ffmpeg.git
7 years agosmacker: add forgotten *
Michael Niedermayer [Mon, 12 Sep 2011 21:45:21 +0000 (23:45 +0200)]
smacker: add forgotten *
found by fenrir

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f98edc73c599badaa0c075fbffb519a150d03d80)

7 years agosegafilm: Fix potential division by 0 on corrupted segafilm streams in the demuxer.
Laurent Aimar [Mon, 12 Sep 2011 19:09:57 +0000 (21:09 +0200)]
segafilm: Fix potential division by 0 on corrupted segafilm streams in the demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agosegafilm: Check for memory allocation failures in segafilm demuxer.
Laurent Aimar [Mon, 12 Sep 2011 18:58:35 +0000 (20:58 +0200)]
segafilm: Check for memory allocation failures in segafilm demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7cbe02575868e7d25acf3d319ece664702700f0a)

7 years agorv34: check that subsequent slices have the same type as first one.
Kostya Shishkov [Mon, 12 Sep 2011 09:39:53 +0000 (11:39 +0200)]
rv34: check that subsequent slices have the same type as first one.

This prevents some crashes when corrupted bitstream reports e.g. P-type
slice in I-frame. Official RealVideo decoder demands all slices to be
of the same type too.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 23a1f0c59241465ba30103388029a7afc0ead909)

7 years agoFixed invalid read access on extra data in cinepak decoder.
Laurent Aimar [Sun, 11 Sep 2011 17:17:43 +0000 (19:17 +0200)]
Fixed invalid read access on extra data in cinepak decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc255275f6293a060518271a151e1ce75499e874)

7 years agoFixed segfault on corrupted smacker streams in the demuxer.
Laurent Aimar [Sun, 11 Sep 2011 16:51:52 +0000 (18:51 +0200)]
Fixed segfault on corrupted smacker streams in the demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d0121e8d969cde74fa7dbd96d3602109b051e701)

7 years agoFixed segfaults on corruped smacker streams in the decoder.
Laurent Aimar [Sun, 11 Sep 2011 16:54:01 +0000 (18:54 +0200)]
Fixed segfaults on corruped smacker streams in the decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d07ac1853da29ea696243160e02154ebf758d1ee)

7 years agoFixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
Laurent Aimar [Wed, 7 Sep 2011 19:43:03 +0000 (21:43 +0200)]
Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296)

7 years agoFixed deference of NULL pointer in motionpixels decoder.
Laurent Aimar [Sat, 10 Sep 2011 11:28:13 +0000 (13:28 +0200)]
Fixed deference of NULL pointer in motionpixels decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 824f98f442996eaee9204b132752cf5114fc94cf)

7 years agoqcelpdec: fix the return value of qcelp_decode_frame().
Chris Rankin [Wed, 7 Sep 2011 09:17:30 +0000 (10:17 +0100)]
qcelpdec: fix the return value of qcelp_decode_frame().
(cherry picked from commit 04c13dca8812e8302686887b6e8201d4ad25b7d8)

7 years agoCheck extradata size on resolution change.
Reimar Döffinger [Sun, 17 Jul 2011 13:22:36 +0000 (15:22 +0200)]
Check extradata size on resolution change.

Ignore resolution change if resolution not defined in extradata.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 09c5f990bc7629dfbee8c760fd485936c60a7b40)

7 years agorv34: Check for invalid slice offsets
Laurent Aimar [Mon, 19 Sep 2011 20:48:53 +0000 (22:48 +0200)]
rv34: Check for invalid slice offsets

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4cc7732386eb36661ed22d1200339b38a5fa60bc)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agorv34: Avoid NULL dereference on corrupted bitstream
Laurent Aimar [Sat, 17 Sep 2011 21:43:58 +0000 (23:43 +0200)]
rv34: Avoid NULL dereference on corrupted bitstream

rv34_decode_slice() can return without allocating any pictures.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d0f6ab0298f2309c6104626787ed73416298b019)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agorv10: Reject slices that does not have the same type as the first one
Laurent Aimar [Sat, 17 Sep 2011 22:03:08 +0000 (00:03 +0200)]
rv10: Reject slices that does not have the same type as the first one

This prevents crashes with some corrupted bitstreams.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4a29b471869353c3077fb4b25b6518eb1047afb7)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agooggdec: fix out of bound write in the ogg demuxer
Laurent Aimar [Sun, 11 Sep 2011 21:26:12 +0000 (23:26 +0200)]
oggdec: fix out of bound write in the ogg demuxer

Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoCheck for invalid VLC value in smacker decoder.
Laurent Aimar [Mon, 12 Sep 2011 21:49:36 +0000 (23:49 +0200)]
Check for invalid VLC value in smacker decoder.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6489455495fc5bfbebcfe3f57e5d4fdd6a781091)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoCheck and propagate errors when VLC trees cannot be built in smacker decoder.
Laurent Aimar [Mon, 12 Sep 2011 21:46:49 +0000 (23:46 +0200)]
Check and propagate errors when VLC trees cannot be built in smacker decoder.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 9676ffba8346791f494451e68d2a3b37a2918a9b)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoFixed off by one packet size allocation in the smacker demuxer.
Laurent Aimar [Mon, 12 Sep 2011 18:50:34 +0000 (20:50 +0200)]
Fixed off by one packet size allocation in the smacker demuxer.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoape demuxer: fix segfault on memory allocation failure.
Laurent Aimar [Sun, 11 Sep 2011 17:17:40 +0000 (19:17 +0200)]
ape demuxer: fix segfault on memory allocation failure.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoCheck for invalid packet size in the smacker demuxer.
Laurent Aimar [Mon, 12 Sep 2011 18:50:13 +0000 (20:50 +0200)]
Check for invalid packet size in the smacker demuxer.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agocljr: init_get_bits size in bits instead of bytes
Alex Converse [Fri, 9 Sep 2011 21:50:33 +0000 (14:50 -0700)]
cljr: init_get_bits size in bits instead of bytes
(cherry picked from commit 0c1f5b93d9b97c4cc3684ba91a040e90bfc760d2)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoindeo2: fail if input buffer too small
Alex Converse [Fri, 9 Sep 2011 20:26:49 +0000 (13:26 -0700)]
indeo2: fail if input buffer too small
(cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoindeo2: init_get_bits size in bits instead of bytes
Alex Converse [Fri, 9 Sep 2011 20:24:19 +0000 (13:24 -0700)]
indeo2: init_get_bits size in bits instead of bytes
(cherry picked from commit 68ca330cbd479111db9cb7649d7530ad59f04cc8)

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agocavsdec: avoid possible crash with crafted input
Michael Niedermayer [Wed, 10 Aug 2011 15:29:51 +0000 (17:29 +0200)]
cavsdec: avoid possible crash with crafted input

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9f06c1c61e876e930753da200bfe835817e30a53)

7 years agoFix possible double free when encoding using xvid.
Carl Eugen Hoyos [Fri, 1 Jul 2011 00:38:28 +0000 (02:38 +0200)]
Fix possible double free when encoding using xvid.
(cherry picked from commit 315f0e3fd8dcbd1362276b7407dad2e97cccc4b7)

7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Thu, 3 Nov 2011 01:22:07 +0000 (02:22 +0100)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.
  cavs: fix some crashes with invalid bitstreams
  mjpeg: Detect overreads in mjpeg_decode_scan() and error out.

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoFix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.
Michael Niedermayer [Thu, 28 Jul 2011 12:59:54 +0000 (14:59 +0200)]
Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.

Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)

Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77d2ef13a8fa630e5081f14bde3fd20f84c90aec)

NB: MSVR-11-0080 doesn't seem to exist. This issue seems to be known
as MSVR11-011 instead.

Fixes: CVE-2011-3504

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agocavs: fix some crashes with invalid bitstreams
Mans Rullgard [Wed, 10 Aug 2011 17:52:11 +0000 (18:52 +0100)]
cavs: fix some crashes with invalid bitstreams

This removes all valgrind-reported invalid writes with one
specific test file.

Fixes http://www.ocert.org/advisories/ocert-2011-002.html

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 4a71da0f3ab7f5542decd11c81994f849d5b2c78)

Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
8 years agoFix apparently exploitable race condition.
Michael Niedermayer [Fri, 25 Mar 2011 01:24:32 +0000 (02:24 +0100)]
Fix apparently exploitable race condition.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
8 years agoAMV: Fix possibly exploitable crash.
Michael Niedermayer [Thu, 21 Apr 2011 20:04:21 +0000 (22:04 +0200)]
AMV: Fix possibly exploitable crash.
Reported-at: Thu, 21 Apr 2011 14:38:25 +0000
Reported-by: Dominic Chell <Dominic.Chell@ngssecure.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
8 years agomjpeg: Detect overreads in mjpeg_decode_scan() and error out.
Michael Niedermayer [Thu, 21 Apr 2011 20:03:24 +0000 (22:03 +0200)]
mjpeg: Detect overreads in mjpeg_decode_scan() and error out.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Ronald S. Bultje <rbultje@google.com>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
8 years agoupdate release date
Reinhard Tartler [Thu, 17 Mar 2011 12:10:27 +0000 (13:10 +0100)]
update release date

