cee1568 | Michael Niedermayer | 02 January 2012, 19:20:14 UTC | Update for 0.8.9 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 02 January 2012, 19:20:14 UTC |
c409ac5 | Michael Niedermayer | 02 January 2012, 14:27:43 UTC | vp3: fix regression with mplayer-crash.ogv Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a2a12e3358c3bbdc0246ffc94973e58eba50ee30) | 02 January 2012, 16:24:31 UTC |
680880c | Michael Niedermayer | 17 December 2011, 03:42:04 UTC | h264: fix init of topleft ref/mv. Fixes Ticket778 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 27 December 2011, 20:33:32 UTC |
d75909f | Michael Niedermayer | 25 December 2011, 20:45:57 UTC | Update for 0.8.8 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 25 December 2011, 20:45:57 UTC |
8413f12 | Michael Niedermayer | 25 December 2011, 18:25:27 UTC | Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Update Changelog for 0.7.3 release Conflicts: Changelog Merged-by: Michael Niedermayer <michaelni@gmx.at> | 25 December 2011, 18:25:27 UTC |
df825c9 | Michael Niedermayer | 24 December 2011, 00:19:33 UTC | Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 This merge is primary for metadata, theres little actually changed except cosmetics * qatar/release/0.7: 4xm: Add a check in decode_i_frame to prevent buffer overreads wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. Update RELEASE file for 0.7.3 swscale: #include "libavutil/mathematics.h" vp3dec: Check coefficient index in vp3_dequant() svq1dec: call avcodec_set_dimensions() after dimensions changed. swscale: Readd #define _SVID_SOURCE Conflicts: RELEASE libavcodec/4xm.c libavcodec/vp3.c libswscale/utils.c Merged-by: Michael Niedermayer <michaelni@gmx.at> | 24 December 2011, 00:41:43 UTC |
d61b38b | Reinhard Tartler | 23 December 2011, 21:40:24 UTC | Update Changelog for 0.7.3 release | 23 December 2011, 21:40:24 UTC |
d912a30 | Shitiz Garg | 14 December 2011, 12:59:21 UTC | 4xm: Add a check in decode_i_frame to prevent buffer overreads Fixes bugzilla #135 Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 355d917c0bd8163a3f1c7d4a6866dac749efdb84) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 23 December 2011, 21:27:02 UTC |
8dba560 | Justin Ruggles | 22 November 2011, 18:37:52 UTC | wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. The initial values are not checked against the number of block sizes. Initializing them to frame_len_bits will result in a block size index of 0 in these cases instead of something that might be out-of-range. Fixes Bug 81. (cherry picked from commit 05d1e45d1f42cc90d1f2f36c546d0096cea126a8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 23 December 2011, 21:27:02 UTC |
7ce7280 | Reinhard Tartler | 23 December 2011, 15:00:17 UTC | Update RELEASE file for 0.7.3 | 23 December 2011, 15:00:17 UTC |
851098c | Reinhard Tartler | 01 December 2011, 17:48:33 UTC | swscale: #include "libavutil/mathematics.h" this file uses the M_PI macro since 4e74187db2f5db52f88729efc662df9d6bc763e1, so include the correct header directly. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 5089ce1b5abe2ecbbfd7235aeb0ad47ba38305c1) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 23 December 2011, 14:58:31 UTC |
bba7092 | Reinhard Tartler | 04 December 2011, 09:10:33 UTC | vp3dec: Check coefficient index in vp3_dequant() Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes NGS00145, CVE-2011-4352 Found-by: Phillip Langlois Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 8b94df0f2047e9728cb872adc9e64557b7a5152f) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 23 December 2011, 14:56:01 UTC |
0eca0da | Michael Niedermayer | 18 November 2011, 18:10:21 UTC | svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6e24b9488e67849a28e64a8056e05f83cf439229) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 23 December 2011, 14:55:38 UTC |
d38580a | Michael Niedermayer | 19 October 2011, 20:57:36 UTC | mpegtsenc: fix handling of large audio packets (sorry i have no sample, just a user report) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e31c5ebe1146d98d17a5121312c5444432c81904) Conflicts: libavformat/mpegtsenc.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 09 December 2011, 02:45:40 UTC |
