Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-07-31MAINTAINERS: Remove myself as leaderrelease/0.5Michael Niedermayer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit f2c58931e629343f7d68258cc2b2d62c5f501ba5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2014-11-28update for 0.5.15n0.5.15Michael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28huffyuvdec: check width more completely, avoid out of array accessesMichael Niedermayer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6abb9a901fca27da14d4fffbb01948288b5da3ba) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/pngdec: Check IHDR/IDAT orderMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 79ceaf827be0b070675d4cd0a55c3386542defd8) Conflicts: libavcodec/pngdec.c
2014-11-28avcodec/dxa: check dimensionsMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e70312dfc22c4e54d5716f28f28db8f99c74cc90) Conflicts: libavcodec/dxa.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avformat/mpegts: Check desc_len / get8() return codeMichael Niedermayer
Fixes out of array read Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/smc: fix off by 1 errorMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_1685bf0_5_asan_heap-oob_1f35116_430_smc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c727401aa9d62335e89d118a5b4e202edf39d905) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/qpeg: fix off by 1 error in MV bounds checkMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dd3bfe3cc1ca26d0fff3a3baf61a40207032143f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/gifdec: factorize interleave end handling outMichael Niedermayer
also change it to a loop Fixes out of array access Fixes: asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8f1457864be8fb9653643519dea1c6492f1dde57) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocksMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e) Conflicts: libavcodec/mmvideo.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/mjpegdec: check bits per pixel for changes similar to dimensionsMichael Niedermayer
Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c378d6a6df8243f06c87962b873bd563e58cd39) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82) Conflicts: libavcodec/mjpegdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/jpeglsdec: Check run value more completely in ls_decode_line()Michael Niedermayer
previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 06e7d58410a17dc72c30ee7f3145fcacc425f4f2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-07-20Update for 0.5.14n0.5.14Michael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-23avutil/lzo: Fix integer overflowMichael Niedermayer
Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list) Fixes: LMS-2014-06-16-4 Found-by: "Don A. Bailey" <donb@securitymouse.com> See: ccda51b14c0fcae2fad73a24872dce75a7964996 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d6af26c55c1ea30f85a7d9edbc373f53be1743ee) Conflicts: libavutil/lzo.c (cherry picked from commit 7b5c706494a775b2b0d0e0a38448610802eef8f4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-06-23lzo: fix overflow checking in copy_backptr()Xi Wang
The check `src > dst' in the form `&c->out[-back] > c->out' invokes pointer overflow, which is undefined behavior in C. Remove the check. Also replace `&c->out[-back] < c->out_start' with a safe form `c->out - c->out_start < back' to avoid overflow. CC: libav-stable@libav.org Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit ca6c3f2c53be70aa3c38e8f1292809db89ea1ba6) Conflicts: libavutil/lzo.c (cherry picked from commit ff712a262d317f5bd6fc9552cd837508e584a565) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-03-13matroska: Fix use after freeDale Curtis
Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit ae3d41636942cbc0236bad21ad06c65f4eb0f096) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-01-21avcodec/vmnc: Check that rectangles are within the pictureMichael Niedermayer
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Conflicts: libavcodec/vmnc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-10-31avcodec/jpeglsdec: check err value for ls_get_code_runterm()Michael Niedermayer
Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-27avcodec/parser: reset indexes on realloc failureMichael Niedermayer
Fixes Ticket2982 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-25update for 0.5.13n0.5.13Michael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-09avcodec/ffv1enc: update buffer check for 16bpsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f) Conflicts: libavcodec/ffv1enc.c (cherry picked from commit c900c6e5c26cd86cf34f9c8d4347cedbd01f3935)
2013-08-31avcodec/dsputil: fix signedness in sizeof() comparissionsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 454a11a1c9c686c78aa97954306fb63453299760) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-29matroska_read_seek: Fix used streams for subtitle index compensationMichael Niedermayer
Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4758e32a6c48044f77102a49110c79b4f338f648) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-22avcodec/rpza: Perform pointer advance and checks before using the pointersMichael Niedermayer
Fixes out of array accesses Fixes Ticket2850 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34) Conflicts: libavcodec/rpza.c (cherry picked from commit edba432b8b01d68c22e70a508f47553359f59fb5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-18Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: Bump version number for the 0.5.11 release update year to 2013 Conflicts: VERSION Merge is for metadata only, issues have been fixed in previous commits already Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-05-09Bump version number for the 0.5.11 releaseReinhard Tartler
2013-02-28Update for 0.5.12n0.5.12Michael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-28avcodec_align_dimensions2: Ensure cinepak has large enough buffers.Michael Niedermayer