8 years agodocument APE patch
Reinhard Tartler [Thu, 17 Mar 2011 12:09:40 +0000 (13:09 +0100)]
document APE patch

8 years agoDo not attempt to decode APE file with no frames
Kostya [Tue, 15 Mar 2011 09:19:43 +0000 (09:19 +0000)]
Do not attempt to decode APE file with no frames

This fixes invalid reads/writes with this sample:
http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt
(cherry picked from commit 8312e3fc9041027a33c8bc667bb99740fdf41dd5)

8 years agoFix a bunch of typos in the release documentation.
Diego Biurrun [Sun, 6 Mar 2011 10:02:36 +0000 (11:02 +0100)]
Fix a bunch of typos in the release documentation.

8 years agoBump version number for 0.5.4 release.
Reinhard Tartler [Sun, 20 Feb 2011 21:12:52 +0000 (22:12 +0100)]
Bump version number for 0.5.4 release.

8 years agorelease notes for 0.5.4
Reinhard Tartler [Fri, 18 Feb 2011 16:06:06 +0000 (17:06 +0100)]
release notes for 0.5.4

8 years agoAmend Changelog for 0.5.4
Reinhard Tartler [Fri, 18 Feb 2011 16:06:06 +0000 (17:06 +0100)]
Amend Changelog for 0.5.4

8 years agoCall avcodec_set_dimensions() instead of simply setting avctx->width/height
Kostya Shishkov [Tue, 24 Nov 2009 06:05:41 +0000 (06:05 +0000)]
Call avcodec_set_dimensions() instead of simply setting avctx->width/height
when frame dimensions change in RV3/4.

Originally committed as revision 20595 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit d90aeeaf569e4a08c30b3d1d09c3cff3a86eb431)

8 years agoFix invalid reads in VC1 decoder
Reimar Döffinger [Sat, 19 Feb 2011 10:33:01 +0000 (11:33 +0100)]
Fix invalid reads in VC1 decoder

Patch discussed and taken from https://roundup.ffmpeg.org/issue2584
(cherry picked from commit 2bbec1eda46d907605772a8b6e8263caa4bc4c82)

Change related to CVE-2011-0723

8 years agoMake get_bits_left() available for use in libavcodec (was previously held
Ronald S. Bultje [Mon, 9 Nov 2009 22:10:43 +0000 (22:10 +0000)]
Make get_bits_left() available for use in libavcodec (was previously held
private in dv.c for some reason). See "[PATCH] get_bits_left()" thread.

Originally committed as revision 20490 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit c47ca25e74bbe465cdc8b99d4f6ab4f0ad5e4229)

8 years agoUpdate Changelog for 0.5.4 release.
Reinhard Tartler [Sun, 13 Feb 2011 22:34:41 +0000 (23:34 +0100)]
Update Changelog for 0.5.4 release.

8 years agoCheck rangebits to avoid a possible crash.
Frank Barchard [Sun, 13 Feb 2011 20:38:45 +0000 (21:38 +0100)]
Check rangebits to avoid a possible crash.
Fixes issue 2548 (and Chrome issue 68115 and unknown CERT issues).

Originally committed as revision 26365 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 13184036a6b1b1d4b61c91118c0896e9ad4634c3)

Addresses: CVE-2011-0480

Conflicts:

libavcodec/vorbis_dec.c

8 years agoFix crashes in vorbis decoding found by zzuf
Jason Garrett-Glaser [Sun, 13 Feb 2011 19:41:13 +0000 (20:41 +0100)]
Fix crashes in vorbis decoding found by zzuf
Fixes issue 2322.

