Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c9864adf34 | ||
|
|
7d10059aeb | ||
|
|
69e8b43812 | ||
|
|
2f504d7a90 | ||
|
|
2dea9a1266 | ||
|
|
84e6629de3 | ||
|
|
fc038df32e |
@@ -2,6 +2,15 @@ Entries are sorted chronologically from oldest to youngest within each release,
|
||||
releases are sorted from youngest to oldest.
|
||||
|
||||
|
||||
version 0.5.3:
|
||||
|
||||
- build system improvements
|
||||
- performance fix for seekable HTTP
|
||||
- fix several potentially exploitable issues in the FLIC decoder
|
||||
(addresses CVE-2010-3429)
|
||||
|
||||
|
||||
|
||||
version 0.5.2:
|
||||
|
||||
- Hurd support
|
||||
|
||||
12
RELEASE
12
RELEASE
@@ -112,3 +112,15 @@ General notes
|
||||
This is a maintenance only release that addresses a small number of security
|
||||
and portability issues. Distributors and system integrators are encouraged
|
||||
to update and share their patches against this branch.
|
||||
|
||||
|
||||
|
||||
* 0.5.3 Oct 18, 2010
|
||||
|
||||
General notes
|
||||
-------------
|
||||
|
||||
This is (again) another maintenance only release that addresses a fix
|
||||
for seekable HTTP and an exploitable bug in the FLIC decoder
|
||||
(cf. CVE-2010-3429 for details). Distributors and system integrators are
|
||||
encouraged to update and share their patches against this branch.
|
||||
|
||||
41
configure
vendored
41
configure
vendored
@@ -261,7 +261,6 @@ Include the log file "$logfile" produced by configure as this will help
|
||||
solving the problem.
|
||||
EOF
|
||||
fi
|
||||
rm -f $TMPC $TMPE $TMPH $TMPO $TMPS $TMPSH
|
||||
exit 1
|
||||
}
|
||||
|
||||
@@ -1358,13 +1357,36 @@ esac
|
||||
: ${TMPDIR:=$TMP}
|
||||
: ${TMPDIR:=/tmp}
|
||||
|
||||
TMPC="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.c"
|
||||
TMPE="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}${EXESUF}"
|
||||
TMPH="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.h"
|
||||
TMPO="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.o"
|
||||
TMPS="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.S"
|
||||
TMPV="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.ver"
|
||||
TMPSH="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.sh"
|
||||
|
||||
if ! check_cmd type mktemp; then
|
||||
# simple replacement for missing mktemp
|
||||
# NOT SAFE FOR GENERAL USE
|
||||
mktemp(){
|
||||
echo "${2%XXX*}.${HOSTNAME}.${UID}.$$"
|
||||
}
|
||||
fi
|
||||
|
||||
|
||||
tmpfile(){
|
||||
tmp=$(mktemp -u "${TMPDIR}/ffconf.XXXXXXXX")$2 &&
|
||||
(set -C; exec > $tmp) 2>/dev/null ||
|
||||
die "Unable to create temoporary file in $TMPDIR."
|
||||
append TMPFILES $tmp
|
||||
eval $1=$tmp
|
||||
}
|
||||
|
||||
trap 'rm -f -- $TMPFILES' EXIT
|
||||
trap exit HUP INT TERM
|
||||
|
||||
tmpfile TMPC .c
|
||||
tmpfile TMPE $EXESUF
|
||||
tmpfile TMPH .h
|
||||
tmpfile TMPO .o
|
||||
tmpfile TMPS .S
|
||||
tmpfile TMPV .ver
|
||||
tmpfile TMPSH .sh
|
||||
|
||||
unset -f mktemp
|
||||
|
||||
# make sure we can execute files in $TMPDIR
|
||||
cat > $TMPSH 2>> $logfile <<EOF
|
||||
@@ -1378,7 +1400,6 @@ variable to another directory and make sure that it is not mounted noexec.
|
||||
EOF
|
||||
die "Sanity test failed."
