FFmpeg

Commit Graph

Author	SHA1	Message	Date
Janne Grunau	5933af562e	motionpixels: decode only the 111 complete frames for fate Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `c2f2dfb3dd`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `90d7146511`) Conflicts: tests/fate.mak tests/ref/fate/motionpixels Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	1156f07c6a	kgv1dec: Increase offsets array size so it is large enough. Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `807a045ab7`) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `a02e8df973`) (cherry picked from commit `d5f2382d03`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `a0b65938b7`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Alex Converse	6ca010f209	mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `b57d262412`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `083a8a0037`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `6ae95a0b93`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	224025d852	atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `c509f4f747`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `f43b6e2b1e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `f728ad26f0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Alex Converse	a8f4db0acd	dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `2d1c0dea5f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `00fa6ffe1a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	b46141b0d1	dv: Fix null pointer dereference due to ach=0 dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `5a396bb3a6`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `44e182d41e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	38421f27b3	dv: check stype dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `635bcfccd4`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `bb737d381f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Alex Converse	3253dd2b42	nsvdec: Propagate errors Related to CVE-2011-3940. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `c898431ca5`) Conflicts: libavformat/nsvdec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `0100c4b1b0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Alex Converse	87007519c8	nsvdec: Be more careful with av_malloc(). Check results for av_malloc() and fix an overflow in one call. Related to CVE-2011-3940. Based in part on work from Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `8fd8a48263`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `be524c186b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	1edf848a81	nsvdec: Fix use of uninitialized streams. Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write) Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5c011706bc`) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `6a89b41d97`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `65beb8c117`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Anton Khirnov	f70c720d42	id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit `ddb4431208`) Conflicts: libavformat/id3v2.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Reinhard Tartler	62c4739348	Release notes and changelog for 0.6.5	14 years ago
Reinhard Tartler	7efa13b4b4	Bump version number for 0.6.5 release.	14 years ago
Chris Evans	a5e0afe3c9	vorbis: An additional defense in the Vorbis codec. Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `afb2aa5379`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `b0283ccb9e`) Conflicts: libavcodec/vorbis_dec.c	14 years ago
Reinhard Tartler	42f0a66968	vorbisdec: Fix decoding bug with channel handling Fixes Bug: #191 Chromium Bug: #101458 CVE-2011-3895 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `e6d527ff72`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `97f23c72a3`) Conflicts: libavcodec/vorbis_dec.c	14 years ago
Chris Evans	90a4a46747	matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() Fixes bug #190 Chromium bug #100492 related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry-picked from commit `faaec4676c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `1f625431e2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Chris Evans	6d6254ba9f	vorbis: Avoid some out-of-bounds reads Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `57cd6d7095`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `4a94678f1b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Janne Grunau	ae24b5ce3a	vp3: fix streams with non-zero last coefficient Fixes a regression introduced in `8b94df0f20`. (cherry picked from commit `9b4767e478`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `82a11fcff2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Ronald S. Bultje	c9c7db0af2	vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit `8370e426e4`) Fixes: #189 Chromium-Bug: 101172,100465 CVE-2011-3892 Removed the parts that are related to multi-threading, which is not included before 0.7. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c624935554`) Conflicts: libavcodec/vp3.c	14 years ago
Reinhard Tartler	6b156c4563	Release notes and changelog for 0.6.4	14 years ago
Reinhard Tartler	dbe7e209df	Bump version number for 0.6.4 release.	14 years ago
Justin Ruggles	cfb9b47a1e	qdm2: check output buffer size before decoding (cherry picked from commit `7d49f79f1c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `7347205351`) Conflicts: libavcodec/qdm2.c	14 years ago
Baptiste Coudurier	b26c1a8b7e	Fix qdm2 decoder packet handling to match the api Originally committed as revision 25767 to svn://svn.ffmpeg.org/ffmpeg/trunk	15 years ago
Shitiz Garg	ccd2ca0246	4xm: Add a check in decode_i_frame to prevent buffer overreads Fixes bugzilla #135 Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `355d917c0b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `d912a30c7d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Justin Ruggles	92b964969b	wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. The initial values are not checked against the number of block sizes. Initializing them to frame_len_bits will result in a block size index of 0 in these cases instead of something that might be out-of-range. Fixes Bug 81. (cherry picked from commit `05d1e45d1f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `8dba5608dc`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Reinhard Tartler	ca87ec53e9	swscale: #include "libavutil/mathematics.h" this file uses the M_PI macro since 4e74187db2f5db52f88729efc662df9d6bc763e1, so include the correct header directly. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `5089ce1b5a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `851098c9e0`) Conflicts: libswscale/utils.c	14 years ago
Reinhard Tartler	bd071de29a	vp3dec: Check coefficient index in vp3_dequant() Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes NGS00145, CVE-2011-4352 Found-by: Phillip Langlois Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `8b94df0f20`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `bba709214a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	8ddc0b491d	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `6e24b9488e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `0eca0da06e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Thierry Foucu	94aacaf508	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `e0966eb140`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `ba4b08b789`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Alex Converse	8d68083298	vp6: Fix illegal read. (cherry picked from commit `2a6eb06254`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `67a7ed623b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	e28bb18fdc	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `a72cad0a6c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c76505e0de`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	a62779d986	vp6: Check for huffman tree build errors Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `066fff755a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `30c08e2261`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Dustin Brody	201fcfb894	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `f913eeea43`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `7367cbec1b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	8856c4c5c9	Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `5a19acb17c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `0d93d5c461`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	0f7bf1786e	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `291d74a46d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `a31ccacb1a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	b99366faef	vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `494cfacdb9`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	da0900e8bb	rv34: Check for invalid slice offsets Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `4cc7732386`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `2bbb142a14`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	d5551d7884	rv34: Fix potential overreads Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `b4ed3d78cb`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `b4a1bf0bbf`) Conflicts: libavcodec/rv34.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	35f1888585	rv34: Avoid NULL dereference on corrupted bitstream rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `d0f6ab0298`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	7cd7461ec8	rv10: Reject slices that does not have the same type as the first one This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `4a29b47186`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `28d948ac44`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	23f622de60	oggdec: fix out of bound write in the ogg demuxer Between ogg_save() and ogg_restore() calls, the number of streams could have been reduced. Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit `0e7efb9d23`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `a3d471e500`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	19a99b6e6b	smacker: fix a few off by 1 errors stereo & 16bit is untested due to lack of samples Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `5166376f24`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `78cd2e18a4`) Conflicts: libavcodec/smacker.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	117e04cdfa	Check for invalid VLC value in smacker decoder. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `6489455495`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	5d6fe49ac9	Check and propagate errors when VLC trees cannot be built in smacker decoder. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `9676ffba83`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	9f28eede5e	Fixed off by one packet size allocation in the smacker demuxer. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `a92d0fa5d2`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	6f70111e81	Check for invalid packet size in the smacker demuxer. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `e055932f56`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	4492523938	ape demuxer: fix segfault on memory allocation failure. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `273aab99bf`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `4ee014309c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	a97e82c487	Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit `393d5031c6`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Kostya Shishkov	f79f3a946f	smacker demuxer: handle possible av_realloc() failure. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `47a8589f7b`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `0b9b3570a3`) Conflicts: libavformat/smacker.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	5394cdf775	Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `8bfea4ab4e`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago

1 2 3 4 5 ...

24166 Commits (5933af562ea78b4be5d0cb0b7b7dcedd5aba6d7e) All Branches Search

24166 Commits (5933af562ea78b4be5d0cb0b7b7dcedd5aba6d7e)

All Branches