Originally committed as revision 25591 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 3dde66752d59dfdd0f3727efd66e7202b3c75078)

Addresses: CVE-2010-4704

8 years agoalso ignore *.so for vhook plugins
Reinhard Tartler [Thu, 10 Feb 2011 13:09:35 +0000 (14:09 +0100)]
also ignore *.so for vhook plugins

8 years agoconsolidate .gitignore patters into a single file
Janne Grunau [Tue, 18 Jan 2011 19:44:24 +0000 (20:44 +0100)]
consolidate .gitignore patters into a single file

Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net>
(cherry picked from commit 2c3589bfda036c7827ded0bf38b16dfe7630bae1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
8 years agoconvert svn:ignore properties to .gitignore files
Janne Grunau [Mon, 17 Jan 2011 14:49:11 +0000 (15:49 +0100)]
convert svn:ignore properties to .gitignore files

Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net>
(cherry picked from commit 348b8218f7a59374355c966dbe3b851a7275f952)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
8 years agoUpdate dimensions in AVCodecContext when RV3/4 frame dimensions change
Kostya Shishkov [Sun, 22 Nov 2009 07:48:35 +0000 (07:48 +0000)]
Update dimensions in AVCodecContext when RV3/4 frame dimensions change

Originally committed as revision 20572 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit ec10d2d53999f6edf7d7b5ac88df263eccfb1fb0)

Fixes heap corruption crashes

Addresses: CVE-2011-0722
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
8 years agoUpdate safety check as the maximum pixel size is no longer 4.
Michael Niedermayer [Wed, 22 Apr 2009 01:54:05 +0000 (01:54 +0000)]
Update safety check as the maximum pixel size is no longer 4.
New max size is 16bit * 4 samples (RGBA).

Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 445f0a8b666a34e6402f6ae96c6804c8bc024baa)

Addresses: CVE-2010-3908
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
9 years agorelease notes for 0.5.3 v0.5.3
Reinhard Tartler [Mon, 18 Oct 2010 19:43:55 +0000 (19:43 +0000)]
release notes for 0.5.3

Originally committed as revision 25523 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoBump version number for 0.5.3 release.
Diego Biurrun [Mon, 18 Oct 2010 19:40:09 +0000 (19:40 +0000)]
Bump version number for 0.5.3 release.

Originally committed as revision 25522 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoUpdate Changelog for 0.5.3 release.
Diego Biurrun [Mon, 18 Oct 2010 19:38:02 +0000 (19:38 +0000)]
Update Changelog for 0.5.3 release.

Originally committed as revision 25521 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoFix several security issues in flicvideo.c
Reinhard Tartler [Sun, 3 Oct 2010 14:51:50 +0000 (14:51 +0000)]
Fix several security issues in flicvideo.c
This fixes CVE-2010-3429

backport r25223 by michael

Originally committed as revision 25325 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agounbreak compilation and finish backport r24280 by mstorsjo
Reinhard Tartler [Sun, 3 Oct 2010 14:50:04 +0000 (14:50 +0000)]
unbreak compilation and finish backport r24280 by mstorsjo

Originally committed as revision 25324 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoaviobuf: Do short seeks forward by reading and skipping data instead of a proper...
Reinhard Tartler [Thu, 22 Jul 2010 11:58:26 +0000 (11:58 +0000)]
aviobuf: Do short seeks forward by reading and skipping data instead of a proper seek

This improves performance on e.g. seekable http.

backport r24280 by mstorsjo

Originally committed as revision 24428 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoconfigure: improve temp file creation and cleanup
Reinhard Tartler [Mon, 31 May 2010 13:06:51 +0000 (13:06 +0000)]
configure: improve temp file creation and cleanup

backport r17752 by mru

Originally committed as revision 23393 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agorelease notes for 0.5.2 v0.5.2
Diego Biurrun [Mon, 24 May 2010 21:58:47 +0000 (21:58 +0000)]
release notes for 0.5.2

Originally committed as revision 23300 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoBump version number for 0.5.2 release.
Diego Biurrun [Mon, 24 May 2010 21:55:01 +0000 (21:55 +0000)]
Bump version number for 0.5.2 release.

Originally committed as revision 23299 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoUpdate Changelog for 0.5.2 release.
Diego Biurrun [Mon, 24 May 2010 21:41:51 +0000 (21:41 +0000)]
Update Changelog for 0.5.2 release.

