summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | Prevent block size from inreasing in the shorten decoder.Laurent Aimar2011-11-061-2/+8
| | | | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b399cbfba5d901608c18e1a2d48a24c30541a634) (cherry picked from commit 55a96a984ec65736475a8577a158abc5c48fd50a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Check for out of bound writes in the QDM2 decoder.Laurent Aimar2011-11-061-0/+4
| | | | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4a7876c6e4e62e94d51e364ba99aae4da7671238) (cherry picked from commit b08df314dca6946ed644caacb9d3a533a054c0f6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Check for out of bound writes in the avs demuxer.Laurent Aimar2011-11-061-0/+2
| | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5d44c061cf511d97be5fac8d76be2f3915c6e798) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Check for corrupted data in avs demuxer.Laurent Aimar2011-11-061-0/+2
| | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1cce7def0a8eff2e7db294b7d195a0fb1a5043b0) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Fix out of bound writes in fix_bitshift() of the shorten decoder.Laurent Aimar2011-11-061-1/+1
| | | | | | | | | | | | | | | | | | | | The data pointers s->decoded[*] already take into account s->nwrap. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f42b3195d3f2692a4dfc0a8668bb4ac35301f2ed) (cherry picked from commit 107ea3057eb8de8a38c45c2f7181c42ea694b187) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Check for out of bounds writes in the Delphine Software International CIN ↵Laurent Aimar2011-11-061-0/+2
| | | | | | | | | | | | | | | | | | | | decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3035c4034b6af3ad47f921e3385196e1b9d44ddf) (cherry picked from commit 6e774cf67e6f30feb9b3dec11713d6b6dc0b521c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Check for invalid update parameters in vmd video decoder.Laurent Aimar2011-11-061-0/+10
| | | | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e7aed1280ea14b60fceae04d71dfd03e1daf2d04) (cherry picked from commit 1ed90c84f6ab75af91b08436cefb8ea464f8495b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Release old pictures after a resolution change in vp5/6 decoderLaurent Aimar2011-11-061-0/+10
| | | | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dba20b84784a7931b7eac50ced1d43e86801bde9) (cherry picked from commit c9c6e5f4e8680b7b7801dd6943590ae9cd6bfd89) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Check output buffer size in nellymoser decoder.Laurent Aimar2011-11-061-0/+3
| | | | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 741ec30bd2385f794efa9fafa84d39a917f2574e) (cherry picked from commit 533dbaa55b7d45d5ca76f9ed46f5690282f86ea9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | check all svq3_get_ue_golomb() returns.Michael Niedermayer2011-11-063-9/+12
| | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 979bea13003ef489d95d2538ac2fb1c26c6f103b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | rv34: check for size mismatchMichael Niedermayer2011-11-061-0/+4
| | | | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 35f38b3ab9d755aede5bce8abbe1cb9c07027f8a) (cherry picked from commit ed9e561490d70e317659f9e406c7920242e509eb) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Reject audio tracks with invalid interleaver parameters in RM demuxer.Laurent Aimar2011-11-061-4/+6
| | | | | | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4907f813581acd6cf68f1be9eb163464503e8208) (cherry picked from commit 24e0a9e451e1aae427307a919d78f6790f4e413c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer2011-11-066-16/+42
|\ \ | |/ | | | | | | | | | | | | | | | | | | * qatar/release/0.5: update version Release notes and changelog for 0.5.5 Fix ff_imdct_calc_sse() on gcc-4.6 Make DECLARE_ALIGNED macros work with external array specifiers Fix MMX rgb24 to yuv conversion with gcc 4.6 Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * update versionReinhard Tartler2011-11-051-1/+1
| |
| * Release notes and changelog for 0.5.5Reinhard Tartler2011-11-052-0/+27
| |
