summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* cmdutils: update yearn1.2.5Michael Niedermayer2014-01-161-1/+1
| | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* Update for 1.2.5Michael Niedermayer2014-01-163-3/+3
| | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* wmaprodec: Fix null pointer dereference in decode_frame()Michael Niedermayer2014-01-161-1/+2
| | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c7a7605656633e52ade8a5d32a7c2497b37faef8) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* h264: check mb_width/heightMichael Niedermayer2014-01-161-1/+4
| | | | | | | | | | Fixes inconsistency that leads to out of array accesses with threads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5a9e3760495e8678ae87314670e3d9d5a1792c8d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* h264: Always decode MMCOs into temprary arrayMichael Niedermayer2014-01-161-1/+2
| | | | | | | | | | | | When decoding succeeded the array is copied into the permanent one. This prevents inconsistencies Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c40f51e15b91898e5c69fca7c8c67e3da6624dd4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* h264: move the default_ref_list_done check down after its inputs have been ↵Michael Niedermayer2014-01-161-9/+5
| | | | | | | | | | | | written Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 11c3381ce3c353a4dadf9def6232e7604b0c5d2b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* h264: Move slice_table clean out of frame_startMichael Niedermayer2014-01-161-5/+9
| | | | | | | | | | Fixes inconsistency ultimately leading to an out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 746016598d1885afd1fee976b6d315ed7eeefa68) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* h264_refs: Check for attempts to assign pictures to short & long.Michael Niedermayer2014-01-161-0/+3
| | | | | | | | | | Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 92002db3eb437414281ad4fb6e84e34862f7fc92) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* h264_cavlc: fix assertion failure due to reading too long vlcMichael Niedermayer2014-01-161-2/+8
| | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 10ece44d0948b44b062d09319052d09d14f7bfdb) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/aacps: fix number of bands used with ipd/opdMichael Niedermayer2014-01-161-1/+2
| | | | | | | | | | Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f861d16355f_1664_File1_fixed.aac Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6433b393ba2b1b410ff18e386f84781a760549f5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* aacps: correct opdipd code to match specMichael Niedermayer2014-01-161-1/+2
| | | | | | | | | | This fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 66e9716a36105f69b9f076b0fec3ec2551c7e3b7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/ansi: Fix right/bottom end checksMichael Niedermayer2014-01-161-2/+2
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6021615bbe393381f23b34a7cd0dcfd1a42687ba) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/ansi: Check x/yMichael Niedermayer2014-01-161-0/+4
| | | | | | | | | | This prevents out of array accesses Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e91fd754c63de7fd3cb7fdea8974166db362e387) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* shorten: fix "off by padding" bugMichael Niedermayer2014-01-161-1/+1
| | | | | | | | | | Fixes array overread Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ad22767cb61cdc75541b21154d65fd1ad6351025) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/lcldec: Check that dimensions are a multiple of the subsample factorsMichael Niedermayer2014-01-161-0/+10
| | | | | | | | | | | | | | Other dimensions would not work correctly currently, also ask for a sample for files that fail this check. This fixes an integer overflow leading to out of array accesses. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1e00bbb10cbde3da03a1e744265ce6def9ae4c56) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/vqf: check number of channels before use.Michael Niedermayer2014-01-161-0/+5
| | | | | | | | | | Fixes division by zero Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a527e692592b7eef69430cc866bb96231526316c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* dxa: check vectors of 2x2 motion blocksMichael Niedermayer2014-01-161-0/+5
| | | | | | | | | | Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ead590c2561980f2afda38a662364659577dca38) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* dxa: check vectors of 4x4 motion blocksMichael Niedermayer2014-01-161-0/+5
| | | | | | | | | | Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f96e0eb2387f8da7b8177f8f22969853dc648ca6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* shorten: allocate space for paddingMichael Niedermayer2014-01-161-1/+1
