virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-04 06:08:26 +02:00
Code Issues Releases Activity
18,653 Commits 37 Branches 400 Tags
Commit Graph

4655 Commits

Author SHA1 Message Date
Luca Barbato
fe4409a396 oggdec: check memory allocation 
(cherry picked from commit ba064ebe48376e199f353ef0b335ed8a39c638c5)

Conflicts:

	libavformat/oggdec.c
 2013-02-10 18:01:15 +01:00
Dale Curtis
c3761b6618 Fix uninitialized reads on malformed ogg files. 
The ogg decoder wasn't padding the input buffer with the appropriate
FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in
various pieces of parsing code when they thought they had more data than
they actually did.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit ef0d779706c77ca9007527bd8d41e9400682f4e4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-02-10 18:01:15 +01:00
Janne Grunau
2e1474fd99 lavf: avoid integer overflow in ff_compute_frame_duration() 
Scaling the denominator instead of the numerator if it is too large
loses precision. Fixes an assert caused by a negative frame duration in
the fuzzed sample nasa-8s2.ts_s202310.

CC: libav-stable@libav.org
(cherry picked from commit 7709ce029a7bc101b9ac1ceee607cda10dcb89dc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-02-10 18:01:15 +01:00
Luca Barbato
1f1b2f1806 yuv4mpeg: reject unsupported codecs 
The muxer already rejects unsupported pixel formats, reject also
unsupported codecs to prevent dangerous misuses.
(cherry picked from commit 424b1e764263b1493de4c34365ef367ddae856db)

Conflicts:

	libavformat/yuv4mpeg.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-02-10 18:01:15 +01:00
Anton Khirnov
d4e4234147 yuv4mpeg: return proper error codes. 
Fixes Bug 373.

CC:libav-stable@libav.org
(cherry picked from commit d3a72becc6371563185a509b94f5daf32ddbb485)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-02-10 18:01:15 +01:00
Anton Khirnov
2ae6bdbb9b avidec: return 0, not packet size from read_packet(). 
(cherry picked from commit eeade678f0a2bac127aeed2fb68d8717a6463420)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
 2013-02-10 18:01:15 +01:00
Anton Khirnov
d1729c3715 avidec: use actually read size instead of requested size 
Fixes CVE-2012-2788
(cherry picked from commit 0af49a63c7f87876486ab09482d5b26b95abce60)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2013-02-10 18:01:15 +01:00
Ronald S. Bultje
8ba939fcda ea: check chunk_size for validity. 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 273e6af47b38391f2bcc157cca0423fe7fcbf55c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 6a86b705e1d4b72f0dddfbe23ad3eed9947001d5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit e74bc64dd376c4691a610ba62a66ed30affc97ec)

Conflicts:

	libavformat/electronicarts.c
(cherry picked from commit 38c45adfca299e3d96c07a700032695ec7ff2aeb)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2012-06-03 19:35:13 +02:00
Alex Converse
5a92aa378d dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936. 
Found with asan.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 00fa6ffe1a0b252d6a81815e51f125225cd0b97a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit a8f4db0acd9b588ba33e3b8c0c21feea5916cfd1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2012-04-21 15:41:57 +02:00
Michael Niedermayer
c4e8c99507 dv: Fix null pointer dereference due to ach=0 
dv: Fix null pointer dereference due to ach=0

Fixes part2 of CVE-2011-3929

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 44e182d41e3a73548f3f5e8445ec428d3846e6d6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit b46141b0d1d7efb74dad172b7c1b52413441592f)

Conflicts:

	libavformat/dv.c
 2012-04-21 15:41:30 +02:00
Michael Niedermayer
479869c499 dv: check stype 
dv: check stype

Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit bb737d381f6d6413899a0697f426fb082eac66fc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 38421f27b3899a930552750fe1e0dffd45b71b8e)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2012-04-21 15:39:00 +02:00
Alex Converse
ec4979e16e nsvdec: Propagate errors 
Related to CVE-2011-3940.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5)

Conflicts:

	libavformat/nsvdec.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 0100c4b1b0736e0f5b3c98f9b0ab8acbef574888)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 3253dd2b420583a7f10afa87e47b9cb73e950e2a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2012-04-21 15:38:44 +02:00
Alex Converse
056c909d9d nsvdec: Be more careful with av_malloc(). 
Check results for av_malloc() and fix an overflow in one call.

Related to CVE-2011-3940.

