ffmpeg.git
4 years agoavcodec/lcldec: fix decoding of YUV444 sample n1.1.14
Piotr Bandurski [Sun, 17 Aug 2014 16:17:13 +0000 (18:17 +0200)]
avcodec/lcldec: fix decoding of YUV444 sample

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a3329a09f93455a44ff3c9c64886c4da1f66bcfb)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoalacenc: fix extra bits extraction
Christophe Gisquet [Sun, 17 Aug 2014 16:56:45 +0000 (18:56 +0200)]
alacenc: fix extra bits extraction

The raw coded bits are extracted prior to decorrelation, as is correctly
performed by the decoder, and not after.

Fixes ticket #2768.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 96d217832598da7001bc204706476dd1e37f377e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoalacenc: increase predictor buffer
Christophe Gisquet [Sun, 17 Aug 2014 17:09:13 +0000 (17:09 +0000)]
alacenc: increase predictor buffer

This change is almost cosmetical only, and reduces the changes needed to
fix the 24bps case.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c0d18cc085b13cdfb05ea90a20b46235fb4fa0a9)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agowavpack: report if there is no bits left
Christophe Gisquet [Tue, 19 Aug 2014 12:26:47 +0000 (12:26 +0000)]
wavpack: report if there is no bits left

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 11a39bdf534a4ead634b4a593c66ebf756910b9b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/adpcm: Fix incorrect AVSampleFormat for sample_fmts_s16p
Jon Morley [Tue, 19 Aug 2014 18:17:49 +0000 (11:17 -0700)]
avcodec/adpcm: Fix incorrect AVSampleFormat for sample_fmts_s16p

The AVSampleFormat list of sample_fmts_s16p is missing the trailing "P" for planar formats. AV_SAMPLE_FMT_S16 vs AV_SAMPLE_FMT_S16P

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 18e70006e7d39f256079cd461a0fe75f1e9cbfd2)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoversion.sh: Print versions based on the last git tag for release branches
Michael Niedermayer [Mon, 28 Jul 2014 00:40:35 +0000 (02:40 +0200)]
version.sh: Print versions based on the last git tag for release branches

release branches are detected by checking if "git" is not in RELEASE
This changes "N-64706-g2f71aeb" to "n2.3-8-g2f71aeb"
for git master theres no change

This should improve the readability of lists of versions which come from
more than 1 release branch or master + release. fate.ffmpeg.org is
one possible example

Reviewed-by: Timothy Gu <timothygu99@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ee606fd0317df202b59946cf9b738c0a01056316)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1f4d779e87050111f831f24645580f04e0b1917b)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0a64e9a0299b8ded2508be4c6f4949f8f8f57724)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoremove VERSION file
Michael Niedermayer [Mon, 28 Jul 2014 00:22:11 +0000 (02:22 +0200)]
remove VERSION file

it overrides what version.sh prints and thus makes its output
from release branches rather useless

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f71aeb30161edb5cb0fea5d3080094a22cc3038)

Conflicts:

VERSION
(cherry picked from commit f543d32455a30c7e11206241184dfb16b8a8081c)

Conflicts:

VERSION
(cherry picked from commit 59b2a9ef957ec796ccf457aad263a52bc457b610)

Conflicts:

VERSION

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoUpdate for 1.1.14
Michael Niedermayer [Sat, 30 Aug 2014 19:44:13 +0000 (21:44 +0200)]
Update for 1.1.14

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/snow: check coeffs for validity
Michael Niedermayer [Sat, 30 Aug 2014 00:12:10 +0000 (02:12 +0200)]
avcodec/snow: check coeffs for validity

Fixes deadlock
Fixes integer overflow
Fixes Ticket 3892

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 596636a474ab201badaae269f3a2cef4824b8c1f)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/utils: add GBRP16 to avcodec_align_dimensions2()
Michael Niedermayer [Sun, 24 Aug 2014 21:33:40 +0000 (23:33 +0200)]
avcodec/utils: add GBRP16 to avcodec_align_dimensions2()

Fixes Ticket3869

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3fe9e7be4c70c8fccdcd56fd19276e668cfb7de8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec: fix aac/ac3 parser bitstream buffer size
Michael Niedermayer [Thu, 21 Aug 2014 23:15:57 +0000 (01:15 +0200)]
avcodec: fix aac/ac3 parser bitstream buffer size

Buffers containing copies of the AAC and AC3 header bits were not padded
before parsing, violating init_get_bits() buffer padding requirement,
leading to potential buffer read overflows.
This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer
for parsing the header in each of aac_parser.c and ac3_parser.c.