| | | | | | | | | | Fixes array overread Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 89d998f1c1eddac3a1256e28ac00ccfdf4d3edd1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* evrcdec: fix sign errorMichael Niedermayer2014-01-161-1/+1
| | | | | | | | | | | | | The specification wants round(abs(x))) * sign(x) which is equivakent to round(x) Fixes out of array access Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f18d2dff1194b34b79dc7641aafe54d1df349e40) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* eamad: Check against minimum supported dimensionsMichael Niedermayer2014-01-161-0/+5
| | | | | | | | | | Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e756635964ed3aa1ee997465f9b46143bcb5d894) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* xan: Check for overlapping copiesMichael Niedermayer2014-01-161-0/+5
| | | | | | | | | | No valid samples i found use such copies Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bdfe60c769f4d4e71a360fe02f06cdb9c039cf35) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/bitstream: check codes in ff_init_vlc_sparse()Michael Niedermayer2014-01-161-0/+4
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6998af4a40e67b5f0bfb769b7749f38a92eb2819) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/bitstream: Check bits in ff_init_vlc_sparse()Michael Niedermayer2014-01-161-0/+4
| | | | | | | | | | Fixes out of array reads Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fb3e3808aed843b21dd70a70bdbc4b9f7de6a00b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/mpegvideo_motion: Use a field from the current frame if the last is ↵Michael Niedermayer2014-01-161-2/+5
| | | | | | | | | | | | unavailable in DMV & 16x8 Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 42bcc4082d644342171216fcf597cde75421a4d7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/c93: Check for block overlap.Michael Niedermayer2014-01-161-1/+7
| | | | | | | | | | Fixes overlapping memcpy() Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6b657ac7889738b9ab38924cca4e7c418f6fbc38) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/mpegvideo_motion: Check P field referencesMichael Niedermayer2014-01-161-1/+2
| | | | | | | | | | | | If a reference is unavailable use a field from the current picture Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 23daee0dcc57b647b9d62d4c905e94acf0c6b8e0) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* svq3: use memmove to avoid overlap in memcpy.Michael Niedermayer2014-01-161-2/+2
| | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4c8ce750abaa783109630d41ca7dde5de34f6197) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* evrcdec: use memmove() instead of memcpy() when regions can overlap.Michael Niedermayer2014-01-161-4/+4
| | | | | | | | | | This occurs also with valid files. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5ae484e350e4f1b20b31802dac59ca3519627c0a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avutil/log: skip IO calls on empty stringsMichael Niedermayer2014-01-161-0/+3
| | | | | | | | | These occur when no context is set for example, thus they are common Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a044a183a3fb90b20a8deaa3ea1158510bcdd420) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/error_resilience: check that er is supported before attempting to ↵Michael Niedermayer2014-01-161-1/+1
| | | | | | | | | | | read the status of the previous slice Fixes incorrectly set error_occured and improves speed Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 90539cea336fd513c47295a03c164cb4a851166f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/error_resilience: factor er_supported() check outMichael Niedermayer2014-01-161-3/+12
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit afb18c55783362546b5e512ce01b7fe7bf5744d9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/libopusenc: change default frame duration to 20 msPaul B Mahol2014-01-162-2/+2
| | | | | | | | | 20 ms is used by libopus encoder. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit 74906d3727ec3bd9b7b28dfa7a98ff6e8cf8b6d7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec: move end zeroing code from av_packet_split_side_data() to ↵Michael Niedermayer2014-01-161-0/+10
| | | | | | | | | | | | | | | avcodec_decode_subtitle2() This code changes the input packet, which is read only and can in rare circumstances lead to decoder errors. (i run into one of these in the audio decoder, which corrupted the packet during av_find_stream_info() so that actual decoding that single packet failed later) Until a better fix is implemented, this commit limits the problem. A better fix might be to make the subtitle decoders not depend on data[size] = 0 or to copy their input when this is not the case. (cherry picked from commit 01923bab98506b1e98b4cbf08419364ce6ffea6d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* h264: Do not treat the initial frame special in handling of frame gapsMichael Niedermayer2014-01-161-2/+2
