review.tizen.org Git - platform/upstream/libav.git/log

projects / platform / upstream / libav.git / log

Luca Barbato [Sun, 4 Aug 2013 13:00:02 +0000 (15:00 +0200)]

aac: Check init_get_bits return value

Some code paths can call it with invalid length.

CC: libav-stable@libav.org
(cherry picked from commit 71953ebcf94fe4ef316cdad1f276089205dd1d65)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Mon, 6 May 2013 23:29:36 +0000 (01:29 +0200)]

aac: return meaningful errors

(cherry picked from commit 07c52e2c7c60b087fd023cd9771778973def0b33)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/aacdec.c

commit | commitdiff | tree

Luca Barbato [Fri, 19 Jul 2013 19:05:44 +0000 (21:05 +0200)]

dsicinav: K&R formatting cosmetics

(cherry picked from commit fcae3ff124ee97c9265e3b93f3d41238b2aee9bd)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/dsicinav.c

commit | commitdiff | tree

Martin Storsjö [Mon, 15 Jul 2013 12:59:50 +0000 (15:59 +0300)]

mov: Seek back if overreading an individual atom

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5b4eb243bce10a3e8345401a353749e0414c54ca)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/mov.c

commit | commitdiff | tree

Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]

vcr1: add sanity checks

Fixes invalid reads with corrupted files.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8aba7968dd604aae91ee42cbce0be3dad7dceb30)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/vcr1.c

commit | commitdiff | tree

Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]

pictordec: pass correct context to avpriv_request_sample

Fixes invalid reads.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry-picked from commit fe9bb61f9a16be19ad91875632c39e44b7a99a8a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/pictordec.c

commit | commitdiff | tree

Luca Barbato [Fri, 19 Jul 2013 19:34:21 +0000 (21:34 +0200)]

dsicinav: Clip the source size to the expected maximum

A packet larger than cin->bitmap_size does not make sense.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd8189932147a524fe43532b46baa35e8be92a1b)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/dsicinav.c

commit | commitdiff | tree

Luca Barbato [Fri, 12 Jul 2013 21:38:02 +0000 (23:38 +0200)]

alsdec: Clean up error paths

Fix at least a memory leak.

CC: libav-stable@libav.org
(cherry picked from commit ca488ad480360dfafcb5766f7bfbb567a0638979)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/alsdec.c

commit | commitdiff | tree

Reimar Döffinger [Sun, 18 Aug 2013 15:40:51 +0000 (17:40 +0200)]

ogg: Fix potential infinite discard loop

Seeking in certain broken files would cause ogg_read_timestamp
to fail because ogg_packet would go into a state where all packets
of stream 1 would be discarded until the end of the stream.

Bug-Id: 553
CC: libav-stable@libav.org
Signed-off-by: Jan Gerber <j@v2v.cc>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 9a27acae9e6b7d0bf74c5b878af9c42495a546f3)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/oggdec.c

commit | commitdiff | tree

Luca Barbato [Sun, 11 Aug 2013 18:35:40 +0000 (20:35 +0200)]

nuv: check rtjpeg_decode_frame_yuv420 return value

CC: libav-stable@libav.org
(cherry picked from commit 85ac12587bfef970d0e0e4abc292df346daf8478)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

commit | commitdiff | tree

Luca Barbato [Tue, 13 Aug 2013 04:01:48 +0000 (06:01 +0200)]

nuv: Reset the frame on resize

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

commit | commitdiff | tree

Luca Barbato [Tue, 13 Aug 2013 05:01:40 +0000 (07:01 +0200)]

nuv: Use av_fast_realloc

The decompressed buffer can be used after codec_reinit, so it must be
preserved.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2df0776c2293efb0ac12c003843ce19332342e01)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

commit | commitdiff | tree

Anton Khirnov [Sat, 17 Nov 2012 17:07:42 +0000 (18:07 +0100)]

nuv: return meaningful error codes.

