aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
* mjpegdec: consider chroma subsampling in size checkn2.5.9Andreas Cadhalpun2015-12-071-3/+8
| | | | | | | | | | | | | | | If the chroma components are subsampled, smaller buffers are allocated for them. In that case the maximal block_offset for the chroma components is not as large as for the luma component. This fixes out of bounds writes causing segmentation faults or memory corruption. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 5adb5d9d894aa495e7bf9557b4c78350cbfc9d32) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc: Check max ctb addresses for WPPMichael Niedermayer2015-12-061-0/+9
| | | | | | | | | | | | | | | | | Fixes out of array read Fixes: 2f95ddd996db8a6281d2e18c184595a7/asan_heap-oob_192fe91_3330_58e4441181e30a66c19f743dcb392347.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dad354f38ddc9bfc834bc21358a1d0ad41532ca0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Conflicts: libavcodec/hevc.c Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: ensure header is parsed successfully before tablesMichael Niedermayer2015-12-061-1/+6
| | | | | | | | | | | Fixes assertion failure Fixes: 266ee543812e934f7b4a72923a2701d4/signal_sigabrt_7ffff6ae7cc9_7322_85218d61759d461bdf7387180e8000c9.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 26379d4fddc17cac853ef297ff327b58c44edbad) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Check bpno in decode_cblk()Michael Niedermayer2015-12-061-0/+4
| | | | | | | | | | | Fixes: undefined shift Fixes: c409ef86f892335a0a164b5871174d5a/asan_heap-oob_1dff564_2159_162b7234616deab02b544410455eb07b.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a85b02dcf70f62a6a433a607143f1f78fa5648bb) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented ↵Michael Niedermayer2015-12-061-1/+1
| | | | | | | | | | | | in type int Fixes: b293a6479bb4b5286cff24d356bfd955/asan_generic_225c3c9_7819_cc526b657450c6cdef1371b526499626.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f2419888ba49245761f4ab343679c38e7880cfe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc: Fix integer overflow of entry_point_offsetMichael Niedermayer2015-12-062-3/+3
| | | | | | | | | | | Fixes out of array read Fixes: d41d8cd98f00b204e9800998ecf8427e/signal_sigsegv_321165b_7641_077dfcd8cbc80b1c0b470c8554cd6ffb.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 214085852491448631dcecb008b5d172c11b8892) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_parser: Check that there is a previous PU before accessing itMichael Niedermayer2015-12-061-1/+1
| | | | | | | | | | | Fixes out of array read Fixes: 99d142c47e6ba3510a74b872a1a2ae72/asan_heap-oob_11b36f4_3811_0f5c69e7609a88a580135678de1df844.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a08681f1e614152184615e2bcd71c3d63835f810) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_parser: Add basic validity checks for next_pu_offset and ↵Michael Niedermayer2015-12-061-0/+9
| | | | | | | | | prev_pu_offset Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c7d6ec947c053699950af90f695413a5640b3872) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_parser: Fix potential overflows in pointer checksMichael Niedermayer2015-12-061-3/+5
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 79798f7c57b098c78e0bbc6becd64b9888b013d1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Check bits per sample to be within the range not causing ↵Michael Niedermayer2015-12-061-0/+6
| | | | | | | | | | | | integer overflows Fixes: 549d5aab1480d10f2a775ed90b0342f1/signal_sigabrt_7ffff6ae7cc9_5643_96bbb0cfe3e28be1dadfce1075016345.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 66e05f6ff5e5c105bdd7bf3a49234ddac1b592c5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Fix overflow of cutoffMichael Niedermayer2015-12-061-1/+1
| | | | | | | | | | Fixes: 129ca3e28d73af7b1e24a9d4118e7a2d/signal_sigabrt_7ffff6ae7cc9_836_762b310fc3ef6087bd7771e5d8e90b9b.asf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0c56f8303e676556ea09bfac73d881c6c9057259) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Fix "runtime error: left shift of negative value"Michael Niedermayer2015-12-061-2/+2
| | | | | | | | | | Fixes: 5c6129154b356b80bcab86f9e3ee5d29/signal_sigabrt_7ffff6ae7cc9_7322_d26ac6d7cb6567db1b8be0159b387d0b.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 18268f761bffb37552f59f87542fef3d5c80618c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Check length in long_filter_high_3800()Michael Niedermayer2015-12-061-0/+3
