Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-04Changelog: updaten2.8.9Michael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-04avcodec/flacdec: Fix undefined shift in decode_subframe()Michael Niedermayer
Fixes undefined behavior Fixes: 639961-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f5630af51f24d79053b6bef5b8b3ba93d637306) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-04avcodec/get_bits: Fix get_sbits_long(0)Michael Niedermayer
Fixes undefined behavior Fixes: 640889-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c72fa432349881d5a445cd110abf698cc94d490d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-03avformat/ffmdec: Check media type for chunksMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e706e2e775730db5dfa9103628cd70704dd13cef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-03avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()Michael Niedermayer
Fixes undefined behavior Fixes: 640912-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-03avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_cMichael Niedermayer
Fixes: left shift of negative value Fixes: 668346-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-03avformat/oggparsespeex: Check frames_per_packet and packet_sizeMichael Niedermayer
The speex specification does not seem to restrict these values, thus the limits where choosen so as to avoid multiplicative overflow Fixes undefined behavior Fixes: 635422.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-03avformat/utils: Check start/end before computing duration in ↵Michael Niedermayer
update_stream_timings() Fixes undefined behavior Fixes: 637428.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 90da187f1d334422477886a19eca3c1da29c59a7) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-02Changelog: UpdateMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-02avcodec/flac_parser: Update nb_headers_bufferedMichael Niedermayer
Fixes infinite loop Fixes: fuzz.flac Found-by: Frank Liberato <liberato@google.com> Reviewed-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2475858889cde6221677473b663df6f985add33d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-02avformat/idroqdec: Check chunk_size for being too largeMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 744a0b5206634e5de04d5c31f08cc3640faf800d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-27Update ChangelogAndreas Cadhalpun
2016-11-27filmstripdec: correctly check image dimensionsAndreas Cadhalpun
This prevents a division by zero in read_packet. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 25012c56448a48487cdc9699465e640871dbcd60) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27mss2: only use error correction for matching block countsAndreas Cadhalpun
This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2 with coded_width/coded_height larger than width/height. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 2566ad98b01538ea589e5ee07b69fc566aadc348) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27softfloat: decrease MIN_EXP to cover full float rangeAndreas Cadhalpun
floats are not necessarily normalized, so a normalized softfloat needs MIN_EXP lowered by 23 to cover that range. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 2d6f46d801bab990b7e742b8a8e5c5b0cb70a80e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27libopusdec: default to stereo for invalid number of channelsAndreas Cadhalpun
This fixes an out-of-bounds read if avc->channels is 0. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 8c8f543b81aa2b50bb6a6cfd370a0061281492a3) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27sbgdec: prevent NULL pointer accessAndreas Cadhalpun
Reviewed-by: Josh de Kock <josh@itanimul.li> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit dbefbb61b785cd77810c032f5cdb499d2a92df07) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27smacker: limit recursion depth of smacker_decode_bigtreeAndreas Cadhalpun
This fixes segmentation faults due to stack-overflow caused by too deep recursion. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 946ecd19ea752399bccc751c9339ff74b815587e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27mxfdec: fix NULL pointer dereference in mxf_read_packet_oldAndreas Cadhalpun
Metadata streams have priv_data set to NULL. Reviewed-by: Josh de Kock <josh@itanimul.li> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit fdb8c455b637f86e2e85503b7e090fa448164398) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27libschroedingerdec: fix leaking of framewithptsAndreas Cadhalpun
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 3c0328d58d98664b05efdd377d3fe66a569d385e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27libschroedingerdec: don't produce empty framesAndreas Cadhalpun
They are not valid and can cause problems/crashes for API users. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit a86ebbf7f641bc797002ddea7fb517759722cd1b) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27softfloat: handle -INT_MAX correctlyAndreas Cadhalpun
This is similar to commit 9ac61e73d0843ec4b83f4e3d47eded73234e406e. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 0edd569466eb45b134690b9f4efbb57eda86f58d) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27pnmdec: make sure v is capped by maxvalAndreas Cadhalpun
Otherwise put_bits can be called with a value that doesn't fit in the sample_len, causing an assertion failure. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit cdb5479c9ddc886f0b8661db585405ebab343e80) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27smvjpegdec: make sure cur_frame is not negativeAndreas Cadhalpun
This fixes a heap-buffer-overflow detected by AddressSanitizer. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 360bc0d90aa66cf21e9f488e77d21db18e01ec9c) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27icodec: correctly check avio_read return valueAndreas Cadhalpun
It can read less than the requested amount, in which case buf contains uninitialized data, causing problems like segmentation faults later on. Also make sure that image->size is positive, so that it can't match a negative error code. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 89eb398c7fc4cb9a15e55bdf2ab6435b5332e377) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27icodec: fix leaking pkt on errorAndreas Cadhalpun
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 467eece1bea5c8325c6974190ba61f1bba88a3f3) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27dvbsubdec: fix division by zero in compute_default_clutAndreas Cadhalpun
This problem was introduced in commit 4b90dcb8493552c17a811c8b1e6538dae4061f9d. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit c82b8ef0e4f226423ddd644bfe37e6a15d070924) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27proresdec_lgpl: explicitly check coff[3] against slice_data_sizeAndreas Cadhalpun
