This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2012-2800
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Fixes CVE-2012-2794
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Add a small table of integers instead as this is simpler and
avoid rounding issues (though such rounding issues are unlikely in this case)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The values are checked in the wraper function used to call this code.
This was introduced by: ee715f49a0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b146d74730ab9ec5abede9066f770ad851e45fbc':
indeo4: update AVCodecContext width/height on size change
dfa: check that the caller set width/height properly.
indeo5dec: Make sure we have had a valid gop header.
cavsdec: check for changing w/h.
lavc: set channel count from channel layout in avcodec_open2().
doc/platform: Rework the Visual Studio linking section
doc/faq: Change the Visual Studio entry to reflect current status
doc/platform: Replace Visual Studio section with build instructions
doc/platform: Nuke section on linking static MinGW-built libs with MSVC
doc/platform: Remove false claim about MinGW installer
doc/platform: Mention MinGW-w64
dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction()
mpegaudiodec: fix short_start calculation
Conflicts:
doc/faq.texi
doc/platform.texi
libavcodec/cavsdec.c
libavcodec/indeo5.c
libavcodec/ivi_common.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Do not build from scratch the section header for each section, but build
it using the previous level buffer, thus improving efficiency.
Also fix some few corner cases related to numbering which are exposed by
the pending disposition patch.
Do not build from scratch the section header for each section, but build
using the previous level buffer, thus improving efficiency and fix some
few corner cases which are exposed by the pending disposition patch.
Regular section fields nested in a regular section are now prefixed by
the nested section name.
This is required by the pending change related to disposition.
Regular section fields nested in a regular section are now prefixed by
the nested section name.
This is required by the pending change related to disposition.
This prevents decoding happening on a half initialized context.
Fixes CVE-2012-2779
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Our decoder does not support changing w/h.
Fixes CVE-2012-2777 and CVE-2012-2784.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This practice is not supported by the MinGW developers, and even requires
patching the MinGW runtimes in newer versions. Furthermore, we now support
build with MSVC, so this section is rendered useless.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
This practice is not supported by the MinGW developers, and even requires
patching the MinGW runtimes in newer versions. Furthermore, we now support
build with MSVC, so this section is rendered useless.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
It is not correct in all cases and it is less predictable than a skip of 0
for user applications.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The value should be always 3, as it follows from the specification.
Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.