| 50032a7 | Michael Niedermayer | 19 September 2012, 01:09:28 UTC | Changelog for 0.10.5 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 19 September 2012, 01:09:28 UTC |
| eed53a3 | Michael Niedermayer | 19 September 2012, 00:34:55 UTC | Update for 0.10.5 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 19 September 2012, 00:34:55 UTC |
| 501e60d | Michael Niedermayer | 14 August 2012, 16:58:49 UTC | bmv_videodec: fix out of array read Fixes Ticket1373 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 70f0ffa1ed456fd0b560d0dd1d0d93f1ba3a6d93) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d721cb009d73662f35c629bdc678e25786e79301) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 September 2012, 23:08:24 UTC |
| d36c706 | Michael Niedermayer | 07 September 2012, 10:35:41 UTC | faxcompr: fix out of array read Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5891e454a667e42ef71a06bfd9661540ea3f3ebd) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 55b3e408fa18b918bd0cabb1b27f1f0c4ce57a64) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 September 2012, 23:08:24 UTC |
| fcb8bbf | Michael Niedermayer | 16 August 2012, 20:28:29 UTC | escape124: fix integer overflow leading to excessive memory allocation Fixes Ticket1629 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3d7817048cb387de87600f2152075f78b37b60a6) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 9f1e01c9915fe0c86ad2b8f50e11fee9e1b00c62) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 September 2012, 23:08:24 UTC |
| 38c5e8f | Michael Niedermayer | 16 August 2012, 01:15:14 UTC | sp5xdec: fix off by 1 error causing a crash Fixes Ticket1633 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f0896a6bd94e5b45447c7d640c8e8aa95d860d7a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 450e4b1a60721d25f306d97062f35c9c3d7989f8) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 September 2012, 23:08:24 UTC |
| 1301942 | Michael Niedermayer | 14 September 2012, 03:55:11 UTC | mpegaudio_parser: reset state to prevent it to be random Fixes Ticket1718 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 93b240f4a59348c07d3d7e4862227f6949c51e14) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3581ab6ce0754544b06f34f7875b731a5ca2e061) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 September 2012, 23:08:24 UTC |
| e2c7b37 | Ben Jackson | 14 September 2012, 04:26:43 UTC | pthread: Avoid crashes/odd behavior caused by spurious wakeups pthread_wait_cond can wake up for no reason (Wikipedia: Spurious_wakeup). The FF_THREAD_SLICE thread mechanism could spontaneously execute jobs or allow the caller of avctx->execute to return before all jobs were complete. This adds tests to both cases to ensure the wakeup is real. Signed-off-by: Ben Jackson <ben@ben.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e3329474a366de066b25e86f35f5abf9c5a4b7b2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f1ec792ae3011531d47070144b8c91d58bb3e76f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 September 2012, 23:08:24 UTC |
| 7f90fe1 | Michael Niedermayer | 18 September 2012, 22:27:03 UTC | Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 Merged-by: Michael Niedermayer <michaelni@gmx.at> | 18 September 2012, 22:54:30 UTC |
| 2cf6aff | Carl Eugen Hoyos | 12 September 2012, 11:08:27 UTC | Fix muxing mjpeg in swf. (cherry picked from commit 7680d99b4302e476076cc1b8f2567f47c2aaef4d) | 13 September 2012, 07:21:55 UTC |
| 50e6e49 | jamal | 03 August 2012, 20:13:27 UTC | build: Fix some paths in uninstall-libs Folder and file names weren't being separated with a slash. This resulted in .dll.a, .lib and .def files not being removed on uninstall. Signed-off-by: Alexander Strasser <eclipse7@gmx.net> (cherry picked from commit 49440853d0c1e740daee0e2df1e65d5e67b1ad6b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 13 September 2012, 02:47:57 UTC |
| 0f54c97 | Ronald S. Bultje | 24 June 2012, 10:17:13 UTC | dxva2: include dxva.h if found Apparently, some build environments require dxva.h even for dxva2, while others lack this header entirely. Including it conditionally allows building in both cases. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit fa84506177f0246b30d4ea6a99ee5d419f3e4550) Conflicts: configure Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 13 September 2012, 02:45:36 UTC |