The implicit checks via v_data_size and a_data_size don't work in the case '(hdr_size > 7) && !ctx->alpha_info'. This fixes segmentation faults due to invalid reads. This problem was introduced in commit 547c2f002a87f4412a83c23b0d60364be5e7ce58. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 1e33035ee7a8d9fb7a4b8b6cc54842e72b36ed70) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27escape124: reject codebook size 0Andreas Cadhalpun
It causes a cb_depth of 32, leading to assertion failures in get_bits. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 226d35c84591f1901c2a13819031549909faa1f5) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27mpegts: prevent division by zeroAndreas Cadhalpun
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 1bbb18fe82fc77a10d45fa53bd2738d2c54de6c6) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_headerAndreas Cadhalpun
The code assumes that s->streams[0] is valid. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit ff100c9dd97d2f1f456ff38b192edf84f9744738) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27mpegaudio_parser: don't return AVERROR_PATCHWELCOMEAndreas Cadhalpun
The API does not allow returning AVERROR codes. It triggers an assert in av_parser_parse2. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 5249706e9d2ec5ed1b07d8ffdbb8fb9104261f6d) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27mxfdec: fix NULL pointer dereferenceAndreas Cadhalpun
Metadata streams have priv_data set to NULL. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 0efb6106118c17308b3fdc3190f5e5bf84b01d5c) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27diracdec: check return code of get_buffer_with_edgeAndreas Cadhalpun
If it fails, buffers aren't allocated, causing NULL pointer dereferencing. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit db79dedb1ae5dd38432eee3f09155e26f3f2d95a) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27ppc: pixblockdsp: do unaligned block accesses correctly againAndreas Cadhalpun
This was broken by the following Libav commit: 4c387c7 ppc: dsputil: do unaligned block accesses correctly The following tests fail due to this: fate-checkasm fate-vsynth1-dnxhd-2k-hr-hq fate-vsynth1-dnxhd-edge1-hr fate-vsynth1-dnxhd-edge2-hr fate-vsynth1-dnxhd-edge3-hr fate-vsynth1-dnxhd-hr-sq-mov fate-vsynth1-dnxhd-hr-hq-mov fate-vsynth2-dnxhd-2k-hr-hq fate-vsynth2-dnxhd-edge1-hr fate-vsynth2-dnxhd-edge2-hr fate-vsynth2-dnxhd-edge3-hr fate-vsynth2-dnxhd-hr-sq-mov fate-vsynth2-dnxhd-hr-hq-mov fate-vsynth3-dnxhd-2k-hr-hq fate-vsynth3-dnxhd-edge1-hr fate-vsynth3-dnxhd-edge2-hr fate-vsynth3-dnxhd-edge3-hr fate-vsynth3-dnxhd-hr-sq-mov fate-vsynth3-dnxhd-hr-hq-mov Fixes trac ticket #5508. Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 3932ccc472ad4f4d370dcfc1c2f574b0f3acb88c) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27mpeg12dec: unref discarded picture from extradataAndreas Cadhalpun
Otherwise another frame gets referenced into picture, triggering an assert (from commit 13aae8) in av_frame_ref. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit a92f8edf0c51781e152651cce2e753ad6e359eb2) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27cavsdec: unref frame before referencing againAndreas Cadhalpun
This fixes asserts (from commit 13aae8) in av_frame_ref and av_frame_move_ref. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 1966ea012fd72abc8003e95dc3c8ad9e9f197913) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-27avformat: prevent triggering request_probe assert in ff_read_packetAndreas Cadhalpun
If probe_codec is called with pkt == NULL, it sets probe_packets to 0 and request_probe to -1. However, request_probe can change when calling s->iformat->read_packet and thus a probe_packets value of 0 doesn't guarantee a request_probe value of -1. In that case calling probe_codec again is necessary to prevent triggering the assert. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit a5b4476a602f31e451b11ca0c18bc92be130a50e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-26Update for 2.8.9Michael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avformat/mpeg: Adjust vid probe threshold to correct mis-detectionMichael Niedermayer
Fixes: _ij.mp3 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e5049a2303ae7fe74216a83206239e4de42c965) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/rv40: Test remaining space in loop of get_dimension()Michael Niedermayer
Fixes infinite loop Fixes: 178/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_RV40_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1546d487cf12da37d90a080813f8d57ac33036bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/ituh263dec: Avoid spending a long time in slice syncMichael Niedermayer
Fixes: 177/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_FLV1_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2baf36caed98cfdc7f6a2086fbf26f1a172f16cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/movtextdec: Add error message for tsmb_size checkMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0eb319800567b79ca6b4cf0d90904318641b9e50) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/movtextdec: Fix tsmb_size check==0 checkMichael Niedermayer
Fixes: 173/fuzz-3-ffmpeg_SUBTITLE_AV_CODEC_ID_MOV_TEXT_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a609905723c01e356d35146425c3d45c090aae7b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/movtextdec: Fix potential integer overflowMichael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ea27157682200e5f78cadcabdb009eccd9dd9b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/sunrast: Fix input buffer pointer checkMichael Niedermayer
Fixes: out of array read Fixes: poc.dat Found-by: Bingchang, Liu @VARAS of IIE Tested-by: bc L <l.bing.chang.bc@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 37138338ff602803d174b13fecd363a083bc2f9a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/tscc: Check side data size before useMichael Niedermayer
Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 979bca513424879ed0c653cb1b55fc4156a89576) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/rawdec: Check side data size before useMichael Niedermayer
Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f0bc0215a0f7099a2bcba5dced2e045e70fee61) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/msvideo1: Check side data size before useMichael Niedermayer
Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 161ccdaa06d1d109e8f77d2535bda11ce02720f5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-26avcodec/qpeg: Check side data size before useMichael Niedermayer
Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 16793504dfba44e738655807db3274301b9bc690) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 14:55:57 +0300