Diego Biurrun [Sun, 26 Jun 2011 11:52:40 +0000 (13:52 +0200)]
build: Add 'check' target to run all compile and test targets.
(cherry picked from commit
4982e1ddfaff5287e05b95957f3c56901d60b56a)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Diego Biurrun [Wed, 25 Jan 2012 13:56:24 +0000 (14:56 +0100)]
Ignore generated aviocat tool.
(cherry picked from commit
50639cbefef8cc9f3df19241be7cf23cde8313b7)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Anton Khirnov [Mon, 22 Oct 2012 20:40:22 +0000 (22:40 +0200)]
avconv: only apply presets when we have an encoder.
Fixes a crash when using a preset with stream copy.
(cherry picked from commit
4e61a38aa038b7027c5ed423635168d463515d24)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Justin Ruggles [Wed, 7 Nov 2012 19:48:28 +0000 (14:48 -0500)]
flacenc: ensure the order is within the min/max range in LPC order search
This fixes use of uninitialized values when the FLAC encoder uses the
2-level, 4-level, and 8-level search methods. Fixes failure of the
fate-flac-24-comp-8 test when run using valgrind.
(cherry picked from commit
3a2731cbd31d0c5681ddbc7c78edd5c53c4d0032)
Conflicts:
libavcodec/flacenc.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 26 Oct 2012 20:55:04 +0000 (22:55 +0200)]
yuv4mpeg: reject unsupported codecs
The muxer already rejects unsupported pixel formats, reject also
unsupported codecs to prevent dangerous misuses.
(cherry picked from commit
424b1e764263b1493de4c34365ef367ddae856db)
Conflicts:
libavformat/yuv4mpeg.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Sami Pietila [Fri, 12 Oct 2012 14:12:49 +0000 (07:12 -0700)]
vp8: reset loopfilter delta values at keyframes.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit
0bf511d579c7b21f1244eec688abf571ca1235bd)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 14 Dec 2012 08:55:04 +0000 (09:55 +0100)]
vp56: release frames on error
Fixes CVE-2012-2783
CC: libav-stable@libav.org
(cherry picked from commit
f33b5ba63eee96c9d1c7f0e568169cb0c3694238)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 14 Dec 2012 07:22:06 +0000 (08:22 +0100)]
vp56: make parse_header return standard error codes
Returning 0 for failure is misleading.
CC: libav-stable@libav.org
(cherry picked from commit
bb675d3ac6d722d5e117ae9042a996b55ca05b1d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Thu, 13 Dec 2012 18:38:20 +0000 (19:38 +0100)]
ivi_common: check that scan pattern is set before using it.
Fixes CVE-2012-2791.
CC: libav-stable@libav.org
(cherry picked from commit
deabb52ab4c1fdb3dd319f3980b1489a182011f1)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Wed, 2 Jan 2013 19:07:48 +0000 (20:07 +0100)]
Prepare for 0.8.5 Release
Diego Biurrun [Sun, 11 Nov 2012 21:41:46 +0000 (22:41 +0100)]
x86: Require an assembler able to cope with AVX instructions
All modern assemblers have this capability. Older NASM versions
that lack the capability produce code that crashes at runtime,
so it's better to error out during the build process instead.
CC: libav-stable@libav.org
(cherry picked from commit
b8e8a07c6c4df93de92480f5c3a14296a6a2a690)
Conflicts:
configure
Mans Rullgard [Thu, 11 Oct 2012 15:08:22 +0000 (16:08 +0100)]
svq3: replace unsafe pointer casting with intreadwrite macros
Signed-off-by: Mans Rullgard <mans@mansr.com>
Reinhard Tartler [Wed, 17 Oct 2012 22:08:30 +0000 (00:08 +0200)]
Update Changelog for the 0.8.4 Release
Anton Khirnov [Fri, 19 Oct 2012 18:39:27 +0000 (20:39 +0200)]
lavc: remove stats_out from the options table.
Since it is declared as a string AVOption, the generic freeing code
attempts to free it on codec close. Some codecs might have already freed
it elsewhere (or didn't even allocate it with av_malloc() in the first
place), so this might lead to an invalid free.
There is no point in having this field accessible as an AVOption, so
remove it from the options table.
Fixes Bug 380.