Originally committed as revision 23298 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck validity of channels & samplerate.
Reinhard Tartler [Wed, 24 Mar 2010 19:35:30 +0000 (19:35 +0000)]
Check validity of channels & samplerate.
This may be security relevant.
Based on 2 patches by chrome.

backport r19975 by michael

Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agofix compilation issue on powerpc
Reinhard Tartler [Fri, 12 Mar 2010 20:35:04 +0000 (20:35 +0000)]
fix compilation issue on powerpc

unlike the ARCH_ macros, COMPILE_ALTIVEC needs to be tested more carefully

Originally committed as revision 22488 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoFix compilation on powerpc with --disable-altivec
Reinhard Tartler [Wed, 10 Mar 2010 20:55:07 +0000 (20:55 +0000)]
Fix compilation on powerpc with --disable-altivec

in case altivec is disabled, even compilation of code using altivec
keywords or asm must be avoided.

backport r30869 from mplayer repo by siretart

Originally committed as revision 22436 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoMention LGPL libswscale in the Changelog.
Diego Biurrun [Sat, 6 Mar 2010 19:50:56 +0000 (19:50 +0000)]
Mention LGPL libswscale in the Changelog.

Originally committed as revision 22253 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agolibswscale is no longer GPL; update help comment accordingly.
Diego Biurrun [Sat, 6 Mar 2010 19:40:37 +0000 (19:40 +0000)]
libswscale is no longer GPL; update help comment accordingly.

Originally committed as revision 22250 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoAdd Hurd to OS list and disable dv1394 in the Hurd case.
Andres Mejia [Sat, 6 Mar 2010 16:57:43 +0000 (16:57 +0000)]
Add Hurd to OS list and disable dv1394 in the Hurd case.
patch by Andres Mejia, mcitadel gmail com

backport r18938 by diego

Originally committed as revision 22237 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoAdd point release date.
Diego Biurrun [Wed, 3 Mar 2010 08:25:10 +0000 (08:25 +0000)]
Add point release date.

Originally committed as revision 22163 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agofix 'seektest' again v0.5.1
Reinhard Tartler [Tue, 2 Mar 2010 16:03:06 +0000 (16:03 +0000)]
fix 'seektest' again

backport  r19270 by rbultje:

Remove any reference to ASFContext.packet_size and replace it with
AVFormatContext.packet_size. See "[PATCH] asf*.c/h: use
AVFormatContext->packet_size instead of own copy" thread on ML.

and r19361 by reimar:

Check for packet_length 0, it is already treated as invalid by the padding check,
but that resulted in a confusing/wrong error message.

Originally committed as revision 22147 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoBump version to 0.5.1.
Diego Biurrun [Tue, 2 Mar 2010 14:43:01 +0000 (14:43 +0000)]
Bump version to 0.5.1.

Originally committed as revision 22146 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoMention licensing-related changes; some whitespace adjustments.
Diego Biurrun [Tue, 2 Mar 2010 14:25:48 +0000 (14:25 +0000)]
Mention licensing-related changes; some whitespace adjustments.

Originally committed as revision 22145 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoIf we are using partial release names we might as well try to be funny.
Diego Biurrun [Mon, 1 Mar 2010 18:03:53 +0000 (18:03 +0000)]
If we are using partial release names we might as well try to be funny.

Originally committed as revision 22134 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoAdd release managers, merged from trunk.
Diego Biurrun [Mon, 1 Mar 2010 17:58:50 +0000 (17:58 +0000)]
Add release managers, merged from trunk.

Originally committed as revision 22133 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoamend release notes for 0.5.1
Reinhard Tartler [Mon, 1 Mar 2010 16:22:27 +0000 (16:22 +0000)]
amend release notes for 0.5.1

Originally committed as revision 22129 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoMention security fixes in the changelog.
Diego Biurrun [Sun, 28 Feb 2010 22:22:22 +0000 (22:22 +0000)]
Mention security fixes in the changelog.

Originally committed as revision 22121 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoadd myself to gpg fingerprint list
Reinhard Tartler [Sat, 27 Feb 2010 10:16:45 +0000 (10:16 +0000)]
add myself to gpg fingerprint list

backport r22089 by siretart

Originally committed as revision 22090 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agobump LIBAVCODEC_VERSION_MICRO for addition of the lock manager API
Reinhard Tartler [Sat, 27 Feb 2010 10:01:45 +0000 (10:01 +0000)]
bump LIBAVCODEC_VERSION_MICRO for addition of the lock manager API

As discussed with Diego, we'll go for bumping micro in 0.5 and will
consider adding a RELEASEVERSION macro for trunk and 0.6 seperatly

Originally committed as revision 22087 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoAvoid divisions by 0 in the ASF demuxer if packet_size is not valid.
Reinhard Tartler [Fri, 26 Feb 2010 15:49:52 +0000 (15:49 +0000)]
Avoid divisions by 0 in the ASF demuxer if packet_size is not valid.

r19330 by reimar

Originally committed as revision 22080 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agofix the remaining ogv segfaults from issue 1240.
Reinhard Tartler [Fri, 26 Feb 2010 14:32:27 +0000 (14:32 +0000)]
fix the remaining ogv segfaults from issue 1240.

