Andreas Cadhalpun [Mon, 2 Mar 2015 15:52:26 +0000 (16:52 +0100)]
rmenc: limit packet size
The chunk size is limited to UINT16_MAX (written by avio_wb16), so make
sure that the packet size is not too large.
Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Andreas Cadhalpun [Mon, 2 Mar 2015 19:47:57 +0000 (20:47 +0100)]
webp: validate the distance prefix code
According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.
If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Andreas Cadhalpun [Tue, 3 Mar 2015 20:31:15 +0000 (21:31 +0100)]
rv10: check size of s->mb_width * s->mb_height
If it doesn't fit into 12 bits it triggers an assertion.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Federico Tomassetti [Wed, 18 Feb 2015 12:11:44 +0000 (12:11 +0000)]
eamad: check for out of bounds read
Bug-Id: CID 1257500
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Federico Tomassetti [Wed, 18 Feb 2015 12:11:43 +0000 (12:11 +0000)]
mdec: check for out of bounds read
Bug-Id: CID 1257501
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Sun, 22 Feb 2015 19:49:52 +0000 (19:49 +0000)]
configure: Properly fail when libcdio/cdparanoia is not found
Anton Khirnov [Sat, 7 Mar 2015 21:06:59 +0000 (22:06 +0100)]
tiff: Check that there is no aliasing in pixel format selection
Fixes possible issues with unexpected bpp/bppcount values.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Bug-Id: CVE-2014-8544
(cherry picked from commit
ae5e1f3d663a8c9a532d89e588cbc61f171c9186)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Fri, 27 Feb 2015 19:00:25 +0000 (19:00 +0000)]
aic: Fix decoding files with odd dimensions
Normally the aic decoder finds the proper slice combination (multiple of
some number less than 32) but in case of odd width, it resorts to the
default values, which were actually swapped.
The number of slices is modified to account for such odd width cases.
CC: libav-stable@libav.org
(cherry picked from commit
e878ec0d47cd6228c367b2f3128b76d7523f7255)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Tue, 3 Mar 2015 10:05:15 +0000 (11:05 +0100)]
vorbis: Check the vlc value in setup_classifs
The valid returned values are always at most 11bit.
Remove the previous check that assumed larger values plausible and
use a signed integer to check get_vlc2 return values.
CC: libav-stable@libav.org
(cherry picked from commit
0025f7408a0fab2cab4a950064e4784a67463994)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Martin Storsjö [Thu, 5 Mar 2015 21:38:00 +0000 (23:38 +0200)]
arm: Suppress tags about used cpu arch and extensions
When all the codepaths using manually set .arch/.fpu code is
behind runtime detection, the elf attributes should be suppressed.
This allows tools to know that the final built binary doesn't
strictly require these extensions.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
dcae2e32f7d8a1ca5fb8c1e4aa81313be854dd73
and
b77e335e441040a40fc6156b8e4a134745d10233)
Signed-off-by: Martin Storsjö <martin@martin.st>
Reinhard Tartler [Sun, 8 Mar 2015 15:12:14 +0000 (11:12 -0400)]
doc: Update changelog for v11.3
Reinhard Tartler [Sun, 8 Mar 2015 15:06:15 +0000 (11:06 -0400)]
Prepare for 11.3 Release
Luca Barbato [Wed, 25 Feb 2015 14:29:15 +0000 (15:29 +0100)]
prores: Extend the padding check to 16bit
Some files produced by the official encoder have up to 16bit of
padding instead of the expected padding to the byte.
Use a self-explanatory macro instead of a simple number.
CC: libav-stable@libav.org
(cherry picked from commit
dbc1163b203b175d246b7454c32ac176f84006d1)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Mark McGough [Sun, 12 Oct 2014 10:24:07 +0000 (18:24 +0800)]
icecast: Do not use chunked post
Icecast uses HTTP 1.0 while Libav uses HTTP 1.1 and enables by
default chunked post.
Icecast actually forwards the HTTP chunk headers to the listener
as part of the media stream (without the chunk encoding HTTP headers)
causing the players to lose sync.
Disabling the option is enough to feed icecast properly.
