Luca Barbato [Tue, 9 Jul 2013 07:18:16 +0000 (09:18 +0200)]
imc: Catch a division by zero
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
bbf6a4aa20bfe3d7869b2218e66063602dfb8aa7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/imc.c
Luca Barbato [Tue, 9 Jul 2013 02:44:26 +0000 (04:44 +0200)]
atrac3: Error on impossible encoding/channel combinations
Joint stereo encoded mono is impossible.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/atrac3.c
Luca Barbato [Tue, 9 Jul 2013 02:20:23 +0000 (04:20 +0200)]
atrac3: set the getbits context the right buffer_end
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
22e76ec635bafdd1d1ec35581a7ac09e69e3c43e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/atrac3.c
Luca Barbato [Mon, 8 Jul 2013 23:03:13 +0000 (01:03 +0200)]
atrac3: fix error handling
decode_tonal_components returns a proper AVERROR.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
874c8a17ac9b04fb7ac23d003e54e3662dd23b4e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/atrac3.c
Luca Barbato [Thu, 27 Jun 2013 00:50:52 +0000 (02:50 +0200)]
qdm2: check and reset dithering index per channel
Checking per subband would have the index exceed the
dithering noise table size.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
744a11c996641888d477a3981d609e79eeb69ea9)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/qdm2.c
Luca Barbato [Thu, 27 Jun 2013 02:30:20 +0000 (04:30 +0200)]
westwood_vqa: do not free extradata on error in read_header
The extradata is already freed by avformat_open_input on
failure.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
76f5dfbfd902178df4a38221a68dc8540189345a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Thu, 27 Jun 2013 01:19:05 +0000 (03:19 +0200)]
vqavideo: check the version
Prevent out of buffer write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
c4abc9098cacb227dba39bac6aea16b2bceba0d0)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Michael Niedermayer [Mon, 1 Jul 2013 21:38:08 +0000 (23:38 +0200)]
rmdec: Use the AVIOContext given as parameter in rm_read_metadata()
This fixes crashes when playing back certain RealRTSP streams.
When invoked from the RTP depacketizer, the full realmedia
demuxer isn't invoked, but only certain functions from it, where
a separate AVIOContext is passed in as parameter (for the buffer
containing the data to parse). The functions called from within
those entry points should only be using that parameter, not
s->pb. In the depacketizer case, s is the RTSP context, where ->pb
is null.
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
d35b6cd3775456a23b63e73316e244b671caa02f)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Michael Niedermayer [Mon, 24 Jun 2013 12:23:44 +0000 (14:23 +0200)]
avio: Handle AVERROR_EOF in the same way as the return value 0
This makes sure the ffurl_read_complete function actually
returns the number of bytes read, as the documentation of the
function says, even if the underlying protocol uses AVERROR_EOF
instead of 0.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
5d876be87a115b93dd2e644049e3ada2cfb5ccb7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Mon, 24 Jun 2013 16:12:24 +0000 (18:12 +0200)]
wtv: Mark attachment with a negative stream id
A sid 0 would be mismatched to the attachment.
Prevent NULL pointer dereference.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
f5e646a00ac21e500dae4bcceded790a0fbc5246)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Sat, 27 Jul 2013 13:48:41 +0000 (15:48 +0200)]
avidec: Let the inner dv demuxer take care of discarding
(cherry picked from commit
c8f0b20b4a6bb6691928789d83e4b)
CC: libav-stable@libav.org
Justin Ruggles [Mon, 10 Dec 2012 17:44:09 +0000 (12:44 -0500)]
swfdec: do better validation of tag length
Avoids trying to read a packet with 0 or negative size.
Avoids a potential infinite loop due to seeking backwards.
Partially based on a patch by Michael Niedermayer.
