ffmpeg.git
7 years agodsp: fix diff_bytes_mmx() with small width n0.5.9
Michael Niedermayer [Sat, 17 Mar 2012 19:45:45 +0000 (20:45 +0100)]
dsp: fix diff_bytes_mmx() with small width

Fixes Ticket1068

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 73089eccd3e48539555349b36d8aabbf1cea416e)

7 years agommdemux: dont set pkt->size to an invalid value.
Michael Niedermayer [Thu, 22 Mar 2012 23:49:00 +0000 (00:49 +0100)]
mmdemux: dont set pkt->size to an invalid value.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0c97fd336e17535239ab44d755a0d957dc2688f3)

7 years agoh261: check mtype.
Michael Niedermayer [Fri, 2 Mar 2012 14:58:14 +0000 (15:58 +0100)]
h261: check mtype.

Fixes out of array read

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec3cd74f2dab8e3e8234ccb994132b23d3098585)

7 years ago4xmdemux: Check chunk size
Michael Niedermayer [Mon, 16 Apr 2012 12:30:33 +0000 (14:30 +0200)]
4xmdemux: Check chunk size

Fixes over reading the header array

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 474e31c904f766b6989fe614c3fb093e697c847f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agofix release number
Michael Niedermayer [Fri, 11 May 2012 20:37:20 +0000 (22:37 +0200)]
fix release number

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Fri, 11 May 2012 20:02:11 +0000 (22:02 +0200)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  Bump version number for 0.5.8 release.
  Release notes and changelog for 0.5.7
  vqavideo: return error if image size is not a multiple of block size
  motionpixels: Clip YUV values after applying a gradient.
  mjpegbdec: Fix overflow in SOS.
  atrac3: Fix crash in tonal component decoding.
  dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
  dv: Fix null pointer dereference due to ach=0
  dv: check stype
  nsvdec: Propagate errors
  nsvdec: Be more careful with av_malloc().
  nsvdec: Fix use of uninitialized streams.

Conflicts:
libavcodec/atrac3.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoBump version number for 0.5.8 release.
Reinhard Tartler [Thu, 10 May 2012 18:21:51 +0000 (20:21 +0200)]
Bump version number for 0.5.8 release.

7 years agoRelease notes and changelog for 0.5.7
Reinhard Tartler [Thu, 10 May 2012 18:15:51 +0000 (20:15 +0200)]
Release notes and changelog for 0.5.7

7 years agovqavideo: return error if image size is not a multiple of block size
Mans Rullgard [Mon, 23 Apr 2012 12:16:33 +0000 (13:16 +0100)]
vqavideo: return error if image size is not a multiple of block size

The decoder assumes in various places that the image size
is a multiple of the block size, and there is no obvious
way to support odd sizes.  Bailing out early if the header
specifies a bad size avoids various errors later on.

Fixes CVE-2012-0947.

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit d5207e2af81580dd5e6277b354c8b459c3624f26)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit c71c77e56fcc6d469d45e1c8ce04aa053124d3f8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit c90da45d5a7a4045dbf22fba52c63ef55d207269)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agomotionpixels: Clip YUV values after applying a gradient.
Alex Converse [Wed, 2 May 2012 19:08:03 +0000 (12:08 -0700)]
motionpixels: Clip YUV values after applying a gradient.

Prevents illegal reads on truncated and malformed input.

CC: libav-stable@libav.org
(cherry picked from commit b5da848facd41169283d7bfe568b83bdfa7fc42e)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit aaa6a666774eb02c351c84e80622a5c69e9b642e)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 50073e2395522b6e2b8698ff0dd06ffaf8cbf8ce)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 2134e7f6e88959513ba1713ad6fd7a7c8d5a0f41)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agomjpegbdec: Fix overflow in SOS.
Alex Converse [Wed, 25 Jan 2012 21:39:24 +0000 (13:39 -0800)]
mjpegbdec: Fix overflow in SOS.

Based in part by a fix from Michael Niedermayer <michaelni@gmx.at>

Fixes CVE-2011-3947

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 083a8a00373b12dc06b8ae4c49eec61fb5e55f4b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 6ae95a0b93e8df15fe5f364535a7214be0817736)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 6ca010f20965ef71d97a53e871edae2eb9c05a5f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoatrac3: Fix crash in tonal component decoding.
Michael Niedermayer [Sat, 17 Dec 2011 02:18:58 +0000 (03:18 +0100)]
atrac3: Fix crash in tonal component decoding.

Add a check to avoid writing past the end of the channel_unit.components[]
array.

