ffmpeg.git
5 years agoavcodec/jpeglsdec: check err value for ls_get_code_runterm() n0.10.10
Michael Niedermayer [Wed, 30 Oct 2013 22:27:28 +0000 (23:27 +0100)]
avcodec/jpeglsdec: check err value for ls_get_code_runterm()

Fixes infinite loop
Fixes Ticket3086

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cc0e47b55096361723b364afa43b79a3f5619cdc)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavfilter/ff_insert_pad: fix order of operations
Michael Niedermayer [Mon, 21 Oct 2013 14:21:14 +0000 (16:21 +0200)]
avfilter/ff_insert_pad: fix order of operations

Fixes out of bounds access
Fixes CID732170
Fixes CID732169

No filter is known to use this function in a way so the issue can be reproduced.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ab2bfb85d49b2f8aa505816f93e75fd18ad0a361)

Conflicts:

libavfilter/avfilter.c
(cherry picked from commit 86591b244f3a27293153896813f5569b49b2f5c0)

Conflicts:

libavfilter/avfilter.c
(cherry picked from commit 400c4f8fa3fd58951dc3f356b2b00484e3363694)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoupdate for 0.10.10
Michael Niedermayer [Mon, 4 Nov 2013 19:07:44 +0000 (20:07 +0100)]
update for 0.10.10

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 18:44:53 +0000 (19:44 +0100)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8:
  Changelog for 0.8.9

Conflicts:
Changelog

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'd2f4846591727fedcc2b452b688da8da09ee8305' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 18:34:04 +0000 (19:34 +0100)]
Merge commit 'd2f4846591727fedcc2b452b688da8da09ee8305' into release/0.10

* commit 'd2f4846591727fedcc2b452b688da8da09ee8305':
  Prepare for 0.8.7 Release
  x86: fft: Remove 3DNow! optimizations, they break FATE
  x86: ac3dsp: Drop mmx variant of ac3_max_msb_abs_int16

Conflicts:
RELEASE
libavcodec/x86/fft_3dn.c
libavcodec/x86/fft_3dn2.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '2ed8a550da524434deb3b89f7ec62ed833bedac5' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 18:18:56 +0000 (19:18 +0100)]
Merge commit '2ed8a550da524434deb3b89f7ec62ed833bedac5' into release/0.10

* commit '2ed8a550da524434deb3b89f7ec62ed833bedac5':
  aac: Check init_get_bits return value
  aac: return meaningful errors
  dsicinav: K&R formatting cosmetics

Conflicts:
libavcodec/dsicinav.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '86d0bf0e96bf917e283d24239ce0eed08351da86' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 18:07:21 +0000 (19:07 +0100)]
Merge commit '86d0bf0e96bf917e283d24239ce0eed08351da86' into release/0.10

* commit '86d0bf0e96bf917e283d24239ce0eed08351da86':
  mov: Seek back if overreading an individual atom
  vcr1: add sanity checks
  pictordec: pass correct context to avpriv_request_sample
  dsicinav: Clip the source size to the expected maximum
  alsdec: Clean up error paths
  ogg: Fix potential infinite discard loop
  nuv: check rtjpeg_decode_frame_yuv420 return value

Conflicts:
libavcodec/pictordec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'abb41f19cc10fea09fb16d9ecc9967b2a78cf7b0' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 18:01:17 +0000 (19:01 +0100)]
Merge commit 'abb41f19cc10fea09fb16d9ecc9967b2a78cf7b0' into release/0.10

* commit 'abb41f19cc10fea09fb16d9ecc9967b2a78cf7b0':
  nuv: Reset the frame on resize
  nuv: Use av_fast_realloc
  nuv: return meaningful error codes.

Conflicts:
libavcodec/nuv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '36fc320747a768335ae4538a24a5739033b7eb74' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 17:50:00 +0000 (18:50 +0100)]
Merge commit '36fc320747a768335ae4538a24a5739033b7eb74' into release/0.10

* commit '36fc320747a768335ae4538a24a5739033b7eb74':
  nuv: Pad the lzo outbuf
  nuv: Do not ignore lzo decompression failures
  oma: correctly mark and decrypt partial packets
  oma: check geob tag boundary

Conflicts:
libavcodec/nuv.c
libavformat/omadec.c
tests/ref/fate/nuv

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'e930b112d14d7acd050d5087d11b6dd4c56a8e4e' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 17:04:22 +0000 (18:04 +0100)]
Merge commit 'e930b112d14d7acd050d5087d11b6dd4c56a8e4e' into release/0.10

