| 4169912 | Michael Niedermayer | 09 April 2012, 16:49:50 UTC | Update for 0.8.11 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 April 2012, 16:50:08 UTC |
| 3b18d82 | Michael Niedermayer | 09 April 2012, 15:53:17 UTC | Changelog, delete, its too inaccurate, git log is better. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 April 2012, 15:53:17 UTC |
| c9d12a4 | Michael Niedermayer | 20 March 2012, 19:39:32 UTC | pngenc: Fix incorrect mask used for interlaced mode. Fixes Ticket1109 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 15db6a959057b92245a384909ec7d413d5c16461) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 April 2012, 13:39:02 UTC |
| 7ca2ed7 | Michael Niedermayer | 17 March 2012, 19:45:45 UTC | dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 April 2012, 13:37:55 UTC |
| 4f85e7b | Michael Niedermayer | 08 April 2012, 19:08:39 UTC | Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update changelog for 0.7.5 release Merged-by: Michael Niedermayer <michaelni@gmx.at> | 08 April 2012, 19:08:46 UTC |
| 10848d0 | ami_stuff | 22 March 2012, 18:28:52 UTC | Replace SSE2 instruction in scalarproduct_float_sse() by SSE equivalent. Fixes an AAC decoding issue with the sample from ticket #213 on machines with SSE but without SSE2. Based on 89411a by Reimar. (cherry picked from commit f6b78638086beae9bcab672d4c9de1790be5a928) | 04 April 2012, 07:14:46 UTC |
| b6cc1c7 | Michael Niedermayer | 01 April 2012, 23:25:31 UTC | Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: (84 commits) id3v2: fix skipping extended header in id3v2.4 Update RELEASE file for 0.7.5 lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN kgv1dec: Increase offsets array size so it is large enough. kgv1: use avctx->get/release_buffer(). kvmc: fix invalid reads nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). mjpegbdec: Fix overflow in SOS. shorten: Use separate pointers for the allocated memory for decoded samples. shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) atrac3: Fix crash in tonal component decoding. ws_snd1: Fix wrong samples count and crash. ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4) ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 h264: stricter reference limit enforcement. jvdec: unbreak video decoding xxan: don't read before start of buffer in av_memcpy_backptr(). dsicinvideo: validate buffer offset before copying pixels. huffyuv: add padding to classic (v1) huffman tables. ... Conflicts: RELEASE libavcodec/atrac3.c libavcodec/h264.c libavcodec/h264_parser.c libavcodec/kgv1dec.c libavcodec/shorten.c libavcodec/svq3.c libavcodec/ws-snd1.c libavcodec/xxan.c libswscale/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at> | 01 April 2012, 23:25:31 UTC |
| 8086863 | Reinhard Tartler | 01 April 2012, 17:45:27 UTC | Update changelog for 0.7.5 release | 01 April 2012, 20:47:53 UTC |
| bc5d86d | Anton Khirnov | 31 March 2012, 05:52:42 UTC | id3v2: fix skipping extended header in id3v2.4 In v2.4, the length includes the length field itself. (cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 01 April 2012, 17:20:50 UTC |
| 1687c55 | Reinhard Tartler | 01 April 2012, 17:08:06 UTC | Update RELEASE file for 0.7.5 | 01 April 2012, 17:08:06 UTC |
| fd53da2 | Reinhard Tartler | 18 March 2012, 18:08:15 UTC | lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN While bogus, this change avoids the necessity to backport AVERROR_UNKNOWN, which is not entirely trivial. Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:30 UTC |
| a0b6593 | Michael Niedermayer | 25 January 2012, 22:23:35 UTC | kgv1dec: Increase offsets array size so it is large enough. Fixes CVE-2011-3945 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit a02e8df973f5478ec82f4c507f5b5b191a5ecb6b) (cherry picked from commit d5f2382d0389ed47a566ea536887af908bf9b14f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| cb8a17d | Ronald S. Bultje | 29 December 2011, 17:07:32 UTC | kgv1: use avctx->get/release_buffer(). Also fixes crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 33cd32b389864f2437c94e6fd7dc109ff5f0ed06) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit e537dc230b2e123be8aebdaeee5a7d7787328b0b) Conflicts: libavcodec/kgv1dec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 24eabc5 | Gaurav Narula | 12 December 