FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-04 06:08:26 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	a84ed3d011	avcodec/mjpegdec: Clip DC also on the negative side. Fixes: runtime error: signed integer overflow: -16711425 + -2130772346 cannot be represented in type 'int' Fixes: 2533/clusterfuzz-testcase-minimized-5372857678823424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c28f648b19dd36ff9bc869ad527a1569a0b623e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-07-19 03:48:01 +02:00
Michael Niedermayer	fb95f1d9d6	avcodec/mjpegdec: Check that reference frame matches the current frame Fixes: out of array read Fixes: 2097/clusterfuzz-testcase-minimized-5036861833609216 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4705edbbb96e193f51c72248f508ae5693702a48) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	32ac3f1b1f	avcodec/mjpegdec: Fix runtime error: signed integer overflow: -32767 * 130560 cannot be represented in type 'int' Fixes: 1724/clusterfuzz-testcase-minimized-4842395432648704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 40fa6a2fa2c255293a780a194eecae5df52644a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-06-05 23:16:54 +02:00
Michael Niedermayer	7ab6224083	avcodec/mjpegdec: Fix runtime error: signed integer overflow: -24543 * 2031616 cannot be represented in type 'int' Fixes: 943/clusterfuzz-testcase-5114865297391616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit a78ae465fda902565ed041d93403e04490b4be0d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-20 03:41:33 +02:00
Michael Niedermayer	bf37f12f40	avcodec/mjpegdec: Fix runtime error: left shift of negative value -127 Fixes: 733/clusterfuzz-testcase-4682158096515072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 800d02abe041deacab5585bf41c1bc2ae5f4b922) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-20 03:41:33 +02:00
Michael Niedermayer	718c1433d9	avcodec/mjpegdec: Fix runtime error: left shift of negative value -511 Fixes: 693/clusterfuzz-testcase-6109776066904064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4b72d5cd6f9341dcafdbc1b9030166aa987b8304) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-20 03:41:33 +02:00
Michael Niedermayer	8f64abc5e2	avcodec/mjpegdec: Fix runtime error: left shift of negative value -507 Fixes: 611/clusterfuzz-testcase-5613455820193792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c91bdd4524815125e1f7d8dee22ee7a73173c39a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-05-20 03:41:32 +02:00
Michael Niedermayer	87cc0b0474	avcodec/mjpegdec: Check for for the bitstream end in mjpeg_decode_scan_progressive_ac() Fixes timeout Fixes: 496/clusterfuzz-testcase-5805083497332736 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 3782656631fa8262528c07794acf7e9c2aab000d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	9f2e4c26a0	avcodec/mjpegdec: Check remaining bitstream in ljpeg_decode_yuv_scan() Fixes timeout Fixes: 445/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Fixes: 456/fuzz-2-ffmpeg_VIDEO_AV_CODEC_ID_JPEGLS_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 755933cb5cd17decd1838d3d64e07d4157de5638) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:51 +01:00
Michael Niedermayer	8be687a81f	avcodec/mjpegdec: Check for rgb before flipping Fixes assertion failure due to unsupported case Fixes: 356/fuzz-1-ffmpeg_VIDEO_AV_CODEC_ID_MJPEG_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 25d9643f1172ae6a210c671195ba3135895abaf3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2017-02-08 21:17:50 +01:00
Michael Niedermayer	0aaf66fb2e	avcodec/mjpegdec: Do not try to detect last scan but apply idct after all scans for progressive jpeg Fixes: IMG-20160418-WA0002.jpg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit deaf58abf236e09fc9b97db29f1edd064e4b5ad4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-08-15 18:54:34 +02:00
Michael Niedermayer	82492c3a96	avcodec/mjpegdec: Fix decoding slightly odd progressive jpeg Fixes: ebd58db6-dc86-11e5-91c2-59daeddf50c7.jpg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c6f4720b8664e6e22eb5b3da6bb48ed5b113f746) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-04-27 04:40:11 +02:00
