summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avformat/oggdec: Skip streams in duration correction that did not had their ↵Michael Niedermayer2016-12-111-0/+2
| | | | | | | | | | | | duration set. Fixes: part of 670190.ogg Fixes integer overflow Found-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ee2a6f5df8c6a151c3e3826872f1b0a07401c62a) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ffv1enc: Fix size of first sliceMichael Niedermayer2016-12-111-4/+9
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit cff1c0edaa797eca96663d9b83e4b8c1b609ff19) Signed-off-by: Michael Niedermayer <[email protected]>
* ffplay: fix sws_scale possible out of bounds array accessMarton Balint2016-12-101-8/+8
| | | | | | | | | | | As I used simple RGBA formats for subtitles and for the video texture if avfilter is disabled I kind of assumed that sws_scale won't access data pointers and strides above index 0, but apparently that is not the case. Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Marton Balint <[email protected]>
* avfilter/vf_hwupload_cuda: Add min/max limits for the 'device' optionSrinath K R2016-12-081-1/+1
| | | | Signed-off-by: Timo Rothenpieler <[email protected]>
* Update for 3.2.2n3.2.2Michael Niedermayer2016-12-063-2/+22
| | | | Signed-off-by: Michael Niedermayer <[email protected]>
* ffserver: Check chunk sizeMichael Niedermayer2016-12-061-1/+4
| | | | | | | | | | Fixes out of array access Fixes: poc_ffserver.py Found-by: Paul Cher <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156) Signed-off-by: Michael Niedermayer <[email protected]>
* Avoid using the term "file" and prefer "url" in some docs and commentsMichael Niedermayer2016-12-064-19/+19
| | | | | | | | This should make it less ambigous that these are URLs Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a5f27a9c3aa973c543bd8bbf2a78363700bbc03e) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/rtmppkt: Check for packet size mismatchesMichael Niedermayer2016-12-061-0/+8
| | | | | | | | | | Fixes out of array access Found-by: Paul Cher <[email protected]> Reviewed-by: Paul Cher <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7d57ca4d9a75562fa32e40766211de150f8b3ee7) Signed-off-by: Michael Niedermayer <[email protected]>
* zmqsend: Initialize ret to 0Timothy Gu2016-12-061-1/+1
| | | | | | | Fixes CID1396857. (cherry picked from commit d903b4e3ad4a81b3dd79f12c2f3b9cb16e511173) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/flacdec: Fix undefined shift in decode_subframe()Michael Niedermayer2016-12-061-1/+1
| | | | | | | | | | Fixes undefined behavior Fixes: 639961-media Found-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 1f5630af51f24d79053b6bef5b8b3ba93d637306) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/get_bits: Fix get_sbits_long(0)Michael Niedermayer2016-12-061-0/+4
| | | | | | | | | | Fixes undefined behavior Fixes: 640889-media Found-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit c72fa432349881d5a445cd110abf698cc94d490d) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/ffmdec: Check media type for chunksMichael Niedermayer2016-12-061-4/+4
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit e706e2e775730db5dfa9103628cd70704dd13cef) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()Michael Niedermayer2016-12-061-1/+2
| | | | | | | | | | Fixes undefined behavior Fixes: 640912-media Found-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_cMichael Niedermayer2016-12-061-1/+1
| | | | | | | | | | Fixes: left shift of negative value Fixes: 668346-media Found-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/oggparsespeex: Check frames_per_packet and packet_sizeMichael Niedermayer2016-12-061-0/+7
| | | | | | | | | | | | | The speex specification does not seem to restrict these values, thus the limits where choosen so as to avoid multiplicative overflow Fixes undefined behavior Fixes: 635422.ogg Found-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit afcf15b0dbb4b6429be5083e50b296cdca61875e) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/utils: Check start/end before computing duration in ↵Michael Niedermayer2016-12-061-2/+5
| | | | | | | | | | | | update_stream_timings() Fixes undefined behavior Fixes: 637428.ogg Found-by: Matt Wolenetz <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 90da187f1d334422477886a19eca3c1da29c59a7) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/flac_parser: Update nb_headers_bufferedMichael Niedermayer2016-12-061-0/+2
| | | | | | | | | | | Fixes infinite loop Fixes: fuzz.flac Found-by: Frank Liberato <[email protected]> Reviewed-by: Frank Liberato <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 2475858889cde6221677473b663df6f985add33d) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/idroqdec: Check chunk_size for being too largeMichael Niedermayer2016-12-061-0/+3
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 744a0b5206634e5de04d5c31f08cc3640faf800d) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/me_cmp: Fix median_sad sizeMichael Niedermayer2016-12-061-1/+1
