wrapper/FFmpeg

Author	SHA1	Message	Date
Michael Niedermayer	cd4827dfd4	avcodec/indeo3: use signed variables to avoid underflow Fixes out of array read Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3305acdc92`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	87ec3c6156	avcodec/vmdvideo: Check len before using it in method 3 Fixes out of array access Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3030fb7e0d`) Conflicts: libavcodec/vmdav.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	0b5d644839	avcodec/pngdec: Check IHDR/IDAT order Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `79ceaf827b`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	aebfcf7d62	avcodec/mjpegdec: Fix context fields becoming inconsistent Fixes out of array access Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `0eecf40935`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 32d3acac727f3f4a6489ca129a5ea4ccdfcb34a5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	ec640e10b2	avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization Fixes out of array read Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5dcb99033d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	3296e30d37	avcodec/h264_slice: Clear table pointers to avoid stale pointers Might fix Ticket3889 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `547fce9585`) Conflicts: libavcodec/h264_slice.c Conflicts: libavcodec/h264.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	d327f673f9	avcodec/dnxhddec: treat pix_fmt like width/height Fixes out of array accesses Fixes: asan_heap-oob_22c9a39_16_015.mxf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f3c0e0bf6f`) Conflicts: libavcodec/dnxhddec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	017226fdf9	avcodec/dxa: check dimensions Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e70312dfc2`) Conflicts: libavcodec/dxa.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	e0ed766f2a	avcodec/qpeg: fix off by 1 error in MV bounds check Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `dd3bfe3cc1`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	677da72300	avcodec/pngdec: Calculate MPNG bytewidth more defensively Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e830902934`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7238c744de	avcodec/pngdec: Check bits per pixel before setting monoblack pixel format Fixes out of array accesses Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3e2b745020`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7c1150bf05	avcodec/tiff: more completely check bpp/bppcount Fixes pixel format selection Fixes out of array accesses Fixes: asan_heap-oob_1766029_6_asan_heap-oob_20aa045_332_cov_1823216757_m2-d1d366d7965db766c19a66c7a2ccbb6b.tif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e1c0cfaa41`) Conflicts: libavcodec/tiff.c (cherry picked from commit e9125e74897135d690cf44f6e6d39e80dcd07803) Conflicts: libavcodec/tiff.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	19d0c9e993	avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8b0e96e1f2`) Conflicts: libavcodec/mmvideo.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	bd3a28e8b6	avcodec/utils: Add case for jv to avcodec_align_dimensions2() Fixes out of array accesses Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `105654e376`) Conflicts: libavcodec/utils.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	bb6a8a0509	avcodec/mjpegdec: check bits per pixel for changes similar to dimensions Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5c378d6a6d`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82) Conflicts: libavcodec/mjpegdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	1704a7b67d	avcodec/jpeglsdec: Check run value more completely in ls_decode_line() previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `06e7d58410`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	348b87b9bd	avcodec/ac3enc_template: fix out of array read Found-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `d85ebea3f3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7248e73559	avcodec: fix aac/ac3 parser bitstream buffer size Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `fccd85b9f3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 01:31:57 +01:00
Michael Niedermayer	a0316589e4	Merge commit '`335ec616cc`' into release/0.10 * commit '`335ec616cc`': utvideodec: Handle slice_height being zero Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 23:11:51 +01:00
Michael Niedermayer	90afa95a55	Merge commit '`ec5b2f6a38`' into release/0.10 * commit '`ec5b2f6a38`': tiff: Check that there is no aliasing in pixel format selection Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:51:08 +01:00