Bug Found by: cosminamironesei
Fixes CVE-2012-0853
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit f43b6e2b1ed47a1254a5d44c700a7fad5e9784be)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit f728ad26f0ec87650d2986a892785c0e2b97d161)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 224025d852dcc42f752c0922fef7121808d1e42f)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agodv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
Alex Converse [Thu, 26 Jan 2012 23:08:26 +0000 (15:08 -0800)]
dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.

Found with asan.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 00fa6ffe1a0b252d6a81815e51f125225cd0b97a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit a8f4db0acd9b588ba33e3b8c0c21feea5916cfd1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agodv: Fix null pointer dereference due to ach=0
Michael Niedermayer [Tue, 24 Jan 2012 16:51:40 +0000 (17:51 +0100)]
dv: Fix null pointer dereference due to ach=0

dv: Fix null pointer dereference due to ach=0

Fixes part2 of CVE-2011-3929

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 44e182d41e3a73548f3f5e8445ec428d3846e6d6)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit b46141b0d1d7efb74dad172b7c1b52413441592f)

Conflicts:

libavformat/dv.c

7 years agodv: check stype
Michael Niedermayer [Tue, 24 Jan 2012 16:48:23 +0000 (17:48 +0100)]
dv: check stype

dv: check stype

Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit bb737d381f6d6413899a0697f426fb082eac66fc)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 38421f27b3899a930552750fe1e0dffd45b71b8e)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agonsvdec: Propagate errors
Alex Converse [Fri, 27 Jan 2012 01:23:09 +0000 (17:23 -0800)]
nsvdec: Propagate errors

Related to CVE-2011-3940.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5)

Conflicts:

libavformat/nsvdec.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 0100c4b1b0736e0f5b3c98f9b0ab8acbef574888)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 3253dd2b420583a7f10afa87e47b9cb73e950e2a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agonsvdec: Be more careful with av_malloc().
Alex Converse [Fri, 27 Jan 2012 01:21:46 +0000 (17:21 -0800)]
nsvdec: Be more careful with av_malloc().

Check results for av_malloc() and fix an overflow in one call.

Related to CVE-2011-3940.

Based in part on work from Michael Niedermayer.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit be524c186b50337db64d34a5726dfe3e8ea94f09)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 87007519c81c37d8a3de424de3db14078ae84333)

Conflicts:

libavformat/nsvdec.c

7 years agonsvdec: Fix use of uninitialized streams.
Michael Niedermayer [Tue, 24 Jan 2012 21:20:26 +0000 (22:20 +0100)]
nsvdec: Fix use of uninitialized streams.

Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b)

Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit 6a89b41d9780325ba6d89a37f2aeb925aa68e6a3)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 65beb8c1173906b0541442713cb29e8ba44c47ef)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 1edf848a81464afd514afbbbcb97b471d334e14a)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Mon, 2 Apr 2012 00:25:43 +0000 (02:25 +0200)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  id3v2: fix skipping extended header in id3v2.4

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoid3v2: fix skipping extended header in id3v2.4
Anton Khirnov [Sat, 31 Mar 2012 05:52:42 +0000 (07:52 +0200)]
id3v2: fix skipping extended header in id3v2.4

In v2.4, the length includes the length field itself.
(cherry picked from commit ddb4431208745ea270dce8fce4cba999f0ed4303)

Conflicts:

libavformat/id3v2.c

Signed-off-by: Anton Khirnov <anton@khirnov.net>
7 years agoupdate for 0.5.8 n0.5.8
Michael Niedermayer [Thu, 12 Jan 2012 21:19:09 +0000 (22:19 +0100)]
update for 0.5.8

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoatrac3: Fix crash in tonal component decoding.
Michael Niedermayer [Sat, 17 Dec 2011 02:18:58 +0000 (03:18 +0100)]
atrac3: Fix crash in tonal component decoding.
Fixes Ticket780
Bug Found by: cosminamironesei

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Thu, 12 Jan 2012 21:14:01 +0000 (22:14 +0100)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  Release notes and changelog for 0.5.7
  Bump version number for 0.5.7 release.
  vorbis: An additional defense in the Vorbis codec.
  vorbisdec: Fix decoding bug with channel handling

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoRelease notes and changelog for 0.5.7
Reinhard Tartler [Tue, 10 Jan 2012 21:22:05 +0000 (22:22 +0100)]
Release notes and changelog for 0.5.7

7 years agoBump version number for 0.5.7 release.
Reinhard Tartler [Tue, 10 Jan 2012 20:23:27 +0000 (21:23 +0100)]
Bump version number for 0.5.7 release.

