* release/0.7: (33 commits)
Update for 0.7.8
svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148
vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145
qdm2dec: fix buffer overflow. Fixes NGS00144
h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312
mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655
imgutils: Fix illegal read.
ac3probe: Detect Sonic Foundry Soft Encode AC3 as raw AC3. Our ac3 code chain can handle it fine. More ideal would be to write a demuxer that actually extracts what can be from the additional headers and uses it for whatever it can be used for.
mjpeg: support mpo Fixes stereoscopic_photo.mpo
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
rawdec: use a default sample rate if none is specified. Fixes "ffmpeg -f s16le -i /dev/zero"
rawdec: add check on sample_rate
qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads.
cinepak: check strip_size
wma: Check channel number before init. Fixes Ticket240
...
Conflicts:
RELEASE
doc/APIchanges
libavcodec/avcodec.h
libavcodec/utils.c
libavcodec/version.h
libavdevice/v4l2.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* release/0.8: (31 commits)
svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148
vp3dec: Check coefficient index in vp3_dequant() Fixes NGS00145
qdm2dec: fix buffer overflow. Fixes NGS00144
h264: Fix invalid interlaced progressive MB combinations for direct mode prediction. Fixes Ticket312
mpegvideo: dont use ff_mspel_motion() for vc1 Fixes Ticket655
imgutils: Fix illegal read.
ac3probe: Detect Sonic Foundry Soft Encode AC3 as raw AC3. Our ac3 code chain can handle it fine. More ideal would be to write a demuxer that actually extracts what can be from the additional headers and uses it for whatever it can be used for.
mjpeg: support mpo Fixes stereoscopic_photo.mpo
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
rawdec: use a default sample rate if none is specified. Fixes "ffmpeg -f s16le -i /dev/zero"
rawdec: add check on sample_rate
qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones() This is neccessary but likely not sufficient to prevent out of array reads.
cinepak: check strip_size
wma: Check channel number before init. Fixes Ticket240
Do not try to read 16bit gray png files with alpha channel.
...
Conflicts:
libavcodec/version.h
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes NGS00144
This also adds a few lines of code from master that are needed for this fix.
Thanks to Phillip for suggestions to improve the patch.
Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket312
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 833a195905)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket655
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 50d6f81956)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7:
Add a version bump and APIchanges entry for avcodec_open2 and avformat_find_stream_info.
lavf: fix multiplication overflow in avformat_find_stream_info()
lavf: fix invalid reads in avformat_find_stream_info()
lavf: add avformat_find_stream_info()
lavc: fix parentheses placement in avcodec_open2().
lavc: introduce avcodec_open2() as a replacement for avcodec_open().
Conflicts:
doc/APIchanges
libavcodec/utils.c
libavcodec/version.h
libavformat/avformat.h
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Adds support for decoder-private options and makes setting other options
simpler.
(cherry picked from commit 0b950fe240)
Conflicts:
libavcodec/avcodec.h
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This is neccessary but likely not sufficient to prevent out of array reads.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 14db3af4f2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket240
Based on patch by ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 20431a9982)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
FFmpeg does not support gray16a.
Fixes the crash in ticket #644.
(cherry picked from commit 0c5fd6372e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with Address Sanitizer
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit e0966eb140)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* release/0.7: (290 commits)
nuv: Fix combination of size changes and LZO compression.
av_lzo1x_decode: properly handle negative buffer length.
Do not call parse_keyframes_index with NULL stream.
update versions for 0.7 branch
Version numbers for 0.8.6
snow: emu edge support Fixes Ticket592
imc: validate channel count
imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d67)
libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b130)
configure: fix arch x86_32
mp3enc: avoid truncating id3v1 tags by one byte
asfdec: Check packet_replic_size earlier
cin audio: validate the channel count
binkaudio: add some buffer overread checks.
atrac1: validate number of channels (cherry picked from commit bff5b2c1ca)
atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12)
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e4)
apedec: set s->currentframeblocks after validating nblocks
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d74)
...
Conflicts:
Changelog
Makefile
RELEASE
configure
libavcodec/error_resilience.c
libavcodec/mpegvideo.c
libavformat/matroskaenc.c
tests/ref/lavf/mxf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
There were multiple issues, for example might we have to re-run
the decompression when the size of the buffer increased,
we should always use a decompression buffer large enough for
the header (so we do not get stuck when the size is too small).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
There were multiple issues, for example might we have to re-run
the decompression when the size of the buffer increased,
we should always use a decompression buffer large enough for
the header (so we do not get stuck when the size is too small).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* release/0.8: (96 commits)
Version numbers for 0.8.6
snow: emu edge support Fixes Ticket592
imc: validate channel count
imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d67)
libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b130)
configure: fix arch x86_32
mp3enc: avoid truncating id3v1 tags by one byte
asfdec: Check packet_replic_size earlier
cin audio: validate the channel count
binkaudio: add some buffer overread checks.
atrac1: validate number of channels (cherry picked from commit bff5b2c1ca)
atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12)
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e4)
apedec: set s->currentframeblocks after validating nblocks
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d74)
apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313)
mpegaudiodec: check output data size based on avctx->frame_size
resample: Fix array size
resample2: fix potential overflow
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket592
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4416931fc0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Jim Radford
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3e7db0a9ee)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avpicture_get_size() returns the size of buffer required for avpicture_layout.
For pseudo-paletted formats (gray8...) this size does not include the palette.
However, avpicture_layout doesn't know this and still writes the palette. Consequently,
avpicture_layout writes passed the length of the buffer. This fixes it
by fixing avpicture_layout so that it doesn't write the palette for these formats.
Signed-off-by: Matthew Einhorn <moiein2000@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e662b263d9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
