get_len can overflow for specially crafted payload.
Reported-By: Don A. Baley <donb@securitymouse.com>
CC: libav-stable@libav.org
(cherry picked from commit ccda51b14c)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavutil/lzo.c
Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list)
Fixes: LMS-2014-06-16-4
Found-by: "Don A. Bailey" <donb@securitymouse.com>
See: ccda51b14c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d6af26c55c)
Conflicts:
libavutil/lzo.c
(cherry picked from commit 7b5c706494)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '2c1d84499bfe06d75e9160b824eeffd9f5587337':
lagarith: pad RGB buffer by 1 byte.
truemotion1: check the header size
shorten: pad the internal bitstream buffer
samplefmt: avoid integer overflow in av_samples_get_buffer_size()
h264: Fix a typo from the previous commit
h264: Lower bound check for slice offsets
rpza: limit the number of blocks to the total remaining blocks in the frame
Conflicts:
libavcodec/lagarith.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '36017d49e2f797f7371dc24848a2285ca63e39ab':
Prepare for 0.8.11 Release
lavf: make av_probe_input_buffer more robust
Updated Changelog for 0.8.10
oggparseogm: check timing variables
mathematics: remove asserts from av_rescale_rnd()
vc1: Always reset numref when parsing a new frame header.
h264: reset num_reorder_frames if it is invalid
Conflicts:
RELEASE
libavcodec/vc1.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '979f77b0dc40571761999633a38d97be9a1670c8':
h264: check that an IDR NAL only contains I slices
mov: Free an earlier allocated array if allocating a new one
segafilm: fix leaks if reading the header fails
h264_cavlc: check the size of the intra PCM data.
cavs: Check for negative cbp
avi: DV in AVI must be considered single stream
avutil: use align == 0 for default alignment in audio sample buffer functions
Conflicts:
libavcodec/cavsdec.c
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
It is a public function, it must not assert on its parameters.
(cherry picked from commit 94a417acc0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 03bfd8419f)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* commit '327ff82bac3081d918dceb4931c77e25d0a1480d':
msrle: convert MS RLE decoding function to bytestream2.
Update Changelog for the 0.8.6 Release
wmaprodec: require block_align to be set.
ivi_common: do not call MC for intra frames when dc_transform is unset
roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
Revert "libmp3lame: use the correct remaining buffer size when flushing"
lzo: fix overflow checking in copy_backptr()
flacdec: simplify bounds checking in flac_probe()
atrac3: avoid oversized shifting in decode_bytes()
avconv: skip attached files when selecting streams to read from.
lavf: fix arithmetic overflows in avformat_seek_file()
Conflicts:
Changelog
avconv.c
libavcodec/libmp3lame.c
libavcodec/msrledec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The check `src > dst' in the form `&c->out[-back] > c->out' invokes
pointer overflow, which is undefined behavior in C.
Remove the check. Also replace `&c->out[-back] < c->out_start' with
a safe form `c->out - c->out_start < back' to avoid overflow.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ca6c3f2c53)
Conflicts:
libavutil/lzo.c
* qatar/release/0.8:
Update Changelog
h264: check ref_count validity for num_ref_idx_active_override_flag
h264: check context state before decoding slice data partitions
oggdec: free the ogg streams on read_header failure
oggdec: check memory allocation
Fix uninitialized reads on malformed ogg files.
rtsp: Recheck the reordering queue if getting a new packet
opt: avoid segfault in av_opt_next() if the class does not have an option list
alacdec: do not be too strict about the extradata size
Conflicts:
Changelog
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.8: (23 commits)
snow: Check mallocs at init
vorbis: Validate that the floor 1 X values contain no duplicates.
vorbisenc: check all allocations for failure
indeo3: validate new frame size before resetting decoder
lavfi: avfilter_merge_formats: handle case where inputs are same
rv34: error out on size changes with frame threading
rv34: Handle only complete frames in frame-mt.
rv34: use AVERROR return values in ff_rv34_decode_frame()
vlc/rl: Add ff_ prefix to the nonstatic symbols
h263: Add ff_ prefix to nonstatic symbols
alsdec: check opt_order.
golomb: check remaining bits during unary decoding in get_ur_golomb_jpegls()
lavf: don't segfault when a NULL filename is passed to avformat_open_input()
mpegvideo: Don't use ff_mspel_motion() for vc1
imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
eval: fix swapping of lt() and lte()
nuv: check RTjpeg header for validity
Revert "nuv: check per-frame header for validity."
bmpdec: only initialize palette for pal8.
sipr: fall back to setting mode based on bit_rate.
...
Conflicts:
avconv.c
libavcodec/dnxhddec.c
libavcodec/golomb.h
libavcodec/h263.h
libavcodec/imgconvert.c
libavcodec/mpegvideo_common.h
libavcodec/mpegvideo_enc.c
libavcodec/nuv.c
libavcodec/rv34.c
libavcodec/sipr.c
libavcodec/vorbisdec.c
libavcodec/vorbisenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Useful to return instead of -1 when the cause of the error is unknown,
typically from an external library.