2011, 14:54:54 UTC | kvmc: fix invalid reads Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit ad3161ec1d70291efcf40121d703ef73c0b08e5b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 6fe5038 | Diego Biurrun | 23 June 2011, 11:27:21 UTC | nsvdec: Propagate error values instead of returning 0 in nsv_read_header(). This eliminates a warning about a set-but-unused variable. (cherry picked from commit 35fa0d47585cef28cd8191dccf0607d90c7667a6) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 6ae95a0 | Alex Converse | 25 January 2012, 21:39:24 UTC | mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 083a8a00373b12dc06b8ae4c49eec61fb5e55f4b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 96ed18c | Michael Niedermayer | 25 December 2011, 11:28:50 UTC | shorten: Use separate pointers for the allocated memory for decoded samples. Fixes invalid free() if any of the buffers are not allocated due to either not decoding a header or an error prior to allocating all buffers. Fixes CVE-2012-0858 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 6fc3287b9ccece290c5881b92948772bbf72e68c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| a207a2f | Justin Ruggles | 15 September 2011, 22:08:52 UTC | shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| f728ad2 | Michael Niedermayer | 17 December 2011, 02:18:58 UTC | atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f43b6e2b1ed47a1254a5d44c700a7fad5e9784be) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| e676bbb | Michael Niedermayer | 24 December 2011, 23:10:27 UTC | ws_snd1: Fix wrong samples count and crash. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9fb7a5af97d8c084c3af2566070d09eae0ab49fc) Addresses CVE-2012-0848 Reviewed-by: Justin Ruggles <justin.ruggles@gmail.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 697a45d861b7cd6a96718383a44f41348487f844) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 847c7cd | Justin Ruggles | 12 September 2011, 13:41:06 UTC | ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 137007b | Justin Ruggles | 12 September 2011, 12:55:43 UTC | ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16. 8-bit unsigned is the native sample format. (cherry picked from commit 2322ced8da990835717a176b8d2c32961cfecd3e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 90db3c4 | Kostya Shishkov | 07 March 2012, 19:07:17 UTC | dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2 Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 8b819fd | Ronald S. Bultje | 13 March 2012, 23:26:44 UTC | h264: stricter reference limit enforcement. Progressive images can have only 16 references, error out if there are more, since the data is almost certainly corrupt, and the invalid value will lead to random crashes or invalid writes later on. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e0febda22d0e0fab094a9c886b0e0f0f662df1ef) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 81c5b4d | Paul B Mahol | 14 March 2012, 03:02:02 UTC | jvdec: unbreak video decoding The safe bitstream reader broke it since the buffer size was specified in bytes instead of bits. Signed-off-by: Janne Grunau <janne-libav@jannau.net> CC: libav-stable@libav.org (cherry picked from commit a1c036e961a32f7208e7315dabfa0ee99d779edb) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 5ae49dd | Ronald S. Bultje | 09 March 2012, 00:32:46 UTC | xxan: don't read before start of buffer in av_memcpy_backptr(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit f1279e286b00e99f343adb51e251f036a3df6f32) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 3113613 | Ronald S. Bultje | 11 March 2012, 14:28:54 UTC | dsicinvideo: validate buffer offset before copying pixels. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c95fefa0420be9cc0f09a95041acf11114aaacd0) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 99536be | Ronald S. Bultje | 08 March 2012, 00:29:23 UTC | huffyuv: add padding to classic (v1) huffman tables. We slightly overread the input buffer, so we require padding at the end of the buffer, as is documented in the get_bits API. Without padding, we'll read uninitialized data or beyond the end of the .rodata, which may crash. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 4ffe5e2aa5241f8da9afd2c8fbc854dcc916c5f9) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| bbe316d | Alex Converse | 07 March 2012, 01:00:29 UTC | tiffdec: Prevent illegal memory access caused by recycled pointers. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit fd0be63049ed46660993d0550a4f0847a0b942ea) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| b4a223f | Ronald S. Bultje | 07 March 2012, 22:18:14 UTC | wma: fix off-by-one in array bounds check. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b4bccf3e4e58f6fe58043791ca09db01a4343fac) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| 4924520 | Ronald S. Bultje | 07 March 2012, 00:08:10 UTC | raw: move buffer size check up. This way, it protects against overreads for 4bpp/2bpp content also. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cc5dd632cecc5114717d0b90f8c2be162b1c6ee8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:29 UTC |
| f2e412d | Ronald S. Bultje | 07 March 2012, 01:24:20 UTC | smacker: error out if palette copy-with-offset overruns palette size. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a93b572ae4f517ce0c35cf085167c318e9215908) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 6dfe865 | Ronald S. Bultje | 06 March 2012, 01:03:32 UTC | svq3: protect against negative quantizers. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 11b940a1a8e7e5d5b212935a3ce78aeda577f5f2) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 853ce33 | Alex Converse | 21 February 2012, 23:37:35 UTC | mov: Add more HDV and XDCAM FourCCs. Reference: VLC (cherry picked from commit b142496c5630b9bc88fb9eaccae7f6bd62fb23e7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 5015ada | Alex Converse | 21 February 2012, 22:08:02 UTC | mov: Add support for MPEG2 HDV 720p24 (hdv4) (cherry picked from commit 0ad522afb3a3b3d22402ecb82dd4609f7655031b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 4be6358 | Michael Niedermayer | 17 February 2012, 21:35:10 UTC | h263dec: Disallow width/height changing with frame threads. Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba) Conflicts: libavcodec/h263dec.c Signed-off-by: Alex Converse <alex.converse@gmail.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| a642953 | Alex Converse | 23 February 2012, 18:22:51 UTC | tiff: Make the TIFF_LONG and TIFF_SHORT types unsigned. TIFF v6.0 (unimplemented) adds signed equivalents. (cherry picked from commit e32548d1331ce05a054f1028fcdda8823a4f215a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| f5ce67d | Alex Converse | 10 February 2012, 04:21:47 UTC | svq3: Prevent illegal reads while parsing extradata. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 9e1db721c4329f4ac166a0bcc002c8d75f831aba) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| b0888b8 | Alex Converse | 10 February 2012, 01:11:55 UTC | dv: Fix small overread in audio frequency table. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 0ab3687924457cb4fd81897bd39ab3cc5b699588) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 2c199cb | Mans Rullgard | 31 January 2012, 18:20:33 UTC | ac3: Do not read past the end of ff_ac3_band_start_tab. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 034b03e7a0e8e4f8f66c82b736f2c0aa7c063ec0) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 00fa6ff | Alex Converse | 26 January 2012, 23:08:26 UTC | dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. Found with asan. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 44e182d | Michael Niedermayer | 24 January 2012, 16:51:40 UTC | dv: Fix null pointer dereference due to ach=0 dv: Fix null pointer dereference due to ach=0 Fixes part2 of CVE-2011-3929 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| bb737d3 | Michael Niedermayer | 24 January 2012, 16:48:23 UTC | dv: check stype dv: check stype Fixes part1 of CVE-2011-3929 Possibly fixes part of CVE-2011-3936 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 0100c4b | Alex Converse | 27 January 2012, 01:23:09 UTC | nsvdec: Propagate errors Related to CVE-2011-3940. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5) Conflicts: libavformat/nsvdec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| be524c1 | Alex Converse | 27 January 2012, 01:21:46 UTC | nsvdec: Be more careful with av_malloc(). Check results for av_malloc() and fix an overflow in one call. Related to CVE-2011-3940. Based in part on work from Michael Niedermayer. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 65beb8c | Michael Niedermayer | 24 January 2012, 21:20:26 UTC | nsvdec: Fix use of uninitialized streams. Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write) Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b) Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit 6a89b41d9780325ba6d89a37f2aeb925aa68e6a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| f375e19 | Fabian Greffrath | 05 March 2012, 15:06:01 UTC | Fix format string vulnerability detected by -Wformat-security. Signed-off-by: Diego Biurrun <diego@biurrun.de> (cherry picked from commit c9dbac36ad4bac07f6c1d06d465e361ab55bcb95) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 54e9472 | Ronald S. Bultje | 26 February 2012, 16:57:14 UTC | h264: fix mmxext chroma deblock to use correct TC values. (cherry picked from commit b0c4f04338234ee011d7b704621347ef232294fe) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| e3e0596 | Ronald S. Bultje | 29 February 2012, 21:55:09 UTC | cscd: use negative error values to indicate decode_init() failures. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8a9faf33f2b4f40afbc3393b2be49867cea0c92d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| bd37b95 | Ronald S. Bultje | 29 February 2012, 02:48:27 UTC | h264: prevent overreads in intra PCM decoding. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d1604b3de96575195b219028e2c4f08b2259aa7d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 58133bb | Justin Ruggles | 02 March 2012, 22:11:25 UTC | wmaenc: fix m/s stereo encoding for the first frame We need to set ms_stereo in encode_init() in order to avoid incorrectly encoding the first frame as non-m/s while flagging it as m/s. Fixes an uncomfortable pop in the left channel at the start of playback. CC:libav-stable@libav.org (cherry picked from commit 51ddf35c9017018e58c15275ff5b129647a0c94d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 43e3e77 | Justin Ruggles | 02 March 2012, 21:27:57 UTC | wmaenc: limit allowed sample rate to 48kHz ff_wma_init() allows up to 50kHz, but this generates an exponent band size table that requires 65 bands. The code assumes 25 bands in many places, and using sample rates higher than 48kHz will lead to buffer overwrites. CC:libav-stable@libav.org (cherry picked from commit 1ec075cfecac01f9a289965db06f76365b0b1737) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:28 UTC |
| 74bd46e | Justin Ruggles | 02 March 2012, 21:10:00 UTC | wmaenc: limit block_align to MAX_CODED_SUPERFRAME_SIZE This is near the theoretical limit for wma frame size and is the most that our decoder can handle. Allowing higher bit rates will just end up padding each frame with empty bytes. Fixes invalid writes for avconv when using very high bit rates. CC:libav-stable@libav.org (cherry picked from commit c2b8dea1828f35c808adcf12615893d5c740bc0a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| c932844 | Justin Ruggles | 02 March 2012, 21:33:33 UTC | wmaenc: require a large enough output buffer to prevent overwrites The maximum theoretical frame size is around 17000 bytes. Although in practice it will generally be much smaller, we require a larger buffer just to be safe. CC: libav-stable@libav.org (cherry picked from commit dfc4fdedf8cfc56a505579b1f2c1c5efbce4b97e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 433aaeb | Ronald S. Bultje | 02 March 2012, 01:01:22 UTC | matroska: check buffer size for RM-style byte reordering. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 9c239f6026a170866a4a0c96908980ac2cfaa8b3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 88b4701 | Alex Converse | 27 January 2012, 22:24:07 UTC | wmadec: Verify bitstream size makes sense before calling init_get_bits. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 48f1e5212c90b511c90fa0449655abb06a9edda2) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| b56b7b9 | Alex Converse | 01 March 2012, 22:07:22 UTC | rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 2f6528537fdd88820f3a4683d5e595d7b3a62689) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| bd0d32d | Ronald S. Bultje | 01 March 2012, 01:50:28 UTC | lcl: return negative error codes on decode_init() errors. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bd17a40a7e0eba21b5d27c67aff795e2910766e4) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| d680295 | Ronald S. Bultje | 01 March 2012, 17:41:22 UTC | huffyuv: do not abort on unknown pix_fmt; instead, return an error. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 63c9de6469005974288f4e4d89fc79a590e38c06) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| ced190c | Ronald S. Bultje | 29 February 2012, 03:00:48 UTC | vmnc: return error on decode_init() failure. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 07a180972fb369bb59bf6d4f8edb4598c51e80d2) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| e15d137 | Ronald S. Bultje | 29 February 2012, 01:04:33 UTC | rpza: error out on buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 78e9852a2e3b198ecd69ffa0deab3fa22a8e5378) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 87a1169 | Ronald S. Bultje | 29 February 2012, 03:00:39 UTC | qtrle: return error on decode_init() failure. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e54ae60e46f737b8e9a96548971091f7ab6b8f7c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 4f64456 | Ronald S. Bultje | 29 February 2012, 02:21:31 UTC | swscale: fix another integer overflow. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 791de61bbb0d2bceb1037597b310e2a4a94494fd) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| f28ec73 | Ronald S. Bultje | 23 February 2012, 19:19:33 UTC | vp56: error out on invalid stream dimensions. Prevents crashes when playing corrupt vp5/6 streams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 8bc396fc0e8769a056375c1c211f389ce0e3ecc5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| a2d5e74 | Ronald S. Bultje | 29 February 2012, 00:13:46 UTC | asf: don't seek back on EOF. Seeking back on EOF will reset the EOF flag, causing us to re-enter the loop to find the next marker in the ASF file, thus potentially causing an infinite loop. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bb6d5411e1e1a8e0608b1af1c4addee654dcbac5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 18caebc | Ronald S. Bultje | 17 February 2012, 20:21:22 UTC | asf: error out on ridiculously large minpktsize values. They cause various issues further down in demuxing. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 6e57a02b9f639af53acfa9fc742c1341400818f8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 117b8b0 | Ronald S. Bultje | 11 January 2012, 01:01:26 UTC | vorbis: fix overflows in floor1[] vector and inverse db table index. (cherry picked from commit 24947d4988012f1f0fd467c83418615adc11c3e8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| a02da9c | Reinhard Tartler | 26 February 2012, 09:50:45 UTC | Fix parser not to clobber has_b_frames when extradata is set. Because in contrast to the decoder, the parser does not setup low_delay. The code in parse_nal_units would always end up setting has_b_frames to "1", except when stream is explicitly marked as low delay. Since the parser itself would create 'extradata', simply reopening the parser would cause this. This happens for instance in estimate_timings_from_pts(), which causes the parser to be reopened on the same stream. This fixes Libav #22 and FFmpeg (trac) #360 CC: libav-stable@libav.org Based on a patch by Reimar Döffinger <Reimar.Doeffinger@gmx.de> (commit 31ac0ac29b6bba744493f7d1040757a3f51b9ad7) Comments and description adapted by Reinhard Tartler. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 790a367d9ecd04360f78616765ee723f3fe65645) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 811989e | Ronald S. Bultje | 22 February 2012, 19:33:24 UTC | rm: prevent infinite loops for index parsing. Specifically, prevent jumping back in the file for the next index, since this can lead to infinite loops where we jump between indexes referring to each other, and don't read indexes that don't fit in the file. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit aac07a7a4c2c7a4a29cf6dbc88c1b9fdd191b99d) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 678737c | Ronald S. Bultje | 24 February 2012, 22:11:04 UTC | fraps: release reference buffer on pix_fmt change. Prevents crash when trying to copy from a non-existing plane in e.g. a RGB32 reference image to a YUV420P target image Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 830f70442a87a31f7c75565e9380e3caf8333b8a) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 25784c0 | Ronald S. Bultje | 25 February 2012, 00:27:53 UTC | kgv1: release reference picture on size change. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 6c4c27adb61b2881a94ce5c7d97ee1c8adadb5fe) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| d10c22d | Ronald S. Bultje | 24 February 2012, 00:09:36 UTC | lcl: error out if uncompressed input buffer is smaller than framesize. This prevents crashes when trying to read beyond the end of the buffer while decoding frame data. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit be129271eac04f91393bf42a490ec631e1a9abea) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| b1d9a80 | Alex Converse | 23 February 2012, 18:47:50 UTC | tiff: Prevent overreads in the type_sizes array. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 447363870f2f91e125e07ac2d0820359a5d86b06) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| cd6c5e1 | Ronald S. Bultje | 23 February 2012, 19:53:27 UTC | swf: check return values for av_get/new_packet(). Prevents crashers when using the packet if allocation failed. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 31632e73f47d25e2077fce729571259ee6354854) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:27 UTC |
| 18b2f23 | Ronald S. Bultje | 22 February 2012, 20:19:52 UTC | truemotion2: error out if the huffman tree has no nodes. This prevents crashers and errors further down when reading nodes in the empty tree. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 2b83e8b7005d531bc78b0fd4f699e9faa54ce9bb) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 3314992 | Ronald S. Bultje | 18 February 2012, 00:27:36 UTC | mjpegb: don't return 0 at the end of frame decoding. Return 0 indicates "please return the same data again", i.e. it causes an infinite loop. Instead, return that we consumed the buffer if we finished decoding succesfully, or return an error if an error occurred. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 74699ac8c8b562e9f8d26e21482b89585365774a) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 9a33121 | Ronald S. Bultje | 17 February 2012, 20:21:18 UTC | asf: prevent packet_size_left from going negative if hdrlen > pktlen. This prevents failed assertions further down in the packet processing where we require non-negative values for packet_size_left. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 41afac7f7a67c634c86b1d17fc930e9183d4aaa0) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 2380a3d | Ronald S. Bultje | 17 February 2012, 23:00:47 UTC | huffyuv: error out on bit overrun. On EOF, get_bits() will continuously return 0, causing an infinite loop. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 84c202cc37024bd78261e4222e46631ea73c48dd) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 4509129 | Ronald S. Bultje | 17 February 2012, 20:28:26 UTC | als: prevent infinite loop in zero_remaining(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit af468015d972c0dec5c8c37b2685ffa5cbe4ae87) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| d031302 | Ronald S. Bultje | 17 February 2012, 20:10:33 UTC | cook: prevent div-by-zero if channels is zero. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 941fc1ea1ed7f7d99a8b9e2607b41f2f2820394a) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 0fe5321 | Ronald S. Bultje | 23 February 2012, 00:48:38 UTC | swscale: take first/lastline over/underflows into account for MMX. Fixes crashes for extremely large resizes (several 100-fold). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 1d8c4af396b6ed84c84b5ebf0bf1163c4a7a3017) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| b2b2dc6 | Ronald S. Bultje | 23 February 2012, 00:46:31 UTC | swscale: fix overflows in filterPos[] calculation for large sizes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 19a65b5be47944c607a9e979edb098924d95f2e4) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| ce99c1b | Ronald S. Bultje | 11 February 2012, 16:42:28 UTC | swscale: enforce a minimum filtersize. At very small dimensions, this calculation could lead to zero-sized filters, which leads to uninitialized output, zero-sized allocations, loop overflows in SIMD that uses do{..}while(i++<filtersize); instead of for(i=0;i<filtersize;i++){..