[FFmpeg-cvslog] New commits on branch release/0.10
Git System
git at videolan.org
Fri Mar 16 09:07:05 CET 2012
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=568e9062bd29e13e0bfa42f2ac8411d01608634d
Merge: 5dbc758 5effcfa
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Fri Mar 16 07:47:27 2012 +0100
Merge remote-tracking branch 'qatar/release/0.8' into release/0.10
* qatar/release/0.8: (154 commits)
Update Changelog for the 0.8.1 Release
dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2
dca: don't use av_clip_uintp2().
snow: check reference frame indices.
snow: reject unsupported chroma shifts.
xa_adpcm: limit filter to prevent xa_adpcm_table[] array bounds overruns.
h264: increase reference poc list from 16 to 32.
h264: stricter reference limit enforcement.
h264: improve parsing of broken AVC SPS
Replace computations of remaining bits with calls to get_bits_left().
png: convert to bytestream2 API.
roqvideo: convert to bytestream2 API.
smc: port to bytestream2 API.
tgq: convert to bytestream2 API.
algmm: convert to bytestream2 API.
jvdec: unbreak video decoding
h264: Fix invalid interlaced/progressive MB combinations for direct mode prediction.
libx264: add 'stats' private option for setting 2pass stats filename.
libx264: fix help text for slice-max-size option.
avconv: reindent
...
Conflicts:
Changelog
RELEASE
avconv.c
doc/APIchanges
ffplay.c
libavcodec/Makefile
libavcodec/aacdec.c
libavcodec/alsdec.c
libavcodec/atrac3.c
libavcodec/avcodec.h
libavcodec/dvdata.c
libavcodec/fraps.c
libavcodec/golomb.h
libavcodec/h264.c
libavcodec/h264.h
libavcodec/h264_cabac.c
libavcodec/h264_cavlc.c
libavcodec/h264_direct.c
libavcodec/h264_parser.c
libavcodec/h264_ps.c
libavcodec/h264idct_template.c
libavcodec/indeo3.c
libavcodec/kgv1dec.c
libavcodec/kmvc.c
libavcodec/mjpegbdec.c
libavcodec/mmvideo.c
libavcodec/mpegaudiodec.c
libavcodec/mpegvideo.h
libavcodec/options.c
libavcodec/pngdec.c
libavcodec/roqvideodec.c
libavcodec/shorten.c
libavcodec/svq3.c
libavcodec/utils.c
libavcodec/version.h
libavcodec/wmadec.c
libavcodec/xxan.c
libavformat/Makefile
libavformat/asfdec.c
libavformat/dv.c
libavformat/mov.c
libavformat/nsvdec.c
libavformat/utils.c
libavformat/version.h
libavutil/avutil.h
libavutil/error.c
libavutil/error.h
libswscale/swscale.c
libswscale/utils.c
libswscale/x86/swscale_template.c
tests/ref/acodec/g722
Merged-by: Michael Niedermayer <michaelni at gmx.at>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5dbc75870f486fb9c0237870eafa834a8a2066c8
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Sat Mar 3 03:37:52 2012 +0100
qpeg: Fix out of array writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c91a14638e4e3ea8652ecbedb3228b5a5d4c019f
Author: Fabian Greffrath <fabian at greffrath.com>
Date: Sat Mar 3 02:35:27 2012 +0100
srtdec: fix a format string vulnerability.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit aaa1173de775b9b865a714abcc270816d2f59dff)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c00c3807243704e2f7a309143305af85837946de
Author: Nathan Caldwell <saintdev at gmail.com>
Date: Fri Jan 27 22:23:41 2012 -0700
aacenc: Fix LONG_START windowing.
Forgot to add the equivalent amount to the incoming sample pointer as the output pointer.
Signed-off-by: Anton Khirnov <anton at khirnov.net>
(cherry picked from commit 2e626dd5136f4daa244b37284e22483cdc7df1ac)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=43625c5128af5287e89c81566b48dfd1e6acb499
Author: Nathan Caldwell <saintdev at gmail.com>
Date: Fri Jan 27 22:23:40 2012 -0700
aacenc: Fix a bug where deinterleaved samples were stored in the wrong place.
10l: Forgot to adjust deinterleave for new location of incoming samples in 7946a5a.
This produced incorrect, but surprisingly listenable results.
Thanks to Justin Ruggles for the report.
Signed-off-by: Anton Khirnov <anton at khirnov.net>
(cherry picked from commit dc7e7d4dd96eebd430e7bfa847b751add0e126ab)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5effcfa76792470677a1f6bc9aa73347a87ef720
Author: Reinhard Tartler <siretart at tauware.de>
Date: Thu Mar 15 08:57:33 2012 +0100
Update Changelog for the 0.8.1 Release
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ee0cd1ad77ab96ca4573ea4b3937df7e138c8d5
Author: Kostya Shishkov <kostya.shishkov at gmail.com>
Date: Wed Mar 7 20:07:17 2012 +0100
dca: include libavutil/mathematics.h for possibly missing M_SQRT1_2
Signed-off-by: Janne Grunau <janne-libav at jannau.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5947324758ae2a99ebf910ad425fdde69b23935
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Mar 7 11:06:20 2012 -0800
dca: don't use av_clip_uintp2().
The argument is not a literal, thus causing the ARM v6 or later
builds to break.
Signed-off-by: Janne Grunau <janne-libav at jannau.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce15406e78fd213b420dae68c5015803d9716c51
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Fri Mar 2 20:53:00 2012 +0100
snow: check reference frame indices.
Fixes NULL ptr dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Ronald S. Bultje <rsbultje at gmail.com>
(cherry picked from commit 1f8ff2b13cbfef790385818664ed12e763e7c75b)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9e95636a893225e2a5a42ba6e1e3cf6bfd59f2b
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Sat Mar 10 00:08:32 2012 +0100
snow: reject unsupported chroma shifts.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Ronald S. Bultje <rsbultje at gmail.com>
(cherry picked from commit c9837954e7b968d44f82e7cdb7618e9f523b196c)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6e5c07f4c81317d728bfcba5f46b4ef46de9857f
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 13 12:28:35 2012 -0700
xa_adpcm: limit filter to prevent xa_adpcm_table[] array bounds overruns.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 86020073dbb9a3a9d1fbb76345b2ca29ba1f13d2)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c999a8ed65797f26a8505af2d6ef203cb603b08e
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 13 15:21:07 2012 -0700
h264: increase reference poc list from 16 to 32.
Interlaced images can have 32 references (16 per field), so limiting the
array size to 16 leads to invalid writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 48cbe4b092113eae0b3e5d6a08b59027f913a884)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4d343a6f47931a43fe8e4c9288a5068c76b843e0
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 13 16:26:44 2012 -0700
h264: stricter reference limit enforcement.
Progressive images can have only 16 references, error out if there are
more, since the data is almost certainly corrupt, and the invalid value
will lead to random crashes or invalid writes later on.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit e0febda22d0e0fab094a9c886b0e0f0f662df1ef)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a81a6d9c80448cfbba0d2bcdd681bf971c7055a4
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Sat Oct 1 17:41:28 2011 +0200
h264: improve parsing of broken AVC SPS
Parsing the entire NAL as SPS fixes decoding of some AVC bitstreams
with broken escaping. Since the size of the NAL unit is known and
checked against the buffer end we can parse it entirely without buffer
overreads.
