- 09 Apr, 2012 5 commits
-
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
* release/0.8: Changelog, delete, its too inaccurate, git log is better. pngenc: Fix incorrect mask used for interlaced mode. dsp: fix diff_bytes_mmx() with small width Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Update changelog for 0.7.5 release Merged-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes Ticket1109 Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 15db6a95 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes Ticket1068 Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
- 08 Apr, 2012 1 commit
-
-
Michael Niedermayer authored
* qatar/release/0.7: Update changelog for 0.7.5 release Merged-by:
Michael Niedermayer <michaelni@gmx.at>
-
- 04 Apr, 2012 2 commits
-
- 01 Apr, 2012 32 commits
-
-
Michael Niedermayer authored
* release/0.8: (182 commits) id3v2: fix skipping extended header in id3v2.4 Update RELEASE file for 0.7.5 lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN kgv1dec: Increase offsets array size so it is large enough. kgv1: use avctx->get/release_buffer(). kvmc: fix invalid reads nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). mjpegbdec: Fix overflow in SOS. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure (cherry picked from commit 9e5e2c2d) atrac3: Fix crash in tonal component decoding. ws_snd1: Fix wrong samples count and crash. ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce ) ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 h264: stricter reference limit enforcement. jvdec: unbreak video decoding xxan: don't read before start of buffer in av_memcpy_backptr(). dsicinvideo: validate buffer offset before copying pixels. huffyuv: add padding to classic (v1) huffman tables. ... Conflicts: Doxyfile RELEASE VERSION Merged-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
* qatar/release/0.7: (84 commits) id3v2: fix skipping extended header in id3v2.4 Update RELEASE file for 0.7.5 lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN kgv1dec: Increase offsets array size so it is large enough. kgv1: use avctx->get/release_buffer(). kvmc: fix invalid reads nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). mjpegbdec: Fix overflow in SOS. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure (cherry picked from commit 9e5e2c2d) atrac3: Fix crash in tonal component decoding. ws_snd1: Fix wrong samples count and crash. ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce ) ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 h264: stricter reference limit enforcement. jvdec: unbreak video decoding xxan: don't read before start of buffer in av_memcpy_backptr(). dsicinvideo: validate buffer offset before copying pixels. huffyuv: add padding to classic (v1) huffman tables. ... Conflicts: RELEASE libavcodec/atrac3.c libavcodec/h264.c libavcodec/h264_parser.c libavcodec/kgv1dec.c libavcodec/shorten.c libavcodec/svq3.c libavcodec/ws-snd1.c libavcodec/xxan.c libswscale/utils.c Merged-by:
Michael Niedermayer <michaelni@gmx.at>
-
Reinhard Tartler authored
-
Anton Khirnov authored
In v2.4, the length includes the length field itself. (cherry picked from commit ddb44312 ) Signed-off-by:
Anton Khirnov <anton@khirnov.net>
-
Reinhard Tartler authored
-
Reinhard Tartler authored
While bogus, this change avoids the necessity to backport AVERROR_UNKNOWN, which is not entirely trivial. Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 807a045a ) Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit a02e8df9) (cherry picked from commit d5f2382d ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Also fixes crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 33cd32b3 ) Signed-off-by:
Anton Khirnov <anton@khirnov.net> (cherry picked from commit e537dc23 ) Conflicts: libavcodec/kgv1dec.c Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Gaurav Narula authored
Signed-off-by:
Janne Grunau <janne-libav@jannau.net> (cherry picked from commit ad3161ec ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Diego Biurrun authored
This eliminates a warning about a set-but-unused variable. (cherry picked from commit 35fa0d47 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit b57d2624 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 083a8a00 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> Signed-off-by:
Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6fc3287b ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Justin Ruggles authored
shorten: check for realloc failure (cherry picked from commit 9e5e2c2d ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> Signed-off-by:
Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit c509f4f7 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f43b6e2b ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9fb7a5af ) Addresses CVE-2012-0848 Reviewed-by:
Justin Ruggles <justin.ruggles@gmail.com> Signed-off-by:
Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 697a45d8 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Justin Ruggles authored
ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Justin Ruggles authored
8-bit unsigned is the native sample format. (cherry picked from commit 2322ced8 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Kostya Shishkov authored
Signed-off-by:
Janne Grunau <janne-libav@jannau.net> Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Progressive images can have only 16 references, error out if there are more, since the data is almost certainly corrupt, and the invalid value will lead to random crashes or invalid writes later on. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e0febda2 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Paul B Mahol authored
The safe bitstream reader broke it since the buffer size was specified in bytes instead of bits. Signed-off-by:
Janne Grunau <janne-libav@jannau.net> CC: libav-stable@libav.org (cherry picked from commit a1c036e9 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit f1279e28 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c95fefa0 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
We slightly overread the input buffer, so we require padding at the end of the buffer, as is documented in the get_bits API. Without padding, we'll read uninitialized data or beyond the end of the .rodata, which may crash. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 4ffe5e2a ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit fd0be630 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b4bccf3e ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
This way, it protects against overreads for 4bpp/2bpp content also. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cc5dd632 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a93b572a ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 11b940a1 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
Reference: VLC (cherry picked from commit b142496c ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
(cherry picked from commit 0ad522af ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 71db86d5 ) Conflicts: libavcodec/h263dec.c Signed-off-by:
Alex Converse <alex.converse@gmail.com> Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Alex Converse authored
TIFF v6.0 (unimplemented) adds signed equivalents. (cherry picked from commit e32548d1 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-