7 years agovorbis: An additional defense in the Vorbis codec.
Chris Evans [Thu, 5 Jan 2012 20:25:41 +0000 (21:25 +0100)]
vorbis: An additional defense in the Vorbis codec.

Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit afb2aa537954db537d54358997b68f46561fd5a7)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit b0283ccb9e8945ce9e56f7c6ba0c676e7179d7a3)

Conflicts:

libavcodec/vorbis_dec.c
(cherry picked from commit a5e0afe3c936220a793db0cdae04bb228f1904e0)

Conflicts:

libavcodec/vorbis_dec.c

7 years agovorbisdec: Fix decoding bug with channel handling
Reinhard Tartler [Thu, 5 Jan 2012 20:40:18 +0000 (21:40 +0100)]
vorbisdec: Fix decoding bug with channel handling

Fixes Bug: #191
Chromium Bug: #101458
CVE-2011-3895

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit e6d527ff729e42d80e4756cab779ff4ad693631b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 97f23c72a3815739ab28e297ce60f943349f6939)

Conflicts:

libavcodec/vorbis_dec.c
(cherry picked from commit 42f0a6696889ba275aa2087b57fa99f7a97033a0)

Conflicts:

libavcodec/vorbis_dec.c

7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Sun, 8 Jan 2012 04:03:35 +0000 (05:03 +0100)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
  vorbis: Avoid some out-of-bounds reads
  vp3: fix oob read for negative tokens and memleaks on error.

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agomatroskadec: Fix a bug where a pointer was cached to an array that might later move...
Chris Evans [Thu, 5 Jan 2012 20:19:30 +0000 (21:19 +0100)]
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()

Fixes bug #190
Chromium bug #100492
related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry-picked from commit faaec4676cb4c7a2303d50df66c6290bc96a7657)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 1f625431e2bb9564760fba3ab8077ae07ce7c7a1)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 90a4a467477be8c292daa08a9516ee78ca0d517b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agovorbis: Avoid some out-of-bounds reads
Chris Evans [Thu, 5 Jan 2012 20:25:41 +0000 (21:25 +0100)]
vorbis: Avoid some out-of-bounds reads

Fixes Bug: #190
Chromium Bug: #100543
Related to CVE-2011-3893

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 57cd6d709565e84e84385f8f2a9641ca3fa718be)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 4a94678f1be4b7d47f862e9523ca3358255da5d4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 6d6254ba9fbb22260939c06db1faed5bbd295ad4)

Conflicts:

libavcodec/vorbis.c

7 years agovp3: fix oob read for negative tokens and memleaks on error.
Ronald S. Bultje [Sat, 29 Oct 2011 06:50:04 +0000 (23:50 -0700)]
vp3: fix oob read for negative tokens and memleaks on error.

(cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f)

Fixes: #189
Chromium-Bug: 101172,100465
CVE-2011-3892

Removed the parts that are related to multi-threading, which is not
included before 0.7.

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit c624935554332f8921a15265b8720f0c7b3c8cc2)

Conflicts:

libavcodec/vp3.c
(cherry picked from commit c9c7db0af2a0fc14764a07f0e61cebf11238e3c2)

Conflicts:

libavcodec/vp3.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoUpdate for 0.5.7 n0.5.7
Michael Niedermayer [Sun, 25 Dec 2011 20:43:56 +0000 (21:43 +0100)]
Update for 0.5.7

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Sun, 25 Dec 2011 19:19:13 +0000 (20:19 +0100)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  Release notes and changelog for 0.5.6

Conflicts:
RELEASE

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoRelease notes and changelog for 0.5.6
Reinhard Tartler [Sun, 25 Dec 2011 08:55:45 +0000 (09:55 +0100)]
Release notes and changelog for 0.5.6

7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Sat, 24 Dec 2011 23:53:49 +0000 (00:53 +0100)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  Bump version number for 0.5.6 release.
  svq1dec: call avcodec_set_dimensions() after dimensions changed.
  vmd: fix segfaults on corruped streams
  vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
  Plug some memory leaks in the VP6 decoder
  vp6: Reset the internal state when aborting key frames header parsing
  vp6: Fix illegal read.
  vp6: Fix illegal read.
  Fix out of bound reads in the QDM2 decoder.
  Check for out of bound writes in the QDM2 decoder.
  qdm2: check output buffer size before decoding
  Fix qdm2 decoder packet handling to match the api

Conflicts:
libavcodec/qdm2.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoBump version number for 0.5.6 release.
Reinhard Tartler [Sat, 24 Dec 2011 15:32:06 +0000 (16:32 +0100)]
Bump version number for 0.5.6 release.

