| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
|
|
|
|
|
| |
size field
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bcc898dd2643c883522ffa565be4b226ce798c78)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
|
|
|
| |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
|
|
|
|
|
|
| |
Fixes a infinite loop
Fixes Ticket3804
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cfdb30d2f1241de9354a8efdbf8252d0f1a6f933)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
|
|
|
|
|
|
|
|
| |
Fixes long loop
Fixes Ticket3208
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8202c49b43621c04e26d4a3aa83a10e1e5cc1836)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4':
Update Changelog for v9.15
Conflicts:
Changelog
Not merged as the changelog doesnt apply 1:1 to FFmpeg
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '52254067b312e78d30bbe79fc33dbdf995b22b4e':
error_concealment: avoid using the picture if not fully setup
Conflicts:
libavcodec/error_resilience.c
See: 68a0477bc0af026db971ddba22541029a9e8715b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes state becoming inconsistent and a null pointer dereference.
CC: libav-stable@libav.org
Bug-Id: CVE-2013-0860
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add padding, clear size, use the correct pointer.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4213fc5b9eebec53c7d22b770c3f1ceecca1c113)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit 'af9b62654d5aa023a96906215365532d18541a09':
svq1: do not modify the input packet
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The input data must remain constant, make a copy instead. This is in
theory a performance hit, but since I failed to find any samples
using this feature, this should not matter in practice.
Also, check the size of the header, avoiding invalid reads on truncated
data.
CC:libav-stable@libav.org
(cherry picked from commit 7b588bb691644e1b3c168b99accf74248a24e3cf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/svq1dec.c
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '80c268eaaee402695a74d14acf76063100692a99':
cdgraphics: do not return 0 from the decode function
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
0 means no data consumed, so it can trigger an infinite loop in the
caller.
CC:libav-stable@libav.org
(cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/cdgraphics.c
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83':
cdgraphics: switch to bytestream2
Conflicts:
libavcodec/cdgraphics.c
See: ad002e1a13a8df934bd6cb2c84175a4780ab8942
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes possible invalid memory accesses on corrupted data.
CC:libav-stable@libav.org
Bug-ID: CVE-2013-3674
(cherry picked from commit a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'c53effc41b9359261b17c8da3b7062369cafd686':
huffyuvdec: check width size for yuv422p
Conflicts:
libavcodec/huffyuvdec.c
See: 6abb9a901fca27da14d4fffbb01948288b5da3ba
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Avoid out of array accesses.
CC: libav-stable@libav.org
Bug-Id: CVE-2013-0848
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit a7153444df9040bf6ae103e0bbf6104b66f974cb)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
|\ \
| |/
| |
| |
| |
| |
| |
| | |
* commit 'ede738880032db62b7dc5b3712f769d3826f5974':
mmvideo: check horizontal coordinate too
See: See: 8d3c99e825317b7efda5fd12e69896b47c700303
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes out of array accesses.
Bug-Id: CVE-2013-3672
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 70cd3b8e659c3522eea5c16a65d14b8658894a94)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
|\ \
| |/
| |
| |
| |
| |
| |
| | |
* commit '36d8914f1b94e4731d2fc67162902839c106e72e':
wmalosslessdec: fix mclms_coeffs* array size
See: ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes corruption of context
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Bug-Id: CVE-2014-2098
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 849b9d34c7ef70b370c53e7af3940f51cbc07d0f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '146b187113e3cc20c2a97c5f264da13e701ca247':
lavc: Check the image size before calling get_buffer
Conflicts:
libavcodec/utils.c
See: 668494acd8b20f974c7722895d4a6a14c1005f1e
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '43d676432740c6d5e5234ed343f13902909fd124':
huffyuv: Check and propagate function return values
Conflicts:
libavcodec/huffyuvdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug-Id: CVE-2013-0868
inspired by a patch from Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 744b406ff3474e77543bcf86125a2f7bc7deaa18)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavcodec/huffyuvdec.c
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '512354191328c559fcff56070dab897ee2a1b4c1':
h264: prevent theoretical infinite loop in SEI parsing
Conflicts:
libavcodec/h264_sei.c
See: 9decfc17bb76da34734296048d390b176abf404c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| | |
Properly address CVE-2011-3946 and parse bitstream as described in the spec.
CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '01f9540320279954b2764645ab7136847d53d89f':
h264_sei: check SEI size
Conflicts:
libavcodec/h264_sei.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| | |
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
|
|\ \
| |/
| |
| |
| |
| |
| |
| | |
* commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec':
pgssubdec: Check RLE size before copying
See: c0d68be555f5858703383040e04fcd6529777061
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure the buffer size does not exceed the expected
RLE size.
Prevent an out of array bound write.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Bug-Id: CVE-2013-0852
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a1f7844a11010d8552c75424d1a831b37a0ae5d9)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0':
fate: Add dependencies for dct/fft/mdct/rdft tests
Conflicts:
libavcodec/fft-test.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| | |
(cherry picked from commit d396987c303bdc4eea7d1a1ff6776475d9bbd9ea)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavcodec/fft-test.c
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e':
video4linux2: Avoid a floating point exception
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This avoids a segfault in avconv_opt.c:opt_target when trying to
determine the norm.
(cherry picked from commit dc71f1958846bb1d96de43a4603983dc8450cfcc)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83':
vf_select: Drop a debug av_log with an unchecked double to enum conversion
Conflicts:
libavfilter/f_select.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| | |
CC: libav-stable@libav.org
(cherry picked from commit a8d803a320fb08b3ad5db4fffc79abd401206905)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8':
eamad: use the bytestream2 API instead of AV_RL
Conflicts:
libavcodec/eamad.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is safer and possibly fixes invalid reads on truncated data.
(cherry-picked from commit 541427ab4d5b4b6f5a90a687a06decdb78e7bc3c)
CC:libav-stable@libav.org
Conflicts:
libavcodec/eamad.c
(cherry picked from commit f9204ec56a4cf73843d1e5b8563d3584c2c05b47)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '3ecbd911ff9177097820e5d00401c9bf29e5d167':
Update Changelog for v9.14
Prepare for 9.14 Release
Conflicts:
Changelog
RELEASE
Not merged as this doesnt apply 1:1 to our releases
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240':
adpcm: Write the proper predictor in trellis mode in IMA QT
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The actual predictor value, set by the trellis code, never
was written back into the variable that was written into
the block header. This was accidentally removed in b304244b.
This significantly improves the audio quality of the trellis
case, which was plain broken since b304244b.
Encoding IMA QT with trellis still actually gives a slightly
worse quality than without trellis, since the trellis encoder
doesn't use the exact same way of rounding as in
adpcm_ima_qt_compress_sample and adpcm_ima_qt_expand_nibble.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 0776e0ef6ba4160281ef3fabea43e670f3792b4a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '744e7eea5d815efea777b6179d96e8d94b63ccfa':
adpcm: Avoid reading out of bounds in the IMA QT trellis encoder
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was broken in 095be4fb - samples+ch (for the previous
non-planar case) equals &samples_p[ch][0]. The confusion
probably stemmed from the IMA WAV case where it originally
was &samples[avctx->channels + ch], which was correctly
changed into &samples_p[ch][1].
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 3d79d0c93e5b37a35b1b22d6c18699c233aad1ba)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f':
Check mp3 header before calling avpriv_mpegaudio_decode_header().
Conflicts:
libavformat/mp3enc.c
See: See: 2dd0da787ce5008d4d1b8f461fbd1288c32e2c38
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As indicated in the function documentation, the header MUST be
checked prior to calling it because no consistency check is done
there.
CC:libav-stable@libav.org
(cherry picked from commit f2f2e7627f0c878d13275af5d166ec5932665e28)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
|\ \
| |/
| |
| |
| |
| |
| | |
* commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f':
Check if an mp3 header is using a reserved sample rate.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|