Age | Commit message (Collapse) | Author |
|
* release/0.8:
Changelog, delete, its too inaccurate, git log is better.
pngenc: Fix incorrect mask used for interlaced mode.
dsp: fix diff_bytes_mmx() with small width
Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent.
Update changelog for 0.7.5 release
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Fixes Ticket1109
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 15db6a959057b92245a384909ec7d413d5c16461)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Fixes Ticket1068
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
|
Fixes an AAC decoding issue with the sample from ticket #213 on machines
with SSE but without SSE2.
Based on 89411a by Reimar.
(cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928)
|
|
Fixes an AAC decoding issue with the sample from ticket #213 on machines
with SSE but without SSE2.
Based on 89411a by Reimar.
(cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928)
|
|
* release/0.8: (182 commits)
id3v2: fix skipping extended header in id3v2.4
Update RELEASE file for 0.7.5
lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN
kgv1dec: Increase offsets array size so it is large enough.
kgv1: use avctx->get/release_buffer().
kvmc: fix invalid reads
nsvdec: Propagate error values instead of returning 0 in nsv_read_header().
mjpegbdec: Fix overflow in SOS.
shorten: Use separate pointers for the allocated memory for decoded samples.
shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c)
atrac3: Fix crash in tonal component decoding.
ws_snd1: Fix wrong samples count and crash.
ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4)
ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16.
dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2
h264: stricter reference limit enforcement.
jvdec: unbreak video decoding
xxan: don't read before start of buffer in av_memcpy_backptr().
dsicinvideo: validate buffer offset before copying pixels.
huffyuv: add padding to classic (v1) huffman tables.
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
* qatar/release/0.7: (84 commits)
id3v2: fix skipping extended header in id3v2.4
Update RELEASE file for 0.7.5
lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN
kgv1dec: Increase offsets array size so it is large enough.
kgv1: use avctx->get/release_buffer().
kvmc: fix invalid reads
nsvdec: Propagate error values instead of returning 0 in nsv_read_header().
mjpegbdec: Fix overflow in SOS.
shorten: Use separate pointers for the allocated memory for decoded samples.
shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c)
atrac3: Fix crash in tonal component decoding.
ws_snd1: Fix wrong samples count and crash.
ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4)
ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16.
dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2
h264: stricter reference limit enforcement.
jvdec: unbreak video decoding
xxan: don't read before start of buffer in av_memcpy_backptr().
dsicinvideo: validate buffer offset before copying pixels.
huffyuv: add padding to classic (v1) huffman tables.
...
Conflicts:
RELEASE
libavcodec/atrac3.c
libavcodec/h264.c
libavcodec/h264_parser.c
libavcodec/kgv1dec.c
libavcodec/shorten.c
libavcodec/svq3.c
libavcodec/ws-snd1.c
libavcodec/xxan.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
|
While bogus, this change avoids the necessity to backport
AVERROR_UNKNOWN, which is not entirely trivial.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Fixes CVE-2011-3945
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6)
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit a02e8df973f5478ec82f4c507f5b5b191a5ecb6b)
(cherry picked from commit d5f2382d0389ed47a566ea536887af908bf9b14f)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Also fixes crashes on corrupt bitstreams.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 33cd32b389864f2437c94e6fd7dc109ff5f0ed06)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit e537dc230b2e123be8aebdaeee5a7d7787328b0b)
Conflicts:
libavcodec/kgv1dec.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit ad3161ec1d70291efcf40121d703ef73c0b08e5b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Based in part by a fix from Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2011-3947
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 083a8a00373b12dc06b8ae4c49eec61fb5e55f4b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Fixes invalid free() if any of the buffers are not allocated due to either
not decoding a header or an error prior to allocating all buffers.
Fixes CVE-2012-0858
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 6fc3287b9ccece290c5881b92948772bbf72e68c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Add a check to avoid writing past the end of the channel_unit.components[]
array.
Bug Found by: cosminamironesei
Fixes CVE-2012-0853
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit f43b6e2b1ed47a1254a5d44c700a7fad5e9784be)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9fb7a5af97d8c084c3af2566070d09eae0ab49fc)
Addresses CVE-2012-0848
Reviewed-by: Justin Ruggles <justin.ruggles@gmail.com>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 697a45d861b7cd6a96718383a44f41348487f844)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
8-bit unsigned is the native sample format.
