aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avcodec/apedec: Check length in long_filter_high_3800()Michael Niedermayer2015-12-201-0/+3
| | | | | | | | | | | Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd7524fdd13dc8d0cf22e2cfd8300a245542b13a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: always set pix_fmt in theora_decode_header()Michael Niedermayer2015-12-201-1/+2
| | | | | | | | | | | Fixes assertion failure Fixes: d0bb0662da342ec65f8f2a081222e6b9/signal_sigabrt_7ffff6ae7cc9_5471_82964f0a9ac2f4d3d59390c15473f6f7.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a814f1d364ba912adf61adef158168c5f7604e93) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rndMichael Niedermayer2015-12-201-2/+2
| | | | | | | | | | | | The code expects actual positive numbers and gives completely wrong results if INT64_MIN is treated as positive Instead clip it into the valid range that is add 1 and treat it as negative Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 25e37f5ea92d4201976a59ae306ce848d257a7e6) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/integer: Fix av_mod_i() with negative dividendMichael Niedermayer2015-12-201-0/+8
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3a9cb18855d29c96a5d9d2f5ad30448cae3a2ddf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/dump: Fix integer overflow in av_dump_format()Michael Niedermayer2015-12-201-1/+1
| | | | | | | | | | Fixes part of mozilla bug 1229167 Found-by: Tyson Smith Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8e7f4520226d2d9ad6a58ad6c32d1455a8b244b2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Clear dimensions in ff_get_buffer() on failureMichael Niedermayer2015-12-201-1/+3
| | | | | | | | | | | Fixes out of array access Fixes: 482d8f2fd17c9f532b586458a33f267c/asan_heap-oob_4a52b6_7417_1d08d477736d66cdadd833d146bb8bae.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit abee0a1c60612e8638640a8a3738fffb65e16dbf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()Michael Niedermayer2015-12-201-2/+2
| | | | | | | | | | | Fixes integer overflow Fixes: 3a45b2ae02f2cf12b7bd99543cdcdae5/asan_heap-oob_1dff502_8022_899f75e1e81046ebd7b6c2394a1419f4.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f03bebc79f76df3a3e5bb9e1bc32baabfb7797c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Clear context on reinitialization failureMichael Niedermayer2015-12-201-4/+6
| | | | | | | | | | | Fixes null pointer dereference Fixes: 1536b9b096a8f95b742bae9d3d761cc6/signal_sigsegv_294aaed_2039_8d1797aeb823ea43858d0fa45c9eb899.ogv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6105b7219a90438deae71b0dc5a034c71ee30fc0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc: allocate entries unconditionallyMichael Niedermayer2015-12-201-3/+1
| | | | | | | | | | | Fixes out of array access Fixes: 08664a2a7921ef48172f26495c7455be/asan_heap-oob_23036c6_3301_523388ef84285a0270caf67a43247b59.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d85aa76115214183e7e3b7d65e950da61474959a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc_cabac: Fix multiple integer overflowsMichael Niedermayer2015-12-201-3/+7
| | | | | | | | | | Fixes: 04ec80eefa77aecd7a49a442cc02baea/asan_heap-oob_19544fa_3303_1905796cd9d8e15f86d664332caabc00.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d5028f61e44b7607b6a547f218f7d85217490a5b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()Michael Niedermayer2015-12-201-0/+3
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit feb3f39614b88c113211a98dda1bc2fe5c3c6957) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()Michael Niedermayer2015-12-201-0/+3
| | | | | | | | | | | Fixes out of array access Fixes: 01859c9a9ac6cd60a008274123275574/asan_heap-oob_1dff571_8250_50d3d1611e294c3519fd1fa82198b69b.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75422280fbcdfbe9dc56bde5525b4d8b280f1bc5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc: Check entry_point_offsetsMichael Niedermayer2015-12-201-1/+7
| | | | | | | | | | | Fixes out of array read Fixes: 007c4a36608ebdf27ee260ad60a81184/asan_heap-oob_32076b4_2243_116b1cb29d91cc4974d6680e3d10bd91.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ef9f7bbfa47317f9d46bf46982a394d2be78503c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cabac: Check initial cabac decoder stateMichael Niedermayer2015-12-205-5/+15
| | | | | | | | | | | | | | | | | | | Fixes integer overflows Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8000d484b83aafa752d84fbdbfb352ffe0dc64f8) Conflicts: libavcodec/cabac.h Conflicts: libavcodec/h264_cabac.c libavcodec/h264_slice.c