| | | | | | | | | Fixes out of array read Fixes: COV1396255 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit d9883ded3450e456df5b7214fe464b4b92e917ef) Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/utils: Fix type mismatchMichael Niedermayer2016-12-061-1/+1
| | | | | | Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit a06e84b56e936ff3ca090f53d81f9cbc3514e0e0) Signed-off-by: Michael Niedermayer <[email protected]>
* configure: check for strtoull on msvcJames Almer2016-12-051-0/+1
| | | | | | Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit b52d3574d466e745834d1283b55570dee1e2d4cd)
* http: move chunk handling from http_read_stream() to http_buf_read().Ronald S. Bultje2016-12-051-26/+31
| | | | (cherry picked from commit 845bb401781ef04e342bd558df16a8dbf5f800f9)
* http: make length/offset-related variables unsigned.Ronald S. Bultje2016-12-051-32/+38
| | | | | | Fixes #5992, reported and found by Paul Cher <[email protected]>. (cherry picked from commit 2a05c8f813de6f2278827734bf8102291e7484aa)
* avcodec/aac_adtstoasc_bsf: validate and forward extradata if the stream is ↵n3.2.1James Almer2016-11-252-2/+11
| | | | | | | | | | already ASC Fixes ticket #5973 Reviewed-by: Hendrik Leppkes <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit 6e1902bab4349a79c45807af18ebf5b50f7b436b)
* Update ChangelogAndreas Cadhalpun2016-11-251-0/+10
| | | | Signed-off-by: Andreas Cadhalpun <[email protected]>
* mss2: only use error correction for matching block countsAndreas Cadhalpun2016-11-251-1/+7
| | | | | | | | | | This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2 with coded_width/coded_height larger than width/height. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 2566ad98b01538ea589e5ee07b69fc566aadc348) Signed-off-by: Andreas Cadhalpun <[email protected]>
* softfloat: decrease MIN_EXP to cover full float rangeAndreas Cadhalpun2016-11-251-1/+1
| | | | | | | | | | floats are not necessarily normalized, so a normalized softfloat needs MIN_EXP lowered by 23 to cover that range. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 2d6f46d801bab990b7e742b8a8e5c5b0cb70a80e) Signed-off-by: Andreas Cadhalpun <[email protected]>
* libopusdec: default to stereo for invalid number of channelsAndreas Cadhalpun2016-11-251-0/+7
| | | | | | | | | This fixes an out-of-bounds read if avc->channels is 0. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 8c8f543b81aa2b50bb6a6cfd370a0061281492a3) Signed-off-by: Andreas Cadhalpun <[email protected]>
* flvdec: require need_context_update when changing codec idAndreas Cadhalpun2016-11-251-6/+21
| | | | | | | | | | Otherwise the codec context and codecpar might disagree on the codec id, triggering asserts in av_parser_parse2. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 98b3a7979f2ff64cacfba4d8925faa28fc657c51) Signed-off-by: Andreas Cadhalpun <[email protected]>
* pgssubdec: only set w/h/linesize when allocating dataAndreas Cadhalpun2016-11-251-4/+5
| | | | | | | | | Rects with positive w/h/linesize but no data are invalid. Reviewed-by: Petri Hintukainen <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 995512328ed84bb737bc364e4ef6fba1994f062a) Signed-off-by: Andreas Cadhalpun <[email protected]>
* sbgdec: prevent NULL pointer accessAndreas Cadhalpun2016-11-251-1/+1
| | | | | | | Reviewed-by: Josh de Kock <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit dbefbb61b785cd77810c032f5cdb499d2a92df07) Signed-off-by: Andreas Cadhalpun <[email protected]>
* rmdec: validate block alignmentAndreas Cadhalpun2016-11-251-0/+4
| | | | | | | | | This fixes division by zero crashes. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit de4ded06366e5767d0af277a61d9a56b8c8f9c19) Signed-off-by: Andreas Cadhalpun <[email protected]>
* smacker: limit recursion depth of smacker_decode_bigtreeAndreas Cadhalpun2016-11-251-4/+8
| | | | | | | | | | This fixes segmentation faults due to stack-overflow caused by too deep recursion. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 946ecd19ea752399bccc751c9339ff74b815587e) Signed-off-by: Andreas Cadhalpun <[email protected]>
* mxfdec: fix NULL pointer dereference in mxf_read_packet_oldAndreas Cadhalpun2016-11-251-1/+1
| | | | | | | | | Metadata streams have priv_data set to NULL. Reviewed-by: Josh de Kock <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit fdb8c455b637f86e2e85503b7e090fa448164398) Signed-off-by: Andreas Cadhalpun <[email protected]>
* ffmdec: validate codec parametersAndreas Cadhalpun2016-11-251-1/+42
| | | | | | | | | | A negative extradata size for example gets passed to memcpy in avcodec_parameters_from_context causing a segmentation fault. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 1c7da19a4b45f5623cb3955b29b9a581026e3c61) Signed-off-by: Andreas Cadhalpun <[email protected]>
* Update for 3.2.1Michael Niedermayer2016-11-253-2/+71
| | | | Signed-off-by: Michael Niedermayer <[email protected]>
* avformat/mpeg: Adjust vid probe threshold to correct mis-detectionMichael Niedermayer2016-11-231-1/+1