| * Fix ff_imdct_calc_sse() on gcc-4.6Alex Converse2011-11-051-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Gcc 4.6 only preserves the first value when using an array with an "m" constraint. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 770c410fbb8e1b87ce8ad7f3d7eddaa55e2b8295) Conflicts: libavcodec/x86/fft_sse.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * Make DECLARE_ALIGNED macros work with external array specifiersMåns Rullgård2011-11-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | The macro implementation might need the name of the variable being declared for compiler-specific syntax. Moving array specifiers outside the macro invocation allows this to work. Originally committed as revision 21363 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 8a24e98d506f0f44ec58e06291fa0fce703fb6a8) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * Fix MMX rgb24 to yuv conversion with gcc 4.6Mans Rullgard2011-11-051-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When built with gcc 4.6, the MMX rgb24 to yuv conversion gives wrong output. The compiler produces this warning: libswscale/swscale_template.c:1885:5: warning: use of memory input without lvalue in asm operand 4 is deprecated Changing the memory operand to a register makes it work. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit f344903ca5ce28a833fdd656bc1ed5b16d97e7e9) Conflicts: libswscale/swscale_template.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* | smacker: add forgotten *Michael Niedermayer2011-11-031-1/+1
| | | | | | | | | | | | | | found by fenrir Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f98edc73c599badaa0c075fbffb519a150d03d80)
* | segafilm: Fix potential division by 0 on corrupted segafilm streams in the ↵Laurent Aimar2011-11-031-7/+16
| | | | | | | | | | | | demuxer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | segafilm: Check for memory allocation failures in segafilm demuxer.Laurent Aimar2011-11-031-0/+6
| | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7cbe02575868e7d25acf3d319ece664702700f0a)
* | rv34: check that subsequent slices have the same type as first one.Kostya Shishkov2011-11-031-0/+7
| | | | | | | | | | | | | | | | | | This prevents some crashes when corrupted bitstream reports e.g. P-type slice in I-frame. Official RealVideo decoder demands all slices to be of the same type too. Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 23a1f0c59241465ba30103388029a7afc0ead909)
* | Fixed invalid read access on extra data in cinepak decoder.Laurent Aimar2011-11-031-1/+2
| | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dc255275f6293a060518271a151e1ce75499e874)
* | Fixed segfault on corrupted smacker streams in the demuxer.Laurent Aimar2011-11-031-0/+4
| | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d0121e8d969cde74fa7dbd96d3602109b051e701)
* | Fixed segfaults on corruped smacker streams in the decoder.Laurent Aimar2011-11-031-0/+2
| | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d07ac1853da29ea696243160e02154ebf758d1ee)
* | Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.Laurent Aimar2011-11-031-2/+3
| | | | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296)
* | Fixed deference of NULL pointer in motionpixels decoder.Laurent Aimar2011-11-031-1/+2
| | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 824f98f442996eaee9204b132752cf5114fc94cf)
* | qcelpdec: fix the return value of qcelp_decode_frame().Chris Rankin2011-11-031-1/+1
| | | | | | | | (cherry picked from commit 04c13dca8812e8302686887b6e8201d4ad25b7d8)
* | Check extradata size on resolution change.Reimar Döffinger2011-11-031-0/+5
| | | | | | | | | | | | | | Ignore resolution change if resolution not defined in extradata. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> (cherry picked from commit 09c5f990bc7629dfbee8c760fd485936c60a7b40)
* | rv34: Check for invalid slice offsetsLaurent Aimar2011-11-031-4/+5
| | | | | | | | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 4cc7732386eb36661ed22d1200339b38a5fa60bc) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | rv34: Avoid NULL dereference on corrupted bitstreamLaurent Aimar2011-11-031-1/+1
| | | | | | | | | | | | | | | | | | rv34_decode_slice() can return without allocating any pictures. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit d0f6ab0298f2309c6104626787ed73416298b019) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | rv10: Reject slices that does not have the same type as the first oneLaurent Aimar2011-11-031-0/+5