* avcodec/cabac_functions: Fix "left shift of negative value -31767"Michael Niedermayer2015-12-201-1/+2
| | | | | | | | | | | Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1f6b05f5228979dab0e149deca7a30d22e98af5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/h264_slice: Limit max_contexts when slice_context_count is initializedMichael Niedermayer2015-12-201-0/+1
| | | | | | | | | | | Fixes out of array access Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2049_f2192b6829ab6e0eefcb035329c03c60.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4ea4d2f438c9a7eba37980c9a87be4b34943e4d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setupMichael Niedermayer2015-12-201-1/+1
| | | | | | | | | | | | | The variable is not a constant and can lead to race conditions Fixes: repro.webm (not reproducable with FFmpeg alone) Found-by: Dale Curtis <dalecurtis@google.com> Tested-by: Dale Curtis <dalecurtis@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dabea74d0e82ea80cd344f630497cafcb3ef872c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check available data before reading custom matrixMichael Niedermayer2015-12-171-0/+8
| | | | | | | | | | Fixes: out of array read Fixes: 76c515fc3779d1b838667c61ea13ce92/asan_heap-oob_1fc0d07_8913_794a4629a264ebdb25b58d3a94ed1785.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 891dc8f87536ac2ec695c70d081345224524ad99) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* mjpegdec: consider chroma subsampling in size checkAndreas Cadhalpun2015-12-171-3/+8
| | | | | | | | | | | | | | If the chroma components are subsampled, smaller buffers are allocated for them. In that case the maximal block_offset for the chroma components is not as large as for the luma component. This fixes out of bounds writes causing segmentation faults or memory corruption. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 5adb5d9d894aa495e7bf9557b4c78350cbfc9d32) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* avcodec/dirac_parser: Check that there is a previous PU before accessing itMichael Niedermayer2015-12-171-1/+1
| | | | | | | | | | Fixes out of array read Fixes: 99d142c47e6ba3510a74b872a1a2ae72/asan_heap-oob_11b36f4_3811_0f5c69e7609a88a580135678de1df844.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a08681f1e614152184615e2bcd71c3d63835f810) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* sonic: make sure num_taps * channels is not larger than frame_sizeAndreas Cadhalpun2015-12-171-0/+7
| | | | | | | | | | | If that is the case, the loop setting predictor_state in sonic_decode_frame causes out of bounds reads of int_samples, which has only frame_size number of elements. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 9637c2531f7eb040ad1c3cb46cb40a63dfc77b80) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* opus_silk: fix typo causing overflow in silk_stabilize_lsfAndreas Cadhalpun2015-12-171-1/+1
| | | | | | | | | | | | Due to this typo max_center can be too large, causing nlsf to be set to too large values, which in turn can cause nlsf[i - 1] + min_delta[i] to overflow to a negative value, which is not allowed for nlsf and can cause an out of bounds read in silk_lsf2lpc. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit f61d44b74aaae1d306d8a0d38b7b3d4292c89ced) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* ffm: reject invalid codec_id and codec_typeAndreas Cadhalpun2015-12-171-0/+28
| | | | | | | | | | | | | | | A negative codec_id cannot be handled by the found_decoder API of AVStream->info: if the codec_id is not recognized, found_decoder is set to -codec_id, which has to be '<0' according to the API documentation. This can cause NULL pointer dereferencing in try_decode_frame. Also make sure the codec_type matches the expected one for codec_id. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit ecf63b7cc24b9fd3e6d604313325dd1ada4db662) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* golomb: always check for invalid UE golomb codes in get_ue_golombAndreas Cadhalpun2015-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also correct the check to reject log < 7, because UPDATE_CACHE only guarantees 25 meaningful bits. This fixes undefined behavior: runtime error: shift exponent is negative Testing with START/STOP timers in get_ue_golomb, one for the first branch (A) and one for the second (B), shows that there is practically no slowdown, e.g. for the cavs decoder: With the check in the B branch: 629 decicycles in get_ue_golomb B, 4194260 runs, 44 skips 433 decicycles in get_ue_golomb A,268434102 runs, 1354 skips Without the check: 624 decicycles in get_ue_golomb B, 4194273 runs, 31 skips 433 decicycles in get_ue_golomb A,268434203 runs, 1253 skips Since the B branch is executed far less often than the A branch, this change is negligible, even more so for the h264 decoder, where the ratio B/A is a lot smaller. Fixes: mozilla bug 1230239 Fixes: fbeb8b2c7c996e9b91c6b1af319d7ebc/asan_heap-oob_195450f_2743_e8856ece4579ea486670be2b236099a0.bit Found-by: Tyson Smith Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 22e960ad478e568f4094971a58c6ad8f549c0180) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* aaccoder: prevent crash of anmr coderAndreas Cadhalpun2015-12-171-1/+1
