- 11 Mar, 2015 40 commits
-
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
fix out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cdf0877b ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Andreas Cadhalpun authored
So far it is only set in roq_encode_frame, but it is used in roq_encode_end to free the coded_frame. This currently segfaults if roq_encode_frame is not called between roq_encode_init and roq_encode_end. Signed-off-by:
Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cf82c426 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
This ensures that all current and future code-pathes get bpp checked Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d5e9fc78) Conflicts: libavcodec/tiff.c
-
Michael Niedermayer authored
Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash2.avi Found-by:
Thomas Lindroth <thomas.lindroth@gmail.com> Tested-by:
Thomas Lindroth <thomas.lindroth@gmail.com> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e3201c38) Conflicts: libavcodec/utils.c
-
Dyami Caliri authored
Several encoders were multiplying the buffer size by 8, in order to get a bit size. However, the buffer_size argument is for the byte size of the buffer. We had experienced crashes encoding prores (Anatoliy) at size 4096x4096. (cherry picked from commit 50833c9f) Conflicts: libavcodec/proresenc_kostya.c Conflicts: libavcodec/faxcompr.c libavcodec/s302menc.c Conflicts: libavcodec/adpcmenc.c Conflicts: libavcodec/adpcmenc.c libavcodec/proresenc.c
-
Andreas Cadhalpun authored
Averaging over 2 pixels doesn't work correctly for the last pixel, because the rest of the buffer is not initialized. Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 87513d65 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Based on patch by Francisco Blas Izquierdo Riera Commit message partly taken from carl fixes a compilation error in mlpdsp_init.c with -fstack-check and some gcc compilers (I reproduced the issue with gcc 4.7.3) by simplifying the code. See also https://bugs.gentoo.org/show_bug.cgi?id=471756 $ make libavcodec/x86/mlpdsp_init.o libavcodec/x86/mlpdsp_init.c: In function ‘mlp_filter_channel_x86’: libavcodec/x86/mlpdsp_init.c:142:5: error: can’t find a register in class ‘GENERAL_REGS’ while reloading ‘asm’ libavcodec/x86/mlpdsp_init.c:142:5: error: ‘asm’ operand has impossible constraints 4551 -> 4509 dezicycles Reviewed-by:
Ramiro Polla <ramiro.polla@gmail.com> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 03f39fbb ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cb086871 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 12987f89 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash.avi Found-by:
Thomas Lindroth <thomas.lindroth@gmail.com> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 08509c8f ) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 5553947db2af443778f781a107d9fe9ad6ec5d17) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array read Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 69aa7936 ) Conflicts: libavcodec/h264_ps.c Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes null pointer dereference Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f2579dbb ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array accesses Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fabbfaa0) Conflicts: libavcodec/mjpegdec.c
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 05e16195 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
wm4 authored
This could overflow and crash at least on 32 bit systems. Reviewed-by:
Reimar Döffinger <Reimar.Doeffinger@gmx.de> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b737a2c5) Conflicts: libavformat/mpc8.c (cherry picked from commit 49dd89f9 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
wm4 authored
This can lead to an endless loop by seeking back a few bytes after each attempted chunk read. Assuming negative sizes are always invalid, this is easy to fix. Other code in this demuxer treats negative sizes as invalid as well. Fixes ticket #4262. Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 56cc0242 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 465f3705) Conflicts: libavformat/smacker.c (cherry picked from commit ef368799)
-
Michael Niedermayer authored
Fixes Ticket777 Bug Found by: Diana Elena Muscalu Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c402c1c9 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4b15bba2) Conflicts: libavformat/utils.c (cherry picked from commit e651a2f8)
-
Michael Niedermayer authored
Fixes assertion failure Fixes Ticket4269 Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c4d85fc2 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array access Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3030fb7e) Conflicts: libavcodec/vmdvideo.c
-
Michael Niedermayer authored
Fixes out of array access Suggested-by:
Andrew Scherkus <scherkus@google.com> Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ed86dbd0 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes Ticket4151 Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 85245588 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 79ceaf82) Conflicts: libavcodec/pngdec.c
-
Michael Niedermayer authored
Fixes out of array access Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0eecf409 ) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 32d3acac727f3f4a6489ca129a5ea4ccdfcb34a5) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 8d8ac60d70aee50d44a3e1d7de276598de041640) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array read Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5dcb9903 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e70312df ) Conflicts: libavcodec/dxa.c Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array read Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c3d7f00e ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array access Fixes: asan_heap-oob_1685bf0_5_asan_heap-oob_1f35116_430_smc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c727401a ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dd3bfe3c ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
also change it to a loop Fixes out of array access Fixes: asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8f145786 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e8309029) Conflicts: libavcodec/pngdec.c
-
Michael Niedermayer authored
Fixes out of array accesses Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3e2b7450) Conflicts: libavcodec/pngdec.c
-
Michael Niedermayer authored
Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8b0e96e1 ) Conflicts: libavcodec/mmvideo.c Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Fixes out of array accesses Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 105654e3) Conflicts: libavcodec/utils.c
-
Michael Niedermayer authored
Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c378d6a ) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82) Conflicts: libavcodec/mjpegdec.c Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 06e7d584 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Reimar Döffinger authored
Signed-off-by:
Reimar Döffinger <Reimar.Doeffinger@gmx.de> (cherry picked from commit b7082d95 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list) Fixes: LMS-2014-06-16-4 Found-by:
"Don A. Bailey" <donb@securitymouse.com> See: ccda51b1 Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d6af26c5) Conflicts: libavutil/lzo.c (cherry picked from commit 7b5c7064 ) Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-