Fixes integer overflow and out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b047c68783aa4042b322af7af043b643d5daf09c':
4xm: don't rely on get_buffer() initializing the frame.
huffyuv: split encoder and decoder into separate files.
lavc: make pkt_{p,d}ts doxy less confusing
Conflicts:
libavcodec/Makefile
libavcodec/huffyuv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also replace relevant bytestream2 functions with unchecked variants due
code that already checks for overreads.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
* qatar/master:
4xm: fix invalid array indexing
rv34dsp: factorize a multiplication in the noround inverse transform
rv40: perform bitwise checks in loop filter
rv34: remove inline keyword from rv34_decode_block().
rv40: change a logical test into a bitwise one.
rv34: remove constant parameter
rv40: don't always do the full prev_type search
dsputil x86: revert a test back to its previous value
rv34dsp x86: implement MMX2 inverse transform
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
asf: only set index_read if the index contained entries.
cabac: add overread protection to BRANCHLESS_GET_CABAC().
cabac: increment jump locations by one in callers of BRANCHLESS_GET_CABAC().
cabac: remove unused argument from BRANCHLESS_GET_CABAC_UPDATE().
cabac: use struct+offset instead of memory operand in BRANCHLESS_GET_CABAC().
h264: add overread protection to get_cabac_bypass_sign_x86().
h264: reindent get_cabac_bypass_sign_x86().
h264: use struct offsets in get_cabac_bypass_sign_x86().
h264: fix overreads in cabac reader.
wmall: fix seeking.
lagarith: fix buffer overreads.
dvdec: drop unnecessary dv_tablegen.h #include
build: fix doc generation errors in parallel builds
Replace memset(0) by zero initializations.
faandct: Remove FAAN_POSTSCALE define and related code.
dvenc: print allowed profiles if the video doesn't conform to any of them.
avcodec_encode_{audio,video}: only reallocate output packet when it has non-zero size.
FATE: add a test for vp8 with changing frame size.
fate: add kgv1 fate test.
oggdec: calculate correct timestamps in Ogg/FLAC
Conflicts:
libavcodec/4xm.c
libavcodec/cook.c
libavcodec/dvdata.c
libavcodec/dvdsubdec.c
libavcodec/lagarith.c
libavcodec/lagarithrac.c
libavcodec/utils.c
tests/fate/video.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (38 commits)
v210enc: remove redundant check for pix_fmt
wavpack: allow user to disable CRC checking
v210enc: Use Bytestream2 functions
cafdec: Check return value of avio_seek and avoid modifying state if it fails
yop: Check return value of avio_seek and avoid modifying state if it fails
tta: Check return value of avio_seek and avoid modifying state if it fails
tmv: Check return value of avio_seek and avoid modifying state if it fails
r3d: Check return value of avio_seek and avoid modifying state if it fails
nsvdec: Check return value of avio_seek and avoid modifying state if it fails
mpc8: Check return value of avio_seek and avoid modifying state if it fails
jvdec: Check return value of avio_seek and avoid modifying state if it fails
filmstripdec: Check return value of avio_seek and avoid modifying state if it fails
ffmdec: Check return value of avio_seek and avoid modifying state if it fails
dv: Check return value of avio_seek and avoid modifying state if it fails
bink: Check return value of avio_seek and avoid modifying state if it fails
Check AVCodec.pix_fmts in avcodec_open2()
svq3: Prevent illegal reads while parsing extradata.
remove ParseContext1
vc1: use ff_parse_close
mpegvideo parser: move specific fields into private context
...
Conflicts:
libavcodec/4xm.c
libavcodec/aacdec.c
libavcodec/h264.c
libavcodec/h264.h
libavcodec/h264_cabac.c
libavcodec/h264_cavlc.c
libavcodec/mpeg4video_parser.c
libavcodec/svq3.c
libavcodec/v210enc.c
libavformat/cafdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
aacenc: Fix LONG_START windowing.
aacenc: Fix a bug where deinterleaved samples were stored in the wrong place.
avplay: use the correct array size for stride.
lavc: extend doxy for avcodec_alloc_context3().
APIchanges: mention avcodec_alloc_context()/2/3
avcodec_align_dimensions2: set only 4 linesizes, not AV_NUM_DATA_POINTERS.
aacsbr: ARM NEON optimised sbrdsp functions
aacsbr: align some arrays
aacsbr: move some simdable loops to function pointers
cosmetics: Remove extra newlines at EOF
Conflicts:
libavcodec/utils.c
libavfilter/formats.c
libavutil/mem.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (21 commits)
ipmovie: do not read audio packets before the codec is known
truemotion2: check size before GetBitContext initialisation
avio: Only do implicit network initialization for network protocols
avio: Add an URLProtocol flag for indicating that a protocol uses network
adpcm: ADPCM Electronic Arts has always two channels
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
fate: Add missing reference file from 9b4767e4.
mov: Support MOV_CH_LAYOUT_USE_DESCRIPTIONS for labeled descriptions.
4xm: Prevent buffer overreads.
mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
vp3: add fate test for non-zero last coefficient
vp3: fix streams with non-zero last coefficient
swscale: remove unused U/V arguments from yuv2rgb_write().
timer: K&R formatting cosmetics
lavf: cosmetics, reformat av_read_frame().
lavf: refactor av_read_frame() to make it easier to understand.
Report an error if pitch_lag is zero in AMR-NB decoder.
Revert "4xm: Prevent buffer overreads."
4xm: Prevent buffer overreads.
4xm: pass the correct remaining buffer size to decode_i2_frame().
...
Conflicts:
libavcodec/4xm.c
libavcodec/mjpegdec.c
libavcodec/truemotion2.c
libavformat/ipmovie.c
libavformat/mov_chan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
frame_size is the number of bytes left in the packet, so if we are passing
buf-4 we can safely read frame_size+4 bytes.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
* qatar/master:
vp3dec: Check coefficient index in vp3_dequant()
svq1dec: call avcodec_set_dimensions() after dimensions changed.
Prepare for 0.8_beta1 snapshot release
threads: check defines before using them in automatic thread detection
pthread: include sys/types.h before sys/sysctl.h
4xm: remove unused variables.
h264: Fix a possible overread in decode_nal_units()
allfilters: fix type of avfilter_vsrc_buffer.
w32thread: call ResetEvent() in pthread_cond_broadcast().
Conflicts:
Changelog
RELEASE
doc/RELEASE_NOTES
libavcodec/pthread.c
libavcodec/vp3.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
