summaryrefslogtreecommitdiffstats
path: root/libavcodec
Commit message (Collapse)AuthorAgeFilesLines
...
* | pcm-mpeg: Check for valid bps.Michael Niedermayer2012-03-031-2/+2
| | | | | | | | | | | | | | | | The code only supports 16 and 24 bps currently, 20bps causes out of array reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | cook: check that category is smaller than 8Michael Niedermayer2012-03-031-1/+5
| | | | | | | | | | | | | | | | This fixes some out of global array accesses of dither_tab. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Benjamin Larsson <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]>
* | lavc: unify similar code merged from both branches.Nicolas George2012-03-031-8/+3
| |
* | arm: Fix 10l typoMichael Niedermayer2012-03-031-4/+4
| | | | | | | | Signed-off-by: Michael Niedermayer <[email protected]>
* | kvmc: Fix out of reference frame reads.Michael Niedermayer2012-03-031-0/+16
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | qpeg: fix overreads.Michael Niedermayer2012-03-031-6/+9
| | | | | | | | | | | | | | | | qpeg should probably be changed to use the checked bytestream reader. But for now this fixes it and is significantly less work. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | qpeg: Fix out of array writes.Michael Niedermayer2012-03-031-0/+4
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | srtdec: fix a format string vulnerability.Fabian Greffrath2012-03-031-2/+2
| | | | | | | | Signed-off-by: Michael Niedermayer <[email protected]>
* | Merge remote-tracking branch 'qatar/master'Michael Niedermayer2012-03-0367-1665/+1493
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * qatar/master: (29 commits) amrwb: remove duplicate arguments from extrapolate_isf(). amrwb: error out early if mode is invalid. h264: change underread for 10bit QPEL to overread. matroska: check buffer size for RM-style byte reordering. vp8: disable mmx functions with sse/sse2 counterparts on x86-64. vp8: change int stride to ptrdiff_t stride. wma: fix invalid buffer size assumptions causing random overreads. Windows Media Audio Lossless decoder rv10/20: Fix slice overflow with checked bitstream reader. h263dec: Disallow width/height changing with frame threads. rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size. rmdec: Honor .RMF tag size rather than assuming 18. g722: Fix the QMF scaling r3d: don't set codec timebase. electronicarts: set timebase for tgv video. electronicarts: parse the framerate for cmv video. ogg: don't set codec timebase electronicarts: don't set codec timebase avs: don't set codec timebase wavpack: Fix an integer overflow ... Conflicts: libavcodec/arm/vp8dsp_init_arm.c libavcodec/fraps.c libavcodec/h264.c libavcodec/mpeg4videodec.c libavcodec/mpegvideo.c libavcodec/msmpeg4.c libavcodec/pnmdec.c libavcodec/qpeg.c libavcodec/rawenc.c libavcodec/ulti.c libavcodec/vcr1.c libavcodec/version.h libavcodec/wmalosslessdec.c libavformat/electronicarts.c libswscale/ppc/yuv2rgb_altivec.c tests/ref/acodec/g722 tests/ref/fate/ea-cmv Merged-by: Michael Niedermayer <[email protected]>
| * amrwb: remove duplicate arguments from extrapolate_isf().Ronald S. Bultje2012-03-021-13/+12
| | | | | | | | | | | | | | | | Prevents warnings because the dst and src overlap (are the same) in the memcpy() inside the function. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected]
| * amrwb: error out early if mode is invalid.Ronald S. Bultje2012-03-021-4/+8
| | | | | | | | | | | | | | | | Prevents using the invalid mode as an index in a static array, which would generate invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected]
| * h264: change underread for 10bit QPEL to overread.Ronald S. Bultje2012-03-021-1/+1
| | | | | | | | | | This prevents us from reading before the start of the buffer, and thus prevents crashes resulting from this behaviour. Fixes bug 237.