| a1f678f | Ramiro Polla | 04 April 2012, 05:52:27 UTC | asfenc: properly write index information The index must take into account the pre-roll time and must seek backwards, not forwards. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bd603494f905a7db92fc04eab9c0f6793b0ed7d1) Conflicts: tests/ref/lavf/asf tests/ref/seek/lavf_asf Fixes Ticket1563 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 12 September 2012, 14:48:59 UTC |
| 94905d2 | Ramiro Polla | 04 April 2012, 05:50:40 UTC | asfenc: remove useless casts Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bc13b74992c30da3cf3da9bcce6a0b727b9d2e6b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 12 September 2012, 14:37:05 UTC |
| b04fbd2 | Ramiro Polla | 04 April 2012, 05:50:05 UTC | asfenc: reduce code duplication with new variable Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f2fad251b8f0b5cfa9fa43200e72f5f9194fd620) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 12 September 2012, 14:36:57 UTC |
| f7b045d | Ramiro Polla | 04 April 2012, 05:49:47 UTC | asfenc: rename some variables Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1ceff0859df1c4f6bfacd6c1cd9dbdcceb039423) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 12 September 2012, 14:36:46 UTC |
| de1591b | Ramiro Polla | 04 April 2012, 05:48:27 UTC | asfenc: realloc index_ptr fewer times Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 97d36a1898dabd6fd85d0f2295bdac911d607b8e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 12 September 2012, 14:35:56 UTC |
| c7b7372 | Carl Eugen Hoyos | 31 August 2012, 12:17:01 UTC | Clarify that -passlogfile has a different syntax when used with -vcodec libx264. | 31 August 2012, 12:17:01 UTC |
| 2fb4be9 | Mans Rullgard | 30 May 2012, 03:06:00 UTC | mov: set AVCodecContext.width/height for h264 This is required for correct cropping of files from Canon cameras. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 8aa93e900449c88c3169ff5636fed03f41779cac) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 10 June 2012, 09:22:57 UTC |
| e160801 | Mans Rullgard | 30 May 2012, 03:04:54 UTC | h264: allow cropping to AVCodecContext.width/height Override the frame size from the SPS with AVCodecContext values if the latter specify a size smaller by less than one macroblock. This is required for correct cropping of MOV files from Canon cameras. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 30f515091c323da59c0f1b533703dedca2f4b95d) Conflicts: libavcodec/h264.c | 10 June 2012, 07:47:45 UTC |
| 8c0c0e9 | Michael Niedermayer | 09 June 2012, 18:52:12 UTC | Update for 0.10.4 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:52:12 UTC |
| 997e769 | Michael Niedermayer | 06 June 2012, 17:26:21 UTC | mpegvideo: fix out of heap array accesses Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 317ca0d3f735fad354c404e8bbac3e1ce9f09b12) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:50:57 UTC |
| 944b6a8 | Michael Niedermayer | 03 June 2012, 15:40:30 UTC | mpc8: fix channel checks fix heap array overflow Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 44c10168cff41c200825448b77cb8feff0d316c9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:50:14 UTC |
| ddd9483 | Michael Niedermayer | 03 June 2012, 12:41:21 UTC | h263: disable loop filter with lowres Fixes ticket1212 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cc229d4e83889d1298f1a0863b55feec6c5c339a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:49:58 UTC |
| 9c13d23 | Michael Niedermayer | 02 June 2012, 02:06:16 UTC | bmv: fix apparent sign error in the frame_off check Fixes part of Ticket1373 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit debbcfae6010f027a0334d70d0dbb7ddd912ad5a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:49:18 UTC |
| c4926cb | Michael Niedermayer | 02 June 2012, 02:04:29 UTC | bmv: fix integer overflows in vlc decoder. Fixes part of Ticket1373 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Based-on-patch-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 679c578cb8e82df6fdee977e3137a26a680ad346) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:49:14 UTC |
