5eb) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:48:07 +01:00
Michael Niedermayer	ab1c7113f9	avcodec/vc1: Check bfraction_lut_index Fixes: out of array read Fixes: asan_static-oob_1b40507_2849_SA10143.vc1 Fixes: asan_static-oob_1b40a15_2849_cov_1182297305_SA10143.vc1 Fixes: asan_static-oob_1b40f15_2849_cov_2159513432_SA10143.vc1 Fixes: asan_static-oob_1b40f15_2849_cov_3230311510_SA10143.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dcf5bfbdb6137ffdca66e0b7c2929ced42732951) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:47:46 +01:00
Michael Niedermayer	10a30e4de5	avcodec/vc1: factor read_bfraction() out Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 388b4cf86ed5ec27d35eb5069769db12a4e31af0) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:47:41 +01:00
Michael Niedermayer	9368b91834	avcodec/vc1dec: field pictures with direct mode MBs, followed by frame pictures are not supported This case could occur when cuting and concatenating bitstreams Fixes out of array read Fixes: asan_heap-oob_1b33fdd_2849_cov_478905890_SA10143.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 85d51d8e327c666ac963acf25cf6a6763e6c6671) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:43:52 +01:00
Michael Niedermayer	f22e88c177	avcodec/mjpegdec: pass into ff_mjpeg_decode_sos() and check bitmask size Fixes: heap array overread Fixes: asan_heap-oob_149b2bc_6577_m1.mxg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2884688bd51a808ccda3c0e13367619cd79e0579) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:43:28 +01:00
Michael Niedermayer	a94f367424	avcodec/snow: split block clipping checks Fixes out of array read Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 61d59703c91869f4e5cdacd8d6be52f8b89d4ba4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +01:00
Michael Niedermayer	18eac12c6d	avcodec/ansi: fix integer overflow Fixes out of array read Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d42ec8433c687fcbccefa51a7716d81920218e4f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +01:00
Michael Niedermayer	4cc18ee5da	avcodec/msrle: use av_image_get_linesize() to calculate the linesize Fixes out of array access Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c919e1ca2ecfc47d796382973ba0e48b8f6f92a2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +01:00
Michael Niedermayer	f8985cb9d9	avcodec/utils: set AVFrame format unconditional Fixes inconsistency and out of array accesses Fixes: 10cdd7e63e7f66e3e66273939e0863dd-asan_heap-oob_1a4ff32_7078_cov_4056274555_mov_h264_aac__mp4box_frag.mp4 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e5c7229999182ad1cef13b9eca050dba7a5a08da) Conflicts: libavcodec/utils.c	2014-02-23 14:28:10 +01:00
Michael Niedermayer	656770e2aa	avcodec/hevc: make *ps_id unsigned Fixes integer overflow Fixes out of array accesses Fixes 2f65e7dbd02a12f426a423bd7bf880b4-signal_sigsegv_127c952_2793_cov_2517424539_RPLM_A_qualcomm_4.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d1e6602665d5ec1b7e211ab27b298c26139f82cc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +01:00
Michael Niedermayer	f91ef98c9d	avcodec/wmalosslessdec: fix mclms_coeffs* array size Fixes corruption of context Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +01:00
Michael Niedermayer	325feb8e0d	avcodec/vc1: reset fcm/field_mode in non advanced header parsing Fixes NULL pointer dereference Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b51e9354772de446e8196dabf9aad1567b22f74d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +01:00
Michael Niedermayer	8c6a976fee	avcodec/takdec: always check bits_per_raw_sample Fixes out of array access Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f58eab151214d2d35ff0973f2b3e51c5eb372da4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +01:00
Michael Niedermayer	a8ed3685e1	avcodec/jpeg2000dec: fix error detection in pix_fmt_match() Fixes out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8001e9f7d17e90b4b0898ba64e3b8bbd716c513c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-21 16:59:12 +01:00
Michael Niedermayer	32262ca7d7	avcodec/vmnc: Check that rectangles are within the picture Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-21 16:59:06 +01:00
Michael Niedermayer	5f56e495ae	avcodec/apedec: more checks for k Fixes assertion failure Fixes part of msan_uninit-mem_7fa0d8c8bd58_8417_sh3.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d5128fce38646d3f64c55feda42084888ba0e87e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-21 16:42:32 +01:00
Michael Niedermayer	23ae7bfb4e	dnxhdenc: fix mb_rc size Fixes out of array access with RC_VARIANCE set to 0 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f1caaa1c61310beba705957e6366f0392a0b005b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-21 16:42:32 +01:00
Michael Niedermayer	9e8464e81b	Merge commit '9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf' * commit '9eef9eb3014b2ed9c3ff4aac510a9f04edb555cf': h264: check that execute_decode_slices() is not called too many times Conflicts: libavcodec/h264.c The check is replaced by an assert() as the mb index should not ever go out of bounds. Merged-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 64591f8f86f2dfeac13ee6b4e971d069675ca814) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-21 16:42:32 +01:00