* commit 'e930b112d14d7acd050d5087d11b6dd4c56a8e4e':
  oma: refactor seek function
  8bps: Bound-check the input buffer
  rtmp: Do not misuse memcmp

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '067713f15989dd0b8c0888a3b43fd193819a1058' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 17:00:15 +0000 (18:00 +0100)]
Merge commit '067713f15989dd0b8c0888a3b43fd193819a1058' into release/0.10

* commit '067713f15989dd0b8c0888a3b43fd193819a1058':
  rtmp: rename data_size to size
  lavc: set the default rc_initial_buffer_occupancy
  4xm: Reject not a multiple of 16 dimension

Conflicts:
avconv.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '12dc01bb1f07112cd7eb31e183d75cb3c0fb92ca' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 16:51:21 +0000 (17:51 +0100)]
Merge commit '12dc01bb1f07112cd7eb31e183d75cb3c0fb92ca' into release/0.10

* commit '12dc01bb1f07112cd7eb31e183d75cb3c0fb92ca':
  4xm: do not overread the prestream buffer

Conflicts:
libavcodec/4xm.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'cd9b0bb07a66d3299bd62922e9dfa742219abe79' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 16:33:44 +0000 (17:33 +0100)]
Merge commit 'cd9b0bb07a66d3299bd62922e9dfa742219abe79' into release/0.10

* commit 'cd9b0bb07a66d3299bd62922e9dfa742219abe79':
  4xm: validate the buffer size before parsing it
  indeo: Do not reference mismatched tiles
  indeo: Sanitize ff_ivi_init_planes fail paths

Conflicts:
libavcodec/4xm.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'a0b8f85f29883f538a32593bc3c6f712c972ff70' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 15:40:55 +0000 (16:40 +0100)]
Merge commit 'a0b8f85f29883f538a32593bc3c6f712c972ff70' into release/0.10

* commit 'a0b8f85f29883f538a32593bc3c6f712c972ff70':
  indeo: Bound-check before applying motion compensation
  indeo: Bound-check before applying transform
  indeo: reject negative array indexes
  indeo: Cosmetic formatting

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'c5da487a38f93b981c4933d4e0b09c49c319fbb7' into release/0.10
Michael Niedermayer [Mon, 4 Nov 2013 15:10:43 +0000 (16:10 +0100)]
Merge commit 'c5da487a38f93b981c4933d4e0b09c49c319fbb7' into release/0.10

* commit 'c5da487a38f93b981c4933d4e0b09c49c319fbb7':
  indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
  indeo: Refactor ff_ivi_dec_huff_desc

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoChangelog for 0.8.9
Reinhard Tartler [Sat, 2 Nov 2013 14:31:35 +0000 (10:31 -0400)]
Changelog for 0.8.9

5 years agoPrepare for 0.8.7 Release
Reinhard Tartler [Sat, 2 Nov 2013 14:17:43 +0000 (10:17 -0400)]
Prepare for 0.8.7 Release

5 years agox86: fft: Remove 3DNow! optimizations, they break FATE
Diego Biurrun [Wed, 30 Oct 2013 18:19:44 +0000 (19:19 +0100)]
x86: fft: Remove 3DNow! optimizations, they break FATE

5 years agox86: ac3dsp: Drop mmx variant of ac3_max_msb_abs_int16
Diego Biurrun [Tue, 29 Oct 2013 02:02:22 +0000 (03:02 +0100)]
x86: ac3dsp: Drop mmx variant of ac3_max_msb_abs_int16

The function accidentally uses mmxext instructions, so it causes sigill
on mmx-only CPUs and provides no benefit on CPUs with mmxext available.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoaac: Check init_get_bits return value
Luca Barbato [Sun, 4 Aug 2013 13:00:02 +0000 (15:00 +0200)]
aac: Check init_get_bits return value

Some code paths can call it with invalid length.

CC: libav-stable@libav.org
(cherry picked from commit 71953ebcf94fe4ef316cdad1f276089205dd1d65)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agomov: Seek back if overreading an individual atom
Martin Storsjö [Mon, 15 Jul 2013 12:59:50 +0000 (15:59 +0300)]
mov: Seek back if overreading an individual atom

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5b4eb243bce10a3e8345401a353749e0414c54ca)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/mov.c

5 years agoaac: return meaningful errors
Luca Barbato [Mon, 6 May 2013 23:29:36 +0000 (01:29 +0200)]
aac: return meaningful errors

(cherry picked from commit 07c52e2c7c60b087fd023cd9771778973def0b33)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/aacdec.c

5 years agovcr1: add sanity checks
Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]
vcr1: add sanity checks