Based on patch by: Matt Wolenetz <wolenetz@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fccd85b9f30525f88692f53134eba41f1f2d90db)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoproresenc_kostya: report buffer overflow
Christophe Gisquet [Mon, 11 Aug 2014 22:06:08 +0000 (22:06 +0000)]
proresenc_kostya: report buffer overflow

If the allocated size, despite best efforts, is too small, exit
with the appropriate error.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 52b81ff4635c077b2bc8b8d3637d933b6629d803)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoavcodec/iff: check pixfmt for rgb8 / rgbn
Michael Niedermayer [Sun, 10 Aug 2014 19:59:33 +0000 (21:59 +0200)]
avcodec/iff: check pixfmt for rgb8 / rgbn

Fixes out of array access

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3539d6c63a16e1b2874bb037a86f317449c58770)

Conflicts:

libavcodec/iff.c
(cherry picked from commit 656f930160db48e0b7b25069c62abc340e7f0628)

Conflicts:

libavcodec/iff.c
(cherry picked from commit abc1fa7c5a1dca1345b9471b81cfcda00c56220d)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '124ec8b1303d4f29b833099ce9008e31ac6d7c86' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 19:07:32 +0000 (21:07 +0200)]
Merge commit '124ec8b1303d4f29b833099ce9008e31ac6d7c86' into release/1.1

* commit '124ec8b1303d4f29b833099ce9008e31ac6d7c86':
  pulse: Add a wallclock option to be compatible with other other captures

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'e1f0c41e1aa37a9c166c43abf1b526c796ed7649' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:58:46 +0000 (20:58 +0200)]
Merge commit 'e1f0c41e1aa37a9c166c43abf1b526c796ed7649' into release/1.1

* commit 'e1f0c41e1aa37a9c166c43abf1b526c796ed7649':
  avconv: fix parsing the AVOptions for -target

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '8d7839fc7c52574dfc22db0181b1cef9cb929910' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:58:25 +0000 (20:58 +0200)]
Merge commit '8d7839fc7c52574dfc22db0181b1cef9cb929910' into release/1.1

* commit '8d7839fc7c52574dfc22db0181b1cef9cb929910':
  avconv: fix the muxrate values for -target

Conflicts:
ffmpeg_opt.c

No change, as ffmpegs muxrate is in bits/sec

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'bbd632082b18e6c5ce9c2d6be8bc260c05ae9417' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:50:50 +0000 (20:50 +0200)]
Merge commit 'bbd632082b18e6c5ce9c2d6be8bc260c05ae9417' into release/1.1

* commit 'bbd632082b18e6c5ce9c2d6be8bc260c05ae9417':
  mpegenc: limit the maximum muxrate

Conflicts:
libavformat/mpegenc.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'e4fb53c73abece15a7c5df0019df9a0371db2297' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:47:07 +0000 (20:47 +0200)]
Merge commit 'e4fb53c73abece15a7c5df0019df9a0371db2297' into release/1.1

* commit 'e4fb53c73abece15a7c5df0019df9a0371db2297':
  ffv1dec: check that global parameters do not change in version 0/1

Conflicts:
libavcodec/ffv1dec.c

See: f78a3868fd3d8f66da68338c0783aa15f98833bf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'bd41211395fd1f968e9f3a4746daffebea60f41e' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:38:41 +0000 (20:38 +0200)]
Merge commit 'bd41211395fd1f968e9f3a4746daffebea60f41e' into release/1.1

* commit 'bd41211395fd1f968e9f3a4746daffebea60f41e':
  Re-release 9.15 as 9.16
  Prepare for 9.15 Release
  Update Changelog for v9.15

Conflicts:
Changelog
RELEASE

Not merged, as the versions are different in FFmpeg

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '437848e37ae7ef73cd8101031dc570d1f009ffd5' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:36:00 +0000 (20:36 +0200)]
Merge commit '437848e37ae7ef73cd8101031dc570d1f009ffd5' into release/1.1

* commit '437848e37ae7ef73cd8101031dc570d1f009ffd5':
  vp3: Copy all 3 frames for thread updates

See: 247d30a7dba6684ccce4508424f35fd58465e535
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit 'addbaf134836aea4e14f73add8c6d753a1373257' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:21:17 +0000 (20:21 +0200)]
Merge commit 'addbaf134836aea4e14f73add8c6d753a1373257' into release/1.1

* commit 'addbaf134836aea4e14f73add8c6d753a1373257':
  mpegts: Do not try to write a PMT larger than SECTION_SIZE

Conflicts:
libavformat/mpegtsenc.c

See: 694c3a13c9489c6e05f88486b489dd0746d114fc
Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agoMerge commit '694b7cd873f8b06af109036eff1ccd741afdd28e' into release/1.1
Michael Niedermayer [Sat, 30 Aug 2014 18:09:10 +0000 (20:09 +0200)]
Merge commit '694b7cd873f8b06af109036eff1ccd741afdd28e' into release/1.1

* commit '694b7cd873f8b06af109036eff1ccd741afdd28e':
  mpegts: Define the section length with a constant

Merged-by: Michael Niedermayer <michaelni@gmx.at>
4 years agopulse: Add a wallclock option to be compatible with other other captures
Luca Barbato [Sat, 23 Aug 2014 17:03:21 +0000 (19:03 +0200)]
pulse: Add a wallclock option to be compatible with other other captures

alsa and x11grab use av_gettime() to report timestamps.

