aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bmv: fix integer overflows in vlc decoder.Michael Niedermayer2012-06-091-1/+5
| | | | | | | | | | | Fixes part of Ticket1373 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Based-on-patch-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 679c578cb8e82df6fdee977e3137a26a680ad346) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* wmv1: check that the input buffer is large enoughMichael Niedermayer2012-06-091-0/+5
| | | | | | | | | | Fixes null ptr deref Fixes Ticket1367 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f23a2418fb0ccc56fdae4dbf83a5994cc917c475) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* yopdec: check frame oddness to be within supported limitsMichael Niedermayer2012-06-091-0/+4
| | | | | | | | | Fixes Ticket1365 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit febc013dc5d6db1535a4f91cf02fa8089038937c) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* yopdec: check that palette fits in the packetMichael Niedermayer2012-06-091-0/+5
| | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b6fdf8dea7aaf3cb9a979dce91f752c2ce3086a3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* 8svx: fix crashMichael Niedermayer2012-06-091-1/+1
| | | | | | | | | | Fixes Ticket1377 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 03ce421c1361e4ce79468de8269ad51ba2ae4c16) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* dv-demux: dont mess with codec valuesMichael Niedermayer2012-06-091-3/+0
| | | | | | | | | | Fixes part of Ticket1369 Found-by: ami_stuff Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3c276ac0f8936745543d14674842647c502bdd2e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* binkaudio: check number of channelsPaul B Mahol2012-06-091-3/+3
| | | | | | | | | Fixes #1380. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit 824a6975ee066e944b7a20d1e220fd8974fb6174) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* indeo5: check quant_matMichael Niedermayer2012-06-091-0/+4
| | | | | | | | | | prevents out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 8aaa00c3012d425ce50efffadb813ad62d1ff3d5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* truemotion1: Check index, fix out of array readMichael Niedermayer2012-06-091-0/+16
| | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fd4c1c0b70b5a06dd572d7e27799a2f4c3d9b984) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* iff: check if there is extradataPaul B Mahol2012-06-091-1/+6
| | | | | | | | | Fixes #1368. Signed-off-by: Paul B Mahol <onemda@gmail.com> (cherry picked from commit 8f61526978697e51d3b9e61ea84daf13c42717af) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* ape: Fix null ptr dereference with files missing a seekatable.Michael Niedermayer2012-06-091-0/+3
| | | | | | | | | | Such files are currently not supported as the table is used at several points Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e7cb161515fc9fb6d30d1681d64d9ba7ad737a4e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* 4xm: fix division by zero caused by bps<8Michael Niedermayer2012-06-091-0/+5
| | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1b8741a6843f3f4667c81c2d63d3182858aa534f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* jvdec: check videosizeMichael Niedermayer2012-06-091-0/+4
| | | | | | | | | | Fixes null ptr dereference fixes Ticket1364 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b4904e804d3b1c56ac4f5d3386b15daae98fca2d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* motionpixels: check extradata sizeMichael Niedermayer2012-06-091-0/+5
| | | | | | | | | | Fixes null ptr derefernce Fixes Ticket1363 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 50122084a6b3be06781a2b3d8ec036f2d67c32e3) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* iff_ilbm: fix null ptr derefMichael Niedermayer2012-06-091-3/+7
| | | | | | | | | Fixes Ticket1362 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 849d4b041351ef8d77c4231cf417f997e79f9ab7) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* yop: check for missing extradataMichael Niedermayer2012-06-091-0/+5
| | | | | | | | | | Fixes null ptr deref Fixes Ticket1361 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 77a4c8b959fa9bc6bcaa42b40a0b046cdf3fec38) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* xan: fix out of array readMichael Niedermayer2012-06-091-0/+4
| | | | | | | | | Fixes ticket1360 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 01900fcc45e99ee4556e0a5d87ff57b2f150dad4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* cdgraphics: Fix out of array writeMichael Niedermayer2012-06-091-0/+4
| | | | | | | | | | Fixes Ticket1359 Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1e5c7376c4ed733910845c9a09e272ac7696b1f4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* Merge remote-tracking branch 'qatar/release/0.8' into release/0.10Michael Niedermayer2012-06-090-0/+0
|\ | | | | | | | | | | | | | | | | | | * qatar/release/0.8: cmdutils: update copyright year to 2012. Conflicts: cmdutils.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * cmdutils: update copyright year to 2012.Ronald S. Bultje2012-06-081-1/+1
| |
* | Merge remote-tracking branch 'qatar/release/0.8' into release/0.10Michael Niedermayer2012-06-047-12/+36
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * qatar/release/0.8: Update Changelog for the 0.8.3 Release Prepare for 0.8.3 Release ea: check chunk_size for validity. png: check bit depth for PAL8/Y400A pixel formats. qdm2: clip array indices returned by qdm2_get_vlc(). tqi: Pass errors from the MB decoder h264: Add check for invalid chroma_format_idc h263dec: Disallow width/height changing with frame threads. Conflicts: Changelog RELEASE libavcodec/eatqi.c libavcodec/h264_ps.c libavcodec/pngdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * Update Changelog for the 0.8.3 ReleaseReinhard Tartler2012-06-031-0/+7
| |
| * Prepare for 0.8.3 ReleaseReinhard Tartler2012-06-031-1/+1
| |
| * ea: check chunk_size for validity.Ronald S. Bultje2012-06-031-1/+6
| | | | | | | | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 273e6af47b38391f2bcc157cca0423fe7fcbf55c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * png: check bit depth for PAL8/Y400A pixel formats.Ronald S. Bultje2012-06-031-2/+4