| 321bbb6 | Michael Niedermayer | 01 June 2012, 19:42:29 UTC | wmv1: check that the input buffer is large enough Fixes null ptr deref Fixes Ticket1367 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f23a2418fb0ccc56fdae4dbf83a5994cc917c475) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:47:56 UTC |
| 81476cf | Michael Niedermayer | 01 June 2012, 13:52:20 UTC | yopdec: check frame oddness to be within supported limits Fixes Ticket1365 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit febc013dc5d6db1535a4f91cf02fa8089038937c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:47:19 UTC |
| 3c69368 | Michael Niedermayer | 01 June 2012, 13:51:50 UTC | yopdec: check that palette fits in the packet Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b6fdf8dea7aaf3cb9a979dce91f752c2ce3086a3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:47:11 UTC |
| fcf09eb | Michael Niedermayer | 31 May 2012, 23:33:00 UTC | 8svx: fix crash Fixes Ticket1377 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 03ce421c1361e4ce79468de8269ad51ba2ae4c16) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:46:55 UTC |
| d6c7398 | Michael Niedermayer | 31 May 2012, 21:50:08 UTC | dv-demux: dont mess with codec values Fixes part of Ticket1369 Found-by: ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3c276ac0f8936745543d14674842647c502bdd2e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:46:03 UTC |
| aefa2bf | Paul B Mahol | 31 May 2012, 08:58:31 UTC | binkaudio: check number of channels Fixes #1380. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit 824a6975ee066e944b7a20d1e220fd8974fb6174) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:45:09 UTC |
| ece27b0 | Michael Niedermayer | 31 May 2012, 03:01:28 UTC | indeo5: check quant_mat prevents out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8aaa00c3012d425ce50efffadb813ad62d1ff3d5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:45:00 UTC |
| 479856a | Michael Niedermayer | 30 May 2012, 14:19:36 UTC | truemotion1: Check index, fix out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fd4c1c0b70b5a06dd572d7e27799a2f4c3d9b984) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:44:19 UTC |
| fc0d962 | Paul B Mahol | 30 May 2012, 07:50:32 UTC | iff: check if there is extradata Fixes #1368. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit 8f61526978697e51d3b9e61ea84daf13c42717af) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:41:15 UTC |
| 0452ebf | Michael Niedermayer | 29 May 2012, 17:50:15 UTC | ape: Fix null ptr dereference with files missing a seekatable. Such files are currently not supported as the table is used at several points Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e7cb161515fc9fb6d30d1681d64d9ba7ad737a4e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:40:50 UTC |
| 9e9e6bb | Michael Niedermayer | 29 May 2012, 17:16:22 UTC | 4xm: fix division by zero caused by bps<8 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1b8741a6843f3f4667c81c2d63d3182858aa534f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:39:12 UTC |
| 3e4eea6 | Michael Niedermayer | 28 May 2012, 15:21:29 UTC | jvdec: check videosize Fixes null ptr dereference fixes Ticket1364 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b4904e804d3b1c56ac4f5d3386b15daae98fca2d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:38:29 UTC |
| cc0fec8 | Michael Niedermayer | 28 May 2012, 15:17:49 UTC | motionpixels: check extradata size Fixes null ptr derefernce Fixes Ticket1363 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 50122084a6b3be06781a2b3d8ec036f2d67c32e3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:38:22 UTC |
| fa67ad8 | Michael Niedermayer | 28 May 2012, 15:13:10 UTC | iff_ilbm: fix null ptr deref Fixes Ticket1362 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 849d4b041351ef8d77c4231cf417f997e79f9ab7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:38:14 UTC |
| 0adc452 | Michael Niedermayer | 28 May 2012, 15:08:06 UTC | yop: check for missing extradata Fixes null ptr deref Fixes Ticket1361 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 77a4c8b959fa9bc6bcaa42b40a0b046cdf3fec38) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:38:09 UTC |
| 7df0e30 | Michael Niedermayer | 28 May 2012, 15:04:38 UTC | xan: fix out of array read Fixes ticket1360 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 01900fcc45e99ee4556e0a5d87ff57b2f150dad4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:37:36 UTC |