Have it on by default.

Bug-Id: 647
(cherry picked from commit 424b929b5cb9ca4094099f25179829260d4b0fa3)
(cherry picked from commit 404731bd20e1df5880e6fe381e975ba48afc75b2)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
4 years agoavconv: fix parsing the AVOptions for -target
Anton Khirnov [Tue, 26 Aug 2014 06:26:35 +0000 (06:26 +0000)]
avconv: fix parsing the AVOptions for -target

CC: libav-stable@libav.org
(cherry picked from commit f5245a9c6206878b892adf3ccbccc9311c202af5)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit f7395926f204051af9ad459a6d876b96ee6179ee)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agoavconv: fix the muxrate values for -target
Anton Khirnov [Mon, 25 Aug 2014 21:24:35 +0000 (21:24 +0000)]
avconv: fix the muxrate values for -target

The mpegenc private option values are in 50-byte units.

CC: libav-stable@libav.org
(cherry picked from commit 1688eef25385089026aba55da1885f70a57815ab)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7bc37641e3e6c24d472ae06fcbecaba4c863829b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
4 years agompegenc: limit the maximum muxrate
Anton Khirnov [Mon, 25 Aug 2014 21:21:57 +0000 (21:21 +0000)]
mpegenc: limit the maximum muxrate

It is written to the file as a 22-bit value.

CC: libav-stable@libav.org
(cherry picked from commit 75bbaf2493a71ee66eaabe3c21fadd84d07888de)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavformat/mpegenc.c

(cherry picked from commit 3ac0638d573fc483ba6be3444858b26711c5d67d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agoffv1dec: check that global parameters do not change in version 0/1
Michael Niedermayer [Fri, 30 Aug 2013 02:51:09 +0000 (04:51 +0200)]
ffv1dec: check that global parameters do not change in version 0/1

Such changes are neither allowed nor supported

Found-by: ami_stuff
Bug-Id: CVE-2013-7020
CC: libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit da7d839a0d3ec40423a665dc85e0cfaed3f92eb8)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agoRe-release 9.15 as 9.16
Reinhard Tartler [Sat, 9 Aug 2014 12:55:45 +0000 (08:55 -0400)]
Re-release 9.15 as 9.16

This is a clean fixup of the tagging mistake in the v9.15 release

5 years agoPrepare for 9.15 Release
Reinhard Tartler [Sat, 9 Aug 2014 01:57:46 +0000 (21:57 -0400)]
Prepare for 9.15 Release

5 years agoUpdate Changelog for v9.15
Reinhard Tartler [Sat, 9 Aug 2014 00:46:15 +0000 (20:46 -0400)]
Update Changelog for v9.15

5 years agoupdate for 1.1.13 n1.1.13
Michael Niedermayer [Fri, 8 Aug 2014 20:45:52 +0000 (22:45 +0200)]
update for 1.1.13

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/dvdsub_parser: print message if packet is smaller than the packet size field
Michael Niedermayer [Fri, 1 Aug 2014 23:16:14 +0000 (01:16 +0200)]
avcodec/dvdsub_parser: print message if packet is smaller than the packet size field

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bcc898dd2643c883522ffa565be4b226ce798c78)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/dvdsub_parser: Check buf_size before reading 32bit packet size
Michael Niedermayer [Fri, 1 Aug 2014 23:15:37 +0000 (01:15 +0200)]
avcodec/dvdsub_parser: Check buf_size before reading 32bit packet size

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/dvdsub_parser: never return 0 when the input isnt 0
Michael Niedermayer [Fri, 1 Aug 2014 22:27:23 +0000 (00:27 +0200)]
avcodec/dvdsub_parser: never return 0 when the input isnt 0

Fixes a infinite loop
Fixes Ticket3804

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cfdb30d2f1241de9354a8efdbf8252d0f1a6f933)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/utils: do not wait for packets from discarded streams for genpts
Michael Niedermayer [Sat, 12 Jul 2014 23:07:59 +0000 (01:07 +0200)]
avformat/utils: do not wait for packets from discarded streams for genpts

Fixes long loop
Fixes Ticket3208

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8202c49b43621c04e26d4a3aa83a10e1e5cc1836)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 14:08:16 +0000 (16:08 +0200)]
Merge commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4' into release/1.1

* commit 'ecda9b90eccc687202fe9fa20f7ca61d92d816b4':
  Update Changelog for v9.15

Conflicts:
Changelog

Not merged as the changelog doesnt apply 1:1 to FFmpeg

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '52254067b312e78d30bbe79fc33dbdf995b22b4e' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 14:06:27 +0000 (16:06 +0200)]
Merge commit '52254067b312e78d30bbe79fc33dbdf995b22b4e' into release/1.1

* commit '52254067b312e78d30bbe79fc33dbdf995b22b4e':
  error_concealment: avoid using the picture if not fully setup

Conflicts:
libavcodec/error_resilience.c

See: 68a0477bc0af026db971ddba22541029a9e8715b
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agovp3: Copy all 3 frames for thread updates
Michael Niedermayer [Mon, 4 Aug 2014 00:12:47 +0000 (01:12 +0100)]
vp3: Copy all 3 frames for thread updates

Fixes a double release of the current frame on deinit.