8acf990 | Michael Niedermayer | 08 December 2011, 00:14:02 UTC | Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 Note, all these commits where already in our release, this merge thus changes nothing, its just for metadata * qatar/release/0.7: vp6: Fix illegal read. vp6: Fix illegal read. vp6: Reset the internal state when aborting key frames header parsing vp6: Check for huffman tree build errors vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling imgutils: Fix illegal read. qdm2: check output buffer size before decoding Fix out of bound reads in the QDM2 decoder. Check for out of bound writes in the QDM2 decoder. vmd: fix segfaults on corruped streams Conflicts: libavcodec/qdm2.c libavcodec/vmdav.c Merged-by: Michael Niedermayer <michaelni@gmx.at> | 08 December 2011, 00:14:02 UTC |
1550c08 | Michael Niedermayer | 12 November 2011, 20:10:15 UTC | h264: Use mismatching frame numbers in fields to synchronize the first/second field state independant of them being reference or not. Fixes Ticket354 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 545ec935a4b4e0f032ebd975907b41f6fe4465c9) | 06 December 2011, 22:31:39 UTC |
38a511e | Martin Storsjö | 24 November 2011, 22:45:16 UTC | swscale: Readd #define _SVID_SOURCE This was removed erroneously in 046f081b46c8479820409cf8f530b988221bd15b. This define still is necessary for getting MAP_ANONYMOUS defined on linux/glibc, despite the define reshuffling done in that commit. Without MAP_ANONYMOUS defined, the mprotect calls for setting the generated mmx2 scaler code pages executable are left out, causing crashes if that codepath is chosen. This patch fixes scaling from 192x144 to 320x240 with -sws_flags fast_bilinear, which crashes on linux at the moment. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit f32dfad9dc64acf0fd1bb867e127a9efe6380676) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 05 December 2011, 20:12:11 UTC |
ba4b08b | Thierry Foucu | 17 November 2011, 17:39:52 UTC | vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 08:21:09 UTC |
67a7ed6 | Alex Converse | 03 November 2011, 22:55:52 UTC | vp6: Fix illegal read. (cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 08:20:49 UTC |
c76505e | Laurent Aimar | 23 September 2011, 20:36:11 UTC | vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit a72cad0a6c05aa74940101e937cb3dc602d7d67b) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 08:20:28 UTC |
30c08e2 | Laurent Aimar | 21 September 2011, 18:46:32 UTC | vp6: Check for huffman tree build errors Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 066fff755a5d8edc660c010ddb08474d208eeade) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 08:20:10 UTC |
7367cbe | Dustin Brody | 16 August 2011, 20:46:34 UTC | vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 08:19:29 UTC |
28acce2 | Thierry Foucu | 19 November 2011, 01:36:50 UTC | imgutils: Fix illegal read. Found with address sanitizer. Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit c693aa6f71b4f539cf9df67ba42f4b1932981687) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 08:18:17 UTC |
7347205 | Justin Ruggles | 14 September 2011, 17:57:04 UTC | qdm2: check output buffer size before decoding (cherry picked from commit 7d49f79f1cd47783a963a757a6563b9cac29db62) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 07:55:55 UTC |
0d93d5c | Laurent Aimar | 30 September 2011, 22:45:04 UTC | Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 07:55:55 UTC |
a31ccac | Laurent Aimar | 30 September 2011, 22:45:05 UTC | Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 291d74a46d32183653db07818c7b3407fd50a288) Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 04 December 2011, 07:44:09 UTC |
494cfac | Laurent Aimar | 11 September 2011, 17:17:45 UTC | vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> | 03 December 2011, 20:07:07 UTC |
4f58d8e | Sergiy Gur'yev | 24 November 2011, 12:53:19 UTC | Fix adts format creation in aac+ encoder modified: libavcodec/libaacplus.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 32ed7da1350e551ec005b75e482da74f2e93fbb9) | 24 November 2011, 13:53:04 UTC |
e66860a | Michael Niedermayer | 21 November 2011, 19:00:52 UTC | Update for 0.8.7 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 19:00:52 UTC |
661ee45 | Michael Niedermayer | 18 November 2011, 18:10:21 UTC | svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4931c8f0f10bf8dedcf626104a6b85bfefadc6f2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 17:31:30 UTC |
fa5292d | Michael Niedermayer | 18 November 2011, 17:08:31 UTC | vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit eef5c35b4352ec49ca41f6198bee8a976b1f81e5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 17:31:23 UTC |
a6a61a6 | Michael Niedermayer | 18 November 2011, 16:48:31 UTC | qdm2dec: fix buffer overflow. Fixes NGS00144 This also adds a few lines of code from master that are needed for this fix. Thanks to Phillip for suggestions to improve the patch. Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 17:29:17 UTC |