| * vp8: disable mmx functions with sse/sse2 counterparts on x86-64.Ronald S. Bultje2012-03-022-4/+35
| | | | | | | | | | x86-64 is guaranteed to have at least SSE2, therefore the MMX/MMX2 functions will never be used in practice.
| * vp8: change int stride to ptrdiff_t stride.Ronald S. Bultje2012-03-025-148/+178
| | | | | | | | | | On 64bit platforms with 32bit int, this means we won't have to sign- extend the integer anymore.
| * wma: fix invalid buffer size assumptions causing random overreads.Ronald S. Bultje2012-03-022-4/+11
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected]
| * Windows Media Audio Lossless decoderMashiat Sarker Shakkhar2012-03-024-1/+1251
| | | | | | | | | | | | | | | | | | | | | | | | Decodes 16-bit WMA Lossless encoded files. 24-bit is not supported yet. Bitstream parser written by Andreas Öman with contributions from Baptiste Coudurier and Ulion. Includes a number of bug-fixes from Benjamin Larsson, Michael Niedermayer and Konstantin Shishkov, shine and polish by Diego Biurrun. Signed-off-by: Diego Biurrun <[email protected]>
| * rv10/20: Fix slice overflow with checked bitstream reader.Alex Converse2012-03-021-7/+21
| |
| * h263dec: Disallow width/height changing with frame threads.Michael Niedermayer2012-03-021-2/+7
| | | | | | | | | | | | | | Fixes CVE-2011-3937 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
| * rv10/20: Fix a buffer overread caused by losing track of the remaining ↵Alex Converse2012-03-021-1/+5
| | | | | | | | | | | | | | buffer size. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected]
| * g722: Fix the QMF scalingMartin Storsjö2012-03-022-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes clipping if the encoder input used the full 16 bit input range (samples with a magnitude below 16383 worked fine). The filtered subband samples should be 15 bit maximum, while the code earlier produced them scaled to 16 bit. This makes the decoder output have double the magnitude compared to before. The spec reference samples doesn't test the QMF at all, which was why this part slipped past initially. Signed-off-by: Martin Storsjö <[email protected]>
| * wavpack: Fix an integer overflowDerek Buitenhuis2012-03-021-1/+1
| | | | | | | | | | | | | | | | | | | | Integer Overflow Checker detected an integer overflow while FATE was running. See: http://fate.libav.org/x86_64-linux-ioc/ Signed-off-by: Derek Buitenhuis <[email protected]> Signed-off-by: Kostya Shishkov <[email protected]>
| * mjpegdec: use correct variable in av_log invocationDiego Biurrun2012-03-011-1/+1
| | | | | | | | libavcodec/mjpegdec.c:1463: warning: format ‘%x’ expects type ‘unsigned int’, but argument 5 has type ‘const uint8_t *’
| * Replace AVFrame pointer type punning by proper struct member assignments.Diego Biurrun2012-03-0118-50/+38
| |
| * Replace AVFrame pointer casts by proper struct member accesses.Diego Biurrun2012-03-018-51/+67
| |
| * Remove unnecessary AVFrame pointer casts.Diego Biurrun2012-03-0128-42/+42
| |
| * msmpeg4: Split encoding backend code off from general backend code.Diego Biurrun2012-03-016-690/+734
| |
| * lavc: shrink encoded video packet size after encoding.Anton Khirnov2012-03-011-0/+6
| | | | | | | | Based on a patch by Nicolas George <nicolas.george <at> normalesup.org>
* | simple_idct: idct_4col_put: Fix out of array reads.Michael Niedermayer2012-03-021-5/+4
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | rawdec: fix input overread.Michael Niedermayer2012-03-021-2/+2
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | truemotion1: Check input buffer size against header size.Michael Niedermayer2012-03-021-1/+1
| | | | | | | | | | | | | | Fixes overread. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | mjpeg: Check for interlaced progressive framesMichael Niedermayer2012-03-021-1/+6
| | | | | | | | | | | | | | Fixes null pointer dereference. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | snow: check reference frame indices.Michael Niedermayer2012-03-021-9/+21
