Fix writing over the end
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0ceca269b66ec12a23bf0907bd2c220513cdbf16)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b143844ea0f6246e0d5a938d743e2e8a98453bec': (22 commits)
aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
vp6: properly fail on unsupported feature
h264: Fix parameters to ff_er_add_slice() call
flacenc: ensure the order is within the min/max range in LPC order search
yuv4mpeg: reject unsupported codecs
vp8: reset loopfilter delta values at keyframes.
vp56: release frames on error
vp56: make parse_header return standard error codes
ivi_common: check that scan pattern is set before using it.
Update RELEASE file for 0.7.7
tiffenc: Check av_malloc() results.
mpegaudiodec: fix short_start calculation
h264: avoid stuck buffer pointer in decode_nal_units
yuv4mpeg: return proper error codes.
smacker audio: sign-extend the initial 16-bit predicted value
vf_pad: don't give up its own reference to the output buffer.
avidec: return 0, not packet size from read_packet().
wmapro: prevent division by zero when sample rate is unspecified
alsdec: fix number of decoded samples in first sub-block in BGMC mode.
alsdec: remove dead assignments
...
Conflicts:
RELEASE
libavformat/avidec.c
libavformat/yuv4mpeg.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'aa45b90804ab21175b8c116bd8e5eb4b4e85fbcb': (22 commits)
alsdec: Check k used for rice decoder.
cavsdec: check for changing w/h.
avidec: use actually read size instead of requested size
wmaprodec: check num_vec_coeffs for validity
lagarith: check count before writing zeros.
indeo5: check tile size in decode_mb_info().
indeo5: prevent null pointer dereference on broken files
indeo: check for invalid motion vectors
indeo: clear allocated band buffers
indeo: check custom Huffman tables for errors
dfa: add some checks to ensure that decoder won't write past frame end
dfa: check that the caller set width/height properly.
bytestream: add a new set of bytestream functions with overread checking
avsdec: Set dimensions instead of relying on the demuxer.
lavfi: avfilter_merge_formats: handle case where inputs are same
rv34: use AVERROR return values in ff_rv34_decode_frame()
h263: Add ff_ prefix to nonstatic symbols
eval: fix swapping of lt() and lte()
bmpdec: only initialize palette for pal8.
vc1dec: add flush function for WMV9 and VC-1 decoders
...
Conflicts:
libavcodec/avs.c
libavcodec/mpegvideo_enc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Values that fail this check will cause failure of decode_rice()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 23aae62c2cb4504a09ceb8cd0cabc1c8b260f521)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
ALS spec:
11.6.3.1.1 Quantization and encoding of parcor coefficients
...
In all cases the resulting quantized values ak are restricted to the range [-64,63].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 5b051ec3bdc78f3d89e8d1425674cde8fd6c9ccc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* qatar/release/0.7:
vorbis: Validate that the floor 1 X values contain no duplicates.
vorbisenc: check all allocations for failure
lavfi: avfilter_merge_formats: handle case where inputs are same
alsdec: check opt_order.
lavf: don't segfault when a NULL filename is passed to avformat_open_input()
mpegvideo: Don't use ff_mspel_motion() for vc1
imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
nuv: check RTjpeg header for validity
vc1dec: add flush function for WMV9 and VC-1 decoders
ffmpeg: fix -force_key_frames
mov: set AVCodecContext.width/height for h264
h264: allow cropping to AVCodecContext.width/height
Conflicts:
libavcodec/mpegvideo_common.h
libavcodec/nuv.c
libavcodec/vorbisenc.c
libavfilter/formats.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array write in quant_cof.
Also make sure no invalid opt_order stays in the context.
Fixes CVE-2012-2775
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 9853e41aa0a6cfff629ff7009685eb8bf8d64e7f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit a1b127515bb79c715933d0d4201e4ef3152b3dcb)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* qatar/release/0.7: (84 commits)
id3v2: fix skipping extended header in id3v2.4
Update RELEASE file for 0.7.5
lcl: use AVERROR_INVALIDDATA instead of AVERROR_UNKNOWN
kgv1dec: Increase offsets array size so it is large enough.
kgv1: use avctx->get/release_buffer().
kvmc: fix invalid reads
nsvdec: Propagate error values instead of returning 0 in nsv_read_header().
mjpegbdec: Fix overflow in SOS.
shorten: Use separate pointers for the allocated memory for decoded samples.
shorten: check for realloc failure (cherry picked from commit 9e5e2c2d010c05c10337e9c1ec9d0d61495e0c9c)
atrac3: Fix crash in tonal component decoding.
ws_snd1: Fix wrong samples count and crash.
ws_snd: add some checks to prevent buffer overread or overwrite. (cherry picked from commit 417364ce1f979031ef6fee661fc15e1869bdb1b4)
ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16.
dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2
h264: stricter reference limit enforcement.
jvdec: unbreak video decoding
xxan: don't read before start of buffer in av_memcpy_backptr().
dsicinvideo: validate buffer offset before copying pixels.
huffyuv: add padding to classic (v1) huffman tables.
...
Conflicts:
RELEASE
libavcodec/atrac3.c
libavcodec/h264.c
libavcodec/h264_parser.c
libavcodec/kgv1dec.c
libavcodec/shorten.c
libavcodec/svq3.c
libavcodec/ws-snd1.c
libavcodec/xxan.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
It is pretty hopeless that other considerable projects will adopt
libavutil alone in other projects. Projects that need small footprint
are better off with more specialized libraries such as gnulib or rather
just copy the necessary parts that they need. With this in mind, nobody
is helped by having libavutil and libavcore split. In order to ease
maintenance inside and around FFmpeg and to reduce confusion where to
put common code, avcore's functionality is merged (back) to avutil.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
None of these symbols should be accessed directly, so declare them as
hidden.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit d36beb3f6902b1217beda576aa18abf7eb72b03c)
than just per-block. Patch by Sprezz [sprezzatura gmx com]. Fixes Issue 2387.
Originally committed as revision 25898 to svn://svn.ffmpeg.org/ffmpeg/trunk
The maximum value of sub_blocks is 8, a safe size to always allocate on
stack.
Originally committed as revision 23797 to svn://svn.ffmpeg.org/ffmpeg/trunk
Passing an explicit filename to this command is only necessary if the
documentation in the @file block refers to a file different from the
one the block resides in.
Originally committed as revision 22921 to svn://svn.ffmpeg.org/ffmpeg/trunk