| | | | | | | | | | | | | | | | | | This prevents crashes with some corrupted bitstreams. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 4a29b471869353c3077fb4b25b6518eb1047afb7) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | oggdec: fix out of bound write in the ogg demuxerLaurent Aimar2011-11-031-2/+12
| | | | | | | | | | | | | | | | | | | | Between ogg_save() and ogg_restore() calls, the number of streams could have been reduced. Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Check for invalid VLC value in smacker decoder.Laurent Aimar2011-11-031-0/+2
| | | | | | | | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 6489455495fc5bfbebcfe3f57e5d4fdd6a781091) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Check and propagate errors when VLC trees cannot be built in smacker decoder.Laurent Aimar2011-11-031-8/+12
| | | | | | | | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 9676ffba8346791f494451e68d2a3b37a2918a9b) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Fixed off by one packet size allocation in the smacker demuxer.Laurent Aimar2011-11-031-1/+1
| | | | | | | | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | ape demuxer: fix segfault on memory allocation failure.Laurent Aimar2011-11-031-0/+2
| | | | | | | | | | | | | | Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Check for invalid packet size in the smacker demuxer.Laurent Aimar2011-11-031-0/+2
| | | | | | | | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | cljr: init_get_bits size in bits instead of bytesAlex Converse2011-11-031-1/+1
| | | | | | | | | | | | (cherry picked from commit 0c1f5b93d9b97c4cc3684ba91a040e90bfc760d2) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | indeo2: fail if input buffer too smallAlex Converse2011-11-031-1/+7
| | | | | | | | | | | | (cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | indeo2: init_get_bits size in bits instead of bytesAlex Converse2011-11-031-1/+1
| | | | | | | | | | | | (cherry picked from commit 68ca330cbd479111db9cb7649d7530ad59f04cc8) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | cavsdec: avoid possible crash with crafted inputMichael Niedermayer2011-11-031-2/+2
| | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9f06c1c61e876e930753da200bfe835817e30a53)
* | Fix possible double free when encoding using xvid.Carl Eugen Hoyos2011-11-031-0/+1
| | | | | | | | (cherry picked from commit 315f0e3fd8dcbd1362276b7407dad2e97cccc4b7)
* | Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer2011-11-033-11/+41
|\ \ | |/ | | | | | | | | | | | | | | * qatar/release/0.5: Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080. cavs: fix some crashes with invalid bitstreams mjpeg: Detect overreads in mjpeg_decode_scan() and error out. Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.Michael Niedermayer2011-11-021-8/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Whitespace of the patch cleaned up by Aurel Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8) Further suggestions from Kostya <kostya.shishkov@gmail.com> have been implemented by Reinhard Tartler <siretart@tauware.de> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 77d2ef13a8fa630e5081f14bde3fd20f84c90aec) NB: MSVR-11-0080 doesn't seem to exist. This issue seems to be known as MSVR11-011 instead. Fixes: CVE-2011-3504 Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * cavs: fix some crashes with invalid bitstreamsMans Rullgard2011-11-021-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes all valgrind-reported invalid writes with one specific test file. Fixes http://www.ocert.org/advisories/ocert-2011-002.html Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 4a71da0f3ab7f5542decd11c81994f849d5b2c78) Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974 Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * mjpeg: Detect overreads in mjpeg_decode_scan() and error out.Michael Niedermayer2011-04-261-0/+4
| | | | | | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rbultje@google.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* | Fix apparently exploitable race condition.Michael Niedermayer2011-04-261-1/+2
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | AMV: Fix possibly exploitable crash.Michael Niedermayer2011-04-261-1/+0
|/ | | | | | Reported-at: Thu, 21 Apr 2011 14:38:25 +0000 Reported-by: Dominic Chell <Dominic.Chell@ngssecure.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* update release dateReinhard Tartler2011-03-171-1/+1
|
View Lorry Controller Status