ffmpeg | branch: master | Michael Niedermayer | Sun
Nov 27 03:39:20 2016 +0100| [a06e84b56e936ff3ca090f53d81f9cbc3514e0e0] |
committer: Michael Niedermayer
avformat/utils: Fix type mismatch
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a06e84b
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Sun Nov 13 22:59:47 2016 +0100|
[70ca4ce17a0a56118998afb81374d5b6d287182c] | committer: Andreas Cadhalpun
libschroedingerdec: don't produce empty frames
They are not valid and can cause problems/crashes for API users.
Reviewed-by: Michael Nie
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Wed Nov 9 00:38:50 2016 +0100|
[dc821d42a2fd79ac64161f50decf5922e431445a] | committer: Andreas Cadhalpun
escape124: reject codebook size 0
It causes a cb_depth of 32, leading to assertion failures in get_bits.
Reviewed-by: Michael Niedermaye
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Tue Nov 8 00:42:23 2016 +0100|
[3148d1c25f229e272a9242bfd81eacd6ce3ff716] | committer: Andreas Cadhalpun
matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
The code assumes that s->streams[0] is valid.
Reviewed-by: M
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Tue Nov 8 22:32:42 2016 +0100|
[2260c0776ac664af2d4b09e177d5f1d6fc7864d7] | committer: Andreas Cadhalpun
dvbsubdec: fix division by zero in compute_default_clut
This problem was introduced in commit
4b90dcb8493552c17a811c8b1e6538dae4061f9d.
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Sat Nov 19 14:21:11 2016 +0100|
[8a7b2fbf6f4d902b7ac245ceae7ee1ced5ff9545] | committer: Andreas Cadhalpun
smacker: limit recursion depth of smacker_decode_bigtree
This fixes segmentation faults due to stack-overflow caused by too deep
recursio
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Wed Nov 2 21:28:49 2016 +0100|
[a94f846e2dbac02191551fc0198282ac57a8ffe5] | committer: Andreas Cadhalpun
ppc: pixblockdsp: do unaligned block accesses correctly again
This was broken by the following Libav commit:
4c387c7 ppc: dsputil: do una
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Mon Nov 14 21:41:45 2016 +0100|
[56b120630fd2cd39134fc25cb41caea0b620df7c] | committer: Andreas Cadhalpun
libopusdec: default to stereo for invalid number of channels
This fixes an out-of-bounds read if avc->channels is 0.
Reviewed-by: Michae
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Mon Nov 7 23:37:59 2016 +0100|
[b3ac458a5a207794dd32a06b66bcdd3ccf5c8b39] | committer: Andreas Cadhalpun
mpegts: prevent division by zero
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit 1bbb18fe8
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Wed Nov 9 23:49:46 2016 +0100|
[5c55f9881ed032ff83515f4e39216dee97685a5a] | committer: Andreas Cadhalpun
proresdec_lgpl: explicitly check coff[3] against slice_data_size
The implicit checks via v_data_size and a_data_size don't work in the ca
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Tue Nov 8 23:53:52 2016 +0100|
[8a56b31e7cd1af1e3de59bfe3e79d5d7171404d4] | committer: Andreas Cadhalpun
icodec: fix leaking pkt on error
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit 467eece1b
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Tue Nov 8 23:29:28 2016 +0100|
[71fa32bbb7478a865ba9e955393766f733fdda50] | committer: Andreas Cadhalpun
icodec: correctly check avio_read return value
It can read less than the requested amount, in which case buf contains
uninitialized data,
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Sun Nov 13 18:22:12 2016 +0100|
[d8ec9e97b93eddd1b44e22356e3e242649476cc9] | committer: Andreas Cadhalpun
filmstripdec: correctly check image dimensions
This prevents a division by zero in read_packet.
Reviewed-by: Paul B Mahol
Signed-off-by
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Thu Oct 20 22:14:22 2016 +0200|
[51ff17d6b993fed3eaeddf7e718391f905eec047] | committer: Andreas Cadhalpun
cavsdec: unref frame before referencing again
This fixes asserts (from commit 13aae8) in av_frame_ref and
av_frame_move_ref.
Reviewed-by
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Mon Nov 7 01:16:14 2016 +0100|
[f964046c58fb4ce4aaa31e5ed196f9336e03481b] | committer: Andreas Cadhalpun
mpegaudio_parser: don't return AVERROR_PATCHWELCOME
The API does not allow returning AVERROR codes.