Michael Niedermayer	9819998342	avcodec/mjpegdec: Check for end for both bytes in unescaping Fixes assertion failure Fixes: c40c779601b77dc6e19aaea0b04b9751/signal_sigabrt_7ffff6ae7cb7_5769_b94f6ec70caecb2d3d76b4771b109ac1.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 509c9e74e548139285f30ed8dcc9baf1d64359fa) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-01-28 15:53:54 +01:00
Michael Niedermayer	34e06ce309	avcodec/mjpegdec: Fix negative shift Fixes: mjpeg_left_shift.avi Found-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d86d7b2486cd5c31db8e820d8a89554abf19567e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-01-15 12:30:40 +01:00
Andreas Cadhalpun	83c0df90b0	mjpegdec: extend check for incompatible values of s->rgb and s->ls This can happen if s->ls changes from 0 to 1, but picture allocation is skipped due to s->interlaced. In that case ff_jpegls_decode_picture could be called even though the s->picture_ptr frame has the wrong pixel format and thus a wrong linesize, which results in a too small zero buffer being allocated. This fixes an out-of-bounds read in ls_decode_line. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 7ea2db6eafa0a8a9497aab20be2cfc8742a59072) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-01-15 12:30:40 +01:00
Andreas Cadhalpun	2e54b8c379	mjpegdec: consider chroma subsampling in size check If the chroma components are subsampled, smaller buffers are allocated for them. In that case the maximal block_offset for the chroma components is not as large as for the luma component. This fixes out of bounds writes causing segmentation faults or memory corruption. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit 5adb5d9d894aa495e7bf9557b4c78350cbfc9d32) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-12-07 01:34:13 +01:00
Michael Niedermayer	4567cba0b8	avcodec/mjpegdec: Reinitialize IDCT on BPP changes Fixes misaligned access Fixes: dc9262a469f6f315f74c087a7b3a7f35/signal_sigsegv_2e95bcd_9_9c0f9f4a9ba82aa9b3ab2b91ce4d5277.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cc35f6f4768ffe57cc4fcfa56ecb89aee409e3d5) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-04 22:16:38 +01:00
Michael Niedermayer	fdb8842639	avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg Fixes out of array access Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d24888ef19ba38b787b11d1ee091a3d94920c76a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-04 19:42:29 +01:00
Michael Niedermayer	08fc0d771a	avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 055e56e9f76da3298f1b59bf5ea46f570e844600) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-10-08 13:15:42 +02:00
Michael Niedermayer	fa9af304f0	avcodec/mjpegdec: Remove message asking for a non mod 16 AMV sample Ticket4770 contains such a sample and it decodes fine Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-08-24 19:50:01 +02:00
Carl Eugen Hoyos	84170d4be0	lavc/mjpegdec: Detect more CMYK images. Fixes ticket #4772.	2015-08-17 15:53:41 +02:00
Carl Eugen Hoyos	daf2c35f52	lavc: Remove newline from avpriv_request_sample() calls.	2015-08-11 22:50:45 +02:00
Michael Niedermayer	29d147c94d	Merge commit '059a934806d61f7af9ab3fd9f74994b838ea5eba' * commit '059a934806d61f7af9ab3fd9f74994b838ea5eba': lavc: Consistently prefix input buffer defines Conflicts: doc/examples/decoding_encoding.c libavcodec/4xm.c libavcodec/aac_adtstoasc_bsf.c libavcodec/aacdec.c libavcodec/aacenc.c libavcodec/ac3dec.h libavcodec/asvenc.c libavcodec/avcodec.h libavcodec/avpacket.c libavcodec/dvdec.c libavcodec/ffv1enc.c libavcodec/g2meet.c libavcodec/gif.c libavcodec/h264.c libavcodec/h264_mp4toannexb_bsf.c libavcodec/huffyuvdec.c libavcodec/huffyuvenc.c libavcodec/jpeglsenc.c libavcodec/libxvid.c libavcodec/mdec.c libavcodec/motionpixels.c libavcodec/mpeg4videodec.c libavcodec/mpegvideo.c libavcodec/noise_bsf.c libavcodec/nuv.c libavcodec/nvenc.c libavcodec/options.c libavcodec/parser.c libavcodec/pngenc.c libavcodec/proresenc_kostya.c libavcodec/qsvdec.c libavcodec/svq1enc.c libavcodec/tiffenc.c libavcodec/truemotion2.c libavcodec/utils.c libavcodec/utvideoenc.c libavcodec/vc1dec.c libavcodec/wmalosslessdec.c libavformat/adxdec.c libavformat/aiffdec.c libavformat/apc.c libavformat/apetag.c libavformat/avidec.c libavformat/bink.c