b8fc301 | Michael Niedermayer | 21 November 2011, 01:03:13 UTC | h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 833a195905405fc9646c7544ce9d0f3279608977) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 15:48:40 UTC |
9b667da | Michael Niedermayer | 20 November 2011, 16:19:25 UTC | mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 50d6f8195658d529c57bb42dfd8d7a71d60a9f1d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 15:48:25 UTC |
4007352 | Thierry Foucu | 19 November 2011, 01:36:50 UTC | imgutils: Fix illegal read. Found with address sanitizer. Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit c693aa6f71b4f539cf9df67ba42f4b1932981687) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 15:48:18 UTC |
5c6a2d9 | Michael Niedermayer | 17 November 2011, 18:38:47 UTC | ac3probe: Detect Sonic Foundry Soft Encode AC3 as raw AC3. Our ac3 code chain can handle it fine. More ideal would be to write a demuxer that actually extracts what can be from the additional headers and uses it for whatever it can be used for. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 30ca700ba17b9ba46f4648afa30559ad890f0221) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 15:47:53 UTC |
17c54e9 | Michael Niedermayer | 17 November 2011, 02:13:50 UTC | mjpeg: support mpo Fixes stereoscopic_photo.mpo Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1d23e5246c67f765dd5d119c9f3197bdae07330c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 21 November 2011, 15:47:49 UTC |
14d4eee | Michael Niedermayer | 20 November 2011, 02:27:50 UTC | Merge remote-tracking branch 'qatar/release/0.7' into release/0.8 * qatar/release/0.7: Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info. lavf: fix multiplication overflow in avformat_find_stream_info() lavf: fix invalid reads in avformat_find_stream_info() lavf: add avformat_find_stream_info() lavc: fix parentheses placement in avcodec_open2(). lavc: introduce avcodec_open2() as a replacement for avcodec_open(). Conflicts: doc/APIchanges libavcodec/utils.c libavcodec/version.h libavformat/avformat.h libavformat/version.h Merged-by: Michael Niedermayer <michaelni@gmx.at> | 20 November 2011, 02:27:50 UTC |
07624cf | Anton Khirnov | 19 November 2011, 07:51:26 UTC | Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info. | 19 November 2011, 09:22:27 UTC |
d6f7636 | Mans Rullgard | 15 November 2011, 22:33:49 UTC | lavf: fix multiplication overflow in avformat_find_stream_info() Converting to double before the multiplication rather than after avoids an integer overflow in some cases. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 52767d891c665ab1124fe4ce82d99b59673de7d2) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 19 November 2011, 09:22:27 UTC |
e297459 | Anton Khirnov | 14 July 2011, 01:08:53 UTC | lavf: fix invalid reads in avformat_find_stream_info() (cherry picked from commit e358f7ee90fec591348ca05dff94ebaf4c1a098b) Conflicts: libavformat/utils.c Signed-off-by: Anton Khirnov <anton@khirnov.net> | 19 November 2011, 09:22:27 UTC |
afe2726 | Anton Khirnov | 22 May 2011, 17:24:59 UTC | lavf: add avformat_find_stream_info() It supports passing options to codecs. (cherry picked from commit a67c061e0f3b55ffcc96f336fc0998e44b86c8e4) Conflicts: libavformat/utils.c Signed-off-by: Anton Khirnov <anton@khirnov.net> | 19 November 2011, 09:22:27 UTC |
23f0d0f | Baptiste Coudurier | 09 August 2011, 06:41:50 UTC | lavc: fix parentheses placement in avcodec_open2(). Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit 1d36fb13b088f55ece155153fb6ca8ea278fc837) Signed-off-by: Anton Khirnov <anton@khirnov.net> | 19 November 2011, 09:22:27 UTC |
47953c3 | Anton Khirnov | 22 May 2011, 12:10:49 UTC | lavc: introduce avcodec_open2() as a replacement for avcodec_open(). Adds support for decoder-private options and makes setting other options simpler. (cherry picked from commit 0b950fe240936fa48fd41204bcfd04f35bbf39c3) Conflicts: libavcodec/avcodec.h Signed-off-by: Anton Khirnov <anton@khirnov.net> | 19 November 2011, 09:22:26 UTC |
64a854d | Michael Niedermayer | 18 November 2011, 21:34:41 UTC | rawdec: use a default sample rate if none is specified. Fixes "ffmpeg -f s16le -i /dev/zero" Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fca85ce5ecc8acba6a5cf10c5f99e932b26c6367) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 22:09:56 UTC |