} and several other similar failures. Therefore, require a minimum filtersize of 1. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit dae2ce361a2b5fd9be1d43e5e8c00bdbc5f03e3d) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| fd3af29 | Alex Converse | 26 January 2012, 00:12:42 UTC | smacker: Sanity check huffman tables found in the headers. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 9adf25c1cf78dbf1d71bf386c49dc74cb8a60df0) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 6c12293 | Ronald S. Bultje | 25 February 2012, 00:12:18 UTC | matroska: don't overwrite string values until read/alloc was succesful. This prevents certain tags with a default value assigned to them (as per the EBML syntax elements) from ever being assigned a NULL value. Other parts of the code rely on these being non-NULL (i.e. they don't check for NULL before e.g. using the string in strcmp() or similar), and thus in effect this prevents crashes when reading of such specific tags fails, either because of low memory or because of targeted file corruption. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit cd40c31ee9ad2cca6f3635950b002fd46be07e98) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| dd7b323 | Alex Converse | 25 January 2012, 22:34:21 UTC | matroskadec: Pad AAC extradata. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2ee8c17793201ce969afd1f433ba1580c143cd2) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| bf9f26c | Alex Converse | 22 February 2012, 19:05:42 UTC | aac: fix infinite loop on end-of-frame with sequence of 1-bits. Based-on-work-by: Ronald S. Bultje <rsbultje@gmail.com> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 1cd9a6154bc1ac1193c703cea980ed21c3e53792) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 0fbde74 | Alex Converse | 25 January 2012, 02:43:43 UTC | wma: Clip WMA1 and WMA2 frame length to 11 bits. The MDCT buffers in the decoder are only sized for up to 11 bits. The reverse engineered documentation for WMA1/2 headers say that that for all samplerates above 32kHz 11 bits are used. 12 and 13 bit support were added for WMAPro. I was unable to make any Microsoft tools generate a test file at a samplerate above 48kHz. Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d78bb1a4b2a3a415b68e4e6dd448779eccec64e3) Signed-off-by: Anton Khirnov <anton@khirnov.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| ec961c8 | Ronald S. Bultje | 15 February 2012, 17:52:11 UTC | flac: fix infinite loops on all-zero input or end-of-stream. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 52e4018be47697a60f4f18f83551766df31f5adf) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| 3b5e149 | Ronald S. Bultje | 14 February 2012, 19:50:57 UTC | golomb: avoid infinite loop on all-zero input (or end of buffer). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit c6643fddba73560f26f90d327c84d8832222a720) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| ccd528c | Alex Converse | 25 January 2012, 23:27:11 UTC | qdm2: Check data block size for bytes to bits overflow. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit dac56d9ce01eb9963f28f26b97a81db5cbd46c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 01 April 2012, 16:33:26 UTC |
| ceeaf42 | Martin Storsjö | 02 November 2011, 15:54:00 UTC | avcodec: Remove a misplaced and useless attribute_deprecated If attribute_deprecated is used in an enum declaration, it should follow the 'enum' keyword, otherwise it's ignored silently. This is the only case of attribute_deprecated for enum declarations currently. Currently, this attribute_deprecated doesn't have any effect. If moved to the right place, it emits a warning every single time avcodec.h is included, like this: avcodec.h:2827: warning: ‘AVLPCType’ is deprecated (declared at avcodec.h:543) There is already a working attribute_deprecated for the corresponding field in AVCodecContext, so therefore this one shouldn't be needed. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 1b6da627d49e98fe7661c9aa9ec4e16ab04dfda4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 26 March 2012, 07:41:15 UTC |