| | | | | | | | | | | Fixes out of array read Fixes: 0a7ff0c1d93da9cef28a315ec91b692a/asan_heap-oob_4a52e5_3604_9c56dbb20e308f4faeef7b35f688521a.ape Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cd7524fdd13dc8d0cf22e2cfd8300a245542b13a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: always set pix_fmt in theora_decode_header()Michael Niedermayer2015-12-061-1/+2
| | | | | | | | | | | Fixes assertion failure Fixes: d0bb0662da342ec65f8f2a081222e6b9/signal_sigabrt_7ffff6ae7cc9_5471_82964f0a9ac2f4d3d59390c15473f6f7.ogg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a814f1d364ba912adf61adef158168c5f7604e93) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mpeg4videodec: Check available data before reading custom matrixMichael Niedermayer2015-12-061-0/+8
| | | | | | | | | | | Fixes: out of array read Fixes: 76c515fc3779d1b838667c61ea13ce92/asan_heap-oob_1fc0d07_8913_794a4629a264ebdb25b58d3a94ed1785.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 891dc8f87536ac2ec695c70d081345224524ad99) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Clear dimensions in ff_get_buffer() on failureMichael Niedermayer2015-12-061-1/+3
| | | | | | | | | | | Fixes out of array access Fixes: 482d8f2fd17c9f532b586458a33f267c/asan_heap-oob_4a52b6_7417_1d08d477736d66cdadd833d146bb8bae.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit abee0a1c60612e8638640a8a3738fffb65e16dbf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()Michael Niedermayer2015-12-061-2/+2
| | | | | | | | | | | Fixes integer overflow Fixes: 3a45b2ae02f2cf12b7bd99543cdcdae5/asan_heap-oob_1dff502_8022_899f75e1e81046ebd7b6c2394a1419f4.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f03bebc79f76df3a3e5bb9e1bc32baabfb7797c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Clear context on reinitialization failureMichael Niedermayer2015-12-051-4/+6
| | | | | | | | | | | Fixes null pointer dereference Fixes: 1536b9b096a8f95b742bae9d3d761cc6/signal_sigsegv_294aaed_2039_8d1797aeb823ea43858d0fa45c9eb899.ogv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6105b7219a90438deae71b0dc5a034c71ee30fc0) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc: allocate entries unconditionallyMichael Niedermayer2015-12-051-3/+1
| | | | | | | | | | | | | | | Fixes out of array access Fixes: 08664a2a7921ef48172f26495c7455be/asan_heap-oob_23036c6_3301_523388ef84285a0270caf67a43247b59.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d85aa76115214183e7e3b7d65e950da61474959a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> Conflicts: libavcodec/hevc.c
* avcodec/hevc_cabac: Fix multiple integer overflowsMichael Niedermayer2015-12-051-3/+7
| | | | | | | | | | Fixes: 04ec80eefa77aecd7a49a442cc02baea/asan_heap-oob_19544fa_3303_1905796cd9d8e15f86d664332caabc00.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d5028f61e44b7607b6a547f218f7d85217490a5b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()Michael Niedermayer2015-12-051-0/+3
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit feb3f39614b88c113211a98dda1bc2fe5c3c6957) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()Michael Niedermayer2015-12-051-0/+3
| | | | | | | | | | | Fixes out of array access Fixes: 01859c9a9ac6cd60a008274123275574/asan_heap-oob_1dff571_8250_50d3d1611e294c3519fd1fa82198b69b.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75422280fbcdfbe9dc56bde5525b4d8b280f1bc5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/hevc: Check entry_point_offsetsMichael Niedermayer2015-12-051-1/+7
| | | | | | | | | | | Fixes out of array read Fixes: 007c4a36608ebdf27ee260ad60a81184/asan_heap-oob_32076b4_2243_116b1cb29d91cc4974d6680e3d10bd91.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ef9f7bbfa47317f9d46bf46982a394d2be78503c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/cabac: Check initial cabac decoder stateMichael Niedermayer2015-12-055-5/+15
| | | | | | | | | | | | | | | | | | | Fixes integer overflows Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8000d484b83aafa752d84fbdbfb352ffe0dc64f8) Conflicts: libavcodec/cabac.h Conflicts: libavcodec/h264_cabac.c libavcodec/h264_slice.c
* avcodec/cabac_functions: Fix "left shift of negative value -31767"Michael Niedermayer2015-12-051-1/+2
| | | | | | | | | | | Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1f6b05f5228979dab0e149deca7a30d22e98af5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Clear quant_table_count if its invalidMichael Niedermayer2015-12-021-0/+1
| | | | | | | | | | | | Fixes deallocation of corrupted pointer Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi No releases affected Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e04126072e984f8db5db9da9303c89ae01f7d6bb) Fixes ticket #5052.
