FFmpeg

Commit Graph

Author	SHA1	Message	Date
Michael Niedermayer	d6a55ab016	Merge commit 'be209bdabb11c59de17220bdbf0bf9c9f7cc16f5' into release/0.10 * commit 'be209bdabb11c59de17220bdbf0bf9c9f7cc16f5': vf_pad: don't give up its own reference to the output buffer. libvorbis: use VBR by default, with default quality of 3 libvorbis: fix use of minrate/maxrate AVOptions h264: fix deadlocks on incomplete reference frame decoding. cmdutils: avoid setting data pointers to invalid values in alloc_buffer() avidec: return 0, not packet size from read_packet(). wmapro: prevent division by zero when sample rate is unspecified vc1dec: check that coded slice positions and interlacing match. alsdec: fix number of decoded samples in first sub-block in BGMC mode. alsdec: remove dead assignments alsdec: Fix out of ltp_gain_values read. alsdec: Check that quantized parcor coeffs are within range. alsdec: Check k used for rice decoder. Conflicts: avconv.c libavcodec/h264.c libavcodec/libvorbis.c libavformat/avidec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Michael Niedermayer	36487066ee	Merge commit '15c2e8027f4827018608badb1bff1294af1810e4' into release/0.10 * commit '15c2e8027f4827018608badb1bff1294af1810e4': wav: do not fail on empty INFO tags cavsdec: check for changing w/h. indeo4: update AVCodecContext width/height on size change avidec: use actually read size instead of requested size wmaprodec: check num_vec_coeffs for validity lagarith: check count before writing zeros. indeo3: fix out of cell write. indeo5: check tile size in decode_mb_info(). indeo5: prevent null pointer dereference on broken files indeo5dec: Make sure we have had a valid gop header. indeo4/5: check empty tile size in decode_mb_info(). ivi_common: make ff_ivi_process_empty_tile() static. Conflicts: libavcodec/indeo5.c libavformat/wav.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Michael Niedermayer	fe8243d7a9	Merge commit 'c5ec1908597824e93bbe20137ac9662f84f3cb07' into release/0.10 * commit 'c5ec1908597824e93bbe20137ac9662f84f3cb07': indeo: check for invalid motion vectors indeo: clear allocated band buffers indeo: track tile macroblock size factor out common decoding code for Indeo 4 and Indeo 5 indeo: check custom Huffman tables for errors dfa: improve boundary checks in decode_dds1() dfa: use more meaningful return codes dfa: add some checks to ensure that decoder won't write past frame end dfa: convert to bytestream2 API dfa: check that the caller set width/height properly. avsdec: Set dimensions instead of relying on the demuxer. ac3dec: ensure get_buffer() gets a buffer for the correct number of channels Conflicts: libavcodec/avs.c libavcodec/dfa.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Anton Khirnov	be209bdabb	vf_pad: don't give up its own reference to the output buffer. Conflicts: libavfilter/vf_pad.c Fixes Bug 245 Signed-off-by: Anton Khirnov <anton@khirnov.net>	13 years ago
Justin Ruggles	24025cc0b9	libvorbis: use VBR by default, with default quality of 3 (cherry picked from commit `147ff24a0e`) Conflicts: libavcodec/libvorbis.c Fixes a part of Bug 277 Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Justin Ruggles	5920d00d74	libvorbis: fix use of minrate/maxrate AVOptions - enable the options for audio encoding - properly check for user-set maxrate - use correct calling order in vorbis_encode_setup_managed() (cherry picked from commit `182d4f1f38`) Conflicts: libavcodec/libvorbis.c Fixes a part of Bug 277 Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Ronald S. Bultje	79fb7bc667	h264: fix deadlocks on incomplete reference frame decoding. If decoding a second complementary field, and the first was decoded in our thread, mark decoding of that field as complete. If decoding fails, mark the decoded field/frame as complete. Do not allow switching between field modes or field/frame mode between slices within the same field/frame. Ensure that two subsequent fields cover top/bottom (rather than top/frame, bottom/frame or such nonsense situations). Fixes various deadlocks when decoding samples with errors in reference frames. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `1e26a48fa2`) Fixes Bug 118 Conflicts: libavcodec/h264.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Anton Khirnov	141d4ed6c0	cmdutils: avoid setting data pointers to invalid values in alloc_buffer() Fixes bug 352. (cherry picked from commit `990450c5bf`) Conflicts: cmdutils.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	13 years ago
Anton Khirnov	5acd1c6561	avidec: return 0, not packet size from read_packet(). (cherry picked from commit `eeade678f0`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	13 years ago
Sean McGovern	a2d4d9f4fb	wmapro: prevent division by zero when sample rate is unspecified This fixes Bugzilla #327: Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit `3680b24351`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	13 years ago