(cherry picked from commit
e70c5b034c4787377e82cab2d5565486baec0c2a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Reinhard Tartler [Sun, 30 Jun 2013 14:50:05 +0000 (16:50 +0200)]
Changelog for 0.8.8
Luca Barbato [Mon, 1 Jul 2013 01:05:41 +0000 (03:05 +0200)]
kmvc: Clip pixel position to valid range
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
4e7f0b082d8c4b360312216b9241bec65ff63b35)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/kmvc.c
Luca Barbato [Mon, 1 Jul 2013 01:04:15 +0000 (03:04 +0200)]
kmvc: use fixed sized arrays in the context
Avoid some boilerplate code to dynamically allocate and then free the
buffers.
(cherry picked from commit
8f689770548c86151071ef976cf9b6998ba21c2a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/kmvc.c
Luca Barbato [Wed, 3 Jul 2013 09:18:30 +0000 (11:18 +0200)]
indeo: use a typedef for the mc function pointer
(cherry picked from commit
e6d8acf6a8fba4743eb56eabe72a741d1bbee3cb)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Sun, 13 Jan 2013 18:52:45 +0000 (19:52 +0100)]
lavc: check for overflow in init_get_bits
Fix an undefined behaviour and make the function return a proper
error in case of overflow.
CC: libav-stable@libav.org
(cherry picked from commit
d9cf5f516974c64e01846ca685301014b38cf224)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
7a2ee770f520ae4fd5f009cfc361a18e993dec91)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Sun, 30 Jun 2013 08:40:37 +0000 (10:40 +0200)]
indeo: check for reference when inheriting mvs
The same is done already for qdelta.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
b36e1893ef3430f039c1eaddeedcbb378f9c4444)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Sun, 30 Jun 2013 08:11:05 +0000 (10:11 +0200)]
indeo: use proper error code
(cherry picked from commit
dd3754a48854cd570d38db72394491aab0f36570)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/ivi_common.c
Luca Barbato [Sun, 30 Jun 2013 07:57:56 +0000 (09:57 +0200)]
indeo: Properly forward the error codes
If the tile data size does not match the buffer size it did not
return an AVERROR_INVALIDDATA causing futher corruption later.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
7388c0c58601477db076e2e74e8b11f8a644384a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/ivi_common.c
Luca Barbato [Sat, 29 Jun 2013 00:16:50 +0000 (02:16 +0200)]
wmapro: error out on impossible scale factor offsets
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
02ec656af72030eea4f3d63e30b25625cce6a3df)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 28 Jun 2013 23:56:09 +0000 (01:56 +0200)]
wmapro: check the min_samples_per_subframe
Must be at least WMAPRO_BLOCK_MIN_SIZE.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
d4a217a408da4bd63acc02cd8f9ebe378a2ad65a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wmaprodec.c
Luca Barbato [Fri, 28 Jun 2013 03:21:33 +0000 (05:21 +0200)]
wmapro: return early on unsupported condition
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
6652338f43ef623045912d7f28b61adea05d27ae)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wmaprodec.c
Luca Barbato [Fri, 28 Jun 2013 03:23:21 +0000 (05:23 +0200)]
wmapro: check num_vec_coeffs against the actual available buffer
Prevent yet another buffer overwrite.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
38229362529ed1619d8ebcc81ecde85b23b45895)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 28 Jun 2013 02:03:47 +0000 (04:03 +0200)]
wmapro: make sure there is room to store the current packet
Prevent horrid and hard to trace struct overwrite.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
e30b068ef79f604ff439418da07f7e2efd01d4ea)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Sat, 6 Jul 2013 07:46:07 +0000 (09:46 +0200)]
lavc: move put_bits_left in put_bits.h
(cherry picked from commit
afe03092dd693d025d43e1620283d8d285c92772)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/dv.c
Luca Barbato [Sun, 9 Jun 2013 16:27:05 +0000 (18:27 +0200)]
4xm: do not overread the source buffer in decode_p_block
Check for out of picture macroblocks before calling mcdc.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
94aefb1932be882fd93f66cf790ceb19ff575c19)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/4xm.c
Luca Barbato [Mon, 10 Jun 2013 14:37:43 +0000 (16:37 +0200)]
4xm: check bitstream_size boundary before using it
Prevent buffer overread.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
59d7bb99b6a963b7e11c637228b2203adf535eee)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/4xm.c
Luca Barbato [Thu, 6 Jun 2013 14:58:57 +0000 (16:58 +0200)]
4xm: reject frames not compatible with the declared version
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
145023f57262d21474e35b4a6069cf95136339d4)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/4xm.c
Luca Barbato [Wed, 5 Jun 2013 15:12:16 +0000 (17:12 +0200)]
4xm: use the correct logging context
(cherry picked from commit
08859d19b429c522d6494c186656f4a2d3ff8e21)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/4xm.c
Anton Khirnov [Wed, 13 Feb 2013 19:46:08 +0000 (20:46 +0100)]
4xm: check the return value of read_huffman_tables().
