FFmpeg

Author	SHA1	Message	Date
Michael Niedermayer	6b97e76dfc	avsdec: Set dimensions instead of relying on the demuxer. The decode function assumes that the video will have those dimensions. Fixes CVE-2012-2801 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `85f477935c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2013-02-10 18:01:15 +01:00
Anton Khirnov	0f6d4da8de	bmpdec: only initialize palette for pal8. Gray8 is not considered to be paletted, so this would cause an invalid write. Fixes bug 367. CC: libav-stable@libav.org (cherry picked from commit `8b78c2969a`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2013-02-10 18:01:15 +01:00
Michael Niedermayer	6d6373dc64	mpegvideo: Don't use ff_mspel_motion() for vc1 Using ff_mspel_motion assumes that s (a MpegEncContext poiinter) really is a Wmv2Context. This fixes crashes in error resilience on vc1/wmv3 videos. CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit `18f2d5cb9c`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `da0c457663`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `899d95efe1`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `c82ae85a8a`) Conflicts: libavcodec/mpegvideo_common.h Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:35:19 +02:00
Janne Grunau	7296a6b5e9	imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt CC: libav-stable@libav.org (cherry picked from commit `39bb27bf79`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `7a7229b52d`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `8812b5f164`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `fd7426ed89`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:34:11 +02:00
Janne Grunau	f695be22d8	nuv: check RTjpeg header for validity CC: libav-stable@libav.org (cherry picked from commit `859a579e9b`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `6704522ca9`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `f31170d4e7`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `459feb7cce`) Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:34:04 +02:00
Kostya Shishkov	9125aa9218	vc1dec: add flush function for WMV9 and VC-1 decoders CC: libav-stable@libav.org (cherry picked from commit `4dc8c8386e`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `02b7239462`) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `0173a7966b`) Signed-off-by: Anton Khirnov <anton@khirnov.net> (cherry picked from commit `aa41212767`) Conflicts: libavcodec/vc1dec.c Signed-off-by: Anton Khirnov <anton@khirnov.net>	2012-10-06 10:33:49 +02:00
Reinhard Tartler	5a9588b088	png: check bit depth for PAL8/Y400A pixel formats. Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit `d2205d6543`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit b8d6ba9d50e80fdce2ed74cdaffd4960df8a21c5) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 33f93005f1a86c108302b4c5978aa1a3d8e092cc) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 4c8c2660bd9252775c9a1dc2e2f36cb34718595a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> Conflicts: libavcodec/pngdec.c	2012-06-03 19:35:50 +02:00
Michael Niedermayer	02cd93f4ad	tqi: Pass errors from the MB decoder This silences some valgrind warnings. CC: libav-stable@libav.org Fixes second half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Bug found by: Oana Stratulat Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `f85334f58e`) (cherry picked from commit `90290a5150`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `5872580e65`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `2f2fd8c6d1`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c3edce42704142f4c66954e9f24d7fbf0e5ae423) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Reimar Döffinger	f8a31e2113	eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c Originally committed as revision 18927 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `1eda87ce63`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-06-03 19:35:13 +02:00
Ronald S. Bultje	ae6c57859c	qdm2: clip array indices returned by qdm2_get_vlc(). Prevents subsequent overreads when these numbers are used as indices in arrays. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `64953f67f9`) Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com> Conflicts: libavcodec/qdm2.c	2012-06-02 19:25:57 -04:00
Alex Converse	5629c39101	kmvc: Check palsize. Fixes: CVE-2011-3952 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Based on fix by Michael Niedermayer (cherry picked from commit `386741f887`) (cherry picked from commit `416849f2e0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit e7392dc349291eb94379d8cfb7ef73d32a768858) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Janne Grunau	7867cbaf6c	adpcm: ADPCM Electronic Arts has always two channels Fixes half of http://ffmpeg.org/trac/ffmpeg/ticket/794 Adresses CVE-2012-0852 (cherry picked from commit `bb5b3940b0`) Conflicts: libavcodec/adpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `b581580bd1`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit a0f58c3a605b8123039628d1598cb36f1da0e815) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Alexander Strange	0bf8e22cdb	h264: Add check for invalid chroma_format_idc Fixes a crash when FF_DEBUG_PICT_INFO is used. Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `6ef4063957`) Fixes: CVE-2012-0851 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `4713234518`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c5f7c755cf`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 00d2c432581cf61326973a1a48f2e63690b65515)	2012-05-28 23:46:08 +02:00
Alex Converse	7944a87ba8	dpcm: ignore extra unpaired bytes in stereo streams. Fixes: CVE-2011-3951 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `ce7aee9b73`) (cherry picked from commit `eaeaeb265f`) Conflicts: libavcodec/dpcm.c Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 1ce9c93198fc997e8f23934a78e2937af670e4e9) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 41f1f146c9e29dde63e293078819474c9b8111a1) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-28 23:46:08 +02:00
