Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavcodec
AgeCommit message (Collapse)Author
2014-11-28huffyuvdec: check width more completely, avoid out of array accessesMichael Niedermayer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6abb9a901fca27da14d4fffbb01948288b5da3ba) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/pngdec: Check IHDR/IDAT orderMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 79ceaf827be0b070675d4cd0a55c3386542defd8) Conflicts: libavcodec/pngdec.c
2014-11-28avcodec/dxa: check dimensionsMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e70312dfc22c4e54d5716f28f28db8f99c74cc90) Conflicts: libavcodec/dxa.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/smc: fix off by 1 errorMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_1685bf0_5_asan_heap-oob_1f35116_430_smc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit c727401aa9d62335e89d118a5b4e202edf39d905) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/qpeg: fix off by 1 error in MV bounds checkMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit dd3bfe3cc1ca26d0fff3a3baf61a40207032143f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/gifdec: factorize interleave end handling outMichael Niedermayer
also change it to a loop Fixes out of array access Fixes: asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8f1457864be8fb9653643519dea1c6492f1dde57) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocksMichael Niedermayer
Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e) Conflicts: libavcodec/mmvideo.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/mjpegdec: check bits per pixel for changes similar to dimensionsMichael Niedermayer
Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c378d6a6df8243f06c87962b873bd563e58cd39) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82) Conflicts: libavcodec/mjpegdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-11-28avcodec/jpeglsdec: Check run value more completely in ls_decode_line()Michael Niedermayer
previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 06e7d58410a17dc72c30ee7f3145fcacc425f4f2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-01-21avcodec/vmnc: Check that rectangles are within the pictureMichael Niedermayer
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ba02602aa7fc7d38db582e75b8b093fb3c1608d) Conflicts: libavcodec/vmnc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 7c17207ab9acfaa934e8feb8fba90765c9d0b989) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-10-31avcodec/jpeglsdec: check err value for ls_get_code_runterm()Michael Niedermayer
Fixes infinite loop Fixes Ticket3086 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-27avcodec/parser: reset indexes on realloc failureMichael Niedermayer
Fixes Ticket2982 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-09avcodec/ffv1enc: update buffer check for 16bpsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f) Conflicts: libavcodec/ffv1enc.c (cherry picked from commit c900c6e5c26cd86cf34f9c8d4347cedbd01f3935)
2013-08-31avcodec/dsputil: fix signedness in sizeof() comparissionsMichael Niedermayer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 454a11a1c9c686c78aa97954306fb63453299760) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-08-22avcodec/rpza: Perform pointer advance and checks before using the pointersMichael Niedermayer
Fixes out of array accesses Fixes Ticket2850 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34) Conflicts: libavcodec/rpza.c (cherry picked from commit edba432b8b01d68c22e70a508f47553359f59fb5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-28avcodec_align_dimensions2: Ensure cinepak has large enough buffers.Michael Niedermayer
This is partly redundant with the following patches, but its safer Found-by: u-bo1b@0w.se Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f5c00b347dc76285c639d9878a014c40395c5228) Conflicts: libavcodec/utils.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2b6f3be08250683407c7a9846d7133b116661eae) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-28wma: check byte_offset_bitsMichael Niedermayer
Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 984add64a41c3296a8a82051cc90bff2eb449609) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-28vqavideo: fix return typeMichael Niedermayer
Fixes Ticket2281 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1fd86f9a2136165205b0370d5a6e916499f1da7f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17vqavideo: check chunk sizes before reading chunksMichael Niedermayer
Fixes out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ab6c9332bfa1e20127a16392a0b85a4aa4840889) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17roqvideodec: check dimensions validityMichael Niedermayer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3ae610451170cd5a28b33950006ff0bd23036845) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-17qdm2: check array index before use, fix out of array accessesMichael Niedermayer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-13Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: mpeg12: do not decode extradata more than once. Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-12mpeg12: do not decode extradata more than once.Anton Khirnov
Fixes CVE-2012-2803. (cherry picked from commit 582368626188c070d4300913c6da5efa4c24cfb2) (cherry picked from commit 301761792a693a1f3303a2af34a0fb066a03c10c) Conflicts: libavcodec/mpeg12.c
