Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5: update version Release notes and changelog for 0.5.5 Fix ff_imdct_calc_sse() on gcc-4.6 Make DECLARE_ALIGNED macros work with external array specifiers Fix MMX rgb24 to yuv conversion with gcc 4.6 Merged-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2011-11-06 01:34:54 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2011-11-06 01:35:41 +0100
commit: 10da0edddcc0b84ab9898a410969c457cd8ce528 (patch)
tree: 496e1967ae98861456cef7f60d394d78681ccabe
parent: 38423fe0b760de19bf71c017e87f87c982551341 (diff)
parent: d6bf79993fe67021584263f87b8a41f9edcec579 (diff)
download: ffmpeg-10da0edddcc0b84ab9898a410969c457cd8ce528.tar.gz
6 files changed, 42 insertions, 16 deletions
diff --git a/Changelog b/Changelog
index fbbabc2e4c..173cc00acf 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,17 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+
+version 0.5.5:
+
+- Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504)
+- Fix some crashes with invalid bitstreams in the CAVS decoder
+  (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974)
+- Compilation fixes for gcc-4.6, testsuite now passes again
+- Detect and handle overreads in the MJPEG decoder.
+
+
+
 version 0.5.4:
 
 - Fix memory corruption in WMV parsing (addresses CVE-2010-3908)
diff --git a/RELEASE b/RELEASE
index 2f7e2c6dde..75099adfac 100644
--- a/RELEASE
+++ b/RELEASE
@@ -137,3 +137,19 @@ maintenance-only release that addresses several security issues that were
 brought to our attention. In detail, fixes for RV30/40, WMV, Vorbis and
 VC-1 have been backported from trunk. Distributors and system integrators
 are encouraged to update and share their patches against this branch.
+
+
+
+* 0.5.5 Nov 11, 2011
+
+General notes
+-------------
+
+This maintenance-only release addresses several security issues that
+were brought to our attention. In detail, fixes for the MJPEG decoder,
+the CAVS decoder (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974), and the
+Matroska decoder (MSVR11-011/CVE-2011-3504) have been
+corrected. Additional, this release contains fixes for compilation with
+gcc-4.6. Distributors and system integrators are encouraged to update
+and share their patches against this branch.
+
diff --git a/VERSION b/VERSION
index 7d8568351b..d1d899fa33 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.5.4
+0.5.5
diff --git a/libavcodec/x86/fft_sse.c b/libavcodec/x86/fft_sse.c
index 3d9f1c5145..918fdf299a 100644
--- a/libavcodec/x86/fft_sse.c
+++ b/libavcodec/x86/fft_sse.c
@@ -22,7 +22,7 @@
 #include "libavutil/x86_cpu.h"
 #include "libavcodec/dsputil.h"
 
-static const int m1m1m1m1[4] __attribute__((aligned(16))) =
+DECLARE_ASM_CONST(16, int, m1m1m1m1)[4] =
     { 1 << 31, 1 << 31, 1 << 31, 1 << 31 };
 
 void ff_fft_dispatch_sse(FFTComplex *z, int nbits);
@@ -182,7 +182,7 @@ void ff_imdct_calc_sse(MDCTContext *s, FFTSample *output, const FFTSample *input
     j = -n;
     k = n-16;
     __asm__ volatile(
-        "movaps %4, %%xmm7 \n"
+        "movaps "MANGLE(m1m1m1m1)", %%xmm7 \n"
         "1: \n"
         "movaps       (%2,%1), %%xmm0 \n"
         "movaps       (%3,%0), %%xmm1 \n"
@@ -195,8 +195,7 @@ void ff_imdct_calc_sse(MDCTContext *s, FFTSample *output, const FFTSample *input
         "add $16, %0 \n"
         "jl 1b \n"
         :"+r"(j), "+r"(k)
-        :"r"(output+n4), "r"(output+n4*3),
-         "m"(*m1m1m1m1)
+        :"r"(output+n4), "r"(output+n4*3)
     );
 }
 
diff --git a/libavutil/internal.h b/libavutil/internal.h
index f5f769e2c0..792fd29a6c 100644
--- a/libavutil/internal.h
+++ b/libavutil/internal.h
@@ -256,11 +256,11 @@ if((y)<(x)){\
 }
 