Based in part on work from Michael Niedermayer.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit be524c186b50337db64d34a5726dfe3e8ea94f09)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 87007519c81c37d8a3de424de3db14078ae84333)

Conflicts:

	libavformat/nsvdec.c
 2012-04-21 15:38:10 +02:00
Michael Niedermayer
bde4b66063 nsvdec: Fix use of uninitialized streams. 
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b)

Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 6a89b41d9780325ba6d89a37f2aeb925aa68e6a3)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 65beb8c1173906b0541442713cb29e8ba44c47ef)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 1edf848a81464afd514afbbbcb97b471d334e14a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2012-04-21 15:36:40 +02:00
Anton Khirnov
2e693be7e9 id3v2: fix skipping extended header in id3v2.4 
In v2.4, the length includes the length field itself.
(cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303)

Conflicts:

	libavformat/id3v2.c

Signed-off-by: Anton Khirnov <anton@khirnov.net>
 2012-04-01 19:49:37 +02:00
Chris Evans
7ee536e87a matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc() 
Fixes bug #190
Chromium bug #100492
related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

(cherry-picked from commit faaec4676cb4c7a2303d50df66c6290bc96a7657)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 1f625431e2bb9564760fba3ab8077ae07ce7c7a1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 90a4a467477be8c292daa08a9516ee78ca0d517b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2012-01-07 22:16:29 +01:00
Michael Niedermayer
4f07a3aa2c Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080. 
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)

Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77d2ef13a8fa630e5081f14bde3fd20f84c90aec)

NB: MSVR-11-0080 doesn't seem to exist. This issue seems to be known
as MSVR11-011 instead.

Fixes: CVE-2011-3504

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2011-11-02 21:49:55 +01:00
Kostya
18c5fe919f Do not attempt to decode APE file with no frames 
This fixes invalid reads/writes with this sample:
http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt
(cherry picked from commit 8312e3fc9041027a33c8bc667bb99740fdf41dd5)
 2011-03-16 13:27:01 +01:00
Janne Grunau
11f6eebdd3 consolidate .gitignore patters into a single file 
Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net>
(cherry picked from commit 2c3589bfda036c7827ded0bf38b16dfe7630bae1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2011-02-10 14:02:23 +01:00
Janne Grunau
9109a58867 convert svn:ignore properties to .gitignore files 
Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net>
(cherry picked from commit 348b8218f7a59374355c966dbe3b851a7275f952)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
 2011-02-10 14:01:36 +01:00
Reinhard Tartler
2dea9a1266 unbreak compilation and finish backport r24280 by mstorsjo 
Originally committed as revision 25324 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-10-03 14:50:04 +00:00
Reinhard Tartler
84e6629de3 aviobuf: Do short seeks forward by reading and skipping data instead of a proper seek 
This improves performance on e.g. seekable http.


backport r24280 by mstorsjo


Originally committed as revision 24428 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-07-22 11:58:26 +00:00
Reinhard Tartler
c46038f6b7 fix 'seektest' again 
backport  r19270 by rbultje:

Remove any reference to ASFContext.packet_size and replace it with
AVFormatContext.packet_size. See "[PATCH] asf*.c/h: use
AVFormatContext->packet_size instead of own copy" thread on ML.

and r19361 by reimar:

Check for packet_length 0, it is already treated as invalid by the padding check,
but that resulted in a confusing/wrong error message.



Originally committed as revision 22147 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-03-02 16:03:06 +00:00
Reinhard Tartler
a317cd5722 Avoid divisions by 0 in the ASF demuxer if packet_size is not valid. 
r19330 by reimar


Originally committed as revision 22080 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-02-26 15:49:52 +00:00
Reinhard Tartler
ef84190a1a Fix possible buffer over-read in vorbis_comment, fix it double to be sure. 
First, make s signed, so that comparisons against end - p will not be made as
unsigned, making the check incorrectly pass if p is beyond end.
Also ensure that p will never be > end, so the code is correct also if
buf is not padded.

backported r20014 by reimar


Originally committed as revision 21711 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-02-09 18:51:11 +00:00
Reinhard Tartler
7db16a8173 check stream existence before assignment, fix #1222 
backported r19259 by bcoudurier



Originally committed as revision 21710 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-02-09 18:44:49 +00:00
Reinhard Tartler
e91ba7dc9d add one missing check for stream existence in read_elst, fix #1364 
backported patch r19792 by bcoudurier




Originally committed as revision 21709 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-02-09 18:41:17 +00:00
Reinhard Tartler
95f90d27d2 Disable parsing for ogg streams where no ogg header was found, 
if no header was found the parser was not initialized and thus will
crash when trying to use it.



Originally committed as revision 21708 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-02-09 18:24:30 +00:00
Reinhard Tartler
1e9ac36f66 Make arguments of av_set_pts_info() unsigned. 
Fixes issue1240/mpeg1/smclockmpeg1.avi.3.1



Originally committed as revision 21707 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-02-09 18:10:07 +00:00
Reinhard Tartler
a9785f58c6 backport symbol versioning patch 
Originally committed as revision 21595 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2010-02-01 16:00:09 +00:00
Baptiste Coudurier
07679e680c revert r16717, r16718, r16719, EAGAIN handling, this causes FFserver to hang 
Originally committed as revision 17737 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
 2009-03-02 20:32:24 +00:00
Diego Biurrun
0ffbc258aa Change a bunch of codec long_names to be more consistent and descriptive. 
Originally committed as revision 17716 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-02 05:18:33 +00:00
Aurelien Jacobs
827f7e285b deprecate old metadata API 
Originally committed as revision 17690 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 16:35:25 +00:00
Aurelien Jacobs
bc718b4720 fix missed usage of old metadata API in mov demuxer 
Originally committed as revision 17689 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 16:06:26 +00:00
Aurelien Jacobs
012867f05b use new metadata API in libavformat/utils.c 
Originally committed as revision 17687 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 15:38:06 +00:00
Aurelien Jacobs
feacba6c26 use new metadata API in r3d demuxer 
Originally committed as revision 17686 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 15:28:56 +00:00
Aurelien Jacobs
ec26457064 new metadata API is now officially part of public API 
Originally committed as revision 17682 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 14:50:03 +00:00
Aurelien Jacobs
95030323d1 simplify metadata conversion and fixes gcc-2.95 at the same time 
Originally committed as revision 17681 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 14:29:30 +00:00
Michael Niedermayer
4022fe01a6 Change the timebase of the raw demuxer to one that can represent the ts of fields. 
Originally committed as revision 17675 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 03:48:35 +00:00
Michael Niedermayer
9e6c124a87 Disable MPEG-1/2 style timestamp calculation for H264. It still randomizes 
the timestamps because delay is not known for the first few frames.

Originally committed as revision 17674 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 03:17:24 +00:00
Aurelien Jacobs
719e721a14 Add some basic metadata conversion tables for matroska and asf. 
Add missing const qualifiers for metadata_conv in AV{In|Out}putFormat.

Originally committed as revision 17671 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-03-01 00:12:08 +00:00
Aurelien Jacobs
f610a9f284 add a metadata conversion API 
Originally committed as revision 17670 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 23:34:16 +00:00
Luca Abeni
3aa7ac6dd2 Document ff_rtp_codec_id() 
Originally committed as revision 17666 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 19:34:50 +00:00
Ivan Schreter
4c6b49bf74 Change TS seeking so it returns position/timestamp of a key frame. 
Patch by Ivan Schreter, schreter gmx net

Originally committed as revision 17665 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 18:35:53 +00:00
Luca Abeni
d3da8a4565 Fix typo in a comment 
Originally committed as revision 17664 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 18:23:19 +00:00
Luca Abeni
c3efd98c09 Document ff_rtp_enc_name() 
Originally committed as revision 17663 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 18:21:43 +00:00
Justin Ruggles
344bcea46d cosmetics: indentation 
Originally committed as revision 17662 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 17:31:25 +00:00
Luca Abeni
d3a5794958 Document ff_rtp_get_codec_info() 
Originally committed as revision 17661 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 17:24:56 +00:00
Justin Ruggles
81f052cb7d Separate the raw FLAC demuxer from raw.c and put in a new file, 
flacdec.c.

Originally committed as revision 17660 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 17:24:46 +00:00
Ronald S. Bultje
2d243fb3fc Rename movenc.c MOVContext to MOVMuxContext, since MOVContext is already used 
in mov.c for the demuxer. See "[PATCH] rename movenc.c MOVContext to
MOVMuxContext" thread on the mailinglist.

Originally committed as revision 17659 to svn://svn.ffmpeg.org/ffmpeg/trunk
 2009-02-28 16:02:29 +00:00