Bug-Id: CVE-2011-3934
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
5 years agoavcodec/svq1dec: Fix multiple bugs from "svq1: do not modify the input packet"
Michael Niedermayer [Thu, 7 Aug 2014 00:27:07 +0000 (02:27 +0200)]
avcodec/svq1dec: Fix multiple bugs from "svq1: do not modify the input packet"

Add padding, clear size, use the correct pointer.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4213fc5b9eebec53c7d22b770c3f1ceecca1c113)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'af9b62654d5aa023a96906215365532d18541a09' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 13:48:57 +0000 (15:48 +0200)]
Merge commit 'af9b62654d5aa023a96906215365532d18541a09' into release/1.1

* commit 'af9b62654d5aa023a96906215365532d18541a09':
  svq1: do not modify the input packet

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '80c268eaaee402695a74d14acf76063100692a99' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 13:47:30 +0000 (15:47 +0200)]
Merge commit '80c268eaaee402695a74d14acf76063100692a99' into release/1.1

* commit '80c268eaaee402695a74d14acf76063100692a99':
  cdgraphics: do not return 0 from the decode function

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 13:45:19 +0000 (15:45 +0200)]
Merge commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83' into release/1.1

* commit '8cd67ddde46a42a33149e7d42a2ab47852ff2a83':
  cdgraphics: switch to bytestream2

Conflicts:
libavcodec/cdgraphics.c

See: ad002e1a13a8df934bd6cb2c84175a4780ab8942
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'c53effc41b9359261b17c8da3b7062369cafd686' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 13:19:40 +0000 (15:19 +0200)]
Merge commit 'c53effc41b9359261b17c8da3b7062369cafd686' into release/1.1

* commit 'c53effc41b9359261b17c8da3b7062369cafd686':
  huffyuvdec: check width size for yuv422p

Conflicts:
libavcodec/huffyuvdec.c

See: 6abb9a901fca27da14d4fffbb01948288b5da3ba
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'ede738880032db62b7dc5b3712f769d3826f5974' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 13:16:43 +0000 (15:16 +0200)]
Merge commit 'ede738880032db62b7dc5b3712f769d3826f5974' into release/1.1

* commit 'ede738880032db62b7dc5b3712f769d3826f5974':
  mmvideo: check horizontal coordinate too

See: See: 8d3c99e825317b7efda5fd12e69896b47c700303
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '36d8914f1b94e4731d2fc67162902839c106e72e' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:56:58 +0000 (14:56 +0200)]
Merge commit '36d8914f1b94e4731d2fc67162902839c106e72e' into release/1.1

* commit '36d8914f1b94e4731d2fc67162902839c106e72e':
  wmalosslessdec: fix mclms_coeffs* array size

See: ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '146b187113e3cc20c2a97c5f264da13e701ca247' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:45:18 +0000 (14:45 +0200)]
Merge commit '146b187113e3cc20c2a97c5f264da13e701ca247' into release/1.1

* commit '146b187113e3cc20c2a97c5f264da13e701ca247':
  lavc: Check the image size before calling get_buffer

Conflicts:
libavcodec/utils.c

See: 668494acd8b20f974c7722895d4a6a14c1005f1e
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '43d676432740c6d5e5234ed343f13902909fd124' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:38:20 +0000 (14:38 +0200)]
Merge commit '43d676432740c6d5e5234ed343f13902909fd124' into release/1.1

* commit '43d676432740c6d5e5234ed343f13902909fd124':
  huffyuv: Check and propagate function return values

Conflicts:
libavcodec/huffyuvdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '512354191328c559fcff56070dab897ee2a1b4c1' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:33:02 +0000 (14:33 +0200)]
Merge commit '512354191328c559fcff56070dab897ee2a1b4c1' into release/1.1

* commit '512354191328c559fcff56070dab897ee2a1b4c1':
  h264: prevent theoretical infinite loop in SEI parsing

Conflicts:
libavcodec/h264_sei.c

See: 9decfc17bb76da34734296048d390b176abf404c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:24:54 +0000 (14:24 +0200)]
Merge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1

* commit '01f9540320279954b2764645ab7136847d53d89f':
  h264_sei: check SEI size

Conflicts:
libavcodec/h264_sei.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:19:24 +0000 (14:19 +0200)]
Merge commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec' into release/1.1

