FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-04-08 16:54:03 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	774461ea62	avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated We are checking during encoding if there is enough space as version 4 needs that check. Fixes Ticket6005 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38a7834bbb24ef62466b076715e0add60e1d6962) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	94a0a484b7	avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory() Fixes: part of 670190.ogg Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 8258e363851434ad5662c19d036fddb3e3f27683) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	07ca8300a6	avcodec/ffv1enc: Fix size of first slice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cff1c0edaa797eca96663d9b83e4b8c1b609ff19) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Andreas Cadhalpun	f7e18dea7a	pgssubdec: reset rle_data_len/rle_remaining_len on allocation error The code relies on their validity and otherwise can try to access a NULL object->rle pointer, causing segmentation faults. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 842e98b4d83d8cf297e2bc2761f1f47eb89e49e4) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2017-02-01 02:29:08 +01:00
Michael Niedermayer	3f8bb78f3e	avcodec/flacdec: Fix undefined shift in decode_subframe() Fixes undefined behavior Fixes: 639961-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1f5630af51f24d79053b6bef5b8b3ba93d637306) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 01:05:02 +01:00
Michael Niedermayer	a5989651f0	avcodec/get_bits: Fix get_sbits_long(0) Fixes undefined behavior Fixes: 640889-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c72fa432349881d5a445cd110abf698cc94d490d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-04 01:03:53 +01:00
Michael Niedermayer	31d46dc97d	avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed() Fixes undefined behavior Fixes: 640912-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 83a75bf6c31b3c0ce2ca7e1426d1f2e3df634239) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-03 17:32:54 +01:00
Michael Niedermayer	5790ce6273	avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c Fixes: left shift of negative value Fixes: 668346-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit acc163c6ab52d2235767852262c64c7f6b273d1c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-03 17:32:33 +01:00
Michael Niedermayer	46edc6d5ef	avcodec/flac_parser: Update nb_headers_buffered Fixes infinite loop Fixes: fuzz.flac Found-by: Frank Liberato <liberato@google.com> Reviewed-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2475858889cde6221677473b663df6f985add33d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-01 23:50:40 +01:00
Andreas Cadhalpun	028c87be95	mss2: only use error correction for matching block counts This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2 with coded_width/coded_height larger than width/height. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 2566ad98b01538ea589e5ee07b69fc566aadc348) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:36 +01:00
Andreas Cadhalpun	56b120630f	libopusdec: default to stereo for invalid number of channels This fixes an out-of-bounds read if avc->channels is 0. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 8c8f543b81aa2b50bb6a6cfd370a0061281492a3) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:35 +01:00
Andreas Cadhalpun	8a7b2fbf6f	smacker: limit recursion depth of smacker_decode_bigtree This fixes segmentation faults due to stack-overflow caused by too deep recursion. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 946ecd19ea752399bccc751c9339ff74b815587e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:35 +01:00
Andreas Cadhalpun	7552f6fc1b	libschroedingerdec: fix leaking of framewithpts Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 3c0328d58d98664b05efdd377d3fe66a569d385e) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:35 +01:00
Andreas Cadhalpun	70ca4ce17a	libschroedingerdec: don't produce empty frames They are not valid and can cause problems/crashes for API users. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit a86ebbf7f641bc797002ddea7fb517759722cd1b) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:35 +01:00
Andreas Cadhalpun	0b948b1b8d	pnmdec: make sure v is capped by maxval Otherwise put_bits can be called with a value that doesn't fit in the sample_len, causing an assertion failure. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit cdb5479c9ddc886f0b8661db585405ebab343e80) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:35 +01:00
Andreas Cadhalpun	f76947fd56	smvjpegdec: make sure cur_frame is not negative This fixes a heap-buffer-overflow detected by AddressSanitizer. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 360bc0d90aa66cf21e9f488e77d21db18e01ec9c) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:34 +01:00
