ffmpeg

mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-17 12:27:18 +00:00

Author	SHA1	Message	Date
Dyami Caliri	c89645c3ef	Fix buffer_size argument to init_put_bits() in multiple encoders. Several encoders were multiplying the buffer size by 8, in order to get a bit size. However, the buffer_size argument is for the byte size of the buffer. We had experienced crashes encoding prores (Anatoliy) at size 4096x4096. (cherry picked from commit `50833c9f7b`) Conflicts: libavcodec/proresenc_kostya.c Conflicts: libavcodec/faxcompr.c libavcodec/s302menc.c Conflicts: libavcodec/adpcmenc.c	2015-03-12 18:03:50 +01:00
Michael Niedermayer	0c1f8a784d	avcodec/zmbv: Check len before reading in decode_frame() Fixes out of array read Fixes: asan_heap-oob_4d4eb0_3994_cov_3169972261_zmbv_15bit.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `1f5c7781e6`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:50 +01:00
Michael Niedermayer	07a9a43d5c	avcodec/snowdec: Fix ref value check Fixes integer overflow and out of array read. Fixes: signal_sigsegv_24169e6_3445_cov_3778346427_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8f4cbf9402`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:50 +01:00
Andreas Cadhalpun	7232fc75e1	avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop Averaging over 2 pixels doesn't work correctly for the last pixel, because the rest of the buffer is not initialized. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `87513d6545`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:50 +01:00
Michael Niedermayer	4640184c76	avcodec/mjpegdec: Skip blocks which are outside the visible area Fixes out of array accesses Fixes: ffmpeg_mjpeg_crash.avi Found-by: Thomas Lindroth <thomas.lindroth@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `08509c8f86`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 0bb0716d9c0699895abcef2d3954c1d6e4157cb2) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:50 +01:00
Michael Niedermayer	20d95a8ad3	avcodec/h264_ps: More completely check the bit depths Fixes out of array read Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `69aa79365c`) Conflicts: libavcodec/h264_ps.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:50 +01:00
Michael Niedermayer	a16669f1e2	avcodec/mjpegdec: Check number of components for JPEG-LS Fixes out of array accesses Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `fabbfaa095`) Conflicts: libavcodec/mjpegdec.c	2015-03-12 18:03:50 +01:00
Michael Niedermayer	5c0413aa85	avcodec/mjpegdec: Check escape sequence validity Fixes assertion failure Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:50 +01:00
Michael Niedermayer	c78ed1fb5d	avcodec/flac_parser: fix handling EOF if no headers are found Fixes assertion failure Fixes Ticket4269 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `c4d85fc23c`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
wm4	00cde0cddc	avcodec/dvdsubdec: error on bitmaps with size 0 Attemtping to decode them could lead to invalid writes with some fuzzed samples. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `bcaa9099b3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
wm4	ce219702c3	avcodec/dvdsubdec: fix out of bounds accesses The code blindly trusted buffer offsets read from the file in the RLE decoder. Explicitly check the offset. Also error out on other RLE decoding errors. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `c9151de7c4`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	87a716991d	avcodec/indeo3: ensure offsets are non negative Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `368642361f`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	cd4827dfd4	avcodec/indeo3: use signed variables to avoid underflow Fixes out of array read Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3305acdc92`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	87ec3c6156	avcodec/vmdvideo: Check len before using it in method 3 Fixes out of array access Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3030fb7e0d`) Conflicts: libavcodec/vmdav.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	0b5d644839	avcodec/pngdec: Check IHDR/IDAT order Fixes out of array access Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `79ceaf827b`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	aebfcf7d62	avcodec/mjpegdec: Fix context fields becoming inconsistent Fixes out of array access Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `0eecf40935`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 32d3acac727f3f4a6489ca129a5ea4ccdfcb34a5) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	ec640e10b2	avcodec/wmaprodec: Fix integer overflow in sfb_offsets initialization Fixes out of array read Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5dcb99033d`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	3296e30d37	avcodec/h264_slice: Clear table pointers to avoid stale pointers Might fix Ticket3889 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `547fce9585`) Conflicts: libavcodec/h264_slice.c Conflicts: libavcodec/h264.c	2015-03-12 18:03:49 +01:00