CC:libav-stable@libav.org
(cherry picked from commit
8097fc9a2dd49d8e467b16c8bafaa96242b7fe46)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
bb3f1cad171b31537b64a9d19cabdbff50aca260)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/4xm.c
Anton Khirnov [Tue, 13 Nov 2012 21:10:54 +0000 (22:10 +0100)]
4xm: don't rely on get_buffer() initializing the frame.
(cherry picked from commit
b047c68783aa4042b322af7af043b643d5daf09c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Alexandra Khirnova [Wed, 13 Mar 2013 12:54:27 +0000 (13:54 +0100)]
vmdav: convert to bytestream2
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
0afcf97e1ece51d29bb791698b00cd1b7ba97dcf)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/vmdav.c
Kostya Shishkov [Wed, 12 Jun 2013 12:30:51 +0000 (14:30 +0200)]
smacker: check frame size validity
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
07423ad7836325e03894f2f87ba46a531a1cc0b3)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Kostya Shishkov [Wed, 12 Jun 2013 12:28:07 +0000 (14:28 +0200)]
smacker: pad the extradata allocation
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
4c22baf65363433f8c20efd1022b4ba2d8cf2288)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Kostya Shishkov [Wed, 12 Jun 2013 12:27:00 +0000 (14:27 +0200)]
smacker: check the return value of smacker_decode_tree
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
a2f9937bb04b23a341b0ec0eb1d923bbeb420277)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Kostya Shishkov [Wed, 12 Jun 2013 12:22:24 +0000 (14:22 +0200)]
smacker: fix an off by one in huff.length computation
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
ee205588b250fe5cae0681be8eba51a5403c3272)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Anton Khirnov [Wed, 29 May 2013 14:18:40 +0000 (16:18 +0200)]
Prepare for 0.8.8 Release
Luca Barbato [Mon, 3 Jun 2013 02:53:02 +0000 (04:53 +0200)]
tiff: do not overread the source buffer
At least 2 bytes from the source are read every loop.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
9c2216976907336dfae0e8e38a4d70ca2465a92c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/tiff.c
Anton Khirnov [Wed, 29 May 2013 14:18:40 +0000 (16:18 +0200)]
apetag: use int64_t for filesize
CC: libav-stable@libav.org
(cherry picked from commit
e816aaacd68201b67182f9c70dc680e89a0123e9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 17 May 2013 16:28:33 +0000 (18:28 +0200)]
wavpack: return meaningful errors
And forward those that were already meaningful.