It triggers an assert in av_parser_p
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Wed Oct 19 19:23:49 2016 +0200|
[e14da0578c85721ac6f59ddcd9fb4c778bfc5d09] | committer: Andreas Cadhalpun
avformat: prevent triggering request_probe assert in ff_read_packet
If probe_codec is called with pkt == NULL, it sets probe_packets to 0
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Thu Nov 24 23:57:46 2016 +0100|
[028c87be95dd85329f5c68d78e152d859afec7e9] | committer: Andreas Cadhalpun
mss2: only use error correction for matching block counts
This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2
with co
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Thu Nov 17 22:53:51 2016 +0100|
[8f27508f1cad0adca6486de9265290a6de4e4357] | committer: Andreas Cadhalpun
mxfdec: fix NULL pointer dereference in mxf_read_packet_old
Metadata streams have priv_data set to NULL.
Reviewed-by: Josh de Kock
Sign
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Thu Nov 10 22:09:03 2016 +0100|
[f76947fd567f20287bc8ca8e692a59026bac19e7] | committer: Andreas Cadhalpun
smvjpegdec: make sure cur_frame is not negative
This fixes a heap-buffer-overflow detected by AddressSanitizer.
Reviewed-by: Michael Nie
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Thu Oct 20 22:51:55 2016 +0200|
[c5fb9df38aac5ff5e6c136f2bb7d946822ba4cc9] | committer: Andreas Cadhalpun
mpeg12dec: unref discarded picture from extradata
Otherwise another frame gets referenced into picture, triggering an assert
(from commit
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Sat Nov 5 00:17:53 2016 +0100|
[0cc619e0d7567894bc0f92de963be050c3679492] | committer: Andreas Cadhalpun
mxfdec: fix NULL pointer dereference
Metadata streams have priv_data set to NULL.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andre
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Fri Nov 25 00:26:51 2016 +0100|
[b45e112bbdcc44a96907662136e49514a204543a] | committer: Andreas Cadhalpun
softfloat: decrease MIN_EXP to cover full float range
floats are not necessarily normalized, so a normalized softfloat needs
MIN_EXP lowe
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Sun Nov 13 23:10:06 2016 +0100|
[7552f6fc1bbb5d3a7f1d4c1e9ed89ae1f2e2299b] | committer: Andreas Cadhalpun
libschroedingerdec: fix leaking of framewithpts
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from c
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Thu Nov 10 22:21:20 2016 +0100|
[22cd4aa22116a365d611091916a3eff74e21ec3f] | committer: Andreas Cadhalpun
sbgdec: prevent NULL pointer access
Reviewed-by: Josh de Kock
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit dbefbb61b785c
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Sun Nov 27 00:47:03 2016 +0100|
[970781f5f29d3f7c9b1238b7ac6d94d70048b2f0] | committer: Andreas Cadhalpun
Update Changelog
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=970781f5f29d3f7c9b1238b7ac6d94d70048b2f0
---
Changelog | 2
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Wed Nov 9 01:09:35 2016 +0100|
[0b948b1b8d100491934f00bc6d72009de0c99b05] | committer: Andreas Cadhalpun
pnmdec: make sure v is capped by maxval
Otherwise put_bits can be called with a value that doesn't fit in the
sample_len, causing an asse
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Sun Nov 13 20:52:02 2016 +0100|
[ccda73a711ba0d194e97fac476f9676183281ae7] | committer: Andreas Cadhalpun
softfloat: handle -INT_MAX correctly
This is similar to commit 9ac61e73d0843ec4b83f4e3d47eded73234e406e.
Reviewed-by: Michael Niedermaye
ffmpeg | branch: release/2.8 | Andreas Cadhalpun
| Fri Nov 4 19:00:17 2016 +0100|
[0e8c44076d313c2addc26c2e03c9e6430fa8cecf] | committer: Andreas Cadhalpun
diracdec: check return code of get_buffer_with_edge
If it fails, buffers aren't allocated, causing NULL pointer dereferencing.
Reviewed-
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Thu Nov 17 22:53:51 2016 +0100|
[1c282152c1c7ca23c388ecb04e9997030fbba19a] | committer: Andreas Cadhalpun
mxfdec: fix NULL pointer dereference in mxf_read_packet_old
Metadata streams have priv_data set to NULL.