This is partly redundant with the following patches, but its safer Found-by: u-bo1b@0w.se Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f5c00b347dc76285c639d9878a014c40395c5228) Conflicts: libavcodec/utils.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2b6f3be08250683407c7a9846d7133b116661eae) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-28wma: check byte_offset_bitsMichael Niedermayer
Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 984add64a41c3296a8a82051cc90bff2eb449609) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-28vqavideo: fix return typeMichael Niedermayer
Fixes Ticket2281 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1fd86f9a2136165205b0370d5a6e916499f1da7f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17update year to 2013Reinhard Tartler
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-17update for 0.5.11n0.5.11Michael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17vqavideo: check chunk sizes before reading chunksMichael Niedermayer
Fixes out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ab6c9332bfa1e20127a16392a0b85a4aa4840889) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17roqvideodec: check dimensions validityMichael Niedermayer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3ae610451170cd5a28b33950006ff0bd23036845) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17qdm2: check array index before use, fix out of array accessesMichael Niedermayer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: Release notes and changelog for 0.5.10 Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-16Release notes and changelog for 0.5.10Reinhard Tartler
2013-02-13Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: mpeg12: do not decode extradata more than once. Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-12mpeg12: do not decode extradata more than once.Anton Khirnov
Fixes CVE-2012-2803. (cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2) (cherry picked from commit 301761792a693a1f3303a2af34a0fb066a03c10c) Conflicts: libavcodec/mpeg12.c
2013-02-11Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: (21 commits) vp6: properly fail on unsupported feature vp56: release frames on error shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure h264: check context state before decoding slice data partitions oggdec: check memory allocation Fix uninitialized reads on malformed ogg files. lavf: avoid integer overflow in ff_compute_frame_duration() yuv4mpeg: reject unsupported codecs tiffenc: Check av_malloc() results. mpegaudiodec: fix short_start calculation h264: avoid stuck buffer pointer in decode_nal_units yuv4mpeg: return proper error codes. avidec: return 0, not packet size from read_packet(). cavsdec: check for changing w/h. avidec: use actually read size instead of requested size bytestream: add a new set of bytestream functions with overread checking avsdec: Set dimensions instead of relying on the demuxer. lavfi: avfilter_merge_formats: handle case where inputs are same bmpdec: only initialize palette for pal8. ... Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-10vp6: properly fail on unsupported featureLuca Barbato
Interlacing is not supported at all and mismanaged down the normal codepaths causing possible buffer management issues. Fixes: CVE-2012-2783 (cherry picked from commit be75fed9755c1285ba084574aff2d7ee0f81110d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4ede95e69cf964cd46b1e9fcd48da80d8d92c433) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10vp56: release frames on errorLuca Barbato
Fixes CVE-2012-2783 CC: libav-stable@libav.org (cherry picked from commit f33b5ba63eee96c9d1c7f0e568169cb0c3694238) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 7fd7950174f9f2935fbf5bf1435fd0dc37be5c61) Conflicts: libavcodec/vp56.c
2013-02-10shorten: Use separate pointers for the allocated memory for decoded samples.Michael Niedermayer
Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10shorten: check for realloc failureJustin Ruggles
(cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Conflicts: libavcodec/shorten.c
2013-02-10h264: check context state before decoding slice data partitionsJanne Grunau
Fixes mov_h264_aac__Demo_FlagOfOurFathers.mov.SIGSEGV.4e9.656. Found-by: Mateusz "j00ru" Jurczyk CC: libav-stable@libav.org (cherry-picked from commit c1fcf563b13051f280db169ba41c6a1b21b25e08) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10oggdec: check memory allocationLuca Barbato
(cherry picked from commit ba064ebe48376e199f353ef0b335ed8a39c638c5) Conflicts: libavformat/oggdec.c
2013-02-10Fix uninitialized reads on malformed ogg files.Dale Curtis
The ogg decoder wasn't padding the input buffer with the appropriate FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in various pieces of parsing code when they thought they had more data than they actually did. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit ef0d779706c77ca9007527bd8d41e9400682f4e4) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10lavf: avoid integer overflow in ff_compute_frame_duration()Janne Grunau
Scaling the denominator instead of the numerator if it is too large loses precision. Fixes an assert caused by a negative frame duration in the fuzzed sample nasa-8s2.ts_s202310. CC: libav-stable@libav.org (cherry picked from commit 7709ce029a7bc101b9ac1ceee607cda10dcb89dc) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10yuv4mpeg: reject unsupported codecsLuca Barbato
The muxer already rejects unsupported pixel formats, reject also unsupported codecs to prevent dangerous misuses. (cherry picked from commit 424b1e764263b1493de4c34365ef367ddae856db) Conflicts: libavformat/yuv4mpeg.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10tiffenc: Check av_malloc() results.Alex Converse
(cherry picked from commit b92dfb56d4582633571db18c3d904f8602eaa2a6) Conflicts: libavcodec/tiffenc.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 04:53:46 +0300