(cherry picked from commit
8c34558131d846d2b10389564caadaa206372fd4)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c
Luca Barbato [Wed, 22 May 2013 10:51:42 +0000 (12:51 +0200)]
wavpack: check packet size early
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
fd06291239c1bb616bf303b5696cc432710b2530)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Wed, 15 May 2013 16:41:41 +0000 (18:41 +0200)]
mjpegdec: validate parameters in mjpeg_decode_scan_progressive_ac
Prevent out of buffer write when decoding broken samples.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
cfbd98abe82cfcb9984a18d08697251b72b110c8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Mon, 13 May 2013 17:32:04 +0000 (19:32 +0200)]
mjpeg: Validate sampling factors
They must be non-zero.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
8aa3500905fec6c4e657bb291b861d43c34d3de9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/mjpegdec.c
Luca Barbato [Tue, 14 May 2013 14:20:14 +0000 (16:20 +0200)]
ljpeg: use the correct number of components in yuv
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
a030279a67ef883df8cf3707774656fa1be81078)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 17 May 2013 16:29:15 +0000 (18:29 +0200)]
wavpack: validate samples size parsed in wavpack_decode_block
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
ed50673066956d6f2201a57c3254569f2ab08d9d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/wavpack.c
Luca Barbato [Fri, 17 May 2013 11:08:55 +0000 (13:08 +0200)]
jpegls: check the scan offset
Prevent an out of array bound write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
abad374909e6416e941351094f4f1446a71f8d23)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/jpeglsdec.c
Reinhard Tartler [Fri, 31 May 2013 20:36:47 +0000 (22:36 +0200)]
jpegls: factorize return paths
Conflicts:
libavcodec/jpeglsdec.c
(cherry picked from commit
4a4107b48944397c914aa39ee16a82fe44db8c4c)
Luca Barbato [Fri, 17 May 2013 10:36:06 +0000 (12:36 +0200)]
jpegls: return meaningful errors
(cherry picked from commit
a5a0ef5e13a59ff53318a45d77c5624b23229c6f)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/jpeglsdec.c
Luca Barbato [Tue, 14 May 2013 13:27:26 +0000 (15:27 +0200)]
mjpegdec: properly report unsupported disabled features
When JPEG-LS support is disabled the decoder would feed the
data to the JPEG Lossless decode_*_scan function resulting in
faulty decoding.
CC: libav-stable@libav.org
(cherry picked from commit
b25e49b187617c486ae3f50a5cbb356fc0e868bb)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Sun, 12 May 2013 06:40:56 +0000 (08:40 +0200)]
update Changelog
Michael Smith [Mon, 21 Jan 2013 18:40:35 +0000 (19:40 +0100)]
proresdec: support mixed interlaced/non-interlaced content
Set interlaced to false if we don't have an interlaced frame
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
0881cbf314982cce8448bd12644ce2a6e0b8c576)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
1fa37f2bfa0f5c50ce61dedf2bbb772d96d71101)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Sat, 11 May 2013 09:57:08 +0000 (11:57 +0200)]
update Changelog
Luca Barbato [Sat, 4 May 2013 10:18:57 +0000 (12:18 +0200)]
wav: Always seek to an even offset
RIFF chunks are aligned to 16bit according to the specification.
Bug-Id:500
CC:libav-stable@libav.org
(cherry picked from commit
ac87eaf856e0fb51917266b899bb15d19b907baf)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Wed, 1 May 2013 17:01:11 +0000 (19:01 +0200)]
id3v2: check for end of file while unescaping tags
Prevent an out of buffer bound write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit
af4cc2605c7a56ecfd84c264aa2b325020418472)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Anton Khirnov [Sat, 27 Apr 2013 16:01:51 +0000 (18:01 +0200)]
indeo3: fix off by one in MV validity check
CC:libav-stable@libav.org
(cherry picked from commit
95220be1faac628d849a004644c0d102df0aa98b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Reinhard Tartler [Tue, 7 May 2013 05:13:50 +0000 (07:13 +0200)]
aac: check the maximum number of channels
Broken bitstreams could report a larger than specified number of
channels and cause outbound writes.
CC:libav-stable@libav.org
(cherry picked from commit
a943a132f36f4df8fe2f749744677b71984abce7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/aacdec.c
Reinhard Tartler [Wed, 24 Apr 2013 19:02:29 +0000 (21:02 +0200)]
update Changelog
Luca Barbato [Wed, 9 Jan 2013 19:49:34 +0000 (20:49 +0100)]
oggdec: fix faulty cleanup prototype
(cherry picked from commit
fba8e5b608577fc660989d0057a55818254a3744)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Tue, 9 Apr 2013 13:25:20 +0000 (15:25 +0200)]
qdm2: check that the FFT size is a power of 2
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit
34f87a58532ed652a6e0283c1d044ee5df0aef0b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Wed, 10 Apr 2013 07:40:20 +0000 (09:40 +0200)]
indeo3: switch parsing the header to bytestream2
Also add an additional sanity check to the alt_quant table.
