[FFmpeg-cvslog] avcodec/ffv1dec: Fix off by 1 error in quant_table_count check
ffmpeg | branch: release/2.4 | Michael Niedermayer | Sat Sep 26 13:20:59 2015 +0200| [a2a93b0a8f5d77e244cbdbac2724855b217c29e6] | committer: Michael Niedermayer avcodec/ffv1dec: Fix off by 1 error in quant_table_count check Fixes: invalid_read.nut Found-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 2d221d9e069e6269cb41f3678f2734800171d87b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a2a93b0a8f5d77e244cbdbac2724855b217c29e6 --- libavcodec/ffv1dec.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 475b1ad..0ca58f4 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -306,7 +306,7 @@ static int decode_slice_header(FFV1Context *f, FFV1Context *fs) for (i = 0; i < f->plane_count; i++) { PlaneContext * const p = &fs->plane[i]; int idx = get_symbol(c, state, 0); -if (idx > (unsigned)f->quant_table_count) { +if (idx >= (unsigned)f->quant_table_count) { av_log(f->avctx, AV_LOG_ERROR, "quant_table_index out of range\n"); return -1; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/httpauth: Add space after commas in HTTP/RTSP auth header
ffmpeg | branch: release/2.4 | Andrey Utkin | Thu Oct 1 13:56:31 2015 +0300| [eaf03fa8304c7a9ace12f203811641efd64c0c0f] | committer: Michael Niedermayer avformat/httpauth: Add space after commas in HTTP/RTSP auth header This fixes access to Grandstream cameras, which return 401 to ffmpeg otherwise. VLC sends Authorization: header with spaces between parameters, and it is known to work with Grandstream devices and broad range of other HTTP and RTSP servers, so author considers switching to such behaviour safe. Just for record - RFC 2617 (HTTP Auth) does not specify the need in spaces, so this is not a bug of FFmpeg. Signed-off-by: Michael Niedermayer (cherry picked from commit fdb32838723effb4560a345013387ea37b85ff20) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eaf03fa8304c7a9ace12f203811641efd64c0c0f --- libavformat/httpauth.c | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libavformat/httpauth.c b/libavformat/httpauth.c index dbe3eff..18cf36b 100644 --- a/libavformat/httpauth.c +++ b/libavformat/httpauth.c @@ -220,21 +220,21 @@ static char *make_digest_auth(HTTPAuthState *state, const char *username, /* TODO: Escape the quoted strings properly. */ av_strlcatf(authstr, len, "username=\"%s\"", username); -av_strlcatf(authstr, len, ",realm=\"%s\"", state->realm); -av_strlcatf(authstr, len, ",nonce=\"%s\"", digest->nonce); -av_strlcatf(authstr, len, ",uri=\"%s\"", uri); -av_strlcatf(authstr, len, ",response=\"%s\"", response); +av_strlcatf(authstr, len, ", realm=\"%s\"", state->realm); +av_strlcatf(authstr, len, ", nonce=\"%s\"", digest->nonce); +av_strlcatf(authstr, len, ", uri=\"%s\"", uri); +av_strlcatf(authstr, len, ", response=\"%s\"", response); // we are violating the RFC and use "" because all others seem to do that too. if (digest->algorithm[0]) -av_strlcatf(authstr, len, ",algorithm=\"%s\"", digest->algorithm); +av_strlcatf(authstr, len, ", algorithm=\"%s\"", digest->algorithm); if (digest->opaque[0]) -av_strlcatf(authstr, len, ",opaque=\"%s\"", digest->opaque); +av_strlcatf(authstr, len, ", opaque=\"%s\"", digest->opaque); if (digest->qop[0]) { -av_strlcatf(authstr, len, ",qop=\"%s\"",digest->qop); -av_strlcatf(authstr, len, ",cnonce=\"%s\"", cnonce); -av_strlcatf(authstr, len, ",nc=%s", nc); +av_strlcatf(authstr, len, ", qop=\"%s\"",digest->qop); +av_strlcatf(authstr, len, ", cnonce=\"%s\"", cnonce); +av_strlcatf(authstr, len, ", nc=%s", nc); } av_strlcatf(authstr, len, "\r\n"); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/mov: Fix integer overflow in FFABS
