summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* update for 1.1.13n1.1.13Michael Niedermayer2014-08-083-3/+3
| | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/dvdsub_parser: print message if packet is smaller than the packet ↵Michael Niedermayer2014-08-081-0/+2
| | | | | | | | | size field Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bcc898dd2643c883522ffa565be4b226ce798c78) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/dvdsub_parser: Check buf_size before reading 32bit packet sizeMichael Niedermayer2014-08-081-1/+2
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/dvdsub_parser: never return 0 when the input isnt 0Michael Niedermayer2014-08-081-1/+1
| | | | | | | | | | Fixes a infinite loop Fixes Ticket3804 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cfdb30d2f1241de9354a8efdbf8252d0f1a6f933) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/utils: do not wait for packets from discarded streams for genptsMichael Niedermayer2014-08-081-1/+2
| | | | | | | | | | Fixes long loop Fixes Ticket3208 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8202c49b43621c04e26d4a3aa83a10e1e5cc1836) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* Merge commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4' into release/1.1Michael Niedermayer2014-08-080-0/+0
|\ | | | | | | | | | | | | | | | | | | | | | | * commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4': Update Changelog for v9.15 Conflicts: Changelog Not merged as the changelog doesnt apply 1:1 to FFmpeg Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * Update Changelog for v9.15Reinhard Tartler2014-08-061-0/+18
| |
* | Merge commit '52254067b312e78d30bbe79fc33dbdf995b22b4e' into release/1.1Michael Niedermayer2014-08-081-2/+2
|\ \ | |/ | | | | | | | | | | | | | | | | | | * commit '52254067b312e78d30bbe79fc33dbdf995b22b4e': error_concealment: avoid using the picture if not fully setup Conflicts: libavcodec/error_resilience.c See: 68a0477bc0af026db971ddba22541029a9e8715b Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * error_concealment: avoid using the picture if not fully setupMichael Niedermayer2014-08-061-0/+6
| | | | | | | | | | | | | | | | | | | | Fixes state becoming inconsistent and a null pointer dereference. CC: libav-stable@libav.org Bug-Id: CVE-2013-0860 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | avcodec/svq1dec: Fix multiple bugs from "svq1: do not modify the input packet"Michael Niedermayer2014-08-081-1/+2
| | | | | | | | | | | | | | | | | | Add padding, clear size, use the correct pointer. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4213fc5b9eebec53c7d22b770c3f1ceecca1c113) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Merge commit 'af9b62654d5aa023a96906215365532d18541a09' into release/1.1Michael Niedermayer2014-08-081-1/+23
|\ \ | |/ | | | | | | | | | | * commit 'af9b62654d5aa023a96906215365532d18541a09': svq1: do not modify the input packet Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * svq1: do not modify the input packetAnton Khirnov2014-08-061-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The input data must remain constant, make a copy instead. This is in theory a performance hit, but since I failed to find any samples using this feature, this should not matter in practice. Also, check the size of the header, avoiding invalid reads on truncated data. CC:libav-stable@libav.org (cherry picked from commit 7b588bb691644e1b3c168b99accf74248a24e3cf) Signed-off-by: Anton Khirnov <anton@khirnov.net> Conflicts: libavcodec/svq1dec.c
* | Merge commit '80c268eaaee402695a74d14acf76063100692a99' into release/1.1Michael Niedermayer2014-08-081-2/+1
|\ \ | |/ | | | | | | | | | | * commit '80c268eaaee402695a74d14acf76063100692a99': cdgraphics: do not return 0 from the decode function Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * cdgraphics: do not return 0 from the decode functionAnton Khirnov2014-08-061-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | 0 means no data consumed, so it can trigger an infinite loop in the caller. CC:libav-stable@libav.org (cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36) Signed-off-by: Anton Khirnov <anton@khirnov.net> Conflicts: libavcodec/cdgraphics.c
* | Merge commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83' into release/1.1Michael Niedermayer2014-08-081-7/+7
|\ \ | |/ | | | | | | | | | | | | | | | | | | * commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83': cdgraphics: switch to bytestream2 Conflicts: libavcodec/cdgraphics.c See: ad002e1a13a8df934bd6cb2c84175a4780ab8942 Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * cdgraphics: switch to bytestream2Anton Khirnov2014-08-061-9/+7
| | | | | | | | | | | | | | | | | | Fixes possible invalid memory accesses on corrupted data. CC:libav-stable@libav.org Bug-ID: CVE-2013-3674 (cherry picked from commit a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Merge commit 'c53effc41b9359261b17c8da3b7062369cafd686' into release/1.1Michael Niedermayer2014-08-081-2/+5
|\ \ | |/ | | | | | | | | | | | | | | | | | | * commit 'c53effc41b9359261b17c8da3b7062369cafd686': huffyuvdec: check width size for yuv422p Conflicts: libavcodec/huffyuvdec.c See: 6abb9a901fca27da14d4fffbb01948288b5da3ba Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * huffyuvdec: check width size for yuv422pMichael Niedermayer2014-08-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | Avoid out of array accesses. CC: libav-stable@libav.org Bug-Id: CVE-2013-0848 Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit a7153444df9040bf6ae103e0bbf6104b66f974cb) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Merge commit 'ede738880032db62b7dc5b3712f769d3826f5974' into release/1.1Michael Niedermayer2014-08-080-0/+0