| | | | | | | | | | | If minq is negative, the range of sf_idx can be larger than SCALE_MAX_DIFF allows, causing assertion failures later in encode_scale_factors. Reviewed-by: Claudio Freire <klaussfreire@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 7a4652dd5da0502ff21c183b5ca7d76b1cfd6c51) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* ffmdec: reject zero-sized chunksAndreas Cadhalpun2015-12-171-2/+2
| | | | | | | | | | If size is zero, avio_get_str fails, leaving the buffer uninitialized. This causes invalid reads in av_set_options_string. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit a611375db532c3d5363d97b10fadd0211811a4fd) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* swscale/x86/rgb2rgb_template: Fallback to mmx in interleaveBytes() if the ↵Michael Niedermayer2015-12-151-6/+6
| | | | | | | | | alignment is insufficient for SSE* This also as a sideeffect fixes the non aligned case Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a066ff89bcbae6033c2ffda9271cad84f6c1b807)
* swscale/x86/rgb2rgb_template: Do not crash on misaligend strideMichael Niedermayer2015-12-151-1/+4
| | | | | | | Fixes Ticket5013 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 80bfce35ccd11458e97f68f417fc094c5347070c)
* avcodec/ffv1dec: Clear quant_table_count if its invalidMichael Niedermayer2015-12-021-0/+1
| | | | | | | | | | | | Fixes deallocation of corrupted pointer Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi No releases affected Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e04126072e984f8db5db9da9303c89ae01f7d6bb) Fixes ticket #5052.
* avcodec/ffv1dec: Print an error if the quant table count is invalidMichael Niedermayer2015-12-021-1/+3
| | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a8b254e436dce2f5c8c6459108dab4b02cc6b79b)
* doc/filters/drawtext: fix centering exampleAndrey Utkin2015-12-011-1/+1
| | | | | | | Signed-off-by: Andrey Utkin <andrey.od.utkin@gmail.com> Signed-off-by: Lou Logan <lou@lrcd.com> (cherry picked from commit 648b26acc5e25ab40c43fddc54b50e9f0b13ebd8) Signed-off-by: Timothy Gu <timothygu99@gmail.com>
* mxfdec: check edit_rate also for physical_trackAndreas Cadhalpun2015-11-261-0/+10
| | | | | | | | | | Previously only the edit_rate of material_track was checked. If it's negative, it causes assertion failures in av_rescale_rnd. Reviewed-by: Tim Nicholson <nichot20-at-yahoo.com@ffmpeg.org> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 047bf82c181c1220b3087b37f28445f8b87a7a23) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* mpegvideo: clear overread in clear_contextAndreas Cadhalpun2015-11-261-0/+1
| | | | | | | | | | Otherwise the h263p decoder can try to copy overread bytes, even though buffer is NULL. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 6a69a175e7b5c5393528ed0f5753e41573fa0df2) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* dvdsubdec: validate offset2 similar to offset1Andreas Cadhalpun2015-11-261-1/+1
| | | | | | | | | If it is negative, it causes segmentation faults in decode_rle. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit f621749d1181987b3f815c6766ea66d6c5d55198) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* aacdec: don't return frames without data from aac_decode_er_frameAndreas Cadhalpun2015-11-261-0/+5
| | | | | | | | | This is similar to commit ec38a1b for aac_decode_frame_int. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d7f29bfa6985e3eea2033dba0449e47b41b85928) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* avcodec/takdec: Use memove, avoid undefined memcpy() useMichael Niedermayer2015-11-261-1/+1
| | | | | | | | | Fixes: e214333cbd94c91228e624ff39329ce6/asan_generic_4a5159_6412_96cda2530e80607210ab41ccae3d456d.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7cea3430a56fb0ff6ef60f08620fd3875e7bfeb6) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* riffdec: prevent negative bit rateAndreas Cadhalpun2015-11-261-0/+8
| | | | | | | Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 189420cb561929e05f5cc4224cdca83740a24a32) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* Merge commit 'd80811c94e068085aab797f9ba35790529126f85'Michael Niedermayer2015-11-2612-14/+15
| | | | | | | | | | | | | | | | | | | | | * commit 'd80811c94e068085aab797f9ba35790529126f85': riff: Use the correct logging context Conflicts: libavformat/asfdec_o.c libavformat/avidec.c libavformat/dxa.c libavformat/matroskadec.c libavformat/mov.c libavformat/riff.h libavformat/riffdec.c libavformat/wavdec.c libavformat/wtvdec.c libavformat/xwma.c Merged-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ba77fb61f741d9ab3bd12935527556055b2ffb2e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* s302m: fix arithmetic exceptionAndreas Cadhalpun2015-11-261-4/+2
| | | | | | | | | | | | | | | | If nb_samples is zero, the bit_rate calculation results in a division by zero. Since ff_get_buffer fails if frame->nb_samples is zero, this can be fixed by moving the bit_rate calculation after that function call. That also makes it possible to reuse the already calculated frame->nb_samples value. Reviewed-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 04dfbc9441beed93984568c1547f1ed588122627) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* avcodec/s302m: Only set the sample rate when some data is outputMichael Niedermayer2015-11-261-1/+2
| | | | | | | | This way ffplay chooses the mp2 stream for Ticket3890 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 802cca5905abe1fe8392e85a812462b959889aaa) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* vp9: add support for resolution changes in inter frames.Ronald S. Bultje2015-11-265-171/+535
| | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e8b4f6d6befc5062db74916ea8a4d830e83022a8) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* Update for 2.6.5n2.6.5Michael Niedermayer2015-11-223-2/+90
| | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* rtmpcrypt: Do the xtea decryption in little endian modeMartin Storsjö2015-11-191-1/+6
| | | | | | | | | | | | | | | The XTEA algorithm operates on 32 bit numbers, not on byte sequences. The XTEA implementation in libavutil is written assuming big endian numbers, while the rtmpe signature encryption assumes little endian. This fixes rtmpe communication with rtmpe servers that use signature type 8 (XTEA), e.g. crunchyroll. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit e7728319b92dbb4fb949155e33de7ff5358ddff3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/matroskadec: Check subtitle stream before dereferencingMichael Niedermayer2015-11-191-0/+1
| | | | | | | | | | | Unrecognized streams are not allocated Fixes: flicker-1.color1.vp91447030769.08.webm Found-by: Chris Cunningham <chcunningham@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a5034b324cad4c29d47ef285a30b0705e6eb0384) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/utils: Do not init parser if probing is unfinishedMichael Niedermayer2015-11-191-1/+1
| | | | | | | | | | | Fixes assertion failure Fixes: 136f8b8d47af7892306625e597dee655/signal_sigabrt_7ffff6ae7cc9_8941_ab11bea57c84796418f481f873dc31ba.dvr_ms Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1ef336e912a7a3a13a9933825a56c421f891e44b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensionsMichael Niedermayer2015-11-191-4/+4
| | | | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65d3359fb366ea265a8468d76a111cb7352f0b55) Conflicts: libavcodec/jpeg2000dec.c
* avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported rangeMichael Niedermayer2015-11-191-0/+4
| | | | | | | | | | | | | | Fixes potential integer overflows Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000: Check comp coords to be within the supported sizeMichael Niedermayer2015-11-191-0/+5
| | | | | | | | | | | | | | Fixes assertion failure Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1a8cbcb35ef2759a66b4f0875785e4b3f277057) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()Michael Niedermayer2015-11-191-1/+5
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 016fd413f9168816924f21c0c1ffb578f7226221) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Check for overread in decode_packet()Michael Niedermayer2015-11-191-0/+5
| | | | | | | | | | | Fixes assertion failure Fixes: 0256e92df2df7e933b43a2c70e4c8040/signal_sigabrt_7ffff6ae7cc9_1358_999ac18684788221490757582ce9af84.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7ad698e24e6b9dde57c4e01c145bcddfe9d6e4a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 23:43:23 +0000