Mans Rullgard	468cc41d6d	vqavideo: return error if image size is not a multiple of block size The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `58b2e0f0f2`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `d5207e2af8`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c71c77e56f`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit c90da45d5a7a4045dbf22fba52c63ef55d207269) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:34:07 +02:00
Alex Converse	6c9b404dba	motionpixels: Clip YUV values after applying a gradient. Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org (cherry picked from commit `b5da848fac`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `aaa6a66677`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `50073e2395`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 2134e7f6e88959513ba1713ad6fd7a7c8d5a0f41) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-05-09 22:33:49 +02:00
Alex Converse	b2ac7e585e	mjpegbdec: Fix overflow in SOS. Based in part by a fix from Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2011-3947 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind (cherry picked from commit `b57d262412`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `083a8a0037`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `6ae95a0b93`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `6ca010f209`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:42:28 +02:00
Michael Niedermayer	8bb3ba5541	atrac3: Fix crash in tonal component decoding. Add a check to avoid writing past the end of the channel_unit.components[] array. Bug Found by: cosminamironesei Fixes CVE-2012-0853 CC: libav-stable@libav.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `c509f4f747`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `f43b6e2b1e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `f728ad26f0`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `224025d852`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-04-21 15:42:10 +02:00
Chris Evans	6b01bcebb9	vorbis: An additional defense in the Vorbis codec. Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `afb2aa5379`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `b0283ccb9e`) Conflicts: libavcodec/vorbis_dec.c (cherry picked from commit `a5e0afe3c9`) Conflicts: libavcodec/vorbis_dec.c	2012-01-08 09:49:19 +01:00
Reinhard Tartler	efd453d82d	vorbisdec: Fix decoding bug with channel handling Fixes Bug: #191 Chromium Bug: #101458 CVE-2011-3895 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `e6d527ff72`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `97f23c72a3`) Conflicts: libavcodec/vorbis_dec.c (cherry picked from commit `42f0a66968`) Conflicts: libavcodec/vorbis_dec.c	2012-01-08 09:40:38 +01:00
Chris Evans	665421f3b1	vorbis: Avoid some out-of-bounds reads Fixes Bug: #190 Chromium Bug: #100543 Related to CVE-2011-3893 Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `57cd6d7095`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `4a94678f1b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `6d6254ba9f`) Conflicts: libavcodec/vorbis.c	2012-01-07 22:15:53 +01:00
Ronald S. Bultje	3eb6983dbc	vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit `8370e426e4`) Fixes: #189 Chromium-Bug: 101172,100465 CVE-2011-3892 Removed the parts that are related to multi-threading, which is not included before 0.7. Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c624935554`) Conflicts: libavcodec/vp3.c (cherry picked from commit `c9c7db0af2`) Conflicts: libavcodec/vp3.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2012-01-07 21:39:50 +01:00
Michael Niedermayer	110aff4b24	svq1dec: call avcodec_set_dimensions() after dimensions changed. Fixes NGS00148, CVE-2011-4579 Found-by: Phillip Langlois Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `6e24b9488e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `0eca0da06e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `8ddc0b491d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:20 +01:00
Laurent Aimar	4a1c3df592	vmd: fix segfaults on corruped streams Signed-off-by: Janne Grunau <janne-libav@jannau.net> Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `494cfacdb9`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `b99366faef`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:20 +01:00
Dustin Brody	185abfb218	vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com> (cherry picked from commit `f913eeea43`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `7367cbec1b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `201fcfb894`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:20 +01:00
Vitor Sessak	280590e338	Plug some memory leaks in the VP6 decoder Originally committed as revision 22172 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `0a41faa9a7`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:28:19 +01:00
Laurent Aimar	9767ea7aa7	vp6: Reset the internal state when aborting key frames header parsing It prevents leaving the state only half initialized. Signed-off-by: Janne Grunau <janne-libav@jannau.net> (cherry picked from commit `a72cad0a6c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `c76505e0de`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `e28bb18fdc`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:17:42 +01:00
Thierry Foucu	771ceb19f2	vp6: Fix illegal read. Found with Address Sanitizer Signed-off-by: Alex Converse <alex.converse@gmail.com> (cherry picked from commit `e0966eb140`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `ba4b08b789`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `94aacaf508`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:14:55 +01:00
Alex Converse	7739947671	vp6: Fix illegal read. (cherry picked from commit `2a6eb06254`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `67a7ed623b`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `8d68083298`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:14:41 +01:00
Laurent Aimar	8abf1d882e	Fix out of bound reads in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `5a19acb17c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `0d93d5c461`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:07:49 +01:00