Fixes playback of
http://streams.videolan.org/streams/mp4/Mr_MrsSmith-h264_aac.mp4
Signed-off-by: Janne Grunau <janne-libav at jannau.net>
(cherry picked from commit 3aa661ec561d7a20812b84b353b0d7855ac346c8)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48f0eeb2e519882da9fe156abaa95cc808b67a8b
Author: Alex Converse <alex.converse at gmail.com>
Date: Sun Mar 4 17:53:50 2012 -0800
Replace computations of remaining bits with calls to get_bits_left().
(cherry picked from commit 3574a85ce57366ba7429edef93d5cad8640fb68c)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d26e47bf6c7df8b4d74dc2ba818d17e6e2fa839f
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Mar 7 16:16:20 2012 -0800
png: convert to bytestream2 API.
Protects against overreads in the input buffer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 4c25269cedd042abcb823c42d33609564861c374)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=568a474a0831a6224ae1886187fd7f4a74328215
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 15:58:35 2012 -0800
roqvideo: convert to bytestream2 API.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit cdf15771621bce7959b3e53b21426c5ba747e17b)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a66cdbc16806dc61272a81c4ea261d44cd2d41a
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 29 14:44:37 2012 -0800
smc: port to bytestream2 API.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 8febcb9fc178926687ee19d32d2b3150da899867)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ddb1149e250faceb91c220b2c032b27e60c1b417
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 14:18:32 2012 -0800
tgq: convert to bytestream2 API.
This protects against input buffer overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 1255eed533b4069db7f205601953ca54c0dc42c9)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f6778f58d4eb9cf47a42506b239586b5d17f84c4
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 15:15:42 2012 -0800
algmm: convert to bytestream2 API.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit a55d5bdc6e28a2cfefc440d792de5cc4f02377e2)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e4e4d92641df31a3c2d5213ac18b9fd5b0c38833
Author: Paul B Mahol <onemda at gmail.com>
Date: Wed Mar 14 03:02:02 2012 +0000
jvdec: unbreak video decoding
The safe bitstream reader broke it since the buffer size was specified
in bytes instead of bits.
Signed-off-by: Janne Grunau <janne-libav at jannau.net>
CC: libav-stable at libav.org
(cherry picked from commit a1c036e961a32f7208e7315dabfa0ee99d779edb)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de0ff4ce69c311a2879e10143f1cc2c4945f3ef0
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Mon Mar 12 18:26:50 2012 -0700
h264: Fix invalid interlaced/progressive MB combinations for direct mode prediction.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Ronald S. Bultje <rsbultje at gmail.com>
(cherry picked from commit 758ec111538ccd487686e8677aa754ee4d82beaa)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6548cb25782d05c1ea52bb6904c2b2b398079b8b
Author: Anton Khirnov <anton at khirnov.net>
Date: Mon Mar 12 17:20:20 2012 +0100
libx264: add 'stats' private option for setting 2pass stats filename.
x264 always opens the file itself with fopen, so we cannot use the
standard lavc stats mechanism.
CC: libav-stable at libav.org
(cherry picked from commit d533e395e14d403948ca2424efbcee92429ef8e1)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f6257cf4b710eed9f05d9dcbca853d236d3cdd56
Author: Anton Khirnov <anton at khirnov.net>
Date: Mon Mar 12 17:09:22 2012 +0100
libx264: fix help text for slice-max-size option.
CC: libav-stable at libav.org
(cherry picked from commit 9d5c131ecec75fcfb1b4b56f74f2b2756bf0027a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a15adb18faecaaa984e4a6ef6732f4ea4be2418c
Author: Anton Khirnov <anton at khirnov.net>
Date: Mon Mar 12 17:43:48 2012 +0100
avconv: reindent
CC: libav-stable at libav.org
(cherry picked from commit 64334ddbbc7fce490c895c54106291d0b128e830)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=666bd5848a92f82ee97ad0869dd1f8c7edb9f214
Author: Anton Khirnov <anton at khirnov.net>
Date: Mon Mar 12 17:42:57 2012 +0100
avconv: link '-passlogfile' option to libx264 'stats' AVOption.
Fixes bug 204.
CC: libav-stable at libav.org
(cherry picked from commit 6e8be949f12734f38d360aad0f5c503a0f9606fa)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d94256d36cc789788a68c6b35d31481c4b16fdd3
Author: Janne Grunau <janne-libav at jannau.net>
Date: Mon Mar 12 22:01:02 2012 +0100
Revert "h264: clear trailing bits in partially parsed NAL units"
This reverts commit 729ebb2f185244b0ff06d48edbbbbb02ceb4ed4e.
There was an off-by-one error in the bit mask calculation clearing
actually the last valid bit and causing
http://bugzilla.libav.org/show_bug.cgi?id=227
The broken sample (Mr_MrsSmith-h264_aac.mp4) the commit was fixing
does not work after correcting the off-by-one error.
CC: libav-stable at libav.org
(cherry picked from commit 8a6037c3900875ccab8d553d2cc659bdef2c9d0e)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7bb97a61dfb65a3825e17c2dc1e0e693b5607ec6
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sat Mar 10 14:28:08 2012 -0800
mpc: pad mpc_CC/SCF[] tables to allow for negative indices.
MPC8 allows indices of mpc_CC up to -1, and mpc_SCF up to -6, thus pad
the tables by that much on the left end.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit d7eabd50425a61b31e90c763a0c3e4316a725404)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c65eadee5d200b3ed2106548e8d0cace3db5e97f
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sat Mar 10 11:57:17 2012 -0800
xxan: protect against chroma LUT overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit f77bfa837636a99a4034d31916a76f7d1688cf5a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a43f4bd601e905e3f04c47293a642ac541d727f3
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 8 16:32:47 2012 -0800
xxan: convert to bytestream2 API.
Protects against overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 55188278169c3a1838334d7aa47a1f7a40741690)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8f881885c2325ce83f114437b97c2e0d6001cd7d
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 8 16:32:46 2012 -0800
xxan: don't read before start of buffer in av_memcpy_backptr().
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit f1279e286b00e99f343adb51e251f036a3df6f32)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=26521d87ba22fe1bb49f1f0796c7227017064e7f
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sun Mar 11 07:28:54 2012 -0700
dsicinvideo: validate buffer offset before copying pixels.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit c95fefa0420be9cc0f09a95041acf11114aaacd0)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e1a4143793afc98d623fa4c56835b837b74bac1d
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sat Mar 10 17:51:28 2012 -0800
cook: error out on quant_index values outside [-63, 63] range.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 97e48b2f541396ef6e8816a555bac1bb993d7a6a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9482a6efdac8d8c31ce93ce9393f20eb029865d
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 13:45:32 2012 -0800
cook: extend channel uncoupling tables so the full bit range is covered.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 37cc8600d0313838cab5b886b9d373e5819aa24f)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=88c3cc019c8f3ebb9a41ce49c4b7ee6242836849
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 8 17:09:27 2012 -0800
cook: expand dither_tab[], and make sure indexes into it don't overflow.
Fixes overflows in accessing dither_tab[].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 442c3a8cb1785d74f8e2d7ab35b1862b7088436b)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9980e4df3bfcf49da2d3b22ed808b3dca0e7bbf2
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Mar 7 16:29:23 2012 -0800
huffyuv: add padding to classic (v1) huffman tables.