(cherry picked from commit
76c70e33d2244a688832f03b53862eb5d9ad3b01)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Tue, 6 Jan 2015 15:47:18 +0000 (16:47 +0100)]
img2dec: correctly use the parsed value from -start_number
Previously the image sequence was always starting from the minimum
number rather than the requested one.
CC: libav-stable@libav.org
Michael Niedermayer [Thu, 31 Jan 2013 03:20:24 +0000 (04:20 +0100)]
h264_cabac: Break infinite loops
This fixes out of array reads and/or infinite loops.
30 is the maximum number of bits that can be read into
coeff_abs below.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Martin Storsjö <martin@martin.st>
Carl Eugen Hoyos [Sun, 22 Feb 2015 17:46:49 +0000 (17:46 +0000)]
hevc_deblock: Fix compilation with nasm
CC: libav-stable@libav.org
Bug-Id: 795
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Anton Khirnov [Thu, 12 Feb 2015 12:06:49 +0000 (13:06 +0100)]
h264: initialize H264Context.avctx in init_thread_copy
This prevents using a wrong (first thread's) AVCodecContext if decoding
a frame in the first pass over all threads fails.
(cherry picked from commit
a06b0b1295c51d100101e0ca0434e199ad6de6b5)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer [Sun, 25 Aug 2013 01:01:19 +0000 (03:01 +0200)]
h264: Do not share rbsp_buffer across threads
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
CC: libav-stable@libav.org
(cherry picked from commit
61928b68dc28e080b8c8191afe5541123c682bbd)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Thu, 12 Feb 2015 11:26:58 +0000 (12:26 +0100)]
h264: only ref cur_pic in update_thread_context if it is initialized
It may be empty if the previous thread's decode call did not contain a
valid frame.
(cherry picked from commit
0dea4c77ccf5956561bb8991311b3d834bb5fa40)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Xiaohan Wang [Thu, 6 Nov 2014 20:59:54 +0000 (12:59 -0800)]
matroskadec: Fix read-after-free in matroska_read_seek()
In matroska_read_seek(), |tracks| is assigned at the begining of the
function. However, functions like matroska_parse_cues() could reallocate
the tracks and invalidate |tracks|.
This assigns |tracks| only before using it, so that it will not get
invalidated elsewhere.
Bug-Id: chromium/427266
Luca Barbato [Fri, 12 Sep 2014 22:26:21 +0000 (00:26 +0200)]
log: Unbreak no-tty support on 256color terminals
Luca Barbato [Wed, 14 Jan 2015 17:05:57 +0000 (18:05 +0100)]
Prepare for 11.2 Release
Luca Barbato [Mon, 12 Jan 2015 23:33:23 +0000 (00:33 +0100)]
doc: Update the Changelog for release 11.2
Michael Niedermayer [Tue, 11 Nov 2014 12:27:00 +0000 (13:27 +0100)]
vp7: fix checking vp7_feature_value_size()
CC: libav-stable@libav.org
Bug-Id: CID 1197061
(cherry picked from commit
29234f56818135faf2f1868ab324c073abd28fbd)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Tue, 11 Nov 2014 12:26:55 +0000 (13:26 +0100)]
libopusenc: prevent an out-of-bounds read by returning early
CC: libav-stable@libav.org
Bug-Id: CID 1244188
(cherry picked from commit
8dd0a2c5cf40a8a49faae985adc11750b6429132)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Tue, 11 Nov 2014 12:27:02 +0000 (13:27 +0100)]
display: fix order of operands
CC: libav-stable@libav.org
Bug-Id: CID 1238828 / CID 1238832
(cherry picked from commit
b1b1a7370e141c912e3d0bbaa668dcee05c3ad67)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Tue, 11 Nov 2014 16:40:04 +0000 (17:40 +0100)]
ffv1: fix out-of-bounds read
CC: libav-stable@libav.org
Bug-Id: CID 1047234
(cherry picked from commit
6abe7edabb7d57e82d7ea6312d30cf05d2192c5b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 12 Nov 2014 10:13:02 +0000 (11:13 +0100)]
indeo3: check ff_set_dimensions return value
CC: libav-stable@libav.org
Bug-Id: CID 1135740
(cherry picked from commit
c6d7c201dfa80502cb6cefbee7dc9160cedb5187)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 12 Nov 2014 10:13:04 +0000 (11:13 +0100)]
g2meet: check ff_set_dimensions return value
CC: libav-stable@libav.org
Bug-Id: CID 1135739
(cherry picked from commit