| | | | | | | | | | | | | | | | | | | | | | Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit d2205d6543881f2e6fa18c8a354bbcf91a1235f7) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * qdm2: clip array indices returned by qdm2_get_vlc().Ronald S. Bultje2012-06-021-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 64953f67f98da2e787aeb45cc7f504390fa32a69) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c
| * tqi: Pass errors from the MB decoderMichael Niedermayer2012-05-231-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit f85334f58e1286287d0547a49fa9c93b40cbf48f) (cherry picked from commit 90290a5150e84fb138ccde57657dc03830f08c1c) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * h264: Add check for invalid chroma_format_idcAlexander Strange2012-05-221-1/+5
| | | | | | | | | | | | | | | | | | | | | | Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit 6ef4063957aa5025c8d2cd757b6a537e4b6874df) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * h263dec: Disallow width/height changing with frame threads.Michael Niedermayer2012-05-221-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba) Conflicts: libavcodec/h263dec.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* | threads: Perform the generic progress cleanup more carefully.Michael Niedermayer2012-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | The cleanup is only done now when a picture is returned (assuming that it has to be done when its returned) a error is returned (assuming that there will be no further progress on the frame) the codec is not h264 (this is still needed due to some deadlocks in realvideo) This fixes a decoding regression with 00017.MTS Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 18a7f7465e7e6b9c3688ffc23230ae7a0639a771)
* | update for ffmpeg 0.10.3n0.10.3Michael Niedermayer2012-05-063-3/+3
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | indeo4: check that num_mbs matchesMichael Niedermayer2012-05-061-0/+5
| | | | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d3db8988d5befd8702a748cf1957415677bfe75c)
* | dsp: fix diff_bytes_mmx() with small widthMichael Niedermayer2012-05-061-0/+1
| | | | | | | | | | | | | | Fixes Ticket1068 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e)
* | Changelog: updateMichael Niedermayer2012-05-061-2/+6
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | mmdemux: dont set pkt->size to an invalid value.Michael Niedermayer2012-05-061-1/+0
| | | | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 0c97fd336e17535239ab44d755a0d957dc2688f3)
* | h261: check mtype.Michael Niedermayer2012-05-061-0/+4
| | | | | | | | | | | | | | | | Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit ec3cd74f2dab8e3e8234ccb994132b23d3098585)
* | mpegvideo: increase buffer sizes.Michael Niedermayer2012-05-061-2/+2
| | | | | | | | | | | | | | | | Fixes buffer overflow Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 2c0559d5e2faeafa7998173a4dc430408475503f)
* | mov: fix global unicode convertion array overflow.Michael Niedermayer2012-05-061-1/+1
| | | | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 437f5daf0bf727a53ea4b485a30f1289f44bf252)
* | iff: fix null ptr dereferenceMichael Niedermayer2012-05-061-1/+1
| | | | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 41abc9da50ba7a7b68bbbf6622475ce7a3c72e3f)
* | xmvdemux: dont let current_stream become invalid.Michael Niedermayer2012-05-061-1/+1
| | | | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 13381577d181fa732d6d2fa0491fa2ff50186546)
* | avidec: Dont crash on avi packets that belong to dv streams in dv in aviMichael Niedermayer2012-05-061-0/+5
| | | | | | | | | | | | | | | | Fixes null pointer dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 096231d497457be9496b0be01ff6da2093186c3c)
* | cook: check subacket countMichael Niedermayer2012-05-061-0/+5
| | | | | | | | | | | | | | | | Fixes out of array writes. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5a35bd92ad6b535fd5d3a7513169661de66ec247)
* | 4xmdemux: Check chunk sizeMichael Niedermayer2012-05-061-0/+4
| | | | | | | | | | | | | | | | | | | | Fixes over reading the header array Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 474e31c904f766b6989fe614c3fb093e697c847f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Merge remote-tracking branch 'qatar/release/0.8' into release/0.10Michael Niedermayer2012-05-069-27/+83
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * qatar/release/0.8: Update Changelog for the 0.8.2 Release Prepare for 0.8.2 Release vqavideo: return error if image size is not a multiple of block size celp filters: Do not read earlier than the start of the 'out' vector. motionpixels: Clip YUV values after applying a gradient. jpeg: handle progressive in second field of interlaced. h263: more strictly forbid frame size changes with frame-mt. h264: additional protection against unsupported size/bitdepth changes. tta: prevents overflows for 32bit integers in header. ttadec: CRC checking tta: use skip_bits_long() Conflicts: Changelog RELEASE libavcodec/h264.c libavcodec/tta.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * Update Changelog for the 0.8.2 ReleaseReinhard Tartler2012-05-041-0/+14
| |
| * Prepare for 0.8.2 ReleaseReinhard Tartler2012-05-041-1/+1
| |
| * vqavideo: return error if image size is not a multiple of block sizeMans Rullgard2012-05-041-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * celp filters: Do not read earlier than the start of the 'out' vector.Alex Converse2012-05-041-3/+1
| | | | | | | | | | | | | | CC: libav-stable@libav.org (cherry picked from commit 37ddd3833219fa7b913fff3f5cccc6878b047e6b) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * motionpixels: Clip YUV values after applying a gradient.Alex Converse2012-05-041-0/+6
| | | | | | | | | | | | | | | | | | Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
| * jpeg: handle progressive in second field of interlaced.Ronald S. Bultje2012-05-041-3/+2
| | | | | | | | | | | | | | | | | | | | | | Progressive data is allocated later in decode_sof(), not allocating that data leads to NULL dereferences. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 5eec5a79da118170f3cfe185a862783d3fa50abe) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 02:17:27 +0000