We slightly overread the input buffer, so we require
padding at the end of the buffer, as is documented in the
get_bits API. Without padding, we'll read uninitialized
data or beyond the end of the .rodata, which may crash.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 4ffe5e2aa5241f8da9afd2c8fbc854dcc916c5f9)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4f2786cda271ed408e59f68e4a656f610a39808
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 15 16:21:34 2012 -0800
avs: fix infinite loop on end-of-stream.
The codec would keep returning the last decoded frame if the stream
contains B-frames, since it wouldn't clear that frame from the list of
frames to be returned to the user.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 83f15a1228895434a982c840b09edccd1c64e800)
Conflicts:
libavcodec/cavsdec.c
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2744fdbd9e1ee6a10f7627147be6556d04c1a88a
Author: Alex Converse <alex.converse at gmail.com>
Date: Tue Mar 6 17:00:29 2012 -0800
tiffdec: Prevent illegal memory access caused by recycled pointers.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit fd0be63049ed46660993d0550a4f0847a0b942ea)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1fcc2c60914c1fd9c516203f675676e1586b0376
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Mar 7 14:18:14 2012 -0800
wma: fix off-by-one in array bounds check.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit b4bccf3e4e58f6fe58043791ca09db01a4343fac)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=74871ac70ae387470a5da469157050cb2d3ed36f
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Mar 7 13:48:41 2012 -0800
dv: check buffer size before reading profile.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit e97efecec82ca8458a9bbd75a91ebf556abde362)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9cb7f6e54a426e132396548a745cb32ff825b1fa
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 16:08:10 2012 -0800
raw: move buffer size check up.
This way, it protects against overreads for 4bpp/2bpp content also.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit cc5dd632cecc5114717d0b90f8c2be162b1c6ee8)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed6aaf579db01d114d6198257fb734e20bc09f42
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 18:11:59 2012 -0800
dca: prevent accessing static arrays with invalid indexes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit e6ffd997cbc06426e75d3fa291b991866c84a79b)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e1b4614ab463f8ef4e350e0750fdefddea392135
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 20:08:17 2012 -0800
lpcm: fix sample size calculation for 20bit LCPM.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit f1320dc3bed281bb2f3c5531c52b6a6246e2394a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c3bf08d04cdec3d4fd5c4ea70e14b5edca2c45a7
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 17:24:20 2012 -0800
smacker: error out if palette copy-with-offset overruns palette size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit a93b572ae4f517ce0c35cf085167c318e9215908)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=12247a13e018d64ba59012283d9b16374358985b
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Mon Mar 5 16:01:19 2012 -0800
Don't use ff_cropTbl[] for IDCT.
Results of IDCT can by far outreach the range of ff_cropTbl[], leading
to overreads and potentially crashes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit c23acbaed40101c677dfcfbbfe0d2c230a8e8f44)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7503861b424f7a1151bf4c4714bd46b4bdc5b496
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Mon Mar 5 12:26:42 2012 -0800
swscale: make filterPos 32bit.
Fixes overflows for large image sizes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 2254b559cbcfc0418135f09add37c0a5866b1981)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9def2f200e55f625161b4040aa5ce2d86ae69ed3
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Mar 6 10:27:05 2012 -0800
error_resilience: initialize s->block_index[].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 6193ff68549ecbaf1a4d63a0e06964ec580ac620)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7b676935ee885d66d106436ec1acabdb8e335eca
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Mon Mar 5 17:03:32 2012 -0800
svq3: protect against negative quantizers.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 11b940a1a8e7e5d5b212935a3ce78aeda577f5f2)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9550c631963bbae78e9d33fa7f05f7138518dc8e
Author: Reinhard Tartler <siretart at tauware.de>
Date: Mon Mar 5 20:40:37 2012 +0100
Prepare for 0.8.1 Release
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a15240a274c1eada288d27c889443ebd6aa62f8
Author: Justin Ruggles <justin.ruggles at gmail.com>
Date: Sun Feb 12 15:06:58 2012 -0500
mov: set channel layout for AC-3 streams based on the 'dac3' atom info
fixes Bug 225
(cherry picked from commit 3798205a77ce275613098ecb48645e6029811f14)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a47b96bdd31e00dfa03429ee3b04b84d035bf7f8
Author: Janne Grunau <janne-libav at jannau.net>
Date: Mon Feb 13 21:10:48 2012 +0100
rv34: handle size changes during frame multithreading
Factors all context dynamic memory handling to its own functions.
Fixes bug 220.
(cherry picked from commit 2bd730010da24d035639586bb13862abe36cc1b8)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb049da952668a54c3a82f3fee93d8384b254738
Author: Alex Converse <alex.converse at gmail.com>
Date: Tue Feb 21 15:37:35 2012 -0800
mov: Add more HDV and XDCAM FourCCs.
Reference: VLC
(cherry picked from commit b142496c5630b9bc88fb9eaccae7f6bd62fb23e7)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a325ddeae486c0bb2f73b886e16e30e305f9d20
Author: Alex Converse <alex.converse at gmail.com>
Date: Tue Feb 21 14:08:02 2012 -0800
mov: Add support for MPEG2 HDV 720p24 (hdv4)
(cherry picked from commit 0ad522afb3a3b3d22402ecb82dd4609f7655031b)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48ac765efe05826184bc129678e0fdf3474b99dd
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Mar 1 13:24:55 2012 -0800
rv10/20: Fix slice overflow with checked bitstream reader.
(cherry picked from commit 9243ec4a508c81a621e941bb7e012e2d45d93659)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=522645e38f6d0aa78ebf3afb356e7427bf4eb248
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Fri Feb 17 13:35:10 2012 -0800
h263dec: Disallow width/height changing with frame threads.
Fixes CVE-2011-3937
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 71db86d53b5c6872cea31bf714a1a38ec78feaba)
Conflicts:
libavcodec/h263dec.c
Signed-off-by: Alex Converse <alex.converse at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e891ee4bf639099c21bb146a734d31ad7f910acf
Author: Alex Converse <alex.converse at gmail.com>
Date: Tue Feb 28 11:50:22 2012 -0800
adpcm: Clip step_index values read from the bitstream at the beginning of each frame.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit bbeb29133b55b7256d18f5aaab8b5c8e919a173a)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef673211e7052d6db4dbec4b58db0f514b292288
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Feb 23 10:22:51 2012 -0800
tiff: Make the TIFF_LONG and TIFF_SHORT types unsigned.
TIFF v6.0 (unimplemented) adds signed equivalents.
(cherry picked from commit e32548d1331ce05a054f1028fcdda8823a4f215a)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eaeaeb265fe46e1d81452960de918227541873b4
Author: Alex Converse <alex.converse at gmail.com>
Date: Fri Feb 17 14:13:40 2012 -0800
dpcm: ignore extra unpaired bytes in stereo streams.
Fixes: CVE-2011-3951
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit ce7aee9b733134649a6ce2fa743e51733f33e67e)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db315c796d7f07f0dcd7d3be1e9cb77ae6afee6e
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Feb 9 20:21:47 2012 -0800
svq3: Prevent illegal reads while parsing extradata.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 9e1db721c4329f4ac166a0bcc002c8d75f831aba)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=035dd77cbb01215daeef7e4e9cf1218b7fee354c
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Feb 9 17:11:55 2012 -0800
dv: Fix small overread in audio frequency table.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 0ab3687924457cb4fd81897bd39ab3cc5b699588)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e3743869e97568b75c100b643bf8df4c70f7d93e
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Thu Feb 2 22:27:27 2012 -0500
ac3dec: Move center and surround mix level tables to the parser.