(cherry picked from commit 3344f5cb747bb1f54cc34878b66dc0536f194720)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

commit | commitdiff | tree

Luca Barbato [Mon, 12 Aug 2013 09:34:06 +0000 (11:34 +0200)]

nuv: Pad the lzo outbuf

And properly update the buf_size with the correct size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 075dbc185521f193c98b896cd63be3ec2613df5d)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

commit | commitdiff | tree

Luca Barbato [Sun, 11 Aug 2013 22:16:12 +0000 (00:16 +0200)]

nuv: Do not ignore lzo decompression failures

Update the fate reference since the last broken frame is not decoded
anymore.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit aae159a7cc4df7d0521901022b778c9da251c24e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

commit | commitdiff | tree

Luca Barbato [Wed, 17 Apr 2013 19:19:23 +0000 (21:19 +0200)]

oma: correctly mark and decrypt partial packets

Incomplete crypted files would lead to a read after buffer boundary
otherwise.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2219e27b5b17d146e4ab71a3ed86dfc013fb7a93)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c

commit | commitdiff | tree

Luca Barbato [Wed, 17 Apr 2013 19:07:09 +0000 (21:07 +0200)]

oma: check geob tag boundary

Prevent read after buffer boundary on corrupted tag.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9d0b45ade864f3d2ccd8610149fe1fff53c4e937)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c

commit | commitdiff | tree

Luca Barbato [Sat, 4 May 2013 05:40:09 +0000 (07:40 +0200)]

oma: refactor seek function

Properly propagate seek errors from avio and the generic pcm seek.

(cherry picked from commit 4f03a77e52596cbe9ec179666ddb3e0345a8133a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c

commit | commitdiff | tree

Luca Barbato [Mon, 22 Jul 2013 21:26:05 +0000 (23:26 +0200)]

8bps: Bound-check the input buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bd7b4da0f4627bb6c4a7c2575da83fe6b261a21c)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/8bps.c

commit | commitdiff | tree

Luca Barbato [Thu, 8 Aug 2013 17:44:19 +0000 (19:44 +0200)]

rtmp: Do not misuse memcmp

CC: libav-stable@libav.org
(cherry picked from commit 5718e3487ba3b26aba341070be0b6b0b4de45ea3)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/rtmppkt.h
libavformat/rtmpproto.c

commit | commitdiff | tree

Luca Barbato [Wed, 9 Oct 2013 02:30:14 +0000 (22:30 -0400)]

rtmp: rename data_size to size

(cherry picked from commit ba5393a609c723ec8ab7f9727c10fef734c09278)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/rtmppkt.c
libavformat/rtmpproto.c

commit | commitdiff | tree

Luca Barbato [Mon, 14 Jan 2013 04:32:38 +0000 (05:32 +0100)]

lavc: set the default rc_initial_buffer_occupancy

rc_buffer_size is not set before.

Solve the initial the rate control underflow issue reported in
bug 222.

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit bff3607547fdbb6e32b3830a351e6a33280c1e0d)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Mon, 22 Jul 2013 10:44:19 +0000 (12:44 +0200)]

4xm: Reject not a multiple of 16 dimension

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2f034f255c49050e894ab9b88087c09ebe249f3f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 7 Jun 2013 14:18:22 +0000 (16:18 +0200)]

4xm: do not overread the prestream buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit be373cb50d3c411366fec7eef2eb3681abe48f96)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 7 Jun 2013 14:16:46 +0000 (16:16 +0200)]