ffmpeg | branch: release/2.4 | Michael Niedermayer | Thu Sep 3 09:20:23 2015 +0200| [79b16c6e5e2f29b48a562f3829800909b8d398d6] | committer: Michael Niedermayer avformat/mov: Fix integer overflow in FFABS Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 053e80f6eaf8d87521fe58ea96886b6ee0bbe59d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79b16c6e5e2f29b48a562f3829800909b8d398d6 --- libavformat/mov.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mov.c b/libavformat/mov.c index 3973081..6f46dbb 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -2083,7 +2083,7 @@ static int mov_read_ctts(MOVContext *c, AVIOContext *pb, MOVAtom atom) av_dlog(c->fc, "count=%d, duration=%d\n", count, duration); -if (FFABS(duration) > (1<<28) && i+2fc, AV_LOG_WARNING, "CTTS invalid\n"); av_freep(&sc->ctts_data); sc->ctts_count = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise
ffmpeg | branch: release/2.4 | Michael Niedermayer | Tue Sep 29 13:08:48 2015 +0200| [71fc26403f14ea34978b5efe4dd828248167ab09] | committer: Michael Niedermayer avcodec/x86/sbrdsp: Fix using uninitialized upper 32bit of noise Fixes crash Fixes: flicker-1.scout3d21443372922.28.m4a Found-by: Dale Curtis Signed-off-by: Michael Niedermayer (cherry picked from commit 1b82b934a166e60f64e966eaa97512ba9dcb615b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71fc26403f14ea34978b5efe4dd828248167ab09 --- libavcodec/x86/sbrdsp.asm |1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/x86/sbrdsp.asm b/libavcodec/x86/sbrdsp.asm index 6f2e4f4..f7f7fe9 100644 --- a/libavcodec/x86/sbrdsp.asm +++ b/libavcodec/x86/sbrdsp.asm @@ -381,6 +381,7 @@ apply_noise_main: %else %define count m_maxq %endif +movsxdifnidnnoiseq, noised decnoiseq shlcount, 2 %ifdef PIC ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/g2meet: Fix potential overflow in tile dimensions check
ffmpeg | branch: release/2.4 | Michael Niedermayer | Fri Sep 4 12:10:02 2015 +0200| [47b6ea314df6df4021690a98616d3fa73e07d0df] | committer: Michael Niedermayer avcodec/g2meet: Fix potential overflow in tile dimensions check Fixes CID1322351 Signed-off-by: Michael Niedermayer (cherry picked from commit 71ec8e1ed6cf4947e204e3e4b5929a44c054f5fb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=47b6ea314df6df4021690a98616d3fa73e07d0df --- libavcodec/g2meet.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index d0cb88c..302dc9d 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -738,7 +738,7 @@ static int g2m_decode_frame(AVCodecContext *avctx, void *data, c->tile_height = bytestream2_get_be32(&bc); if (c->tile_width <= 0 || c->tile_height <= 0 || ((c->tile_width | c->tile_height) & 0xF) || -c->tile_width * 4LL * c->tile_height >= INT_MAX +c->tile_width * (uint64_t)c->tile_height >= INT_MAX / 4 ) { av_log(avctx, AV_LOG_ERROR, "Invalid tile dimensions %dx%d\n", ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream.
ffmpeg | branch: release/2.4 | Simon Thelen | Fri Sep 11 21:49:07 2015 +0200| [c6769b6d56bea1548a1c0167fdc322991bd46e50] | committer: Michael Niedermayer lavf/webvttenc: Require webvtt file to contain exactly one WebVTT stream. Not requiring this can end up producing hilariously broken files together with -c:s copy (e.g. a webvtt file containing binary subtitle data). Signed-off-by: Simon Thelen Signed-off-by: Michael Niedermayer (cherry picked from commit b84232694ef0c6897e82b52326c9ea4027c69ec4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c6769b6d56bea1548a1c0167fdc322991bd46e50 --- libavformat/webvttenc.c |6 ++ 1 file changed, 6 insertions(+) diff --git a/libavformat/webvttenc.c b/libavformat/webvttenc.c index b93993d..c386538 100644 --- a/libavformat/webvttenc.c +++ b/libavformat/webvttenc.c @@ -46,8 +46,14 @@ static void webvtt_write_time(AVIOContext *pb, int64_t millisec) static int webvtt_write_header(AVFormatContext *ctx) { AVStream *s = ctx->streams[0]; +AVCodecContext *avctx = ctx->streams[0]->codec; AVIOContext *pb = ctx->pb; +if (ctx->nb_streams != 1 || avctx->codec_id != AV_CODEC_ID_WEBVTT) { +av_log(ctx, AV_LOG_ERROR, "Exactly one WebVTT stream is needed.\n"); +return AVERROR(EINVAL); +} + avpriv_set_pts_info(s, 64, 1, 1000); avio_printf(pb, "WEBVTT\n"); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG
ffmpeg | branch: release/2.4 | Michael Niedermayer | Fri Sep 11 13:28:51 2015 +0200| [7cdd319b01cfacc5ab07744ee3422a46b6f2c754] | committer: Michael Niedermayer avcodec/mjpegdec: Fix decoding RGBA RCT LJPEG Signed-off-by: Michael Niedermayer (cherry picked from commit 055e56e9f76da3298f1b59bf5ea46f570e844600) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7cdd319b01cfacc5ab07744ee3422a46b6f2c754 --- libavcodec/mjpegdec.c |9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index c2a92fa..4a78625 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -946,7 +946,14 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, int nb_components, int p skip_bits(&s->gb, 16); /* skip RSTn */ } } -if (s->nb_components == 4) { +if (s->rct && s->nb_components == 4) { +for (mb_x = 0; mb_x < s->mb_width; mb_x++) { +ptr[4*mb_x + 2] = buffer[mb_x][0] - ((buffer[mb_x][1] + buffer[mb_x][2] - 0x200) >> 2); +ptr[4*mb_x + 1] = buffer[mb_x][1] + ptr[4*mb_x + 2]; +ptr[4*mb_x + 3] = buffer[mb_x][2] + ptr[4*mb_x + 2]; +ptr[4*mb_x + 0] = buffer[mb_x][3]; +} +} else if (s->nb_components == 4) { for(i=0; icomp_index[i]; if (s->bits <= 8) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] swresample/swresample: Fix integer overflow in seed calculation
ffmpeg | branch: release/2.4 | Michael Niedermayer | Thu Sep 3 09:22:31 2015 +0200| [f66787d3452c993ed0285cbb44369a558c733703] | committer: Michael Niedermayer swresample/swresample: Fix integer overflow in seed calculation Fixes CID1322333 Signed-off-by: Michael Niedermayer (cherry picked from commit 32f53958b8f6ed4c3c2a7447c1e47d012796fae2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f66787d3452c993ed0285cbb44369a558c733703 --- libswresample/swresample.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libswresample/swresample.c b/libswresample/swresample.c index 3e23912..e9bc659 100644 --- a/libswresample/swresample.c +++ b/libswresample/swresample.c @@ -638,7 +638,7 @@ static int swr_convert_internal(struct SwrContext *s, AudioData *out, int out_co return ret; if(ret) for(ch=0; chdither.noise.ch_count; ch++) -if((ret=swri_get_dither(s, s->dither.noise.ch[ch], s->dither.noise.count, 12345678913579dither.noise.ch[ch], s->dither.noise.count, (12345678913579ULL*ch + 3141592) % 2718281828U, s->dither.noise.fmt))<0) return ret; av_assert0(s->dither.noise.ch_count == preout->ch_count); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avutil/common: Document FFABS() corner case
ffmpeg | branch: release/2.4 | Michael Niedermayer | Thu Sep 3 02:00:05 2015 +0200| [7ffe708297e900889f6979eee292b766b1f1872a] | committer: Michael Niedermayer avutil/common: Document FFABS() corner case Signed-off-by: Michael Niedermayer (cherry picked from commit 733511fb53fedd3adaaeabc5db9d0b29e71ea1d3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ffe708297e900889f6979eee292b766b1f1872a --- libavutil/common.h |6 ++ 1 file changed, 6 insertions(+) diff --git a/libavutil/common.h b/libavutil/common.h index c82a3a6..a48959d 100644 --- a/libavutil/common.h +++ b/libavutil/common.h @@ -58,6 +58,12 @@ : ((a) + (1<<(b)) - 1) >> (b)) #define FFUDIV(a,b) (((a)>0 ?(a):(a)-(b)+1) / (b)) #define FFUMOD(a,b) ((a)-(b)*FFUDIV(a,b)) + +/** + * Absolute value, Note, INT_MIN / INT64_MIN result in undefined behavior as they + * are not representable as absolute values of their type. This is the same + * as with *abs() + */ #define FFABS(a) ((a) >= 0 ? (a) : (-(a))) #define FFSIGN(a) ((a) > 0 ? 1 : -1) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/tta: Check init_get_bits8() for failure
