FFmpeg

Commit Graph

Author	SHA1	Message	Date
Michael Niedermayer	cc2580e6e9	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `4931c8f0f1`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `661ee45f88`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	4b0f8aed13	qdm2dec: fix buffer overflow. Fixes NGS00144 This also adds a few lines of code from master that are needed for this fix. Thanks to Phillip for suggestions to improve the patch. Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a6a61a6d1d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	2c8ac66456	qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `14db3af4f2`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8120a1d9bd`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	4f209fe960	cinepak: check strip_size Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `cea0c82d9b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `211a107208`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	037b1142cd	wma: Check channel number before init. Fixes Ticket240 Based on patch by ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `20431a9982`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Alex Converse	37cc48861d	vp5: Fix illegal read. Found with Address Sanitizer (cherry picked from commit `bb4b0ad83b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f62fa1ce9f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Thierry Foucu	0cd61bfa6d	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `e0966eb140`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8a63deab15`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	8bd374858f	resample: Fix array size Found-by: Jim Radford Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3e7db0a9ee`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `edf3c5a3eb`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	d39cc3c092	resample2: fix potential overflow Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a39b5e8b32`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	e124c3c298	resample: Fix overflow Found-by: Jim Radford Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `6ae93d0304`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	c603cf5170	qtrle: check for out of bound writes. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `7fb92be7e5`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a65045915f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	e1a46eff7a	qtrle: check for invalid line offset Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a4ed7c3fe9`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `67c46b9b30`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Justin Ruggles	58087a4e64	mpc7: return error if packet is too small. (cherry picked from commit `8290d1f38b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `490617b6ff`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Justin Ruggles	8d1fa1c97e	mpc7: check output buffer size before decoding (cherry picked from commit `c8b5c4d274`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `b833859daa`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	2eb5f77bc8	h264: do not let invalid values in h->ref_count after a decoder reset. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `0333d234b0`) (cherry picked from commit `f74d1c6de7`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	ddbbe500b0	h264: fix the check for invalid SPS:num_ref_frames. This patch set the limit to 16. For information, thoses previous commits: `41f7e2d11d` `5cbb0e70a0` assumed it was either 30 or 32. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `bcf881a685`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	d1a5b53ede	h264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reordering() errors. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `2428b53f6d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	8e6173c76a	Check for out of bound accesses in the 4xm decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `9c661e952f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	1a6f024520	Prevent block size from inreasing in the shorten decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `b399cbfba5`) (cherry picked from commit `55a96a984e`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	3699a46ed7	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `4a7876c6e4`) (cherry picked from commit `b08df314dc`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	635256a324	Fix out of bound writes in fix_bitshift() of the shorten decoder. The data pointers s->decoded[*] already take into account s->nwrap. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f42b3195d3`) (cherry picked from commit `107ea3057e`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	240546a185	Check for out of bounds writes in the Delphine Software International CIN decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3035c4034b`) (cherry picked from commit `6e774cf67e`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	07df40db6e	Check for invalid update parameters in vmd video decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e7aed1280e`) (cherry picked from commit `1ed90c84f6`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	b24c2e59fe	Release old pictures after a resolution change in vp5/6 decoder Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `dba20b8478`) (cherry picked from commit `c9c6e5f4e8`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	25bc1108c2	Check output buffer size in nellymoser decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `741ec30bd2`) (cherry picked from commit `533dbaa55b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	8ef917c033	check all svq3_get_ue_golomb() returns. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `979bea1300`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	1883249be3	rv34: check for size mismatch Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `35f38b3ab9`) (cherry picked from commit `ed9e561490`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Alex Converse	9463a28792	Fix ff_imdct_calc_sse() on gcc-4.6 Gcc 4.6 only preserves the first value when using an array with an "m" constraint. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `770c410fbb`) Conflicts: libavcodec/x86/fft_sse.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	15 years ago
Michael Niedermayer	38423fe0b7	smacker: add forgotten * found by fenrir Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f98edc73c5`)	14 years ago
Kostya Shishkov	d8439f0452	rv34: check that subsequent slices have the same type as first one. This prevents some crashes when corrupted bitstream reports e.g. P-type slice in I-frame. Official RealVideo decoder demands all slices to be of the same type too. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `23a1f0c592`)	14 years ago
Laurent Aimar	eb6b0ed8be	Fixed invalid read access on extra data in cinepak decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `dc255275f6`)	14 years ago
Laurent Aimar	b261ebfd22	Fixed segfaults on corruped smacker streams in the decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `d07ac1853d`)	14 years ago
Laurent Aimar	03db051b43	Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `8bfea4ab4e`)	14 years ago
Laurent Aimar	cc885682e3	Fixed deference of NULL pointer in motionpixels decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `824f98f442`)	14 years ago
Chris Rankin	1415ebf031	qcelpdec: fix the return value of qcelp_decode_frame(). (cherry picked from commit `04c13dca88`)	14 years ago
Reimar Döffinger	4e0315b30e	Check extradata size on resolution change. Ignore resolution change if resolution not defined in extradata. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> (cherry picked from commit `09c5f990bc`)	14 years ago
Laurent Aimar	a9ded3d272	rv34: Check for invalid slice offsets Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `4cc7732386`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Laurent Aimar	ef93642aac	rv34: Avoid NULL dereference on corrupted bitstream rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `d0f6ab0298`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Laurent Aimar	9cda3d7915	rv10: Reject slices that does not have the same type as the first one This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `4a29b47186`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Laurent Aimar	f936799f0b	Check for invalid VLC value in smacker decoder. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `6489455495`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Laurent Aimar	f6d3dfe78b	Check and propagate errors when VLC trees cannot be built in smacker decoder. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `9676ffba83`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Alex Converse	7cb35d4954	cljr: init_get_bits size in bits instead of bytes (cherry picked from commit `0c1f5b93d9`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Alex Converse	457f869b73	indeo2: fail if input buffer too small (cherry picked from commit `b7ce4f1d1c`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Alex Converse	70f01f1262	indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit `68ca330cbd`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	14 years ago
Michael Niedermayer	80fb9f2c57	cavsdec: avoid possible crash with crafted input Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `9f06c1c61e`)	14 years ago
Carl Eugen Hoyos	46f9a6203a	Fix possible double free when encoding using xvid. (cherry picked from commit `315f0e3fd8`)	14 years ago
Mans Rullgard	04888edef3	cavs: fix some crashes with invalid bitstreams This removes all valgrind-reported invalid writes with one specific test file. Fixes http://www.ocert.org/advisories/ocert-2011-002.html Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `4a71da0f3a`) Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	8210ee22e2	AMV: Fix possibly exploitable crash. Reported-at: Thu, 21 Apr 2011 14:38:25 +0000 Reported-by: Dominic Chell <Dominic.Chell@ngssecure.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	15 years ago
Michael Niedermayer	eed5697f99	mjpeg: Detect overreads in mjpeg_decode_scan() and error out. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rbultje@google.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	15 years ago
Kostya Shishkov	808f9ce727	Call avcodec_set_dimensions() instead of simply setting avctx->width/height when frame dimensions change in RV3/4. Originally committed as revision 20595 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `d90aeeaf56`)	16 years ago

1 2 3 4 5 ...

9064 Commits (n0.5.6)