4xm: validate the buffer size before parsing it

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit de2e5777e225e75813daf2373c95e223651fd89a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 14 Jul 2013 14:49:43 +0000 (16:49 +0200)]

indeo: Do not reference mismatched tiles

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f9e5261cab067be7278f73d515bc9b601eb56202)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 14 Jul 2013 13:48:17 +0000 (15:48 +0200)]

indeo: Sanitize ff_ivi_init_planes fail paths

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 28dda8a691f1c723a4a9365ab85f9625f1330096)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 14 Jul 2013 12:06:16 +0000 (14:06 +0200)]

indeo: Bound-check before applying motion compensation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 25a6666f6c07c6ac8449a63d7fbce0dfd29c54cd)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 12 Jul 2013 12:33:24 +0000 (14:33 +0200)]

indeo: Bound-check before applying transform

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dc79685195a45c9b8b17d7b93d118e0aefa45462)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/ivi_common.c

commit | commitdiff | tree

Luca Barbato [Wed, 3 Jul 2013 12:55:50 +0000 (14:55 +0200)]

indeo: reject negative array indexes

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6a10142faa1cca8ba2bfe51b970754f62d60f320)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Wed, 3 Jul 2013 12:01:32 +0000 (14:01 +0200)]

indeo: Cosmetic formatting

Trim some overly long lines.

(cherry picked from commit 6dfacd7ab126aea1392949d1aa10fdc3d3eeb911)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/ivi_common.c

commit | commitdiff | tree

Luca Barbato [Wed, 3 Jul 2013 11:59:16 +0000 (13:59 +0200)]

indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks

Spin large and mostly self contained blocks into stand alone
functions.

(cherry picked from commit 62256010e9bc8879e2bf7f3b94af8ff85e239082)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Wed, 3 Jul 2013 10:58:40 +0000 (12:58 +0200)]

indeo: Refactor ff_ivi_dec_huff_desc

Spare an indentation level.

(cherry picked from commit f6f36ca8ca1b2526d3abff7d7c627322d3bce912)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Anton Khirnov [Wed, 4 Sep 2013 06:55:08 +0000 (08:55 +0200)]

lavf: fix the comparison in an overflow check

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 26f027fba1c5ab482fa2488fbe0fa36c8bb33b69)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Mon, 5 Aug 2013 20:15:24 +0000 (22:15 +0200)]

dv: Add a guard to not overread the ppcm array

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7ee191cab0dc44700f26c5784e2adeb6a779651b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/dv.c

commit | commitdiff | tree

Martin Storsjö [Tue, 3 Sep 2013 22:36:51 +0000 (01:36 +0300)]

mpegvideo: Avoid 32-bit wrapping of linesize multiplications

This makes sure that linesize * start_y doesn't overflow, so that
emulated_edge_mc can get back the original value if needed.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a711a2cb473dc95708f371a82c85c97fe789b5c2)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Michael Niedermayer [Sat, 10 Mar 2012 21:02:46 +0000 (22:02 +0100)]

mjpegb: Detect changing number of planes in interlaced video

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit af11fa5409cc72fc45ca7f3527400beca10967b9)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Martin Storsjö [Tue, 3 Sep 2013 09:10:50 +0000 (12:10 +0300)]

matroskadec: Check that .lang was allocated and set before reading it

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5bcd3ae5b167fb74215520b01d5d810e0c8986ab)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]

ape demuxer: check for EOF in potentially long loops

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry-picked from commit 488b2984fece7ad0c2596826fee18e74aa904667)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]

lavf: avoid integer overflow when estimating bitrate

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit df33a58e5311ee9a64a573889b883a80e981af7b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]

pictordec: break out of both decoding loops when y drops below 0

Otherwise picmemset can get called with negative y, resulting in an
invalid write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5f7aecde02a95451e514c809f2794c1deba80695)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sat, 27 Jul 2013 08:16:35 +0000 (10:16 +0200)]

ac3: Return proper error codes

(cherry picked from commit b1f9cdc37ff5d5b391d2cd9af737ab4e5a0fc1c0)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 28 Jul 2013 11:32:18 +0000 (13:32 +0200)]

ac3: Clean up the error paths

(cherry picked from commit 818d1f1a3e89d35213af0bd5dc4a772713951882)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 28 Jul 2013 11:26:12 +0000 (13:26 +0200)]

ac3: Do not clash with normal AVERROR

The parsing function return AVERROR and AAC_AC3_PARSE_ERROR values,
make sure they are not misunderstood.