libavformat/cafdec.c libavformat/flvdec.c libavformat/id3v2.c libavformat/isom.c libavformat/matroskadec.c libavformat/mov.c libavformat/mpc.c libavformat/mpc8.c libavformat/mpegts.c libavformat/mvi.c libavformat/mxfdec.c libavformat/mxg.c libavformat/nutdec.c libavformat/oggdec.c libavformat/oggparsecelt.c libavformat/oggparseflac.c libavformat/oggparseopus.c libavformat/oggparsespeex.c libavformat/omadec.c libavformat/rawdec.c libavformat/riffdec.c libavformat/rl2.c libavformat/rmdec.c libavformat/rtpdec_latm.c libavformat/rtpdec_mpeg4.c libavformat/rtpdec_qdm2.c libavformat/rtpdec_svq3.c libavformat/sierravmd.c libavformat/smacker.c libavformat/smush.c libavformat/spdifenc.c libavformat/takdec.c libavformat/tta.c libavformat/utils.c libavformat/vqf.c libavformat/westwood_vqa.c libavformat/xmv.c libavformat/xwma.c libavformat/yop.c Merged-by: Michael Niedermayer <michael@niedermayer.cc>	2015-07-27 23:15:19 +02:00
Michael Niedermayer	444e9874a7	Merge commit 'def97856de6021965db86c25a732d78689bd6bb0' * commit 'def97856de6021965db86c25a732d78689bd6bb0': lavc: AV-prefix all codec capabilities Conflicts: cmdutils.c ffmpeg.c ffplay.c libavcodec/8svx.c libavcodec/aacenc.c libavcodec/ac3dec.c libavcodec/adpcm.c libavcodec/alac.c libavcodec/atrac3plusdec.c libavcodec/bink.c libavcodec/dnxhddec.c libavcodec/dvdec.c libavcodec/dvenc.c libavcodec/ffv1dec.c libavcodec/ffv1enc.c libavcodec/fic.c libavcodec/flacdec.c libavcodec/flacenc.c libavcodec/flvdec.c libavcodec/fraps.c libavcodec/frwu.c libavcodec/gifdec.c libavcodec/h261dec.c libavcodec/hevc.c libavcodec/iff.c libavcodec/imc.c libavcodec/libopenjpegdec.c libavcodec/libvo-aacenc.c libavcodec/libvorbisenc.c libavcodec/libvpxdec.c libavcodec/libvpxenc.c libavcodec/libx264.c libavcodec/mjpegbdec.c libavcodec/mjpegdec.c libavcodec/mpegaudiodec_float.c libavcodec/msmpeg4dec.c libavcodec/mxpegdec.c libavcodec/nvenc_h264.c libavcodec/nvenc_hevc.c libavcodec/pngdec.c libavcodec/qpeg.c libavcodec/ra288.c libavcodec/rv10.c libavcodec/s302m.c libavcodec/sp5xdec.c libavcodec/takdec.c libavcodec/tiff.c libavcodec/tta.c libavcodec/utils.c libavcodec/v210dec.c libavcodec/vp6.c libavcodec/vp9.c libavcodec/wavpack.c libavcodec/yop.c Merged-by: Michael Niedermayer <michael@niedermayer.cc>	2015-07-27 22:50:18 +02:00
Vittorio Giovara	059a934806	lavc: Consistently prefix input buffer defines Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2015-07-27 15:24:59 +01:00
Vittorio Giovara	def97856de	lavc: AV-prefix all codec capabilities Express bitfields more simply. Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2015-07-27 15:24:58 +01:00
Carl Eugen Hoyos	8dad213143	lavc: Add properties field to AVCodecContext. The new field can hold information about losslessness and closed captions for now.	2015-07-16 12:18:30 +02:00
Michael Niedermayer	dffae122d0	avcodec/mjpegdec: Fix DC overflow in decode_block() Fixes Ticket4683 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-07-15 05:05:25 +02:00
Michael Niedermayer	c9220d5b06	avcodec/mjpegdec: Reorder operations to avoid undefined behavior Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-07-02 18:53:32 +02:00
Michael Niedermayer	84afc6b70d	avcodec/mjpegdec: Fix small picture upscale Fixes out of array access Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-06-30 01:33:25 +02:00
Michael Niedermayer	dde6b2a355	avcodec/mjpegdec: dont try to combine fields for decimated multiscope 2 material Fixes Ticket4535 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-06-21 02:53:06 +02:00
Michael Niedermayer	81cf910856	avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt() Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-05-13 18:36:50 +02:00
Michael Niedermayer	cf9ab119d0	avcodec/mjpegdec: Check len in ff_mjpeg_decode_dht() Fixes CID1239167 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-05-13 17:44:35 +02:00
Michael Niedermayer	dc35a58149	avcodec/mjpegdec: Check len in ff_mjpeg_decode_dqt() Fixes CID1239060 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-05-13 17:39:11 +02:00
