27856 Commits

Author SHA1 Message Date
Michael Niedermayer
2dca276dcb avcodec/arm/videodsp_armv5te: Fix linking failure with "g++ -shared -D__STDC_CONSTANT_MACROS -o test.so ... libavcodec.a"
Tested-by: Andreas Haupt
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cab6302534962331753fb69c674df86a458b098d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:19 +01:00
Michael Niedermayer
0ee5f46fd1 avcodec/mjpegdec: Skip blocks which are outside the visible area
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi

Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf)

Conflicts:

	libavcodec/mjpegdec.c
2015-02-17 19:43:19 +01:00
Carl Eugen Hoyos
b1b69baa01 lavc/aarch64: Do not use the neon horizontal chroma loop filter for H.264 4:2:2.
(cherry picked from commit 4faea46bd906b3897018736208123aa36c3f45d5)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:19 +01:00
Michael Niedermayer
f0526bc21e avcodec/h264_slice: ignore SAR changes in slices after the first
Fixes race condition and null pointer dereference
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 38d5241b7f36c1571a88517a0650caade16dd5f4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Conflicts:

	libavcodec/h264_slice.c
2015-02-17 19:43:19 +01:00
Michael Niedermayer
0afe061f28 avcodec/h264_slice: Check picture structure before setting the related fields
This might fix a hypothetical race condition

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f111831ed61103f9fa8fdda41473a23da016bdaa)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Conflicts:

	libavcodec/h264_slice.c
2015-02-17 19:43:19 +01:00
Michael Niedermayer
e6093f5b85 avcodec/h264_slice: Do not change frame_num after the first slice
Fixes potential race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f906982c9411f3062e3ce68013309b37c213c4dd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Conflicts:

	libavcodec/h264_slice.c
2015-02-17 19:43:19 +01:00
Michael Niedermayer
0c9d465e98 avcodec/h264: Be more strict on rejecting pps/sps changes
Fixes race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6fafc62b0bd0e206deb77a7aabbf3a370ad80789)

Conflicts:

	libavcodec/h264_slice.c
2015-02-17 19:43:18 +01:00
Michael Niedermayer
a3dca10470 avcodec/h264: Be more strict on rejecting pps_id changes
Fixes race condition
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 31cc9c04ca386dce289864021982da62190982ab)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:18 +01:00
Michael Niedermayer
eca1e3dcc8 avcodec/h264_ps: More completely check the bit depths
Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 69aa79365c1e8e1cb597d33e77bf1062c2ef47d4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:18 +01:00
Michael Niedermayer
4c246c65bf avcodec/mjpegdec: Check number of components for JPEG-LS
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037)

Conflicts:

	libavcodec/mjpegdec.c
2015-02-17 19:43:18 +01:00
Michael Niedermayer
b0d3873085 avcodec/mjpegdec: Check escape sequence validity
Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit afa92907f3c6a0c3bdad766ec8d938ee17ee1c9e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:18 +01:00
Michael Niedermayer
4f2299b6b5 avcodec/mpegvideo_enc: Fix number suffixes in rc_buffer_size calculation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4531e2c489d279bfc90d54ca26ed898c5b265a7f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:18 +01:00
Michael Niedermayer
004cdd8b15 avcodec/h264_cabac: use int instead of long for mbb_xy
The mb address fits in int

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 592ba6ec106206f97133c9345313010c76361e12)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:18 +01:00
Michael Niedermayer
56e07e4caf avcodec/dxtory: Use LL instead of L number suffix
This is probably unneeded and normal int would be fine, but its
safer to use LL and this isnt speed relevant

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b4ad2853c50d055e9ba8c29f2e1c83b292f29d7a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-17 19:43:18 +01:00
Clément Bœsch
d5b20daeb0 avcodec/gif: fix off by one in column offsetting finding
(cherry picked from commit f9240ec01abb097263fe578d2b6fb076bb7b9263)
2015-02-16 18:20:08 +01:00
Michael Niedermayer
3769601fb6 Add FFMPEG_VERSION into the binary libs
This simplifies identifying from which revision a binary of a lib came from

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 649c158e8c94ac0cff7f03e97d6ea8bbf71b7f02)

Conflicts:

	libavdevice/avdevice.c
	libswresample/swresample.c
2015-01-20 03:27:17 +01:00
Michael Niedermayer
2528468e20 avcodec/indeo3: ensure offsets are non negative
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 368642361f3a589d7b0c23ea327d988edb434e3f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
f1d59a207f avcodec/h264: Check *log2_weight_denom
Fixes undefined behavior
Fixes: signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61296d41e2de3b41304339e4631dd44c2e15f805)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
85b2396265 avcodec/hevc_ps: Check diff_cu_qp_delta_depth
Fixes undefined behavior
Fixes: asan_static-oob_17aa046_582_cov_1577759978_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3281fa892599d71b4dc298a426af8296419cd90e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
25dc978bb1 avcodec/h264: Clear delayed_pic on deallocation
Fixes use of freed memory

Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e8714f6f93d1a32f4e4655209960afcf4c185214)

Conflicts:

	libavcodec/h264.c
2015-01-20 03:27:17 +01:00
Michael Niedermayer
13838647ca avcodec/hevc: clear filter_slice_edges() on allocation
This avoids use of uninitialized memory
Fixes: asan_static-oob_17aa046_582_cov_212287884_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8aa8d12554868c32436750f881954193087219c8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
133dc77da9 avcodec/dcadec: Check that the added xch channel isnt already there
Fixes null pointer dereference
Fixes: signal_sigsegv_369609d_623_cov_2008234281_ES_6.1_16bit.dts
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7d593495e42e92693cc8f3ce9b42cf3edcea377a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
9ce4686bfe avcodec/indeo3: use signed variables to avoid underflow
Fixes out of array read
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3305acdc92fa37869f160a11a87741c8a0de0454)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
50e04b3f3c avcodec/h264: make the first field of H264Context an AVClass
Fixes use of freed memory
Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f3b5b139ad853b6f69c6a0b036815a60e7b3f261)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
c351cd720a avcodec/utvideodec: Fix handling of slice_height=0
Fixes out of array accesses
Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3881606240953b9275a247a1c98a567f3c44890f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
7279be7c75 avcodec/vmdvideo: Check len before using it in method 3
Fixes out of array access
Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3030fb7e0d41836f8add6399e9a7c7b740b48bfd)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-20 03:27:17 +01:00
Michael Niedermayer
8babbdc9b1 avcodec/flac_parser: fix handling EOF if no headers are found
Fixes assertion failure
Fixes Ticket4269

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c4d85fc23c100f7a27d9bad710eb153214868e27)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-17 02:13:00 +01:00
wm4
b1959b1719 qpeg: avoid pointless invalid memcpy()
If refdata was NULL, the memcpy() ended up copying the same memory
block onto itself, which is not only pointless, but also undefined
behavior.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 921706691a87c3ea5f5b92afd9b423e5f8c6e9d9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-13 23:42:16 +01:00
Michael Niedermayer
ecae610207 avcodec/hevc: Fix handling of skipped_bytes() reallocation failures
Fixes CID1260704

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e172f5e53ae4dbbcdcf81c9a3b962dc9f5a8a98d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-13 23:42:14 +01:00
wm4
fc1fed62d9 vp9: fix parser return values in error case
The parser must always set the out_size and out_data pointers. The API
seems to require it, and the common code in parser.c also relies on it.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b88e80589bd11ef935a5e9dab53d4edb00de16e4)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-09 15:47:09 +01:00
wm4
a4a87a7efd avcodec/dvdsubdec: fix accessing dangling pointers
dvdsub_decode() can call append_to_cached_buf() 2 times, the second time
with ctx->buf as argument. If the second append_to_cached_buf() reallocs
ctx->buf, the argument will be a pointer to the previous, freed block.
This can cause invalid reads at least with some fuzzed files - and
possibly with valid files.

Since packets can apparently not be larger than 64K (even if packets are
combined), just use a fixed size buffer. It will be allocated as part of
the DVDSubContext, and although some memory is "wasted", it's relatively
minimal by modern standards and should be acceptable.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 816577716bc6170bccfea3b9e865618b69a4b426)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-08 18:04:33 +01:00
wm4
b76dc8b5b8 avcodec/dvdsubdec: error on bitmaps with size 0
Attemtping to decode them could lead to invalid writes with some fuzzed
samples.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bcaa9099b3648b47060e1724a97dc98b63c83702)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-08 02:11:21 +01:00
wm4
0d481efb7b avcodec/dvdsubdec: fix out of bounds accesses
The code blindly trusted buffer offsets read from the file in the RLE
decoder. Explicitly check the offset. Also error out on other RLE
decoding errors.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c9151de7c42553bb145be608df8513c1287f1f24)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-01-05 05:13:18 +01:00
Michael Niedermayer
c52c9f534e Merge commit 'f249e9889155599ee3ad0172832d38f68b0c625d' into release/2.2
* commit 'f249e9889155599ee3ad0172832d38f68b0c625d':
  smc: fix the bounds check

Conflicts:
	libavcodec/smc.c

See: c727401aa9d62335e89d118a5b4e202edf39d905
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-20 13:15:36 +01:00
Michael Niedermayer
0d31a01d3a Merge commit '92888e9ed4ea4e761ae953bbe28c85cc658abc8f' into release/2.2
* commit '92888e9ed4ea4e761ae953bbe28c85cc658abc8f':
  gifdec: refactor interleave end handling