| a4b329d | Michael Niedermayer | 28 May 2012, 14:50:15 UTC | cdgraphics: Fix out of array write Fixes Ticket1359 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1e5c7376c4ed733910845c9a09e272ac7696b1f4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 18:37:27 UTC |
| eefd6bb | Michael Niedermayer | 09 June 2012, 17:17:22 UTC | Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: cmdutils: update copyright year to 2012. Conflicts: cmdutils.c Merged-by: Michael Niedermayer <michaelni@gmx.at> | 09 June 2012, 17:17:22 UTC |
| ce39a84 | Ronald S. Bultje | 08 February 2012, 18:16:41 UTC | cmdutils: update copyright year to 2012. | 08 June 2012, 10:38:58 UTC |
| 514f3e7 | Michael Niedermayer | 04 June 2012, 11:40:13 UTC | Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: Update Changelog for the 0.8.3 Release Prepare for 0.8.3 Release ea: check chunk_size for validity. png: check bit depth for PAL8/Y400A pixel formats. qdm2: clip array indices returned by qdm2_get_vlc(). tqi: Pass errors from the MB decoder h264: Add check for invalid chroma_format_idc h263dec: Disallow width/height changing with frame threads. Conflicts: Changelog RELEASE libavcodec/eatqi.c libavcodec/h264_ps.c libavcodec/pngdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at> | 04 June 2012, 11:40:13 UTC |
| 4dfea3e | Reinhard Tartler | 29 May 2012, 20:59:43 UTC | Update Changelog for the 0.8.3 Release | 03 June 2012, 17:09:07 UTC |
| f9ee7d1 | Reinhard Tartler | 29 May 2012, 20:56:46 UTC | Prepare for 0.8.3 Release | 03 June 2012, 17:05:29 UTC |
| ec27262 | Ronald S. Bultje | 04 May 2012, 23:06:26 UTC | ea: check chunk_size for validity. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 273e6af47b38391f2bcc157cca0423fe7fcbf55c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 03 June 2012, 17:05:29 UTC |
| d34e9e6 | Ronald S. Bultje | 02 May 2012, 17:58:55 UTC | png: check bit depth for PAL8/Y400A pixel formats. Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 03 June 2012, 17:04:51 UTC |
| c38d3e1 | Ronald S. Bultje | 02 May 2012, 16:12:46 UTC | qdm2: clip array indices returned by qdm2_get_vlc(). Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c | 02 June 2012, 23:17:53 UTC |
| 5872580 | Michael Niedermayer | 19 December 2011, 03:13:37 UTC | tqi: Pass errors from the MB decoder This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 23 May 2012, 18:43:42 UTC |
| 4713234 | Alexander Strange | 24 March 2012, 21:32:14 UTC | h264: Add check for invalid chroma_format_idc Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef4063957aa5025c8d2cd757b6a537e4b6874df) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 22 May 2012, 19:57:38 UTC |
| 5836110 | Michael Niedermayer | 17 February 2012, 21:35:10 UTC | h263dec: Disallow width/height changing with frame threads. Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba) Conflicts: libavcodec/h263dec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 22 May 2012, 19:51:58 UTC |
| 3fab87e | Michael Niedermayer | 11 February 2012, 19:14:33 UTC | threads: Perform the generic progress cleanup more carefully. The cleanup is only done now when a picture is returned (assuming that it has to be done when its returned) a error is returned (assuming that there will be no further progress on the frame) the codec is not h264 (this is still needed due to some deadlocks in realvideo) This fixes a decoding regression with 00017.MTS Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 18a7f7465e7e6b9c3688ffc23230ae7a0639a771) | 13 May 2012, 12:09:29 UTC |
| b1f9ff4 | Michael Niedermayer | 05 May 2012, 23:35:56 UTC | update for ffmpeg 0.10.3 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 05 May 2012, 23:42:01 UTC |
| 96acb0a | Michael Niedermayer | 31 March 2012, 19:42:50 UTC | indeo4: check that num_mbs matches Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d3db8988d5befd8702a748cf1957415677bfe75c) | 05 May 2012, 23:42:01 UTC |
| df93682 | Michael Niedermayer | 17 March 2012, 19:45:45 UTC | dsp: fix diff_bytes_mmx() with small width Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e) | 05 May 2012, 23:42:01 UTC |
| 22285ab | Michael Niedermayer | 05 May 2012, 23:31:25 UTC | Changelog: update Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 05 May 2012, 23:42:01 UTC |