7 years agosvq1dec: call avcodec_set_dimensions() after dimensions changed.
Michael Niedermayer [Fri, 18 Nov 2011 18:10:21 +0000 (19:10 +0100)]
svq1dec: call avcodec_set_dimensions() after dimensions changed.

Fixes NGS00148, CVE-2011-4579

Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e24b9488e67849a28e64a8056e05f83cf439229)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 0eca0da06e40b73af495cc05fbcfaa030fcf78ea)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 8ddc0b491d3c9c11c1e3d638fda51b4b604d32f4)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agovmd: fix segfaults on corruped streams
Laurent Aimar [Sun, 11 Sep 2011 17:17:45 +0000 (19:17 +0200)]
vmd: fix segfaults on corruped streams

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit b99366faef3a1ed4a34c9b37107f2c8c24702813)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agovp6: partially propagate huffman tree building errors during coeff model parsing...
Dustin Brody [Tue, 16 Aug 2011 20:46:34 +0000 (16:46 -0400)]
vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit f913eeea43078b3b9052efd8d8d29e7b29b39208)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 7367cbec1b8cf0cbb49707fb0fdfded8ec397b0d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 201fcfb89482c6f73d6b679a294aac8da9612bbd)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoPlug some memory leaks in the VP6 decoder
Vitor Sessak [Wed, 3 Mar 2010 17:24:32 +0000 (17:24 +0000)]
Plug some memory leaks in the VP6 decoder

Originally committed as revision 22172 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 0a41faa9a77dc83d8d933e99f1ba902ecd146e79)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agovp6: Reset the internal state when aborting key frames header parsing
Laurent Aimar [Fri, 23 Sep 2011 20:36:11 +0000 (22:36 +0200)]
vp6: Reset the internal state when aborting key frames header parsing

It prevents leaving the state only half initialized.

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit a72cad0a6c05aa74940101e937cb3dc602d7d67b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit c76505e0dee0890e39636ddebd2707ab3ea5b8de)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit e28bb18fdc894dfdc1befa9f5e748ccb649a8c76)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agovp6: Fix illegal read.
Thierry Foucu [Thu, 17 Nov 2011 17:39:52 +0000 (09:39 -0800)]
vp6: Fix illegal read.

Found with Address Sanitizer

Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit ba4b08b78918f399f9c9524750b26e904d146078)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 94aacaf5083313378c6105bd71db04ce8f62c058)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agovp6: Fix illegal read.
Alex Converse [Thu, 3 Nov 2011 22:55:52 +0000 (15:55 -0700)]
vp6: Fix illegal read.

(cherry picked from commit 2a6eb06254df79e96b3d791b6b89b2534ced3119)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 67a7ed623b678a84c992dd7bf3e3d0329f83621b)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 8d68083298e2481669de4db0b7b86c915119df6d)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoFix out of bound reads in the QDM2 decoder.
Laurent Aimar [Fri, 30 Sep 2011 22:45:04 +0000 (00:45 +0200)]
Fix out of bound reads in the QDM2 decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 5a19acb17ceb71657b0eec51dac651953520e5c8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 0d93d5c4614fafea74bdac681673f5b32eb49063)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoCheck for out of bound writes in the QDM2 decoder.
Laurent Aimar [Fri, 30 Sep 2011 22:45:05 +0000 (00:45 +0200)]
Check for out of bound writes in the QDM2 decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
(cherry picked from commit 291d74a46d32183653db07818c7b3407fd50a288)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoqdm2: check output buffer size before decoding
Justin Ruggles [Wed, 14 Sep 2011 17:57:04 +0000 (13:57 -0400)]
qdm2: check output buffer size before decoding

(cherry picked from commit 7d49f79f1cd47783a963a757a6563b9cac29db62)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 73472053516f82b7d273a3d42c583f894077a191)

Conflicts:

libavcodec/qdm2.c
(cherry picked from commit cfb9b47a1ecdc9e88e6561aa213d98245ee70267)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoFix qdm2 decoder packet handling to match the api
Baptiste Coudurier [Fri, 19 Nov 2010 06:52:30 +0000 (06:52 +0000)]
Fix qdm2 decoder packet handling to match the api

Originally committed as revision 25767 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit b26c1a8b7ed1a199b19f92bb5d62c61f1c149215)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoupdate for 0.5.6 n0.5.6
Michael Niedermayer [Mon, 21 Nov 2011 21:22:04 +0000 (22:22 +0100)]
update for 0.5.6

