7fb6c9225c
lavc: free the output packet when encoding failed or produced no output.
13 years ago
e42e9b0e4d
lavc: preserve avpkt->destruct in ff_alloc_packet().
...
Also, don't bother with saving/restoring data, av_init_packet doesn't
touch it.
13 years ago
c179c9e19d
lavc: clarify the meaning of AVCodecContext.frame_number.
13 years ago
c266eb1928
arm: Fix 10l typo
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
70b5583baa
kvmc: Fix out of reference frame reads.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
81d4b3af81
qpeg: fix overreads.
...
qpeg should probably be changed to use the checked bytestream reader.
But for now this fixes it and is significantly less work.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
4299dfa5de
qpeg: Fix out of array writes.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
aaa1173de7
srtdec: fix a format string vulnerability.
...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
689f65126b
simple_idct: idct_4col_put: Fix out of array reads.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
422e3a74b9
rawdec: fix input overread.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
9d87374ec0
amrwb: remove duplicate arguments from extrapolate_isf().
...
Prevents warnings because the dst and src overlap (are the same) in the
memcpy() inside the function.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
13 years ago
e7b43e8e84
truemotion1: Check input buffer size against header size.
...
Fixes overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
a3f5ee297a
mjpeg: Check for interlaced progressive frames
...
Fixes null pointer dereference.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
0af48e29f5
snow: check reference frame indices.
...
Fixes NULL ptr dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
154b8bb800
amrwb: error out early if mode is invalid.
...
Prevents using the invalid mode as an index in a static array, which
would generate invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
13 years ago
291c9b6285
h264: change underread for 10bit QPEL to overread.
...
This prevents us from reading before the start of the buffer, and thus
prevents crashes resulting from this behaviour. Fixes bug 237.
13 years ago
45549339bc
vp8: disable mmx functions with sse/sse2 counterparts on x86-64.
...
x86-64 is guaranteed to have at least SSE2, therefore the MMX/MMX2
functions will never be used in practice.
13 years ago
bd66f073fe
vp8: change int stride to ptrdiff_t stride.
...
On 64bit platforms with 32bit int, this means we won't have to sign-
extend the integer anymore.
13 years ago
349b7977e4
wma: fix invalid buffer size assumptions causing random overreads.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
13 years ago
9d25f1f619
Windows Media Audio Lossless decoder
...
Decodes 16-bit WMA Lossless encoded files. 24-bit is not supported yet.
Bitstream parser written by Andreas Öman with contributions from
Baptiste Coudurier and Ulion.
Includes a number of bug-fixes from Benjamin Larsson, Michael Niedermayer and
Konstantin Shishkov, shine and polish by Diego Biurrun.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
13 years ago
8fdd93eaad
huffyuv: pad classic huffman tables so as to avoid bitreader overread.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
64c58f1436
vc1: mquant is not allowed to be 0
...
Fixes out of bounds read.
Checked against SMPTE 421M-2006
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
9243ec4a50
rv10/20: Fix slice overflow with checked bitstream reader.
13 years ago
71db86d53b
h263dec: Disallow width/height changing with frame threads.
...
Fixes CVE-2011-3937
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
2f6528537f
rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
13 years ago
b087ce2bee
g722: Fix the QMF scaling
...
This fixes clipping if the encoder input used the full 16 bit
input range (samples with a magnitude below 16383 worked fine).
The filtered subband samples should be 15 bit maximum, while
the code earlier produced them scaled to 16 bit.
This makes the decoder output have double the magnitude
compared to before.
The spec reference samples doesn't test the QMF at all, which
was why this part slipped past initially.
Signed-off-by: Martin Storsjö <martin@martin.st>
13 years ago
e93d911e48
h263: fix zygo debug printing overreading.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
d964db5742
wmadec: fix off by 1 error on the pow_tab index check.
...
Fixes global out of array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
ec3cd74f2d
h261: check mtype.
...
Fixes out of array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
f604eab30a
wavpack: Fix an integer overflow
...
Integer Overflow Checker detected an integer
overflow while FATE was running.
See: http://fate.libav.org/x86_64-linux-ioc/
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
13 years ago
83c418e68e
wavpack: Fix an integer overflow
...
Integer Overflow Checker detected an integer
overflow while FATE was running.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
7a7b1f5c4d
roqvideodec: improve end of input buffer check
...
This fixes a out of array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
1c4717be4f
mjpegdec: use correct variable in av_log invocation
...
libavcodec/mjpegdec.c:1463: warning: format ‘%x’ expects type ‘unsigned int’, but argument 5 has type ‘const uint8_t *’
13 years ago
324deaa268
Replace AVFrame pointer type punning by proper struct member assignments.
13 years ago
47c0ac96aa
Replace AVFrame pointer casts by proper struct member accesses.
13 years ago
562b6c744a
Remove unnecessary AVFrame pointer casts.
13 years ago
2f4b476e04
msmpeg4: Split encoding backend code off from general backend code.
13 years ago
eb727387fd
lavc: shrink encoded video packet size after encoding.
...
Based on a patch by Nicolas George <nicolas.george <at> normalesup.org>
13 years ago
75d11b55d7
vc1: avoid reading beyond the last line in vc1_draw_sprites()
...
Fixes overread
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
0ce4fe482c
h264: error out on invalid bitdepth.
...
Fixes invalid reads while initializing the dequant tables, which uses
the bit depth to determine the QP table size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
13 years ago
cc412b7104
aacsbr: use a swap index for the Y matrix rather than copy buffers.
...
Signed-off-by: Alex Converse <alex.converse@gmail.com>
13 years ago
dc945b1fa8
eatgq: Pass error code from tgq_decode_mb() and let the caller fail.
...
This fixes a over read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
32f0c65828
vc1: fix out of array reads in vc1_inv_trans_4x4_c()
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
80c702efeb
vc1: fix out of array reads in vc1_inv_trans_4x8_c()
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
af796ba4b8
vc1: fix out of array reads in vc1_inv_trans_8x4_c()
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
63c9de6469
huffyuv: do not abort on unknown pix_fmt; instead, return an error.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
13 years ago
b2a7c01733
mpc: Fix mpc_CC table and use.
...
This is based on the reference implementation and fixes
a global out of array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
b84211ac71
mpc: Fix mpc_SCF use and content.
...
This fixes a out of global array read.
This change is based on the reference mpc imlementation.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
13 years ago
bd17a40a7e
lcl: return negative error codes on decode_init() errors.
...
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
13 years ago
bdc1220eeb
h263enc: Add an option for outputting info about MBs as side data
...
Signed-off-by: Martin Storsjö <martin@martin.st>
13 years ago
Anton Khirnov
Michael Niedermayer
Fabian Greffrath
Ronald S. Bultje
Mashiat Sarker Shakkhar
Alex Converse
Martin Storsjö
Derek Buitenhuis
Diego Biurrun
Christophe Gisquet