Conflicts:
	libavcodec/gifdec.c

See: 8f1457864be8fb9653643519dea1c6492f1dde57
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-20 13:14:48 +01:00
Michael Niedermayer
475d68e0f5 Merge commit '3f10a779b465fd22d3aec1b744ca8544bc2da970' into release/2.2
* commit '3f10a779b465fd22d3aec1b744ca8544bc2da970':
  mmvideo: check frame dimensions

See: 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-20 13:01:22 +01:00
Michael Niedermayer
7fd20799d7 Merge commit '8f238dd9bdd9eba569fcaa564a07fbdd89412a14' into release/2.2
* commit '8f238dd9bdd9eba569fcaa564a07fbdd89412a14':
  jvdec: check frame dimensions

See: 105654e376a736d243aef4a1d121abebce912e6b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-20 13:00:40 +01:00
Michael Niedermayer
bf00132a14 Merge commit 'da4f5d9d77882bee568266d764b95b51f81b7871' into release/2.2
* commit 'da4f5d9d77882bee568266d764b95b51f81b7871':
  mjpegdec: check for pixel format changes

Conflicts:
	libavcodec/mjpegdec.c

See: 5c378d6a6df8243f06c87962b873bd563e58cd39
See: a2f680c7bc7642c687aeb4e14d00ac74833c7a09
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-20 12:59:41 +01:00
Michael Niedermayer
f249e98891 smc: fix the bounds check
Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit d423dd72be451462c6fb1cbbe313bed0194001ab)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 58dc526ebf722d33bf09275c1241674e0e6b9ef1)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-20 10:53:40 +01:00
Michael Niedermayer
92888e9ed4 gifdec: refactor interleave end handling
Fixes invalid writes with very small image heights.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0b39ac6f54505a538c21fe49a626de94c518c903)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit eac49477aa95cf727d87d2741ee8e60be59d394b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-20 10:53:37 +01:00
Anton Khirnov
3f10a779b4 mmvideo: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 2.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8543
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 17ba719d9ba30c970f65747f42d5fbb1e447ca28)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 69a930b988ff4f88ae27e4fc24ff6ed116840b5e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-20 10:53:35 +01:00
Anton Khirnov
8f238dd9bd jvdec: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 8.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8542
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 88626e5af8d006e67189bf10b96b982502a7e8ad)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 55788572ea7b89cdd77bab1cf4bf06d14ead34f5)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-20 10:53:32 +01:00
Anton Khirnov
da4f5d9d77 mjpegdec: check for pixel format changes
Fixes possible invalid memory access.

Based on code by Michael Niedermayer <michaelni@gmx.at>

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8541
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 809c3023b699c54c90511913d3b6140dd2436550)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit aa7a19b41774ce5f8a4e43f3692a4f9d90aa5c92)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2014-12-20 10:53:28 +01:00
Michael Niedermayer
7390c2629d avcodec/motion_est: use 2x8x8 for interlaced qpel
Fixes out of array read
Fixes Ticket4121

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b50e003e1cb6a215df44ffa3354603bf600b4aa3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-08 19:08:30 +01:00
Michael Niedermayer
4fde30ba9d avcodec/hevc_ps: Check num_long_term_ref_pics_sps
Fixes out of array access
Fixes: signal_sigsegv_35bd0f0_1182_cov_791726764_STRUCT_B_Samsung_4.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ea38e5a6b75706477898eb1e6582d667dbb9946c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-08 19:08:30 +01:00
Michael Niedermayer
a06432b6c3 avcodec/rawdec: Check the return code of avpicture_get_size()
Fixes out of array access
Fixes: asan_heap-oob_22388d0_3435_cov_3297128910_small_roll5_FlashCine1.cine
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1d3a3b9f8907625b361420d48fe05716859620ff)

Conflicts:

	libavcodec/rawdec.c
2014-12-08 19:08:30 +01:00
Michael Niedermayer
d7470271c7 avcodec/pngdec: Check IHDR/IDAT order
Fixes out of array access
Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 79ceaf827be0b070675d4cd0a55c3386542defd8)

Conflicts:

	libavcodec/pngdec.c
2014-12-08 19:08:30 +01:00
Michael Niedermayer
d41010b895 avcodec/flacdec: Call ff_flacdsp_init() unconditionally
Fixes out of array access
Fixes: signal_sigsegv_324b135_3398_cov_246853371_short.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e5c01ccdf5a9a330d4c51a9b9ea721fd8f1fb70b)

Conflicts:

	libavcodec/flacdec.c
2014-12-08 19:08:30 +01:00
Michael Niedermayer
a63941eec2 avcodec/utils: Check that the data is complete in avpriv_bprint_to_extradata()
Fixes out of array read
Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3d5d95db3f5d8e2093e9e19d0c46e86f54ed2a5d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-08 19:08:30 +01:00
Michael Niedermayer
5d6f8bab02 avcodec/mjpegdec: Fix context fields becoming inconsistent
Fixes out of array access
Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0eecf40935b22644e6cd74c586057237ecfd6844)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-12-08 19:08:30 +01:00