| | | | | | | | | | | | | | The not handling of frame gaps has lead to the lack of a dummy reference frame, which has lead to the failure of decode_slice_header() which has lead to one SEI recovery message being skiped which had introduced a slightly suboptimal recovery point for at least 1 h264 file compared to JM. Found-by: Carl & BugMaster Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9e5ef1c5c37208326c59d642e2dc7afd3f10b09b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/thp: force moving forwardMichael Niedermayer2014-01-161-1/+1
| | | | | | | | | | Fixes infinite loop Fixes Ticket3098 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6c4b87d3d6ae08a6da16b4616626b4d2a726afbf) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avformat/thp: fix variable types to avoid overflowsMichael Niedermayer2014-01-161-7/+7
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2b1056e4e27b046af3777e8bd65a5145abff878f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/jpeglsdec: check err value for ls_get_code_runterm()Michael Niedermayer2014-01-161-0/+2
| | | | | | | | | | Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avutil/opt: initialize retMichael Niedermayer2014-01-161-1/+1
| | | | | | | | | | Fixes CID1108610 Fixes use of uninitialized variable Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2d8ccf0adcae09cb9e14b01cfe20e4d77c3bbf5d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/utils: add some saftey checks to add_metadata_from_side_data()Michael Niedermayer2014-01-161-1/+8
| | | | | | | | | | | | This fixes potential overreads with crafted files. Found-by: wm4 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 838f461b0716393a1b5c70efd03de1e8bc197380) Conflicts: libavcodec/utils.c
* avcodec/avpacket/av_packet_split_side_data: ensure that side data padding is ↵Michael Niedermayer2014-01-161-1/+1
| | | | | | | | | initialized Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 240fd8c96f59ebe9dcfc4152a1086cd3f63400c0) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avfilter/ff_insert_pad: fix order of operationsMichael Niedermayer2014-01-161-3/+3
| | | | | | | | | | | | | | | | | | | | Fixes out of bounds access Fixes CID732170 Fixes CID732169 No filter is known to use this function in a way so the issue can be reproduced. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ab2bfb85d49b2f8aa505816f93e75fd18ad0a361) Conflicts: libavfilter/avfilter.c (cherry picked from commit 86591b244f3a27293153896813f5569b49b2f5c0) Conflicts: libavfilter/avfilter.c
* ffserver: strip odd chars from html error messages before sending them backMichael Niedermayer2014-01-161-0/+9
| | | | | | | | | Fixes Ticket3034 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 885739f3b4ca3fb60abf417120845e3fcfb99b53) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avcodec/ffv1dec: fix format detectionPaul B Mahol2014-01-161-18/+7
| | | | | | | | | Fixes crash with carefuly designed files. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit a27227d401adf12534dc7a26d72e43e2f35f8944) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* Do not read mkv audio bit_depth if bits_per_coded_sample is already set.Carl Eugen Hoyos2014-01-161-0/+1
| | | | | This allows decoding broken mkv files containing G.726 audio. (cherry picked from commit 11329370770e5c982deece7d4eb4f2e95e725332)
* Do not set mkv bit_depth to av_get_bytes_per_sample() for G.726.Carl Eugen Hoyos2014-01-161-1/+1
| | | | | The value is wrong and leads to broken files. (cherry picked from commit 565102dcac4959da60e6b1528dc31315d21194ca)
* avcodec/msvideo1enc: fix SKIPS_MAXMichael Niedermayer2014-01-091-1/+1
| | | | | | | Fixes Ticket3270 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fb8f5d0510619cea2204246631f1c0dcd994ee25)
* Use the h264 parser when decoding VSSH in avi.Carl Eugen Hoyos2014-01-081-0/+2
| | | | | | | | | | Fixes ticket #3261 visually. Analyzed-by: Michael Doilnitsyn (cherry picked from commit 94cf4f8bac12c58e30ce3b5d72cf5898baafe9a8) Conflicts: libavformat/avidec.c
* avformat/mxfdec: detect loops during header parsingMichael Niedermayer2014-01-081-1/+8
| | | | | | | | | | | | | The header parser uses forward and backward parsing, making the bulletproof prevention of loops difficult, thus this simple detection code. If someone improves the forward/backward parsing so it cannot loop then this commit should be reverted Fixes Ticket3278 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1c010fd035c1a14dc73827b84f21f593e969a5d6)
* avformat/oggdec: dont read timestamps from EOS pages of ogm videosMichael Niedermayer2014-01-051-0/+5
| | | | | | | | Some muxers store invalid timestamps there, which breaks seeking Fixes Ticket2739 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5e0c7eab2a9d43e6e3be967ec1a6b04a3e0328da)
View Lorry Controller Status