91805f0 | Stefano Sabatini | 26 October 2011, 23:38:21 UTC | rawdec: add check on sample_rate Prevent error condition in case sample_rate is unset or set to a negative value. In particular, fix divide-by-zero error occurring in ffmpeg due to sample_rate set to 0 in output_packet(), in code: ist->next_pts += ((int64_t)AV_TIME_BASE * ist->st->codec->frame_size) / ist->st->codec->sample_rate; Fix trac ticket #324. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:33:11 UTC |
8120a1d | Michael Niedermayer | 18 November 2011, 16:56:24 UTC | qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 14db3af4f26dad8e6ddf2147e96ccc710952ad4d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
211a107 | Michael Niedermayer | 16 November 2011, 16:21:42 UTC | cinepak: check strip_size Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit cea0c82d9b9771dfa2ac729c13c0d9e03ea352a7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
fdd09e5 | Michael Niedermayer | 16 November 2011, 02:31:25 UTC | wma: Check channel number before init. Fixes Ticket240 Based on patch by ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 20431a9982b9bd2c475042d919890a941ad70c71) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
00d35e8 | Carl Eugen Hoyos | 12 November 2011, 18:30:27 UTC | Do not try to read 16bit gray png files with alpha channel. FFmpeg does not support gray16a. Fixes the crash in ticket #644. (cherry picked from commit 0c5fd6372e6c257912d7ae64cbfc4d8541f0452f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
807342e | K.Y.H | 10 November 2011, 23:30:39 UTC | cook: fix apparent typo in extradata parsing Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 554caed2d397e137286f2cc71c6bac477b41fa96) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
abaf8c3 | Michael Niedermayer | 08 November 2011, 02:14:13 UTC | ffplay: limit lowres to the maximum supported. Fixes Ticket591 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit d8407ee2b1e9f62763a2f47d55f80f7993718c99) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
e5578ad | Michael Niedermayer | 08 November 2011, 00:20:35 UTC | v4l2: fix uninitialized variable Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
4e0fae9 | Michael Niedermayer | 01 November 2011, 22:45:28 UTC | vf_transpose: remove pix_fmts which can currently not be supported. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3fd0f6ed252e51ffaec7765a2637794366a513ba) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 20:05:12 UTC |
f62fa1c | Alex Converse | 17 November 2011, 18:06:14 UTC | vp5: Fix illegal read. Found with Address Sanitizer (cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 13:29:52 UTC |
8a63dea | Thierry Foucu | 17 November 2011, 17:39:52 UTC | vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 18 November 2011, 13:29:52 UTC |
fe06305 | Stefano Sabatini | 29 July 2011, 18:19:04 UTC | vf_transpose: avoid multiple calls to avfilter_draw_slice() avfilter_draw_slice() is already called in the end_frame() callback, this avoids multiple calls. This is done by adding a null draw_slice() callback. In particular fix crash occurring with -vf transpose=3,hflip, fix trac issue #371. (cherry picked from commit d9c23a0d5a56488b146eef17a19a9b47643be333) | 13 November 2011, 22:22:06 UTC |
d58c558 | Reimar Döffinger | 05 November 2011, 21:34:09 UTC | nuv: Fix combination of size changes and LZO compression. There were multiple issues, for example might we have to re-run the decompression when the size of the buffer increased, we should always use a decompression buffer large enough for the header (so we do not get stuck when the size is too small). Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> | 08 November 2011, 18:48:14 UTC |
0411b19 | Reimar Döffinger | 05 November 2011, 20:45:31 UTC | av_lzo1x_decode: properly handle negative buffer length. Treating them like 0 is safest, current code would invoke undefined pointer arithmetic behaviour in this case. Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> (cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896) | 08 November 2011, 18:45:12 UTC |
fd30240 | Miroslav Slugeň | 07 November 2011, 11:13:55 UTC | libavformat: add support for G726 audio decoder in RTP and RTSP streams Fixes Ticket611 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit df9c1cfb48c2d8ddb3c11b4d1e8c4c33c6b0d8a2) | 08 November 2011, 18:04:26 UTC |
54e4bf3 | Reimar Döffinger | 19 October 2011, 16:41:02 UTC | Do not call parse_keyframes_index with NULL stream. Seems to fix trac issue #569. Sample is unfortunately not available, but it might be caused by an index existing for non-existing audio stream (?). Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> (cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f) | 08 November 2011, 18:03:22 UTC |