2b5c1efa1465d8646f8be525cace7a21404e40ad)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 12 Nov 2014 10:13:05 +0000 (11:13 +0100)]
avs: check ff_set_dimensions return value
CC: libav-stable@libav.org
Bug-Id: CID 1135738
(cherry picked from commit
c7384664ba0cbb12d882effafbc6d321ae706cff)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 12 Nov 2014 10:13:06 +0000 (11:13 +0100)]
ansi: check ff_set_dimensions return value
CC: libav-stable@libav.org
Bug-Id: CID 1135737
(cherry picked from commit
994ab1804b8bf532f44876927b07b51f1f63247f)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 12 Nov 2014 10:13:07 +0000 (11:13 +0100)]
svq1enc: check ff_get_buffer return value
CC: libav-stable@libav.org
Bug-Id: CID 747723
(cherry picked from commit
59846452af762f6af5ced4399e8dcd709ca50fcd)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Michael Niedermayer [Wed, 12 Nov 2014 10:13:01 +0000 (11:13 +0100)]
on2avc: Fix out of array access
CC: libav-stable@libav.org
Bug-Id: CID 1206648
(cherry picked from commit
2fa6d21124bd2fc0b186290f5313179263bfcfb7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Sun, 16 Nov 2014 23:22:22 +0000 (00:22 +0100)]
librtmp: append the correct field to the string
Also prevent a NULL pointer dereference.
CC: libav-stable@libav.org
Bug-Id: CID 1250329 / CID 1250331
(cherry picked from commit
a28468d0daf4be14761c16a3ddd33266b2380123)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Sun, 16 Nov 2014 23:22:27 +0000 (00:22 +0100)]
lavc: fix bitshifts amount bigger than the type
CC: libav-stable@libav.org
Bug-Id: CID 1194387 / CID 1194389 / CID 1194393 / CID 1206638
(cherry picked from commit
85dc006b1a829726dd5e3a9b0fcc6a1dbfe6dffa)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Martin Storsjö [Tue, 18 Nov 2014 11:52:26 +0000 (13:52 +0200)]
configure: Fix enabling memalign_hack automatically
simd_align_16 is a configure item that can be enabled or disabled,
it's not a variable containing a list of other configure items
as need_memalign previously. This was broken in
eba2233b5.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
7813e6752bdab38a5686c301e869ee71d97bce69)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Martin Storsjö [Fri, 21 Nov 2014 12:23:02 +0000 (14:23 +0200)]
lavc: Move the libtwolame encoder registration to the list for external libraries
This makes sure the default behaviour of using the internal encoder
stays the same regardless if libtwolame is enabled or not (as for
any external library).
This fixes fate-lavf-mpg if libav is built with libtwolame enabled.
CC: libav-stable@libav.org
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit
aa8b39d999589154f79300de9038994d0093cd34)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Sun, 16 Nov 2014 23:22:21 +0000 (00:22 +0100)]
xwma: Do not leak on failure path
CC: libav-stable@libav.org
Bug-Id: CID 1087092
(cherry picked from commit
fd9badd3cb3b60f5c54dcea35523e1ecca2f67a6)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Fri, 21 Nov 2014 11:56:59 +0000 (11:56 +0000)]
libtwolame: prevent a NULL pointer dereference
CC: libav-stable@libav.org
Bug-Id: CID 1250330 / CID 1250335
(cherry picked from commit
a42d5c861fea8d18d997c6ba3f4a1d8aa95a288b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Sun, 9 Nov 2014 07:48:47 +0000 (08:48 +0100)]
dvdsubdec: Do not leak on failure path
CC: libav-stable@libav.org
Bug-Id: CID 1198262
(cherry picked from commit
d466d82faaf6e0e57a3a4be5e38e3902ef251ac3)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 12 Nov 2014 18:10:44 +0000 (19:10 +0100)]
qdm2: avoid integer overflow
CC: libav-stable@libav.org
Bug-Id: CID 700555
(cherry picked from commit
1f80742f49a9a4e846c9f099387881abc87150b2)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Fri, 21 Nov 2014 12:57:42 +0000 (12:57 +0000)]
mpegenc: prevent a NULL pointer dereference
CC: libav-stable@libav.org
Bug-Id: CID 29261
(cherry picked from commit
065923b0781b06a2604f69f4e2c2407b7750a854)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Fri, 21 Nov 2014 12:57:40 +0000 (12:57 +0000)]
aacdec: avoid an out-of-bounds write
Also move the check in the case it is actually used.
