Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
c9864adf34 | ||
|
|
7d10059aeb | ||
|
|
69e8b43812 | ||
|
|
2f504d7a90 | ||
|
|
2dea9a1266 | ||
|
|
84e6629de3 | ||
|
|
fc038df32e |
@@ -2,6 +2,15 @@ Entries are sorted chronologically from oldest to youngest within each release,
|
|||||||
releases are sorted from youngest to oldest.
|
releases are sorted from youngest to oldest.
|
||||||
|
|
||||||
|
|
||||||
|
version 0.5.3:
|
||||||
|
|
||||||
|
- build system improvements
|
||||||
|
- performance fix for seekable HTTP
|
||||||
|
- fix several potentially exploitable issues in the FLIC decoder
|
||||||
|
(addresses CVE-2010-3429)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
version 0.5.2:
|
version 0.5.2:
|
||||||
|
|
||||||
- Hurd support
|
- Hurd support
|
||||||
|
|||||||
12
RELEASE
12
RELEASE
@@ -112,3 +112,15 @@ General notes
|
|||||||
This is a maintenance only release that addresses a small number of security
|
This is a maintenance only release that addresses a small number of security
|
||||||
and portability issues. Distributors and system integrators are encouraged
|
and portability issues. Distributors and system integrators are encouraged
|
||||||
to update and share their patches against this branch.
|
to update and share their patches against this branch.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
* 0.5.3 Oct 18, 2010
|
||||||
|
|
||||||
|
General notes
|
||||||
|
-------------
|
||||||
|
|
||||||
|
This is (again) another maintenance only release that addresses a fix
|
||||||
|
for seekable HTTP and an exploitable bug in the FLIC decoder
|
||||||
|
(cf. CVE-2010-3429 for details). Distributors and system integrators are
|
||||||
|
encouraged to update and share their patches against this branch.
|
||||||
|
|||||||
41
configure
vendored
41
configure
vendored
@@ -261,7 +261,6 @@ Include the log file "$logfile" produced by configure as this will help
|
|||||||
solving the problem.
|
solving the problem.
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
rm -f $TMPC $TMPE $TMPH $TMPO $TMPS $TMPSH
|
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1358,13 +1357,36 @@ esac
|
|||||||
: ${TMPDIR:=$TMP}
|
: ${TMPDIR:=$TMP}
|
||||||
: ${TMPDIR:=/tmp}
|
: ${TMPDIR:=/tmp}
|
||||||
|
|
||||||
TMPC="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.c"
|
|
||||||
TMPE="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}${EXESUF}"
|
if ! check_cmd type mktemp; then
|
||||||
TMPH="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.h"
|
# simple replacement for missing mktemp
|
||||||
TMPO="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.o"
|
# NOT SAFE FOR GENERAL USE
|
||||||
TMPS="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.S"
|
mktemp(){
|
||||||
TMPV="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.ver"
|
echo "${2%XXX*}.${HOSTNAME}.${UID}.$$"
|
||||||
TMPSH="${TMPDIR}/ffmpeg-conf-${RANDOM}-$$-${RANDOM}.sh"
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
tmpfile(){
|
||||||
|
tmp=$(mktemp -u "${TMPDIR}/ffconf.XXXXXXXX")$2 &&
|
||||||
|
(set -C; exec > $tmp) 2>/dev/null ||
|
||||||
|
die "Unable to create temoporary file in $TMPDIR."
|
||||||
|
append TMPFILES $tmp
|
||||||
|
eval $1=$tmp
|
||||||
|
}
|
||||||
|
|
||||||
|
trap 'rm -f -- $TMPFILES' EXIT
|
||||||
|
trap exit HUP INT TERM
|
||||||
|
|
||||||
|
tmpfile TMPC .c
|
||||||
|
tmpfile TMPE $EXESUF
|
||||||
|
tmpfile TMPH .h
|
||||||
|
tmpfile TMPO .o
|
||||||
|
tmpfile TMPS .S
|
||||||
|
tmpfile TMPV .ver
|
||||||
|
tmpfile TMPSH .sh
|
||||||
|
|
||||||
|
unset -f mktemp
|
||||||
|
|
||||||
# make sure we can execute files in $TMPDIR
|
# make sure we can execute files in $TMPDIR
|
||||||
cat > $TMPSH 2>> $logfile <<EOF
|
cat > $TMPSH 2>> $logfile <<EOF
|
||||||
@@ -1378,7 +1400,6 @@ variable to another directory and make sure that it is not mounted noexec.
|
|||||||
EOF
|
EOF
|
||||||
die "Sanity test failed."
|
die "Sanity test failed."