2013-02-11Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: (21 commits) vp6: properly fail on unsupported feature vp56: release frames on error shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure h264: check context state before decoding slice data partitions oggdec: check memory allocation Fix uninitialized reads on malformed ogg files. lavf: avoid integer overflow in ff_compute_frame_duration() yuv4mpeg: reject unsupported codecs tiffenc: Check av_malloc() results. mpegaudiodec: fix short_start calculation h264: avoid stuck buffer pointer in decode_nal_units yuv4mpeg: return proper error codes. avidec: return 0, not packet size from read_packet(). cavsdec: check for changing w/h. avidec: use actually read size instead of requested size bytestream: add a new set of bytestream functions with overread checking avsdec: Set dimensions instead of relying on the demuxer. lavfi: avfilter_merge_formats: handle case where inputs are same bmpdec: only initialize palette for pal8. ... Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-10vp6: properly fail on unsupported featureLuca Barbato
Interlacing is not supported at all and mismanaged down the normal codepaths causing possible buffer management issues. Fixes: CVE-2012-2783 (cherry picked from commit be75fed9755c1285ba084574aff2d7ee0f81110d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4ede95e69cf964cd46b1e9fcd48da80d8d92c433) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10vp56: release frames on errorLuca Barbato
Fixes CVE-2012-2783 CC: libav-stable@libav.org (cherry picked from commit f33b5ba63eee96c9d1c7f0e568169cb0c3694238) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 7fd7950174f9f2935fbf5bf1435fd0dc37be5c61) Conflicts: libavcodec/vp56.c
2013-02-10shorten: Use separate pointers for the allocated memory for decoded samples.Michael Niedermayer
Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10shorten: check for realloc failureJustin Ruggles
(cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Conflicts: libavcodec/shorten.c
2013-02-10h264: check context state before decoding slice data partitionsJanne Grunau
Fixes mov_h264_aac__Demo_FlagOfOurFathers.mov.SIGSEGV.4e9.656. Found-by: Mateusz "j00ru" Jurczyk CC: libav-stable@libav.org (cherry-picked from commit c1fcf563b13051f280db169ba41c6a1b21b25e08) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10tiffenc: Check av_malloc() results.Alex Converse
(cherry picked from commit b92dfb56d4582633571db18c3d904f8602eaa2a6) Conflicts: libavcodec/tiffenc.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10mpegaudiodec: fix short_start calculationLuca Barbato
The value should be always 3, as it follows from the specification. Fix a stack buffer overflow in exponents_from_scale_factors as reported by asan. Thanks to Dale Curtis for the sample vector. (cherry picked from commit 97cfa55eea39cef30abe14682c56c1e4e7f6f10d) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10h264: avoid stuck buffer pointer in decode_nal_unitsJindřich Makovička
When decode_nal_units() previously encountered a NAL_END_SEQUENCE, and there are some junk bytes left in the input buffer, but no start codes, buf_index gets stuck 3 bytes before the end of the buffer. This can trigger an infinite loop in the caller code, eg. in try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes, with 3 bytes of the input packet still available. With this change, the remaining bytes are skipped so the whole packet gets consumed. CC:libav-stable@libav.org Signed-off-by: Jindřich Makovička <makovick@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 1a8c6917f68f7378465e18f7615762bfd22704c2) Conflicts: libavcodec/h264.c
2013-02-10cavsdec: check for changing w/h.Michael Niedermayer
Our decoder does not support changing w/h. Fixes CVE-2012-2777 and CVE-2012-2784. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit c20a69630619d14ae92c5541d52c579d7c8f3e94) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10bytestream: add a new set of bytestream functions with overread checkingAneesh Dogra
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
2013-02-10avsdec: Set dimensions instead of relying on the demuxer.Michael Niedermayer
The decode function assumes that the video will have those dimensions. Fixes CVE-2012-2801 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 85f477935cd6b34e6ec2716b20e15ce748277a89) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2013-02-10bmpdec: only initialize palette for pal8.Anton Khirnov
Gray8 is not considered to be paletted, so this would cause an invalid write. Fixes bug 367. CC: libav-stable@libav.org (cherry picked from commit 8b78c2969a5b7dca939d93bf525aa2bcd737b5d9) Signed-off-by: Anton Khirnov <anton@khirnov.net>
2013-01-29huffyuvdec: Skip len==0 casesMichael Niedermayer
Fixes vlc decoding for hypothetical files that would contain such cases. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0dfc01c2bbf4b71bb56201bc4a393321e15d1b31) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 9bc70fe1ae50fd2faa0b9429d47cfbda01a92ebc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-01-29huffyuvdec: Check init_vlc() return codes.Michael Niedermayer