That way all mix levels as exported by avpriv_ac3_parse_header()
will have the same meaning.
Previously the 3-bit center mix level for E-AC-3 was used to index in a
4-entry table, leading to out-of-array reads.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles at gmail.com>
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit e6d9fa66f12cf5a3024c9bc7c4c608f7fc59207e)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ce14f00dea933c930f46d1fb820dd02824a89fb4
Author: Alex Converse <alex.converse at gmail.com>
Date: Fri Feb 3 10:43:21 2012 -0800
movdec: Avoid av_malloc(0) in stss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 29a20ac4a19df5acc0eef306ca5a737778a31358)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=627f4621f5cb1a808e29026480570bd173c28d9b
Author: Mans Rullgard <mans at mansr.com>
Date: Tue Jan 31 10:20:33 2012 -0800
ac3: Do not read past the end of ff_ac3_band_start_tab.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit 034b03e7a0e8e4f8f66c82b736f2c0aa7c063ec0)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e8434bceafa11ede27657b0efec899d7178c06d
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Jan 26 15:08:26 2012 -0800
dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
Found with asan.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit 2d1c0dea5f6b91bec7f5fa53ec050913d851e366)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=efd30c4d95c56680f011c36a7f75c5c7389e34f2
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Tue Jan 24 17:51:40 2012 +0100
dv: Fix null pointer dereference due to ach=0
dv: Fix null pointer dereference due to ach=0
Fixes part2 of CVE-2011-3929
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman at shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit 5a396bb3a66a61a68b80f2369d0249729bf85e04)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7fddc97d40025876e1342109a49f07ba8fa6878
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Tue Jan 24 17:48:23 2012 +0100
dv: check stype
dv: check stype
Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman at shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit 635bcfccd439480003b74a665b5aa7c872c1ad6b)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=feed0c6b6ae31cb3d5af144c74dd2040051780b7
Author: Dale Curtis <dalecurtis at chromium.org>
Date: Fri Feb 24 13:17:39 2012 -0500
mpegaudiodec: Prevent premature clipping of mp3 input buffer.
Instead of clipping extrasize based on EXTRABYTES, clip based on the
amount of buffer actually left. Without this fix, there are warbles
and other distortions in the test case below.
http://kevincennis.com/mix/assets/sounds/1901_voxfx.mp3
(cherry picked from commit b7165426917f91ebcad84bdff366824f03b32bfe)
Signed-off-by: Alex Converse <alex.converse at gmail.com>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0e53ecff736fd23c985c184051a7ae44529e448
Author: Alex Converse <alex.converse at gmail.com>
Date: Wed Jan 25 15:46:14 2012 -0800
mp3dec: Fix a heap-buffer-overflow
In some cases, what is left to read from ptr is smaller than EXTRABYTES.
Based on a patch by Thierry Foucu <tfoucu at gmail.com>.
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit f372ce119bd2458fa0b4ddfb2af3a36621df99f7)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ca84aa162a811def05bcd31394b1cea7ee19093
Author: Alex Converse <alex.converse at gmail.com>
Date: Fri Jan 27 15:50:24 2012 -0800
mpeg12: Pad framerate tab to 16 entries.
There are many places where we read an unchecked 4-bit index into it.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit dfa37fe8a3d9243dd339d94befa065e2c90b29e6)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d5f2382d0389ed47a566ea536887af908bf9b14f
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Wed Jan 25 23:23:35 2012 +0100
kgv1dec: Increase offsets array size so it is large enough.
Fixes CVE-2011-3945
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 807a045ab7f51993a2c1b3116016cbbd4f3d20d6)
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit a02e8df973f5478ec82f4c507f5b5b191a5ecb6b)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=416849f2e06227b1b4a451c392f100db1d709a0c
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Jan 26 17:30:49 2012 +0100
kmvc: Check palsize.
Fixes: CVE-2011-3952
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Based on fix by Michael Niedermayer
(cherry picked from commit 386741f887714d3e46c9e8fe577e326a7964037b)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dd37038ac7526221a9497b4d07dd808381fc08e4
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Jan 26 17:23:09 2012 -0800
nsvdec: Propagate errors
Related to CVE-2011-3940.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit c898431ca5ef2a997fe9388b650f658fb60783e5)
Conflicts:
libavformat/nsvdec.c
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e410dd17920342b7f08f16675044f077c88c251b
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Jan 26 17:21:46 2012 -0800
nsvdec: Be more careful with av_malloc().
Check results for av_malloc() and fix an overflow in one call.
Related to CVE-2011-3940.
Based in part on work from Michael Niedermayer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 8fd8a48263ff1437f9d02d7e78dc63efb9b5ed3a)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffdc41f0395f74cb8844361d2154784ce65e8fdd
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Tue Jan 24 22:20:26 2012 +0100
nsvdec: Fix use of uninitialized streams.
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 5c011706bc752d34bc6ada31d7df2ca0c9af7c6b)
Signed-off-by: Alex Converse <alex.converse at gmail.com>
(cherry picked from commit 6a89b41d9780325ba6d89a37f2aeb925aa68e6a3)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca7e97bdcf0d19c69293de08f5956d1431ee461f
Author: Martin Storsjö <martin at martin.st>
Date: Fri Mar 2 17:03:06 2012 +0200
g722: Fix the QMF scaling
This fixes clipping if the encoder input used the full 16 bit
input range (samples with a magnitude below 16383 worked fine).
The filtered subband samples should be 15 bit maximum, while
the code earlier produced them scaled to 16 bit.
This makes the decoder output have double the magnitude
compared to before.
The spec reference samples doesn't test the QMF at all, which
was why this part slipped past initially.
(cherry picked from commit b087ce2bee81db8cc5caffb8f0a4f6c7c92a30fe)
Signed-off-by: Martin Storsjö <martin at martin.st>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ae138cb1211779b312419f5d7d25369dc97ad77
Author: Justin Ruggles <justin.ruggles at gmail.com>
Date: Thu Feb 9 13:00:30 2012 -0500
ac3dsp: do not use pshufb in ac3_extract_exponents_ssse3()
We need to do unsigned saturation in order to cover the corner case when the
absolute coefficient value is 16777215 (the maximum value).
Fixes Bug #216
(cherry picked from commit d483bb58c318b0a6152709cf28263d72200b98f9)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=003f7e3dd0debfaa28622bd81e77f9217043ee28
Author: Fabian Greffrath <fabian at greffrath.com>
Date: Mon Mar 5 16:06:01 2012 +0100
Fix format string vulnerability detected by -Wformat-security.
Signed-off-by: Diego Biurrun <diego at biurrun.de>
(cherry picked from commit c9dbac36ad4bac07f6c1d06d465e361ab55bcb95)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=85eb76a23fbba2d26e3742e8163d3994b2972b4b
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sun Feb 26 08:57:14 2012 -0800
h264: fix mmxext chroma deblock to use correct TC values.
(cherry picked from commit b0c4f04338234ee011d7b704621347ef232294fe)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5186984ee9cf65946ed8bcf4b480f81c4310a8ce
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sat Feb 25 17:24:56 2012 -0800
h264: change underread for 10bit QPEL to overread.
This prevents us from reading before the start of the buffer, and thus
prevents crashes resulting from this behaviour. Fixes bug 237.