|\ \ | |/ | | | | | | | | | | | | * commit 'ede738880032db62b7dc5b3712f769d3826f5974': mmvideo: check horizontal coordinate too See: See: 8d3c99e825317b7efda5fd12e69896b47c700303 Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * mmvideo: check horizontal coordinate tooMichael Niedermayer2014-08-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | Fixes out of array accesses. Bug-Id: CVE-2013-3672 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 70cd3b8e659c3522eea5c16a65d14b8658894a94) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Merge commit '36d8914f1b94e4731d2fc67162902839c106e72e' into release/1.1Michael Niedermayer2014-08-080-0/+0
|\ \ | |/ | | | | | | | | | | | | * commit '36d8914f1b94e4731d2fc67162902839c106e72e': wmalosslessdec: fix mclms_coeffs* array size See: ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3 Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * wmalosslessdec: fix mclms_coeffs* array sizeMichael Niedermayer2014-08-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | Fixes corruption of context Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org Bug-Id: CVE-2014-2098 Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 849b9d34c7ef70b370c53e7af3940f51cbc07d0f) Signed-off-by: Anton Khirnov <anton@khirnov.net>
* | Merge commit '146b187113e3cc20c2a97c5f264da13e701ca247' into release/1.1Michael Niedermayer2014-08-081-0/+5
|\ \ | |/ | | | | | | | | | | | | | | | | | | * commit '146b187113e3cc20c2a97c5f264da13e701ca247': lavc: Check the image size before calling get_buffer Conflicts: libavcodec/utils.c See: 668494acd8b20f974c7722895d4a6a14c1005f1e Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * lavc: Check the image size before calling get_bufferLuca Barbato2014-08-041-0/+2
| | | | | | | | | | Bug-Id: CVE-2011-3935 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
* | Merge commit '43d676432740c6d5e5234ed343f13902909fd124' into release/1.1Michael Niedermayer2014-08-081-43/+53
|\ \ | |/ | | | | | | | | | | | | | | | | * commit '43d676432740c6d5e5234ed343f13902909fd124': huffyuv: Check and propagate function return values Conflicts: libavcodec/huffyuvdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * huffyuv: Check and propagate function return valuesDiego Biurrun2014-08-031-45/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | Bug-Id: CVE-2013-0868 inspired by a patch from Michael Niedermayer <michaelni@gmx.at> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 744b406ff3474e77543bcf86125a2f7bc7deaa18) Signed-off-by: Diego Biurrun <diego@biurrun.de> Conflicts: libavcodec/huffyuvdec.c
* | Merge commit '512354191328c559fcff56070dab897ee2a1b4c1' into release/1.1Michael Niedermayer2014-08-080-0/+0
|\ \ | |/ | | | | | | | | | | | | | | | | | | * commit '512354191328c559fcff56070dab897ee2a1b4c1': h264: prevent theoretical infinite loop in SEI parsing Conflicts: libavcodec/h264_sei.c See: 9decfc17bb76da34734296048d390b176abf404c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * h264: prevent theoretical infinite loop in SEI parsingVittorio Giovara2014-08-011-9/+14
| | | | | | | | | | | | | | Properly address CVE-2011-3946 and parse bitstream as described in the spec. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
* | Merge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1Michael Niedermayer2014-08-081-0/+6
|\ \ | |/ | | | | | | | | | | | | | | | | * commit '01f9540320279954b2764645ab7136847d53d89f': h264_sei: check SEI size Conflicts: libavcodec/h264_sei.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * h264_sei: check SEI sizeMichael Niedermayer2014-08-011-0/+6
| | | | | | | | | | Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
* | Merge commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec' into release/1.1Michael Niedermayer2014-08-081-5/+7
|\ \ | |/ | | | | | | | | | | | | * commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec': pgssubdec: Check RLE size before copying See: c0d68be555f5858703383040e04fcd6529777061 Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * pgssubdec: Check RLE size before copyingMichael Niedermayer2014-08-011-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure the buffer size does not exceed the expected RLE size. Prevent an out of array bound write. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Bug-Id: CVE-2013-0852 Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit a1f7844a11010d8552c75424d1a831b37a0ae5d9) Signed-off-by: Diego Biurrun <diego@biurrun.de>
* | Merge commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0' into release/1.1Michael Niedermayer2014-08-082-16/+38
|\ \ | |/ | | | | | | | | | | | | | | | | * commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0': fate: Add dependencies for dct/fft/mdct/rdft tests Conflicts: libavcodec/fft-test.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * fate: Add dependencies for dct/fft/mdct/rdft testsDiego Biurrun2014-07-302-16/+38
| | | | | | | | | | | | | | | | (cherry picked from commit d396987c303bdc4eea7d1a1ff6776475d9bbd9ea) Signed-off-by: Diego Biurrun <diego@biurrun.de> Conflicts: libavcodec/fft-test.c
* | Merge commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e' into release/1.1Michael Niedermayer2014-08-081-1/+2
|\ \ | |/ | | | | | | | | | | * commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e': video4linux2: Avoid a floating point exception Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * video4linux2: Avoid a floating point exceptionBernhard Übelacker2014-07-301-1/+2
| | | | | | | | | | | | | | | | This avoids a segfault in avconv_opt.c:opt_target when trying to determine the norm. (cherry picked from commit dc71f1958846bb1d96de43a4603983dc8450cfcc) Signed-off-by: Diego Biurrun <diego@biurrun.de>
* | Merge commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83' into release/1.1Michael Niedermayer2014-08-081-7/+0
|\ \ | |/ | | | | | | | | | | | | | | | | * commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83': vf_select: Drop a debug av_log with an unchecked double to enum conversion Conflicts: libavfilter/f_select.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * vf_select: Drop a debug av_log with an unchecked double to enum conversionDiego Biurrun2014-07-301-13/+0
| | | | | | | | | | | | CC: libav-stable@libav.org (cherry picked from commit a8d803a320fb08b3ad5db4fffc79abd401206905) Signed-off-by: Diego Biurrun <diego@biurrun.de>
* | Merge commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8' into release/1.1Michael Niedermayer2014-08-081-19/+22
|\ \ | |/ | | | | | | | | | | | | | | | | * commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8': eamad: use the bytestream2 API instead of AV_RL Conflicts: libavcodec/eamad.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * eamad: use the bytestream2 API instead of AV_RLAnton Khirnov2014-07-301-17/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | This is safer and possibly fixes invalid reads on truncated data. (cherry-picked from commit 541427ab4d5b4b6f5a90a687a06decdb78e7bc3c) CC:libav-stable@libav.org Conflicts: libavcodec/eamad.c (cherry picked from commit f9204ec56a4cf73843d1e5b8563d3584c2c05b47) Signed-off-by: Diego Biurrun <diego@biurrun.de>
* | Merge commit '3ecbd911ff9177097820e5d00401c9bf29e5d167' into release/1.1Michael Niedermayer2014-08-080-0/+0
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | * commit '3ecbd911ff9177097820e5d00401c9bf29e5d167': Update Changelog for v9.14 Prepare for 9.14 Release Conflicts: Changelog RELEASE Not merged as this doesnt apply 1:1 to our releases Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * Update Changelog for v9.14Reinhard Tartler2014-06-261-0/+8
| |
| * Prepare for 9.14 ReleaseReinhard Tartler2014-06-261-1/+1
| |
* | Merge commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240' into release/1.1Michael Niedermayer2014-08-081-0/+1
|\ \ | |/ | | | | | | | | | | * commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240': adpcm: Write the proper predictor in trellis mode in IMA QT Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * adpcm: Write the proper predictor in trellis mode in IMA QTMartin Storsjö2014-06-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The actual predictor value, set by the trellis code, never was written back into the variable that was written into the block header. This was accidentally removed in b304244b. This significantly improves the audio quality of the trellis case, which was plain broken since b304244b. Encoding IMA QT with trellis still actually gives a slightly worse quality than without trellis, since the trellis encoder doesn't use the exact same way of rounding as in adpcm_ima_qt_compress_sample and adpcm_ima_qt_expand_nibble. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 0776e0ef6ba4160281ef3fabea43e670f3792b4a) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* | Merge commit '744e7eea5d815efea777b6179d96e8d94b63ccfa' into release/1.1Michael Niedermayer2014-08-081-1/+1
|\ \ | |/ | | | | | | | | | | * commit '744e7eea5d815efea777b6179d96e8d94b63ccfa': adpcm: Avoid reading out of bounds in the IMA QT trellis encoder Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * adpcm: Avoid reading out of bounds in the IMA QT trellis encoderMartin Storsjö2014-06-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This was broken in 095be4fb - samples+ch (for the previous non-planar case) equals &samples_p[ch][0]. The confusion probably stemmed from the IMA WAV case where it originally was &samples[avctx->channels + ch], which was correctly changed into &samples_p[ch][1]. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 3d79d0c93e5b37a35b1b22d6c18699c233aad1ba) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* | Merge commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f' into release/1.1Michael Niedermayer2014-08-082-12/+18
|\ \ | |/ | | | | | | | | | | | | | | | | | | * commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f': Check mp3 header before calling avpriv_mpegaudio_decode_header(). Conflicts: libavformat/mp3enc.c See: See: 2dd0da787ce5008d4d1b8f461fbd1288c32e2c38 Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * Check mp3 header before calling avpriv_mpegaudio_decode_header().Justin Ruggles2014-06-262-8/+17
| | | | | | | | | | | | | | | | | | | | As indicated in the function documentation, the header MUST be checked prior to calling it because no consistency check is done there. CC:libav-stable@libav.org (cherry picked from commit f2f2e7627f0c878d13275af5d166ec5932665e28) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* | Merge commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f' into release/1.1Michael Niedermayer2014-08-081-0/+4
|\ \ | |/ | | | | | | | | | | * commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f': Check if an mp3 header is using a reserved sample rate. Merged-by: Michael Niedermayer <michaelni@gmx.at>
View Lorry Controller Status