* avcodec/ffv1dec: Print an error if the quant table count is invalidMichael Niedermayer2015-12-021-1/+3
| | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a8b254e436dce2f5c8c6459108dab4b02cc6b79b)
* avcodec/h264_slice: Limit max_contexts when slice_context_count is initializedMichael Niedermayer2015-11-261-0/+1
| | | | | | | | | | | Fixes out of array access Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2049_f2192b6829ab6e0eefcb035329c03c60.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4ea4d2f438c9a7eba37980c9a87be4b34943e4d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setupMichael Niedermayer2015-11-261-1/+1
| | | | | | | | | | | | | The variable is not a constant and can lead to race conditions Fixes: repro.webm (not reproducable with FFmpeg alone) Found-by: Dale Curtis <dalecurtis@google.com> Tested-by: Dale Curtis <dalecurtis@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit dabea74d0e82ea80cd344f630497cafcb3ef872c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Fix potential integer overflow with tile dimensionsMichael Niedermayer2015-11-261-4/+4
| | | | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 65d3359fb366ea265a8468d76a111cb7352f0b55) Conflicts: libavcodec/jpeg2000dec.c
* avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported rangeMichael Niedermayer2015-11-261-0/+4
| | | | | | | | | | | | | | Fixes potential integer overflows Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ef819c40bcc2175edba7ce9e20c3036c01b36b9) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000: Check comp coords to be within the supported sizeMichael Niedermayer2015-11-261-0/+5
| | | | | | | | | | | | | | Fixes assertion failure Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a1a8cbcb35ef2759a66b4f0875785e4b3f277057) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000: Use av_image_check_size() in ff_jpeg2000_init_component()Michael Niedermayer2015-11-261-1/+5
| | | | | | | Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 016fd413f9168816924f21c0c1ffb578f7226221) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/wmaprodec: Check for overread in decode_packet()Michael Niedermayer2015-11-261-0/+5
| | | | | | | | | | | Fixes assertion failure Fixes: 0256e92df2df7e933b43a2c70e4c8040/signal_sigabrt_7ffff6ae7cc9_1358_999ac18684788221490757582ce9af84.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7ad698e24e6b9dde57c4e01c145bcddfe9d6e4a3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/smacker: Check that the data size is a multiple of a sample vectorMichael Niedermayer2015-11-261-0/+4
| | | | | | | | | | | Fixes out of array access Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a9af07a49295e014b059c1ab624c40345af5892) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/takdec: Skip last p2 sample (which is unused)Michael Niedermayer2015-11-261-1/+1
| | | | | | | | | | | Fixes out of array read Fixes: cb3f38b08b4541523974667c7d1eee9e/asan_heap-oob_2659e18_9838_021fd5cd635bf76cede6398cd9ecbcdd.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 08b520636e96ba6888b669b9b3f4c414631ea1d2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxtory: Fix input size check in dxtory_decode_v1_410()Michael Niedermayer2015-11-261-1/+1
| | | | | | | | | Fixes potential out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 76b6f4b7d91901929177cc61d9810dcca0bb40c1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dxtory: Fix input size check in dxtory_decode_v1_420()Michael Niedermayer2015-11-261-1/+1
| | | | | | | | | | | Fixes out of array read Fixes: c50c4aa6cefda71b19a31ea12302980c/asan_heap-oob_12be5fd_7011_33ebd015a74976215934add72b9c8352.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9caa9414ccf2dcf8aee2695377dee830a5024c82) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/error_resilience: avoid accessing previous or next frames tables ↵Michael Niedermayer2015-11-261-5/+10