(cherry picked from commit 291c9b62855d555ac5385e23219461b6080da7db)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5331b979bfb31ec1715618b2712429764b6a9b5
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 29 13:55:09 2012 -0800
cscd: use negative error values to indicate decode_init() failures.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 8a9faf33f2b4f40afbc3393b2be49867cea0c92d)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=11f3173e1bae135eb18a10b0060a5dd4b9fdcc74
Author: Vitor Sessak <vitor1001 at gmail.com>
Date: Wed Feb 29 22:09:10 2012 +0100
amrnbdec: check frame size before decoding.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Ronald S. Bultje <rsbultje at gmail.com>
(cherry picked from commit 882abda5a26ffb8e3d1c5852dfa7cdad0a291d2d)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd17195d1c0e0f7385946506a5ad2510cf44471b
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 18:48:27 2012 -0800
h264: prevent overreads in intra PCM decoding.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit d1604b3de96575195b219028e2c4f08b2259aa7d)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1128b10247739900174991b4e013429a1b8ceaa4
Author: Justin Ruggles <justin.ruggles at gmail.com>
Date: Fri Mar 2 17:11:25 2012 -0500
wmaenc: fix m/s stereo encoding for the first frame
We need to set ms_stereo in encode_init() in order to avoid incorrectly
encoding the first frame as non-m/s while flagging it as m/s. Fixes an
uncomfortable pop in the left channel at the start of playback.
CC:libav-stable at libav.org
(cherry picked from commit 51ddf35c9017018e58c15275ff5b129647a0c94d)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6a073aa7a734d4fbad77071e9f8ee0fe75a17fae
Author: Justin Ruggles <justin.ruggles at gmail.com>
Date: Fri Mar 2 16:27:57 2012 -0500
wmaenc: limit allowed sample rate to 48kHz
ff_wma_init() allows up to 50kHz, but this generates an exponent band
size table that requires 65 bands. The code assumes 25 bands in many
places, and using sample rates higher than 48kHz will lead to buffer
overwrites.
CC:libav-stable at libav.org
(cherry picked from commit 1ec075cfecac01f9a289965db06f76365b0b1737)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=073891e8758d5b4ed9034b340fa24c687792e8f6
Author: Justin Ruggles <justin.ruggles at gmail.com>
Date: Fri Mar 2 16:10:00 2012 -0500
wmaenc: limit block_align to MAX_CODED_SUPERFRAME_SIZE
This is near the theoretical limit for wma frame size and is the most that
our decoder can handle. Allowing higher bit rates will just end up padding
each frame with empty bytes.
Fixes invalid writes for avconv when using very high bit rates.
CC:libav-stable at libav.org
(cherry picked from commit c2b8dea1828f35c808adcf12615893d5c740bc0a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e341bc99af72f1ae7c9812985635cbfeeb50269
Author: Justin Ruggles <justin.ruggles at gmail.com>
Date: Fri Mar 2 16:33:33 2012 -0500
wmaenc: require a large enough output buffer to prevent overwrites
The maximum theoretical frame size is around 17000 bytes. Although in
practice it will generally be much smaller, we require a larger buffer
just to be safe.
CC: libav-stable at libav.org
(cherry picked from commit dfc4fdedf8cfc56a505579b1f2c1c5efbce4b97e)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b7c8fff80351249d448b93608bfac832c1ee3b4b
Author: Alex Converse <alex.converse at gmail.com>
Date: Fri Mar 2 10:12:11 2012 -0800
mpegts: Do not call read_sl_header() when no bytes remain in the buffer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 4df369692ea8aee7094ac0f233cef8d1bee139a3)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3f7e90cf0c12d739c5b9cd548c1916f23d691185
Author: Alex Converse <alex.converse at gmail.com>
Date: Fri Mar 2 10:13:07 2012 -0800
mpegts: Pad the packet buffer in handle_packet().
This allows it to be used with get_bits without the thread of overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 1aa708988ac131cf7d5c8bd59aca256a7c974df9)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=78d4f8cc56554e5d19c3f5688902278c3b795a04
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 1 15:44:25 2012 -0800
amrwb: remove duplicate arguments from extrapolate_isf().
Prevents warnings because the dst and src overlap (are the same) in the
memcpy() inside the function.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 9d87374ec0f382c8394ad511243db6980afa42af)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de2656ec2518cae65a2b2823470a3ebe15934ba9
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 1 13:51:21 2012 -0800
amrwb: error out early if mode is invalid.
Prevents using the invalid mode as an index in a static array, which
would generate invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 154b8bb80029e71d562e8936164266300dd35a0e)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9686a2c2cfdb103784bd9153042da4f9656b56c6
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 1 17:01:22 2012 -0800
matroska: check buffer size for RM-style byte reordering.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 9c239f6026a170866a4a0c96908980ac2cfaa8b3)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b863979c0f36b565857c49cf6297810e22a9ba10
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 1 16:19:51 2012 -0800
wma: fix invalid buffer size assumptions causing random overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 349b7977e408f18cff01ab31dfa66c8249b6584a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fecd7468fcbf9115afdd8bf3dc3d08da0975e4d8
Author: Alex Converse <alex.converse at gmail.com>
Date: Fri Jan 27 14:24:07 2012 -0800
wmadec: Verify bitstream size makes sense before calling init_get_bits.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 48f1e5212c90b511c90fa0449655abb06a9edda2)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=19da1a39e861968c27504b67d481d32339669e2a
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Mar 1 14:07:22 2012 -0800
rv10/20: Fix a buffer overread caused by losing track of the remaining buffer size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 2f6528537fdd88820f3a4683d5e595d7b3a62689)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7e88df99e1d26accc56b0da52d271a57995ecde7
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 29 17:50:28 2012 -0800
lcl: return negative error codes on decode_init() errors.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit bd17a40a7e0eba21b5d27c67aff795e2910766e4)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7f3f85544ca7804fde2210c129a4458536330dc6
Author: Justin Ruggles <justin.ruggles at gmail.com>
Date: Fri Feb 24 23:27:14 2012 -0500
avutil: add AVERROR_UNKNOWN
Useful to return instead of -1 when the cause of the error is unknown,
typically from an external library.
(cherry picked from commit c9bca801324f03746757aef8549ebd26599adec2)
Conflicts:
doc/APIchanges
libavutil/avutil.h
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=750f5baf3036d5a4c488a60d1cd6e872e4a871c4
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 1 11:56:05 2012 -0800
h264: error out on invalid bitdepth.
Fixes invalid reads while initializing the dequant tables, which uses
the bit depth to determine the QP table size.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 0ce4fe482c27abfa7eac503a52fdc50b70ccd871)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a63f3f714c014b3fcaffd45943bc089167b3fe61
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Mar 1 09:41:22 2012 -0800
huffyuv: do not abort on unknown pix_fmt; instead, return an error.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 63c9de6469005974288f4e4d89fc79a590e38c06)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1dd1ee00d54ba2a9f5d8ae2e82a22891300b6807
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 19:00:48 2012 -0800
vmnc: return error on decode_init() failure.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 07a180972fb369bb59bf6d4f8edb4598c51e80d2)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4493af756b8f8346b1e7671b487afc34c72bc16e
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 17:04:33 2012 -0800
rpza: error out on buffer overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 78e9852a2e3b198ecd69ffa0deab3fa22a8e5378)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e904e9b7204b6ebd3433dd49a6c978ffb293cbdc
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 19:00:39 2012 -0800
qtrle: return error on decode_init() failure.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit e54ae60e46f737b8e9a96548971091f7ab6b8f7c)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5f896773e07126dd66f5b83e604e99adb30617cb
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 18:21:31 2012 -0800
swscale: fix another integer overflow.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 791de61bbb0d2bceb1037597b310e2a4a94494fd)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2dcac7141a2fb72074679efbefcb4d8bef24c41
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Feb 23 11:19:33 2012 -0800
vp56: error out on invalid stream dimensions.