First commit:

Make decode_init fail if the huffman tables are invalid and thus init_vlc fails.
Otherwise this will crash during decoding because the vlc tables are NULL.
Partially fixes ogv/smclock.ogv.1.101.ogv from issue 1240.

backport r19355 by reimar

Second commit:

Add extra validation checks to ff_vorbis_len2vlc.
They should not be necessary, but it seems like a reasonable precaution.

r19374 by reimar

Originally committed as revision 22076 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoMake sure we dont read over the end.
Reinhard Tartler [Fri, 26 Feb 2010 10:56:46 +0000 (10:56 +0000)]
Make sure we dont read over the end.
Fixes issue1237.

backport r19322 by michael

Originally committed as revision 22074 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agobackport libx264.c from trunk
Reinhard Tartler [Wed, 24 Feb 2010 22:40:10 +0000 (22:40 +0000)]
backport libx264.c from trunk

now compiles with x264 API versions 65 up to 85

patch prepared by darkshikari

Originally committed as revision 22042 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agomisc. manpage updates, fixes LP: #501729, Debian: #570050
Reinhard Tartler [Tue, 16 Feb 2010 23:04:10 +0000 (23:04 +0000)]
misc. manpage updates, fixes LP: #501729, Debian: #570050

Update ffmpeg documentation regarding metadata setting. -title,
-author, -copyright, -track, -album, and -year options have been
dropped in favor of -metadata.
Add an explanation and complete the metadata usage example.

backported revisions r19285, r19287 and r19320 by stefano.

Originally committed as revision 21858 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agocosmetics: K&R coding style, prettyprinting
Reinhard Tartler [Mon, 15 Feb 2010 12:45:14 +0000 (12:45 +0000)]
cosmetics: K&R coding style, prettyprinting

backported r20083 by diego

This commit does not introduce functional changes.  It was applied in
order to faciliate reviewing the proposed libx264.c backport

Originally committed as revision 21832 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoFix crash in MLP decoder due to integer overflow.
Reinhard Tartler [Thu, 11 Feb 2010 21:03:30 +0000 (21:03 +0000)]
Fix crash in MLP decoder due to integer overflow.
Probably only DoS, init_get_bits sets buffer to NULL, thus causing a
NULL-dereference directly after.

backport r21426 by reimar

Originally committed as revision 21759 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoMake sure the block array is of the correct size.
Reinhard Tartler [Thu, 11 Feb 2010 20:57:49 +0000 (20:57 +0000)]
Make sure the block array is of the correct size.
This might have been exploitable.

backported r18393 by michael

Originally committed as revision 21758 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoFix crash when max_ref_frames was out of range.
Reinhard Tartler [Thu, 11 Feb 2010 16:22:59 +0000 (16:22 +0000)]
Fix crash when max_ref_frames was out of range.
This might have been exploitable.
Fixes first crash of issue840.

backport r18388 by michael

Originally committed as revision 21757 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoreverting objected hunks from previous commit
Reinhard Tartler [Thu, 11 Feb 2010 11:52:59 +0000 (11:52 +0000)]
reverting objected hunks from previous commit

as discussed with diego on irc, the spurious newline deletion and the
LIBAVCODEC_VERSION_MINOR bump are being reverted based on comments on
ffmpeg-cvslog by ramiro, uoti and michael.

See http://comments.gmane.org/gmane.comp.video.ffmpeg.cvs/28112 for the
full context.

Originally committed as revision 21755 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoAdd a lock manager API to libavcodec.
Reinhard Tartler [Tue, 9 Feb 2010 20:28:42 +0000 (20:28 +0000)]
Add a lock manager API to libavcodec.

Allows an application to register a callback that manages mutexes
on behalf of FFmpeg.
With this callback registered FFmpeg is fully thread safe.

backport r19025 by andoma

NB: This is a feature backport with little regression potential. It was
requested at FOSDEM 2010 by ben@geexbox.org for use by geexbox and the
enna mediacenter in the upcoming debian/squeeze and ubuntu/lucid
release.