Fixes invalid reads with corrupted files.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit
66531d634e75b834e89e4a6a0f7470ca018712a1)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Tue, 16 Apr 2013 07:41:28 +0000 (09:41 +0200)]
indeo3: check motion vectors.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit
a0a872d0733f60876b0c93f236bc4606f36fbf89)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Tue, 9 Apr 2013 18:33:25 +0000 (20:33 +0200)]
rv10: check that extradata is large enough
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit
01d376f598fe95478036f5d1e3e5e14ffe32d4bf)
Conflicts:
libavcodec/rv10.c
Anton Khirnov [Wed, 10 Apr 2013 07:59:36 +0000 (09:59 +0200)]
indeo3: fix data size check
The data offsets are relative to the bistream header, which is 16 bytes
after the start of the data.
Fixes invalid reads with corrupted files.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit
34e6af9e204ca6bb18d8cf8ec68fe19b0e083e95)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Wed, 27 Mar 2013 16:56:59 +0000 (17:56 +0100)]
lavf: make sure stream probe data gets freed.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
dbb1425811a672eddf4acf0513237cdf20f83756)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Wed, 27 Mar 2013 17:18:38 +0000 (18:18 +0100)]
dfa: check for invalid access in decode_wdlt().
This can happen when the number of skipped lines is not consistent with
the number of coded lines.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
3623589edc7b1257bb45aa9e52c9631e133f22b6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Thu, 28 Mar 2013 09:33:02 +0000 (10:33 +0100)]
xmv: check audio track parameters validity.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
d1016dccdcb10486245e5d7c186cc31af54b2a9c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Thu, 28 Mar 2013 09:09:36 +0000 (10:09 +0100)]
bmv: check for len being valid in bmv_decode_frame().
It can be 0 or -1 for invalid files, which may result in invalid memory
access.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
b88f902125ee808c8366e9dcb3f21e4c227483fc)
Conflicts:
libavcodec/bmv.c
Anton Khirnov [Thu, 28 Mar 2013 09:34:47 +0000 (10:34 +0100)]
xmv: do not leak memory in the error paths in xmv_read_header()
CC: libav-stable@libav.org
(cherry picked from commit
f8080bd13b5f7fc48204b17fa59a5ce9feb15f07)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Sun, 17 Mar 2013 15:14:58 +0000 (16:14 +0100)]
avfiltergraph: check for sws opts being non-NULL before using them.
Avoid snprintfing a NULL pointer.
CC: libav-stable@libav.org
(cherry picked from commit
6e3c13a559e9ff300b5ca60e1d503e594d7f055c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Sat, 30 Mar 2013 08:46:06 +0000 (09:46 +0100)]
oma: Validate sample rates
The sample rate index is 3 bits even if currently index 5, 6 and 7 are
not supported.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
0933fd1533560fbc718026e12f19a4824b041237)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Wed, 24 Apr 2013 19:01:00 +0000 (21:01 +0200)]
Prepare for 0.8.7 Release
Reinhard Tartler [Sat, 23 Mar 2013 13:48:40 +0000 (14:48 +0100)]
update Changelog
Reinhard Tartler [Sat, 23 Mar 2013 08:43:26 +0000 (09:43 +0100)]
fate: fetch samples that match the release series
The idea is to ensure that 'make fate' always fetches the fate samples
that work with this release.