CC: libav-stable@libav.org
(cherry picked from commit
b691135d0c6a2b1cca91adadaf457c2989c6a55d)
Conflicts:
libavcodec/options_table.h
Reinhard Tartler [Wed, 17 Oct 2012 21:55:27 +0000 (23:55 +0200)]
Prepare for 0.8.4 Release
Alex Converse [Wed, 19 Sep 2012 18:12:58 +0000 (11:12 -0700)]
tiffenc: Check av_malloc() results.
(cherry picked from commit
b92dfb56d4582633571db18c3d904f8602eaa2a6)
Conflicts:
libavcodec/tiffenc.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Luca Barbato [Fri, 28 Sep 2012 12:38:13 +0000 (14:38 +0200)]
mpegaudiodec: fix short_start calculation
The value should be always 3, as it follows from the specification.
Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
(cherry picked from commit
97cfa55eea39cef30abe14682c56c1e4e7f6f10d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Jindřich Makovička [Sat, 29 Sep 2012 09:16:45 +0000 (11:16 +0200)]
h264: avoid stuck buffer pointer in decode_nal_units
When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.
This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.
With this change, the remaining bytes are skipped so the whole packet gets
consumed.
CC:libav-stable@libav.org
Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
1a8c6917f68f7378465e18f7615762bfd22704c2)
Conflicts:
libavcodec/h264.c
Anton Khirnov [Fri, 5 Oct 2012 12:45:30 +0000 (14:45 +0200)]
vf_pad/scale: use double precision for aspect ratios.
Fixes Bug 203.
CC:libav-stable@libav.org
(cherry picked from commit
ba04177eeb690ba4e93ec30fc8eb02f5319f844b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Fri, 5 Oct 2012 13:53:32 +0000 (15:53 +0200)]
yuv4mpeg: return proper error codes.
Fixes Bug 373.
CC:libav-stable@libav.org
(cherry picked from commit
d3a72becc6371563185a509b94f5daf32ddbb485)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Franz Brauße [Fri, 30 Mar 2012 18:40:14 +0000 (14:40 -0400)]
smacker audio: sign-extend the initial 16-bit predicted value
Fixes Bug #265
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
12cbbbb4abda2de0ea123282ccf7ebee61517f7d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Sun, 8 Jul 2012 15:01:17 +0000 (17:01 +0200)]
vf_pad: don't give up its own reference to the output buffer.
Conflicts:
libavfilter/vf_pad.c
Fixes Bug 245
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Justin Ruggles [Wed, 29 Feb 2012 00:33:07 +0000 (19:33 -0500)]
libvorbis: use VBR by default, with default quality of 3
(cherry picked from commit
147ff24a0e8d819615a0f596df3ea47dddd79fdc)
Conflicts:
libavcodec/libvorbis.c
Fixes a part of Bug 277
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Justin Ruggles [Tue, 28 Feb 2012 23:52:30 +0000 (18:52 -0500)]
libvorbis: fix use of minrate/maxrate AVOptions
- enable the options for audio encoding
- properly check for user-set maxrate
- use correct calling order in vorbis_encode_setup_managed()
(cherry picked from commit
182d4f1f3855460ee8634ea052f33332cf9d174e)
Conflicts:
libavcodec/libvorbis.c
Fixes a part of Bug 277
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Ronald S. Bultje [Fri, 16 Mar 2012 22:24:08 +0000 (15:24 -0700)]
h264: fix deadlocks on incomplete reference frame decoding.
If decoding a second complementary field, and the first was
decoded in our thread, mark decoding of that field as complete.
If decoding fails, mark the decoded field/frame as complete.
Do not allow switching between field modes or field/frame mode
between slices within the same field/frame. Ensure that two
subsequent fields cover top/bottom (rather than top/frame,
bottom/frame or such nonsense situations).
Fixes various deadlocks when decoding samples with errors in
reference frames.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
1e26a48fa23ef8e1cbc424667d387184d8155f15)
Fixes Bug 118
Conflicts:
libavcodec/h264.c
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Tue, 11 Sep 2012 09:03:52 +0000 (11:03 +0200)]
cmdutils: avoid setting data pointers to invalid values in alloc_buffer()
Fixes bug 352.
(cherry picked from commit
990450c5bf17afc31a81d6225afaac86d0dca5dd)
Conflicts:
cmdutils.c
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Fri, 28 Sep 2012 13:26:48 +0000 (15:26 +0200)]
avidec: return 0, not packet size from read_packet().