(cherry picked from commit 6258d362b82934a2c27557e0984aed372d98091a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Wed, 14 Aug 2013 14:51:53 +0000 (16:51 +0200)]

dxa: Make sure the reference frame exists

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5ef7c84a9374681c64722a96d91741f3b990af2b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/dxa.c

commit | commitdiff | tree

Luca Barbato [Wed, 14 Aug 2013 14:57:21 +0000 (16:57 +0200)]

h261: check the mtype index

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c59967fa7cc5bc2fa06b36c17d2c207240c06b3e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/h261dec.c

commit | commitdiff | tree

Luca Barbato [Tue, 13 Aug 2013 05:40:38 +0000 (07:40 +0200)]

segafilm: Error out on impossible packet size

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5268bd2900effa59b51e0fede61aacde5e2f0b95)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Tue, 13 Aug 2013 05:28:41 +0000 (07:28 +0200)]

ogg: Always alloc the private context in vorbis_header

It is possible to have an initial broken header and then valid packets.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3562684db716d11de0b0dcc52748e9cd90d68132)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Mon, 5 Aug 2013 04:30:24 +0000 (06:30 +0200)]

vc1: check mb_height validity.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 43bacd5b7d3d265a77cd29d8abb131057796aecc)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Mon, 5 Aug 2013 04:27:12 +0000 (06:27 +0200)]

vc1: check the source buffer in vc1_mc functions

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 090cd0631140ac1a3a795d2adfac5dbf5e381aa2)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/vc1dec.c

commit | commitdiff | tree

Luca Barbato [Sun, 4 Aug 2013 16:48:20 +0000 (18:48 +0200)]

bink: Bound check the quantization matrix.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9991298f2c4d9022ad56057f15d037e18d454157)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 28 Jul 2013 16:24:15 +0000 (18:24 +0200)]

xl: Make sure the width is valid

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 12 Jul 2013 21:02:25 +0000 (23:02 +0200)]

alsdec: Fix the clipping range

mcc_weightings is only 32 elements.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 70ecc175c7b513a153ac87d1c5d219556ca55070)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 19 Jul 2013 19:09:40 +0000 (21:09 +0200)]

dsicinav: Bound-check the source buffer when needed

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dd0bfc3a6a310e3e3674ce7742672d689a9a0e93)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Martin Storsjö [Mon, 15 Jul 2013 14:13:54 +0000 (17:13 +0300)]

mov: Do not allow updating the time scale after it has been set

The time scale is set in mdhd, and later validated in the
enclosing trak atom once all of its children have been parsed.

A loose mdhd atom outside of a trak atom could update the time
scale of the last stream without any validation.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 31931520df35a6f9606fe8293c8a39e2d1fabedf)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Martin Storsjö [Mon, 15 Jul 2013 08:28:46 +0000 (11:28 +0300)]

ac3dec: Don't consume more data than the actual input packet size

This was handled properly in the normal return case at the end
of the function, but not in this special case.

Returning a value larger than the input packet size can cause
problems for certain library users.

Returning the actual input buffer size unconditionally, since
it is not guaranteed that frame_size is set to a sensible
value at this point.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f24c12be7a3b3ea105e67bba9a867fe210a2333)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 14 Jul 2013 16:16:56 +0000 (18:16 +0200)]

indeo: Reject impossible FRAMETYPE_NULL

A frame marked FRAMETYPE_NULL cannot be scalable and requires a
previous frame successfully decoded.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5b2a29552ca09edd4646b6aa1828b32912b7ab36)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 14 Jul 2013 12:41:56 +0000 (14:41 +0200)]

indeo5: return proper error codes

(cherry picked from commit b0eeb9d442e4b7e82f6797d74245434ea33110a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 12 Jul 2013 16:10:05 +0000 (18:10 +0200)]

indeo4: Validate scantable dimension

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd78e934c246d1b2510f8fba0abfe40bb75795f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 12 Jul 2013 13:02:33 +0000 (15:02 +0200)]