1e1015f | Michael Niedermayer | 04 November 2011, 12:37:27 UTC | Version numbers for 0.8.6 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:37:27 UTC |
c4a34f4 | Michael Niedermayer | 26 October 2011, 13:47:14 UTC | snow: emu edge support Fixes Ticket592 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4416931fc069332e267ab6df037a1227c051d7b1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:36:28 UTC |
cba03dc | Justin Ruggles | 28 October 2011, 22:31:21 UTC | imc: validate channel count ask for a sample if not mono (cherry picked from commit 7b7f47e73356d113cace74b922eee0b6ff5ffe0b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:34:42 UTC |
5a3f494 | Justin Ruggles | 28 October 2011, 22:25:49 UTC | imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:34:35 UTC |
1124317 | Justin Ruggles | 28 October 2011, 04:52:36 UTC | libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:33:38 UTC |
864581f | Michael Niedermayer | 01 November 2011, 13:46:18 UTC | configure: fix arch x86_32 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 078811d9e484892e3ad49819148fe6ae65a1954b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:33:33 UTC |
d8acee7 | Tobias Rapp | 31 October 2011, 14:11:37 UTC | mp3enc: avoid truncating id3v1 tags by one byte Avoid writing the trailing null-byte for id3v1 tags if length reaches max length. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0f39fa0279e12c7a174d1da9294bffd95cb15c4c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:32:59 UTC |
0e3dec6 | Michael Niedermayer | 31 October 2011, 21:42:45 UTC | asfdec: Check packet_replic_size earlier Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 60fcc19bff49e0b1972eae014afc087afd94a415) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:32:50 UTC |
711e6c9 | Justin Ruggles | 27 October 2011, 17:33:57 UTC | cin audio: validate the channel count Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:32:18 UTC |
8491677 | Justin Ruggles | 25 October 2011, 17:47:50 UTC | binkaudio: add some buffer overread checks. This stops decoding before overreads instead of after. (cherry picked from commit 101ef19ef4dc9f5c3d536aee8fcc10fff2af4d9e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 12:31:15 UTC |
f98bb0d | Justin Ruggles | 14 October 2011, 04:24:50 UTC | atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:40:42 UTC |
346e089 | Justin Ruggles | 14 October 2011, 04:16:31 UTC | atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:40:35 UTC |
0ac6777 | Ronald S. Bultje | 29 October 2011, 06:50:04 UTC | vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:37:06 UTC |
ae2d3d6 | Justin Ruggles | 11 October 2011, 17:25:27 UTC | apedec: set s->currentframeblocks after validating nblocks | 04 November 2011, 02:32:39 UTC |
998fc04 | Justin Ruggles | 11 October 2011, 17:17:44 UTC | apedec: use unsigned int for 'nblocks' and make sure that it's within int range Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:30:44 UTC |
43fa5bf | Justin Ruggles | 11 October 2011, 16:47:11 UTC | apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d7486e879926488404b3b79af774f0f2d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:23:39 UTC |
f19b8d9 | Justin Ruggles | 11 October 2011, 15:47:15 UTC | apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313d11b37772c05a28da20fbc112db478) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:23:34 UTC |
4a66fe2 | Justin Ruggles | 27 September 2011, 18:27:43 UTC | mpegaudiodec: check output data size based on avctx->frame_size Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:23:13 UTC |
edf3c5a | Michael Niedermayer | 27 October 2011, 13:26:45 UTC | resample: Fix array size Found-by: Jim Radford Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3e7db0a9ee758bf0570a141be1fea64f8d9c03db) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:22:03 UTC |
a39b5e8 | Michael Niedermayer | 27 October 2011, 12:34:45 UTC | resample2: fix potential overflow Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:18:52 UTC |
6ae93d0 | Michael Niedermayer | 27 October 2011, 12:31:53 UTC | resample: Fix overflow Found-by: Jim Radford Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:18:52 UTC |
241f15f | Justin Ruggles | 23 September 2011, 23:22:06 UTC | tta: check for extradata allocation failure in tta demuxer (cherry picked from commit f540ca22c5fb4504d959c295f55591a9ec2a8859) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:18:52 UTC |