| 097ad61 | Michael Niedermayer | 22 March 2012, 23:49:00 UTC | mmdemux: dont set pkt->size to an invalid value. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0c97fd336e17535239ab44d755a0d957dc2688f3) | 05 May 2012, 22:59:45 UTC |
| c785a70 | Michael Niedermayer | 02 March 2012, 14:58:14 UTC | h261: check mtype. Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ec3cd74f2dab8e3e8234ccb994132b23d3098585) | 05 May 2012, 22:57:10 UTC |
| 6736de0 | Michael Niedermayer | 24 March 2012, 13:25:52 UTC | mpegvideo: increase buffer sizes. Fixes buffer overflow Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2c0559d5e2faeafa7998173a4dc430408475503f) | 05 May 2012, 22:55:36 UTC |
| fe8508b | Michael Niedermayer | 23 March 2012, 00:09:04 UTC | mov: fix global unicode convertion array overflow. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 437f5daf0bf727a53ea4b485a30f1289f44bf252) | 05 May 2012, 22:55:06 UTC |
| 0d40fba | Michael Niedermayer | 22 April 2012, 14:41:21 UTC | iff: fix null ptr dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 41abc9da50ba7a7b68bbbf6622475ce7a3c72e3f) | 05 May 2012, 22:54:40 UTC |
| a484694 | Michael Niedermayer | 21 April 2012, 17:41:54 UTC | xmvdemux: dont let current_stream become invalid. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 13381577d181fa732d6d2fa0491fa2ff50186546) | 05 May 2012, 22:53:02 UTC |
| bf2534a | Michael Niedermayer | 17 April 2012, 15:42:09 UTC | avidec: Dont crash on avi packets that belong to dv streams in dv in avi Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 096231d497457be9496b0be01ff6da2093186c3c) | 05 May 2012, 22:50:25 UTC |
| 1ca4e70 | Michael Niedermayer | 21 April 2012, 17:28:35 UTC | cook: check subacket count Fixes out of array writes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5a35bd92ad6b535fd5d3a7513169661de66ec247) | 05 May 2012, 22:47:44 UTC |
| 25a2802 | Michael Niedermayer | 16 April 2012, 12:30:33 UTC | 4xmdemux: Check chunk size Fixes over reading the header array Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 474e31c904f766b6989fe614c3fb093e697c847f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 05 May 2012, 22:45:04 UTC |
| 581a830 | Michael Niedermayer | 05 May 2012, 19:18:48 UTC | Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: Update Changelog for the 0.8.2 Release Prepare for 0.8.2 Release vqavideo: return error if image size is not a multiple of block size celp filters: Do not read earlier than the start of the 'out' vector. motionpixels: Clip YUV values after applying a gradient. jpeg: handle progressive in second field of interlaced. h263: more strictly forbid frame size changes with frame-mt. h264: additional protection against unsupported size/bitdepth changes. tta: prevents overflows for 32bit integers in header. ttadec: CRC checking tta: use skip_bits_long() Conflicts: Changelog RELEASE libavcodec/h264.c libavcodec/tta.c Merged-by: Michael Niedermayer <michaelni@gmx.at> | 05 May 2012, 22:25:39 UTC |
| 43e5fda | Reinhard Tartler | 04 May 2012, 20:59:01 UTC | Update Changelog for the 0.8.2 Release | 04 May 2012, 20:59:01 UTC |
| a638e10 | Reinhard Tartler | 04 May 2012, 20:40:37 UTC | Prepare for 0.8.2 Release | 04 May 2012, 20:40:37 UTC |
| d5207e2 | Mans Rullgard | 23 April 2012, 12:16:33 UTC | vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 20:14:26 UTC |
| 9ea94c4 | Alex Converse | 04 May 2012, 17:27:03 UTC | celp filters: Do not read earlier than the start of the 'out' vector. CC: libav-stable@libav.org (cherry picked from commit 37ddd3833219fa7b913fff3f5cccc6878b047e6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 20:09:27 UTC |
| aaa6a66 | Alex Converse | 02 May 2012, 19:08:03 UTC | motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 20:09:27 UTC |
| 7240cc3 | Ronald S. Bultje | 14 March 2012, 00:18:41 UTC | jpeg: handle progressive in second field of interlaced. Progressive data is allocated later in decode_sof(), not allocating that data leads to NULL dereferences. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 5eec5a79da118170f3cfe185a862783d3fa50abe) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 20:09:27 UTC |
