- 09 Jun, 2012 21 commits
-
-
Michael Niedermayer authored
Signed-off-by:Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
* release/0.8: Update for 0.8.12 mpc8: fix channel checks h263: disable loop filter with lowres wmv1: check that the input buffer is large enough yopdec: check frame oddness to be within supported limits yopdec: check that palette fits in the packet 8svx: fix crash binkaudio: check number of channels indeo5: check quant_mat truemotion1: Check index, fix out of array read iff: check if there is extradata ape: Fix null ptr dereference with files missing a seekatable. 4xm: fix division by zero caused by bps<8 jvdec: check videosize motionpixels: check extradata size iff_ilbm: fix null ptr deref yop: check for missing extradata xan: fix out of array read cdgraphics: Fix out of array write Conflicts: Doxyfile RELEASE VERSION Merged-by: -
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
fix heap array overflow Found-by:
Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by:
-
Michael Niedermayer authored
Fixes ticket1212 Found-by:
-
Michael Niedermayer authored
Fixes null ptr deref Fixes Ticket1367 Signed-off-by:
-
Michael Niedermayer authored
Fixes Ticket1365 Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by:
-
Michael Niedermayer authored
Fixes Ticket1377 Found-by:
-
Paul B Mahol authored
Fixes #1380. Signed-off-by:
Paul B Mahol <onemda@gmail.com> (cherry picked from commit 824a6975 ) Signed-off-by:
-
Michael Niedermayer authored
prevents out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Paul B Mahol authored
Fixes #1368. Signed-off-by:
-
Michael Niedermayer authored
Such files are currently not supported as the table is used at several points Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Fixes null ptr dereference fixes Ticket1364 Signed-off-by:
-
Michael Niedermayer authored
Fixes null ptr derefernce Fixes Ticket1363 Signed-off-by:
-
Michael Niedermayer authored
Fixes Ticket1362 Signed-off-by:
-
Michael Niedermayer authored
Fixes null ptr deref Fixes Ticket1361 Signed-off-by:
-
Michael Niedermayer authored
Fixes ticket1360 Signed-off-by:
-
Michael Niedermayer authored
Fixes Ticket1359 Found-by:
-
- 04 Jun, 2012 2 commits
-
-
Michael Niedermayer authored
* release/0.8: Update RELEASE file for 0.7.6 Update changelog for 0.7.6 release ea: check chunk_size for validity. png: check bit depth for PAL8/Y400A pixel formats. x86: fix build with gcc 4.7 qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. aacsbr: prevent out of bounds memcpy(). rtpdec_asf: Fix integer underflow that could allow remote code execution dpcm: ignore extra unpaired bytes in stereo streams. tqi: Pass errors from the MB decoder h264: Add check for invalid chroma_format_idc adpcm: ADPCM Electronic Arts has always two channels h263dec: Disallow width/height changing with frame threads. vqavideo: return error if image size is not a multiple of block size celp filters: Do not read earlier than the start of the 'out' vector. motionpixels: Clip YUV values after applying a gradient. h263: more strictly forbid frame size changes with frame-mt. h264: additional protection against unsupported size/bitdepth changes. Update for 0.8.11 Conflicts: Doxyfile RELEASE VERSION Merged-by: -
Michael Niedermayer authored
* qatar/release/0.7: Update RELEASE file for 0.7.6 Update changelog for 0.7.6 release ea: check chunk_size for validity. png: check bit depth for PAL8/Y400A pixel formats. x86: fix build with gcc 4.7 qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. aacsbr: prevent out of bounds memcpy(). rtpdec_asf: Fix integer underflow that could allow remote code execution dpcm: ignore extra unpaired bytes in stereo streams. tqi: Pass errors from the MB decoder h264: Add check for invalid chroma_format_idc adpcm: ADPCM Electronic Arts has always two channels h263dec: Disallow width/height changing with frame threads. vqavideo: return error if image size is not a multiple of block size celp filters: Do not read earlier than the start of the 'out' vector. motionpixels: Clip YUV values after applying a gradient. h263: more strictly forbid frame size changes with frame-mt. h264: additional protection against unsupported size/bitdepth changes. Conflicts: Changelog RELEASE libavcodec/aacsbr.c libavcodec/h264_ps.c libavcodec/pngdec.c libavformat/rtpdec_asf.c Merged-by:
-
- 03 Jun, 2012 4 commits
-
-
Reinhard Tartler authored
-
Reinhard Tartler authored
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 273e6af4 ) Signed-off-by:
Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6a86b705e1d4b72f0dddfbe23ad3eed9947001d5) Signed-off-by:
-
Ronald S. Bultje authored
Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d65 ) Signed-off-by:
-
- 02 Jun, 2012 2 commits
-
-
Mans Rullgard authored
The upcoming gcc 4.7 has more advanced constant propagation resulting some inline asm operands becoming constants and thus emitted as literals, sometimes in contexts where this results in invalid instructions. This patch changes the constraints of the relevant operands to "rm" thus forcing a valid type. While obviously suboptimal, this is what older gcc versions already did, and there is no change to the code generated with these. Signed-off-by:
Mans Rullgard <mans@mansr.com> (cherry picked from commit da4c7cce ) Signed-off-by:
Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
Ronald S. Bultje authored
Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by:
Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67 ) Signed-off-by:
-
- 29 May, 2012 1 commit
-
-
Alex Converse authored
Fixes: CVE-2011-3952 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Based on fix by Michael Niedermayer (cherry picked from commit 386741f8) (cherry picked from commit 416849f2 ) Signed-off-by:
-
- 28 May, 2012 3 commits
-
-
Alex Converse authored
Fixes Libav Bug 195. Fixes CVE-2012-0850 This doesn't make the code handle sample rate or upsample/downsample change properly but this is still a good sanity check. Based on change by Michael Niedermayer. Signed-off-by:
Alex Converse <alex.converse@gmail.com> (cherry picked from commit 17ce5291 ) Signed-off-by:
-
Michael Niedermayer authored
Fixes MSVR-11-0088 Fixes CVE-2011-4031 Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR) Signed-off-by:
Martin Storsjö <martin@martin.st> (cherry picked from commit 5ea091fb ) Signed-off-by:
-
Alex Converse authored
Fixes: CVE-2011-3951 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit ce7aee9b) (cherry picked from commit eaeaeb26 ) Conflicts: libavcodec/dpcm.c Signed-off-by:
-
- 23 May, 2012 3 commits
-
-
Michael Niedermayer authored
This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by:
-
Alexander Strange authored
Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by:
Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef40639 ) Fixes: CVE-2012-0851 Signed-off-by:
-
Janne Grunau authored
Fixes half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Adresses CVE-2012-0852 (cherry picked from commit bb5b3940 ) Conflicts: libavcodec/adpcm.c Signed-off-by:
-
- 22 May, 2012 1 commit
-
-
Michael Niedermayer authored
Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
- 06 May, 2012 3 commits
-
-
Mans Rullgard authored
The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by:
-
Alex Converse authored
CC: libav-stable@libav.org (cherry picked from commit 37ddd383 ) Signed-off-by:
-
Alex Converse authored
Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848f ) Signed-off-by:
-