* commit '00915d3cd2ce61db3d6dc11f63566630a9aff4ec':
  pgssubdec: Check RLE size before copying

See: c0d68be555f5858703383040e04fcd6529777061
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:14:06 +0000 (14:14 +0200)]
Merge commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0' into release/1.1

* commit '58d7b835e3cec48ab5a2393405fe82dee72c06a0':
  fate: Add dependencies for dct/fft/mdct/rdft tests

Conflicts:
libavcodec/fft-test.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:06:51 +0000 (14:06 +0200)]
Merge commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e' into release/1.1

* commit 'd16515ae5fe7daa6327d903cafb9a5ee43477b1e':
  video4linux2: Avoid a floating point exception

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 12:06:36 +0000 (14:06 +0200)]
Merge commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83' into release/1.1

* commit '3a6bc3e381647bb4434317113f131f7e0ab5bf83':
  vf_select: Drop a debug av_log with an unchecked double to enum conversion

Conflicts:
libavfilter/f_select.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 11:51:59 +0000 (13:51 +0200)]
Merge commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8' into release/1.1

* commit 'e8ff7972064631afbdf240ec6bfd9dec30cf2ce8':
  eamad: use the bytestream2 API instead of AV_RL

Conflicts:
libavcodec/eamad.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '3ecbd911ff9177097820e5d00401c9bf29e5d167' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 11:47:08 +0000 (13:47 +0200)]
Merge commit '3ecbd911ff9177097820e5d00401c9bf29e5d167' into release/1.1

* commit '3ecbd911ff9177097820e5d00401c9bf29e5d167':
  Update Changelog for v9.14
  Prepare for 9.14 Release

Conflicts:
Changelog
RELEASE

Not merged as this doesnt apply 1:1 to our releases

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 11:32:51 +0000 (13:32 +0200)]
Merge commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240' into release/1.1

* commit '21d3e0ac9e1719d8444b3f5466983587ac0ad240':
  adpcm: Write the proper predictor in trellis mode in IMA QT

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '744e7eea5d815efea777b6179d96e8d94b63ccfa' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 11:30:17 +0000 (13:30 +0200)]
Merge commit '744e7eea5d815efea777b6179d96e8d94b63ccfa' into release/1.1

* commit '744e7eea5d815efea777b6179d96e8d94b63ccfa':
  adpcm: Avoid reading out of bounds in the IMA QT trellis encoder

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 10:50:57 +0000 (12:50 +0200)]
Merge commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f' into release/1.1

* commit 'd7dbc687e312a91ef2ccf797d57b95c61d0e8a2f':
  Check mp3 header before calling avpriv_mpegaudio_decode_header().

Conflicts:
libavformat/mp3enc.c

See: See: 2dd0da787ce5008d4d1b8f461fbd1288c32e2c38
Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f' into release/1.1
Michael Niedermayer [Fri, 8 Aug 2014 10:48:51 +0000 (12:48 +0200)]
Merge commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f' into release/1.1

* commit '7997acee0542f6e0bb9ea42ff783f80b70878a2f':
  Check if an mp3 header is using a reserved sample rate.

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agompegts: Do not try to write a PMT larger than SECTION_SIZE
Luca Barbato [Thu, 7 Aug 2014 15:10:32 +0000 (17:10 +0200)]
mpegts: Do not try to write a PMT larger than SECTION_SIZE

Prevent out of array write.

Similar to what Michael Niedermayer did to address the same issue.

Bug-Id: CVE-2014-2263
CC: libav-stable@libav.org
5 years agompegts: Define the section length with a constant
Luca Barbato [Sun, 3 Aug 2014 17:27:07 +0000 (19:27 +0200)]
mpegts: Define the section length with a constant

The specification says the value is expressed in 10 bits including
the 4-byte CRC.

5 years agoUpdate Changelog for v9.15
Reinhard Tartler [Thu, 7 Aug 2014 00:07:33 +0000 (20:07 -0400)]
Update Changelog for v9.15

5 years agoerror_concealment: avoid using the picture if not fully setup
Michael Niedermayer [Wed, 6 Aug 2014 17:19:57 +0000 (18:19 +0100)]
error_concealment: avoid using the picture if not fully setup

Fixes state becoming inconsistent and a null pointer dereference.

CC: libav-stable@libav.org
Bug-Id: CVE-2013-0860
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agosvq1: do not modify the input packet
Anton Khirnov [Sun, 3 Aug 2014 08:14:48 +0000 (10:14 +0200)]
svq1: do not modify the input packet

The input data must remain constant, make a copy instead. This is in
theory a performance hit, but since I failed to find any samples
using this feature, this should not matter in practice.

Also, check the size of the header, avoiding invalid reads on truncated
data.