indeo4: Check the quantization matrix index

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6255ccf7d51c82ab79bf0cd47a921f572dda4489)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Fri, 12 Jul 2013 12:32:03 +0000 (14:32 +0200)]

indeo4: Do not access missing reference MV

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8435bca087c0e79385763c51de009fd89390b6a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:

libavcodec/indeo4.c

commit | commitdiff | tree

Luca Barbato [Sat, 21 Sep 2013 13:33:11 +0000 (15:33 +0200)]

adpcm: Unbreak ima-dk4

Was broken by commit b9dea1a085c4705e480bd17dfa8c8ce227fdce76

commit | commitdiff | tree

Justin Ruggles [Wed, 20 Feb 2013 16:41:20 +0000 (11:41 -0500)]

ac3dec: validate channel output mode against channel count

Damaged frames can lead to a mismatch, which can cause a segfault
due to using an incorrect channel mapping.

CC:libav-stable@libav.org
(cherry picked from commit d7c450436fcb9d3ecf59884a574e7684183e753d)

Conflicts:

libavcodec/ac3dec.c

commit | commitdiff | tree

Luca Barbato [Wed, 10 Jul 2013 17:00:15 +0000 (19:00 +0200)]

dca: Respect the current limits in the downmixing capabilities

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3802833bc1f79775a1547c5e427fed6e92b77e53)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Wed, 10 Jul 2013 16:07:45 +0000 (18:07 +0200)]

dca: Error out on missing DSYNC

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f261e508459e28beca59868a878e1519a44bb678)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Wed, 10 Jul 2013 02:54:49 +0000 (04:54 +0200)]

pcm: always use codec->id instead of codec_id

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c82da343e635663605bd81c59d872bee3182da73)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/pcm.c

commit | commitdiff | tree

Luca Barbato [Wed, 10 Jul 2013 02:35:34 +0000 (04:35 +0200)]

mlpdec: Do not set invalid context in read_restart_header

The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e9d394f3fad7e8fd8fc80e3b33cb045bbaceb446)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/mlpdec.c

commit | commitdiff | tree

Luca Barbato [Sat, 29 Jun 2013 04:37:32 +0000 (06:37 +0200)]

pcx: Do not overread source buffer in pcx_rle_decode

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3abde1a3b49cf299f2aae4eaae6b6cb5270bdc22)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sat, 29 Jun 2013 03:29:54 +0000 (05:29 +0200)]

wmavoice: conceal clearly corrupted blocks

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d14a26edb7c4487df581f11e5c6911dc0e623d08)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sat, 29 Jun 2013 05:26:48 +0000 (07:26 +0200)]

iff: Do not read over the source buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7d65e960c72f36b73ae7fe84f8e427d758e61da9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/iff.c

commit | commitdiff | tree

Luca Barbato [Tue, 9 Jul 2013 12:59:33 +0000 (14:59 +0200)]

qdm2: Conceal broken samples

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4ecdb5ed44591aba8a0ddb7d443cace836f761f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/qdm2.c

commit | commitdiff | tree

Luca Barbato [Tue, 9 Jul 2013 12:44:02 +0000 (14:44 +0200)]

qdm2: refactor joined stereo support

qdm2 does support only two channels. Loop over the run once.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit adadc3f2443d25b375e21e801516ccfd78e0b080)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 7 Jul 2013 10:56:12 +0000 (12:56 +0200)]

adpcm: Write the correct number of samples for ima-dk4

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 12576afe206d35231ccd61f9033c5fdab6a11e80)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/adpcm.c

commit | commitdiff | tree

Luca Barbato [Tue, 9 Jul 2013 07:18:16 +0000 (09:18 +0200)]

imc: Catch a division by zero

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bbf6a4aa20bfe3d7869b2218e66063602dfb8aa7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/imc.c

commit | commitdiff | tree

Luca Barbato [Tue, 9 Jul 2013 02:44:26 +0000 (04:44 +0200)]

atrac3: Error on impossible encoding/channel combinations

Joint stereo encoded mono is impossible.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/atrac3.c