ffmpeg | branch: release/2.4 | Michael Niedermayer | Fri Sep 4 01:18:13 2015 +0200| [ec35bb729cdd36a757f6180fc3c69b76404e773a] | committer: Michael Niedermayer avcodec/tta: Check init_get_bits8() for failure Fixes: CID1322319 Signed-off-by: Michael Niedermayer (cherry picked from commit f1593e4ca564cdb7f3194a9eee1dea16df41142d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ec35bb729cdd36a757f6180fc3c69b76404e773a --- libavcodec/tta.c |6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavcodec/tta.c b/libavcodec/tta.c index 5fdbac8..1c4316b 100644 --- a/libavcodec/tta.c +++ b/libavcodec/tta.c @@ -123,6 +123,7 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) TTAContext *s = avctx->priv_data; GetBitContext gb; int total_frames; +int ret; s->avctx = avctx; @@ -131,7 +132,10 @@ static av_cold int tta_decode_init(AVCodecContext * avctx) return AVERROR_INVALIDDATA; s->crc_table = av_crc_get_table(AV_CRC_32_IEEE_LE); -init_get_bits8(&gb, avctx->extradata, avctx->extradata_size); +ret = init_get_bits8(&gb, avctx->extradata, avctx->extradata_size); +if (ret < 0) +return ret; + if (show_bits_long(&gb, 32) == AV_RL32("TTA1")) { /* signature */ skip_bits_long(&gb, 32); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/dump: Fix integer overflow in aspect ratio calculation
ffmpeg | branch: release/2.4 | Michael Niedermayer | Thu Sep 3 02:49:44 2015 +0200| [e5c9396a029322b1a43e24b6dbe1cb2ec76bf0f1] | committer: Michael Niedermayer avformat/dump: Fix integer overflow in aspect ratio calculation Fixes: unknown_unknown_19e_414_cov_764838672_bellhamlam.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit d1bdaf3fb2c45020f72a378bb64eab1bf136581c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5c9396a029322b1a43e24b6dbe1cb2ec76bf0f1 --- libavformat/dump.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/dump.c b/libavformat/dump.c index 3a7adbe..c4434b3 100644 --- a/libavformat/dump.c +++ b/libavformat/dump.c @@ -363,8 +363,8 @@ static void dump_stream_format(AVFormatContext *ic, int i, av_cmp_q(st->sample_aspect_ratio, st->codec->sample_aspect_ratio)) { AVRational display_aspect_ratio; av_reduce(&display_aspect_ratio.num, &display_aspect_ratio.den, - st->codec->width * st->sample_aspect_ratio.num, - st->codec->height * st->sample_aspect_ratio.den, + st->codec->width * (int64_t)st->sample_aspect_ratio.num, + st->codec->height * (int64_t)st->sample_aspect_ratio.den, 1024 * 1024); av_log(NULL, AV_LOG_INFO, ", SAR %d:%d DAR %d:%d", st->sample_aspect_ratio.num, st->sample_aspect_ratio.den, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/rangecoder: Check e
ffmpeg | branch: release/2.4 | Michael Niedermayer | Fri Sep 25 14:26:14 2015 +0200| [b5b29b22c0f8b49db045edb33254291486cb0db7] | committer: Michael Niedermayer avcodec/rangecoder: Check e Fixes hang.nut Found-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit b2955b6c5aed11026ec5c7164462899a10cdb937) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b5b29b22c0f8b49db045edb33254291486cb0db7 --- libavcodec/ffv1dec.c |5 - libavcodec/snow.h|2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 760d74f..26ed2ee 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -47,8 +47,11 @@ static inline av_flatten int get_symbol_inline(RangeCoder *c, uint8_t *state, else { int i, e, a; e = 0; -while (get_rac(c, state + 1 + FFMIN(e, 9))) // 1..10 +while (get_rac(c, state + 1 + FFMIN(e, 9))) { // 1..10 e++; +if (e > 31) +return AVERROR_INVALIDDATA; +} a = 1; for (i = e - 1; i >= 0; i--) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index 46df46c..d2fcc7c 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -555,6 +555,8 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){ e= 0; while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10 e++; +if (e > 31) +return AVERROR_INVALIDDATA; } a= 1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/svq1dec: Check init_get_bits8() for failure
