FFmpeg

Author	SHA1	Message	Date
Janne Grunau	f695be22d8	nuv: check RTjpeg header for validity CC: libav-stable@libav.org (cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 6704522ca9dd32c858ee474492be568c386910f9) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit f31170d4e7f9671e019315391160d454b18d7296) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 459feb7cce03af7154c098171fc9d36fc9d472f6) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:34:04 +02:00
Kostya Shishkov	9125aa9218	vc1dec: add flush function for WMV9 and VC-1 decoders CC: libav-stable@libav.org (cherry picked from commit 4dc8c8386eef942dba35c4f2fb3210e22b511a5b) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 02b72394627933dc8ce26445231a69f00dba491b) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 0173a7966b331105158a88f96b9afcc431d2fef8) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit aa4121276777b20eaaa83bf9bd544b00748c865c) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:33:49 +02:00
Reinhard Tartler	5a9588b088	png: check bit depth for PAL8/Y400A pixel formats. Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b8d6ba9d50e80fdce2ed74cdaffd4960df8a21c5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 33f93005f1a86c108302b4c5978aa1a3d8e092cc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4c8c2660bd9252775c9a1dc2e2f36cb34718595a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/pngdec.c	2012-06-03 19:35:50 +02:00
Michael Niedermayer	02cd93f4ad	tqi: Pass errors from the MB decoder This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5872580e65aab026b77754eb184f97ba7cc6ea35) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2f2fd8c6d1c51a6b817e6c0bc4eff308b8f9cd18) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c3edce42704142f4c66954e9f24d7fbf0e5ae423) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Reimar Döffinger	f8a31e2113	eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c Originally committed as revision 18927 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 1eda87ce6366189eebf9956f826dfd92d9e64d9c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Ronald S. Bultje	ae6c57859c	qdm2: clip array indices returned by qdm2_get_vlc(). Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c	2012-06-02 19:25:57 -04:00
Alex Converse	5629c39101	kmvc: Check palsize. Fixes: CVE-2011-3952 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Based on fix by Michael Niedermayer (cherry picked from commit 386741f887714d3e46c9e8fe577e326a7964037b) (cherry picked from commit 416849f2e06227b1b4a451c392f100db1d709a0c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e7392dc349291eb94379d8cfb7ef73d32a768858) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Janne Grunau	7867cbaf6c	adpcm: ADPCM Electronic Arts has always two channels Fixes half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Adresses CVE-2012-0852 (cherry picked from commit bb5b3940b08d8dad5b7e948e8f3b02cd2eb70716) Conflicts: libavcodec/adpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b581580bd1cc8506befa65b0a5c9ae429240f21f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a0f58c3a605b8123039628d1598cb36f1da0e815) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Alexander Strange	0bf8e22cdb	h264: Add check for invalid chroma_format_idc Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef4063957aa5025c8d2cd757b6a537e4b6874df) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 47132345184dc3d0ff962a57a1225564fe979548) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c5f7c755cfccd7aa01010a2d566104c2b0fa6d86) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 00d2c432581cf61326973a1a48f2e63690b65515)	2012-05-28 23:46:08 +02:00
Alex Converse	7944a87ba8	dpcm: ignore extra unpaired bytes in stereo streams. Fixes: CVE-2011-3951 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit ce7aee9b733134649a6ce2fa743e51733f33e67e) (cherry picked from commit eaeaeb265fe46e1d81452960de918227541873b4) Conflicts: libavcodec/dpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1ce9c93198fc997e8f23934a78e2937af670e4e9) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 41f1f146c9e29dde63e293078819474c9b8111a1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Mans Rullgard	468cc41d6d	vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit d5207e2af81580dd5e6277b354c8b459c3624f26) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c71c77e56fcc6d469d45e1c8ce04aa053124d3f8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c90da45d5a7a4045dbf22fba52c63ef55d207269) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:34:07 +02:00
Alex Converse	6c9b404dba	motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit aaa6a666774eb02c351c84e80622a5c69e9b642e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 50073e2395522b6e2b8698ff0dd06ffaf8cbf8ce) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2134e7f6e88959513ba1713ad6fd7a7c8d5a0f41) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:33:49 +02:00
Alex Converse	b2ac7e585e	mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 083a8a00373b12dc06b8ae4c49eec61fb5e55f4b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6ae95a0b93e8df15fe5f364535a7214be0817736) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6ca010f20965ef71d97a53e871edae2eb9c05a5f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:42:28 +02:00
Michael Niedermayer	8bb3ba5541	atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f43b6e2b1ed47a1254a5d44c700a7fad5e9784be) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f728ad26f0ec87650d2986a892785c0e2b97d161) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 224025d852dcc42f752c0922fef7121808d1e42f) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:42:10 +02:00