Andreas Cadhalpun	2260c0776a	dvbsubdec: fix division by zero in compute_default_clut This problem was introduced in commit 4b90dcb8493552c17a811c8b1e6538dae4061f9d. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit c82b8ef0e4f226423ddd644bfe37e6a15d070924) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:34 +01:00
Andreas Cadhalpun	5c55f9881e	proresdec_lgpl: explicitly check coff[3] against slice_data_size The implicit checks via v_data_size and a_data_size don't work in the case '(hdr_size > 7) && !ctx->alpha_info'. This fixes segmentation faults due to invalid reads. This problem was introduced in commit 547c2f002a87f4412a83c23b0d60364be5e7ce58. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 1e33035ee7a8d9fb7a4b8b6cc54842e72b36ed70) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:34 +01:00
Andreas Cadhalpun	dc821d42a2	escape124: reject codebook size 0 It causes a cb_depth of 32, leading to assertion failures in get_bits. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 226d35c84591f1901c2a13819031549909faa1f5) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:34 +01:00
Andreas Cadhalpun	f964046c58	mpegaudio_parser: don't return AVERROR_PATCHWELCOME The API does not allow returning AVERROR codes. It triggers an assert in av_parser_parse2. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 5249706e9d2ec5ed1b07d8ffdbb8fb9104261f6d) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:33 +01:00
Andreas Cadhalpun	0e8c44076d	diracdec: check return code of get_buffer_with_edge If it fails, buffers aren't allocated, causing NULL pointer dereferencing. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit db79dedb1ae5dd38432eee3f09155e26f3f2d95a) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:33 +01:00
Andreas Cadhalpun	a94f846e2d	ppc: pixblockdsp: do unaligned block accesses correctly again This was broken by the following Libav commit: 4c387c7 ppc: dsputil: do unaligned block accesses correctly The following tests fail due to this: fate-checkasm fate-vsynth1-dnxhd-2k-hr-hq fate-vsynth1-dnxhd-edge1-hr fate-vsynth1-dnxhd-edge2-hr fate-vsynth1-dnxhd-edge3-hr fate-vsynth1-dnxhd-hr-sq-mov fate-vsynth1-dnxhd-hr-hq-mov fate-vsynth2-dnxhd-2k-hr-hq fate-vsynth2-dnxhd-edge1-hr fate-vsynth2-dnxhd-edge2-hr fate-vsynth2-dnxhd-edge3-hr fate-vsynth2-dnxhd-hr-sq-mov fate-vsynth2-dnxhd-hr-hq-mov fate-vsynth3-dnxhd-2k-hr-hq fate-vsynth3-dnxhd-edge1-hr fate-vsynth3-dnxhd-edge2-hr fate-vsynth3-dnxhd-edge3-hr fate-vsynth3-dnxhd-hr-sq-mov fate-vsynth3-dnxhd-hr-hq-mov Fixes trac ticket #5508. Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 3932ccc472ad4f4d370dcfc1c2f574b0f3acb88c) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:33 +01:00
Andreas Cadhalpun	c5fb9df38a	mpeg12dec: unref discarded picture from extradata Otherwise another frame gets referenced into picture, triggering an assert (from commit 13aae8) in av_frame_ref. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit a92f8edf0c51781e152651cce2e753ad6e359eb2) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:33 +01:00
Andreas Cadhalpun	51ff17d6b9	cavsdec: unref frame before referencing again This fixes asserts (from commit 13aae8) in av_frame_ref and av_frame_move_ref. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 1966ea012fd72abc8003e95dc3c8ad9e9f197913) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-27 00:46:33 +01:00
Michael Niedermayer	698528207a	avcodec/rv40: Test remaining space in loop of get_dimension() Fixes infinite loop Fixes: 178/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_RV40_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 1546d487cf12da37d90a080813f8d57ac33036bf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:27 +01:00
Michael Niedermayer	1e86f1a646	avcodec/ituh263dec: Avoid spending a long time in slice sync Fixes: 177/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_FLV1_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2baf36caed98cfdc7f6a2086fbf26f1a172f16cf) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:27 +01:00
Michael Niedermayer	ecc5bada26	avcodec/movtextdec: Add error message for tsmb_size check Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0eb319800567b79ca6b4cf0d90904318641b9e50) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:27 +01:00
Michael Niedermayer	b0a5794e30	avcodec/movtextdec: Fix tsmb_size check==0 check Fixes: 173/fuzz-3-ffmpeg_SUBTITLE_AV_CODEC_ID_MOV_TEXT_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a609905723c01e356d35146425c3d45c090aae7b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:27 +01:00
Michael Niedermayer	63504a2d44	avcodec/movtextdec: Fix potential integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 6ea27157682200e5f78cadcabdb009eccd9dd9b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:27 +01:00
