Commits · 13fd80837f85f7d33bfb857ce9a3f33455cf4b3d · sixue.cheng / ffmpeg-7.1

01 Mar, 2014 7 commits

truemotion1: check the header size · 13fd8083

Anton Khirnov authored 11 years ago

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 2240e207)

13fd8083

shorten: pad the internal bitstream buffer · f1a7bfea

Anton Khirnov authored 11 years ago

Fixes invalid reads.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 1713eec2)

f1a7bfea

samplefmt: avoid integer overflow in av_samples_get_buffer_size() · 3e3805b7
Justin Ruggles authored 11 years ago
```
CC:libav-stable@libav.org
(cherry picked from commit 0e830094)
```
3e3805b7

h264: Fix a typo from the previous commit · 8883b5f8

Luca Barbato authored 11 years ago

f777504f changed a - in +

CC: libav-stable@libav.org
(cherry picked from commit d922c5a5)
(cherry picked from commit 3ce77e04c2ca4b9e7fa6b94b51e8d7c5f188da86)

8883b5f8

h264: Lower bound check for slice offsets · 7c70cee2

Vittorio Giovara authored 11 years ago


And use the value from the specification.

Sample-Id: 00000451-google
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit f777504f)
(cherry picked from commit 5bd083d0216d9ee649039c84999fb61386536ac1)

Conflicts:
	libavcodec/h264.c

7c70cee2

Add missing header to fix compilation after d2a06543 · 8ba51411
Anton Khirnov authored 11 years ago
```
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
```
8ba51411
Prepare for 9.12 RELEASE · 675cf1cd
Reinhard Tartler authored 11 years ago

675cf1cd

21 Feb, 2014 1 commit
- configure: Add missing dependency of Snow decoder on videodsp · 0c1a15db
  Diego Biurrun authored 11 years ago
  
  0c1a15db
14 Feb, 2014 1 commit

rpza: limit the number of blocks to the total remaining blocks in the frame · d2a06543

Anton Khirnov authored 11 years ago

Fixes invalid writes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 77bb0004

)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

d2a06543

02 Feb, 2014 9 commits

Update Changelog for 9.11 · 27f60e2b
Reinhard Tartler authored 11 years ago

27f60e2b

oggparseogm: check timing variables · bf7c240a

Anton Khirnov authored 11 years ago

Fixes a potential divide by zero.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 75647dea

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

bf7c240a

mathematics: remove asserts from av_rescale_rnd() · 03bfd841

Anton Khirnov authored 11 years ago

It is a public function, it must not assert on its parameters.

(cherry picked from commit 94a417ac

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

03bfd841

vc1: Always reset numref when parsing a new frame header. · 3cc8d9bc

Michael Niedermayer authored 11 years ago


Fixes an issue where the B-frame coding mode switches from interlaced
fields to interlaced frames, causing incorrect decisions in the motion
compensation code and resulting in visual artifacts.

CC: libav-stable@libav.org
Signed-off-by: Tim Walker <tdskywalker@gmail.com>
(cherry picked from commit dd2d0039

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

3cc8d9bc

h264: reset num_reorder_frames if it is invalid · 299c5dcf

Anton Khirnov authored 11 years ago

An invalid VUI is not considered a fatal error, so the SPS containing it
may still be used. Leaving an invalid value of num_reorder_frames there
can result in writing over the bounds of H264Context.delayed_pic.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 9ecabd78

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

Conflicts:
	libavcodec/h264_ps.c

299c5dcf

h264: check that an IDR NAL only contains I slices · 62ed6da0

Anton Khirnov authored 11 years ago

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 8b2e5e42

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

62ed6da0

mov: Free an earlier allocated array if allocating a new one · a1b4d42d

Martin Storsjö authored 11 years ago


It could probably also be considered an error if the pointer isn't
null at this point, but then we might risk rejecting some
slightly broken files that we might have handled so far.

Sample-Id: 00000496-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2620df13

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

a1b4d42d

mov: Free intermediate arrays in the normal cleanup function · 44079902

Martin Storsjö authored 11 years ago


These arrays are normally freed at the end of mov_read_trak,
but make sure they're freed in case mov_read_trak returned
early (due to errors) or in case the atoms that allocate arrays
are encountered at some other point than within a trak (which
we don't have checks against).