Fixes invalid reads with corrupted files.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 8aba7968dd604aae91ee42cbce0be3dad7dceb30)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/vcr1.c

5 years agodsicinav: K&R formatting cosmetics
Luca Barbato [Fri, 19 Jul 2013 19:05:44 +0000 (21:05 +0200)]
dsicinav: K&R formatting cosmetics

(cherry picked from commit fcae3ff124ee97c9265e3b93f3d41238b2aee9bd)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/dsicinav.c

5 years agopictordec: pass correct context to avpriv_request_sample
Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]
pictordec: pass correct context to avpriv_request_sample

Fixes invalid reads.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry-picked from commit fe9bb61f9a16be19ad91875632c39e44b7a99a8a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/pictordec.c

5 years agodsicinav: Clip the source size to the expected maximum
Luca Barbato [Fri, 19 Jul 2013 19:34:21 +0000 (21:34 +0200)]
dsicinav: Clip the source size to the expected maximum

A packet larger than cin->bitmap_size does not make sense.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd8189932147a524fe43532b46baa35e8be92a1b)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/dsicinav.c

5 years agoalsdec: Clean up error paths
Luca Barbato [Fri, 12 Jul 2013 21:38:02 +0000 (23:38 +0200)]
alsdec: Clean up error paths

Fix at least a memory leak.

CC: libav-stable@libav.org
(cherry picked from commit ca488ad480360dfafcb5766f7bfbb567a0638979)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/alsdec.c

5 years agoogg: Fix potential infinite discard loop
Reimar Döffinger [Sun, 18 Aug 2013 15:40:51 +0000 (17:40 +0200)]
ogg: Fix potential infinite discard loop

Seeking in certain broken files would cause ogg_read_timestamp
to fail because ogg_packet would go into a state where all packets
of stream 1 would be discarded until the end of the stream.

Bug-Id: 553
CC: libav-stable@libav.org
Signed-off-by: Jan Gerber <j@v2v.cc>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 9a27acae9e6b7d0bf74c5b878af9c42495a546f3)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/oggdec.c

5 years agoavformat/utils: do not override pts in h264 when they are provided from the demuxer
Michael Niedermayer [Sat, 26 Oct 2013 23:03:19 +0000 (01:03 +0200)]
avformat/utils: do not override pts in h264 when they are provided from the demuxer

Fixes Ticket2143

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e5271a9fd6ddcceb083f2185a4bbd8d44c9a813)

5 years agoavcodec/h264: reduce noisiness of "mmco: unref short failure"
Michael Niedermayer [Fri, 25 Oct 2013 18:03:29 +0000 (20:03 +0200)]
avcodec/h264: reduce noisiness of "mmco: unref short failure"

Do not consider it an error if we have no frames and should discard one.
This condition can easily happen when decoding is started from an I frame

Fixes Ticket2811

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08a89761964bdd0a023eff6d37a1131fb7e1d7a0)

Conflicts:
libavcodec/h264_refs.c

5 years agoavcodec/h264_refs: modify key frame detection heuristic to detect more cases
Michael Niedermayer [Wed, 9 Oct 2013 21:52:54 +0000 (23:52 +0200)]
avcodec/h264_refs: modify key frame detection heuristic to detect more cases

Fixes Ticket2968

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ac6b6028f17b64723884c9fa72cfcbd369a1ba2)

Conflicts:
libavcodec/h264_refs.c

5 years agonuv: Reset the frame on resize
Luca Barbato [Tue, 13 Aug 2013 04:01:48 +0000 (06:01 +0200)]
nuv: Reset the frame on resize

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

5 years agonuv: Pad the lzo outbuf
Luca Barbato [Mon, 12 Aug 2013 09:34:06 +0000 (11:34 +0200)]
nuv: Pad the lzo outbuf

And properly update the buf_size with the correct size.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 075dbc185521f193c98b896cd63be3ec2613df5d)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

5 years agonuv: check rtjpeg_decode_frame_yuv420 return value
Luca Barbato [Sun, 11 Aug 2013 18:35:40 +0000 (20:35 +0200)]
nuv: check rtjpeg_decode_frame_yuv420 return value

CC: libav-stable@libav.org
(cherry picked from commit 85ac12587bfef970d0e0e4abc292df346daf8478)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

5 years agonuv: Use av_fast_realloc
Luca Barbato [Tue, 13 Aug 2013 05:01:40 +0000 (07:01 +0200)]
nuv: Use av_fast_realloc

The decompressed buffer can be used after codec_reinit, so it must be
preserved.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2df0776c2293efb0ac12c003843ce19332342e01)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

5 years agonuv: Do not ignore lzo decompression failures
Luca Barbato [Sun, 11 Aug 2013 22:16:12 +0000 (00:16 +0200)]
nuv: Do not ignore lzo decompression failures

Update the fate reference since the last broken frame is not decoded
anymore.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit aae159a7cc4df7d0521901022b778c9da251c24e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

5 years agonuv: return meaningful error codes.
Anton Khirnov [Sat, 17 Nov 2012 17:07:42 +0000 (18:07 +0100)]
nuv: return meaningful error codes.