Chris Evans	6b01bcebb9	vorbis: An additional defense in the Vorbis codec. Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit afb2aa537954db537d54358997b68f46561fd5a7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b0283ccb9e8945ce9e56f7c6ba0c676e7179d7a3) Conflicts: libavcodec/vorbis_dec.c (cherry picked from commit a5e0afe3c936220a793db0cdae04bb228f1904e0) Conflicts: libavcodec/vorbis_dec.c	2012-01-08 09:49:19 +01:00
Reinhard Tartler	efd453d82d	vorbisdec: Fix decoding bug with channel handling Fixes Bug: #191 Chromium Bug: #101458 CVE-2011-3895 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e6d527ff729e42d80e4756cab779ff4ad693631b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 97f23c72a3815739ab28e297ce60f943349f6939) Conflicts: libavcodec/vorbis_dec.c (cherry picked from commit 42f0a6696889ba275aa2087b57fa99f7a97033a0) Conflicts: libavcodec/vorbis_dec.c	2012-01-08 09:40:38 +01:00
Chris Evans	665421f3b1	vorbis: Avoid some out-of-bounds reads Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 57cd6d709565e84e84385f8f2a9641ca3fa718be) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4a94678f1be4b7d47f862e9523ca3358255da5d4) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6d6254ba9fbb22260939c06db1faed5bbd295ad4) Conflicts: libavcodec/vorbis.c	2012-01-07 22:15:53 +01:00
Ronald S. Bultje	3eb6983dbc	vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) Fixes: #189 Chromium-Bug: 101172,100465 CVE-2011-3892 Removed the parts that are related to multi-threading, which is not included before 0.7. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c624935554332f8921a15265b8720f0c7b3c8cc2) Conflicts: libavcodec/vp3.c (cherry picked from commit c9c7db0af2a0fc14764a07f0e61cebf11238e3c2) Conflicts: libavcodec/vp3.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 21:39:50 +01:00
Michael Niedermayer	110aff4b24	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6e24b9488e67849a28e64a8056e05f83cf439229) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 0eca0da06e40b73af495cc05fbcfaa030fcf78ea) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 8ddc0b491d3c9c11c1e3d638fda51b4b604d32f4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:20 +01:00
Laurent Aimar	4a1c3df592	vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b99366faef3a1ed4a34c9b37107f2c8c24702813) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:20 +01:00
Dustin Brody	185abfb218	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 7367cbec1b8cf0cbb49707fb0fdfded8ec397b0d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 201fcfb89482c6f73d6b679a294aac8da9612bbd) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:20 +01:00
Vitor Sessak	280590e338	Plug some memory leaks in the VP6 decoder Originally committed as revision 22172 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 0a41faa9a77dc83d8d933e99f1ba902ecd146e79) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:19 +01:00
Laurent Aimar	9767ea7aa7	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit a72cad0a6c05aa74940101e937cb3dc602d7d67b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c76505e0dee0890e39636ddebd2707ab3ea5b8de) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e28bb18fdc894dfdc1befa9f5e748ccb649a8c76) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:17:42 +01:00
Thierry Foucu	771ceb19f2	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit ba4b08b78918f399f9c9524750b26e904d146078) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 94aacaf5083313378c6105bd71db04ce8f62c058) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:14:55 +01:00
Alex Converse	7739947671	vp6: Fix illegal read. (cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 67a7ed623b678a84c992dd7bf3e3d0329f83621b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 8d68083298e2481669de4db0b7b86c915119df6d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:14:41 +01:00
Laurent Aimar	8abf1d882e	Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 0d93d5c4614fafea74bdac681673f5b32eb49063) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:07:49 +01:00
Laurent Aimar	1a53095406	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 291d74a46d32183653db07818c7b3407fd50a288) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:07:36 +01:00
Justin Ruggles	60eebf5c12	qdm2: check output buffer size before decoding (cherry picked from commit 7d49f79f1cd47783a963a757a6563b9cac29db62) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 73472053516f82b7d273a3d42c583f894077a191) Conflicts: libavcodec/qdm2.c (cherry picked from commit cfb9b47a1ecdc9e88e6561aa213d98245ee70267) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:06:10 +01:00
Baptiste Coudurier	30ee6c1995	Fix qdm2 decoder packet handling to match the api Originally committed as revision 25767 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit b26c1a8b7ed1a199b19f92bb5d62c61f1c149215) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:05:52 +01:00
Alex Converse	9463a28792	Fix ff_imdct_calc_sse() on gcc-4.6 Gcc 4.6 only preserves the first value when using an array with an "m" constraint. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 770c410fbb8e1b87ce8ad7f3d7eddaa55e2b8295) Conflicts: libavcodec/x86/fft_sse.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-11-05 11:29:12 +01:00
Mans Rullgard	04888edef3	cavs: fix some crashes with invalid bitstreams This removes all valgrind-reported invalid writes with one specific test file. Fixes http://www.ocert.org/advisories/ocert-2011-002.html Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 4a71da0f3ab7f5542decd11c81994f849d5b2c78) Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-11-02 21:14:57 +01:00