Prevents out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f67a0d115254461649470452058fa3c28c0df294) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc) Conflicts: libavcodec/huffyuv.c (cherry picked from commit 277def59fce10d91e3113e5c0f63e22bc4abfa88) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-10-16Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: lavfi: avfilter_merge_formats: handle case where inputs are same mpegvideo: Don't use ff_mspel_motion() for vc1 imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt nuv: check RTjpeg header for validity vc1dec: add flush function for WMV9 and VC-1 decoders Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-10-06mpegvideo: Don't use ff_mspel_motion() for vc1Michael Niedermayer
Using ff_mspel_motion assumes that s (a MpegEncContext poiinter) really is a Wmv2Context. This fixes crashes in error resilience on vc1/wmv3 videos. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 18f2d5cb9c48d06895960f37467576725c9dc2d1) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit da0c457663479bc1828918e1bb3e4a5e4de0d557) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 899d95efe12f1e250b361837c1c8c06df9ac9b86) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit c82ae85a8a78a98f7c7fea68d24a4ac0ca74d01f) Conflicts: libavcodec/mpegvideo_common.h Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-10-06imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmtJanne Grunau
CC: libav-stable@libav.org (cherry picked from commit 39bb27bf79bc4c2d8beaed637a14176264cb1916) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 7a7229b52d1900279041991fadbd29b27e8dfe95) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 8812b5f164109553f009ce385e17a1af16b6ea53) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit fd7426ed898533bed98e6b472ff5f5c8e47f2eb5) Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-10-06nuv: check RTjpeg header for validityJanne Grunau
CC: libav-stable@libav.org (cherry picked from commit 859a579e9bbf47fae2e09494c43bcf813dcb2fad) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 6704522ca9dd32c858ee474492be568c386910f9) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit f31170d4e7f9671e019315391160d454b18d7296) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 459feb7cce03af7154c098171fc9d36fc9d472f6) Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-10-06vc1dec: add flush function for WMV9 and VC-1 decodersKostya Shishkov
CC: libav-stable@libav.org (cherry picked from commit 4dc8c8386eef942dba35c4f2fb3210e22b511a5b) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 02b72394627933dc8ce26445231a69f00dba491b) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 0173a7966b331105158a88f96b9afcc431d2fef8) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit aa4121276777b20eaaa83bf9bd544b00748c865c) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net>
2012-06-09wmv1: check that the input buffer is large enoughMichael Niedermayer
Fixes null ptr deref Fixes Ticket1367 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f23a2418fb0ccc56fdae4dbf83a5994cc917c475) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-06-09truemotion1: Check index, fix out of array readMichael Niedermayer
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fd4c1c0b70b5a06dd572d7e27799a2f4c3d9b984) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-06-04Merge remote-tracking branch 'qatar/release/0.5' into release/0.5Michael Niedermayer
* qatar/release/0.5: Bump version number for 0.5.9 release. png: check bit depth for PAL8/Y400A pixel formats. tqi: Pass errors from the MB decoder eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c ea: check chunk_size for validity. vfwcap: Include windows.h before vfw.h since the latter requires defines from the former. Patch by kemuri <kemuri9 at gmail dot com> mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one mingw32: properly check if vfw capture is supported by the system headers Replace every usage of -lvfw32 with what is particularly necessary for that case: Avisynth -> -lavifil32 VFW Cap -> -lavicap32 Patch by kemuri <kemuri9 at gmail dot com> configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code. qdm2: clip array indices returned by qdm2_get_vlc(). kmvc: Check palsize. adpcm: ADPCM Electronic Arts has always two channels h264: Add check for invalid chroma_format_idc dpcm: ignore extra unpaired bytes in stereo streams. Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-06-03png: check bit depth for PAL8/Y400A pixel formats.Reinhard Tartler
Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b8d6ba9d50e80fdce2ed74cdaffd4960df8a21c5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 33f93005f1a86c108302b4c5978aa1a3d8e092cc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4c8c2660bd9252775c9a1dc2e2f36cb34718595a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/pngdec.c
2012-06-03tqi: Pass errors from the MB decoderMichael Niedermayer
This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5872580e65aab026b77754eb184f97ba7cc6ea35) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2f2fd8c6d1c51a6b817e6c0bc4eff308b8f9cd18) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c3edce42704142f4c66954e9f24d7fbf0e5ae423) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-06-03eatqi: move "block" variable into context to ensure sufficient alignment forReimar Döffinger
idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c Originally committed as revision 18927 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit 1eda87ce6366189eebf9956f826dfd92d9e64d9c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
2012-06-03qdm2: clip array indices returned by qdm2_get_vlc().Ronald S. Bultje
Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 02:08:32 +0300