Michael Niedermayer	22377751c9	Merge commit '`905988fe1a`' into release/0.10 * commit '`905988fe1a`': eamad: check for out of bounds read Conflicts: libavcodec/eamad.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:50:00 +01:00
Michael Niedermayer	60feb8543a	Merge commit '`d6deed7916`' into release/0.10 * commit '`d6deed7916`': h264_cabac: Break infinite loops Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:38:55 +01:00
Michael Niedermayer	caedb041a6	Merge commit '`9ae3cd6e72`' into release/0.10 * commit '`9ae3cd6e72`': gifdec: refactor interleave end handling Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:32:12 +01:00
Michael Niedermayer	ed69f0f72e	Merge commit '`a331e11906`' into release/0.10 * commit '`a331e11906`': smc: fix the bounds check Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:31:57 +01:00
Michael Niedermayer	8439378f41	Merge commit '`fc159ba88e`' into release/0.10 * commit '`fc159ba88e`': mmvideo: check frame dimensions Conflicts: libavcodec/mmvideo.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:31:40 +01:00
Michael Niedermayer	17f094697d	Merge commit '`954aafaa96`' into release/0.10 * commit '`954aafaa96`': jvdec: check frame dimensions Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:21:47 +01:00
Michael Niedermayer	c388db185c	Merge commit '`893b353362`' into release/0.10 * commit '`893b353362`': x86: Only use optimizations with cmov if the CPU supports the instruction Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:04:45 +01:00
Michael Niedermayer	35e88167ea	Merge commit '`2deac60a38`' into release/0.10 * commit '`2deac60a38`': adpcmenc: Calculate the IMA_QT predictor without overflow Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:50:03 +01:00
Michael Niedermayer	82c8abb34f	Merge commit '`3eed35addb`' into release/0.10 * commit '`3eed35addb`': svq1enc: Set picture_structure correctly Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:49:42 +01:00
Michael Niedermayer	7801f3e509	Merge commit '`ec0df23765`' into release/0.10 * commit '`ec0df23765`': h264: Remove an assert on current_picture_ptr being null Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:44:24 +01:00
Michael Niedermayer	6c76f3dfaa	Merge commit '`d1c490448c`' into release/0.10 * commit '`d1c490448c`': mpegvideo: remove last_picture_ptr / h264 assert. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:43:52 +01:00
Michael Niedermayer	9d94589852	Merge commit '`9858a723cb`' into release/0.10 * commit '`9858a723cb`': elbg: Fix an assert Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:37:53 +01:00
Michael Niedermayer	c9a38ffe2f	Merge commit '`233d1b4861`' into release/0.10 * commit '`233d1b4861`': h264_refs: Fix debug tprintf argument types Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:36:34 +01:00
Michael Niedermayer	3832db1223	Merge commit '`57c36de726`' into release/0.10 * commit '`57c36de726`': vp8: avoid race condition on segment map. Conflicts: libavcodec/vp8.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:29:31 +01:00
Michael Niedermayer	2a4d9b9af0	Merge commit '`8152b02f33`' into release/0.10 * commit '`8152b02f33`': arm/neon: dsputil: use correct size specifiers on vld1/vst1 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:11:07 +01:00
Michael Niedermayer	6a28ae55c4	Merge commit '`9fa9d471a7`' into release/0.10 * commit '`9fa9d471a7`': arm: dsputil: prettify some conditional instructions in put_pixels macros Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:10:31 +01:00
Michael Niedermayer	78518fb928	Merge commit '`6dd19ffd39`' into release/0.10 * commit '`6dd19ffd39`': arm: dsputil: fix overreads in put/avg_pixels functions Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:10:08 +01:00
Michael Niedermayer	335ec616cc	utvideodec: Handle slice_height being zero Fixes out of array accesses. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Bug-Id: CVE-2014-9604 Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit `0ce3a0f9d9`) (cherry picked from commit `3a417a86b3`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `e032e647dd`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `789f433bc6`) Conflicts: libavcodec/utvideodec.c	2015-03-09 22:08:49 -04:00
Anton Khirnov	ec5b2f6a38	tiff: Check that there is no aliasing in pixel format selection Fixes possible issues with unexpected bpp/bppcount values. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Bug-Id: CVE-2014-8544 (cherry picked from commit `ae5e1f3d66`) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit `eb9041403d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `62b0462e5f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2015-03-08 22:30:43 -04:00