Reviewed-by: Josh de Kock
Sign
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Fri Nov 4 19:00:17 2016 +0100|
[dcc8d2418acac6539e2533fc046f3d00f1c0c333] | committer: Andreas Cadhalpun
diracdec: check return code of get_buffer_with_edge
If it fails, buffers aren't allocated, causing NULL pointer dereferencing.
Reviewed-
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Mon Nov 14 21:41:45 2016 +0100|
[dbad79248704d4b7cfcabbe46a734c51c1ada9a0] | committer: Andreas Cadhalpun
libopusdec: default to stereo for invalid number of channels
This fixes an out-of-bounds read if avc->channels is 0.
Reviewed-by: Michae
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Wed Nov 9 23:23:16 2016 +0100|
[5d2f1ffef1f26e4d66c8e63ab1101da179af11e6] | committer: Andreas Cadhalpun
pgssubdec: only set w/h/linesize when allocating data
Rects with positive w/h/linesize but no data are invalid.
Reviewed-by: Petri Hintu
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sun Oct 30 21:18:20 2016 +0100|
[aca7f5f0607789b26b1b5d0c2dbe3ae39a229806] | committer: Andreas Cadhalpun
interplayacm: increase bitstream buffer size by AV_INPUT_BUFFER_PADDING_SIZE
This fixes out-of-bounds reads by the bitstream reader.
Rev
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Thu Nov 10 22:21:20 2016 +0100|
[80b85300ae0b8c6c1bb813a4390d94e3ea87b1da] | committer: Andreas Cadhalpun
sbgdec: prevent NULL pointer access
Reviewed-by: Josh de Kock
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit dbefbb61b785c
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Thu Oct 20 22:51:55 2016 +0200|
[30d542d55ddbcb2edb0f1351e1ecb6ad286b37ff] | committer: Andreas Cadhalpun
mpeg12dec: unref discarded picture from extradata
Otherwise another frame gets referenced into picture, triggering an assert
(from commit
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sun Nov 13 20:52:02 2016 +0100|
[48496e4d4fadd01ff3ce45d2540e8cf75ac5cd89] | committer: Andreas Cadhalpun
softfloat: handle -INT_MAX correctly
This is similar to commit 9ac61e73d0843ec4b83f4e3d47eded73234e406e.
Reviewed-by: Michael Niedermaye
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sat Nov 19 14:21:11 2016 +0100|
[48d24cca1308d7cc78aa99827b5449a8577a68a2] | committer: Andreas Cadhalpun
smacker: limit recursion depth of smacker_decode_bigtree
This fixes segmentation faults due to stack-overflow caused by too deep
recursio
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sun Nov 13 22:59:47 2016 +0100|
[57665e04e22a201d3c56072532c15ce6ba71353a] | committer: Andreas Cadhalpun
libschroedingerdec: don't produce empty frames
They are not valid and can cause problems/crashes for API users.
Reviewed-by: Michael Nie
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Fri Nov 4 22:58:49 2016 +0100|
[ef2d91e9c337f50edbc7631485bfec385601f4bb] | committer: Andreas Cadhalpun
lzf: update pointer p after realloc
This fixes heap-use-after-free detected by AddressSanitizer.
Reviewed-by: Luca Barbato
Signed-off-b
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sun Oct 30 21:41:11 2016 +0100|
[aa32d415275613e406a43d8f091d6981e4e1b872] | committer: Andreas Cadhalpun
interplayacm: validate number of channels
The number of channels is used as divisor in decode_frame, so it must
not be zero to avoid SIGF
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Thu Nov 10 22:09:03 2016 +0100|
[69673d02790f7917d11055236ecfa20c9ff8771a] | committer: Andreas Cadhalpun
smvjpegdec: make sure cur_frame is not negative
This fixes a heap-buffer-overflow detected by AddressSanitizer.
Reviewed-by: Michael Nie
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Wed Nov 9 00:38:50 2016 +0100|
[e14cc2f1975b608b630725007bda10f49aa096a1] | committer: Andreas Cadhalpun
escape124: reject codebook size 0
It causes a cb_depth of 32, leading to assertion failures in get_bits.