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agosvq1dec: call avcodec_set_dimensions() after dimensions changed.
Michael Niedermayer [Fri, 18 Nov 2011 18:10:21 +0000 (19:10 +0100)]
svq1dec: call avcodec_set_dimensions() after dimensions changed.
Fixes NGS00148

Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4931c8f0f10bf8dedcf626104a6b85bfefadc6f2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 661ee45f8881bb551eb403472e60c38a7c2818aa)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoqdm2dec: fix buffer overflow.
Michael Niedermayer [Fri, 18 Nov 2011 16:48:31 +0000 (17:48 +0100)]
qdm2dec: fix buffer overflow.
Fixes NGS00144

This also adds a few lines of code from master that are needed for this fix.

Thanks to Phillip for suggestions to improve the patch.
Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a6a61a6d1d4da219a6fe29250e2a6b28f9d05524)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoqdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones()
Michael Niedermayer [Fri, 18 Nov 2011 16:56:24 +0000 (17:56 +0100)]
qdm2dec: check remaining input bits in the mainloop of qdm2_fft_decode_tones()
This is neccessary but likely not sufficient to prevent out of array reads.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 14db3af4f26dad8e6ddf2147e96ccc710952ad4d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8120a1d9bd4bcc4434b4f588f50c9d81aa8ad0e0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agocinepak: check strip_size
Michael Niedermayer [Wed, 16 Nov 2011 16:21:42 +0000 (17:21 +0100)]
cinepak: check strip_size

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cea0c82d9b9771dfa2ac729c13c0d9e03ea352a7)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 211a107208ee636da81d2a89592181e2d78a0c8c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agowma: Check channel number before init.
Michael Niedermayer [Wed, 16 Nov 2011 02:31:25 +0000 (03:31 +0100)]
wma: Check channel number before init.
Fixes Ticket240

Based on patch by ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 20431a9982b9bd2c475042d919890a941ad70c71)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agovp5: Fix illegal read.
Alex Converse [Thu, 17 Nov 2011 18:06:14 +0000 (10:06 -0800)]
vp5: Fix illegal read.

Found with Address Sanitizer
(cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f62fa1ce9f12e4a43b41401a7416c6fa8da579c9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agovp6: Fix illegal read.
Thierry Foucu [Thu, 17 Nov 2011 17:39:52 +0000 (09:39 -0800)]
vp6: Fix illegal read.

Found with Address Sanitizer

Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8a63deab15ef41fd439be1b46d8dcb73669ccfc1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years ago0.5: some updates. n0.5.5
Michael Niedermayer [Sun, 6 Nov 2011 19:57:55 +0000 (20:57 +0100)]
0.5: some updates.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoresample: Fix array size
Michael Niedermayer [Thu, 27 Oct 2011 13:26:45 +0000 (15:26 +0200)]
resample: Fix array size

Found-by: Jim Radford
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3e7db0a9ee758bf0570a141be1fea64f8d9c03db)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit edf3c5a3ebeee8df55c6a05f88a682091f10a364)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoresample2: fix potential overflow
Michael Niedermayer [Thu, 27 Oct 2011 12:34:45 +0000 (14:34 +0200)]
resample2: fix potential overflow

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a39b5e8b323785695fb0e3c0f30bd9e24287db87)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoresample: Fix overflow
Michael Niedermayer [Thu, 27 Oct 2011 12:31:53 +0000 (14:31 +0200)]
resample: Fix overflow

Found-by: Jim Radford
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ae93d030476ddd7fa2ab4d9d2dd25df85725390)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agomatroskadec: fix out of bounds write
Ronald S. Bultje [Fri, 14 Oct 2011 22:03:55 +0000 (00:03 +0200)]
matroskadec: fix out of bounds write

Signed-off-by: Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 723229c11f1400e6a09c8a1c9c27193f376eb1d1)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d51c7b4cbe022f6b3b026735dc7e29eb50bbf129)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agomem: fix memalign hack av_realloc()
Michael Niedermayer [Tue, 11 Oct 2011 20:03:19 +0000 (22:03 +0200)]
mem: fix memalign hack av_realloc()

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc11927890f38445a950b453d24928525da0e61a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ae87280e219e843c71201c580780e8e30083559)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoqtrle: check for out of bound writes.
Laurent Aimar [Sat, 8 Oct 2011 21:40:36 +0000 (23:40 +0200)]
qtrle: check for out of bound writes.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7fb92be7e50ea4ba5712804326c6814ae02dd190)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a65045915f5b4ec6da73df54d1914b320a861223)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoqtrle: check for invalid line offset
Laurent Aimar [Sat, 8 Oct 2011 21:01:33 +0000 (23:01 +0200)]
qtrle: check for invalid line offset