Michael Niedermayer	f9e76d3304	avcodec/sunrast: Fix input buffer pointer check Fixes: out of array read Fixes: poc.dat Found-by: Bingchang, Liu @VARAS of IIE Tested-by: bc L <l.bing.chang.bc@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 37138338ff602803d174b13fecd363a083bc2f9a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	3213adceb2	avcodec/tscc: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 979bca513424879ed0c653cb1b55fc4156a89576) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	744f78ce0d	avcodec/rawdec: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5f0bc0215a0f7099a2bcba5dced2e045e70fee61) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	147a387fba	avcodec/msvideo1: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 161ccdaa06d1d109e8f77d2535bda11ce02720f5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	2312d1d979	avcodec/qpeg: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 16793504dfba44e738655807db3274301b9bc690) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	1604a2b1e6	avcodec/qtrle: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7d196f2a5a48faf25fd904b33b1fd239daae9840) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	f39522b6e7	avcodec/msrle: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a6330119a099840c5279697cf80cb768df97a90a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	09411a7d5e	avcodec/kmvc: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2d99101d0964f754822fb4af121c4abc69047dba) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	ef32b162e8	avcodec/idcinvideo: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a2b8dde65947bfabf42269e124ef83ecf9c5974a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	41b1ec0810	avcodec/cinepak: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 121be310607879841d19a34d9f16d4fe9ba7f18c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	e3f8b32279	avcodec/8bps: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 042faa847feea820451c474af0034fd3de9cff82) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	fe4c6aeb99	avcodec/dvdsubdec: Fix off by 1 error Fixes out of array read Found-by: Thomas Garnier using libFuzzer Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c92f55847a3d9cd12db60bfcd0831ff7f089c37c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	3177ea512f	avcodec/dvdsubdec: Fix buf_size check Fixes out of array access Found-by: Thomas Garnier using libFuzzer Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 25ab1a65f3acb5ec67b53fb7a2463a7368f1ad16) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Ronald S. Bultje	e25441912b	vp9: change order of operations in adapt_prob(). This is intended to workaround bug "665 Integer Divide Instruction May Cause Unpredictable Behavior" on some early AMD CPUs, which causes a div-by-zero in this codepath, such as reported in Mozilla bug #1293996. Note that this isn't guaranteed to fix the bug, since a compiler is free to reorder instructions that don't depend on each other. However, it appears to fix the bug in Firefox, and a similar patch was applied to libvpx also (see Chrome bug #599899). (cherry picked from commit be885da3427c5d9a6fa68229d16318afffe67193) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	abe16359ba	avcodec/interplayvideo: Check side data size before use Fixes out of array read Found-by: Thomas Garnier using libFuzzer Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 85d23e5cbc9ad6835eef870a5b4247de78febe56) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:26 +01:00
Michael Niedermayer	8328c07fb1	avcodec/mpegvideo_enc: Clear mmx state in ff_mpv_reallocate_putbitbuffer() This function must be called from the mb or slice encoding loop and MMX state may not be clean there Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 03ec6b780cfae85b8bf0f32b2eda201063ad061b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:25 +01:00
Michael Niedermayer	865e3f5553	avcodec/utils: Clear MMX state before returning from avcodec_default_execute*() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4f96f9d1118e073d346d16be157fa5075434e7f2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:25 +01:00
Moritz Barsnick	bb83ff8b41	lavc: fix typos Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3305f71025289970fb34473adce5d9c65d1af016) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:25 +01:00
Ronald S. Bultje	62b2b2195b	videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations. This can overread (either before start or beyond end) of the buffer in Nx1 (i.e. height=1) images. Fixes mozilla bug 1240080. (cherry picked from commit 0f88b3f82fafd536979993aeaafcb11a22266dbd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-10-05 03:06:45 +02:00
Sasi Inguva	ca216c71c7	lavc/movtextdec.c: Avoid infinite loop on invalid data. Signed-off-by: Sasi Inguva <isasi@google.com> (cherry picked from commit 7e9e1b7070242a79fa6e3acd749d7fe76e39ea7b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-09-28 11:12:20 +02:00
Michael Niedermayer	ab737ab31d	avcodec/ansi: Check dimensions Fixes: 1.avi Found-by: 连一汉 <lianyihan@360.cn> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 69449da436169e7facaa6d1f3bcbc41cf6ce2754) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-09-26 21:43:04 +02:00

1 2 3 4 5 ...

33669 Commits