Sample-Id: 00000496-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d51f0996

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

44079902

segafilm: fix leaks if reading the header fails · f728782c

Anton Khirnov authored 11 years ago

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 6892d145

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

f728782c

01 Feb, 2014 10 commits

h264_cavlc: check the size of the intra PCM data. · b5275ca1

Anton Khirnov authored 11 years ago

Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org

b5275ca1

h263: Check init_get_bits return value · d9c82cea

Michael Niedermayer authored 11 years ago


And use init_get_bits8 to check for integer overflows while at it.

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>

d9c82cea

cavsdec: check ff_get_buffer() return value · 96902887
Anton Khirnov authored 11 years ago
```
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
```
96902887

cavs: Check for negative cbp · c85e5f13

Luca Barbato authored 11 years ago

Sample-Id: 00000647-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

c85e5f13

avi: DV in AVI must be considered single stream · 3485a079
Luca Barbato authored 11 years ago
```
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
```
3485a079

vmnc: Check the cursor dimensions · 4b24eb1a

Luca Barbato authored 11 years ago

And manage the reallocation failure path.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5e992a46)

4b24eb1a

vmnc: Port to bytestream2 · 9f9e7738

Luca Barbato authored 11 years ago

Fix some buffer overreads.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org

9f9e7738

vmnc: K&R formatting cosmetics · f1476459
Luca Barbato authored 11 years ago
```
Signed-off-by: Diego Biurrun <diego@biurrun.de>
```
f1476459

flashsv: Check diff_start diff_height values · 10d48fe6

Michael Niedermayer authored 11 years ago


Fix out of array accesses.

Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Adresses: CVE-2013-7015
(cherry picked from commit 57070b14

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

10d48fe6

dsputil/pngdsp: fix signed/unsigned type in end comparison · af979979

Michael Niedermayer authored 11 years ago

Fixes out of array accesses and integer overflows.

(cherry picked from commit d1916d13

)
Adresses: CVE-2013-7010, CVE-2013-7014
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

af979979

13 Jan, 2014 4 commits

lavf: make av_probe_input_buffer more robust · 8575f536

Anton Khirnov authored 11 years ago

Always use the actually read size as the offset instead of making
possibly invalid assumptions.

Addresses: CVE-2012-6618

(cherry picked from commit 2115a359

)

Conflicts:
	libavformat/utils.c
Signed-off-by: Anton Khirnov <anton@khirnov.net>

8575f536

lavf: use a fixed width type · 539d2558

Anton Khirnov authored 11 years ago

It's shorter and more consistent with the rest of the code.

(cherry picked from commit 8b763628

)
Signed-off-by: Anton Khirnov <anton@khirnov.net>

539d2558

lavf: simplify handling of offset in av_probe_input_buffer() · e38c62fe
Anton Khirnov authored 11 years ago
```
(cherry picked from commit c1868e7e

)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
```
e38c62fe
prores: Error out only on surely incomplete ac_coeffs · 9aa22918
Luca Barbato authored 11 years ago
```
(cherry picked from commit 2df7f771

)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
```
9aa22918

06 Jan, 2014 3 commits

shorten: Fix out-of-array read · a0866c71

Tim Walker authored 11 years ago


pred_order == FF_ARRAY_ELEMS(fixed_coeffs) is invalid too.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 5f5ada3d

)
Signed-off-by: Tim Walker <tdskywalker@gmail.com>

a0866c71

prores: Add a codepath for decoding errors · 65830277

Luca Barbato authored 11 years ago

(cherry picked from commit 44690dfa

)
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>

65830277

nut: Fix unchecked allocations · 5ae7ed3a

Derek Buitenhuis authored 11 years ago

CC: libav-stable@libav.org

(cherry picked from commit b1fcdc08

)
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>

5ae7ed3a

05 Jan, 2014 5 commits

avi: directly resync on DV in AVI read failure · 61057f46

Luca Barbato authored 11 years ago

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit ceec6e79

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

61057f46

mov: Don't allocate arrays with av_malloc that will be realloced · d149c14a

Martin Storsjö authored 11 years ago


CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit b698542a

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

d149c14a

shorten: Extend fixed_coeffs to properly support pred_order 0 · 5bbee02a

Luca Barbato authored 11 years ago

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b2148fac

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

5bbee02a

Prepare for 9.11 RELEASE · f53a5332
Reinhard Tartler authored 11 years ago

f53a5332

avi: properly fail if the dv demuxer is missing · e361fde8

Luca Barbato authored 11 years ago

CC: libav-stable@libav.org
(cherry picked from commit 1cac9acc

)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>

e361fde8

GitLab

Menu