commit | commitdiff | tree

Luca Barbato [Tue, 9 Jul 2013 02:20:23 +0000 (04:20 +0200)]

atrac3: set the getbits context the right buffer_end

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 22e76ec635bafdd1d1ec35581a7ac09e69e3c43e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/atrac3.c

commit | commitdiff | tree

Luca Barbato [Mon, 8 Jul 2013 23:03:13 +0000 (01:03 +0200)]

atrac3: fix error handling

decode_tonal_components returns a proper AVERROR.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 874c8a17ac9b04fb7ac23d003e54e3662dd23b4e)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/atrac3.c

commit | commitdiff | tree

Luca Barbato [Thu, 27 Jun 2013 00:50:52 +0000 (02:50 +0200)]

qdm2: check and reset dithering index per channel

Checking per subband would have the index exceed the
dithering noise table size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996641888d477a3981d609e79eeb69ea9)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/qdm2.c

commit | commitdiff | tree

Luca Barbato [Thu, 27 Jun 2013 02:30:20 +0000 (04:30 +0200)]

westwood_vqa: do not free extradata on error in read_header

The extradata is already freed by avformat_open_input on
failure.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 76f5dfbfd902178df4a38221a68dc8540189345a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Thu, 27 Jun 2013 01:19:05 +0000 (03:19 +0200)]

vqavideo: check the version

Prevent out of buffer write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c4abc9098cacb227dba39bac6aea16b2bceba0d0)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Michael Niedermayer [Mon, 1 Jul 2013 21:38:08 +0000 (23:38 +0200)]

rmdec: Use the AVIOContext given as parameter in rm_read_metadata()

This fixes crashes when playing back certain RealRTSP streams.

When invoked from the RTP depacketizer, the full realmedia
demuxer isn't invoked, but only certain functions from it, where
a separate AVIOContext is passed in as parameter (for the buffer
containing the data to parse). The functions called from within
those entry points should only be using that parameter, not
s->pb. In the depacketizer case, s is the RTSP context, where ->pb
is null.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d35b6cd3775456a23b63e73316e244b671caa02f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Michael Niedermayer [Mon, 24 Jun 2013 12:23:44 +0000 (14:23 +0200)]

avio: Handle AVERROR_EOF in the same way as the return value 0

This makes sure the ffurl_read_complete function actually
returns the number of bytes read, as the documentation of the
function says, even if the underlying protocol uses AVERROR_EOF
instead of 0.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5d876be87a115b93dd2e644049e3ada2cfb5ccb7)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Mon, 24 Jun 2013 16:12:24 +0000 (18:12 +0200)]

wtv: Mark attachment with a negative stream id

A sid 0 would be mismatched to the attachment.

Prevent NULL pointer dereference.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f5e646a00ac21e500dae4bcceded790a0fbc5246)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sat, 27 Jul 2013 13:48:41 +0000 (15:48 +0200)]

avidec: Let the inner dv demuxer take care of discarding

(cherry picked from commit c8f0b20b4a6bb6691928789d83e4b)

CC: libav-stable@libav.org

commit | commitdiff | tree

Justin Ruggles [Mon, 10 Dec 2012 17:44:09 +0000 (12:44 -0500)]

swfdec: do better validation of tag length

Avoids trying to read a packet with 0 or negative size.
Avoids a potential infinite loop due to seeking backwards.

Partially based on a patch by Michael Niedermayer.

