Ignore resolution change if resolution not defined in extradata.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 09c5f990bc)
rv34_decode_slice() can return without allocating any pictures.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d0f6ab0298)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents crashes with some corrupted bitstreams.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4a29b47186)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/release/0.5:
Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.
cavs: fix some crashes with invalid bitstreams
mjpeg: Detect overreads in mjpeg_decode_scan() and error out.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68)
Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77d2ef13a8)
NB: MSVR-11-0080 doesn't seem to exist. This issue seems to be known
as MSVR11-011 instead.
Fixes: CVE-2011-3504
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This removes all valgrind-reported invalid writes with one
specific test file.
Fixes http://www.ocert.org/advisories/ocert-2011-002.html
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 4a71da0f3a)
Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Ronald S. Bultje <rbultje@google.com>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
when frame dimensions change in RV3/4.
Originally committed as revision 20595 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit d90aeeaf56)
private in dv.c for some reason). See "[PATCH] get_bits_left()" thread.
Originally committed as revision 20490 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit c47ca25e74)
Fixes issue 2322.
Originally committed as revision 25591 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 3dde66752d)
Addresses: CVE-2010-4704
New max size is 16bit * 4 samples (RGBA).
Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 445f0a8b66)
Addresses: CVE-2010-3908
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This improves performance on e.g. seekable http.
backport r24280 by mstorsjo
Originally committed as revision 24428 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
Laurent Aimar
Chris Rankin
Reimar Döffinger
Alex Converse
Michael Niedermayer
Carl Eugen Hoyos
Mans Rullgard
Reinhard Tartler
Kostya
Diego Biurrun
Reinhard Tartler
Ronald S. Bultje
Frank Barchard
Jason Garrett-Glaser
Janne Grunau