CC:libav-stable@libav.org
(cherry picked from commit 7b588bb691644e1b3c168b99accf74248a24e3cf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/svq1dec.c

5 years agocdgraphics: do not return 0 from the decode function
Anton Khirnov [Wed, 6 Aug 2014 10:56:34 +0000 (10:56 +0000)]
cdgraphics: do not return 0 from the decode function

0 means no data consumed, so it can trigger an infinite loop in the
caller.

CC:libav-stable@libav.org
(cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavcodec/cdgraphics.c

5 years agocdgraphics: switch to bytestream2
Anton Khirnov [Wed, 6 Aug 2014 10:46:50 +0000 (10:46 +0000)]
cdgraphics: switch to bytestream2

Fixes possible invalid memory accesses on corrupted data.

CC:libav-stable@libav.org
Bug-ID: CVE-2013-3674
(cherry picked from commit a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agohuffyuvdec: check width size for yuv422p
Michael Niedermayer [Sat, 2 Aug 2014 23:54:33 +0000 (00:54 +0100)]
huffyuvdec: check width size for yuv422p

Avoid out of array accesses.

CC: libav-stable@libav.org
Bug-Id: CVE-2013-0848
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit a7153444df9040bf6ae103e0bbf6104b66f974cb)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agommvideo: check horizontal coordinate too
Michael Niedermayer [Sun, 3 Aug 2014 18:24:18 +0000 (19:24 +0100)]
mmvideo: check horizontal coordinate too

Fixes out of array accesses.

Bug-Id: CVE-2013-3672
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 70cd3b8e659c3522eea5c16a65d14b8658894a94)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agowmalosslessdec: fix mclms_coeffs* array size
Michael Niedermayer [Fri, 7 Feb 2014 14:07:23 +0000 (15:07 +0100)]
wmalosslessdec: fix mclms_coeffs* array size

Fixes corruption of context

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Bug-Id: CVE-2014-2098
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 849b9d34c7ef70b370c53e7af3940f51cbc07d0f)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
5 years agolavc: Check the image size before calling get_buffer
Luca Barbato [Mon, 4 Aug 2014 12:15:45 +0000 (14:15 +0200)]
lavc: Check the image size before calling get_buffer

Bug-Id: CVE-2011-3935
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
5 years agohuffyuv: Check and propagate function return values
Diego Biurrun [Sun, 3 Aug 2014 19:19:10 +0000 (12:19 -0700)]
huffyuv: Check and propagate function return values

Bug-Id: CVE-2013-0868

inspired by a patch from Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 744b406ff3474e77543bcf86125a2f7bc7deaa18)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavcodec/huffyuvdec.c

5 years agoh264: prevent theoretical infinite loop in SEI parsing
Vittorio Giovara [Wed, 30 Jul 2014 18:33:36 +0000 (19:33 +0100)]
h264: prevent theoretical infinite loop in SEI parsing

Properly address CVE-2011-3946 and parse bitstream as described in the spec.

CC: libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
5 years agoh264_sei: check SEI size
Michael Niedermayer [Thu, 19 Sep 2013 14:26:25 +0000 (16:26 +0200)]
h264_sei: check SEI size

Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
5 years agopgssubdec: Check RLE size before copying
Michael Niedermayer [Thu, 31 Jul 2014 01:31:19 +0000 (21:31 -0400)]
pgssubdec: Check RLE size before copying

Make sure the buffer size does not exceed the expected
RLE size.

Prevent an out of array bound write.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Bug-Id: CVE-2013-0852

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit a1f7844a11010d8552c75424d1a831b37a0ae5d9)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agofate: Add dependencies for dct/fft/mdct/rdft tests
Diego Biurrun [Thu, 26 Jun 2014 00:09:13 +0000 (17:09 -0700)]
fate: Add dependencies for dct/fft/mdct/rdft tests

(cherry picked from commit d396987c303bdc4eea7d1a1ff6776475d9bbd9ea)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavcodec/fft-test.c

5 years agovideo4linux2: Avoid a floating point exception
Bernhard Übelacker [Sun, 27 Jul 2014 15:38:59 +0000 (08:38 -0700)]
video4linux2: Avoid a floating point exception

This avoids a segfault in avconv_opt.c:opt_target when trying to
determine the norm.

(cherry picked from commit dc71f1958846bb1d96de43a4603983dc8450cfcc)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agovf_select: Drop a debug av_log with an unchecked double to enum conversion
Diego Biurrun [Tue, 29 Jul 2014 12:43:04 +0000 (05:43 -0700)]
vf_select: Drop a debug av_log with an unchecked double to enum conversion

CC: libav-stable@libav.org
(cherry picked from commit a8d803a320fb08b3ad5db4fffc79abd401206905)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoeamad: use the bytestream2 API instead of AV_RL
Anton Khirnov [Sun, 20 Jul 2014 12:06:47 +0000 (12:06 +0000)]
eamad: use the bytestream2 API instead of AV_RL

This is safer and possibly fixes invalid reads on truncated data.
(cherry-picked from commit 541427ab4d5b4b6f5a90a687a06decdb78e7bc3c)