(cherry picked from commit
eeade678f0a2bac127aeed2fb68d8717a6463420)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Sean McGovern [Thu, 2 Aug 2012 19:37:28 +0000 (15:37 -0400)]
wmapro: prevent division by zero when sample rate is unspecified
This fixes Bugzilla #327:
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
(cherry picked from commit
3680b2435101a5de56821718a71c828320d535a0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer [Sat, 28 Jul 2012 11:14:50 +0000 (17:14 +0600)]
vc1dec: check that coded slice positions and interlacing match.
This fixes out of array writes.
Addresses: CVE-2012-2796
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
(cherry picked from commit
1100acbab26883007898c53efeb289f562c6e514)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Thilo Borgmann [Sun, 15 Apr 2012 16:07:12 +0000 (18:07 +0200)]
alsdec: fix number of decoded samples in first sub-block in BGMC mode.
Fixes CVE-2012-2790
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
66197988b1ee914825afbc3084e6da63f862068a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Mans Rullgard [Sun, 1 Jul 2012 12:36:30 +0000 (13:36 +0100)]
alsdec: remove dead assignments
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit
4ca6d206d1b5beea42c4290d2ee801aaf5cd31f0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Thilo Borgmann [Sun, 11 Mar 2012 15:56:23 +0000 (16:56 +0100)]
alsdec: Fix out of ltp_gain_values read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
97f0efbfb86d24f081b2caa39f6249e05c95c2ef)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Wed, 29 Feb 2012 05:10:17 +0000 (06:10 +0100)]
alsdec: Check that quantized parcor coeffs are within range.
ALS spec:
11.6.3.1.1 Quantization and encoding of parcor coefficients
...
In all cases the resulting quantized values ak are restricted to the range [-64,63].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
5b051ec3bdc78f3d89e8d1425674cde8fd6c9ccc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Sat, 7 Apr 2012 15:25:47 +0000 (17:25 +0200)]
alsdec: Check k used for rice decoder.
Values that fail this check will cause failure of decode_rice()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
23aae62c2cb4504a09ceb8cd0cabc1c8b260f521)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Tue, 16 Oct 2012 08:33:52 +0000 (10:33 +0200)]
wav: do not fail on empty INFO tags
Fixes Bug 379
CC: libav-stable@libav.org
Michael Niedermayer [Sat, 24 Mar 2012 01:40:24 +0000 (02:40 +0100)]
cavsdec: check for changing w/h.
Our decoder does not support changing w/h.
Fixes CVE-2012-2777 and CVE-2012-2784.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
c20a69630619d14ae92c5541d52c579d7c8f3e94)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Sat, 14 Apr 2012 18:04:05 +0000 (20:04 +0200)]
indeo4: update AVCodecContext width/height on size change
Fixes CVE-2012-2787
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
b146d74730ab9ec5abede9066f770ad851e45fbc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Fri, 28 Sep 2012 13:42:29 +0000 (15:42 +0200)]
avidec: use actually read size instead of requested size
Fixes CVE-2012-2788
(cherry picked from commit
0af49a63c7f87876486ab09482d5b26b95abce60)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Sat, 14 Apr 2012 09:07:11 +0000 (11:07 +0200)]
wmaprodec: check num_vec_coeffs for validity
Fixes CVE-2012-2789
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
99f392a584dd10b553facc8e819f2c7e982e176d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Sat, 14 Apr 2012 16:28:31 +0000 (18:28 +0200)]
lagarith: check count before writing zeros.
Fixes CVE-2012-2793
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
b631e4ed64f7d1b9ca8f897fda31140e8d1fad81)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Sat, 29 Sep 2012 08:39:49 +0000 (10:39 +0200)]
indeo3: fix out of cell write.
Fixes CVE-2012-2776.
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit
e4d4044339b9c3b0f45f7203cd026eda3c0414c0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Sun, 15 Apr 2012 12:11:50 +0000 (14:11 +0200)]
indeo5: check tile size in decode_mb_info().
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Fixes CVE-2012-2794
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
2d09cdbaf2f449ba23d54e97e94bd97ca22208c6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Janne Grunau [Mon, 23 Jan 2012 20:33:34 +0000 (21:33 +0100)]
indeo5: prevent null pointer dereference on broken files
Found by John Villamil <johnv@matasano.com>
(cherry picked from commit
366ac22ea5a8bab63c7f46cdad2ddb2ff22cdbed)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Sat, 24 Mar 2012 16:43:55 +0000 (17:43 +0100)]
indeo5dec: Make sure we have had a valid gop header.