Michael Niedermayer	d327f673f9	avcodec/dnxhddec: treat pix_fmt like width/height Fixes out of array accesses Fixes: asan_heap-oob_22c9a39_16_015.mxf Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `f3c0e0bf6f`) Conflicts: libavcodec/dnxhddec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:49 +01:00
Michael Niedermayer	017226fdf9	avcodec/dxa: check dimensions Fixes out of array access Fixes: asan_heap-oob_11222fb_21_020.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e70312dfc2`) Conflicts: libavcodec/dxa.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	e0ed766f2a	avcodec/qpeg: fix off by 1 error in MV bounds check Fixes out of array access Fixes: asan_heap-oob_153760f_4_asan_heap-oob_1d7a4cf_164_VWbig6.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `dd3bfe3cc1`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	677da72300	avcodec/pngdec: Calculate MPNG bytewidth more defensively Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e830902934`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7238c744de	avcodec/pngdec: Check bits per pixel before setting monoblack pixel format Fixes out of array accesses Fixes: asan_heap-oob_14dbfcf_4_asan_heap-oob_1ce5767_179_add_method_small.png Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `3e2b745020`) Conflicts: libavcodec/pngdec.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7c1150bf05	avcodec/tiff: more completely check bpp/bppcount Fixes pixel format selection Fixes out of array accesses Fixes: asan_heap-oob_1766029_6_asan_heap-oob_20aa045_332_cov_1823216757_m2-d1d366d7965db766c19a66c7a2ccbb6b.tif Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `e1c0cfaa41`) Conflicts: libavcodec/tiff.c (cherry picked from commit e9125e74897135d690cf44f6e6d39e80dcd07803) Conflicts: libavcodec/tiff.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	19d0c9e993	avcodec/mmvideo: Bounds check 2nd line of HHV Intra blocks Fixes out of array access Fixes: asan_heap-oob_4da4f3_8_asan_heap-oob_4da4f3_419_scene1a.mm Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `8b0e96e1f2`) Conflicts: libavcodec/mmvideo.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	bd3a28e8b6	avcodec/utils: Add case for jv to avcodec_align_dimensions2() Fixes out of array accesses Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `105654e376`) Conflicts: libavcodec/utils.c	2015-03-12 18:03:48 +01:00
Michael Niedermayer	bb6a8a0509	avcodec/mjpegdec: check bits per pixel for changes similar to dimensions Fixes out of array accesses Fixes: asan_heap-oob_16668e9_2_asan_heap-oob_16668e9_346_miss_congeniality_pegasus_mjpg.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `5c378d6a6d`) Conflicts: libavcodec/mjpegdec.c (cherry picked from commit 94371a404c663c3dae3d542fa43951567ab67f82) Conflicts: libavcodec/mjpegdec.c Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	1704a7b67d	avcodec/jpeglsdec: Check run value more completely in ls_decode_line() previously it could have been by 1 too large Fixes out of array access Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8c1e3.jls Fixes: asan_heap-oob_12240f5_1_asan_heap-oob_12240f5_448_t8nde0.jls Fixes: asan_heap-oob_12240fa_1_asan_heap-oob_12240fa_448_t16e3.jls Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `06e7d58410`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	348b87b9bd	avcodec/ac3enc_template: fix out of array read Found-by: Andreas Cadhalpun Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `d85ebea3f3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 18:03:48 +01:00
Michael Niedermayer	7248e73559	avcodec: fix aac/ac3 parser bitstream buffer size Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit `fccd85b9f3`) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-12 01:31:57 +01:00
Michael Niedermayer	a0316589e4	Merge commit '335ec616cc38ee6206a3acebd46d01aad73d721b' into release/0.10 * commit '335ec616cc38ee6206a3acebd46d01aad73d721b': utvideodec: Handle slice_height being zero Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 23:11:51 +01:00
Michael Niedermayer	90afa95a55	Merge commit 'ec5b2f6a385959048f780b4e7d3d259dc1fa8421' into release/0.10 * commit 'ec5b2f6a385959048f780b4e7d3d259dc1fa8421': tiff: Check that there is no aliasing in pixel format selection Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:51:08 +01:00
Michael Niedermayer	22377751c9	Merge commit '905988fe1a8accbc1ab93120aa4cd29252b81cce' into release/0.10 * commit '905988fe1a8accbc1ab93120aa4cd29252b81cce': eamad: check for out of bounds read Conflicts: libavcodec/eamad.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:50:00 +01:00
Michael Niedermayer	60feb8543a	Merge commit 'd6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b' into release/0.10 * commit 'd6deed7916f7f52dbfc88e2fc2c43e3cfb8ee74b': h264_cabac: Break infinite loops Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:38:55 +01:00
Michael Niedermayer	caedb041a6	Merge commit '9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a' into release/0.10 * commit '9ae3cd6e7271a3d6b8cd92a4d35ebb16d2e03f1a': gifdec: refactor interleave end handling Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:32:12 +01:00
Michael Niedermayer	ed69f0f72e	Merge commit 'a331e11906b196c9a00f5ffbc45d80fcd7fe8423' into release/0.10 * commit 'a331e11906b196c9a00f5ffbc45d80fcd7fe8423': smc: fix the bounds check Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:31:57 +01:00
Michael Niedermayer	8439378f41	Merge commit 'fc159ba88ea2dd1fa11e4ab6af8b574fc80db454' into release/0.10 * commit 'fc159ba88ea2dd1fa11e4ab6af8b574fc80db454': mmvideo: check frame dimensions Conflicts: libavcodec/mmvideo.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:31:40 +01:00
Michael Niedermayer	17f094697d	Merge commit '954aafaa961c32c655ad38fb622e8cbe249ebd5a' into release/0.10 * commit '954aafaa961c32c655ad38fb622e8cbe249ebd5a': jvdec: check frame dimensions Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:21:47 +01:00
Michael Niedermayer	c388db185c	Merge commit '893b353362bc220280efd8d14c4878a1cafe18a8' into release/0.10 * commit '893b353362bc220280efd8d14c4878a1cafe18a8': x86: Only use optimizations with cmov if the CPU supports the instruction Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 22:04:45 +01:00
Michael Niedermayer	35e88167ea	Merge commit '2deac60a387409dcbc7b37a8c30de89c7aeb58ac' into release/0.10 * commit '2deac60a387409dcbc7b37a8c30de89c7aeb58ac': adpcmenc: Calculate the IMA_QT predictor without overflow Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:50:03 +01:00
Michael Niedermayer	82c8abb34f	Merge commit '3eed35addb461c42471e0367bb6cd68d8ffd3aec' into release/0.10 * commit '3eed35addb461c42471e0367bb6cd68d8ffd3aec': svq1enc: Set picture_structure correctly Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:49:42 +01:00
Michael Niedermayer	7801f3e509	Merge commit 'ec0df23765bd41846f66e4a4fb694779b432fc62' into release/0.10 * commit 'ec0df23765bd41846f66e4a4fb694779b432fc62': h264: Remove an assert on current_picture_ptr being null Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:44:24 +01:00
Michael Niedermayer	6c76f3dfaa	Merge commit 'd1c490448cbe3f7715773c673e92139a7192326f' into release/0.10 * commit 'd1c490448cbe3f7715773c673e92139a7192326f': mpegvideo: remove last_picture_ptr / h264 assert. Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:43:52 +01:00
Michael Niedermayer	9d94589852	Merge commit '9858a723cbcb206287fd0232d74c6a0991eecdc8' into release/0.10 * commit '9858a723cbcb206287fd0232d74c6a0991eecdc8': elbg: Fix an assert Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:37:53 +01:00
Michael Niedermayer	c9a38ffe2f	Merge commit '233d1b4861e252cbc4571840e7f264e1db151c13' into release/0.10 * commit '233d1b4861e252cbc4571840e7f264e1db151c13': h264_refs: Fix debug tprintf argument types Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:36:34 +01:00
Michael Niedermayer	3832db1223	Merge commit '57c36de7265761dd94fb6bb4a9180011f796128f' into release/0.10 * commit '57c36de7265761dd94fb6bb4a9180011f796128f': vp8: avoid race condition on segment map. Conflicts: libavcodec/vp8.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:29:31 +01:00
Michael Niedermayer	2a4d9b9af0	Merge commit '8152b02f33a7b939cb2c9a5f26d10cd10465d4f9' into release/0.10 * commit '8152b02f33a7b939cb2c9a5f26d10cd10465d4f9': arm/neon: dsputil: use correct size specifiers on vld1/vst1 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:11:07 +01:00
Michael Niedermayer	6a28ae55c4	Merge commit '9fa9d471a7af57a62843fdae0dc36e67960c3f3d' into release/0.10 * commit '9fa9d471a7af57a62843fdae0dc36e67960c3f3d': arm: dsputil: prettify some conditional instructions in put_pixels macros Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:10:31 +01:00
Michael Niedermayer	78518fb928	Merge commit '6dd19ffd39babd651744082301d133264a30882c' into release/0.10 * commit '6dd19ffd39babd651744082301d133264a30882c': arm: dsputil: fix overreads in put/avg_pixels functions Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-03-11 21:10:08 +01:00
Michael Niedermayer	335ec616cc	utvideodec: Handle slice_height being zero Fixes out of array accesses. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Bug-Id: CVE-2014-9604 Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit `0ce3a0f9d9`) (cherry picked from commit `3a417a86b3`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `e032e647dd`) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit `789f433bc6`) Conflicts: libavcodec/utvideodec.c	2015-03-09 22:08:49 -04:00

1 2 3 4 5 ...

18054 Commits