| 7fe4c8c | Ronald S. Bultje | 29 March 2012, 19:24:10 UTC | h263: more strictly forbid frame size changes with frame-mt. Prevents crashes because the old check was incomplete. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 2d22d4307dcc1461f39a2ffb9c8db6c6b23fd080) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 20:09:27 UTC |
| 746f159 | Ronald S. Bultje | 29 March 2012, 23:37:09 UTC | h264: additional protection against unsupported size/bitdepth changes. Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit 732f9fcfe54fc9a0a7bbce53fe86b38744c2d301) Conflicts: libavcodec/h264.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 20:09:27 UTC |
| 0e4bb05 | Ronald S. Bultje | 29 March 2012, 19:44:55 UTC | tta: prevents overflows for 32bit integers in header. This prevents sample_rate/data_length from going negative, which caused various crashes and undefined behaviour further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ac80b812cd177553339467ea12548d71c9ef6865) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 19:28:45 UTC |
| 994c0ef | Paul B Mahol | 11 February 2012, 21:30:30 UTC | ttadec: CRC checking Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 2af3dc8698707f800f83f5fc890571a6a119866e) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 19:28:35 UTC |
| cf5e119 | Paul B Mahol | 05 February 2012, 19:39:13 UTC | tta: use skip_bits_long() Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 9aff2d17533576f4ff52531e534f1319fb36a590) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 May 2012, 19:28:28 UTC |
| 1ee1e9e | Michael Niedermayer | 22 March 2012, 22:43:37 UTC | vqavideodev: Check image dimensions Fixes out of heap array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3583c8706df0abbfa3ecdd6730f4f3d72a01fe6d) Independently-Found-by: Fabian Yamaguchi Fixes: CVE-2012-0947 Conflicts: libavcodec/vqavideo.c | 02 May 2012, 22:22:32 UTC |
| 15e9aee | Michael Niedermayer | 02 May 2012, 20:49:14 UTC | Merge remote-tracking branch 'qatar/release/0.8' into release/0.10 * qatar/release/0.8: (24 commits) apedec: check bits <= 32. truemotion: forbid invalid VLC bitsizes and token values. mov: don't overwrite existing indexes. truemotion2: handle out-of-frame motion vectors through edge extension. lzw: prevent buffer overreads. truemotion2: convert packet header reading to bytestream2. lagarith: fix buffer overreads. raw: forward avpicture_fill() error code in raw_decode(). vc1: Do not read from array if index is invalid. utvideo: port header reading to bytestream2. bytestream: add more unchecked variants for bytestream2 API bytestream: K&R formatting cosmetics bytestream: Add bytestream2 writing API. aac: Reset PS parameters on header decode failure. mov: Do not read past the end of the ctts_data table. xwma: Validate channels and bits_per_coded_sample. asf: reset side data elements on packet copy. vqa: check palette chunk size before reading data. vqavideo: port to bytestream2 API wmavoice: fix stack overread. ... Conflicts: cmdutils.c cmdutils.h libavcodec/lagarith.c libavcodec/truemotion2.c libavcodec/vqavideo.c Merged-by: Michael Niedermayer <michaelni@gmx.at> | 02 May 2012, 22:20:54 UTC |
| e8050f3 | Michael Niedermayer | 29 March 2012, 17:52:21 UTC | apedec: check bits <= 32. Fixes a floating-point exception further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> (cherry picked from commit 420d1df2e2a857eae45fa947e16eae7494793d57) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:03 UTC |
| be424d8 | Ronald S. Bultje | 29 March 2012, 17:25:04 UTC | truemotion: forbid invalid VLC bitsizes and token values. SHOW_UBITS() is only defined up to n_bits is 25, therefore forbid values larger than this in get_vlc2() (max_bits). tokens[][] can be used as an index in deltas[], which has a size of 64, so ensure the values are smaller than that. This prevents crashes on corrupt bitstreams. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit b7b1509d06d3696d3b944791227fe198ded0654b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:03 UTC |
| a08cb95 | Ronald S. Bultje | 28 March 2012, 19:56:07 UTC | mov: don't overwrite existing indexes. Prevents all kind of badness if files contain multiple indexes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 4f7c7624c0db185c48c59d95d745ab3f7851a5b4) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:03 UTC |