CC: libav-stable@libav.org
Bug-Id: CID 1087090
(cherry picked from commit
b99ca863506f0630514921b740b78364de67a3ff)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Sun, 23 Nov 2014 15:09:05 +0000 (16:09 +0100)]
cook: Make sure there is enough extradata
At least 8 bytes are needed (Mono audio).
Bug-Id: CID 741418
CC: libav-stable@libav.org
(cherry picked from commit
299d8ab104fb350254eb2e6d9ecdce892a2a55b1)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Sun, 9 Nov 2014 07:48:43 +0000 (08:48 +0100)]
tiffenc: initialize return value
'ret' can only be used without initialization if s->height <= 0, which can
only happen if avctx->height <= 0, which is validated elsewhere. Doesn't hurt
to still initialize it though.
CC: libav-stable@libav.org
Bug-Id: CID 732296
(cherry picked from commit
0562887a984388fdc7a9b71c9374ff9c756fb4f1)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Michael Niedermayer [Wed, 12 Nov 2014 10:13:10 +0000 (11:13 +0100)]
roqaudio: Always use the frame buffer on flush
Prevent NULL dereference.
CC: libav-stable@libav.org
Bug-Id: CID 703669
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
(cherry picked from commit
55b59fab880a9fcdd30f97c5170af282087ac4f7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Mon, 24 Nov 2014 00:04:39 +0000 (01:04 +0100)]
hnm4: Use av_image_check_size
As done for all the other codecs not calling it indirectly.
CC: libav-stable@libav.org
Bug-Id: CID 1135770 / CID 1135771
Vittorio Giovara [Sun, 9 Nov 2014 07:48:35 +0000 (08:48 +0100)]
png_parser: fix size of chunk_lenght
Fixes the comparison against constant value 0x7fffffff.
CC: libav-stable@libav.org
Bug-Id: CID 1198260
Michael Niedermayer [Thu, 30 Oct 2014 00:52:04 +0000 (00:52 +0000)]
aacsbr: change order of operation to prevent out of array read
CC: libav-stable@libav.org
Bug-Id: CID 732250
Vittorio Giovara [Fri, 24 Oct 2014 12:15:40 +0000 (13:15 +0100)]
assdec: check av_new_packet return value
CC: libav-stable@libav.org
Bug-Id: CID 703626
Vittorio Giovara [Fri, 24 Oct 2014 12:15:36 +0000 (13:15 +0100)]
mtv: improve header check and avoid division by zero
CC: libav-stable@libav.org
Bug-Id: CID 732203 / CID 732204
Vittorio Giovara [Wed, 22 Oct 2014 13:36:32 +0000 (14:36 +0100)]
matroskaenc: write correct Display{Width, Height} in stereo encoding
should be the raw amount of pixels (for example 3840x1080 for full HD side by
side) and the DisplayWidth/Height in pixels should be the amount of pixels for
one plane (1920x1080 for that full HD stream)."
So, move the aspect ratio check in the mkv_write_stereo_mode() function
and always write the embl when stereo format and/or aspect ration is set.
Also add a few comments to that function.
CC: libav-stable@libav.org
Found-by: Asan Usipov <asan.usipov@gmail.com>
Vittorio Giovara [Mon, 20 Oct 2014 13:11:25 +0000 (14:11 +0100)]
mov: fix assigment check
CC: libav-stable@libav.org
Bug-Id: CID 1197050
Vittorio Giovara [Thu, 23 Oct 2014 23:05:57 +0000 (00:05 +0100)]
mxfdec: add missing break
CC: libav-stable@libav.org
Bug-Id: CID 732232
Luca Barbato [Sun, 19 Oct 2014 22:48:49 +0000 (00:48 +0200)]
lavf: replace rename() with ff_rename()
The new function wraps errno so that its value is correctly reported
when other functions overwrite it (eg. in case of logging).
