- 09 Apr, 2012 5 commits
-
-
Michael Niedermayer authored
Signed-off-by:Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
* release/0.8: Changelog, delete, its too inaccurate, git log is better. pngenc: Fix incorrect mask used for interlaced mode. dsp: fix diff_bytes_mmx() with small width Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Update changelog for 0.7.5 release Merged-by: -
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Fixes Ticket1109 Signed-off-by:
-
Michael Niedermayer authored
Fixes Ticket1068 Signed-off-by:
-
- 08 Apr, 2012 1 commit
-
-
Michael Niedermayer authored
* qatar/release/0.7: Update changelog for 0.7.5 release Merged-by:
-
- 04 Apr, 2012 2 commits
-
-
- 01 Apr, 2012 32 commits
-
-
Michael Niedermayer authored
* release/0.8: (182 commits) id3v2: fix skipping extended header in id3v2.4 Update RELEASE file for 0.7.5 lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN kgv1dec: Increase offsets array size so it is large enough. kgv1: use avctx->get/release_buffer(). kvmc: fix invalid reads nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). mjpegbdec: Fix overflow in SOS. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure (cherry picked from commit 9e5e2c2d) atrac3: Fix crash in tonal component decoding. ws_snd1: Fix wrong samples count and crash. ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce ) ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 h264: stricter reference limit enforcement. jvdec: unbreak video decoding xxan: don't read before start of buffer in av_memcpy_backptr(). dsicinvideo: validate buffer offset before copying pixels. huffyuv: add padding to classic (v1) huffman tables. ... Conflicts: Doxyfile RELEASE VERSION Merged-by:
-
Michael Niedermayer authored
* qatar/release/0.7: (84 commits) id3v2: fix skipping extended header in id3v2.4 Update RELEASE file for 0.7.5 lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN kgv1dec: Increase offsets array size so it is large enough. kgv1: use avctx->get/release_buffer(). kvmc: fix invalid reads nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). mjpegbdec: Fix overflow in SOS. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure (cherry picked from commit 9e5e2c2d) atrac3: Fix crash in tonal component decoding. ws_snd1: Fix wrong samples count and crash. ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce ) ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 h264: stricter reference limit enforcement. jvdec: unbreak video decoding xxan: don't read before start of buffer in av_memcpy_backptr(). dsicinvideo: validate buffer offset before copying pixels. huffyuv: add padding to classic (v1) huffman tables. ... Conflicts: RELEASE libavcodec/atrac3.c libavcodec/h264.c libavcodec/h264_parser.c libavcodec/kgv1dec.c libavcodec/shorten.c libavcodec/svq3.c libavcodec/ws-snd1.c libavcodec/xxan.c libswscale/utils.c Merged-by:
-
Reinhard Tartler authored
-
Anton Khirnov authored
In v2.4, the length includes the length field itself. (cherry picked from commit ddb44312 ) Signed-off-by:
Anton Khirnov <anton@khirnov.net>
-
Reinhard Tartler authored
-
Reinhard Tartler authored
While bogus, this change avoids the necessity to backport AVERROR_UNKNOWN, which is not entirely trivial. Signed-off-by:Reinhard Tartler <siretart@tauware.de>
-
Michael Niedermayer authored
Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit a02e8df9) (cherry picked from commit d5f2382d ) Signed-off-by:
-
Ronald S. Bultje authored
Also fixes crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 33cd32b3 ) Signed-off-by:
-
Gaurav Narula authored
Signed-off-by:
Janne Grunau <janne-libav@jannau.net> (cherry picked from commit ad3161ec ) Signed-off-by:
-
Diego Biurrun authored
This eliminates a warning about a set-but-unused variable. (cherry picked from commit 35fa0d47 ) Signed-off-by:
-
Alex Converse authored
Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit b57d2624 ) Signed-off-by:
-
Michael Niedermayer authored
Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by:
Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b ) Signed-off-by:
-
Justin Ruggles authored
shorten: check for realloc failure (cherry picked from commit 9e5e2c2d ) Signed-off-by:
-
Michael Niedermayer authored
Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by:
-
Justin Ruggles authored
ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce ) Signed-off-by:
-
Justin Ruggles authored
8-bit unsigned is the native sample format. (cherry picked from commit 2322ced8 ) Signed-off-by:
-
Kostya Shishkov authored
Signed-off-by:
-
Ronald S. Bultje authored
Progressive images can have only 16 references, error out if there are more, since the data is almost certainly corrupt, and the invalid value will lead to random crashes or invalid writes later on. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e0febda2 ) Signed-off-by:
-
Paul B Mahol authored
The safe bitstream reader broke it since the buffer size was specified in bytes instead of bits. Signed-off-by:
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit f1279e28 ) Signed-off-by:
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c95fefa0 ) Signed-off-by:
-
Ronald S. Bultje authored
We slightly overread the input buffer, so we require padding at the end of the buffer, as is documented in the get_bits API. Without padding, we'll read uninitialized data or beyond the end of the .rodata, which may crash. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 4ffe5e2a ) Signed-off-by:
-
Alex Converse authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit fd0be630 ) Signed-off-by:
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b4bccf3e ) Signed-off-by:
-
Ronald S. Bultje authored
This way, it protects against overreads for 4bpp/2bpp content also. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cc5dd632 ) Signed-off-by:
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a93b572a ) Signed-off-by:
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 11b940a1 ) Signed-off-by:
-
Alex Converse authored
Reference: VLC (cherry picked from commit b142496c ) Signed-off-by:
-
Alex Converse authored
(cherry picked from commit 0ad522af ) Signed-off-by:
-
Michael Niedermayer authored
Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Alex Converse authored
TIFF v6.0 (unimplemented) adds signed equivalents. (cherry picked from commit e32548d1 ) Signed-off-by:
-
