FFmpeg

Commit Graph

Author	SHA1	Message	Date
Michael Niedermayer	a55db1fc49	dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `73089eccd3`)	14 years ago
Michael Niedermayer	96c6b3a11c	h261: check mtype. Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `ec3cd74f2d`)	14 years ago
Mans Rullgard	468cc41d6d	vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `58b2e0f0f2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `d5207e2af8`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c71c77e56f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c90da45d5a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Alex Converse	6c9b404dba	motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit `b5da848fac`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `aaa6a66677`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `50073e2395`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `2134e7f6e8`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	13 years ago
Alex Converse	b2ac7e585e	mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `b57d262412`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `083a8a0037`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `6ae95a0b93`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `6ca010f209`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	8bb3ba5541	atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `c509f4f747`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `f43b6e2b1e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `f728ad26f0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `224025d852`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	f13de3c653	atrac3: Fix crash in tonal component decoding. Fixes Ticket780 Bug Found by: cosminamironesei Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `9af6abdc17`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Chris Evans	6b01bcebb9	vorbis: An additional defense in the Vorbis codec. Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `afb2aa5379`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `b0283ccb9e`) Conflicts: libavcodec/vorbis_dec.c (cherry picked from commit `a5e0afe3c9`) Conflicts: libavcodec/vorbis_dec.c	14 years ago
Reinhard Tartler	efd453d82d	vorbisdec: Fix decoding bug with channel handling Fixes Bug: #191 Chromium Bug: #101458 CVE-2011-3895 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `e6d527ff72`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `97f23c72a3`) Conflicts: libavcodec/vorbis_dec.c (cherry picked from commit `42f0a66968`) Conflicts: libavcodec/vorbis_dec.c	14 years ago
Chris Evans	665421f3b1	vorbis: Avoid some out-of-bounds reads Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `57cd6d7095`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `4a94678f1b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `6d6254ba9f`) Conflicts: libavcodec/vorbis.c	14 years ago
Ronald S. Bultje	3eb6983dbc	vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit `8370e426e4`) Fixes: #189 Chromium-Bug: 101172,100465 CVE-2011-3892 Removed the parts that are related to multi-threading, which is not included before 0.7. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c624935554`) Conflicts: libavcodec/vp3.c (cherry picked from commit `c9c7db0af2`) Conflicts: libavcodec/vp3.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Michael Niedermayer	110aff4b24	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `6e24b9488e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `0eca0da06e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `8ddc0b491d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	4a1c3df592	vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `494cfacdb9`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `b99366faef`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Dustin Brody	185abfb218	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `f913eeea43`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `7367cbec1b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `201fcfb894`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Vitor Sessak	280590e338	Plug some memory leaks in the VP6 decoder Originally committed as revision 22172 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `0a41faa9a7`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	16 years ago
Laurent Aimar	9767ea7aa7	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `a72cad0a6c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c76505e0de`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `e28bb18fdc`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Thierry Foucu	771ceb19f2	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `e0966eb140`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `ba4b08b789`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `94aacaf508`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Alex Converse	7739947671	vp6: Fix illegal read. (cherry picked from commit `2a6eb06254`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `67a7ed623b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `8d68083298`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	8abf1d882e	Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `5a19acb17c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `0d93d5c461`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Laurent Aimar	1a53095406	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `291d74a46d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `a31ccacb1a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Justin Ruggles	60eebf5c12	qdm2: check output buffer size before decoding (cherry picked from commit `7d49f79f1c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `7347205351`) Conflicts: libavcodec/qdm2.c (cherry picked from commit `cfb9b47a1e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	14 years ago
Baptiste Coudurier	30ee6c1995	Fix qdm2 decoder packet handling to match the api Originally committed as revision 25767 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `b26c1a8b7e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	15 years ago
Michael Niedermayer	cc2580e6e9	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `4931c8f0f1`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `661ee45f88`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	4b0f8aed13	qdm2dec: fix buffer overflow. Fixes NGS00144 This also adds a few lines of code from master that are needed for this fix. Thanks to Phillip for suggestions to improve the patch. Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a6a61a6d1d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	2c8ac66456	qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `14db3af4f2`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8120a1d9bd`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	4f209fe960	cinepak: check strip_size Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `cea0c82d9b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `211a107208`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	037b1142cd	wma: Check channel number before init. Fixes Ticket240 Based on patch by ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `20431a9982`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Alex Converse	37cc48861d	vp5: Fix illegal read. Found with Address Sanitizer (cherry picked from commit `bb4b0ad83b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f62fa1ce9f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Thierry Foucu	0cd61bfa6d	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `e0966eb140`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8a63deab15`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	8bd374858f	resample: Fix array size Found-by: Jim Radford Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3e7db0a9ee`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `edf3c5a3eb`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	d39cc3c092	resample2: fix potential overflow Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a39b5e8b32`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	e124c3c298	resample: Fix overflow Found-by: Jim Radford Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `6ae93d0304`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	c603cf5170	qtrle: check for out of bound writes. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `7fb92be7e5`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a65045915f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	e1a46eff7a	qtrle: check for invalid line offset Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `a4ed7c3fe9`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `67c46b9b30`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Justin Ruggles	58087a4e64	mpc7: return error if packet is too small. (cherry picked from commit `8290d1f38b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `490617b6ff`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Justin Ruggles	8d1fa1c97e	mpc7: check output buffer size before decoding (cherry picked from commit `c8b5c4d274`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `b833859daa`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	2eb5f77bc8	h264: do not let invalid values in h->ref_count after a decoder reset. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `0333d234b0`) (cherry picked from commit `f74d1c6de7`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	ddbbe500b0	h264: fix the check for invalid SPS:num_ref_frames. This patch set the limit to 16. For information, thoses previous commits: `41f7e2d11d` `5cbb0e70a0` assumed it was either 30 or 32. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `bcf881a685`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	d1a5b53ede	h264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reordering() errors. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `2428b53f6d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	8e6173c76a	Check for out of bound accesses in the 4xm decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `9c661e952f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	1a6f024520	Prevent block size from inreasing in the shorten decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `b399cbfba5`) (cherry picked from commit `55a96a984e`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	3699a46ed7	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `4a7876c6e4`) (cherry picked from commit `b08df314dc`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	635256a324	Fix out of bound writes in fix_bitshift() of the shorten decoder. The data pointers s->decoded[*] already take into account s->nwrap. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f42b3195d3`) (cherry picked from commit `107ea3057e`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	240546a185	Check for out of bounds writes in the Delphine Software International CIN decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3035c4034b`) (cherry picked from commit `6e774cf67e`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	07df40db6e	Check for invalid update parameters in vmd video decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e7aed1280e`) (cherry picked from commit `1ed90c84f6`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	b24c2e59fe	Release old pictures after a resolution change in vp5/6 decoder Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `dba20b8478`) (cherry picked from commit `c9c6e5f4e8`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Laurent Aimar	25bc1108c2	Check output buffer size in nellymoser decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `741ec30bd2`) (cherry picked from commit `533dbaa55b`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	8ef917c033	check all svq3_get_ue_golomb() returns. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `979bea1300`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Michael Niedermayer	1883249be3	rv34: check for size mismatch Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `35f38b3ab9`) (cherry picked from commit `ed9e561490`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	14 years ago
Alex Converse	9463a28792	Fix ff_imdct_calc_sse() on gcc-4.6 Gcc 4.6 only preserves the first value when using an array with an "m" constraint. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `770c410fbb`) Conflicts: libavcodec/x86/fft_sse.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	15 years ago

1 2 3 4 5 ...

9090 Commits (n0.5.9)