|
||||||
fi
|
fi
|
||||||
rm $TMPSH
|
|
||||||
|
|
||||||
if $cc --version 2>/dev/null | grep -qi gcc; then
|
if $cc --version 2>/dev/null | grep -qi gcc; then
|
||||||
cc_type=gcc
|
cc_type=gcc
|
||||||
@@ -2522,8 +2543,6 @@ cmp -s $TMPH config.h &&
|
|||||||
echo "config.h is unchanged" ||
|
echo "config.h is unchanged" ||
|
||||||
mv -f $TMPH config.h
|
mv -f $TMPH config.h
|
||||||
|
|
||||||
rm -f $TMPC $TMPE $TMPH $TMPO $TMPS $TMPSH
|
|
||||||
|
|
||||||
# build tree in object directory if source path is different from current one
|
# build tree in object directory if source path is different from current one
|
||||||
if enabled source_path_used; then
|
if enabled source_path_used; then
|
||||||
DIRS="\
|
DIRS="\
|
||||||
|
|||||||
@@ -160,7 +160,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
|||||||
int pixel_skip;
|
int pixel_skip;
|
||||||
int pixel_countdown;
|
int pixel_countdown;
|
||||||
unsigned char *pixels;
|
unsigned char *pixels;
|
||||||
int pixel_limit;
|
unsigned int pixel_limit;
|
||||||
|
|
||||||
s->frame.reference = 1;
|
s->frame.reference = 1;
|
||||||
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
|
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
|
||||||
@@ -254,10 +254,13 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
|||||||
av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets);
|
av_log(avctx, AV_LOG_ERROR, "Undefined opcode (%x) in DELTA_FLI\n", line_packets);
|
||||||
} else if ((line_packets & 0xC000) == 0x8000) {
|
} else if ((line_packets & 0xC000) == 0x8000) {
|
||||||
// "last byte" opcode
|
// "last byte" opcode
|
||||||
pixels[y_ptr + s->frame.linesize[0] - 1] = line_packets & 0xff;
|
pixel_ptr= y_ptr + s->frame.linesize[0] - 1;
|
||||||
|
CHECK_PIXEL_PTR(0);
|
||||||
|
pixels[pixel_ptr] = line_packets & 0xff;
|
||||||
} else {
|
} else {
|
||||||
compressed_lines--;
|
compressed_lines--;
|
||||||
pixel_ptr = y_ptr;
|
pixel_ptr = y_ptr;
|
||||||
|
CHECK_PIXEL_PTR(0);
|
||||||
pixel_countdown = s->avctx->width;
|
pixel_countdown = s->avctx->width;
|
||||||
for (i = 0; i < line_packets; i++) {
|
for (i = 0; i < line_packets; i++) {
|
||||||
/* account for the skip bytes */
|
/* account for the skip bytes */
|
||||||
@@ -269,7 +272,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
|||||||
byte_run = -byte_run;
|
byte_run = -byte_run;
|
||||||
palette_idx1 = buf[stream_ptr++];
|
palette_idx1 = buf[stream_ptr++];
|
||||||
palette_idx2 = buf[stream_ptr++];
|
palette_idx2 = buf[stream_ptr++];
|
||||||
CHECK_PIXEL_PTR(byte_run);
|
CHECK_PIXEL_PTR(byte_run * 2);
|
||||||
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
|
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
|
||||||
pixels[pixel_ptr++] = palette_idx1;
|
pixels[pixel_ptr++] = palette_idx1;
|
||||||
pixels[pixel_ptr++] = palette_idx2;
|
pixels[pixel_ptr++] = palette_idx2;
|
||||||
@@ -299,6 +302,7 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
|
|||||||
stream_ptr += 2;
|
stream_ptr += 2;
|
||||||
while (compressed_lines > 0) {
|
while (compressed_lines > 0) {
|
||||||
pixel_ptr = y_ptr;
|
pixel_ptr = y_ptr;
|
||||||
|
CHECK_PIXEL_PTR(0);
|
||||||
pixel_countdown = s->avctx->width;
|
pixel_countdown = s->avctx->width;
|
||||||
line_packets = buf[stream_ptr++];
|
line_packets = buf[stream_ptr++];
|
||||||
if (line_packets > 0) {
|
if (line_packets > 0) {
|
||||||
@@ -454,7 +458,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
|||||||
int pixel_countdown;
|
int pixel_countdown;
|
||||||
unsigned char *pixels;
|
unsigned char *pixels;
|
||||||
int pixel;
|
int pixel;
|
||||||
int pixel_limit;
|
unsigned int pixel_limit;
|
||||||
|
|
||||||
s->frame.reference = 1;
|
s->frame.reference = 1;
|
||||||
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
|
s->frame.buffer_hints = FF_BUFFER_HINTS_VALID | FF_BUFFER_HINTS_PRESERVE | FF_BUFFER_HINTS_REUSABLE;
|
||||||
@@ -504,6 +508,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
|||||||
} else {
|
} else {
|
||||||