(cherry picked from commit
a89f68776b2771935a348ce07d0a094ae965acfc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Ronald S. Bultje [Sun, 24 Jun 2012 10:17:13 +0000 (11:17 +0100)]
dxva2: include dxva.h if found
Apparently, some build environments require dxva.h even for dxva2,
while others lack this header entirely. Including it conditionally
allows building in both cases.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
fa84506177f0246b30d4ea6a99ee5d419f3e4550)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Sun, 17 Mar 2013 19:22:19 +0000 (20:22 +0100)]
iff: validate CMAP palette size
Fixes CVE-2013-2495
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
CC: libav-stable@libav.org
(cherry picked from commit
50c449ac24fbb4c03c15d2e2026cef2204b80385)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
31a77177ff323ef83944c60a8654891213ab6691)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Sun, 17 Mar 2013 07:25:46 +0000 (08:25 +0100)]
Changelog: document msrle bugfix
Reinhard Tartler [Sun, 17 Mar 2013 07:23:42 +0000 (08:23 +0100)]
Changelog: cosmetics, remove trailing periods and sort
Anton Khirnov [Tue, 29 Jan 2013 11:24:09 +0000 (12:24 +0100)]
msrledec: check bounds before constructing a possibly invalid pointer,
CC:libav-stable@libav.org
(cherry picked from commit
9bd6375d5f16842306dcecde637ffe605acda26b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
b7765d00f911fe0f8fcda21b93a540f27d2ba2f5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Ronald Bultje [Sat, 31 Mar 2012 17:10:54 +0000 (17:10 +0000)]
msrle: convert MS RLE decoding function to bytestream2.
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
992f71e95dcf57c917531f126ba7499ef9ed87d3)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Thu, 14 Mar 2013 17:06:41 +0000 (18:06 +0100)]
Update Changelog for the 0.8.6 Release
Anton Khirnov [Wed, 6 Mar 2013 08:58:00 +0000 (09:58 +0100)]
wmaprodec: require block_align to be set.
Avoids an infinite loop in the calling programs with decoder not
consuming any input and not returning output.
CC:libav-stable@libav.org
(cherry picked from commit
cacad1c058f66558ec727faac3b277d2dee264d4)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
20373a66ec68d958c266f643a7d0e5ec254c0fcc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Wed, 6 Mar 2013 08:41:44 +0000 (09:41 +0100)]
ivi_common: do not call MC for intra frames when dc_transform is unset
CC:libav-stable@libav.org
(cherry picked from commit
3ba40ebb6cc58753dc3746c718203bb31760deba)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
74880e78d83031d612c941a383b810ff0c9d50c6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Wed, 6 Mar 2013 08:15:19 +0000 (09:15 +0100)]
roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
When there is just 1 byte remanining in the buffer, nothing will be read
and the loop will continue forever. Check that there are at least 8
bytes, which are always read at the beginning.
CC:libav-stable@libav.org
(cherry picked from commit
3e2f200237af977b9253b0aff121eee27bcedb44)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
747fbe0c212b81952bb27ec7b99fa709081e2d63)
Conflicts:
libavcodec/roqvideodec.c
Reinhard Tartler [Thu, 14 Mar 2013 16:55:01 +0000 (17:55 +0100)]
Revert "libmp3lame: use the correct remaining buffer size when flushing"
This reverts commit
5dbb3298b9c1d7beb41c7d3ab19f86d6e027e43d, which was
mistakenly backported.
Xi Wang [Fri, 15 Mar 2013 10:59:22 +0000 (06:59 -0400)]
lzo: fix overflow checking in copy_backptr()
The check `src > dst' in the form `&c->out[-back] > c->out' invokes
pointer overflow, which is undefined behavior in C.
Remove the check. Also replace `&c->out[-back] < c->out_start' with
a safe form `c->out - c->out_start < back' to avoid overflow.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6)
Conflicts:
libavutil/lzo.c
Xi Wang [Fri, 15 Mar 2013 11:11:47 +0000 (07:11 -0400)]
flacdec: simplify bounds checking in flac_probe()
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
8425d693eefbedbb41f91735614d41067695aa37)
Xi Wang [Fri, 15 Mar 2013 10:31:21 +0000 (06:31 -0400)]
atrac3: avoid oversized shifting in decode_bytes()
When `off' is 0, `0x537F6103 << 32' in the following expression invokes
undefined behavior, the result of which is not necessarily 0.
(0x537F6103 >> (off * 8)) | (0x537F6103 << (32 - (off * 8)))
Avoid oversized shifting.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
eba1ff31304e407db3cefd7532108408f364367b)
Conflicts:
libavcodec/atrac3.c
Anton Khirnov [Fri, 15 Mar 2013 07:54:27 +0000 (08:54 +0100)]
avconv: skip attached files when selecting streams to read from.