2137d99 | Justin Ruggles | 23 September 2011, 23:56:58 UTC | vorbisdec: check output buffer size before writing output (cherry picked from commit 60aa1a358d9c1c8f891e72246d5dcd897857eca8) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:18:52 UTC |
e9de2d9 | Justin Ruggles | 23 September 2011, 23:50:41 UTC | twinvq: check output buffer size before decoding (cherry picked from commit e53eecd0e7211973a1a9757f559bdd93a1848901) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 02:18:52 UTC |
93f1159 | Alex Converse | 03 November 2011, 22:55:52 UTC | vp6: Fix illegal read. (cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:54:13 UTC |
b08001e | Justin Ruggles | 16 September 2011, 22:01:28 UTC | shorten: check output buffer size before decoding Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:30:29 UTC |
e1ea35f | Justin Ruggles | 15 September 2011, 22:08:52 UTC | shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:24:03 UTC |
cbfd342 | Laurent Aimar | 08 October 2011, 21:40:41 UTC | mpegts: do not return from ff_mpegts_parse_packet() after having seen the first PMT It prevents leaving the AVPacket uninitialized. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bc38e83793be5f7a184c88be55e556453a25224b) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:23:56 UTC |
feef77e | Laurent Aimar | 08 October 2011, 21:40:40 UTC | mpegts: fix return value when enough ts packets have been parsed or when the first PMT has been seen. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 49ec0c818dc3c1c293a582b57fb58ba611a10b32) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:23:52 UTC |
f531193 | Matthew Einhorn | 25 August 2011, 00:14:03 UTC | Fixes avpicture_layout to not write past buffer end. avpicture_get_size() returns the size of buffer required for avpicture_layout. For pseudo-paletted formats (gray8...) this size does not include the palette. However, avpicture_layout doesn't know this and still writes the palette. Consequently, avpicture_layout writes passed the length of the buffer. This fixes it by fixing avpicture_layout so that it doesn't write the palette for these formats. Signed-off-by: Matthew Einhorn <moiein2000@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e662b263d9c500270a8f1dc7e1b81b51d5bdfd4e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:23:47 UTC |
e86e9f8 | Alex Converse | 15 October 2011, 01:27:59 UTC | avio: Check for invalid buffer length. (cherry picked from commit ab2940691ba76e1a9b0ce608db0dfc45021d741e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:23:33 UTC |
15a7fe1 | Ronald S. Bultje | 14 October 2011, 21:46:06 UTC | pthread: copy coded frame dimensions in update_context_from_thread Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit feadcd1bdcbb4601f4ff01878027264fde985ee1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:23:28 UTC |
d32f509 | Ronald S. Bultje | 14 October 2011, 21:43:29 UTC | vp8: prevent read from uninitialized memory in decode_mvs Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 0f0b5d643401d4d83322eeee0e57eb5a226ef9ab) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:22:59 UTC |
5f5f36b | Ronald S. Bultje | 14 October 2011, 21:27:52 UTC | vp8: force reallocation in update_thread_context after frame size change Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 56535793810584f5b3ae59e62cea66fe22d0307d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:22:52 UTC |
d1166f0 | Ronald S. Bultje | 14 October 2011, 21:21:46 UTC | vp8: fix return value if update_dimensions fails Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit f05c2fb6eb1f9ddaec3c07d1874ba62ec0891269) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:22:45 UTC |
d51c7b4 | Ronald S. Bultje | 14 October 2011, 22:03:55 UTC | matroskadec: fix out of bounds write Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit 723229c11f1400e6a09c8a1c9c27193f376eb1d1) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:22:38 UTC |
e58870a | Alex Converse | 14 October 2011, 17:38:42 UTC | mov: 10l: Terminate string with 0 not '0' (cherry picked from commit 7ad06beb2cf31d8a96f475361425d6cc95e8f176) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:21:57 UTC |
5c18bcf | Alex Converse | 13 October 2011, 21:47:06 UTC | mov: Prevent illegal writes when chapter titles are very short. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:11:18 UTC |
62cf52c | Justin Ruggles | 13 October 2011, 03:23:18 UTC | truespeech: check to make sure channels == 1 (cherry picked from commit 3e7a176759e8a8e66d65c779b47b5bba793dfd4e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at> | 04 November 2011, 00:09:22 UTC |