ffmpeg | branch: release/2.4 | Michael Niedermayer | Fri Sep 4 01:18:13 2015 +0200| [45c30d84b6c57b529687096bd7043c6999bd2d14] | committer: Michael Niedermayer avcodec/svq1dec: Check init_get_bits8() for failure Fixes: CID1322313 Signed-off-by: Michael Niedermayer (cherry picked from commit a51d4246d8ac96acee735e7e5dedb9d9ef27a594) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45c30d84b6c57b529687096bd7043c6999bd2d14 --- libavcodec/svq1dec.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c index 2f9ea16..1212522 100644 --- a/libavcodec/svq1dec.c +++ b/libavcodec/svq1dec.c @@ -617,9 +617,12 @@ static int svq1_decode_frame(AVCodecContext *avctx, void *data, uint8_t *current; int result, i, x, y, width, height; svq1_pmv *pmv; +int ret; /* initialize bit buffer */ -init_get_bits8(&s->gb, buf, buf_size); +ret = init_get_bits8(&s->gb, buf, buf_size); +if (ret < 0) +return ret; /* decode frame header */ s->frame_code = get_bits(&s->gb, 22); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/g2meet: Also clear tile dimensions on header_fail
ffmpeg | branch: release/2.4 | Michael Niedermayer | Fri Sep 4 12:11:46 2015 +0200| [873ee14b560fa43a25b6ac88b23f9784eda53eeb] | committer: Michael Niedermayer avcodec/g2meet: Also clear tile dimensions on header_fail Signed-off-by: Michael Niedermayer (cherry picked from commit fb0466699575724923aeddc4490302180dfdf4af) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=873ee14b560fa43a25b6ac88b23f9784eda53eeb --- libavcodec/g2meet.c |2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c index 302dc9d..16f46e2 100644 --- a/libavcodec/g2meet.c +++ b/libavcodec/g2meet.c @@ -869,6 +869,8 @@ header_fail: c->height = 0; c->tiles_x = c->tiles_y = 0; +c->tile_width = +c->tile_height = 0; return ret; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/truemotion1: Check for even width
ffmpeg | branch: release/2.4 | Michael Niedermayer | Tue Sep 1 04:57:22 2015 +0200| [6f08086992c3fad68fbaca03b0ca2a42f0ad0d67] | committer: Michael Niedermayer avcodec/truemotion1: Check for even width Fixes out of array access Fixes: 87196d8bbc633629fc9dd851fce73e70/asan_heap-oob_26f6853_862_cov_585961513_sonic3dblast_intro-partial.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 63fb5a6aefb4223334001fd2c0d82a5e22e3b528) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6f08086992c3fad68fbaca03b0ca2a42f0ad0d67 --- libavcodec/truemotion1.c |4 1 file changed, 4 insertions(+) diff --git a/libavcodec/truemotion1.c b/libavcodec/truemotion1.c index 660ecf5..b2de889 100644 --- a/libavcodec/truemotion1.c +++ b/libavcodec/truemotion1.c @@ -402,6 +402,10 @@ static int truemotion1_decode_header(TrueMotion1Context *s) new_pix_fmt = AV_PIX_FMT_RGB555; // RGB565 is supported as well s->w >>= width_shift; +if (s->w & 1) { +avpriv_request_sample(s->avctx, "Frame with odd width"); +return AVERROR_PATCHWELCOME; +} if (s->w != s->avctx->width || s->h != s->avctx->height || new_pix_fmt != s->avctx->pix_fmt) { ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/ffv1dec: Explicitly check read_quant_table() return value
ffmpeg | branch: release/2.4 | Michael Niedermayer | Sat Sep 26 13:09:59 2015 +0200| [ac19d8eb3ac797eb8826909c6f16f47df349e070] | committer: Michael Niedermayer avcodec/ffv1dec: Explicitly check read_quant_table() return value Forwards the error code, avoids potential integer overflow Signed-off-by: Michael Niedermayer (cherry picked from commit 10bbf6cf622f8a954c6cc694ca07c24f989c99af) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac19d8eb3ac797eb8826909c6f16f47df349e070 --- libavcodec/ffv1dec.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 26ed2ee..475b1ad 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -503,7 +503,10 @@ static int read_quant_tables(RangeCoder *c, int context_count = 1; for (i = 0; i < 5; i++) { -context_count *= read_quant_table(c, quant_table[i], context_count); +int ret = read_quant_table(c, quant_table[i], context_count); +if (ret < 0) +return ret; +context_count *= ret; if (context_count > 32768U) { return AVERROR_INVALIDDATA; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/af_asyncts: use llabs for int64_t
