ffmpeg

Author	SHA1	Message	Date
Andreas Cadhalpun	8aee35acb1	rv10: check size of s->mb_width * s->mb_height If it doesn't fit into 12 bits it triggers an assertion. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>	2015-03-08 19:21:41 +00:00
Federico Tomassetti	e818da7724	eamad: check for out of bounds read Bug-Id: CID 1257500 CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-03-08 19:19:55 +00:00
Federico Tomassetti	2c63081b48	mdec: check for out of bounds read Bug-Id: CID 1257501 CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-03-08 19:19:49 +00:00
Anton Khirnov	77eb3d9a60	tiff: Check that there is no aliasing in pixel format selection Fixes possible issues with unexpected bpp/bppcount values. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Bug-Id: CVE-2014-8544 (cherry picked from commit ae5e1f3d663a8c9a532d89e588cbc61f171c9186) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-03-08 19:16:16 +01:00
Vittorio Giovara	f3dafb63d0	aic: Fix decoding files with odd dimensions Normally the aic decoder finds the proper slice combination (multiple of some number less than 32) but in case of odd width, it resorts to the default values, which were actually swapped. The number of slices is modified to account for such odd width cases. CC: libav-stable@libav.org (cherry picked from commit e878ec0d47cd6228c367b2f3128b76d7523f7255) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-03-08 17:27:53 +01:00
Luca Barbato	7136a0bf88	vorbis: Check the vlc value in setup_classifs The valid returned values are always at most 11bit. Remove the previous check that assumed larger values plausible and use a signed integer to check get_vlc2 return values. CC: libav-stable@libav.org (cherry picked from commit 0025f7408a0fab2cab4a950064e4784a67463994) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-03-08 17:24:50 +01:00
Luca Barbato	cf3523c6e7	prores: Extend the padding check to 16bit Some files produced by the official encoder have up to 16bit of padding instead of the expected padding to the byte. Use a self-explanatory macro instead of a simple number. CC: libav-stable@libav.org (cherry picked from commit dbc1163b203b175d246b7454c32ac176f84006d1) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-03-02 15:34:29 +01:00
Michael Niedermayer	7ca10906b4	Merge commit '07db7a0dd8239e255c08800162eb45b82c2c49fe' into release/2.4 * commit '07db7a0dd8239e255c08800162eb45b82c2c49fe': h264_cabac: Break infinite loops Conflicts: libavcodec/h264_cabac.c See: cdf0877bc341684c56ac1fe057397adbadf329ee Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-28 19:18:24 +01:00
Michael Niedermayer	1172107d57	Merge commit '2686dab45eec54f99866413153aa0b36381e48be' into release/2.4 * commit '2686dab45eec54f99866413153aa0b36381e48be': h264: initialize H264Context.avctx in init_thread_copy Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-28 19:05:14 +01:00
Michael Niedermayer	a22079b819	Merge commit '06d433366c02ab81a1aaad33d32934b4180d354b' into release/2.4 * commit '06d433366c02ab81a1aaad33d32934b4180d354b': h264: Do not share rbsp_buffer across threads Conflicts: libavcodec/h264.c See: ecbf838c7d81ebd3b89fe75d83ff29150dbda27a Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-28 19:04:42 +01:00
Michael Niedermayer	a8eb02da80	Merge commit '1dbfaa34e615606cb3f1a3ecabb117e354459edc' into release/2.4 * commit '1dbfaa34e615606cb3f1a3ecabb117e354459edc': h264: only ref cur_pic in update_thread_context if it is initialized Conflicts: libavcodec/h264_slice.c See: 0fc01ae33c7712168aab0f98c5715b40da0b5f03 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-28 19:03:51 +01:00
Michael Niedermayer	07db7a0dd8	h264_cabac: Break infinite loops This fixes out of array reads and/or infinite loops. 30 is the maximum number of bits that can be read into coeff_abs below. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Martin Storsjö <martin@martin.st>	2015-02-22 23:49:34 +00:00
Carl Eugen Hoyos	2d1309c352	hevc_deblock: Fix compilation with nasm CC: libav-stable@libav.org Bug-Id: 795 Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2015-02-22 23:46:55 +00:00
Anton Khirnov	2686dab45e	h264: initialize H264Context.avctx in init_thread_copy This prevents using a wrong (first thread's) AVCodecContext if decoding a frame in the first pass over all threads fails. (cherry picked from commit a06b0b1295c51d100101e0ca0434e199ad6de6b5) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2015-02-21 09:35:17 +01:00
Michael Niedermayer	06d433366c	h264: Do not share rbsp_buffer across threads Signed-off-by: Luca Barbato <lu_zero@gentoo.org> CC: libav-stable@libav.org (cherry picked from commit 61928b68dc28e080b8c8191afe5541123c682bbd) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2015-02-21 09:34:48 +01:00