Prevents crashes when playing corrupt vp5/6 streams.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 8bc396fc0e8769a056375c1c211f389ce0e3ecc5)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40ccc811461c2c5f7999200315f9e2a563807147
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 16:13:46 2012 -0800
asf: don't seek back on EOF.
Seeking back on EOF will reset the EOF flag, causing us to re-enter
the loop to find the next marker in the ASF file, thus potentially
causing an infinite loop.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit bb6d5411e1e1a8e0608b1af1c4addee654dcbac5)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c63d613721f9fb05dcf1646d00aabf5f63695eb
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 12:21:22 2012 -0800
asf: error out on ridiculously large minpktsize values.
They cause various issues further down in demuxing.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 6e57a02b9f639af53acfa9fc742c1341400818f8)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ad77c60ef862baa2afcdcb7e6f43dedabab38ef
Author: Anton Khirnov <anton at khirnov.net>
Date: Fri Jan 27 13:33:09 2012 +0100
lavf: add functions for accessing the fourcc<->CodecID mapping tables.
Fixes bug 212.
(cherry picked from commit dd6d3b0e025cb2a16022665dbb8ab1be18dc05e8)
Conflicts:
doc/APIchanges
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a1556d37b85328fda3c4010bc2f49e1a93273128
Author: Paul B Mahol <onemda at gmail.com>
Date: Sun Jan 29 20:09:22 2012 +0000
avutil: make intfloat api public
The functions are already av_ prefixed and intfloat header is already provided.
Install libavutil/intfloat.h
Signed-off-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Anton Khirnov <anton at khirnov.net>
(cherry picked from commit 8b933129b932f523a746e921a0a20b8dd8816971)
Conflicts:
doc/APIchanges
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=083a8a00373b12dc06b8ae4c49eec61fb5e55f4b
Author: Alex Converse <alex.converse at gmail.com>
Date: Wed Jan 25 13:39:24 2012 -0800
mjpegbdec: Fix overflow in SOS.
Based in part by a fix from Michael Niedermayer <michaelni at gmx.at>
Fixes CVE-2011-3947
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit b57d262412204e54a7ef8fa1b23ff4dcede622e5)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71a939fee47d8b59ba1258b481322d16378e556f
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 11:35:36 2012 -0800
oma: don't read beyond end of leaf_table.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 934cd18a43151ba4b819d9270d539cdb26f6e079)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9dbd437da2bafbec540e38cb51bc7ce2b0101ee5
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 28 10:22:28 2012 -0800
Indeo3: fix crashes on corrupt bitstreams.
Splits at borders of cells are invalid, since it leaves one of the
cells with a width/height of zero. Also, propagate errors on buffer
allocation failures, so we don't continue decoding (which crashes).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit fc9bc08dca9ac32526251e19fcf738d23b8c68d1)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2510e1476e9a8bfcca0fe4e85a1380482aed0ab3
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Jan 10 17:01:26 2012 -0800
vorbis: fix overflows in floor1[] vector and inverse db table index.
(cherry picked from commit 24947d4988012f1f0fd467c83418615adc11c3e8)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f839cff6bf4569393cd0594f0f300af1c488723
Author: Reinhard Tartler <siretart at tauware.de>
Date: Sun Feb 26 10:50:45 2012 +0100
Fix parser not to clobber has_b_frames when extradata is set.
Because in contrast to the decoder, the parser does not setup low_delay.
The code in parse_nal_units would always end up setting has_b_frames
to "1", except when stream is explicitly marked as low delay.
Since the parser itself would create 'extradata', simply reopening
the parser would cause this.
This happens for instance in estimate_timings_from_pts(), which causes the
parser to be reopened on the same stream.
This fixes Libav #22 and FFmpeg (trac) #360
CC: libav-stable at libav.org
Based on a patch by Reimar Döffinger <Reimar.Doeffinger at gmx.de>
(commit 31ac0ac29b6bba744493f7d1040757a3f51b9ad7)
Comments and description adapted by Reinhard Tartler.
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
(cherry picked from commit 790a367d9ecd04360f78616765ee723f3fe65645)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=abe35728786d79cd8230dffe41205b28ad6b7678
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 22 11:33:24 2012 -0800
rm: prevent infinite loops for index parsing.
Specifically, prevent jumping back in the file for the next index, since
this can lead to infinite loops where we jump between indexes referring
to each other, and don't read indexes that don't fit in the file.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit aac07a7a4c2c7a4a29cf6dbc88c1b9fdd191b99d)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0d30e2c6f28dc0ae1bcb9bb40b26aedb5b5ce731
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 24 14:11:04 2012 -0800
fraps: release reference buffer on pix_fmt change.
Prevents crash when trying to copy from a non-existing plane in e.g.
a RGB32 reference image to a YUV420P target image
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 830f70442a87a31f7c75565e9380e3caf8333b8a)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0473085f3e2300908b1bf7ecf2ed7177eef0d4f
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 24 16:27:53 2012 -0800
kgv1: release reference picture on size change.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 6c4c27adb61b2881a94ce5c7d97ee1c8adadb5fe)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e537dc230b2e123be8aebdaeee5a7d7787328b0b
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Dec 29 09:07:32 2011 -0800
kgv1: use avctx->get/release_buffer().
Also fixes crashes on corrupt bitstreams.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 33cd32b389864f2437c94e6fd7dc109ff5f0ed06)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=19f4943d12968a6dfb7c2915da191489dc614b87
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Feb 23 16:09:36 2012 -0800
lcl: error out if uncompressed input buffer is smaller than framesize.
This prevents crashes when trying to read beyond the end of the buffer
while decoding frame data.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit be129271eac04f91393bf42a490ec631e1a9abea)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bf6d1a1ca792e4207e5d9b71c5020befb2296ae3
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Feb 23 12:22:40 2012 -0800
mjpeg: abort decoding if packet is too large.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit ab492ca2ab105aeb24d955f3f03756bdb3139ee1)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=424b6edd1944cf02261109edb5913417cf8e5dfb
Author: Alex Converse <alex.converse at gmail.com>
Date: Thu Feb 23 10:47:50 2012 -0800
tiff: Prevent overreads in the type_sizes array.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 447363870f2f91e125e07ac2d0820359a5d86b06)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f48417fe768a2d0d1852489463530a9a889fe76
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Feb 23 11:53:27 2012 -0800
swf: check return values for av_get/new_packet().
Prevents crashers when using the packet if allocation failed.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 31632e73f47d25e2077fce729571259ee6354854)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8e3dc37bc01950915dcdab473fc2694fc3670a54
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 22 12:19:52 2012 -0800
truemotion2: error out if the huffman tree has no nodes.
This prevents crashers and errors further down when reading nodes in the
empty tree.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 2b83e8b7005d531bc78b0fd4f699e9faa54ce9bb)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0312969b9ea7fa7027bca665bfded88690c4caa0
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 21 10:36:27 2012 -0800
rmdec: when using INT4 deinterleaving, error out if sub_packet_h <= 1.