Michael Niedermayer	3c55bf1201	vc1dec: check that coded slice positions and interlacing match. This fixes out of array writes. Addresses: CVE-2012-2796 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com> (cherry picked from commit `1100acbab2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Thilo Borgmann	dc5283dffc	alsdec: fix number of decoded samples in first sub-block in BGMC mode. Fixes CVE-2012-2790 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `66197988b1`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Mans Rullgard	c28e1c12ad	alsdec: remove dead assignments Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `4ca6d206d1`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Thilo Borgmann	c5f9c272e9	alsdec: Fix out of ltp_gain_values read. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `97f0efbfb8`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	0f81057c12	alsdec: Check that quantized parcor coeffs are within range. ALS spec: 11.6.3.1.1 Quantization and encoding of parcor coefficients ... In all cases the resulting quantized values ak are restricted to the range [-64,63]. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `5b051ec3bd`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	592ba67815	alsdec: Check k used for rice decoder. Values that fail this check will cause failure of decode_rice() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `23aae62c2c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Anton Khirnov	15c2e8027f	wav: do not fail on empty INFO tags Fixes Bug 379 CC: libav-stable@libav.org	13 years ago
Michael Niedermayer	be2dd2559f	Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: (23 commits) snow: Check mallocs at init vorbis: Validate that the floor 1 X values contain no duplicates. vorbisenc: check all allocations for failure indeo3: validate new frame size before resetting decoder lavfi: avfilter_merge_formats: handle case where inputs are same rv34: error out on size changes with frame threading rv34: Handle only complete frames in frame-mt. rv34: use AVERROR return values in ff_rv34_decode_frame() vlc/rl: Add ff_ prefix to the nonstatic symbols h263: Add ff_ prefix to nonstatic symbols alsdec: check opt_order. golomb: check remaining bits during unary decoding in get_ur_golomb_jpegls() lavf: don't segfault when a NULL filename is passed to avformat_open_input() mpegvideo: Don't use ff_mspel_motion() for vc1 imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt eval: fix swapping of lt() and lte() nuv: check RTjpeg header for validity Revert "nuv: check per-frame header for validity." bmpdec: only initialize palette for pal8. sipr: fall back to setting mode based on bit_rate. ... Conflicts: avconv.c libavcodec/dnxhddec.c libavcodec/golomb.h libavcodec/h263.h libavcodec/imgconvert.c libavcodec/mpegvideo_common.h libavcodec/mpegvideo_enc.c libavcodec/nuv.c libavcodec/rv34.c libavcodec/sipr.c libavcodec/vorbisdec.c libavcodec/vorbisenc.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	13 years ago
Michael Niedermayer	2051adbfa0	cavsdec: check for changing w/h. Our decoder does not support changing w/h. Fixes CVE-2012-2777 and CVE-2012-2784. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `c20a696306`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	2bc1e4fcb9	indeo4: update AVCodecContext width/height on size change Fixes CVE-2012-2787 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `b146d74730`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Anton Khirnov	0582b8e3ea	avidec: use actually read size instead of requested size Fixes CVE-2012-2788 (cherry picked from commit `0af49a63c7`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Michael Niedermayer	6744eee1e5	wmaprodec: check num_vec_coeffs for validity Fixes CVE-2012-2789 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `99f392a584`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	14bba214fa	lagarith: check count before writing zeros. Fixes CVE-2012-2793 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `b631e4ed64`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Anton Khirnov	1c8e2561b4	indeo3: fix out of cell write. Fixes CVE-2012-2776. CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `e4d4044339`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Michael Niedermayer	5c413648c1	indeo5: check tile size in decode_mb_info(). This prevents writing into a too small array if some parameters changed without the tile being reallocated. Fixes CVE-2012-2794 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `2d09cdbaf2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Janne Grunau	3efe6becc7	indeo5: prevent null pointer dereference on broken files Found by John Villamil <johnv@matasano.com> (cherry picked from commit `366ac22ea5`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	dc8371b2b1	indeo5dec: Make sure we have had a valid gop header. This prevents decoding happening on a half initialized context. Fixes CVE-2012-2779 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `891918431d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Anton Khirnov	0815d9174c	indeo4/5: check empty tile size in decode_mb_info(). This prevents writing into a too small array if some parameters changed without the tile being reallocated. Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2012-2800 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `ae3da0ae55`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Anton Khirnov	332555f660	ivi_common: make ff_ivi_process_empty_tile() static. It's not used outside of ivi_common.c (cherry picked from commit `5d2170c53b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Kostya Shishkov	c5ec190859	indeo: check for invalid motion vectors (cherry picked from commit `cf61aaaca1`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Kostya Shishkov	b561618014	indeo: clear allocated band buffers (cherry picked from commit `23ba1503f2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Kostya Shishkov	e0daa15a96	indeo: track tile macroblock size (cherry picked from commit `a6e4ac40a6`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Kostya Shishkov	911c250aef	factor out common decoding code for Indeo 4 and Indeo 5 (cherry picked from commit `aa372cf470`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Kostya Shishkov	965302c9f3	indeo: check custom Huffman tables for errors (cherry picked from commit `fe7a37c36f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Anton Khirnov	0c19855539	dfa: improve boundary checks in decode_dds1() Fixes CVE-2012-2798 CC:libav-stable@libav.org (cherry picked from commit `d05f72c754`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Kostya Shishkov	d0267ecf76	dfa: use more meaningful return codes (cherry picked from commit `fb5c1aaea6`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Kostya Shishkov	2281ac9ffd	dfa: add some checks to ensure that decoder won't write past frame end (cherry picked from commit `8099187e89`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Paul B Mahol	12941dbe2c	dfa: convert to bytestream2 API Protects from overreads. Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `29b0d94b43`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Anton Khirnov	9e575e54a0	dfa: check that the caller set width/height properly. Fixes CVE-2012-2786. (cherry picked from commit `ee715f49a0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Michael Niedermayer	9a76b7375e	avsdec: Set dimensions instead of relying on the demuxer. The decode function assumes that the video will have those dimensions. Fixes CVE-2012-2801 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `85f477935c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Justin Ruggles	d7de11260b	ac3dec: ensure get_buffer() gets a buffer for the correct number of channels If there is an error during frame parsing, but AVCodecContext.channels was changed and AC3DecodeContext.out_channels was set previously, the two may not match. Fixes CVE-2012-2802 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `56b6a43056`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Martin Storsjö	31bc3fb563	snow: Check mallocs at init Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `4d8516fdb1`) Conflicts: libavcodec/snow.c	13 years ago
Alex Converse	9aaaeba45c	vorbis: Validate that the floor 1 X values contain no duplicates. Duplicate values in this vector are explicitly banned by the Vorbis I spec and cause divide-by-zero crashes later on. (cherry picked from commit `ecf79c4d3e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Justin Ruggles	e46cf805b1	vorbisenc: check all allocations for failure (cherry picked from commit `be8d812c96`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Kostya Shishkov	d4f3abca6a	indeo3: validate new frame size before resetting decoder (cherry picked from commit `6de226a2b8`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Mina Nagy Zaki	e5f4e24942	lavfi: avfilter_merge_formats: handle case where inputs are same This fixes a double-free crash if lists are the same due to the two merge_ref() calls at the end of the (useless) merging that happens. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `11b6a82412`) Conflicts: libavfilter/formats.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Janne Grunau	b1ad5a21da	rv34: error out on size changes with frame threading Fixes CVE-2012-2772 (cherry picked from commit `cb7190cd2c`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Janne Grunau	90575bd7dd	rv34: Handle only complete frames in frame-mt. Correct handling of errors to prevent hags or crashes is very complex otherwise. The frame initializing is also moved from decode_slice() to decode_frame() for clarity. (cherry picked from commit `73ad4471a4`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	13 years ago
Janne Grunau	f695bd6016	rv34: use AVERROR return values in ff_rv34_decode_frame() Also adds an error message. (cherry picked from commit `29330721b0`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Martin Storsjö	8c0bbe5156	vlc/rl: Add ff_ prefix to the nonstatic symbols Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `e96b4a53df`) Conflicts: libavcodec/4xm.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago

1 2 3 4 5 ...

37555 Commits (d6a55ab016f0b2c8504ec9fe2387ac6c0ef55dfd) All Branches Search

37555 Commits (d6a55ab016f0b2c8504ec9fe2387ac6c0ef55dfd)

All Branches