CC: libav-stable@libav.org
Bug-Id: CID 1135748
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Vittorio Giovara [Mon, 20 Oct 2014 13:11:15 +0000 (14:11 +0100)]
img2dec: check av_new_packet return value
CC: libav-stable@libav.org
Bug-Id: CID 1087077
Vittorio Giovara [Mon, 20 Oct 2014 13:11:14 +0000 (14:11 +0100)]
audiointerleave: check av_new_packet return value
CC: libav-stable@libav.org
Bug-Id: CID 1087078
Vittorio Giovara [Mon, 20 Oct 2014 13:11:13 +0000 (14:11 +0100)]
avfilter: check filter link validity
Remove now redundant check.
CC: libav-stable@libav.org
Bug-Id: CID 700371
Anton Khirnov [Sat, 18 Oct 2014 14:25:16 +0000 (16:25 +0200)]
mp3dec: fix reading the Xing tag
The quality scale field is only supposed to be present if the fourth bit
is set. In practice, lame always sets it, but other tools might not.
CC:libav-stable@libav.org
Vittorio Giovara [Mon, 20 Oct 2014 13:11:19 +0000 (14:11 +0100)]
nutdec: check av_new_packet return value
CC: libav-stable@libav.org
Bug-Id: CID 733713
Vittorio Giovara [Mon, 20 Oct 2014 13:11:17 +0000 (14:11 +0100)]
rmdec: check av_new_packet return value
CC: libav-stable@libav.org
Bug-Id: CID 733714
Vittorio Giovara [Sat, 18 Oct 2014 15:10:35 +0000 (16:10 +0100)]
vf_format: check input validity
CC: libav-stable@libav.org
Vittorio Giovara [Sat, 18 Oct 2014 00:12:13 +0000 (01:12 +0100)]
aviobuf: check context before using it
Avoid a possible null pointer dereference.
CC: libav-stable@libav.org
Bug-Id: CID 1135769
Michael Niedermayer [Sat, 18 Oct 2014 00:12:12 +0000 (01:12 +0100)]
avio: fix sizeof argument
CC: libav-stable@libav.org
Bug-Id: CID 732284
Vittorio Giovara [Fri, 17 Oct 2014 13:31:35 +0000 (14:31 +0100)]
swscale: fix sign extensions in yuv planar conversion
Casting the left-most byte to unsigned avoids an undefined
result of the shift by 24 if bit 7 is set.
yuvPlanartouyvy_c and yuvPlanartoyuy2_c are affected.
CC: libav-stable@libav.org
Bug-Id: CID 732281 / CID 732282
Timothy Gu [Wed, 15 Oct 2014 16:32:54 +0000 (17:32 +0100)]
oss_audio: use a macro to simplify ioctl() error checking
Also add a note about SNDCTL_DSP_GETFMTS which may fail even if OSS is
available.
CC: libav-stable@libav.org
Bug-Id: CID 1238992
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Luca Barbato [Wed, 15 Oct 2014 16:32:57 +0000 (17:32 +0100)]
avresample: Make sure the even check does not overflow
CC: libav-stable@libav.org
Bug-Id: CID 732225
Vittorio Giovara [Fri, 17 Oct 2014 09:07:11 +0000 (10:07 +0100)]
af_resample: check av_opt_set_dict return value
CC: libav-stable@libav.org
Bug-Id: CID 1087076
Vittorio Giovara [Fri, 17 Oct 2014 09:07:09 +0000 (10:07 +0100)]
vf_showinfo: Forward the av_image_get_linesize error
CC: libav-stable@libav.org
Bug-Id: CID 1087086
Luca Barbato [Fri, 17 Oct 2014 09:07:10 +0000 (10:07 +0100)]
vf_drawtext: Do not leak the mmapped textfile
And validate its size while at it.