Michael Niedermayer	8f7b022c8c	Merge commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25' * commit '6a85dfc830f51f1f5c2d36d4182d265c1ea3ba25': lavc: Replace av_dlog and tprintf with internal macros Conflicts: libavcodec/aacdec.c libavcodec/audio_frame_queue.c libavcodec/bitstream.c libavcodec/dcadec.c libavcodec/dnxhddec.c libavcodec/dvbsubdec.c libavcodec/dvdec.c libavcodec/dvdsubdec.c libavcodec/get_bits.h libavcodec/gifdec.c libavcodec/h264.h libavcodec/h264_cabac.c libavcodec/h264_cavlc.c libavcodec/h264_loopfilter.c libavcodec/h264_refs.c libavcodec/imc.c libavcodec/interplayvideo.c libavcodec/jpeglsdec.c libavcodec/libopencore-amr.c libavcodec/mjpegdec.c libavcodec/mpeg12dec.c libavcodec/mpegvideo_enc.c libavcodec/mpegvideo_parser.c libavcodec/pngdec.c libavcodec/ratecontrol.c libavcodec/rv10.c libavcodec/svq1dec.c libavcodec/vqavideo.c libavcodec/wmadec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-04-20 04:10:10 +02:00
Vittorio Giovara	6a85dfc830	lavc: Replace av_dlog and tprintf with internal macros	2015-04-19 12:41:59 +01:00
Michael Niedermayer	a105931d3e	Merge commit '4978850ca2cb1ec6908f5bc79cc592ca454d11e8' * commit '4978850ca2cb1ec6908f5bc79cc592ca454d11e8': build: Split JPEG-related tables off into a separate component Conflicts: configure Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-31 01:11:02 +02:00
Michael Niedermayer	794e9fb5a6	Merge commit 'e6e3dcba0c6f11bd7022e2d3b9bcb7b6a09d6c80' * commit 'e6e3dcba0c6f11bd7022e2d3b9bcb7b6a09d6c80': mjpeg: Move code only used in the encoder(s) to the appropriate header Conflicts: libavcodec/mjpegdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-30 21:05:23 +02:00
Diego Biurrun	4978850ca2	build: Split JPEG-related tables off into a separate component	2015-03-30 17:51:21 +02:00
Diego Biurrun	e6e3dcba0c	mjpeg: Move code only used in the encoder(s) to the appropriate header	2015-03-30 17:51:20 +02:00
Michael Niedermayer	b1fbe29e51	avcodec/mjpegdec: Support 31111100 sampling Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-18 23:28:43 +01:00
Michael Niedermayer	e15455891b	avcodec/mjpegdec: Change upscale_* to an array instead of a bitmask This allows storing integer factors instead of just 0 and 1 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-18 23:13:44 +01:00
Michael Niedermayer	fa4bb7c5b2	Merge commit '5a0e953c2465be9d449d5f523c3d3e2b886910b2' * commit '5a0e953c2465be9d449d5f523c3d3e2b886910b2': mjpeg: Mark decoder family as thread safe Conflicts: libavcodec/mjpegbdec.c libavcodec/mjpegdec.c libavcodec/mxpegdec.c libavcodec/sp5xdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-13 22:48:54 +01:00
Vittorio Giovara	5a0e953c24	mjpeg: Mark decoder family as thread safe No global variables are used and the VLC tables are allocated without static elements. This will allow using a JPEG decoding context within other decoders.	2015-03-13 19:48:07 +00:00
Michael Niedermayer	08509c8f86	avcodec/mjpegdec: Skip blocks which are outside the visible area Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash.avi Found-by: Thomas Lindroth <thomas.lindroth@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-11 03:53:30 +01:00
Michael Niedermayer	fabbfaa095	avcodec/mjpegdec: Check number of components for JPEG-LS Fixes out of array accesses Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-04 20:49:12 +01:00
Michael Niedermayer	afa92907f3	avcodec/mjpegdec: Check escape sequence validity Fixes assertion failure Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-04 20:14:18 +01:00
Michael Niedermayer	6c68522a2a	Merge commit '809c3023b699c54c90511913d3b6140dd2436550' * commit '809c3023b699c54c90511913d3b6140dd2436550': mjpegdec: check for pixel format changes Conflicts: libavcodec/mjpegdec.c See: 5c378d6a6df8243f06c87962b873bd563e58cd39 See: a2f680c7bc7642c687aeb4e14d00ac74833c7a09 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2014-12-19 12:49:23 +01:00
Anton Khirnov	809c3023b6	mjpegdec: check for pixel format changes Fixes possible invalid memory access. Based on code by Michael Niedermayer <michaelni@gmx.at> CC: libav-stable@libav.org Bug-ID: CVE-2014-8541 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind	2014-12-19 08:01:46 +01:00
Michael Niedermayer	970a8f1c25	avcodec/mjpegdec: Fix integer overflow in shift Fixes: signal_sigabrt_7ffff6ac7bb9_2683_cov_4120310995_m_ijpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2014-11-27 19:30:31 +01:00

1 2 3 4 5 ...

444 Commits