| c321f2a | Martin Storsjö | 02 November 2011, 15:54:00 UTC | avcodec: Remove a misplaced and useless attribute_deprecated If attribute_deprecated is used in an enum declaration, it should follow the 'enum' keyword, otherwise it's ignored silently. This is the only case of attribute_deprecated for enum declarations currently. Currently, this attribute_deprecated doesn't have any effect. If moved to the right place, it emits a warning every single time avcodec.h is included, like this: avcodec.h:2827: warning: ‘AVLPCType’ is deprecated (declared at avcodec.h:543) There is already a working attribute_deprecated for the corresponding field in AVCodecContext, so therefore this one shouldn't be needed. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 1b6da627d49e98fe7661c9aa9ec4e16ab04dfda4) Signed-off-by: Martin Storsjö <martin@martin.st> | 23 March 2012, 09:59:07 UTC |
| a3d331f | Michael Niedermayer | 19 March 2012, 04:14:44 UTC | Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: (96 commits) intfloat_readwrite: fix signed addition overflows smacker: validate channels and sample format. smacker: check buffer size before reading output size smacker: validate number of channels sipr: fix get_bits(0) calls motion_est: make MotionExtContext.map_generation unsigned 4xm: prevent NULL dereference with invalid huffman table 4xmdemux: prevent use of uninitialized memory 4xm: clear FF_INPUT_BUFFER_PADDING_SIZE bytes in temporary buffers ptx: check for out of bound reads tiffdec: fix out of bound reads/writes eacmv: check for out of bound reads eacmv: fix potential pointer arithmetic overflows adpcm: fix out of bound reads due to integer overflow anm: prevent infinite loop avsdemux: check for out of bound writes avs: check for out of bound reads avsdemux: check for corrupted data mxfdec: Fix some buffer overreads caused by the misuse of AVPacket related functions. vaapi: Fix VC-1 decoding (reconstruct bitstream TTFRM correctly). ... Conflicts: libavcodec/adpcm.c libavcodec/bink.c libavcodec/h264.c libavcodec/h264.h libavcodec/h264_cabac.c libavcodec/h264_cavlc.c libavcodec/motion_est_template.c libavcodec/mpegvideo.c libavcodec/nellymoserdec.c libavcodec/ptx.c libavcodec/svq3.c libavcodec/vaapi_vc1.c libavcodec/xan.c libavfilter/vf_scale.c libavformat/4xm.c libavformat/flvdec.c libavformat/mpeg.c tests/ref/fate/motionpixels Merged-by: Michael Niedermayer <michaelni@gmx.at> | 19 March 2012, 04:14:44 UTC |
| 73ad066 | Mans Rullgard | 08 October 2011, 01:16:29 UTC | intfloat_readwrite: fix signed addition overflows These additions might overflow the signed range for large input values. Converting to unsigned before the addition rather than after avoids such undefined behaviour. The result under normal two's complement wraparound remains unchanged. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 88d1e2b2b0a129365a62efd666db0394e8ffbe08) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 18 March 2012, 16:50:48 UTC |
| 1cc0b08 | Justin Ruggles | 21 September 2011, 15:49:33 UTC | smacker: validate channels and sample format. (cherry picked from commit ff1f89de2da3472d133e2c95bf7c9ad2d88df33d) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 18 March 2012, 16:50:46 UTC |
| b3d7fff | Justin Ruggles | 21 September 2011, 15:42:55 UTC | smacker: check buffer size before reading output size (cherry picked from commit cf044f8bff0d28dbc34492f18b0d18b3ba8bad9d) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 18 March 2012, 16:50:43 UTC |
| ef7a4df | Justin Ruggles | 21 September 2011, 15:37:51 UTC | smacker: validate number of channels (cherry picked from commit e190e453bd1e4d4b409ed3556b3a50d1087c15d7) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 18 March 2012, 16:50:41 UTC |
| 3b7a1ba | Mans Rullgard | 10 October 2011, 19:41:31 UTC | sipr: fix get_bits(0) calls Zero-length get_bits() is undefined, must check before calling. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit c79d2a20bad59298188171f1316a830d563a41ee) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 18 March 2012, 16:50:41 UTC |
| da73a20 | Mans Rullgard | 09 October 2011, 19:18:34 UTC | motion_est: make MotionExtContext.map_generation unsigned The way this value is used, it should be an unsigned type. While the numerical value has no meaning, unsigned wraparound is relied upon. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit cb668476ab1343d27e03edc0b32f57ca7a187471) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 18 March 2012, 16:50:41 UTC |