CC:libav-stable@libav.org

Conflicts:
libavcodec/eamad.c

(cherry picked from commit f9204ec56a4cf73843d1e5b8563d3584c2c05b47)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
5 years agoUpdate Changelog for v9.14
Reinhard Tartler [Fri, 27 Jun 2014 01:27:56 +0000 (21:27 -0400)]
Update Changelog for v9.14

5 years agoPrepare for 9.14 Release
Reinhard Tartler [Fri, 27 Jun 2014 01:23:39 +0000 (21:23 -0400)]
Prepare for 9.14 Release

5 years agoadpcm: Write the proper predictor in trellis mode in IMA QT
Martin Storsjö [Thu, 5 Jun 2014 11:49:14 +0000 (14:49 +0300)]
adpcm: Write the proper predictor in trellis mode in IMA QT

The actual predictor value, set by the trellis code, never
was written back into the variable that was written into
the block header. This was accidentally removed in b304244b.

This significantly improves the audio quality of the trellis
case, which was plain broken since b304244b.

Encoding IMA QT with trellis still actually gives a slightly
worse quality than without trellis, since the trellis encoder
doesn't use the exact same way of rounding as in
adpcm_ima_qt_compress_sample and adpcm_ima_qt_expand_nibble.

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 0776e0ef6ba4160281ef3fabea43e670f3792b4a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoadpcm: Avoid reading out of bounds in the IMA QT trellis encoder
Martin Storsjö [Thu, 5 Jun 2014 08:48:53 +0000 (11:48 +0300)]
adpcm: Avoid reading out of bounds in the IMA QT trellis encoder

This was broken in 095be4fb - samples+ch (for the previous
non-planar case) equals &samples_p[ch][0]. The confusion
probably stemmed from the IMA WAV case where it originally
was &samples[avctx->channels + ch], which was correctly
changed into &samples_p[ch][1].

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 3d79d0c93e5b37a35b1b22d6c18699c233aad1ba)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoCheck mp3 header before calling avpriv_mpegaudio_decode_header().
Justin Ruggles [Sun, 22 Jun 2014 17:19:36 +0000 (13:19 -0400)]
Check mp3 header before calling avpriv_mpegaudio_decode_header().

As indicated in the function documentation, the header MUST be
checked prior to calling it because no consistency check is done
there.

CC:libav-stable@libav.org
(cherry picked from commit f2f2e7627f0c878d13275af5d166ec5932665e28)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoCheck if an mp3 header is using a reserved sample rate.
Justin Ruggles [Sun, 22 Jun 2014 17:11:32 +0000 (13:11 -0400)]
Check if an mp3 header is using a reserved sample rate.

Fixes an invalid read past the end of avpriv_mpa_freq_tab.
Fixes divide-by-zero due to sample_rate being set to 0.

Bug-Id: 705

CC:libav-stable@libav.org

Conflicts:
libavcodec/mpegaudiodecheader.c

5 years agoUpdate for FFmpeg 1.1.12 n1.1.12
Michael Niedermayer [Wed, 25 Jun 2014 22:13:49 +0000 (00:13 +0200)]
Update for FFmpeg 1.1.12

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/mpc: attempt to allocate a packet that is not smaller than the data inside it
Michael Niedermayer [Sat, 14 Jun 2014 22:49:02 +0000 (00:49 +0200)]
avformat/mpc: attempt to allocate a packet that is not smaller than the data inside it

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 86a9370e2b91d67375e66a06d6eb573b5a017775)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/alsdec: Clear MPEG4AudioConfig so that no use of uninitialized memory is...
Michael Niedermayer [Sun, 8 Jun 2014 12:30:30 +0000 (14:30 +0200)]
avcodec/alsdec: Clear MPEG4AudioConfig so that no use of uninitialized memory is possible

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e6bd5481cf42a9765c492c77754d4633092cece)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavformat/flvenc: Do not allow creating h263/mpeg4 in flv without unofficial format...
Michael Niedermayer [Sat, 7 Jun 2014 10:03:31 +0000 (12:03 +0200)]
avformat/flvenc: Do not allow creating h263/mpeg4 in flv without unofficial format extensions being enabled.