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a4ed7c3fe9f99b89f86b65710d8855dc572f1a25)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 67c46b9b3027fdd9fd737e21a80d3326748b1c15)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agovqa: fix double free on corrupted streams
Laurent Aimar [Sat, 8 Oct 2011 21:40:37 +0000 (23:40 +0200)]
vqa: fix double free on corrupted streams

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e3123856c79c36507772ada1bcda6cfe36a1e297)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agompc7: return error if packet is too small.
Justin Ruggles [Wed, 14 Sep 2011 15:16:42 +0000 (11:16 -0400)]
mpc7: return error if packet is too small.
(cherry picked from commit 8290d1f38b438f1b070de67645c8b4a42014c7ac)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 490617b6ffa13f8e49a196a752f927d5ebad6e2b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agompc7: check output buffer size before decoding
Justin Ruggles [Tue, 13 Sep 2011 22:53:18 +0000 (18:53 -0400)]
mpc7: check output buffer size before decoding
(cherry picked from commit c8b5c4d27409dfdcec80868686b173ba446c998b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b833859daa4eb8fe0ec9117859b21a734905b895)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoh264: do not let invalid values in h->ref_count after a decoder reset.
Laurent Aimar [Tue, 4 Oct 2011 20:13:58 +0000 (22:13 +0200)]
h264: do not let invalid values in h->ref_count after a decoder reset.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0333d234b0355b375762447e93674e3fe3c5bff1)
(cherry picked from commit f74d1c6de7ef810544edae947db1eb1e2c7b6361)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoh264: fix the check for invalid SPS:num_ref_frames.
Laurent Aimar [Sun, 2 Oct 2011 14:06:38 +0000 (16:06 +0200)]
h264: fix the check for invalid SPS:num_ref_frames.

This patch set the limit to 16.

For information, thoses previous commits:
41f7e2d11d2dca23842ee89d530ca9fa15cec9d8
5cbb0e70a0a2ee99eb3cb09e837b9a1f7355b9bc
assumed it was either 30 or 32.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bcf881a6858760ecbd9ff4352a38813dc4232dd6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoh264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reorde...
Laurent Aimar [Sun, 2 Oct 2011 14:06:37 +0000 (16:06 +0200)]
h264: do not let invalid values in h->ref_count on ff_h264_decode_ref_pic_list_reordering() errors.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2428b53f6d306d8d71dec34fa7b0af733d76cfac)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoCheck for out of bound accesses in the 4xm decoder.
Laurent Aimar [Sat, 1 Oct 2011 22:38:27 +0000 (00:38 +0200)]
Check for out of bound accesses in the 4xm decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9c661e952fbcbf044709f9a7031c68cc4860336b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoPrevent block size from inreasing in the shorten decoder.
Laurent Aimar [Fri, 30 Sep 2011 22:43:05 +0000 (00:43 +0200)]
Prevent block size from inreasing in the shorten decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b399cbfba5d901608c18e1a2d48a24c30541a634)
(cherry picked from commit 55a96a984ec65736475a8577a158abc5c48fd50a)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoCheck for out of bound writes in the QDM2 decoder.
Laurent Aimar [Fri, 30 Sep 2011 22:45:05 +0000 (00:45 +0200)]
Check for out of bound writes in the QDM2 decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4a7876c6e4e62e94d51e364ba99aae4da7671238)
(cherry picked from commit b08df314dca6946ed644caacb9d3a533a054c0f6)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoCheck for out of bound writes in the avs demuxer.
Laurent Aimar [Fri, 30 Sep 2011 22:44:55 +0000 (00:44 +0200)]
Check for out of bound writes in the avs demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d44c061cf511d97be5fac8d76be2f3915c6e798)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoCheck for corrupted data in avs demuxer.
Laurent Aimar [Fri, 30 Sep 2011 22:44:54 +0000 (00:44 +0200)]
Check for corrupted data in avs demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1cce7def0a8eff2e7db294b7d195a0fb1a5043b0)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoFix out of bound writes in fix_bitshift() of the shorten decoder.
Laurent Aimar [Thu, 29 Sep 2011 22:05:53 +0000 (00:05 +0200)]
Fix out of bound writes in fix_bitshift() of the shorten decoder.