Michael Niedermayer	30a94f1159	avcodec/mjpegdec: Dont skip picture allocation if theres no picture allocated Fixes Ticket 3245 (cherry picked from commit ad8d063f230c05f8b5efbd05cc5a9f51a2549dcf)	2014-01-20 22:26:00 +01:00
Michael Niedermayer	9d83cff1f1	avcodec/aacdec: Dont fail if channels arent known yet Fixes Ticket3312 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 676a395ab903cac623c5d6ddd0928c789e08a59e)	2014-01-19 14:28:18 +01:00
Michael Niedermayer	756cd1a305	avcodec/mjpegdec: Dont treat the lack of a startcode differently from end of the bitstream Fixes Ticket3303 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 31e703e899bee74c50efd8eb62c3d012ef5ab26d)	2014-01-19 14:27:56 +01:00
Michael Niedermayer	83dc8f044d	avcodec/mjpegdec: only run EOI emulation code when there was a scan Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 361e27a3d8096baacc45d2551a1ebfcbfdaa6a67)	2014-01-19 14:27:48 +01:00
Michael Niedermayer	2c5c6affb1	avcodec/mjpegdec: update cur_scan also for non-LS jpeg This should make no difference but the variable will be used in a subsequent commit Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8893f31e206358d933abe4a5227b5ae89f5f303d)	2014-01-19 14:27:40 +01:00
Carl Eugen Hoyos	f4e051680e	Fix libxvid crash on failing initialisation. Fixes ticket #3297. (cherry picked from commit ee3fc8aa864f6d95356a7d9d03536e2b12b891c5)	2014-01-19 14:26:15 +01:00
Clément Bœsch	d9b7557732	avcodec/libxavs: 2nd attempt to fix compilation after b18c7c8d. (cherry picked from commit 260fc0d95b025b03b2a15116526e4c83b1ca1a31) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-14 00:29:13 +01:00
Clément Bœsch	15d7b7d7cc	avcodec/libxavs: attempt to fix compilation after b18c7c8d. (cherry picked from commit 71cd83e34cf7ba88d766434e3d2b4d99c14bf0f2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-14 00:29:09 +01:00
Carl Eugen Hoyos	b336daa952	Fix a crash on oom when decoding hevc. (cherry picked from commit 5ab1efb9d0dc65e748a0291b67915e35578b302e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 17:20:19 +01:00
Michael Niedermayer	a0aa5c34a9	avcodec/hevc: Check entry point arrays for malloc failure Fixes null pointer dereference Fixes: signal_sigsegv_e1d3b6_2192_DBLK_F_VIXS_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 22bfb4be284c12f33b9dac010713fe3ca6d974bf) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:17:08 +01:00
Luca Barbato	d63476347a	hevc: Bound check slice_qp The T-REC-H.265-2013044 page 79 states they have to be into the range [-s->sps->qp_bd_offset, 51]. Fixes: asan_stack-oob_eae8e3_9522_WP_MAIN10_B_Toshiba_3.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit aead772b5814142b0e530804486ff7970ecd9eef) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:17:04 +01:00
Luca Barbato	39545c5482	hevc: Reject impossible dependent tile The tile 0 cannot depend on a previous one. Prevent an out of array bound load in ff_hevc_cabac_init(). Fixes: asan_heap-oob_e3a924_1630_DBLK_A_MAIN10_VIXS_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Guillaume Martres <smarter@ubuntu.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 48a5b155433ed7af20fb0a5c20ca131958727727) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:16:58 +01:00
Guillaume Martres	e43805d401	hevc: remove useless clip in FUNC(sao_band_filter)() The src buffer should only contain values in the interval [0, (1 << BIT_DEPTH) - 1]. Since shift = (BIT_DEPTH - 5), src[x] >> shift must be in the interval [0, 31], so no clip is needed. This removes the code that was changed in 5856bca360c5bc3e340a357d91b1f993c80a7bea as the clip that was repositioned in that commit is removed Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b00a8b4d194f1bf23343f3f42138affa1fe26641) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:15:07 +01:00
Guillaume Martres	ea21b7b68c	hevc: clip pixels when transquant bypass is used Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind This is a more proper fix than 5856bca360c5bc3e340a357d91b1f993c80a7bea The reconstructed picture should always be clipped (see section 8.6.5), previously we did not clip coding units where cu_transquant_bypass_flag == 1 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c9fe0caf7a1abde7ca0b1a359f551103064867b1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:12:17 +01:00
Luca Barbato	738a2a04b6	hevc: Clip the pixel before shifting Prevent an out of array bound read. Fixes: asan_stack-oob_eae8e3_7333_WPP_B_ericsson_MAIN10_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5856bca360c5bc3e340a357d91b1f993c80a7bea) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:12:01 +01:00
Michael Niedermayer	706dca18d0	avcodec/hevc: use av_mallocz() for allocating tab_ipm Fixes use of uninitialized memory and out of stack array read Fixes: signal_sigsegv_ecc526_7846_WPP_C_ericsson_MAIN_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0999f1613bc48ed9d6578a3ad7bcd17610e07fbf) Conflicts: libavcodec/hevc.c	2014-01-13 16:11:50 +01:00
Michael Niedermayer	b3c3dc54a5	avcodec/alac: only set *got_frame_ptr when all channels have been decoded Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f8b64436530_7895_quicktime_newcodec_applelosslessaudiocodec.m4a Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e11983bda073f8c63f60509ee753da9fba20ed10) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:10:34 +01:00

1 2 3 4 5 ...

25956 Commits