Found-by: Jean-Baptiste Kempf <jb@videolan.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 74760883fcb4443d105814ed246b3cf51d7e9dca)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/libvorbisenc: dont add the duration to AV_NOPTS_VALUE
Michael Niedermayer [Wed, 21 May 2014 01:02:06 +0000 (03:02 +0200)]
avcodec/libvorbisenc: dont add the duration to AV_NOPTS_VALUE

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 19e66c7232d96e4ae8f05b52da2b84dfaa4e4da3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavutil/cpu: force mmx on selection of higher x86 SIMD features
Michael Niedermayer [Tue, 20 May 2014 03:23:52 +0000 (05:23 +0200)]
avutil/cpu: force mmx on selection of higher x86 SIMD features

Fixes various runtime failures with manually set flags that represent no
existing CPU

Fixes Ticket3653

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6310eb8010b7a3b3016e297132380cbd4e3d2d10)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavcodec/diracdec: move mc buffer allocation to per frame
Michael Niedermayer [Mon, 19 May 2014 04:19:23 +0000 (06:19 +0200)]
avcodec/diracdec: move mc buffer allocation to per frame

Fixes out of array accesses for non default buffers with large strides

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4a30f08505a4e85718896ff233c97be41a9754ca)
(cherry picked from commit 9c9fc79d9237d28e33161cb2e75082d8ad232b2e)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '503322f97c5a25a020933ed4ab510697d5f5b4af' into release/1.1
Michael Niedermayer [Wed, 25 Jun 2014 20:40:30 +0000 (22:40 +0200)]
Merge commit '503322f97c5a25a020933ed4ab510697d5f5b4af' into release/1.1

* commit '503322f97c5a25a020933ed4ab510697d5f5b4af':
  lzo: Handle integer overflow

Conflicts:
libavutil/lzo.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agolzo: Handle integer overflow
Luca Barbato [Thu, 19 Jun 2014 21:26:58 +0000 (23:26 +0200)]
lzo: Handle integer overflow

get_len can overflow for specially crafted payload.

Reported-By: Don A. Baley <donb@securitymouse.com>
CC: libav-stable@libav.org
(cherry picked from commit ccda51b14c0fcae2fad73a24872dce75a7964996)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
5 years agoavutil/lzo: add asserts to be double sure against overflows
Michael Niedermayer [Mon, 23 Jun 2014 12:45:47 +0000 (14:45 +0200)]
avutil/lzo: add asserts to be double sure against overflows

These asserts cannot fail since d6af26c55c1ea30f85a7d9edbc373f53be1743ee

Based-on: ccda51b14c0fcae2fad73a24872dce75a7964996
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cf2b7c01f81c1fb3283a1390c0ca9a2f81f4f4a8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoavutil/lzo: Fix integer overflow
Michael Niedermayer [Fri, 20 Jun 2014 01:15:28 +0000 (03:15 +0200)]
avutil/lzo: Fix integer overflow

Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list)

Fixes: LMS-2014-06-16-4
Found-by: "Don A. Bailey" <donb@securitymouse.com>
See: ccda51b14c0fcae2fad73a24872dce75a7964996
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d6af26c55c1ea30f85a7d9edbc373f53be1743ee)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '4310ba273d3bcb7f19a4e40b55b9e832568e56e5' into release/1.1
Michael Niedermayer [Thu, 19 Jun 2014 23:22:12 +0000 (01:22 +0200)]
Merge commit '4310ba273d3bcb7f19a4e40b55b9e832568e56e5' into release/1.1

* commit '4310ba273d3bcb7f19a4e40b55b9e832568e56e5':
  sgidec: fix an incorrect backport

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'ba8ab4e7ae016cf970b0f335a7933f2db53784bc' into release/1.1
Michael Niedermayer [Thu, 19 Jun 2014 23:11:54 +0000 (01:11 +0200)]
Merge commit 'ba8ab4e7ae016cf970b0f335a7933f2db53784bc' into release/1.1

* commit 'ba8ab4e7ae016cf970b0f335a7933f2db53784bc':
  avconv: do not send non-monotonous DTS to the muxers.

Conflicts:
ffmpeg_opt.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit 'e0fcad77618a0455ca9c2451ea0aa538597a08c0' into release/1.1
Michael Niedermayer [Thu, 19 Jun 2014 23:00:59 +0000 (01:00 +0200)]
Merge commit 'e0fcad77618a0455ca9c2451ea0aa538597a08c0' into release/1.1

* commit 'e0fcad77618a0455ca9c2451ea0aa538597a08c0':
  avconv: make -shortest work with streamcopy

Conflicts:
ffmpeg.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agoMerge commit '9455a023be9f3915ccf5511a0b8fdb5b8897b2b6' into release/1.1
Michael Niedermayer [Thu, 19 Jun 2014 22:48:51 +0000 (00:48 +0200)]
Merge commit '9455a023be9f3915ccf5511a0b8fdb5b8897b2b6' into release/1.1

* commit '9455a023be9f3915ccf5511a0b8fdb5b8897b2b6':
  matroskaenc: do not write negative timestamps

Conflicts:
tests/ref/lavf/mkv
tests/ref/seek/lavf-mkv

No change to fate as ffmpeg was not affected by these bugs

Merged-by: Michael Niedermayer <michaelni@gmx.at>
5 years agosgidec: fix an incorrect backport
Sean McGovern [Mon, 2 Jun 2014 21:42:17 +0000 (17:42 -0400)]
sgidec: fix an incorrect backport

Bug-Id: 691

Signed-off-by: Anton Khirnov <anton@khirnov.net>