CC: libav-stable@libav.org
Bug-Id: CID 1244189
Luca Barbato [Wed, 15 Oct 2014 00:43:30 +0000 (02:43 +0200)]
cmdutils: Use the correct guard
The OptionDef arrays are terminated with a { NULL } element not NULL.
CC: libav-stable@libav.org
Bug-Id: CID 703769
Luca Barbato [Wed, 15 Oct 2014 00:35:55 +0000 (02:35 +0200)]
avformat: Make avformat_free_context handle NULL
Work as the other free()-like functions.
Bug-Id: CID 1087081
CC: libav-stable@libav.org
Michael Lynch [Tue, 14 Oct 2014 20:30:39 +0000 (16:30 -0400)]
rtsp: Check a memory allocation
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Luca Barbato [Thu, 4 Dec 2014 11:00:01 +0000 (12:00 +0100)]
rm: Use the correct codec_data_size signedness
The function takes a size and not an offset.
CC: libav-stable@libav.org
Sample-Id: rm_deadlock.rm
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Fri, 5 Dec 2014 14:31:20 +0000 (15:31 +0100)]
latm: Do not give a score for a single instance
Bug-Id: 773
CC: libav-stable@libav.org
Luca Barbato [Sat, 6 Dec 2014 11:32:25 +0000 (12:32 +0100)]
mp3: Tweak the probe scores
Having more than 10 consecutive frames decoded as mp3 should be
considered a clear signal that the sample is mp3 and not mpegps.
Reported-By: Florian Iragne <florian@iragne.fr>
CC: libav-stable@libav.org
Vittorio Giovara [Fri, 5 Dec 2014 02:15:09 +0000 (02:15 +0000)]
vf_frei0r: do not increment string if it reached the end
Bug-Id: 778
CC: libav-stable@libav.org
Michael Niedermayer [Sat, 6 Dec 2014 10:40:30 +0000 (11:40 +0100)]
svq1dec: Unbreak the scratch buffer allocation
The input packets are always assumed to be padded and
the av_fast_ family of function takes a pointer to a pointer.
Thanks to Nicolas Dufresne <nicolas.dufresne@collabora.com> for
a similar patch.
Introduced in
7b588bb691644e1b3c168b99accf74248a24e3cf.
Bug-Id: 766
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Thiago Santos [Sun, 14 Dec 2014 20:59:27 +0000 (22:59 +0200)]
vaapi: wrap codec specific functions in appropiate #ifs
Fix linking when only a subset of vaapi decoders is enabled.
Bug-Id: 760
CC: libav-stable@libav.org
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 10 Dec 2014 01:41:44 +0000 (01:41 +0000)]
hevc: always clip luma_log2_weight_denom
Its value shall be between 0 and 7 according to the specifications.
CC: libav-stable@libav.org
Bug-Id: CID 1257502
Luca Barbato [Wed, 10 Dec 2014 00:43:50 +0000 (01:43 +0100)]
prores: Evaluate all the quantizers
Prevent an uninitialized data access.
CC: libav-stable@libav.org
Bug-Id: CID 703824 / CID 703825
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Wed, 10 Dec 2014 01:44:20 +0000 (02:44 +0100)]
tiff: Check the check_size() return value and forward it
Also use the same type for add_entry and check_size.
Bug-Id: CID 700699
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Vittorio Giovara <vittorio.giovarao@gmail.com>
Martin Storsjö [Wed, 17 Dec 2014 11:50:06 +0000 (13:50 +0200)]
rtpdec_h263_rfc2190: Clear the stored bits if discarding buffered data
If we throw away the buffered incomplete frame, make sure to also
throw away the buffered bits of an incomplete byte at the same
time.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
df07c07b3de0a5e8890078944de1eb5cb8372ef8)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Michael Niedermayer [Fri, 15 Aug 2014 00:50:41 +0000 (02:50 +0200)]
h261dec: Fix context initialization sequence
ff_mpv_common_init sets s->context_initialized.