Reviewed-by: Michael Niedermaye
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Tue Nov 8 00:42:23 2016 +0100|
[5801482379cb053c2901da1058e86365aac563a1] | committer: Andreas Cadhalpun
matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
The code assumes that s->streams[0] is valid.
Reviewed-by: M
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Mon Nov 7 23:37:59 2016 +0100|
[3d82cebdd2bd5424b0eb37b0e39284da19fa0e5b] | committer: Andreas Cadhalpun
mpegts: prevent division by zero
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit 1bbb18fe8
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Fri Nov 25 00:26:51 2016 +0100|
[88bf1d2749624cf78be0c5a5d74c169ad16ba99c] | committer: Andreas Cadhalpun
softfloat: decrease MIN_EXP to cover full float range
floats are not necessarily normalized, so a normalized softfloat needs
MIN_EXP lowe
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Thu Nov 24 23:57:46 2016 +0100|
[0496403c08ab35b20490a48aa9e3fdbd4d3bf27d] | committer: Andreas Cadhalpun
mss2: only use error correction for matching block counts
This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2
with co
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sat Nov 5 00:17:53 2016 +0100|
[e78d9f3f35e379ab7da729360e3eb5ad39c150fa] | committer: Andreas Cadhalpun
mxfdec: fix NULL pointer dereference
Metadata streams have priv_data set to NULL.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andre
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Thu Oct 20 20:13:54 2016 +0200|
[e8ab2bd2ac85ad0b1013f247d35032b7cd7f771e] | committer: Andreas Cadhalpun
dcstr: fix division by zero
Also check for possible overflows.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cher
ffmpeg | branch: release/3.0 | Mark Harris | Mon Feb 15
23:52:13 2016 -0800| [9375a7d85e8bc78dbb5cc101c37ff7c51f7d9b24] | committer:
Andreas Cadhalpun
avformat/icodec: Fix crash probing fuzzed file
Avoid invalid memory read/crash when frame offset >= 0xfff8.
Base64-encoded example: AAABADA
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sun Oct 30 20:47:22 2016 +0100|
[a1e6daeb1e92abf59e6b5a4229948ca54967f759] | committer: Andreas Cadhalpun
interplayacm: check for too large b
This fixes out-of-bounds reads.
Reviewed-by: Paul B Mahol
Signed-off-by: Andreas Cadhalpun
(cherry
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Mon Nov 7 01:16:14 2016 +0100|
[e6197a6ce986af0d2f29ed0b649f3ed531a6d66e] | committer: Andreas Cadhalpun
mpegaudio_parser: don't return AVERROR_PATCHWELCOME
The API does not allow returning AVERROR codes.
It triggers an assert in av_parser_p
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Wed Oct 19 23:40:41 2016 +0200|
[45b18fbb9a7729c91d69d6359a782a0135b5f2b8] | committer: Andreas Cadhalpun
rsd: limit number of channels
Negative values don't make sense and too large values can cause
overflows. For AV_CODEC_ID_ADPCM_THP this l
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Wed Oct 19 19:23:49 2016 +0200|
[0009cf348aa85957dbbe262926e432896a628ff3] | committer: Andreas Cadhalpun
avformat: prevent triggering request_probe assert in ff_read_packet
If probe_codec is called with pkt == NULL, it sets probe_packets to 0
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Wed Nov 9 23:49:46 2016 +0100|
[416a8a06b977d8b3d113945701d9690abfdd7622] | committer: Andreas Cadhalpun
proresdec_lgpl: explicitly check coff[3] against slice_data_size
The implicit checks via v_data_size and a_data_size don't work in the ca
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Wed Nov 2 21:28:49 2016 +0100|
[087b77741526e701d392c038ae765993d60b5fab] | committer: Andreas Cadhalpun
ppc: pixblockdsp: do unaligned block accesses correctly again
This was broken by the following Libav commit:
4c387c7 ppc: dsputil: do una
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Wed Nov 9 01:09:35 2016 +0100|
[b32c9941a21ef44b95489c878b4f6a40c077eb47] | committer: Andreas Cadhalpun
pnmdec: make sure v is capped by maxval
Otherwise put_bits can be called with a value that doesn't fit in the
sample_len, causing an asse
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Tue Nov 8 23:53:52 2016 +0100|
[c3307f7e9e1889c15dcaad1247c8212628474bc5] | committer: Andreas Cadhalpun
icodec: fix leaking pkt on error
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit 467eece1b
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Tue Nov 8 23:54:41 2016 +0100|
[05e6606ba98a53f10213b2f8b07afc3e62731c5a] | committer: Andreas Cadhalpun
icodec: add ico_read_close to fix leaking ico->images
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sun Nov 13 23:10:06 2016 +0100|
[4ffd5805af4a8734d238e561daa63c7b3be5eedb] | committer: Andreas Cadhalpun
libschroedingerdec: fix leaking of framewithpts
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from c
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Thu Oct 20 22:14:22 2016 +0200|
[1d439041ece002c6b2e8e3d57c3b389f9fc279b6] | committer: Andreas Cadhalpun
cavsdec: unref frame before referencing again
This fixes asserts (from commit 13aae8) in av_frame_ref and
av_frame_move_ref.