(cherry picked from commit 3344f5cb747bb1f54cc34878b66dc0536f194720)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/nuv.c

5 years agooma: correctly mark and decrypt partial packets
Luca Barbato [Wed, 17 Apr 2013 19:19:23 +0000 (21:19 +0200)]
oma: correctly mark and decrypt partial packets

Incomplete crypted files would lead to a read after buffer boundary
otherwise.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2219e27b5b17d146e4ab71a3ed86dfc013fb7a93)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c

5 years agooma: check geob tag boundary
Luca Barbato [Wed, 17 Apr 2013 19:07:09 +0000 (21:07 +0200)]
oma: check geob tag boundary

Prevent read after buffer boundary on corrupted tag.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9d0b45ade864f3d2ccd8610149fe1fff53c4e937)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c

5 years agooma: refactor seek function
Luca Barbato [Sat, 4 May 2013 05:40:09 +0000 (07:40 +0200)]
oma: refactor seek function

Properly propagate seek errors from avio and the generic pcm seek.

(cherry picked from commit 4f03a77e52596cbe9ec179666ddb3e0345a8133a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c

5 years agortmp: rename data_size to size
Luca Barbato [Wed, 9 Oct 2013 02:30:14 +0000 (22:30 -0400)]
rtmp: rename data_size to size

(cherry picked from commit ba5393a609c723ec8ab7f9727c10fef734c09278)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/rtmppkt.c
libavformat/rtmpproto.c

5 years ago8bps: Bound-check the input buffer
Luca Barbato [Mon, 22 Jul 2013 21:26:05 +0000 (23:26 +0200)]
8bps: Bound-check the input buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit bd7b4da0f4627bb6c4a7c2575da83fe6b261a21c)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/8bps.c

5 years agortmp: Do not misuse memcmp
Luca Barbato [Thu, 8 Aug 2013 17:44:19 +0000 (19:44 +0200)]
rtmp: Do not misuse memcmp

CC: libav-stable@libav.org
(cherry picked from commit 5718e3487ba3b26aba341070be0b6b0b4de45ea3)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/rtmppkt.h
libavformat/rtmpproto.c

5 years agolavc: set the default rc_initial_buffer_occupancy
Luca Barbato [Mon, 14 Jan 2013 04:32:38 +0000 (05:32 +0100)]
lavc: set the default rc_initial_buffer_occupancy

rc_buffer_size is not set before.

Solve the initial the rate control underflow issue reported in
bug 222.

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit bff3607547fdbb6e32b3830a351e6a33280c1e0d)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years ago4xm: Reject not a multiple of 16 dimension
Luca Barbato [Mon, 22 Jul 2013 10:44:19 +0000 (12:44 +0200)]
4xm: Reject not a multiple of 16 dimension

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2f034f255c49050e894ab9b88087c09ebe249f3f)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years ago4xm: do not overread the prestream buffer
Luca Barbato [Fri, 7 Jun 2013 14:18:22 +0000 (16:18 +0200)]
4xm: do not overread the prestream buffer

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit be373cb50d3c411366fec7eef2eb3681abe48f96)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years ago4xm: validate the buffer size before parsing it
Luca Barbato [Fri, 7 Jun 2013 14:16:46 +0000 (16:16 +0200)]
4xm: validate the buffer size before parsing it

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit de2e5777e225e75813daf2373c95e223651fd89a)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo: Do not reference mismatched tiles
Luca Barbato [Sun, 14 Jul 2013 14:49:43 +0000 (16:49 +0200)]
indeo: Do not reference mismatched tiles

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f9e5261cab067be7278f73d515bc9b601eb56202)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo: Sanitize ff_ivi_init_planes fail paths
Luca Barbato [Sun, 14 Jul 2013 13:48:17 +0000 (15:48 +0200)]
indeo: Sanitize ff_ivi_init_planes fail paths

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 28dda8a691f1c723a4a9365ab85f9625f1330096)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo: Bound-check before applying motion compensation
Luca Barbato [Sun, 14 Jul 2013 12:06:16 +0000 (14:06 +0200)]
indeo: Bound-check before applying motion compensation