This fixes decoding of h261 in the cases where the demuxer
hasn't already set the frame size.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
3bb465245fed6069512e6821000391beae8a6066)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Tue, 16 Dec 2014 09:43:48 +0000 (10:43 +0100)]
cmdutils: check file access functions return values
CC: libav-stable@libav.org
Bug-Id: CID 703706
(cherry picked from commit
38129c26c51b933d7db423f904ba0cd6a88ca1ed)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 17 Dec 2014 13:53:43 +0000 (14:53 +0100)]
aacenc: correctly check returned value
CC: libav-stable@libav.org
(cherry picked from commit
971099ff5a85377579eb5b8d3620e283957f097e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 17 Dec 2014 14:19:43 +0000 (15:19 +0100)]
lavfi: always check av_expr_parse_and_eval() return value
CC: libav-stable@libav.org
Bug-Id: CID 703624
(cherry picked from commit
63be97ec403023fb664798432acedaf6e6922527)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Alexandre Colucci [Wed, 7 Jan 2015 11:18:08 +0000 (12:18 +0100)]
xsub: Support DXSA subtitles
These have a DXSA tag and contain alpha in addition to
color values for palette.
Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
5a1addd7c1d8ff218ed4b84f4f02fdb83980094c)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Anton Khirnov [Thu, 1 Jan 2015 16:56:56 +0000 (17:56 +0100)]
mpeg4audio: check the init_get_bits() return value
Fixes possible invalid reads.
CC:libav-stable@libav.org
(cherry picked from commit
7e4e010b80e76862e83afbd41c25d50e72f0b44c)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Mon, 5 Jan 2015 09:40:41 +0000 (10:40 +0100)]
segment: Fix the failure paths
A failure in segment_end() or segment_start() would lead to freeing
a dangling pointer and in general further calls to seg_write_packet()
or to seg_write_trailer() would have the same faulty behaviour.
CC: libav-stable@libav.org
Reported-By: luodalongde@gmail.com
(cherry picked from commit
b3f04657368a32a9903406395f865e230b1de348)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Wed, 17 Dec 2014 15:02:07 +0000 (16:02 +0100)]
swscale: check memory allocations
CC: libav-stable@libav.org
Bug-Id: CID 1257779
(cherry picked from commit
1dd797e3c9f179f957316a0becbec048b42df8aa)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Vittorio Giovara [Thu, 18 Dec 2014 19:26:57 +0000 (20:26 +0100)]
opt: check memory allocation
CC: libav-stable@libav.org
Bug-Id: CID 1257771
(cherry picked from commit
07a0c0f0005072d115ace61e60f46be68582cc3a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Martin Storsjö [Sat, 3 Jan 2015 19:27:21 +0000 (21:27 +0200)]
libavformat: Check for malloc failures in avformat_new_stream
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
9f810a9b374e0ff8e2a19fd8a7347afe2933e229)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Anton Khirnov [Thu, 25 Dec 2014 21:46:39 +0000 (22:46 +0100)]
h264: restore a block mistakenly removed in
e10fd08a
CC: libav-stable@libav.org
Bug-ID: 781
(cherry picked from commit
60d4c6ff76467d4d8f55c1cc61ab6c618e8ea2f3)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer [Sat, 4 Oct 2014 20:15:07 +0000 (22:15 +0200)]
on2avc: check number of channels
Fixes invalid memory access.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8549
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
cee4490b521fd0d02476d46aa2598af24fb8d686)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer [Fri, 3 Oct 2014 20:50:45 +0000 (22:50 +0200)]
smc: fix the bounds check
Fixes invalid writes when there are more blocks in a run than total
remaining blocks.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
d423dd72be451462c6fb1cbbe313bed0194001ab)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer [Fri, 3 Oct 2014 18:15:52 +0000 (20:15 +0200)]
gifdec: refactor interleave end handling
Fixes invalid writes with very small image heights.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
0b39ac6f54505a538c21fe49a626de94c518c903)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Sun, 14 Dec 2014 20:01:59 +0000 (21:01 +0100)]
mmvideo: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 2.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8543
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit
17ba719d9ba30c970f65747f42d5fbb1e447ca28)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Sun, 14 Dec 2014 20:01:59 +0000 (21:01 +0100)]
jvdec: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 8.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8542
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit
88626e5af8d006e67189bf10b96b982502a7e8ad)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
projects / platform / upstream / libav.git / log