Michael Niedermayer	eed5697f99	mjpeg: Detect overreads in mjpeg_decode_scan() and error out. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rbultje@google.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-04-26 09:40:06 +02:00
Kostya Shishkov	808f9ce727	Call avcodec_set_dimensions() instead of simply setting avctx->width/height when frame dimensions change in RV3/4. Originally committed as revision 20595 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit d90aeeaf569e4a08c30b3d1d09c3cff3a86eb431)	2011-02-19 17:07:58 +01:00
Reimar Döffinger	8069e2f6fb	Fix invalid reads in VC1 decoder Patch discussed and taken from https://roundup.ffmpeg.org/issue2584 (cherry picked from commit 2bbec1eda46d907605772a8b6e8263caa4bc4c82) Change related to CVE-2011-0723	2011-02-19 17:07:57 +01:00
Ronald S. Bultje	f7494394ee	Make get_bits_left() available for use in libavcodec (was previously held private in dv.c for some reason). See "[PATCH] get_bits_left()" thread. Originally committed as revision 20490 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit c47ca25e74bbe465cdc8b99d4f6ab4f0ad5e4229)	2011-02-19 17:07:57 +01:00
Frank Barchard	329e816ed7	Check rangebits to avoid a possible crash. Fixes issue 2548 (and Chrome issue 68115 and unknown CERT issues). Originally committed as revision 26365 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 13184036a6b1b1d4b61c91118c0896e9ad4634c3) Addresses: CVE-2011-0480 Conflicts: libavcodec/vorbis_dec.c	2011-02-13 21:41:38 +01:00
Jason Garrett-Glaser	d6860fb653	Fix crashes in vorbis decoding found by zzuf Fixes issue 2322. Originally committed as revision 25591 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 3dde66752d59dfdd0f3727efd66e7202b3c75078) Addresses: CVE-2010-4704	2011-02-13 20:45:18 +01:00
Janne Grunau	11f6eebdd3	consolidate .gitignore patters into a single file Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net> (cherry picked from commit 2c3589bfda036c7827ded0bf38b16dfe7630bae1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-10 14:02:23 +01:00
Janne Grunau	9109a58867	convert svn:ignore properties to .gitignore files Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net> (cherry picked from commit 348b8218f7a59374355c966dbe3b851a7275f952) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-10 14:01:36 +01:00
Kostya Shishkov	44511b17cb	Update dimensions in AVCodecContext when RV3/4 frame dimensions change Originally committed as revision 20572 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit ec10d2d53999f6edf7d7b5ac88df263eccfb1fb0) Fixes heap corruption crashes Addresses: CVE-2011-0722 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-04 06:42:29 +01:00
Michael Niedermayer	48b086b0ef	Update safety check as the maximum pixel size is no longer 4. New max size is 16bit * 4 samples (RGBA). Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 445f0a8b666a34e6402f6ae96c6804c8bc024baa) Addresses: CVE-2010-3908 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-04 06:41:58 +01:00
Reinhard Tartler	2f504d7a90	Fix several security issues in flicvideo.c This fixes CVE-2010-3429 backport r25223 by michael Originally committed as revision 25325 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-10-03 14:51:50 +00:00
Reinhard Tartler	96ca078b22	Check validity of channels & samplerate. This may be security relevant. Based on 2 patches by chrome. backport r19975 by michael Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-03-24 19:35:30 +00:00
Reinhard Tartler	4fb58ecea8	bump LIBAVCODEC_VERSION_MICRO for addition of the lock manager API As discussed with Diego, we'll go for bumping micro in 0.5 and will consider adding a RELEASEVERSION macro for trunk and 0.6 seperatly Originally committed as revision 22087 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-27 10:01:45 +00:00
Reinhard Tartler	8e2149d7df	fix the remaining ogv segfaults from issue 1240. First commit: Make decode_init fail if the huffman tables are invalid and thus init_vlc fails. Otherwise this will crash during decoding because the vlc tables are NULL. Partially fixes ogv/smclock.ogv.1.101.ogv from issue 1240. backport r19355 by reimar Second commit: Add extra validation checks to ff_vorbis_len2vlc. They should not be necessary, but it seems like a reasonable precaution. r19374 by reimar Originally committed as revision 22076 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-26 14:32:27 +00:00
Reinhard Tartler	9d9f1ecfaa	Make sure we dont read over the end. Fixes issue1237. backport r19322 by michael Originally committed as revision 22074 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-26 10:56:46 +00:00
Reinhard Tartler	53b90bb25e	backport libx264.c from trunk now compiles with x264 API versions 65 up to 85 patch prepared by darkshikari Originally committed as revision 22042 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-24 22:40:10 +00:00
Reinhard Tartler	26f74e832b	cosmetics: K&R coding style, prettyprinting backported r20083 by diego This commit does not introduce functional changes. It was applied in order to faciliate reviewing the proposed libx264.c backport Originally committed as revision 21832 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-15 12:45:14 +00:00
Reinhard Tartler	9593c80062	Fix crash in MLP decoder due to integer overflow. Probably only DoS, init_get_bits sets buffer to NULL, thus causing a NULL-dereference directly after. backport r21426 by reimar Originally committed as revision 21759 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-11 21:03:30 +00:00
Reinhard Tartler	48b98cdc67	Make sure the block array is of the correct size. This might have been exploitable. backported r18393 by michael Originally committed as revision 21758 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-11 20:57:49 +00:00

1 2 3 4 5 ...

9045 Commits