compressed_lines--;
|
compressed_lines--;
|
||||||
pixel_ptr = y_ptr;
|
pixel_ptr = y_ptr;
|
||||||
|
CHECK_PIXEL_PTR(0);
|
||||||
pixel_countdown = s->avctx->width;
|
pixel_countdown = s->avctx->width;
|
||||||
for (i = 0; i < line_packets; i++) {
|
for (i = 0; i < line_packets; i++) {
|
||||||
/* account for the skip bytes */
|
/* account for the skip bytes */
|
||||||
@@ -515,13 +520,13 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
|||||||
byte_run = -byte_run;
|
byte_run = -byte_run;
|
||||||
pixel = AV_RL16(&buf[stream_ptr]);
|
pixel = AV_RL16(&buf[stream_ptr]);
|
||||||
stream_ptr += 2;
|
stream_ptr += 2;
|
||||||
CHECK_PIXEL_PTR(byte_run);
|
CHECK_PIXEL_PTR(2 * byte_run);
|
||||||
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
|
for (j = 0; j < byte_run; j++, pixel_countdown -= 2) {
|
||||||
*((signed short*)(&pixels[pixel_ptr])) = pixel;
|
*((signed short*)(&pixels[pixel_ptr])) = pixel;
|
||||||
pixel_ptr += 2;
|
pixel_ptr += 2;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
CHECK_PIXEL_PTR(byte_run);
|
CHECK_PIXEL_PTR(2 * byte_run);
|
||||||
for (j = 0; j < byte_run; j++, pixel_countdown--) {
|
for (j = 0; j < byte_run; j++, pixel_countdown--) {
|
||||||
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
|
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
|
||||||
stream_ptr += 2;
|
stream_ptr += 2;
|
||||||
@@ -612,7 +617,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
|||||||
if (byte_run > 0) {
|
if (byte_run > 0) {
|
||||||
pixel = AV_RL16(&buf[stream_ptr]);
|
pixel = AV_RL16(&buf[stream_ptr]);
|
||||||
stream_ptr += 2;
|
stream_ptr += 2;
|
||||||
CHECK_PIXEL_PTR(byte_run);
|
CHECK_PIXEL_PTR(2 * byte_run);
|
||||||
for (j = 0; j < byte_run; j++) {
|
for (j = 0; j < byte_run; j++) {
|
||||||
*((signed short*)(&pixels[pixel_ptr])) = pixel;
|
*((signed short*)(&pixels[pixel_ptr])) = pixel;
|
||||||
pixel_ptr += 2;
|
pixel_ptr += 2;
|
||||||
@@ -623,7 +628,7 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
|
|||||||
}
|
}
|
||||||
} else { /* copy pixels if byte_run < 0 */
|
} else { /* copy pixels if byte_run < 0 */
|
||||||
byte_run = -byte_run;
|
byte_run = -byte_run;
|
||||||
CHECK_PIXEL_PTR(byte_run);
|
CHECK_PIXEL_PTR(2 * byte_run);
|
||||||
for (j = 0; j < byte_run; j++) {
|
for (j = 0; j < byte_run; j++) {
|
||||||
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
|
*((signed short*)(&pixels[pixel_ptr])) = AV_RL16(&buf[stream_ptr]);
|
||||||
stream_ptr += 2;
|
stream_ptr += 2;
|
||||||
|
|||||||
@@ -27,6 +27,13 @@
|
|||||||
|
|
||||||
#define IO_BUFFER_SIZE 32768
|
#define IO_BUFFER_SIZE 32768
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Do seeks within this distance ahead of the current buffer by skipping
|
||||||
|
* data instead of calling the protocol seek function, for seekable
|
||||||
|
* protocols.
|
||||||
|
*/
|
||||||
|
#define SHORT_SEEK_THRESHOLD 4096
|
||||||
|
|
||||||
static void fill_buffer(ByteIOContext *s);
|
static void fill_buffer(ByteIOContext *s);
|
||||||
|
|
||||||
int init_put_byte(ByteIOContext *s,
|
int init_put_byte(ByteIOContext *s,
|
||||||
@@ -151,8 +158,9 @@ int64_t url_fseek(ByteIOContext *s, int64_t offset, int whence)
|
|||||||
offset1 >= 0 && offset1 < (s->buf_end - s->buffer)) {
|
offset1 >= 0 && offset1 < (s->buf_end - s->buffer)) {
|
||||||
/* can do the seek inside the buffer */
|
/* can do the seek inside the buffer */
|
||||||
s->buf_ptr = s->buffer + offset1;
|
s->buf_ptr = s->buffer + offset1;
|
||||||
} else if(s->is_streamed && !s->write_flag &&
|
} else if ((s->is_streamed ||
|
||||||
offset1 >= 0 && offset1 < (s->buf_end - s->buffer) + (1<<16)){
|
offset1 <= s->buf_end + SHORT_SEEK_THRESHOLD - s->buffer) &&
|
||||||
|
!s->write_flag && offset1 >= 0) {
|
||||||
while(s->pos < offset && !s->eof_reached)
|
while(s->pos < offset && !s->eof_reached)
|
||||||
fill_buffer(s);
|
fill_buffer(s);
|
||||||
if (s->eof_reached)
|
if (s->eof_reached)
|
||||||
|
|||||||
Reference in New Issue
Block a user