The data pointers s->decoded[*] already take into account s->nwrap.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f42b3195d3f2692a4dfc0a8668bb4ac35301f2ed)
(cherry picked from commit 107ea3057eb8de8a38c45c2f7181c42ea694b187)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoCheck for out of bounds writes in the Delphine Software International CIN decoder.
Laurent Aimar [Thu, 29 Sep 2011 22:05:51 +0000 (00:05 +0200)]
Check for out of bounds writes in the Delphine Software International CIN decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3035c4034b6af3ad47f921e3385196e1b9d44ddf)
(cherry picked from commit 6e774cf67e6f30feb9b3dec11713d6b6dc0b521c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoCheck for invalid update parameters in vmd video decoder.
Laurent Aimar [Sat, 24 Sep 2011 21:16:18 +0000 (23:16 +0200)]
Check for invalid update parameters in vmd video decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e7aed1280ea14b60fceae04d71dfd03e1daf2d04)
(cherry picked from commit 1ed90c84f6ab75af91b08436cefb8ea464f8495b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoRelease old pictures after a resolution change in vp5/6 decoder
Laurent Aimar [Wed, 21 Sep 2011 18:46:33 +0000 (20:46 +0200)]
Release old pictures after a resolution change in vp5/6 decoder

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dba20b84784a7931b7eac50ced1d43e86801bde9)
(cherry picked from commit c9c6e5f4e8680b7b7801dd6943590ae9cd6bfd89)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoCheck output buffer size in nellymoser decoder.
Laurent Aimar [Wed, 21 Sep 2011 18:46:29 +0000 (20:46 +0200)]
Check output buffer size in nellymoser decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 741ec30bd2385f794efa9fafa84d39a917f2574e)
(cherry picked from commit 533dbaa55b7d45d5ca76f9ed46f5690282f86ea9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agocheck all svq3_get_ue_golomb() returns.
Michael Niedermayer [Sat, 17 Sep 2011 19:53:21 +0000 (21:53 +0200)]
check all svq3_get_ue_golomb() returns.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 979bea13003ef489d95d2538ac2fb1c26c6f103b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agorv34: check for size mismatch
Michael Niedermayer [Sat, 17 Sep 2011 17:40:25 +0000 (19:40 +0200)]
rv34: check for size mismatch

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 35f38b3ab9d755aede5bce8abbe1cb9c07027f8a)
(cherry picked from commit ed9e561490d70e317659f9e406c7920242e509eb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoReject audio tracks with invalid interleaver parameters in RM demuxer.
Laurent Aimar [Sat, 17 Sep 2011 14:56:33 +0000 (16:56 +0200)]
Reject audio tracks with invalid interleaver parameters in RM demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4907f813581acd6cf68f1be9eb163464503e8208)
(cherry picked from commit 24e0a9e451e1aae427307a919d78f6790f4e413c)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoMerge remote-tracking branch 'qatar/release/0.5' into release/0.5
Michael Niedermayer [Sun, 6 Nov 2011 00:34:54 +0000 (01:34 +0100)]
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  update version
  Release notes and changelog for 0.5.5
  Fix ff_imdct_calc_sse() on gcc-4.6
  Make DECLARE_ALIGNED macros work with external array specifiers
  Fix MMX rgb24 to yuv conversion with gcc 4.6

Merged-by: Michael Niedermayer <michaelni@gmx.at>
7 years agoupdate version
Reinhard Tartler [Sat, 5 Nov 2011 11:57:22 +0000 (12:57 +0100)]
update version

7 years agoRelease notes and changelog for 0.5.5
Reinhard Tartler [Sat, 5 Nov 2011 11:53:16 +0000 (12:53 +0100)]
Release notes and changelog for 0.5.5

7 years agoFix ff_imdct_calc_sse() on gcc-4.6
Alex Converse [Sun, 30 Jan 2011 09:04:41 +0000 (01:04 -0800)]
Fix ff_imdct_calc_sse() on gcc-4.6

Gcc 4.6 only preserves the first value when using an array with an "m"
constraint.

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 770c410fbb8e1b87ce8ad7f3d7eddaa55e2b8295)

Conflicts:

libavcodec/x86/fft_sse.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoMake DECLARE_ALIGNED macros work with external array specifiers
Måns Rullgård [Thu, 21 Jan 2010 12:59:22 +0000 (12:59 +0000)]
Make DECLARE_ALIGNED macros work with external array specifiers

The macro implementation might need the name of the variable being
declared for compiler-specific syntax.  Moving array specifiers outside
the macro invocation allows this to work.