Laurent Aimar	1a53095406	Check for out of bound writes in the QDM2 decoder. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit `291d74a46d`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `a31ccacb1a`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:07:36 +01:00
Justin Ruggles	60eebf5c12	qdm2: check output buffer size before decoding (cherry picked from commit `7d49f79f1c`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `7347205351`) Conflicts: libavcodec/qdm2.c (cherry picked from commit `cfb9b47a1e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:06:10 +01:00
Baptiste Coudurier	30ee6c1995	Fix qdm2 decoder packet handling to match the api Originally committed as revision 25767 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `b26c1a8b7e`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-12-24 16:05:52 +01:00
Alex Converse	9463a28792	Fix ff_imdct_calc_sse() on gcc-4.6 Gcc 4.6 only preserves the first value when using an array with an "m" constraint. Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `770c410fbb`) Conflicts: libavcodec/x86/fft_sse.c Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-11-05 11:29:12 +01:00
Mans Rullgard	04888edef3	cavs: fix some crashes with invalid bitstreams This removes all valgrind-reported invalid writes with one specific test file. Fixes http://www.ocert.org/advisories/ocert-2011-002.html Signed-off-by: Mans Rullgard <mans@mansr.com> (cherry picked from commit `4a71da0f3a`) Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-11-02 21:14:57 +01:00
Michael Niedermayer	eed5697f99	mjpeg: Detect overreads in mjpeg_decode_scan() and error out. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Ronald S. Bultje <rbultje@google.com> Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-04-26 09:40:06 +02:00
Kostya Shishkov	808f9ce727	Call avcodec_set_dimensions() instead of simply setting avctx->width/height when frame dimensions change in RV3/4. Originally committed as revision 20595 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `d90aeeaf56`)	2011-02-19 17:07:58 +01:00
Reimar Döffinger	8069e2f6fb	Fix invalid reads in VC1 decoder Patch discussed and taken from https://roundup.ffmpeg.org/issue2584 (cherry picked from commit `2bbec1eda4`) Change related to CVE-2011-0723	2011-02-19 17:07:57 +01:00
Ronald S. Bultje	f7494394ee	Make get_bits_left() available for use in libavcodec (was previously held private in dv.c for some reason). See "[PATCH] get_bits_left()" thread. Originally committed as revision 20490 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `c47ca25e74`)	2011-02-19 17:07:57 +01:00
Frank Barchard	329e816ed7	Check rangebits to avoid a possible crash. Fixes issue 2548 (and Chrome issue 68115 and unknown CERT issues). Originally committed as revision 26365 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `13184036a6`) Addresses: CVE-2011-0480 Conflicts: libavcodec/vorbis_dec.c	2011-02-13 21:41:38 +01:00
Jason Garrett-Glaser	d6860fb653	Fix crashes in vorbis decoding found by zzuf Fixes issue 2322. Originally committed as revision 25591 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `3dde66752d`) Addresses: CVE-2010-4704	2011-02-13 20:45:18 +01:00
Janne Grunau	11f6eebdd3	consolidate .gitignore patters into a single file Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net> (cherry picked from commit `2c3589bfda`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-10 14:02:23 +01:00
Janne Grunau	9109a58867	convert svn:ignore properties to .gitignore files Signed-off-by: Janne Grunau <janne-ffmpeg@jannau.net> (cherry picked from commit `348b8218f7`) Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-10 14:01:36 +01:00
Kostya Shishkov	44511b17cb	Update dimensions in AVCodecContext when RV3/4 frame dimensions change Originally committed as revision 20572 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `ec10d2d539`) Fixes heap corruption crashes Addresses: CVE-2011-0722 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-04 06:42:29 +01:00
Michael Niedermayer	48b086b0ef	Update safety check as the maximum pixel size is no longer 4. New max size is 16bit * 4 samples (RGBA). Originally committed as revision 18655 to svn://svn.ffmpeg.org/ffmpeg/trunk (cherry picked from commit `445f0a8b66`) Addresses: CVE-2010-3908 Signed-off-by: Reinhard Tartler <siretart@tauware.de>	2011-02-04 06:41:58 +01:00
Reinhard Tartler	2f504d7a90	Fix several security issues in flicvideo.c This fixes CVE-2010-3429 backport r25223 by michael Originally committed as revision 25325 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-10-03 14:51:50 +00:00
Reinhard Tartler	96ca078b22	Check validity of channels & samplerate. This may be security relevant. Based on 2 patches by chrome. backport r19975 by michael Originally committed as revision 22658 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-03-24 19:35:30 +00:00
Reinhard Tartler	4fb58ecea8	bump LIBAVCODEC_VERSION_MICRO for addition of the lock manager API As discussed with Diego, we'll go for bumping micro in 0.5 and will consider adding a RELEASEVERSION macro for trunk and 0.6 seperatly Originally committed as revision 22087 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-27 10:01:45 +00:00
Reinhard Tartler	8e2149d7df	fix the remaining ogv segfaults from issue 1240. First commit: Make decode_init fail if the huffman tables are invalid and thus init_vlc fails. Otherwise this will crash during decoding because the vlc tables are NULL. Partially fixes ogv/smclock.ogv.1.101.ogv from issue 1240. backport r19355 by reimar Second commit: Add extra validation checks to ff_vorbis_len2vlc. They should not be necessary, but it seems like a reasonable precaution. r19374 by reimar Originally committed as revision 22076 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-26 14:32:27 +00:00
Reinhard Tartler	9d9f1ecfaa	Make sure we dont read over the end. Fixes issue1237. backport r19322 by michael Originally committed as revision 22074 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5	2010-02-26 10:56:46 +00:00

1 2 3 4 5 ...

9049 Commits