| | | | | | | | Fixes: _ij.mp3 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 4e5049a2303ae7fe74216a83206239e4de42c965) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/ass_split: Change order of operations in ass_split_section()Michael Niedermayer2016-11-231-1/+1
| | | | | | | | | | | This matches the other branch Fixes out of array read Fixes: 4d142ca76d39fe685effcf5017098723/asan_heap-oob_31ae824_8611_348fdb64f9009b63c8a8eae9a0e497c5.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ae514b1254318ae5e76be2c17055f14b4084ccf0) Signed-off-by: Michael Niedermayer <[email protected]>
* avcodec/rawdec: check for side data before checking its sizeJames Almer2016-11-191-1/+1
| | | | | | | | Fixes valgrind warnings about usage of uninitialized values. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit 51e329918dc1826de7451541cb15bef3b9bfe138)
* avcodec/avpacket: fix leak on realloc in av_packet_add_side_data()James Almer2016-11-191-3/+4
| | | | | | | | | | | If realloc fails, the pointer is overwritten and the previously allocated buffer is leaked, which goes against the expected behavior of keeping the packet unchanged in case of error. Michael Niedermayer <[email protected]> Signed-off-by: James Almer <[email protected]> (cherry picked from commit 574929d8b6de32ae712fcca7ab09f01a3e4616be)
* avformat/apngenc: use the stream parameters extradata if availableJames Almer2016-11-183-3/+15
| | | | | | | Fixes remuxing apng streams coming from the apng demuxer, which sends extradata during init. Signed-off-by: James Almer <[email protected]>
* Revert "apngdec: use side data to pass extradata to the decoder"James Almer2016-11-184-76/+29
| | | | | | | | | | | | | | This reverts commit e0c6b32046f4bab7d34be77dd2f03b2a80c86d39. Said commit changed the behavior of the demuxer and decoder in a non backwards compatible way. Demuxers should make extradata available at init if possible, and send new extradata as side data within a packet if needed. A better fix for the remuxing crash will follow. Signed-off-by: James Almer <[email protected]> (cherry picked from commit 16c429166ddf1736972b6ccce84bd3509ec16a34)
* ffprobe: fix crash in case -of is specified with an empty stringStefano Sabatini2016-11-171-0/+6
| | | | | | | Fix trac issue #5957. (cherry picked from commit 427a47abcddab15e10ce26d971f712d90c53884b) Signed-off-by: Andreas Cadhalpun <[email protected]>
* libavcodec/exr : fix channel size calculation for uint32 channelMartin Vignali2016-11-171-1/+5
| | | | | | | | | | | | | | uint32 need 4 bytes not 1. Fix decoding when there is half/float and uint32 channel. This fixes crashes due to pointer corruption caused by invalid writes. The problem was introduced in commit 03152e74dfdc7f438cb4a10402c4de744e807e22. Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 52da3f6f70b1e95589a152aaf224811756fb9665) Signed-off-by: Andreas Cadhalpun <[email protected]>
* exr: fix out-of-bounds readAndreas Cadhalpun2016-11-171-3/+1
| | | | | | | | | | | | channel_index can be -1. This problem was introduced in commit 2dd7b46132e2801ef34fe1b5c27e0113cdcfa2f9. Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit ffdc5d09e498bee8176c9e35df101c01c546a738) Signed-off-by: Andreas Cadhalpun <[email protected]>
* libschroedingerdec: fix leaking of framewithptsAndreas Cadhalpun2016-11-171-7/+9
| | | | | | | Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 3c0328d58d98664b05efdd377d3fe66a569d385e) Signed-off-by: Andreas Cadhalpun <[email protected]>
* libschroedingerdec: don't produce empty framesAndreas Cadhalpun2016-11-171-1/+1
| | | | | | | | | They are not valid and can cause problems/crashes for API users. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit a86ebbf7f641bc797002ddea7fb517759722cd1b) Signed-off-by: Andreas Cadhalpun <[email protected]>
* dds: limit 4 bpp handling to AV_PIX_FMT_PAL8Andreas Cadhalpun2016-11-171-1/+1
| | | | | | | | | | | | | This fixes NULL pointer dereferencing for formats, where frame->data[1] is not allocated. The problem was introduced in commit 257fbc3af4cba08ac471dab68924182160bde6fd. Reviewed-by: Paul B Mahol <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 90ebf3c428352eb1d4116bf97b470ceca295d7d6) Signed-off-by: Andreas Cadhalpun <[email protected]>
* mlz: limit next_code to data buffer sizeAndreas Cadhalpun2016-11-171-0/+8
| | | | | | | | | This fixes a heap-buffer-overflow detected by AddressSanitizer. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 1abcd972c4c0e16f1e83be2fd32a251f51b2946d) Signed-off-by: Andreas Cadhalpun <[email protected]>
* softfloat: handle -INT_MAX correctlyAndreas Cadhalpun2016-11-171-1/+1
| | | | | | | | | This is similar to commit 9ac61e73d0843ec4b83f4e3d47eded73234e406e. Reviewed-by: Michael Niedermayer <[email protected]> Signed-off-by: Andreas Cadhalpun <[email protected]> (cherry picked from commit 0edd569466eb45b134690b9f4efbb57eda86f58d) Signed-off-by: Andreas Cadhalpun <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-10 04:09:23 +0000