- 01 Apr, 2012 40 commits
-
-
Alex Converse authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit fd0be630 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b4bccf3e ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
This way, it protects against overreads for 4bpp/2bpp content also. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cc5dd632 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a93b572a ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 11b940a1 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Reference: VLC (cherry picked from commit b142496c ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
(cherry picked from commit 0ad522af ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 71db86d5 ) Conflicts: libavcodec/h263dec.c Signed-off-by:
Alex Converse <alex.converse@gmail.com> Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
TIFF v6.0 (unimplemented) adds signed equivalents. (cherry picked from commit e32548d1 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 9e1db721 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 0ab36879 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Mans Rullgard authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit 034b03e7 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit 2d1c0dea ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by:
Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit 5a396bb3 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by:
Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit 635bcfcc ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Related to CVE-2011-3940. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit c898431c ) Conflicts: libavformat/nsvdec.c Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Check results for av_malloc() and fix an overflow in one call. Related to CVE-2011-3940. Based in part on work from Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 8fd8a482 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write) Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c011706 ) Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit 6a89b41d ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Fabian Greffrath authored
Signed-off-by:
Diego Biurrun <diego@biurrun.de> (cherry picked from commit c9dbac36 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
h264: fix mmxext chroma deblock to use correct TC values. (cherry picked from commit b0c4f043 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8a9faf33 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d1604b3d ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Justin Ruggles authored
We need to set ms_stereo in encode_init() in order to avoid incorrectly encoding the first frame as non-m/s while flagging it as m/s. Fixes an uncomfortable pop in the left channel at the start of playback. CC:libav-stable@libav.org (cherry picked from commit 51ddf35c ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Justin Ruggles authored
ff_wma_init() allows up to 50kHz, but this generates an exponent band size table that requires 65 bands. The code assumes 25 bands in many places, and using sample rates higher than 48kHz will lead to buffer overwrites. CC:libav-stable@libav.org (cherry picked from commit 1ec075cf ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Justin Ruggles authored
This is near the theoretical limit for wma frame size and is the most that our decoder can handle. Allowing higher bit rates will just end up padding each frame with empty bytes. Fixes invalid writes for avconv when using very high bit rates. CC:libav-stable@libav.org (cherry picked from commit c2b8dea1 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Justin Ruggles authored
The maximum theoretical frame size is around 17000 bytes. Although in practice it will generally be much smaller, we require a larger buffer just to be safe. CC: libav-stable@libav.org (cherry picked from commit dfc4fded ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 9c239f60 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 48f1e521 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 2f652853 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bd17a40a ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 63c9de64 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 07a18097 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 78e9852a ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e54ae60e ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 791de61b ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Prevents crashes when playing corrupt vp5/6 streams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8bc396fc ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Seeking back on EOF will reset the EOF flag, causing us to re-enter the loop to find the next marker in the ASF file, thus potentially causing an infinite loop. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bb6d5411 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
They cause various issues further down in demuxing. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 6e57a02b ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
(cherry picked from commit 24947d49 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Reinhard Tartler authored
Because in contrast to the decoder, the parser does not setup low_delay. The code in parse_nal_units would always end up setting has_b_frames to "1", except when stream is explicitly marked as low delay. Since the parser itself would create 'extradata', simply reopening the parser would cause this. This happens for instance in estimate_timings_from_pts(), which causes the parser to be reopened on the same stream. This fixes Libav #22 and FFmpeg (trac) #360 CC: libav-stable@libav.org Based on a patch by Reimar Döffinger <Reimar.Doeffinger@gmx.de> (commit 31ac0ac2 ) Comments and description adapted by Reinhard Tartler. Signed-off-by:
Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 790a367d ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-