Originally committed as revision 21363 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 8a24e98d506f0f44ec58e06291fa0fce703fb6a8)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agoFix MMX rgb24 to yuv conversion with gcc 4.6
Mans Rullgard [Sun, 13 Feb 2011 00:19:06 +0000 (00:19 +0000)]
Fix MMX rgb24 to yuv conversion with gcc 4.6

When built with gcc 4.6, the MMX rgb24 to yuv conversion gives
wrong output.  The compiler produces this warning:

libswscale/swscale_template.c:1885:5: warning: use of memory input without lvalue in asm operand 4 is deprecated

Changing the memory operand to a register makes it work.

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit f344903ca5ce28a833fdd656bc1ed5b16d97e7e9)

Conflicts:

libswscale/swscale_template.c

Signed-off-by: Reinhard Tartler <siretart@tauware.de>
7 years agosmacker: add forgotten *
Michael Niedermayer [Mon, 12 Sep 2011 21:45:21 +0000 (23:45 +0200)]
smacker: add forgotten *
found by fenrir

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f98edc73c599badaa0c075fbffb519a150d03d80)

7 years agosegafilm: Fix potential division by 0 on corrupted segafilm streams in the demuxer.
Laurent Aimar [Mon, 12 Sep 2011 19:09:57 +0000 (21:09 +0200)]
segafilm: Fix potential division by 0 on corrupted segafilm streams in the demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7 years agosegafilm: Check for memory allocation failures in segafilm demuxer.
Laurent Aimar [Mon, 12 Sep 2011 18:58:35 +0000 (20:58 +0200)]
segafilm: Check for memory allocation failures in segafilm demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7cbe02575868e7d25acf3d319ece664702700f0a)

7 years agorv34: check that subsequent slices have the same type as first one.
Kostya Shishkov [Mon, 12 Sep 2011 09:39:53 +0000 (11:39 +0200)]
rv34: check that subsequent slices have the same type as first one.

This prevents some crashes when corrupted bitstream reports e.g. P-type
slice in I-frame. Official RealVideo decoder demands all slices to be
of the same type too.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 23a1f0c59241465ba30103388029a7afc0ead909)

7 years agoFixed invalid read access on extra data in cinepak decoder.
Laurent Aimar [Sun, 11 Sep 2011 17:17:43 +0000 (19:17 +0200)]
Fixed invalid read access on extra data in cinepak decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc255275f6293a060518271a151e1ce75499e874)

7 years agoFixed segfault on corrupted smacker streams in the demuxer.
Laurent Aimar [Sun, 11 Sep 2011 16:51:52 +0000 (18:51 +0200)]
Fixed segfault on corrupted smacker streams in the demuxer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d0121e8d969cde74fa7dbd96d3602109b051e701)

7 years agoFixed segfaults on corruped smacker streams in the decoder.
Laurent Aimar [Sun, 11 Sep 2011 16:54:01 +0000 (18:54 +0200)]
Fixed segfaults on corruped smacker streams in the decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d07ac1853da29ea696243160e02154ebf758d1ee)

7 years agoFixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
Laurent Aimar [Wed, 7 Sep 2011 19:43:03 +0000 (21:43 +0200)]
Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8bfea4ab4e2cb32bc7bf6f697ee30a238c65d296)

7 years agoFixed deference of NULL pointer in motionpixels decoder.
Laurent Aimar [Sat, 10 Sep 2011 11:28:13 +0000 (13:28 +0200)]
Fixed deference of NULL pointer in motionpixels decoder.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 824f98f442996eaee9204b132752cf5114fc94cf)

7 years agoqcelpdec: fix the return value of qcelp_decode_frame().
Chris Rankin [Wed, 7 Sep 2011 09:17:30 +0000 (10:17 +0100)]
qcelpdec: fix the return value of qcelp_decode_frame().
(cherry picked from commit 04c13dca8812e8302686887b6e8201d4ad25b7d8)

7 years agoCheck extradata size on resolution change.
Reimar Döffinger [Sun, 17 Jul 2011 13:22:36 +0000 (15:22 +0200)]
Check extradata size on resolution change.

Ignore resolution change if resolution not defined in extradata.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 09c5f990bc7629dfbee8c760fd485936c60a7b40)

7 years agorv34: Check for invalid slice offsets
Laurent Aimar [Mon, 19 Sep 2011 20:48:53 +0000 (22:48 +0200)]
rv34: Check for invalid slice offsets

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 4cc7732386eb36661ed22d1200339b38a5fa60bc)

Signed-off-by: Anton Khirnov <anton@khirnov.net>