This prevents decoding happening on a half initialized context.
Fixes CVE-2012-2779
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
891918431db628db17885ed947ee387b29826a64)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Sat, 29 Sep 2012 09:07:58 +0000 (11:07 +0200)]
indeo4/5: check empty tile size in decode_mb_info().
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2012-2800
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit
ae3da0ae5550053583a6f281ea7fd940497ea0d1)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Sat, 29 Sep 2012 09:06:54 +0000 (11:06 +0200)]
ivi_common: make ff_ivi_process_empty_tile() static.
It's not used outside of ivi_common.c
(cherry picked from commit
5d2170c53bf4c2b0499f230c43764e4acf228f88)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Sat, 19 May 2012 14:07:42 +0000 (16:07 +0200)]
indeo: check for invalid motion vectors
(cherry picked from commit
cf61aaaca16810b9b3a28395ed48fda8db0e87d9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Sat, 19 May 2012 11:39:15 +0000 (13:39 +0200)]
indeo: clear allocated band buffers
(cherry picked from commit
23ba1503f2b11057c65052b4a07961236d8d69c7)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Sat, 19 May 2012 11:08:51 +0000 (13:08 +0200)]
indeo: track tile macroblock size
(cherry picked from commit
a6e4ac40a62930d3c90f869990f96fedb9a5d654)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Sat, 19 May 2012 10:23:23 +0000 (12:23 +0200)]
factor out common decoding code for Indeo 4 and Indeo 5
(cherry picked from commit
aa372cf4705343a9fff422ab9ead99cef7e0b415)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Sat, 19 May 2012 10:39:49 +0000 (12:39 +0200)]
indeo: check custom Huffman tables for errors
(cherry picked from commit
fe7a37c36febd71576cbefc385d995a8d6e444e7)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Sat, 29 Sep 2012 11:25:28 +0000 (13:25 +0200)]
dfa: improve boundary checks in decode_dds1()
Fixes CVE-2012-2798
CC:libav-stable@libav.org
(cherry picked from commit
d05f72c75445969cd7bdb1d860635c9880c67fb6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Sun, 6 May 2012 07:46:19 +0000 (09:46 +0200)]
dfa: use more meaningful return codes
(cherry picked from commit
fb5c1aaea60a714dab3d4e6e71228855fd816222)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Kostya Shishkov [Thu, 3 May 2012 18:10:36 +0000 (20:10 +0200)]
dfa: add some checks to ensure that decoder won't write past frame end
(cherry picked from commit
8099187e897ddc90cb3902332c76fb2542dac308)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Paul B Mahol [Tue, 13 Mar 2012 01:58:12 +0000 (01:58 +0000)]
dfa: convert to bytestream2 API
Protects from overreads.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit
29b0d94b43ac960cb442049a5d737a3386ff0337)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Anton Khirnov [Fri, 28 Sep 2012 12:47:56 +0000 (14:47 +0200)]
dfa: check that the caller set width/height properly.
Fixes CVE-2012-2786.
(cherry picked from commit
ee715f49a06bf3898246d01b056284a9bb1bcbb9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Fri, 20 Apr 2012 15:42:18 +0000 (17:42 +0200)]
avsdec: Set dimensions instead of relying on the demuxer.
The decode function assumes that the video will have those dimensions.
Fixes CVE-2012-2801
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
85f477935cd6b34e6ec2716b20e15ce748277a89)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Justin Ruggles [Sat, 29 Sep 2012 15:31:35 +0000 (11:31 -0400)]
ac3dec: ensure get_buffer() gets a buffer for the correct number of channels
If there is an error during frame parsing, but AVCodecContext.channels was
changed and AC3DecodeContext.out_channels was set previously, the two may not
match.
Fixes CVE-2012-2802
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
56b6a43056235fc110a018678da590595734203d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Martin Storsjö [Mon, 2 Jul 2012 07:39:25 +0000 (10:39 +0300)]
snow: Check mallocs at init
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
4d8516fdb15d0177ad745228508254dee187dff9)
Conflicts:
libavcodec/snow.c
Alex Converse [Tue, 5 Jun 2012 01:27:03 +0000 (18:27 -0700)]
vorbis: Validate that the floor 1 X values contain no duplicates.