(cherry picked from commit c9bca80132)
Conflicts:
doc/APIchanges
libavutil/avutil.h
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The functions are already av_ prefixed and intfloat header is already provided.
Install libavutil/intfloat.h
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 8b933129b9)
Conflicts:
doc/APIchanges
Signed-off-by: Anton Khirnov <anton@khirnov.net>
As the test is run during fate and the benchmark is useless for fate
this very slightly speeds up fate. Its also consistent with the other
tests.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The tool is useful for testing the internal arithmetic evaluation engine
(indeed I plan to use it in FATE), and provides a handy calculator when
you can't rely on bc ;-).
They allow to implement the if/then/else logic, which cannot be
implemented otherwise.
For example the expression:
A*B + not(A)*C
always evaluates to NaN if B is NaN, even in the case where A is 0.
* qatar/master:
fate: Add tests for more AAC features.
aacps: Add missing newline in error message.
fate: Add tests for vc1/wmapro in ism.
aacdec: Add a fate test for 5.1 channel SBR.
aacdec: Turn off PS for multichannel files that use PCE based configs.
cabac: remove put_cabac_u/ueg from cabac-test.
swscale: RGB4444 and BGR444 input
FATE: add test for xWMA demuxer.
FATE: add test for SMJPEG demuxer and associated IMA ADPCM audio decoder.
mpegaudiodec: optimized iMDCT transform
mpegaudiodec: change imdct window arrangment for better pointer alignment
mpegaudiodec: move imdct and windowing function to mpegaudiodsp
mpegaudiodec: interleave iMDCT buffer to simplify future SIMD implementations
swscale: convert yuy2/uyvy/nv12/nv21ToY/UV from inline asm to yasm.
FATE: test to exercise WTV demuxer.
mjpegdec: K&R formatting cosmetics
swscale: K&R formatting cosmetics for code examples
swscale: K&R reformatting cosmetics for header files
FATE test: cvid-grayscale; ensures that the grayscale Cinepak variant is exercised.
Conflicts:
libavcodec/cabac.c
libavcodec/mjpegdec.c
libavcodec/mpegaudiodec.c
libavcodec/mpegaudiodsp.c
libavcodec/mpegaudiodsp.h
libavcodec/mpegaudiodsp_template.c
libavcodec/x86/Makefile
libavcodec/x86/imdct36_sse.asm
libavcodec/x86/mpegaudiodec_mmx.c
libswscale/swscale-test.c
libswscale/swscale.c
libswscale/swscale_internal.h
libswscale/x86/swscale_template.c
tests/fate/demux.mak
tests/fate/microsoft.mak
tests/fate/video.mak
tests/fate/wma.mak
tests/ref/lavfi/pixfmts_scale
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (21 commits)
ipmovie: do not read audio packets before the codec is known
truemotion2: check size before GetBitContext initialisation
avio: Only do implicit network initialization for network protocols
avio: Add an URLProtocol flag for indicating that a protocol uses network
adpcm: ADPCM Electronic Arts has always two channels
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
fate: Add missing reference file from 9b4767e4.
mov: Support MOV_CH_LAYOUT_USE_DESCRIPTIONS for labeled descriptions.
4xm: Prevent buffer overreads.
mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
vp3: add fate test for non-zero last coefficient
vp3: fix streams with non-zero last coefficient
swscale: remove unused U/V arguments from yuv2rgb_write().
timer: K&R formatting cosmetics
lavf: cosmetics, reformat av_read_frame().
lavf: refactor av_read_frame() to make it easier to understand.
Report an error if pitch_lag is zero in AMR-NB decoder.
Revert "4xm: Prevent buffer overreads."
4xm: Prevent buffer overreads.
4xm: pass the correct remaining buffer size to decode_i2_frame().
...
Conflicts:
libavcodec/4xm.c
libavcodec/mjpegdec.c
libavcodec/truemotion2.c
libavformat/ipmovie.c
libavformat/mov_chan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
fate: add dxtory test
adx_parser: rewrite.
adxdec: Validate channel count to fix a division by zero.
adxdec: Do not require extradata.
cmdutils: K&R reformatting cosmetics
alacdec: implement the 2-pass prediction type.
alacenc: implement the 2-pass prediction type.
alacenc: do not generate invalid multi-channel ALAC files
alacdec: fill in missing or guessed info about the extradata format.
utvideo: proper median prediction for interlaced videos
lavu: bump lavu minor for av_popcount64
dca: K&R formatting cosmetics
dct: K&R formatting cosmetics
lavf: flush decoders in avformat_find_stream_info().
win32: detect number of CPUs using affinity
Add av_popcount64
snow: Restore three mistakenly removed casts.
Conflicts:
cmdutils.c
doc/APIchanges
libavcodec/adx_parser.c
libavcodec/adxdec.c
libavcodec/alacenc.c
libavutil/avutil.h
tests/fate/screen.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