We read sub_packet_h / 2 packets per line of data (during deinterleaving),
which equals zero if sub_packet_h <= 1, thus causing us to not read any
data, leading to an infinite loop.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit e30b3e59a4f3004337cb1623b2aac988ce52b93f)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62beae313a4f91e8ff4e8dc0b2ec78baaa804b32
Author: Janne Grunau <janne-libav at jannau.net>
Date: Tue Feb 21 16:34:08 2012 +0100
avplay: fix -threads option
The AVOptions based default to threads auto in 2473a45c8
works only if avplay does not use custom option handling
for -threads.
CC: <libav-stable at libav.org>
(cherry picked from commit e48a70e6da02cd5426b6340af70410bdfe27dfa7)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8011a29fa8875aa4de54199bdfcd4e5331d532dd
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 14:18:22 2012 -0800
vc1parse: call vc1_init_common().
The parser uses VLC tables initialized in vc1_common_init(), therefore
we should call this function on parser init also.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit c742ab4e81bb9dcabfdab006d6b8b09a5808c4ce)
Conflicts:
libavcodec/vc1.h
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe710f2074a711b5b07b76fe9ecf11b4068b32ef
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 16:57:00 2012 -0800
wma: don't return 0 on invalid packets.
Return 0 means "please return the same data again", i.e. it causes an
infinite loop. Instead, return an error.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 9d3050d3e95e307ebc34a943484c7add838d1220)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bba43a1ea07392f14c508aeff2ee13a4cfc425b5
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 16:27:36 2012 -0800
mjpegb: don't return 0 at the end of frame decoding.
Return 0 indicates "please return the same data again", i.e. it causes
an infinite loop. Instead, return that we consumed the buffer if we
finished decoding succesfully, or return an error if an error occurred.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 74699ac8c8b562e9f8d26e21482b89585365774a)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f947e965beb858b67ab6e49f9e24e8d12d9b5a7d
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 12:21:18 2012 -0800
asf: prevent packet_size_left from going negative if hdrlen > pktlen.
This prevents failed assertions further down in the packet processing
where we require non-negative values for packet_size_left.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 41afac7f7a67c634c86b1d17fc930e9183d4aaa0)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c365dc9792a6a91637498e2ee1fdcb90c9c7640
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 15:51:27 2012 -0800
aiff: don't skip block_align==0 check on COMM-after-SSND files.
This prevents SIGFPEs when using block_align for divisions.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 32a659c758bf2ddd8ad48f18c06fa77444341286)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95a9d44dc3121a93c68087dddd7b9b49d34bf930
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 15:20:27 2012 -0800
mp3on4: require a minimum framesize.
If bufsize < headersize, init_get_bits() will be called with a negative
number, causing it to fail and any subsequent call to get_bits() will
crash because it reads from a NULL pointer.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 3e13005cac6e076053276b515f5fcf59a3f4b65d)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=27558bd87e7e67b83ddefb9176f1729c2291c7a0
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 15:00:47 2012 -0800
huffyuv: error out on bit overrun.
On EOF, get_bits() will continuously return 0, causing an infinite
loop.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 84c202cc37024bd78261e4222e46631ea73c48dd)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ab9294a8db5b3a796871e403b1a779a413a494c
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 12:28:26 2012 -0800
als: prevent infinite loop in zero_remaining().
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit af468015d972c0dec5c8c37b2685ffa5cbe4ae87)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cfd7d166e2ae68302329c059afa7c4778a70e9b5
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 12:10:33 2012 -0800
cook: prevent div-by-zero if channels is zero.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 941fc1ea1ed7f7d99a8b9e2607b41f2f2820394a)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5bcd47cf63cb719e1c650d08cdfb7f4ede351367
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 14 12:40:19 2012 -0800
vc1: prevent using last_frame as a reference for I/P first frame.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit ae591aeea58d64399b8281be31dacec0de85ae04)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0c60d5c59fe05de80fc45e097c61b6f5487431de
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 22 16:48:38 2012 -0800
swscale: take first/lastline over/underflows into account for MMX.
Fixes crashes for extremely large resizes (several 100-fold).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 1d8c4af396b6ed84c84b5ebf0bf1163c4a7a3017)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd9bdc639588067732b53bb47a01f7b9b902b9ef
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 22 16:46:31 2012 -0800
swscale: fix overflows in filterPos[] calculation for large sizes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 19a65b5be47944c607a9e979edb098924d95f2e4)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b68470707bf2e010136c6debd25051afdf198466
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Sat Feb 11 08:42:28 2012 -0800
swscale: enforce a minimum filtersize.
At very small dimensions, this calculation could lead to zero-sized
filters, which leads to uninitialized output, zero-sized allocations,
loop overflows in SIMD that uses do{..}while(i++<filtersize); instead
of for(i=0;i<filtersize;i++){..} and several other similar failures.
Therefore, require a minimum filtersize of 1.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit dae2ce361a2b5fd9be1d43e5e8c00bdbc5f03e3d)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7046ae55932f8fae83269871847cea9fd84c23f5
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 10 10:51:43 2012 -0800
tta: error out if samplerate is zero.
Prevents a division by zero later on.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 7416d610362807848236ceff1bc6740dbc82842d)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d19e3e19d67b50cb5614ead2e0f125678e1c257d
Author: Janne Grunau <janne-libav at jannau.net>
Date: Wed Jan 25 15:49:54 2012 +0100
vc1: prevent null pointer dereference on broken files
CC: libav-stable at libav.org
(cherry picked from commit 510ef04a461b3b54a762c6141ad880cbed85981f)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04597e25952d399a350062c1824587c230cdd5b4
Author: Alex Converse <alex.converse at gmail.com>
Date: Wed Jan 25 16:12:42 2012 -0800
smacker: Sanity check huffman tables found in the headers.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 9adf25c1cf78dbf1d71bf386c49dc74cb8a60df0)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d16653c3d437ff7843c111d9fffa3e8c3e186db7
Author: Janne Grunau <janne-libav at jannau.net>
Date: Wed Jan 18 10:59:32 2012 +0100
lavf: prevent infinite loops while flushing in avformat_find_stream_info
If no data was seen for a stream decoder are returning 0 when fed with
empty packets for flushing. We can stop flushing when the decoder does
not return delayed delayed frames anymore. Changes try_decode_frame()
return value to got_picture or negative error.
CC: libav-stable at libav.org
(cherry picked from commit b3461c29c1aee7d62eeb02a59d46593c60362679)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=183e0eb5b9a8780b9879bd78b20ad9156d756a01
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 24 16:12:18 2012 -0800
matroska: don't overwrite string values until read/alloc was succesful.
This prevents certain tags with a default value assigned to them (as per
the EBML syntax elements) from ever being assigned a NULL value. Other
parts of the code rely on these being non-NULL (i.e. they don't check for
NULL before e.g. using the string in strcmp() or similar), and thus in
effect this prevents crashes when reading of such specific tags fails,
either because of low memory or because of targeted file corruption.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit cd40c31ee9ad2cca6f3635950b002fd46be07e98)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=be0b3137d02e2e19bd470f2de888bdeb281b0214
Author: Alex Converse <alex.converse at gmail.com>
Date: Wed Jan 25 14:34:21 2012 -0800
matroskadec: Pad AAC extradata.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit d2ee8c17793201ce969afd1f433ba1580c143cd2)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=683213230e6978302109253a48610a6b069ea43d
Author: Alex Converse <alex.converse at gmail.com>
Date: Wed Feb 22 11:05:42 2012 -0800
aac: fix infinite loop on end-of-frame with sequence of 1-bits.