(cherry picked from commit 2322ced8da990835717a176b8d2c32961cfecd3e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Progressive images can have only 16 references, error out if there are
more, since the data is almost certainly corrupt, and the invalid value
will lead to random crashes or invalid writes later on.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e0febda22d0e0fab094a9c886b0e0f0f662df1ef)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
The safe bitstream reader broke it since the buffer size was specified
in bytes instead of bits.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
CC: libav-stable@libav.org
(cherry picked from commit a1c036e961a32f7208e7315dabfa0ee99d779edb)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f1279e286b00e99f343adb51e251f036a3df6f32)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c95fefa0420be9cc0f09a95041acf11114aaacd0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
We slightly overread the input buffer, so we require
padding at the end of the buffer, as is documented in the
get_bits API. Without padding, we'll read uninitialized
data or beyond the end of the .rodata, which may crash.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 4ffe5e2aa5241f8da9afd2c8fbc854dcc916c5f9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd0be63049ed46660993d0550a4f0847a0b942ea)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b4bccf3e4e58f6fe58043791ca09db01a4343fac)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
This way, it protects against overreads for 4bpp/2bpp content also.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cc5dd632cecc5114717d0b90f8c2be162b1c6ee8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 11b940a1a8e7e5d5b212935a3ce78aeda577f5f2)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Fixes CVE-2011-3937
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba)
Conflicts:
libavcodec/h263dec.c
Signed-off-by: Alex Converse <alex.converse@gmail.com>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
TIFF v6.0 (unimplemented) adds signed equivalents.
(cherry picked from commit e32548d1331ce05a054f1028fcdda8823a4f215a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 9e1db721c4329f4ac166a0bcc002c8d75f831aba)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 034b03e7a0e8e4f8f66c82b736f2c0aa7c063ec0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit c9dbac36ad4bac07f6c1d06d465e361ab55bcb95)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
from commit b0c4f04338234ee011d7b704621347ef232294fe)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8a9faf33f2b4f40afbc3393b2be49867cea0c92d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit d1604b3de96575195b219028e2c4f08b2259aa7d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
We need to set ms_stereo in encode_init() in order to avoid incorrectly
encoding the first frame as non-m/s while flagging it as m/s. Fixes an
uncomfortable pop in the left channel at the start of playback.
CC:libav-stable@libav.org
(cherry picked from commit 51ddf35c9017018e58c15275ff5b129647a0c94d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
ff_wma_init() allows up to 50kHz, but this generates an exponent band
size table that requires 65 bands. The code assumes 25 bands in many
places, and using sample rates higher than 48kHz will lead to buffer
overwrites.
CC:libav-stable@libav.org
(cherry picked from commit 1ec075cfecac01f9a289965db06f76365b0b1737)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
This is near the theoretical limit for wma frame size and is the most that
our decoder can handle. Allowing higher bit rates will just end up padding
each frame with empty bytes.
Fixes invalid writes for avconv when using very high bit rates.
CC:libav-stable@libav.org
(cherry picked from commit c2b8dea1828f35c808adcf12615893d5c740bc0a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
The maximum theoretical frame size is around 17000 bytes. Although in
practice it will generally be much smaller, we require a larger buffer
just to be safe.
CC: libav-stable@libav.org
(cherry picked from commit dfc4fdedf8cfc56a505579b1f2c1c5efbce4b97e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 48f1e5212c90b511c90fa0449655abb06a9edda2)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
buffer size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2f6528537fdd88820f3a4683d5e595d7b3a62689)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bd17a40a7e0eba21b5d27c67aff795e2910766e4)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 63c9de6469005974288f4e4d89fc79a590e38c06)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 07a180972fb369bb59bf6d4f8edb4598c51e80d2)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 78e9852a2e3b198ecd69ffa0deab3fa22a8e5378)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e54ae60e46f737b8e9a96548971091f7ab6b8f7c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Prevents crashes when playing corrupt vp5/6 streams.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8bc396fc0e8769a056375c1c211f389ce0e3ecc5)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
(cherry picked from commit 24947d4988012f1f0fd467c83418615adc11c3e8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|
|
Because in contrast to the decoder, the parser does not setup low_delay.
The code in parse_nal_units would always end up setting has_b_frames
to "1", except when stream is explicitly marked as low delay.
Since the parser itself would create 'extradata', simply reopening
the parser would cause this.
This happens for instance in estimate_timings_from_pts(), which causes the
parser to be reopened on the same stream.
This fixes Libav #22 and FFmpeg (trac) #360
CC: libav-stable@libav.org
Based on a patch by Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(commit 31ac0ac29b6bba744493f7d1040757a3f51b9ad7)
Comments and description adapted by Reinhard Tartler.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 790a367d9ecd04360f78616765ee723f3fe65645)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
|