Fixes Bug 473 / invalid reads when using -attach.
Mans Rullgard [Fri, 7 Dec 2012 13:53:56 +0000 (13:53 +0000)]
lavf: fix arithmetic overflows in avformat_seek_file()
The values compared here can be more than INT64_MAX apart. Since the
difference is always positive, converting to uint64_t before subtracting
gives the correct result without overflows.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit
91ac403b1316d59b4f43c4ea0f237e24cec2819a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Michael Niedermayer [Wed, 3 Oct 2012 14:06:23 +0000 (16:06 +0200)]
parser: fix large overreads
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
096abfa15052977eed93f0b5e01afd2d47c53c1f)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Mans Rullgard [Thu, 26 Apr 2012 13:00:43 +0000 (14:00 +0100)]
dsputil: fix invalid array indexing
Indexing outside an array is invalid and causes errors with
gcc 4.8.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit
0a07f2b346433a9a2677c69c6b29a1a827e39109)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Luca Barbato [Tue, 5 Mar 2013 16:12:35 +0000 (17:12 +0100)]
shorten: use the unsigned type where needed
get_uint returns an unsigned value, use an unsigned to store
blocksize to make sure the comparison logic is correct and report
correctly the error for the channel count not supported.
CC: libav-stable@libav.org
(cherry picked from commit
5cf7c72757779a740e897a97710aac044fe5258c)
(cherry picked from commit
88089eecfd7e604d40d078b4f4206c647cb2e2b4)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/shorten.c
Luca Barbato [Tue, 5 Mar 2013 15:34:16 +0000 (16:34 +0100)]
shorten: report meaningful errors
(cherry picked from commit
4c364eb2b856fc33cf7b42f7c7b979e69fde5f3a)
(cherry picked from commit
0daf1428e82926dc5a8c72a0ff4c93aaa8a84ed9)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Tue, 5 Mar 2013 15:11:28 +0000 (16:11 +0100)]
shorten: K&R formatting cosmetics
(cherry picked from commit
a2ad554def214d2d03b7c16f68dc081a8622f9ca)
(cherry picked from commit
97cc2f286f9e3eed1a00034367ebca58cc05ee39)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/shorten.c
Michael Niedermayer [Tue, 5 Mar 2013 14:13:04 +0000 (15:13 +0100)]
shorten: set invalid channels count to 0
Prevent the loop shorten_decode_close from writing and freeing out of
the array boundary.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
CC: libav-stable@libav.org
(cherry picked from commit
c10da30d8426a1f681d99a780b6e311f7fb4e5c5)
(cherry picked from commit
21d568be179c54a1596d1377b4da7fbe755bfe7f)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Tue, 12 Mar 2013 17:56:28 +0000 (18:56 +0100)]
matroskadec: request a read buffer for the wav header
Solve an infiniloop.
CC: libav-stable@libav.org
(cherry picked from commit
37cb3b180a1dc3d6f123f68e0806585ebc2578b6)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Luca Barbato [Sun, 10 Mar 2013 01:50:52 +0000 (02:50 +0100)]
h264: check for luma and chroma bit depth being equal
The decoder assumes a single bit depth for all the planes while
the specification allows different bit depths for luma and chroma.
Avoid the possible problems described in CVE-2013-2277
Diego Biurrun [Tue, 6 Mar 2012 17:59:03 +0000 (18:59 +0100)]
vc1: Move init code shared between decoder and parser to common code file.
This fixes standalone compilation of the VC-1 parser.
(cherry picked from commit
3c715383ea7012ac69507e6b9189c98675c77461)
Conflicts:
libavcodec/vc1data.h
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Justin Ruggles [Wed, 16 Jan 2013 22:52:55 +0000 (17:52 -0500)]
libmp3lame: use the correct remaining buffer size when flushing
CC:libav-stable@libav.org
(cherry picked from commit
e984f47873258b600fd88423f40e3cdaad179190)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
b77d9cbbd5050eda75030c8926241af3dbe1a8df)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
projects / platform / upstream / libav.git / log