Federico Tomassetti	905988fe1a	eamad: check for out of bounds read Bug-Id: CID 1257500 CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-03-08 20:36:47 +00:00
Michael Niedermayer	d6deed7916	h264_cabac: Break infinite loops This fixes out of array reads and/or infinite loops. 30 is the maximum number of bits that can be read into coeff_abs below. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Martin Storsjö <martin@martin.st>	2015-02-23 00:06:28 +00:00
Michael Niedermayer	9ae3cd6e72	gifdec: refactor interleave end handling Fixes invalid writes with very small image heights. CC: libav-stable@libav.org Bug-ID: CVE-2014-8547 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `0b39ac6f54`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `eac49477aa`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `92888e9ed4`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `02de44073a`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-12-20 11:19:47 +01:00
Michael Niedermayer	a331e11906	smc: fix the bounds check Fixes invalid writes when there are more blocks in a run than total remaining blocks. CC: libav-stable@libav.org Bug-ID: CVE-2014-8548 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `d423dd72be`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `58dc526ebf`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `f249e98891`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `306ee95088`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-12-20 11:16:34 +01:00
Anton Khirnov	fc159ba88e	mmvideo: check frame dimensions The frame size must be set by the caller and each dimension must be a multiple of 2. CC: libav-stable@libav.org Bug-ID: CVE-2014-8543 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `17ba719d9b`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `69a930b988`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `3f10a779b4`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Conflicts: libavcodec/mmvideo.c (cherry picked from commit `03dba25a40`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2014-12-20 11:16:27 +01:00
Anton Khirnov	954aafaa96	jvdec: check frame dimensions The frame size must be set by the caller and each dimension must be a multiple of 8. CC: libav-stable@libav.org Bug-ID: CVE-2014-8542 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `88626e5af8`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `55788572ea`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `8f238dd9bd`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Conflicts: libavcodec/jvdec.c (cherry picked from commit `50cb695bf1`) Signed-off-by: Anton Khirnov <anton@khirnov.net> Conflicts: libavcodec/jvdec.c	2014-12-20 11:16:15 +01:00
Diego Biurrun	893b353362	x86: Only use optimizations with cmov if the CPU supports the instruction Also fill in missing hash for AV_CPU_FLAG_CMOV addition in APIChanges. (cherry picked from commit `fe07c9c6b5`) Signed-off-by: Diego Biurrun <diego@biurrun.de> Conflicts: libavcodec/x86/dsputil_mmx.c	2014-09-16 01:48:53 -07:00
Michael Niedermayer	2deac60a38	adpcmenc: Calculate the IMA_QT predictor without overflow Previously, the value given to put_bits was 10 bits long for positive predictors, even though 9 bits were to be written. The extra bit could in some cases overwrite existing bits in the bitstream writer cache. This fixes a failed assert in put_bits.h, when running a version built with -DDEBUG. The fate test result gets slightly improved, thanks to getting rid of the overwritten bits in the bitstream writer cache. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `aa264da5bf`) Signed-off-by: Diego Biurrun <diego@biurrun.de> Conflicts: tests/ref/fate/acodec-adpcm-ima_qt	2014-08-23 05:19:12 -07:00
Michael Niedermayer	3eed35addb	svq1enc: Set picture_structure correctly This fixes assert failures when running in debug mode. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `2d7d91f06d`) Signed-off-by: Diego Biurrun <diego@biurrun.de>	2014-08-23 05:19:12 -07:00
Michael Niedermayer	ec0df23765	h264: Remove an assert on current_picture_ptr being null It is possible in various error paths as well as gap handling that this has already been allocated. It is not clear why that would be a problem with the current code, thus disable the assert to avoid a common assert failure when asserts are enabled. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `5e997688f8`) Signed-off-by: Diego Biurrun <diego@biurrun.de>	2014-08-23 05:19:12 -07:00
Martin Storsjö	372f742dd1	parser: Don't use pc as context for av_dlog The ParserContext class doesn't have an AVClass, required for using it as a logging class. Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `6d65496990`) Signed-off-by: Diego Biurrun <diego@biurrun.de>	2014-08-23 05:19:12 -07:00

1 2 3 4 5 ...

18042 commits