Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit makes the check specific to the case that needs it.
Regression was introduced by
commit 62adc60b97
Author: Michael Niedermayer <michaelni@gmx.at>
Date: Fri Dec 16 06:13:04 2011 +0100
avidec: Check that the header chunks fit in the available filesize.
Fixes Ticket771
Bug found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (23 commits)
aacenc: Fix identification padding when the bitstream is already aligned.
aacenc: Write correct length for long identification strings.
aud: remove unneeded field, audio_stream_index from context
aud: fix time stamp calculation for ADPCM IMA WS
aud: simplify header parsing
aud: set pts_wrap_bits to 64.
cosmetics: indentation
aud: support Westwood SND1 audio in AUD files.
adpcm_ima_ws: fix stereo decoding
avcodec: add a new codec_id for CRYO APC IMA ADPCM.
vqa: remove unused context fields, audio_samplerate and audio_bits
vqa: clean up audio header parsing
vqa: set time base to frame rate as coded in the header.
vqa: set packet duration.
vqa: use 1/sample_rate as the audio stream time base
vqa: set stream start_time to 0.
lavc: postpone the removal of AVCodecContext.request_channels.
lavf: postpone removing av_close_input_file().
lavc: postpone removing old audio encoding and decoding API
avplay: remove the -er option.
...
Conflicts:
Changelog
libavcodec/version.h
libavdevice/v4l.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
Remove ffmpeg.
aacenc: Simplify windowing
aacenc: Move saved overlap samples to the beginning of the same buffer as incoming samples.
aacenc: Deinterleave input samples before processing.
aacenc: Store channel count in AACEncContext.
aacenc: Move Q^3/4 calculation to it's own table
aacenc: Request normalized float samples instead of converting s16 samples to float.
aacpsy: Replace an if with FFMAX in LAME windowing.
aacenc: cosmetics, replace 'rd' with 'bits' in codebook_trellis_rate to make it more clear what is being calculated.
aacpsy: cosmetics, change a FIXME to a NOTE about subshort comparisons
aacenc: cosmetics: move init() and end() to the bottom of the file.
aacenc: aac_encode_init() cleanup
XWD encoder and decoder
vc1: don't read the interpfrm and bfraction elements for interlaced frames
mxfdec: fix memleak on mxf_read_close()
westwood: split the AUD and VQA demuxers into separate files.
Conflicts:
.gitignore
Changelog
Makefile
configure
doc/ffmpeg.texi
ffmpeg.c
libavcodec/Makefile
libavcodec/aacenc.c
libavcodec/allcodecs.c
libavcodec/avcodec.h
libavcodec/version.h
libavformat/Makefile
libavformat/img2.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This reduces the delay when opening the video with quicktime.
Idea-by: Maksym Veremeyenko <verem@m1stereo.tv>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (25 commits)
riff: fix invalid av_freep() calls on EOF in ff_read_riff_info
pam: Fix a typo that broke writing and reading PAM files.
mxfdec: fix memleak on av_realloc failures
mxfdec: Do not parse slices or DeltaEntryArrays.
mxfdec: hybrid demuxing/seeking solution
mxfdec: Add Avid's essence element key.
mfxdec: Separate mxf_essence_container_uls for audio and video.
mxfdec: Compute packet offsets properly.
mxfdec: Use MaterialPackage - Track - TrackID instead of the system_item hack.
mxfdec: use av_dlog() for 'no corresponding source package found'
mxfdec: Make mxf->partitions sorted by offset.
mxfdec: parse ThisPartition
mxfdec: Speed up metadata and index parsing.
mxfdec: Make sure DataDefinition is consistent between material track and source track.
mxfdec: add EssenceContainer UL found in 0001GL00.MXF.A1.mxf_opatom.mxf
mxfdec: Add hack that adjusts the n_delta calculation when system items are present.
mxfdec: Parse IndexTableSegments and convert them into AVIndexEntry arrays.
mxfdec: Move FooterPartition to MXFContext and make sure it is never zero.
mxfdec: check return value of avio_seek
mxfdec: skip to end of structural sets
...
Conflicts:
configure
libavcodec/pnm.c
libavformat/mxfdec.c
libavformat/riff.c
libavformat/rtsp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This uses the old demuxing code for OP1a and separate demuxing code for OPAtom.
Timestamp output is added to the old demuxing code.
The seeking code is made to seek to the start of the desired EditUnit only,
from which the normal demuxing code takes over (if OP1a). This means we
do not use delta entries or slices, only StreamOffsets. OPAtom seeking
basically works like before.
This also makes D-10 seeking behave the same way as OP1a and OPAtom. In other
words, we allow seeking before the start or past the end for D-10 too.
Based on several patches by Tomas Härdin <tomas.hardin@codemill.se> and
Reimar Döffinger <Reimar.Doeffinger@gmx.de>.
Changed av_calloc to av_mallocz, added overflow checks.
It is a really bad idea to assign a video codec id
when we have set codec_type to audio and vice versa.
Prevents detection of mp2 in mxf as mpeg2video.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