 #if defined(__ICC) || defined(__SUNPRO_C)
-    #define DECLARE_ALIGNED(n,t,v)      t v __attribute__ ((aligned (n)))
+    #define DECLARE_ALIGNED(n,t,v)      t __attribute__ ((aligned (n))) v
     #define DECLARE_ASM_CONST(n,t,v)    const t __attribute__ ((aligned (n))) v
 #elif defined(__GNUC__)
-    #define DECLARE_ALIGNED(n,t,v)      t v __attribute__ ((aligned (n)))
-    #define DECLARE_ASM_CONST(n,t,v)    static const t v attribute_used __attribute__ ((aligned (n)))
+    #define DECLARE_ALIGNED(n,t,v)      t __attribute__ ((aligned (n))) v
+    #define DECLARE_ASM_CONST(n,t,v)    static const t attribute_used __attribute__ ((aligned (n))) v
 #elif defined(_MSC_VER)
     #define DECLARE_ALIGNED(n,t,v)      __declspec(align(n)) t v
     #define DECLARE_ASM_CONST(n,t,v)    __declspec(align(n)) static const t v
diff --git a/libswscale/swscale_template.c b/libswscale/swscale_template.c
index 6f2e243052..9016778a9c 100644
--- a/libswscale/swscale_template.c
+++ b/libswscale/swscale_template.c
@@ -1739,7 +1739,7 @@ static inline void RENAME(bgr24ToY_mmx)(uint8_t *dst, uint8_t *src, long width,
 static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t *src, long width, int srcFormat)
 {
     __asm__ volatile(
-        "movq                    24+%4, %%mm6       \n\t"
+        "movq                   24(%4), %%mm6       \n\t"
         "mov                        %3, %%"REG_a"   \n\t"
         "pxor                    %%mm7, %%mm7       \n\t"
         "1:                                         \n\t"
@@ -1750,9 +1750,9 @@ static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t *
         "punpcklbw               %%mm7, %%mm1       \n\t"
         "movq                    %%mm0, %%mm2       \n\t"
         "movq                    %%mm1, %%mm3       \n\t"
-        "pmaddwd                    %4, %%mm0       \n\t"
-        "pmaddwd                  8+%4, %%mm1       \n\t"
-        "pmaddwd                 16+%4, %%mm2       \n\t"
+        "pmaddwd                  (%4), %%mm0       \n\t"
+        "pmaddwd                 8(%4), %%mm1       \n\t"
+        "pmaddwd                16(%4), %%mm2       \n\t"
         "pmaddwd                 %%mm6, %%mm3       \n\t"
         "paddd                   %%mm1, %%mm0       \n\t"
         "paddd                   %%mm3, %%mm2       \n\t"
@@ -1764,9 +1764,9 @@ static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t *
         "punpcklbw               %%mm7, %%mm3       \n\t"
         "movq                    %%mm1, %%mm4       \n\t"
         "movq                    %%mm3, %%mm5       \n\t"
-        "pmaddwd                    %4, %%mm1       \n\t"
-        "pmaddwd                  8+%4, %%mm3       \n\t"
-        "pmaddwd                 16+%4, %%mm4       \n\t"
+        "pmaddwd                  (%4), %%mm1       \n\t"
+        "pmaddwd                 8(%4), %%mm3       \n\t"
+        "pmaddwd                16(%4), %%mm4       \n\t"
         "pmaddwd                 %%mm6, %%mm5       \n\t"
         "paddd                   %%mm3, %%mm1       \n\t"
         "paddd                   %%mm5, %%mm4       \n\t"
@@ -1789,7 +1789,7 @@ static inline void RENAME(bgr24ToUV_mmx)(uint8_t *dstU, uint8_t *dstV, uint8_t *
         "add                        $4, %%"REG_a"   \n\t"
         " js                        1b              \n\t"
     : "+r" (src)
-    : "r" (dstU+width), "r" (dstV+width), "g" (-width), "m"(ff_bgr24toUV[srcFormat == PIX_FMT_RGB24][0])
+    : "r" (dstU+width), "r" (dstV+width), "g" (-width), "r"(ff_bgr24toUV[srcFormat == PIX_FMT_RGB24])
     : "%"REG_a
     );
 }
author	Michael Niedermayer <michaelni@gmx.at>	2011-11-06 01:34:54 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2011-11-06 01:35:41 +0100
commit	10da0edddcc0b84ab9898a410969c457cd8ce528 (patch)
tree	496e1967ae98861456cef7f60d394d78681ccabe
parent	38423fe0b760de19bf71c017e87f87c982551341 (diff)
parent	d6bf79993fe67021584263f87b8a41f9edcec579 (diff)
download	ffmpeg-10da0edddcc0b84ab9898a410969c457cd8ce528.tar.gz