Reviewed-by
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Tue Nov 8 23:29:28 2016 +0100|
[3047b0a4a3e749e62e413f8fc96ae2e9fe228477] | committer: Andreas Cadhalpun
icodec: correctly check avio_read return value
It can read less than the requested amount, in which case buf contains
uninitialized data,
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Sun Nov 13 18:22:12 2016 +0100|
[e93934e100d41ddb08bb85bf9023ee1716d78718] | committer: Andreas Cadhalpun
filmstripdec: correctly check image dimensions
This prevents a division by zero in read_packet.
Reviewed-by: Paul B Mahol
Signed-off-by
ffmpeg | branch: release/3.0 | Andreas Cadhalpun
| Tue Nov 8 22:32:42 2016 +0100|
[27888d13b8d370b365593312d6755d268a4428f6] | committer: Andreas Cadhalpun
dvbsubdec: fix division by zero in compute_default_clut
This problem was introduced in commit
4b90dcb8493552c17a811c8b1e6538dae4061f9d.
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Nov 17 22:46:40 2016 +0100|
[e2de6f31c0dbc09033f63a94a3795488065d3b6a] | committer: Andreas Cadhalpun
rmdec: validate block alignment
This fixes division by zero crashes.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Fri Nov 4 21:37:13 2016 +0100|
[d0f8741a5a29e6381894fe5eacbeb9145a965b6c] | committer: Andreas Cadhalpun
flvdec: require need_context_update when changing codec id
Otherwise the codec context and codecpar might disagree on the codec id,
trigg
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Mon Nov 14 21:41:45 2016 +0100|
[e70caba38480f11043963bb5eb150cfb2eebd41b] | committer: Andreas Cadhalpun
libopusdec: default to stereo for invalid number of channels
This fixes an out-of-bounds read if avc->channels is 0.
Reviewed-by: Michae
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Oct 30 20:47:22 2016 +0100|
[5ede8a9d8c263ff2741bf6a6c54b76287be2af36] | committer: Andreas Cadhalpun
interplayacm: check for too large b
This fixes out-of-bounds reads.
Reviewed-by: Paul B Mahol
Signed-off-by: Andreas Cadhalpun
(cherry
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Oct 30 21:41:11 2016 +0100|
[d6fbc7a2daf0311fa7c093d48bcf19d1cf35936a] | committer: Andreas Cadhalpun
interplayacm: validate number of channels
The number of channels is used as divisor in decode_frame, so it must
not be zero to avoid SIGF
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Nov 10 22:21:20 2016 +0100|
[312757eb848b96bcc1e0df17312b11a24c4f18d3] | committer: Andreas Cadhalpun
sbgdec: prevent NULL pointer access
Reviewed-by: Josh de Kock
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit dbefbb61b785c
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Oct 20 22:51:55 2016 +0200|
[facf964d37eae50d1fb5c354e8d4ab897a624e45] | committer: Andreas Cadhalpun
mpeg12dec: unref discarded picture from extradata
Otherwise another frame gets referenced into picture, triggering an assert
(from commit
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Nov 9 23:23:16 2016 +0100|
[9b506280dd9b95b944676316ae3f8ea5605a7a10] | committer: Andreas Cadhalpun
pgssubdec: only set w/h/linesize when allocating data
Rects with positive w/h/linesize but no data are invalid.