| 46f8bbf | Ronald S. Bultje | 29 March 2012, 16:29:03 UTC | truemotion2: handle out-of-frame motion vectors through edge extension. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bf39d3b59d85e5734babe48b61b8d92d18188185) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:03 UTC |
| 562c6a7 | Ronald S. Bultje | 29 March 2012, 00:06:00 UTC | lzw: prevent buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ddcf67c8a51c67b122a826d8b5819e96d591d813) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:03 UTC |
| e711cce | Ronald S. Bultje | 28 March 2012, 18:53:13 UTC | truemotion2: convert packet header reading to bytestream2. Also use correct buffer sizes in calls to tm2_read_stream(). Together, this prevents overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit bd508d435b94584db460c684e30ea7ce180cf50f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:03 UTC |
| d6372e8 | Ronald S. Bultje | 27 March 2012, 19:26:46 UTC | lagarith: fix buffer overreads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 0a82f5275f719e6e369a807720a2c3603aa0ddd9) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:03 UTC |
| 29d91e9 | Ronald S. Bultje | 27 March 2012, 01:02:08 UTC | raw: forward avpicture_fill() error code in raw_decode(). Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 98df2e24141cd00a557ef10ed7af2b956200cd80) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| 583f57f | Mashiat Sarker Shakkhar | 24 March 2012, 22:49:34 UTC | vc1: Do not read from array if index is invalid. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 95b192de5d05f3e1542e7b2378cdefbc195f5185) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| f8f6c14 | Ronald S. Bultje | 23 March 2012, 00:25:22 UTC | utvideo: port header reading to bytestream2. Fixes crash during slice size reading if slice_end goes negative. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit ec0ed97b046d46421db72c4911d2bbe28bbe5741) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| 9e24f2a | Paul B Mahol | 13 March 2012, 14:14:59 UTC | bytestream: add more unchecked variants for bytestream2 API Signed-off-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f1ce053cd0e0d7dc67fa61f32bcd8b6ee5e5c490) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| e788c6e | Aneesh Dogra | 08 February 2012, 18:07:20 UTC | bytestream: K&R formatting cosmetics Signed-off-by: Diego Biurrun <diego@biurrun.de> (cherry picked from commit ab9ae401525d301a31ec695bf39103502db6afeb) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| 2e681cf | Aneesh Dogra | 06 February 2012, 20:09:22 UTC | bytestream: Add bytestream2 writing API. Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit db7d45237ab6fc7fe90ec861cb756b2a109504a4) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| 9ddd3ab | Alex Converse | 21 March 2012, 17:11:02 UTC | aac: Reset PS parameters on header decode failure. If the next header frame codes zero envelopes the previous frame's values will be used. Consequently the invalid values must be cleared. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit a237b38021cd3009cc78eeb974b596085f2fe393) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| 86bd024 | Alex Converse | 21 March 2012, 18:24:10 UTC | mov: Do not read past the end of the ctts_data table. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 86f2ae06b92d42580ae7ebd86d52c9b7acbc2f13) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| 15de658 | Alex Converse | 21 March 2012, 17:58:07 UTC | xwma: Validate channels and bits_per_coded_sample. This prevents a SIGFPE later on. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 5023b89bba198b2f8e43b7f555aeb9c30d33db9f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| 19d3f7d | Ronald S. Bultje | 21 March 2012, 23:10:37 UTC | asf: reset side data elements on packet copy. Prevents crash (double free) when free()ing the original packet. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit e73c6aaabff1169899184c382385fe9afae5b068) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:02 UTC |
| c21b858 | Ronald S. Bultje | 21 March 2012, 22:19:31 UTC | vqa: check palette chunk size before reading data. Prevents overreads beyond buffer boundaries. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 75d7975268394f4f16294b68ec6d6d5ac30da3ac) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 29 April 2012, 20:07:01 UTC |