|
||||
fi
|
||||
rm $TMPSH
|
||||
|
||||
if $cc --version 2>/dev/null | grep -qi gcc; then
|
||||
cc_type=gcc
|
||||
@@ -2522,8 +2543,6 @@ cmp -s $TMPH config.h &&
|
||||
echo "config.h is unchanged" ||
|
||||
mv -f $TMPH config.h
|
||||
|
||||
rm -f $TMPC $TMPE $TMPH $TMPO $TMPS $TMPSH
|
||||
|
||||
# build tree in object directory if source path is different from current one
|
||||
if enabled source_path_used; then
|
||||
DIRS="\
|
||||
|
||||
@@ -160,7 +160,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
||||
int pixel_skip;
|
||||
int pixel_countdown;
|
||||
unsigned char *pixels;
|
||||
int pixel_limit;
|
||||
unsigned int pixel_limit;
|
||||
|
||||
s->frame.reference = 1;
|
||||
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
|
||||
@@ -254,10 +254,13 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
||||
av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets);
|
||||
} else if ((line_packets & 0xC000) == 0x8000) {
|
||||
// "last byte" opcode
|
||||
pixels[y_ptr + s->frame.linesize[0] - 1] = line_packets & 0xff;
|
||||
pixel_ptr= y_ptr + s->frame.linesize[0] - 1;
|
||||
CHECK_PIXEL_PTR(0);
|
||||
pixels[pixel_ptr] = line_packets & 0xff;
|
||||
} else {
|
||||
compressed_lines--;
|
||||
pixel_ptr = y_ptr;
|
||||
CHECK_PIXEL_PTR(0);
|
||||
pixel_countdown = s->avctx->width;
|
||||
for (i = 0; i < line_packets; i++) {
|
||||
/* account for the skip bytes */
|
||||
@@ -269,7 +272,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
||||
byte_run = -byte_run;
|
||||
palette_idx1 = buf[stream_ptr++];
|
||||
palette_idx2 = buf[stream_ptr++];
|
||||
CHECK_PIXEL_PTR(byte_run);
|
||||
CHECK_PIXEL_PTR(byte_run * 2);
|
||||
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
|
||||
pixels[pixel_ptr++] = palette_idx1;
|
||||
pixels[pixel_ptr++] = palette_idx2;
|
||||
@@ -299,6 +302,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
||||
stream_ptr += 2;
|
||||
while (compressed_lines > 0) {
|
||||
pixel_ptr = y_ptr;
|
||||
CHECK_PIXEL_PTR(0);
|
||||
pixel_countdown = s->avctx->width;
|
||||
line_packets = buf[stream_ptr++];
|
||||
if (line_packets > 0) {
|
||||
@@ -454,7 +458,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
||||
int pixel_countdown;
|
||||
unsigned char *pixels;
|
||||
int pixel;
|
||||
int pixel_limit;
|
||||
unsigned int pixel_limit;
|
||||
|
||||
s->frame.reference = 1;
|
||||
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
|
||||
@@ -504,6 +508,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
||||
} else {
|
||||
compressed_lines--;
|
||||
pixel_ptr = y_ptr;
|
||||
CHECK_PIXEL_PTR(0);
|
||||
pixel_countdown = s->avctx->width;
|
||||
for (i = 0; i < line_packets; i++) {
|
||||
/* account for the skip bytes */
|
||||
@@ -515,13 +520,13 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
||||
byte_run = -byte_run;
|
||||
pixel = AV_RL16(&buf[stream_ptr]);
|
||||
stream_ptr += 2;
|
||||
CHECK_PIXEL_PTR(byte_run);
|
||||
CHECK_PIXEL_PTR(2 * byte_run);
|
||||
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
|
||||
*((signed short*)(&pixels[pixel_ptr])) = pixel;
|
||||
pixel_ptr += 2;
|
||||
}
|
||||
} else {
|
||||
CHECK_PIXEL_PTR(byte_run);
|
||||
CHECK_PIXEL_PTR(2 * byte_run);
|
||||
for (j = 0; j < byte_run; j++, pixel_countdown--) {
|
||||
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
|
||||
stream_ptr += 2;
|
||||
@@ -612,7 +617,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
||||
if (byte_run > 0) {
|
||||
pixel = AV_RL16(&buf[stream_ptr]);
|
||||
stream_ptr += 2;
|
||||
CHECK_PIXEL_PTR(byte_run);
|
||||
CHECK_PIXEL_PTR(2 * byte_run);
|
||||
for (j = 0; j < byte_run; j++) {
|
||||
*((signed short*)(&pixels[pixel_ptr])) = pixel;
|
||||
pixel_ptr += 2;
|
||||
@@ -623,7 +628,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
||||
}
|
||||
} else { /* copy pixels if byte_run < 0 */
|
||||
byte_run = -byte_run;
|
||||
CHECK_PIXEL_PTR(byte_run);
|
||||
CHECK_PIXEL_PTR(2 * byte_run);
|
||||
for (j = 0; j < byte_run; j++) {
|
||||
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
|
||||
stream_ptr += 2;
|
||||
|
||||
@@ -27,6 +27,13 @@
|
||||
|
||||
#define IO_BUFFER_SIZE 32768
|
||||
|
||||
/**
|
||||
* Do seeks within this distance ahead of the current buffer by skipping
|
||||
* data instead of calling the protocol seek function, for seekable
|
||||
* protocols.
|
||||
*/
|
||||
#define SHORT_SEEK_THRESHOLD 4096
|
||||
|
||||
static void fill_buffer(ByteIOContext *s);
|
||||
|
||||
int init_put_byte(ByteIOContext *s,
|
||||
@@ -151,8 +158,9 @@ int64_t url_fseek(ByteIOContext *s, int64_t offset, int whence)
|
||||
offset1 >= 0 && offset1 < (s->buf_end - s->buffer)) {
|
||||
/* can do the seek inside the buffer */
|
||||
s->buf_ptr = s->buffer + offset1;
|
||||
} else if(s->is_streamed && !s->write_flag &&
|
||||
offset1 >= 0 && offset1 < (s->buf_end - s->buffer) + (1<<16)){
|
||||
} else if ((s->is_streamed ||
|
||||
offset1 <= s->buf_end + SHORT_SEEK_THRESHOLD - s->buffer) &&
|
||||
!s->write_flag && offset1 >= 0) {
|
||||
while(s->pos < offset && !s->eof_reached)
|
||||
fill_buffer(s);
|
||||
if (s->eof_reached)
|
||||
|
||||
Reference in New Issue
Block a user