Based-on-work-by: Ronald S. Bultje <rsbultje at gmail.com>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 1cd9a6154bc1ac1193c703cea980ed21c3e53792)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad0ee682b3cf663eb319020086f64da11d17dd82
Author: Alex Converse <alex.converse at gmail.com>
Date: Tue Jan 24 18:43:43 2012 -0800
wma: Clip WMA1 and WMA2 frame length to 11 bits.
The MDCT buffers in the decoder are only sized for up to 11 bits. The
reverse engineered documentation for WMA1/2 headers say that that for
all samplerates above 32kHz 11 bits are used. 12 and 13 bit support
were added for WMAPro. I was unable to make any Microsoft tools generate
a test file at a samplerate above 48kHz.
Discovered by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit d78bb1a4b2a3a415b68e4e6dd448779eccec64e3)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba418ad4005a2cc2f18cdfa089d0bcd55225b30e
Author: Janne Grunau <janne-libav at jannau.net>
Date: Tue Jan 24 21:50:50 2012 +0100
rv20: prevent calling ff_h263_decode_mba() with unset height/width
Prevents a crash of VLC during playback of a invalid matroska file,
found by John Villamil <johnv at matasano.com>.
CC: libav-stable at libav.org
(cherry picked from commit c3e10ae4127c998b809066926a410f40ebd47593)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6dcbbdc0116a50370d66f0f20d74a70d56568382
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 15 09:52:11 2012 -0800
flac: fix infinite loops on all-zero input or end-of-stream.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 52e4018be47697a60f4f18f83551766df31f5adf)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e43bd4fa58b8e72eedad9a1c160b12bf8915d45e
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Fri Feb 17 12:54:37 2012 -0800
golomb: use HAVE_BITS_REMAINING() macro to prevent infloop on EOF.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 46b3fbc30b7aaf7fdd52391734cfd6d93af8720a)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25b4ed053f0e4c48b4b4afdcf84306bbd7752314
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Wed Feb 22 12:09:33 2012 -0800
get_bits: add HAVE_BITS_REMAINING macro.
(cherry picked from commit b44b41633f110e9d938165e0f79c9d32191fc135)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e1f2a6a32b86fef0916338e21851c9b4f499f706
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 14 11:50:57 2012 -0800
golomb: avoid infinite loop on all-zero input (or end of buffer).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit c6643fddba73560f26f90d327c84d8832222a720)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6fc3287b9ccece290c5881b92948772bbf72e68c
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Sun Dec 25 12:28:50 2011 +0100
shorten: Use separate pointers for the allocated memory for decoded samples.
Fixes invalid free() if any of the buffers are not allocated due to either
not decoding a header or an error prior to allocating all buffers.
Fixes CVE-2012-0858
CC: libav-stable at libav.org
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles at gmail.com>
(cherry picked from commit 204cb29b3c84a74cbcd059d353c70c8bdc567d98)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f43b6e2b1ed47a1254a5d44c700a7fad5e9784be
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Sat Dec 17 03:18:58 2011 +0100
atrac3: Fix crash in tonal component decoding.
Add a check to avoid writing past the end of the channel_unit.components[]
array.
Bug Found by: cosminamironesei
Fixes CVE-2012-0853
CC: libav-stable at libav.org
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles at gmail.com>
(cherry picked from commit c509f4f74713b035a06f79cb4d00e708f5226bc5)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=697a45d861b7cd6a96718383a44f41348487f844
Author: Michael Niedermayer <michaelni at gmx.at>
Date: Sun Dec 25 00:10:27 2011 +0100
ws_snd1: Fix wrong samples count and crash.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 9fb7a5af97d8c084c3af2566070d09eae0ab49fc)
Addresses CVE-2012-0848
Reviewed-by: Justin Ruggles <justin.ruggles at gmail.com>
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4c7879775e81ccca8f0f1d2a7b70524ee47b16ca
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Thu Feb 9 22:57:01 2012 -0800
h264: disallow constrained intra prediction modes for luma.
Conversion of the luma intra prediction mode to one of the constrained
("alzheimer") ones can happen by crafting special bitstreams, causing
a crash because we'll call a NULL function pointer for 16x16 block intra
prediction, since constrained intra prediction functions are only
implemented for chroma (8x8 blocks).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit 45b7bd7c53b41bc5ff6fc2158831f2b1b1256113)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2c8db1b792670f8987c0580bb71ca0f29708d8b
Author: Ronald S. Bultje <rsbultje at gmail.com>
Date: Tue Feb 7 11:33:20 2012 -0800
swscale: fix V plane memory location in bilinear/unscaled RGB/YUYV case.
Fixes bug 221.
CC: libav-stable at libav.org
(cherry picked from commit b7542dd3d71d1ee873277020b6a8eab2674bb167)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc89f15497c2b5b78a992c98eaba9fca7cc82f8f
Author: Martin Storsjö <martin at martin.st>
Date: Thu Jan 26 21:37:38 2012 +0200
libavcodec: Don't crash in avcodec_encode_audio if time_base isn't set
Earlier, calling avcodec_encode_audio worked fine even if time_base
wasn't set. Now it crashes due to trying to scale the output pts to
the codec context time base. This affects e.g. VLC.
If no time_base is set for audio codecs, set it to the sample
rate.
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 9a7dc618c50902e7a171f2deda6430d52c277a95)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e364f507183634a9134eea0e004c8ae448e54469
Author: Alex Converse <alex.converse at gmail.com>
Date: Wed Jan 25 15:27:11 2012 -0800
qdm2: Check data block size for bytes to bits overflow.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit dac56d9ce01eb9963f28f26b97a81db5cbd46c1c)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=571a4cf273a84b6f7f38697b462e667d4f0fddc4
Author: Anton Khirnov <anton at khirnov.net>
Date: Sat Jan 28 19:15:15 2012 +0100
lavc: set AVCodecContext.codec in avcodec_get_context_defaults3().
This way, if the AVCodecContext is allocated for a specific codec, the
caller doesn't need to store this codec separately and then pass it
again to avcodec_open2().
It also allows to set codec private options using av_opt_set_* before
opening the codec.
(cherry picked from commit bc901998487bf9b77a423961d9f961bcc28a9291)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bafd38a352126385ec0dcea51017229373b1c2f3
Author: Anton Khirnov <anton at khirnov.net>
Date: Sun Jan 29 12:17:30 2012 +0100
lavc: make avcodec_close() work properly on unopened codecs.
I.e. free the priv_data and other stuff allocated in
avcodec_alloc_context3() and not segfault.
(cherry picked from commit 0e72ad95f9fef6a6b8ae55e47339a5c40526502f)
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=350d06d63fc758d047c050e0835f540277799f60
Author: Anton Khirnov <anton at khirnov.net>
Date: Thu Dec 8 06:57:44 2011 +0100
lavc: add avcodec_is_open().
It allows to check whether an AVCodecContext is open in a documented
way. Right now the undocumented way this check is done in lavf/lavc is
by checking whether AVCodecContext.codec is NULL. However it's desirable
to be able to set AVCodecContext.codec before avcodec_open2().
(cherry picked from commit af08d9aeea870de017139f7b1c44b7d816cf8e56)
Conflicts:
doc/APIchanges
More information about the ffmpeg-cvslog
mailing list