Duplicate values in this vector are explicitly banned by the Vorbis I spec
and cause divide-by-zero crashes later on.
(cherry picked from commit
ecf79c4d3e8baaf2f303278ef81db6f8407656bc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Justin Ruggles [Thu, 23 Feb 2012 00:23:18 +0000 (19:23 -0500)]
vorbisenc: check all allocations for failure
(cherry picked from commit
be8d812c9635f31f69c30dff9ebf565a07a7dab7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Kostya Shishkov [Mon, 14 May 2012 17:46:54 +0000 (19:46 +0200)]
indeo3: validate new frame size before resetting decoder
(cherry picked from commit
6de226a2b8b703abc823f18c3fd7f39a0787aeb5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Mina Nagy Zaki [Wed, 8 Jun 2011 16:24:25 +0000 (19:24 +0300)]
lavfi: avfilter_merge_formats: handle case where inputs are same
This fixes a double-free crash if lists are the same due to the two
merge_ref() calls at the end of the (useless) merging that happens.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit
11b6a82412bcd372adf694a26d83b07d337e1325)
Conflicts:
libavfilter/formats.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Janne Grunau [Fri, 23 Mar 2012 21:30:38 +0000 (22:30 +0100)]
rv34: error out on size changes with frame threading
Fixes CVE-2012-2772
(cherry picked from commit
cb7190cd2c691fd93e4d3664f3fce6c19ee001dd)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Janne Grunau [Fri, 28 Sep 2012 10:25:10 +0000 (12:25 +0200)]
rv34: Handle only complete frames in frame-mt.
Correct handling of errors to prevent hags or crashes is very complex
otherwise.
The frame initializing is also moved from decode_slice() to
decode_frame() for clarity.
(cherry picked from commit
73ad4471a48bd02b2c2a55de116161b87e061023)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Janne Grunau [Mon, 13 Feb 2012 20:14:19 +0000 (21:14 +0100)]
rv34: use AVERROR return values in ff_rv34_decode_frame()
Also adds an error message.
(cherry picked from commit
29330721b0e8514f9f8b4d54be75a662a2b79e44)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Martin Storsjö [Thu, 9 Feb 2012 09:37:58 +0000 (11:37 +0200)]
vlc/rl: Add ff_ prefix to the nonstatic symbols
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
e96b4a53df101403c54e329abfadad2edddc47c4)
Conflicts:
libavcodec/4xm.c
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Martin Storsjö [Thu, 9 Feb 2012 09:28:46 +0000 (11:28 +0200)]
h263: Add ff_ prefix to nonstatic symbols
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
ddce8953a5056800ec795df2dfd84fc17a11b5fc)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer [Sat, 24 Mar 2012 00:39:13 +0000 (01:39 +0100)]
alsdec: check opt_order.
Fixes out of array write in quant_cof.
Also make sure no invalid opt_order stays in the context.
Fixes CVE-2012-2775
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
9853e41aa0a6cfff629ff7009685eb8bf8d64e7f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Justin Ruggles [Mon, 11 Jun 2012 14:29:57 +0000 (10:29 -0400)]
golomb: check remaining bits during unary decoding in get_ur_golomb_jpegls()
Fixes infinite loop in FLAC decoding in case of a truncated bitstream due to
the safe bitstream reader returning 0's at the end.
Fixes Bug 310.
CC:libav-stable@libav.org
(cherry picked from commit
4795362660a526a38a7a60f06826bce97a092b59)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Fri, 15 Jun 2012 17:58:11 +0000 (19:58 +0200)]
lavf: don't segfault when a NULL filename is passed to avformat_open_input()
This can easily happen when the caller is using a custom AVIOContext.
Behave as if the filename was an empty string in this case.
CC: libav-stable@libav.org
(cherry picked from commit
a5db8e4a1a5449cc7a61e963c9fa698a4f22131b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer [Sun, 20 Nov 2011 16:19:25 +0000 (17:19 +0100)]
mpegvideo: Don't use ff_mspel_motion() for vc1
Using ff_mspel_motion assumes that s (a MpegEncContext
poiinter) really is a Wmv2Context.