| | | | | | | | | | | | | | | | beyond height The height of tables can be rounded up for MBAFF but this does not imply that is also true for the previous frames Fixes out of array reads Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a105f52855d08e4ab1ed7306da8e32fc90d6d647) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dpx: Move need_align to act per lineMichael Niedermayer2015-11-261-2/+2
| | | | | | | | | | | Fixes out of array read Fixes: 61cf123c081ee2bb774d307c75bdb99e/asan_heap-oob_1224f76_5546_bee833ffae73f752b489b9eeaac52db7.dpx Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c8aaae8e0f1519bc99bd717ea3067c9cfdb68def) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/flashsv: Check size before updating itMichael Niedermayer2015-11-261-0/+8
| | | | | | | | | | | Fixes out of array read Fixes: 3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 17705f5d4f57c15f9b9bb9cfcbbb4621fed2fc70) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ivi: Check image dimensionsMichael Niedermayer2015-11-261-1/+2
| | | | | | | | | | | Fixes integer overflow Fixes: 1e32c6c591d940337c20b197ec1c4d3d/asan_heap-oob_4a52e5_8946_0bb0d9e863def56005e49f1d89bdc94d.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit df91aa034b82b77a3c4e01791f4a2b2ff6c82066) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/utils: Better check for channels in av_get_audio_frame_duration()Michael Niedermayer2015-11-261-1/+1
| | | | | | | | | | | Fixes integer overflow Fixes: 0c2625f236ced104d402b4a03c0d65c7/asan_generic_274e1ce_5990_9314e7a67c26aecf011b178ade9f217c.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4e16ad2868a1819de6680fc355a8eb20164adaea) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Check for duplicate SIZ markerMichael Niedermayer2015-11-261-0/+5
| | | | | | | | | | Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 44a7f17d0b20e6f8d836b2957e3e357b639f19a2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/jpeg2000dec: Clip all tile coordinatesMichael Niedermayer2015-11-261-4/+4
| | | | | | | | | | | | | Fixes out of array access Fixes: b877a6b788a25c70e8b1d014f8628549/asan_heap-oob_1da2c3f_2324_5a1b329b0b3c4bb6b1d775660ac56717.r3d Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 43492ff3ab68a343c1264801baa1d5a02de10167) Conflicts: libavcodec/jpeg2000dec.c
* avcodec/microdvddec: Check for string end in 'P' caseMichael Niedermayer2015-11-261-0/+2
| | | | | | | | | | | Fixes out of array read Fixes: a9502b60f4cecc19475382aee255f73c/asan_heap-oob_1e87fba_2548_a8ad47f6dde36644fe9cdc444d4632d0.sub Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c719cd6cf79ec21d974b81ba874580f4b8e9eb90) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/dirac_parser: Fix undefined memcpy() useMichael Niedermayer2015-11-261-1/+1
| | | | | | | | | | Fixes: 9d375e415486edd1a0c826f2307d89a4/asan_generic_4a5159_1577_faa333e83dacdd9e4dd322380aeed537.iss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit daefd8ab2f2aeb90cd53cb75445faffdc7a3cc79) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/ffv1dec: Check for 0 quant tablesMichael Niedermayer2015-11-261-1/+1
| | | | | | | | | | | Fixes assertion failure Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5745cf799a4389bc5d14f2b4daf32fe4631c50bc) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/mjpegdec: Reinitialize IDCT on BPP changesMichael Niedermayer2015-11-261-4/+15
| | | | | | | | | | | | | Fixes misaligned access Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cc35f6f4768ffe57cc4fcfa56ecb89aee409e3d5) Conflicts: libavcodec/mjpegdec.c
* avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using itMichael Niedermayer2015-11-261-2/+8
| | | | | | | | | | | Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg Fixes out of array access Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d24888ef19ba38b787b11d1ee091a3d94920c76a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 06:25:54 +0000