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 25a6666f6c07c6ac8449a63d7fbce0dfd29c54cd)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo: Bound-check before applying transform
Luca Barbato [Fri, 12 Jul 2013 12:33:24 +0000 (14:33 +0200)]
indeo: Bound-check before applying transform

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dc79685195a45c9b8b17d7b93d118e0aefa45462)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/ivi_common.c

5 years agoindeo: reject negative array indexes
Luca Barbato [Wed, 3 Jul 2013 12:55:50 +0000 (14:55 +0200)]
indeo: reject negative array indexes

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 6a10142faa1cca8ba2bfe51b970754f62d60f320)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo: Cosmetic formatting
Luca Barbato [Wed, 3 Jul 2013 12:01:32 +0000 (14:01 +0200)]
indeo: Cosmetic formatting

Trim some overly long lines.

(cherry picked from commit 6dfacd7ab126aea1392949d1aa10fdc3d3eeb911)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/ivi_common.c

5 years agoindeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks
Luca Barbato [Wed, 3 Jul 2013 11:59:16 +0000 (13:59 +0200)]
indeo: Refactor ff_ivi_init_tiles and ivi_decode_blocks

Spin large and mostly self contained blocks into stand alone
functions.

(cherry picked from commit 62256010e9bc8879e2bf7f3b94af8ff85e239082)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo: Refactor ff_ivi_dec_huff_desc
Luca Barbato [Wed, 3 Jul 2013 10:58:40 +0000 (12:58 +0200)]
indeo: Refactor ff_ivi_dec_huff_desc

Spare an indentation level.

(cherry picked from commit f6f36ca8ca1b2526d3abff7d7c627322d3bce912)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agovc1dec: Do not use random pred_flag if motion vector data is skipped n0.10.9
Mashiat Sarker Shakkhar [Sun, 15 Jul 2012 01:37:10 +0000 (07:37 +0600)]
vc1dec: Do not use random pred_flag if motion vector data is skipped

This fixes SA10143.vc1 from test-suite. Also partially fixes MC-VC1.ts
from videolan streams archive.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 082829520e2191625d3c41ed6ad0522e8d27ebe1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoupdate for 0.10.9
Michael Niedermayer [Thu, 26 Sep 2013 23:57:02 +0000 (01:57 +0200)]
update for 0.10.9

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec: add emuedge_linesize_type
Michael Niedermayer [Wed, 4 Sep 2013 12:22:20 +0000 (14:22 +0200)]
avcodec: add emuedge_linesize_type

Currently all uses of the emu edge code as well as the code itself
assume int linesize
changing some but not changing all would introduce a security issue
once all use this typedef a simple search and replace can be
done to switch them all to ptrdiff_t

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2ffead98ddd384f61cdf6b1cb3f36592f54cd34a)

Conflicts:

libavcodec/mpegvideo_common.h
libavcodec/videodsp.h
libavcodec/videodsp_template.c
libavcodec/x86/videodsp_init.c

5 years agoavcodec/ffv1enc: update buffer check for 16bps
Michael Niedermayer [Mon, 9 Sep 2013 15:58:18 +0000 (17:58 +0200)]
avcodec/ffv1enc: update buffer check for 16bps

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3728603f1854b5c79d1a64dd3b41b80640ef1e7f)

Conflicts:

libavcodec/ffv1enc.c
(cherry picked from commit c900c6e5c26cd86cf34f9c8d4347cedbd01f3935)

5 years agoavcodec/truemotion2: Fix av_freep arguments
Michael Niedermayer [Sun, 8 Sep 2013 18:27:54 +0000 (20:27 +0200)]
avcodec/truemotion2: Fix av_freep arguments

Fixes null pointer dereference
Fixes Ticket2944

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c54aa2fb0f869ec025933944cbd1634fffe95d09)

Conflicts:

libavcodec/truemotion2.c

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/mjpegdec: Add some sanity checks to ljpeg_decode_rgb_scan()
Michael Niedermayer [Wed, 4 Sep 2013 22:36:44 +0000 (00:36 +0200)]
avcodec/mjpegdec: Add some sanity checks to ljpeg_decode_rgb_scan()

These prevent the rgb ljpeg code from being run on parameters that it doesnt
support. No testcase available but it seems possible to trigger these.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61c68000eda643dfce96dc46b488d39fd5c4e309)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/dsputil: fix signedness in sizeof() comparissions
Michael Niedermayer [Fri, 30 Aug 2013 21:40:47 +0000 (23:40 +0200)]
avcodec/dsputil: fix signedness in sizeof() comparissions