This fixes crashes in error resilience on vc1/wmv3 videos.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
18f2d5cb9c48d06895960f37467576725c9dc2d1)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Janne Grunau [Mon, 2 Jul 2012 08:46:39 +0000 (10:46 +0200)]
imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
CC: libav-stable@libav.org
(cherry picked from commit
39bb27bf79bc4c2d8beaed637a14176264cb1916)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Max Lazarov [Sat, 31 Mar 2012 06:56:56 +0000 (23:56 -0700)]
eval: fix swapping of lt() and lte()
CC: libav-stable@libav.org
(cherry picked from commit
caac3ab6efde4fc9769e8a7472269356f262970a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Janne Grunau [Mon, 6 Aug 2012 11:59:04 +0000 (13:59 +0200)]
nuv: check RTjpeg header for validity
CC: libav-stable@libav.org
(cherry picked from commit
859a579e9bbf47fae2e09494c43bcf813dcb2fad)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Janne Grunau [Mon, 6 Aug 2012 11:50:51 +0000 (13:50 +0200)]
Revert "nuv: check per-frame header for validity."
The check is bogus since the nuv frameheader is already skipped
and the (decompressed) RTjpeg header is checked.
This reverts commit
f6afacdb3b708720c9fb85984b4f7fdbca2b2036.
CC: libav-stable@libav.org
(cherry picked from commit
110d015ad450ea1b2fd40f0e9ce1c53507cdec5d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Sun, 16 Sep 2012 06:33:09 +0000 (08:33 +0200)]
bmpdec: only initialize palette for pal8.
Gray8 is not considered to be paletted, so this would cause an invalid
write.
Fixes bug 367.
CC: libav-stable@libav.org
(cherry picked from commit
8b78c2969a5b7dca939d93bf525aa2bcd737b5d9)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Reimar Döffinger [Thu, 5 Jan 2012 20:01:56 +0000 (21:01 +0100)]
sipr: fall back to setting mode based on bit_rate.
Not all applications (e.g. MPlayer) set block_align, and
when using a different demuxer it might not even be
easily available.
So fall back to selecting mode based on bit rate as before
if block_align has not useful value.
It can't be worse than failing to decode completely.
(cherry picked from commit
1d0d63052b82c76e10c45cd38cdd27677de72e81)
CC: libav-stable@libav.org
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
c54e00610f20d2342fe9b17a5460abfbd411c8fb)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Kostya Shishkov [Thu, 27 Sep 2012 17:25:06 +0000 (19:25 +0200)]
vc1dec: add flush function for WMV9 and VC-1 decoders
CC: libav-stable@libav.org
(cherry picked from commit
4dc8c8386eef942dba35c4f2fb3210e22b511a5b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Reimar Döffinger [Mon, 30 Apr 2012 20:48:42 +0000 (22:48 +0200)]
avconv: fix parsing of -force_key_frames option.
Currently it always exits with an error when more than
one position is specified.
CC: libav-stable@libav.org
(cherry picked from commit
4c679750cb4cb112c19f862bd733bf6660a935bd)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Anton Khirnov [Fri, 22 Jun 2012 12:36:27 +0000 (14:36 +0200)]
avconv: fix -force_key_frames
parse_forced_keyframes() relies in encoder timebase being set, so call
it from transcode_init() after it is known.
Conflicts:
avconv.c
(cherry picked from commit
19ad567311b29a42e308317b5329218c590afac8)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Mans Rullgard [Wed, 30 May 2012 03:06:00 +0000 (04:06 +0100)]
mov: set AVCodecContext.width/height for h264
This is required for correct cropping of files from Canon
cameras.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit
8aa93e900449c88c3169ff5636fed03f41779cac)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Mans Rullgard [Wed, 30 May 2012 03:04:54 +0000 (04:04 +0100)]
h264: allow cropping to AVCodecContext.width/height
Override the frame size from the SPS with AVCodecContext values
if the latter specify a size smaller by less than one macroblock.
This is required for correct cropping of MOV files from Canon cameras.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit
30f515091c323da59c0f1b533703dedca2f4b95d)
Conflicts:
libavcodec/h264.c
Ronald S. Bultje [Wed, 8 Feb 2012 18:16:41 +0000 (10:16 -0800)]
cmdutils: update copyright year to 2012.