Anton Khirnov	1dbfaa34e6	h264: only ref cur_pic in update_thread_context if it is initialized It may be empty if the previous thread's decode call did not contain a valid frame. (cherry picked from commit 0dea4c77ccf5956561bb8991311b3d834bb5fa40) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2015-02-21 09:34:17 +01:00
Clément Bœsch	dbda574694	avcodec/gif: fix off by one in column offsetting finding (cherry picked from commit f9240ec01abb097263fe578d2b6fb076bb7b9263)	2015-02-16 18:08:45 +01:00
Michael Niedermayer	cb7d72ed18	avcodec/flac_parser: fix handling EOF if no headers are found Fixes assertion failure Fixes Ticket4269 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c4d85fc23c100f7a27d9bad710eb153214868e27) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:09 +01:00
Michael Niedermayer	43924a8e99	avcodec/hevc: Fix handling of skipped_bytes() reallocation failures Fixes CID1260704 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e172f5e53ae4dbbcdcf81c9a3b962dc9f5a8a98d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:09 +01:00
wm4	d705125b94	qpeg: avoid pointless invalid memcpy() If refdata was NULL, the memcpy() ended up copying the same memory block onto itself, which is not only pointless, but also undefined behavior. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 921706691a87c3ea5f5b92afd9b423e5f8c6e9d9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:09 +01:00
Michael Niedermayer	1a263f0dd9	avcodec/arm/videodsp_armv5te: Fix linking failure with "g++ -shared -D__STDC_CONSTANT_MACROS -o test.so ... libavcodec.a" Tested-by: Andreas Haupt Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cab6302534962331753fb69c674df86a458b098d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:09 +01:00
Michael Niedermayer	492818d724	avcodec/mjpegdec: Skip blocks which are outside the visible area Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash.avi Found-by: Thomas Lindroth <thomas.lindroth@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Carl Eugen Hoyos	ca98c016cd	lavc/aarch64: Do not use the neon horizontal chroma loop filter for H.264 4:2:2. (cherry picked from commit 4faea46bd906b3897018736208123aa36c3f45d5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	6005f375aa	avcodec/h264_slice: assert that reinit does not occur after the first slice Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2fd9ce92af43e6dcbc8ed7c26c00b052de48ccad) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	4d5beea7a1	avcodec/h264_slice: ignore SAR changes in slices after the first Fixes race condition and null pointer dereference Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 38d5241b7f36c1571a88517a0650caade16dd5f4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	2073ab266e	avcodec/h264_slice: Check picture structure before setting the related fields This might fix a hypothetical race condition Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f111831ed61103f9fa8fdda41473a23da016bdaa) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	7b213e88b5	avcodec/h264_slice: Do not change frame_num after the first slice Fixes potential race condition Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f906982c9411f3062e3ce68013309b37c213c4dd) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	9dc8f44829	avcodec/h264: Be more strict on rejecting pps/sps changes Fixes race condition Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6fafc62b0bd0e206deb77a7aabbf3a370ad80789) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	724c79276a	avcodec/h264: Be more strict on rejecting pps_id changes Fixes race condition Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 31cc9c04ca386dce289864021982da62190982ab) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	3e46e3a33c	avcodec/h264_ps: More completely check the bit depths Fixes out of array read Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 69aa79365c1e8e1cb597d33e77bf1062c2ef47d4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	8413ddcd39	avcodec/mpegvideo_motion: Fix gmc chroma dimensions Fixes integer overflow and out of array read Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fd52d2d3d1ee41822a9801dffd41c0e1a2db32a8) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	0882212298	avcodec/mjpegdec: Check number of components for JPEG-LS Fixes out of array accesses Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	3531ff8db3	avcodec/mjpegdec: Check escape sequence validity Fixes assertion failure Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit afa92907f3c6a0c3bdad766ec8d938ee17ee1c9e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	a31fdcef55	avcodec/mpegvideo_enc: Fix number suffixes in rc_buffer_size calculation Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4531e2c489d279bfc90d54ca26ed898c5b265a7f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	8a16b27de9	