ffmpeg | branch: release/2.4 | Ganesh Ajjanagadde | Sat Sep 5 20:42:02 2015 -0700| [3ea20e60dc5d6362dba02c4fb19e44e4943046ad] | committer: Michael Niedermayer avfilter/af_asyncts: use llabs for int64_t long may not be 64 bit on all platforms; so labs on int64_t is unsafe. This fixes a warning reported in: http://fate.ffmpeg.org/log.cgi?time=20150905071512&log=compile&slot=i386-darwin-clang-polly-3.7 Signed-off-by: Ganesh Ajjanagadde Signed-off-by: Michael Niedermayer (cherry picked from commit d74123d03eb1047b844bc39fbde26f199c72cbcb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ea20e60dc5d6362dba02c4fb19e44e4943046ad --- libavfilter/af_asyncts.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/af_asyncts.c b/libavfilter/af_asyncts.c index 5f8e1f6..4be093b 100644 --- a/libavfilter/af_asyncts.c +++ b/libavfilter/af_asyncts.c @@ -205,7 +205,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *buf) delta= pts - s->pts - get_delay(s); out_size = avresample_available(s->avr); -if (labs(delta) > s->min_delta || +if (llabs(delta) > s->min_delta || (s->first_frame && delta && s->first_pts != AV_NOPTS_VALUE)) { av_log(ctx, AV_LOG_VERBOSE, "Discontinuity - %"PRId64" samples.\n", delta); out_size = av_clipl_int32((int64_t)out_size + delta); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/libopusenc: Fix infinite loop on flushing after 0 input
ffmpeg | branch: release/2.4 | Michael Niedermayer | Thu Aug 27 12:44:31 2015 +0200| [ab79e3d1a5f9b2d677273d15970a719b8be039bf] | committer: Michael Niedermayer avcodec/libopusenc: Fix infinite loop on flushing after 0 input Signed-off-by: Michael Niedermayer (cherry picked from commit 6701c92fa4269872856c70c3170a9b3291b46247) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab79e3d1a5f9b2d677273d15970a719b8be039bf --- libavcodec/libopusenc.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/libopusenc.c b/libavcodec/libopusenc.c index 9a1952a..dadd7f0 100644 --- a/libavcodec/libopusenc.c +++ b/libavcodec/libopusenc.c @@ -324,7 +324,7 @@ static int libopus_encode(AVCodecContext *avctx, AVPacket *avpkt, } else audio = frame->data[0]; } else { -if (!opus->afq.remaining_samples) +if (!opus->afq.remaining_samples || (!opus->afq.frame_alloc && !opus->afq.frame_count)) return 0; audio = opus->samples; memset(audio, 0, opus->opts.packet_size * sample_size); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Update for 2.8.4
ffmpeg | branch: release/2.8 | Michael Niedermayer | Sun Dec 6 10:42:02 2015 +0100| [913c642c21dd608cc53ea2482e9b4d3141bcd542] | committer: Michael Niedermayer Update for 2.8.4 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=913c642c21dd608cc53ea2482e9b4d3141bcd542 --- Changelog| 40 RELEASE |2 +- doc/Doxyfile |2 +- 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index 7e70b11..2ea0727 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,46 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 2.8.4 +- libvpxenc: remove some unused ctrl id mappings +- avcodec/vp3: ensure header is parsed successfully before tables +- avcodec/jpeg2000dec: Check bpno in decode_cblk() +- avcodec/pgssubdec: Fix left shift of 255 by 24 places cannot be represented in type int +- swscale/utils: Fix for runtime error: left shift of negative value -1 +- avcodec/hevc: Fix integer overflow of entry_point_offset +- avcodec/dirac_parser: Check that there is a previous PU before accessing it +- avcodec/dirac_parser: Add basic validity checks for next_pu_offset and prev_pu_offset +- avcodec/dirac_parser: Fix potential overflows in pointer checks +- avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows +- avcodec/wmaprodec: Fix overflow of cutoff +- avformat/smacker: fix integer overflow with pts_inc +- avcodec/vp3: Fix "runtime error: left shift of negative value" +- avformat/riffdec: Initialize bitrate +- mpegencts: Fix overflow in cbr mode period calculations +- avutil/timecode: Fix fps check +- avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for overflows +- avcodec/apedec: Check length in long_filter_high_3800() +- avcodec/vp3: always set pix_fmt in theora_decode_header() +- avcodec/mpeg4videodec: Check available data before reading custom matrix +- avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd +- avutil/integer: Fix av_mod_i() with negative dividend +- avformat/dump: Fix integer overflow in av_dump_format() +- avcodec/h264_refs: Check that long references match before use +- avcodec/utils: Clear dimensions in ff_get_buffer() on failure +- avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string() +- avcodec/hevc: Check max ctb addresses for WPP +- avcodec/vp3: Clear context on reinitialization failure +- avcodec/hevc: allocate entries unconditionally +- avcodec/hevc_cabac: Fix multiple integer overflows +- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*() +- avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*() +- avcodec/hevc: Check entry_point_offsets +- lavf/rtpenc_jpeg: Less strict check for standard Huffman tables. +- avcodec/ffv1dec: Clear quant_table_count if its invalid +- avcodec/ffv1dec: Print an error if the quant table count is invalid +- doc/filters/drawtext: fix centering example + + version 2.8.3 - avcodec/cabac: Check initial cabac decoder state - avcodec/cabac_functions: Fix "left shift of negative value -31767" diff --git a/RELEASE b/RELEASE index 9f8d8a9..2701a22 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -2.8.3 +2.8.4 diff --git a/doc/Doxyfile b/doc/Doxyfile index f4e3ca8..5c4b466 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -31,7 +31,7 @@ PROJECT_NAME = FFmpeg # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.8.3 +PROJECT_NUMBER = 2.8.4 # With the PROJECT_LOGO tag one can specify a logo or icon that is included # in the documentation. The maximum height of the logo should not exceed 55 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avfilter/af_stereotools: fix logic fail
ffmpeg | branch: master | Paul B Mahol | Sun Dec 6 10:09:09 2015 +0100| [3e1724baf8aaf8bd591acd44f260e9d69cf94fdc] | committer: Paul B Mahol avfilter/af_stereotools: fix logic fail Signed-off-by: Paul B Mahol > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e1724baf8aaf8bd591acd44f260e9d69cf94fdc --- libavfilter/af_stereotools.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/af_stereotools.c b/libavfilter/af_stereotools.c index 00a0dde..8ab184d 100644 --- a/libavfilter/af_stereotools.c +++ b/libavfilter/af_stereotools.c @@ -110,7 +110,7 @@ static int config_input(AVFilterLink *inlink) StereoToolsContext *s = ctx->priv; s->length = 2 * inlink->sample_rate * 0.05; -if (s->length <= 1 && s->length & 1) { +if (s->length <= 1 || s->length & 1) { av_log(ctx, AV_LOG_ERROR, "sample rate is too small\n"); return AVERROR(EINVAL); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] libavutil: add version component accessor macros
ffmpeg | branch: master | Reynaldo H. Verdejo Pinochet | Fri Dec 4 14:07:23 2015 -0800| [21c34cb26154a5eadd6e10df86c20e2df3a7bd55] | committer: Reynaldo H. Verdejo Pinochet libavutil: add version component accessor macros Pretty standard macros, these should help libav* users avoid repeating ver.si.on parsing code, which aids in compatibility-checking tasks like identifying FFmpeg from Libav (_MICRO >= 100 check). Something many are doing since we are not intercompatible anymore. Signed-off-by: Reynaldo H. Verdejo Pinochet > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=21c34cb26154a5eadd6e10df86c20e2df3a7bd55 --- libavutil/version.h | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libavutil/version.h b/libavutil/version.h index bf0a929..e7f0488 100644 --- a/libavutil/version.h +++ b/libavutil/version.h @@ -37,6 +37,14 @@ #define AV_VERSION(a, b, c) AV_VERSION_DOT(a, b, c) /** + * Extract version components from the full ::AV_VERSION_INT int as returned + * by functions like ::avformat_version() and ::avcodec_version() + */ +#define AV_VERSION_MAJOR(a) ((a) >> 16) +#define AV_VERSION_MINOR(a) (((a) & 0x00FF00) >> 8) +#define AV_VERSION_MICRO(a) ((a) & 0xFF) + +/** * @} */ @@ -56,7 +64,7 @@ */ #define LIBAVUTIL_VERSION_MAJOR 55 -#define LIBAVUTIL_VERSION_MINOR 9 +#define LIBAVUTIL_VERSION_MINOR 10 #define LIBAVUTIL_VERSION_MICRO 100 #define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog