FFmpeg

mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00

Author	SHA1	Message	Date
Michael Niedermayer	dbfec68d32	avcodec/jpeg2000dec: Check for duplicate SIZ marker Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `44a7f17d0b`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-26 16:05:41 +01:00
Andreas Cadhalpun	34f2d74555	aacsbr: don't call sbr_dequant twice without intermediate read_sbr_data Doing that doesn't make sense, because the only purpose of sbr_dequant is to process the data from read_sbr_data. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `1c3e43a627`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Andreas Cadhalpun	22017f7745	hqx: correct type and size check of info_offset It is used as size argument of ff_canopus_parse_info_tag, which uses it as size argument to bytestream2_init, which only supports sizes up to INT_MAX. Changing it's type to unsigned simplifies the check. Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `1ed7fcd42a`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Andreas Cadhalpun	b372ad819e	mxfdec: check edit_rate also for physical_track Previously only the edit_rate of material_track was checked. If it's negative, it causes assertion failures in av_rescale_rnd. Reviewed-by: Tim Nicholson <nichot20-at-yahoo.com@ffmpeg.org> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `047bf82c18`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Michael Niedermayer	bdbfc12e7f	avcodec/jpeg2000: Change coord to 32bit to support larger than 32k width or height Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0eb7de1973`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Michael Niedermayer	c3a44a2a55	avcodec/jpeg2000dec: Check SIZ dimensions to be within the supported range Fixes potential integer overflows Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6ef819c40b`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Michael Niedermayer	d1d48d4319	avcodec/jpeg2000: Check comp coords to be within the supported size Fixes assertion failure Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1a8cbcb35`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Andreas Cadhalpun	6b0bc64f54	mpegvideo: clear overread in clear_context Otherwise the h263p decoder can try to copy overread bytes, even though buffer is NULL. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `6a69a175e7`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Michael Niedermayer	983e63b490	avcodec/avrndec: Use the AVFrame format instead of the context Fixes out of array read Fixes: 20dd01398dee0f6d83d7e5410a2ae8eb/signal_sigsegv_39eeb1f_4001_62efbdf1c60748dabf1ec310b59525fd.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ccba8aaff2`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Andreas Cadhalpun	bf2f7115d9	dds: disable palette flag for compressed images Having both is not valid and can cause a NULL pointer dereference of frame->data[1] later. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> (cherry picked from commit `0a8bff788b`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Andreas Cadhalpun	ef699b4135	dds: validate compressed source buffer size A too small buffer will cause segfaults somewhere below decompress_texture_thread. Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `9a37d47644`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Andreas Cadhalpun	a8513826dd	dds: validate source buffer size before copying If it is too small av_image_copy_plane segfaults. Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `1675809d2d`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:46 +01:00
Andreas Cadhalpun	df31acda64	dvdsubdec: validate offset2 similar to offset1 If it is negative, it causes segmentation faults in decode_rle. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `f621749d11`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:45 +01:00
Andreas Cadhalpun	d09fd0736a	brstm: reject negative sample rate A negative sample rate causes assertion failures in av_rescale_rnd. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `7b67fe20f6`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:45 +01:00
Andreas Cadhalpun	c3f276b608	aacps: avoid division by zero in stereo_processing This fixes a SIGFPE crash in the aac_fixed decoder. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> (cherry picked from commit `ef7fe9851e`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:45 +01:00
Andreas Cadhalpun	510d88ae93	softfloat: assert when the argument of av_sqrt_sf is negative The correct result can't be expressed in SoftFloat. Currently it returns a random value from an out of bounds read. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `f3866a14c3`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:45 +01:00
Michael Niedermayer	c4133b25f8	avcodec/takdec: Use memove, avoid undefined memcpy() use Fixes: e214333cbd94c91228e624ff39329ce6/asan_generic_4a5159_6412_96cda2530e80607210ab41ccae3d456d.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `7cea3430a5`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2015-11-26 01:35:41 +01:00
Michael Niedermayer	c9b3451da3	Update Changelog Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 01:17:17 +01:00
Andreas Cadhalpun	46f83b059b	aacsbr_fixed: check for envelope scalefactors overflowing This prevents various values from getting an insanely huge exponent. If someone knows a cleaner solution, thats welcome! This is similar to commit `8978c74` for aacsbr. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `0e36a14a42`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:43:01 +01:00
Andreas Cadhalpun	ce2664f5f7	aacdec: don't return frames without data from aac_decode_er_frame This is similar to commit `ec38a1b` for aac_decode_frame_int. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d7f29bfa69`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:42:50 +01:00
Michael Niedermayer	8364d607ac	avcodec/aacsbr_fixed: Try to initialize sum[0..1] differently to fix build with VS2012 Found-by: Hendrik Leppkes <h.leppkes@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `8a024f6a43`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:42:43 +01:00
Michael Niedermayer	21e42d9b0d	avcodec/aacsbr: Use FLOAT_0 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `dcf1cf5d24`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:42:35 +01:00
Andreas Cadhalpun	e10c353ca5	softfloat: handle INT_MIN correctly in av_int2sf Otherwise v=INT_MIN doesn't get normalized and thus triggers av_assert2 in other functions. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `9ac61e73d0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Michael Niedermayer	72be96ac55	avutil/softfloat: Include negative numbers in cmp/gt tests Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `955cdc43a3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Michael Niedermayer	6581e40e1a	avutil/softfloat: Fix av_gt_sf() with large exponents try #2 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `05b05a7a84`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Michael Niedermayer	0f9c617979	avutil/softfloat: Add test for av_gt_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `791ea23e57`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Michael Niedermayer	f9998d1994	avutil/softfloat: Extend the av_cmp_sf() test to cover a wider range of exponents Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ecfb076141`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Michael Niedermayer	7ad4bf4899	avutil/softfloat: Fix overflows in shifts in av_cmp_sf() and av_gt_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `cee3c9d29a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Michael Niedermayer	43ada90fc5	avutil/softfloat: Add test for av_cmp_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `df2a2117d2`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Ganesh Ajjanagadde	476ddffccb	avutil/common: add FFDIFFSIGN macro This is of use for defining comparator callbacks. Common approaches like return x-y are not safe due to the risks of overflow. Furthermore, the (x > y) - (x < y) trick is optimized to branchless code. This also documents this macro accordingly. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com> (cherry picked from commit `265f83fd35`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-12 00:00:57 +01:00
Michael Niedermayer	b533998d0a	avutil/softfloat: Add tests for exponent underflows Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `596dfe7d6c`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 23:32:58 +01:00
Michael Niedermayer	acd203fc0d	avutil/softfloat: Fix exponent underflow in av_div_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `046218b212`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 23:32:54 +01:00
Michael Niedermayer	402c4a9f81	avutil/softfloat: Fix exponent underflow in av_mul_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a1e3303fc0`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 23:32:51 +01:00
Michael Niedermayer	6e4bfbe936	avutil/softfloat: Fix typo in av_mul_sf() doxy Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `4135a2bfd6`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 23:32:48 +01:00
Michael Niedermayer	f38beb47da	avutil/softfloat: Correctly set the exponent for 0.0 in av_sqrt_sf() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `107db5abf3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 23:32:32 +01:00
Michael Niedermayer	efa9128556	avutil/softfloat: FLOAT_0 should use MIN_EXP Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a66b243d52`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 23:32:27 +01:00
Michael Niedermayer	3de8521667	swresample/resample: increase precision for compensation Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `351e625d60`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 18:41:01 +01:00
Rodger Combs	edf5e88eac	lavf/mov: add support for sidx fragment indexes Fixes trac #3842 (cherry picked from commit `4ab5666759`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 02:50:39 +01:00
Michael Niedermayer	8d634be4ce	update versions for 2.8.2 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-11 02:50:39 +01:00
Michael Niedermayer	9a6d581076	avformat/mxfenc: Only store user comment related tags when needed Also support disabling them as they seem to cause problems to some Users. They are also not allowed in IRT D-10 thus the default for mxf_d10 is not to write them This also decreases the filesize when no user comment are stored Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d9726893f3`) Conflicts: libavformat/mxfenc.c	2015-11-11 02:21:32 +01:00
Michael Niedermayer	84f8157662	tests/fate/avformat: Fix fate-lavf The CMP variable seems to have been inherited from fate-api-seek which set it to null the mxf reference needed a change due to `c7e14a279f` Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b83c849e87`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-10 11:20:21 +01:00
Simon Thelen	e5a2f5e74d	doc/ffmpeg: Clarify that the sdp_file option requires an rtp output. Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `b02201efb5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-09 23:58:05 +01:00
Simon Thelen	dac3598563	ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format. Fixes a segfault when trying to write nonexistent rtp information. Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `70fb5eadc5`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-09 23:56:29 +01:00
Andreas Cadhalpun	c0cd8747ef	apng: use correct size for output buffer The buffer needs s->bpp bytes, at maximum currently 10. Assert that s->bpp is not larger. This fixes a stack buffer overflow. Reviewed-by: wm4 <nfxjfg@googlemail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `3e8e1a660e`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-07 14:11:12 +01:00
Andreas Cadhalpun	e217224456	jvdec: avoid unsigned overflow in comparison The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size is 3, the right side overflows leading to a wrong result of the comparison and subsequently a heap buffer overflow. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `db374790c7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-07 14:10:41 +01:00
Michael Niedermayer	56419053bc	avcodec/jpeg2000dec: Clip all tile coordinates Fixes out of array access Fixes: b877a6b788a25c70e8b1d014f8628549/asan_heap-oob_1da2c3f_2324_5a1b329b0b3c4bb6b1d775660ac56717.r3d Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `43492ff3ab`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-07 03:02:04 +01:00
Michael Niedermayer	11b4822ddb	avcodec/microdvddec: Check for string end in 'P' case Fixes out of array read Fixes: a9502b60f4cecc19475382aee255f73c/asan_heap-oob_1e87fba_2548_a8ad47f6dde36644fe9cdc444d4632d0.sub Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `c719cd6cf7`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-07 01:10:58 +01:00
Michael Niedermayer	2de2959305	avcodec/dirac_parser: Fix undefined memcpy() use Fixes: 9d375e415486edd1a0c826f2307d89a4/asan_generic_4a5159_1577_faa333e83dacdd9e4dd322380aeed537.iss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `daefd8ab2f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-07 01:10:16 +01:00
Michael Niedermayer	b93a8bd838	avformat/xmv: Discard remainder of packet on error Fixes infinite loop Fixes: 9c48ae2680c5f23bca3d20ff0f325fd8/asan_generic_4c254d_1374_993f1e5967dd6f844b8d72f978ce2a6c.pss Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `79c4a338e4`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-06 02:55:48 +01:00
Michael Niedermayer	2817eb514c	avformat/xmv: factor return check out of if/else Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `9b6fac11da`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2015-11-06 02:55:13 +01:00

1 2 3 4 5 ...

75115 Commits