Reviewed-by: Petri Hintu
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Oct 30 21:18:20 2016 +0100|
[5a1433b19ab396cfdc7d52d9b479a7828ce5c707] | committer: Andreas Cadhalpun
interplayacm: increase bitstream buffer size by AV_INPUT_BUFFER_PADDING_SIZE
This fixes out-of-bounds reads by the bitstream reader.
Rev
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Nov 13 18:22:12 2016 +0100|
[52d8c1e474c3e11fed06cf17e22c1e59406a0ce3] | committer: Andreas Cadhalpun
filmstripdec: correctly check image dimensions
This prevents a division by zero in read_packet.
Reviewed-by: Paul B Mahol
Signed-off-by
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Nov 9 23:49:46 2016 +0100|
[727ec4acc471b167f8af5211e860e2def6d47d02] | committer: Andreas Cadhalpun
proresdec_lgpl: explicitly check coff[3] against slice_data_size
The implicit checks via v_data_size and a_data_size don't work in the ca
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Fri Nov 4 19:00:17 2016 +0100|
[cb0b8182448cd337f8c33cd8686ba0eb04a1] | committer: Andreas Cadhalpun
diracdec: check return code of get_buffer_with_edge
If it fails, buffers aren't allocated, causing NULL pointer dereferencing.
Reviewed-
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Nov 17 22:53:51 2016 +0100|
[315f1dea84a3865dfaf949f99c9828a5b8dd4bcc] | committer: Andreas Cadhalpun
mxfdec: fix NULL pointer dereference in mxf_read_packet_old
Metadata streams have priv_data set to NULL.
Reviewed-by: Josh de Kock
Sign
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Nov 9 01:09:35 2016 +0100|
[a5ba9eab44da13bb0683193e2382f1bfd853a47e] | committer: Andreas Cadhalpun
pnmdec: make sure v is capped by maxval
Otherwise put_bits can be called with a value that doesn't fit in the
sample_len, causing an asse
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Nov 10 22:09:03 2016 +0100|
[eaf79ac2d9c18bce3c1990dbf6722e90d9c788b1] | committer: Andreas Cadhalpun
smvjpegdec: make sure cur_frame is not negative
This fixes a heap-buffer-overflow detected by AddressSanitizer.
Reviewed-by: Michael Nie
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Tue Nov 8 22:32:42 2016 +0100|
[5c2e26275cb130293691ed0b335db0a67e8abbcf] | committer: Andreas Cadhalpun
dvbsubdec: fix division by zero in compute_default_clut
This problem was introduced in commit
4b90dcb8493552c17a811c8b1e6538dae4061f9d.
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Nov 24 23:57:46 2016 +0100|
[072246993acb9ce22f88e3df697f78dba61fcdd3] | committer: Andreas Cadhalpun
mss2: only use error correction for matching block counts
This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2
with co
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Oct 19 23:40:41 2016 +0200|
[13f032abbb26c7b47d700745f7ace05375eae34f] | committer: Andreas Cadhalpun
rsd: limit number of channels
Negative values don't make sense and too large values can cause
overflows. For AV_CODEC_ID_ADPCM_THP this l
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Fri Nov 25 00:26:51 2016 +0100|
[5d1502d4b68c458522e5a6fc446d5b0e5f88bffb] | committer: Andreas Cadhalpun
softfloat: decrease MIN_EXP to cover full float range
floats are not necessarily normalized, so a normalized softfloat needs
MIN_EXP lowe
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Nov 16 20:47:35 2016 +0100|
[cb936d62664c25909b320ec230b41b5a2b9c9ed3] | committer: Andreas Cadhalpun
exr: reindent after previous commit
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit ce3147eb198770b558acf6c05f33cb807a413707
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Nov 2 21:28:49 2016 +0100|
[e3f671b1014095cf299180f4f052a4daaec567f6] | committer: Andreas Cadhalpun
ppc: pixblockdsp: do unaligned block accesses correctly again
This was broken by the following Libav commit:
4c387c7 ppc: dsputil: do una
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sat Nov 19 14:21:11 2016 +0100|
[53e1493cb5a0977407c7869ec9adf4555ef07c66] | committer: Andreas Cadhalpun
smacker: limit recursion depth of smacker_decode_bigtree
This fixes segmentation faults due to stack-overflow caused by too deep
recursio
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Nov 16 20:46:56 2016 +0100|
[71378e7937bd458233b75b4d73f0aabc3ac437fa] | committer: Andreas Cadhalpun
exr: fix out-of-bounds read
channel_index can be -1.