| | | | | | | | | | | | | | Fixes NULL ptr dereference Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | huffyuv: pad classic huffman tables so as to avoid bitreader overread.Michael Niedermayer2012-03-021-4/+6
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | vc1: mquant is not allowed to be 0Michael Niedermayer2012-03-021-0/+4
| | | | | | | | | | | | | | | | Fixes out of bounds read. Checked against SMPTE 421M-2006 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | h263: fix zygo debug printing overreading.Michael Niedermayer2012-03-021-1/+1
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | wmadec: fix off by 1 error on the pow_tab index check.Michael Niedermayer2012-03-021-1/+1
| | | | | | | | | | | | | | Fixes global out of array read. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | h261: check mtype.Michael Niedermayer2012-03-021-0/+4
| | | | | | | | | | | | | | Fixes out of array read Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | wavpack: Fix an integer overflowDerek Buitenhuis2012-03-021-1/+1
| | | | | | | | | | | | | | | | Integer Overflow Checker detected an integer overflow while FATE was running. Signed-off-by: Derek Buitenhuis <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]>
* | roqvideodec: improve end of input buffer checkMichael Niedermayer2012-03-021-1/+1
| | | | | | | | | | | | | | This fixes a out of array read. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | Merge remote-tracking branch 'qatar/master'Michael Niedermayer2012-03-0111-37/+154
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * qatar/master: h264: error out on invalid bitdepth. aacsbr: use a swap index for the Y matrix rather than copy buffers. huffyuv: do not abort on unknown pix_fmt; instead, return an error. lcl: return negative error codes on decode_init() errors. rtpenc: Use MB info side data for splitting H263 packets for RFC 2190 h263enc: Add an option for outputting info about MBs as side data avpacket: Add a function for shrinking already allocated side data nellymoserdec: Saner and faster IMDCT windowing Conflicts: doc/APIchanges libavcodec/avpacket.c libavcodec/version.h Merged-by: Michael Niedermayer <[email protected]>
| * h264: error out on invalid bitdepth.Ronald S. Bultje2012-03-011-6/+11
| | | | | | | | | | | | | | | | Fixes invalid reads while initializing the dequant tables, which uses the bit depth to determine the QP table size. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected]
| * aacsbr: use a swap index for the Y matrix rather than copy buffers.Christophe Gisquet2012-03-012-14/+20
| | | | | | | | Signed-off-by: Alex Converse <[email protected]>
| * huffyuv: do not abort on unknown pix_fmt; instead, return an error.Ronald S. Bultje2012-03-011-1/+1
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected]
| * lcl: return negative error codes on decode_init() errors.Ronald S. Bultje2012-03-011-7/+7
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected]
| * h263enc: Add an option for outputting info about MBs as side dataMartin Storsjö2012-03-014-1/+80
| | | | | | | | Signed-off-by: Martin Storsjö <[email protected]>
| * avpacket: Add a function for shrinking already allocated side dataMartin Storsjö2012-03-013-1/+28
| | | | | | | | Signed-off-by: Martin Storsjö <[email protected]>
| * nellymoserdec: Saner and faster IMDCT windowingVitor Sessak2012-02-291-8/+8
| | | | | | | | Signed-off-by: Ronald S. Bultje <[email protected]>
* | vc1: avoid reading beyond the last line in vc1_draw_sprites()Michael Niedermayer2012-03-011-2/+2
| | | | | | | | | | | | | | Fixes overread Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | eatgq: Pass error code from tgq_decode_mb() and let the caller fail.Michael Niedermayer2012-03-011-4/+7
| | | | | | | | | | | | | | This fixes a over read. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
* | vc1: fix out of array reads in vc1_inv_trans_4x4_c()Michael Niedermayer2012-03-011-5/+4
| | | | | | | | | | Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-22 08:03:43 +0000