Approved by DonDiego on #ffmpeg-devel

Originally committed as revision 21731 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck submap indexes.
Google Chrome [Tue, 9 Feb 2010 19:59:11 +0000 (19:59 +0000)]
Check submap indexes.
10_vorbis_submap_indexes.patch by chrome.
I am applying this even though Reimar had some comments to improve it as it fixes
a serious security issue and I do not want to leave such things unfixed.

backport r20001 by michael

Originally committed as revision 21730 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck begin/end/partition_size.
Google Chrome [Tue, 9 Feb 2010 19:54:42 +0000 (19:54 +0000)]
Check begin/end/partition_size.
23_vorbis_sane_partition.patch by chrome.
Also this should be better documented but i prefer not to leave potential
security issues open due to missing documentation.

r19996 by michael

Originally committed as revision 21729 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck res_setup->books.
Google Chrome [Tue, 9 Feb 2010 19:52:27 +0000 (19:52 +0000)]
Check  res_setup->books.
15_more_residue_book_indexes.patch by chrome.

r19992 by michael

Originally committed as revision 21728 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck masterbook index and subclass book index.
Google Chrome [Tue, 9 Feb 2010 19:50:47 +0000 (19:50 +0000)]
Check masterbook index and subclass book index.
14_floor_masterbook_index.patch by chrome

r19991 by michael

Originally committed as revision 21727 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoAdd checks for per-packet mode indexes and per-header mode mapping indexes.
Google Chrome [Tue, 9 Feb 2010 19:49:28 +0000 (19:49 +0000)]
Add checks for per-packet mode indexes and per-header mode mapping indexes.
12_vorbis_mode_indexes.patch by chrome
maybe exploitable

r19990 by michael

Originally committed as revision 21726 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck classbook value.
Google Chrome [Tue, 9 Feb 2010 19:47:42 +0000 (19:47 +0000)]
Check classbook value.
11_vorbis_residue_book_index.patch by chrome.

r19989 by michael

Originally committed as revision 21725 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoFix book_idx check.
Google Chrome [Tue, 9 Feb 2010 19:46:22 +0000 (19:46 +0000)]
Fix book_idx check.
25_vorbis_floor0_index.patch by chrome.

backport r19984 by michael

Originally committed as revision 21724 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoSanity checks for magnitude and angle.
Google Chrome [Tue, 9 Feb 2010 19:45:16 +0000 (19:45 +0000)]
Sanity checks for magnitude and angle.
26_vorbis_mag_angle_index.patch by chrome

backport r19983 by michael

Originally committed as revision 21723 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years ago= -> == typo.
Google Chrome [Tue, 9 Feb 2010 19:44:06 +0000 (19:44 +0000)]
= -> == typo.
27_vorbis_residue_loop_error.patch by chrome

backport r19982 by michael

Originally committed as revision 21722 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck dimensions against 0 too.
Reinhard Tartler [Tue, 9 Feb 2010 19:42:30 +0000 (19:42 +0000)]
Check dimensions against 0 too.
39_vorbis_zero_dims.patch from chrome

backport r19976 by michael

Originally committed as revision 21721 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoMake sure that all memory allocations succeed.
Reinhard Tartler [Tue, 9 Feb 2010 19:31:04 +0000 (19:31 +0000)]
Make sure that all memory allocations succeed.
Based on 28_theora_malloc_checks.patch from the Google Chrome team.

backport r20008 by melanson

Originally committed as revision 21720 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoFix init_get_bits() buffer size.
Google Chrome [Tue, 9 Feb 2010 19:26:47 +0000 (19:26 +0000)]
Fix init_get_bits() buffer size.
18_fix_theora_header_bit_len.patch by chrome

backport r19993 by michael

Originally committed as revision 21719 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoSet data_size to 0 to avoid having it uninitialized.
Reinhard Tartler [Tue, 9 Feb 2010 19:22:19 +0000 (19:22 +0000)]
Set data_size to 0 to avoid having it uninitialized.
based on 31_mp3_outlen.patch by chrome.

backported r19988 by michael

Originally committed as revision 21718 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

9 years agoCheck data_size in decode_frame_mp3on4().
Reinhard Tartler [Tue, 9 Feb 2010 19:20:25 +0000 (19:20 +0000)]
Check data_size in decode_frame_mp3on4().

backported r19987 by michael

Originally committed as revision 21717 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5