Reinhard Tartler [Tue, 29 May 2012 20:59:43 +0000 (22:59 +0200)]
Update Changelog for the 0.8.3 Release
Reinhard Tartler [Tue, 29 May 2012 20:56:46 +0000 (22:56 +0200)]
Prepare for 0.8.3 Release
Ronald S. Bultje [Fri, 4 May 2012 23:06:26 +0000 (16:06 -0700)]
ea: check chunk_size for validity.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
273e6af47b38391f2bcc157cca0423fe7fcbf55c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Ronald S. Bultje [Wed, 2 May 2012 17:58:55 +0000 (10:58 -0700)]
png: check bit depth for PAL8/Y400A pixel formats.
Wrong bit depth can lead to invalid rowsize values, which crashes the
decoder further down.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
d2205d6543881f2e6fa18c8a354bbcf91a1235f7)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Ronald S. Bultje [Wed, 2 May 2012 16:12:46 +0000 (16:12 +0000)]
qdm2: clip array indices returned by qdm2_get_vlc().
Prevents subsequent overreads when these numbers are used as indices
in arrays.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit
64953f67f98da2e787aeb45cc7f504390fa32a69)
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Conflicts:
libavcodec/qdm2.c
Michael Niedermayer [Mon, 19 Dec 2011 03:13:37 +0000 (04:13 +0100)]
tqi: Pass errors from the MB decoder
This silences some valgrind warnings.
CC: libav-stable@libav.org
Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794
Bug found by: Oana Stratulat
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit
f85334f58e1286287d0547a49fa9c93b40cbf48f)
(cherry picked from commit
90290a5150e84fb138ccde57657dc03830f08c1c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Alexander Strange [Sat, 24 Mar 2012 21:32:14 +0000 (17:32 -0400)]
h264: Add check for invalid chroma_format_idc
Fixes a crash when FF_DEBUG_PICT_INFO is used.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit
6ef4063957aa5025c8d2cd757b6a537e4b6874df)
Fixes: CVE-2012-0851
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Michael Niedermayer [Fri, 17 Feb 2012 21:35:10 +0000 (13:35 -0800)]
h263dec: Disallow width/height changing with frame threads.
Fixes CVE-2011-3937
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
71db86d53b5c6872cea31bf714a1a38ec78feaba)
Conflicts:
libavcodec/h263dec.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Reinhard Tartler [Fri, 4 May 2012 20:59:01 +0000 (22:59 +0200)]
Update Changelog for the 0.8.2 Release
Reinhard Tartler [Fri, 4 May 2012 20:40:37 +0000 (22:40 +0200)]
Prepare for 0.8.2 Release
Mans Rullgard [Mon, 23 Apr 2012 12:16:33 +0000 (13:16 +0100)]
vqavideo: return error if image size is not a multiple of block size
The decoder assumes in various places that the image size
is a multiple of the block size, and there is no obvious
way to support odd sizes. Bailing out early if the header
specifies a bad size avoids various errors later on.
Fixes CVE-2012-0947.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit
58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Alex Converse [Fri, 4 May 2012 17:27:03 +0000 (10:27 -0700)]
celp filters: Do not read earlier than the start of the 'out' vector.
CC: libav-stable@libav.org
(cherry picked from commit
37ddd3833219fa7b913fff3f5cccc6878b047e6b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Alex Converse [Wed, 2 May 2012 19:08:03 +0000 (12:08 -0700)]
motionpixels: Clip YUV values after applying a gradient.
Prevents illegal reads on truncated and malformed input.
CC: libav-stable@libav.org
(cherry picked from commit
b5da848facd41169283d7bfe568b83bdfa7fc42e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Ronald S. Bultje [Wed, 14 Mar 2012 00:18:41 +0000 (17:18 -0700)]
jpeg: handle progressive in second field of interlaced.
Progressive data is allocated later in decode_sof(), not allocating
that data leads to NULL dereferences.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
5eec5a79da118170f3cfe185a862783d3fa50abe)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Ronald S. Bultje [Thu, 29 Mar 2012 19:24:10 +0000 (12:24 -0700)]
h263: more strictly forbid frame size changes with frame-mt.
Prevents crashes because the old check was incomplete.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit
2d22d4307dcc1461f39a2ffb9c8db6c6b23fd080)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Ronald S. Bultje [Thu, 29 Mar 2012 23:37:09 +0000 (16:37 -0700)]
h264: additional protection against unsupported size/bitdepth changes.
Fixes crashes in codepaths not covered by original checks.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit
732f9fcfe54fc9a0a7bbce53fe86b38744c2d301)
Conflicts:
libavcodec/h264.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
projects / platform / upstream / libav.git / log