This problem was introduced in commit
2dd7b46132e2801ef34fe1b5c27e0113cdcfa2f9.
Re
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Nov 13 22:59:47 2016 +0100|
[89a22d3fbff3db11a0a09e55778ed0e041210327] | committer: Andreas Cadhalpun
libschroedingerdec: don't produce empty frames
They are not valid and can cause problems/crashes for API users.
Reviewed-by: Michael Nie
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Nov 13 20:52:02 2016 +0100|
[d000e66c4f2f6275fc24a424ae85f7e092293347] | committer: Andreas Cadhalpun
softfloat: handle -INT_MAX correctly
This is similar to commit 9ac61e73d0843ec4b83f4e3d47eded73234e406e.
Reviewed-by: Michael Niedermaye
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Oct 20 22:14:22 2016 +0200|
[72f1701c92f7f021d00c57f4f928efa719fcd53d] | committer: Andreas Cadhalpun
cavsdec: unref frame before referencing again
This fixes asserts (from commit 13aae8) in av_frame_ref and
av_frame_move_ref.
Reviewed-by
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Nov 17 00:04:57 2016 +0100|
[b4f42e5c85f589556ed486fc743fbe16f8ed88c8] | committer: Andreas Cadhalpun
ffmdec: validate codec parameters
A negative extradata size for example gets passed to memcpy in
avcodec_parameters_from_context causing
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Thu Oct 20 20:13:54 2016 +0200|
[d77684b85305e9dca9d056c50146f43c08268ac2] | committer: Andreas Cadhalpun
dcstr: fix division by zero
Also check for possible overflows.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cher
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Nov 13 23:10:06 2016 +0100|
[f70e9726dcad6dfe13b64b8878ee12a9e41063ed] | committer: Andreas Cadhalpun
libschroedingerdec: fix leaking of framewithpts
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from c
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Oct 16 22:29:13 2016 +0200|
[230c04e3f6d720cc7fa17735b2ef91570417964d] | committer: Andreas Cadhalpun
aiffdec: fix division by zero
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit c143a9c96ff9
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Tue Nov 8 23:29:28 2016 +0100|
[c35a140e71710d815bab9581e928b42177feaf7e] | committer: Andreas Cadhalpun
icodec: correctly check avio_read return value
It can read less than the requested amount, in which case buf contains
uninitialized data,
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sat Nov 5 00:17:53 2016 +0100|
[50d34cbf5ac86a42d3273765ce8292a06ae11158] | committer: Andreas Cadhalpun
mxfdec: fix NULL pointer dereference
Metadata streams have priv_data set to NULL.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andre
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Oct 16 22:42:32 2016 +0200|
[d4f64a0f545e48224e985b50848153f0b779b8ff] | committer: Andreas Cadhalpun
westwood_aud: prevent division by zero
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit bc7
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Nov 9 00:38:50 2016 +0100|
[1499f65ad42a4f4519f27a7d3b01c55146ce2ad0] | committer: Andreas Cadhalpun
escape124: reject codebook size 0
It causes a cb_depth of 32, leading to assertion failures in get_bits.
Reviewed-by: Michael Niedermaye
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Sun Oct 16 22:39:47 2016 +0200|
[b3991ccd1170d84f5b5d84566b0c78a42724a073] | committer: Andreas Cadhalpun
astdec: fix division by zero
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Cadhalpun
(cherry picked from commit 9959a52b14bcf
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Tue Nov 8 00:42:23 2016 +0100|
[c19e9657049d1ac67aee658b2f7ad12ba051b0cd] | committer: Andreas Cadhalpun
matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
The code assumes that s->streams[0] is valid.
Reviewed-by: M
ffmpeg | branch: release/3.1 | Andreas Cadhalpun
| Wed Oct 19 19:23:49 2016 +0200|
[d69dc10466e234c0e4ff9cb7e4d0e5d63ceeb357] | committer: Andreas Cadhalpun
avformat: prevent triggering request_probe assert in ff_read_packet
If probe_codec is called with pkt == NULL, it sets probe_packets to 0
1 - 100 of 139 matches
Mail list logo