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 454a11a1c9c686c78aa97954306fb63453299760)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/pngdsp: fix (un)signed type in end comparission
Michael Niedermayer [Fri, 30 Aug 2013 21:14:32 +0000 (23:14 +0200)]
avcodec/pngdsp: fix (un)signed type in end comparission

Fixes out of array accesses
Fixes Ticket2919

Found_by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 86736f59d6a527d8bc807d09b93f971c0fe0bb07)

Conflicts:

libavcodec/pngdsp.c

5 years agomatroska_read_seek: Fix used streams for subtitle index compensation
Michael Niedermayer [Mon, 20 May 2013 02:00:30 +0000 (04:00 +0200)]
matroska_read_seek: Fix used streams for subtitle index compensation

Might fix Ticket1907 (I have no testcase so i cant test)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4758e32a6c48044f77102a49110c79b4f338f648)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agojpeg2000: check log2_cblk dimensions
Michael Niedermayer [Sat, 24 Aug 2013 01:19:40 +0000 (03:19 +0200)]
jpeg2000: check log2_cblk dimensions

Fixes out of array access
Fixes Ticket2895

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9a271a9368eaabf99e6c2046103acb33957e63b7)

Conflicts:

libavcodec/jpeg2000dec.c

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:

libavcodec/j2kdec.c

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/rpza: Perform pointer advance and checks before using the pointers
Michael Niedermayer [Wed, 21 Aug 2013 23:07:32 +0000 (01:07 +0200)]
avcodec/rpza: Perform pointer advance and checks before using the pointers

Fixes out of array accesses
Fixes Ticket2850

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3819db745da2ac7fb3faacb116788c32f4753f34)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/flashsv: check diff_start/height
Michael Niedermayer [Tue, 20 Aug 2013 21:18:48 +0000 (23:18 +0200)]
avcodec/flashsv: check diff_start/height

Fixes out of array accesses
Fixes Ticket2844

Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 880c73cd76109697447fbfbaa8e5ee5683309446)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/parser: reset indexes on realloc failure
Michael Niedermayer [Thu, 26 Sep 2013 19:03:48 +0000 (21:03 +0200)]
avcodec/parser: reset indexes on realloc failure

Fixes Ticket2982

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f31011e9abfb2ae75bb32bc44e2c34194c8dc40a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge remote-tracking branch 'qatar/release/0.8' into release/0.10
Michael Niedermayer [Wed, 25 Sep 2013 22:27:29 +0000 (00:27 +0200)]
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10

* qatar/release/0.8:
  lavf: fix the comparison in an overflow check

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'b0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7' into release/0.10
Michael Niedermayer [Wed, 25 Sep 2013 22:18:12 +0000 (00:18 +0200)]
Merge commit 'b0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7' into release/0.10

* commit 'b0ca5fef09d1b1268ea0c8f89bf53cd38aaa85e7':
  dv: Add a guard to not overread the ppcm array
  mpegvideo: Avoid 32-bit wrapping of linesize multiplications
  mjpegb: Detect changing number of planes in interlaced video
  matroskadec: Check that .lang was allocated and set before reading it
  ape demuxer: check for EOF in potentially long loops
  lavf: avoid integer overflow when estimating bitrate
  pictordec: break out of both decoding loops when y drops below 0
  ac3: Return proper error codes

Conflicts:
libavcodec/pictordec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '37e69e2dee7c5167083bb42d669f73f038111a79' into release/0.10
Michael Niedermayer [Wed, 25 Sep 2013 21:35:30 +0000 (23:35 +0200)]
Merge commit '37e69e2dee7c5167083bb42d669f73f038111a79' into release/0.10

* commit '37e69e2dee7c5167083bb42d669f73f038111a79':
  ac3: Clean up the error paths
  ac3: Do not clash with normal AVERROR
  dxa: Make sure the reference frame exists
  h261: check the mtype index
  segafilm: Error out on impossible packet size
  ogg: Always alloc the private context in vorbis_header
  vc1: check mb_height validity.

Conflicts:
libavcodec/h261dec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '54e03863691dcae73260f70108b3731b70773e7c' into release/0.10
Michael Niedermayer [Wed, 25 Sep 2013 21:03:08 +0000 (23:03 +0200)]
Merge commit '54e03863691dcae73260f70108b3731b70773e7c' into release/0.10

* commit '54e03863691dcae73260f70108b3731b70773e7c':
  vc1: check the source buffer in vc1_mc functions
  bink: Bound check the quantization matrix.
  xl: Make sure the width is valid
  alsdec: Fix the clipping range
  dsicinav: Bound-check the source buffer when needed
  mov: Do not allow updating the time scale after it has been set
  ac3dec: Don't consume more data than the actual input packet size
  indeo: Reject impossible FRAMETYPE_NULL

Conflicts:
libavcodec/alsdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'e2dcb8208e8f6cffef58a85127765047f5ef8868' into release/0.10
Michael Niedermayer [Wed, 25 Sep 2013 20:54:54 +0000 (22:54 +0200)]
Merge commit 'e2dcb8208e8f6cffef58a85127765047f5ef8868' into release/0.10

* commit 'e2dcb8208e8f6cffef58a85127765047f5ef8868':
  indeo5: return proper error codes
  indeo4: Validate scantable dimension

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '06c52faef27e5bded4ceda7e6d1541f9fb20e84c' into release/0.10
Michael Niedermayer [Wed, 25 Sep 2013 20:30:06 +0000 (22:30 +0200)]
Merge commit '06c52faef27e5bded4ceda7e6d1541f9fb20e84c' into release/0.10

* commit '06c52faef27e5bded4ceda7e6d1541f9fb20e84c':
  indeo4: Check the quantization matrix index
  indeo4: Do not access missing reference MV

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agolavf: fix the comparison in an overflow check
Anton Khirnov [Wed, 4 Sep 2013 06:55:08 +0000 (08:55 +0200)]
lavf: fix the comparison in an overflow check

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 26f027fba1c5ab482fa2488fbe0fa36c8bb33b69)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agodv: Add a guard to not overread the ppcm array
Luca Barbato [Mon, 5 Aug 2013 20:15:24 +0000 (22:15 +0200)]
dv: Add a guard to not overread the ppcm array

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 7ee191cab0dc44700f26c5784e2adeb6a779651b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/dv.c

5 years agompegvideo: Avoid 32-bit wrapping of linesize multiplications
Martin Storsjö [Tue, 3 Sep 2013 22:36:51 +0000 (01:36 +0300)]
mpegvideo: Avoid 32-bit wrapping of linesize multiplications

This makes sure that linesize * start_y doesn't overflow, so that
emulated_edge_mc can get back the original value if needed.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a711a2cb473dc95708f371a82c85c97fe789b5c2)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agomjpegb: Detect changing number of planes in interlaced video
Michael Niedermayer [Sat, 10 Mar 2012 21:02:46 +0000 (22:02 +0100)]
mjpegb: Detect changing number of planes in interlaced video

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit af11fa5409cc72fc45ca7f3527400beca10967b9)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agomatroskadec: Check that .lang was allocated and set before reading it
Martin Storsjö [Tue, 3 Sep 2013 09:10:50 +0000 (12:10 +0300)]
matroskadec: Check that .lang was allocated and set before reading it

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5bcd3ae5b167fb74215520b01d5d810e0c8986ab)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoape demuxer: check for EOF in potentially long loops
Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]
ape demuxer: check for EOF in potentially long loops

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry-picked from commit 488b2984fece7ad0c2596826fee18e74aa904667)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agolavf: avoid integer overflow when estimating bitrate
Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]
lavf: avoid integer overflow when estimating bitrate

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit df33a58e5311ee9a64a573889b883a80e981af7b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agopictordec: break out of both decoding loops when y drops below 0
Anton Khirnov [Sat, 24 Aug 2013 19:30:46 +0000 (21:30 +0200)]
pictordec: break out of both decoding loops when y drops below 0

Otherwise picmemset can get called with negative y, resulting in an
invalid write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5f7aecde02a95451e514c809f2794c1deba80695)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoac3: Return proper error codes
Luca Barbato [Sat, 27 Jul 2013 08:16:35 +0000 (10:16 +0200)]
ac3: Return proper error codes

(cherry picked from commit b1f9cdc37ff5d5b391d2cd9af737ab4e5a0fc1c0)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoac3: Clean up the error paths
Luca Barbato [Sun, 28 Jul 2013 11:32:18 +0000 (13:32 +0200)]
ac3: Clean up the error paths

(cherry picked from commit 818d1f1a3e89d35213af0bd5dc4a772713951882)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoac3: Do not clash with normal AVERROR
Luca Barbato [Sun, 28 Jul 2013 11:26:12 +0000 (13:26 +0200)]
ac3: Do not clash with normal AVERROR

The parsing function return AVERROR and AAC_AC3_PARSE_ERROR values,
make sure they are not misunderstood.