(cherry picked from commit e70c5b034c4787377e82cab2d5565486baec0c2a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Reinhard Tartler [Sun, 30 Jun 2013 14:50:05 +0000 (16:50 +0200)]

Changelog for 0.8.8

commit | commitdiff | tree

Luca Barbato [Mon, 1 Jul 2013 01:05:41 +0000 (03:05 +0200)]

kmvc: Clip pixel position to valid range

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4e7f0b082d8c4b360312216b9241bec65ff63b35)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/kmvc.c

commit | commitdiff | tree

Luca Barbato [Mon, 1 Jul 2013 01:04:15 +0000 (03:04 +0200)]

kmvc: use fixed sized arrays in the context

Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit 8f689770548c86151071ef976cf9b6998ba21c2a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/kmvc.c

commit | commitdiff | tree

Luca Barbato [Wed, 3 Jul 2013 09:18:30 +0000 (11:18 +0200)]

indeo: use a typedef for the mc function pointer

(cherry picked from commit e6d8acf6a8fba4743eb56eabe72a741d1bbee3cb)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

commit | commitdiff | tree

Luca Barbato [Sun, 13 Jan 2013 18:52:45 +0000 (19:52 +0100)]

lavc: check for overflow in init_get_bits

Fix an undefined behaviour and make the function return a proper
error in case of overflow.

CC: libav-stable@libav.org
(cherry picked from commit d9cf5f516974c64e01846ca685301014b38cf224)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 7a2ee770f520ae4fd5f009cfc361a18e993dec91)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

commit | commitdiff | tree

Luca Barbato [Sun, 30 Jun 2013 08:40:37 +0000 (10:40 +0200)]

indeo: check for reference when inheriting mvs

The same is done already for qdelta.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b36e1893ef3430f039c1eaddeedcbb378f9c4444)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

commit | commitdiff | tree

Luca Barbato [Sun, 30 Jun 2013 08:11:05 +0000 (10:11 +0200)]

indeo: use proper error code

(cherry picked from commit dd3754a48854cd570d38db72394491aab0f36570)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/ivi_common.c

commit | commitdiff | tree

Luca Barbato [Sun, 30 Jun 2013 07:57:56 +0000 (09:57 +0200)]

indeo: Properly forward the error codes

If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7388c0c58601477db076e2e74e8b11f8a644384a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/ivi_common.c

commit | commitdiff | tree

Luca Barbato [Sat, 29 Jun 2013 00:16:50 +0000 (02:16 +0200)]

wmapro: error out on impossible scale factor offsets

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 02ec656af72030eea4f3d63e30b25625cce6a3df)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

commit | commitdiff | tree

Luca Barbato [Fri, 28 Jun 2013 23:56:09 +0000 (01:56 +0200)]

wmapro: check the min_samples_per_subframe

Must be at least WMAPRO_BLOCK_MIN_SIZE.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d4a217a408da4bd63acc02cd8f9ebe378a2ad65a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wmaprodec.c

commit | commitdiff | tree

Luca Barbato [Fri, 28 Jun 2013 03:21:33 +0000 (05:21 +0200)]

wmapro: return early on unsupported condition

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6652338f43ef623045912d7f28b61adea05d27ae)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wmaprodec.c

commit | commitdiff | tree

Luca Barbato [Fri, 28 Jun 2013 03:23:21 +0000 (05:23 +0200)]

wmapro: check num_vec_coeffs against the actual available buffer

Prevent yet another buffer overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 38229362529ed1619d8ebcc81ecde85b23b45895)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

commit | commitdiff | tree

Luca Barbato [Fri, 28 Jun 2013 02:03:47 +0000 (04:03 +0200)]

wmapro: make sure there is room to store the current packet

Prevent horrid and hard to trace struct overwrite.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e30b068ef79f604ff439418da07f7e2efd01d4ea)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

commit | commitdiff | tree

Reinhard Tartler [Sat, 6 Jul 2013 07:46:07 +0000 (09:46 +0200)]

lavc: move put_bits_left in put_bits.h

(cherry picked from commit afe03092dd693d025d43e1620283d8d285c92772)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/dv.c

commit | commitdiff | tree

Luca Barbato [Sun, 9 Jun 2013 16:27:05 +0000 (18:27 +0200)]

4xm: do not overread the source buffer in decode_p_block

Check for out of picture macroblocks before calling mcdc.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 94aefb1932be882fd93f66cf790ceb19ff575c19)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/4xm.c

Domain: Multimedia / Media Content;

RSS Atom