avcodec/h264_cabac: use int instead of long for mbb_xy The mb address fits in int Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 592ba6ec106206f97133c9345313010c76361e12) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	096fd2698a	avcodec/dxtory: Use LL instead of L number suffix This is probably unneeded and normal int would be fine, but its safer to use LL and this isnt speed relevant Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b4ad2853c50d055e9ba8c29f2e1c83b292f29d7a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	6feb72a094	Merge commit '431f57f0467244686ae63a3d06a8cf51f60090ed' into release/2.4 * commit '431f57f0467244686ae63a3d06a8cf51f60090ed': libopusenc: prevent an out-of-bounds read by returning early Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 03:27:11 +01:00
Michael Niedermayer	02d979d007	Merge commit '88411b87b4bb3c5820ec232f26ba4a284c11a7f9' into release/2.4 * commit '88411b87b4bb3c5820ec232f26ba4a284c11a7f9': display: fix order of operands Conflicts: libavcodec/h264.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 03:22:15 +01:00
Michael Niedermayer	fb62580fb6	Merge commit '3f09d4f6d43468dbc9307bb937516a32287008dc' into release/2.4 * commit '3f09d4f6d43468dbc9307bb937516a32287008dc': ffv1: fix out-of-bounds read Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 03:21:35 +01:00
Michael Niedermayer	98ba288737	Merge commit '9e0a38d32b36fac7fd73bdb93e820ae0b9e03616' into release/2.4 * commit '9e0a38d32b36fac7fd73bdb93e820ae0b9e03616': avs: check ff_set_dimensions return value Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:59:01 +01:00
Michael Niedermayer	baef2736b0	Merge commit '39e07ac9fcaf3d412f9a33f427072e8ded032d24' into release/2.4 * commit '39e07ac9fcaf3d412f9a33f427072e8ded032d24': ansi: check ff_set_dimensions return value Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:57:48 +01:00
Michael Niedermayer	4e251b23c3	Merge commit '61fdbf7ff64c0ae1bdd6a8d573092dc6924c1dba' into release/2.4 * commit '61fdbf7ff64c0ae1bdd6a8d573092dc6924c1dba': lavc: fix bitshifts amount bigger than the type Conflicts: libavcodec/internal.h Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:34:25 +01:00
Paul B Mahol	375c1050bf	libavcodec/libtwolame: fix null pointer dereference Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit a586b3d9b1df9099c18d3e15c9b261f6612ad2ac) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:24:53 +01:00
Michael Niedermayer	c2b658c0e7	Merge commit '5891fd017aa7bed4c423b8511090cf8641a0afa4' into release/2.4 * commit '5891fd017aa7bed4c423b8511090cf8641a0afa4': dvdsubdec: Do not leak on failure path Conflicts: libavcodec/dvdsubdec.c See: 7fa9f7ef1c2f0cee81ec6ea6a4ff10af4c4fc62c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:15:10 +01:00
Michael Niedermayer	6f14434218	Merge commit '484e015dc8b9983297e9269b406c65084daf4528' into release/2.4 * commit '484e015dc8b9983297e9269b406c65084daf4528': cook: Make sure there is enough extradata See: c9e455432988acd414990ba92f782b8e3c4b6aea Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:02:00 +01:00
Michael Niedermayer	49f477071d	Merge commit 'b82170336f90d06c645d8252ddeccfc92c2f9ccb' into release/2.4 * commit 'b82170336f90d06c645d8252ddeccfc92c2f9ccb': tiffenc: initialize return value Conflicts: libavcodec/tiffenc.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:00:54 +01:00
Michael Niedermayer	5b965a508c	Merge commit '12e1a7013a53ad957c4ff11a3aebc0763024d24b' into release/2.4 * commit '12e1a7013a53ad957c4ff11a3aebc0763024d24b': roqaudio: Always use the frame buffer on flush Conflicts: libavcodec/roqaudioenc.c See: a1af505d6640a89401f8e9941a38352a1ca49d58 See: c0b17ea106b94f79255f81ec36ea50096e1ae985 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:00:21 +01:00
Michael Niedermayer	6cb8e40f43	Merge commit 'e7ee74485b436c34591177c18c8643764a55d516' into release/2.4 * commit 'e7ee74485b436c34591177c18c8643764a55d516': hnm4: Use av_image_check_size See: e23b18321fb5cffb6e05d0b0ef00de9733f560da Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:59:36 +01:00
Michael Niedermayer	f038623d53	Merge commit '2a75c0b1ca16b5480497de0d4c79ef122406a0b5' into release/2.4 * commit '2a75c0b1ca16b5480497de0d4c79ef122406a0b5': aacsbr: change order of operation to prevent out of array read Conflicts: libavcodec/aacsbr.c See: c2340831b8e9032716acb0aab4893d3cc500213a Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:41:30 +01:00
Michael Niedermayer	12d6bbf7cb	Merge commit '1fd55ec507f6f47b4d9fddf8e79a0df4540ef6e4' into release/2.4 * commit '1fd55ec507f6f47b4d9fddf8e79a0df4540ef6e4': svq1dec: Unbreak the scratch buffer allocation Conflicts: libavcodec/svq1dec.c See: 4213fc5b9eebec53c7d22b770c3f1ceecca1c113 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 00:05:18 +01:00

1 2 3 4 5 ...

30077 Commits