(cherry picked from commit 6258d362b82934a2c27557e0984aed372d98091a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agodxa: Make sure the reference frame exists
Luca Barbato [Wed, 14 Aug 2013 14:51:53 +0000 (16:51 +0200)]
dxa: Make sure the reference frame exists

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5ef7c84a9374681c64722a96d91741f3b990af2b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/dxa.c

5 years agoh261: check the mtype index
Luca Barbato [Wed, 14 Aug 2013 14:57:21 +0000 (16:57 +0200)]
h261: check the mtype index

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit c59967fa7cc5bc2fa06b36c17d2c207240c06b3e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/h261dec.c

5 years agovc1: check the source buffer in vc1_mc functions
Luca Barbato [Mon, 5 Aug 2013 04:27:12 +0000 (06:27 +0200)]
vc1: check the source buffer in vc1_mc functions

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 090cd0631140ac1a3a795d2adfac5dbf5e381aa2)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/vc1dec.c

5 years agosegafilm: Error out on impossible packet size
Luca Barbato [Tue, 13 Aug 2013 05:40:38 +0000 (07:40 +0200)]
segafilm: Error out on impossible packet size

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5268bd2900effa59b51e0fede61aacde5e2f0b95)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoogg: Always alloc the private context in vorbis_header
Luca Barbato [Tue, 13 Aug 2013 05:28:41 +0000 (07:28 +0200)]
ogg: Always alloc the private context in vorbis_header

It is possible to have an initial broken header and then valid packets.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3562684db716d11de0b0dcc52748e9cd90d68132)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agovc1: check mb_height validity.
Luca Barbato [Mon, 5 Aug 2013 04:30:24 +0000 (06:30 +0200)]
vc1: check mb_height validity.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 43bacd5b7d3d265a77cd29d8abb131057796aecc)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agobink: Bound check the quantization matrix.
Luca Barbato [Sun, 4 Aug 2013 16:48:20 +0000 (18:48 +0200)]
bink: Bound check the quantization matrix.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 9991298f2c4d9022ad56057f15d037e18d454157)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoxl: Make sure the width is valid
Luca Barbato [Sun, 28 Jul 2013 16:24:15 +0000 (18:24 +0200)]
xl: Make sure the width is valid

CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoalsdec: Fix the clipping range
Luca Barbato [Fri, 12 Jul 2013 21:02:25 +0000 (23:02 +0200)]
alsdec: Fix the clipping range

mcc_weightings is only 32 elements.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 70ecc175c7b513a153ac87d1c5d219556ca55070)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agodsicinav: Bound-check the source buffer when needed
Luca Barbato [Fri, 19 Jul 2013 19:09:40 +0000 (21:09 +0200)]
dsicinav: Bound-check the source buffer when needed

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit dd0bfc3a6a310e3e3674ce7742672d689a9a0e93)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agomov: Do not allow updating the time scale after it has been set
Martin Storsjö [Mon, 15 Jul 2013 14:13:54 +0000 (17:13 +0300)]
mov: Do not allow updating the time scale after it has been set

The time scale is set in mdhd, and later validated in the
enclosing trak atom once all of its children have been parsed.

A loose mdhd atom outside of a trak atom could update the time
scale of the last stream without any validation.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 31931520df35a6f9606fe8293c8a39e2d1fabedf)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoac3dec: Don't consume more data than the actual input packet size
Martin Storsjö [Mon, 15 Jul 2013 08:28:46 +0000 (11:28 +0300)]
ac3dec: Don't consume more data than the actual input packet size

This was handled properly in the normal return case at the end
of the function, but not in this special case.

Returning a value larger than the input packet size can cause
problems for certain library users.

Returning the actual input buffer size unconditionally, since
it is not guaranteed that frame_size is set to a sensible
value at this point.

Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f24c12be7a3b3ea105e67bba9a867fe210a2333)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo: Reject impossible FRAMETYPE_NULL
Luca Barbato [Sun, 14 Jul 2013 16:16:56 +0000 (18:16 +0200)]
indeo: Reject impossible FRAMETYPE_NULL

A frame marked FRAMETYPE_NULL cannot be scalable and requires a
previous frame successfully decoded.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5b2a29552ca09edd4646b6aa1828b32912b7ab36)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo5: return proper error codes
Luca Barbato [Sun, 14 Jul 2013 12:41:56 +0000 (14:41 +0200)]
indeo5: return proper error codes

(cherry picked from commit b0eeb9d442e4b7e82f6797d74245434ea33110a5)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoindeo4: Validate scantable dimension
Luca Barbato [Fri, 12 Jul 2013 16:10:05 +0000 (18:10 +0200)]
indeo4: Validate scantable dimension

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit cd78e934c246d1b2510f8fba0abfe40bb75795f6)

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>