| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Fixes CVE-2012-2782.
|
|
|
|
|
|
|
|
|
|
|
| |
Since we can't know which stride a custom get_buffer() implementation is
going to use we have to allocate this scratch buffers after the linesize
is known. It was pretty safe for 8 bit per pixel pixel formats since we
always allocated memory for up to 16 bits per pixel. It broke hoever
with cmdutis.c's alloc_buffer() and high pixel bit depth since it
allocated larger edges than mpegvideo expected.
Fixes fuzzed sample nasa-8s2.ts_s244342.
|
|
|
|
|
|
| |
Fixes null pointer dereference.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
|
|
|
|
|
| |
Compute dist_scale_factor_field only for MBAFF since that is the only
case in which it is used.
|
| |
|
|
|
|
|
|
| |
Prevents writing beyond array bounds.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
|
|
|
|
|
|
|
|
| |
It is not posible to call get_buffer during frame-mt codec
initialization. Libavformat might pass huge amounts of data as
extradata after parsing broken files. The 'extradata' for the fuzzed
sample sample_varPAR_s5374_r001-02.avi is 2.8M large and contains
multiple slices.
|
| |
|
|
|
|
| |
Introduced in d7d6efe42b0d.
|
|
|
|
|
| |
Since a NAL_DPA can start a new frame it has to be handled before
ff_thread_finish_setup is called.
|
|
|
|
|
|
| |
Fixes CVE-2012-2783
CC: libav-stable@libav.org
|
|
|
|
|
|
| |
Returning 0 for failure is misleading.
CC: libav-stable@libav.org
|
|
|
|
|
|
| |
Fixes CVE-2012-2791.
CC: libav-stable@libav.org
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This requires to move the avcodec_default_free_buffers() call to
ff_MPV_common_end() since otherwise delayed pictures would get freed
during a size change.
|
|
|
|
|
|
|
|
| |
Direct rendering capable decoders call get_buffer() which will set the
frame parameters.
Prevents frames with wrong parameters when a decoder outputs delayed
frames after a resolution or pixel format change.
|
|
|
|
|
| |
Fixes a crash in the fuzzed sample sample_varPAR.avi_s26638 with
alternating bit depths.
|
|
|
|
|
|
|
| |
Interlacing is not supported at all and mismanaged down the normal
codepaths causing possible buffer management issues.
CC: libav-stable@libav.org
|
|
|
|
|
| |
Found-by: pawlkt
CC: libav-stable@libav.org
|
|
|
|
| |
Signed-off-by: Martin Storsjö <martin@martin.st>
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This decoder is quite simple and none of the MpegEncContext complexity
is actually needed.
|
|
|
|
|
|
|
| |
Use this in VP8/H264-8bit loopfilter functions so they can be used if
there is no aligned stack (e.g. MSVC 32bit or ICC 10.x).
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
This changes the LOCAL_ALIGNED definition on systems where
DECLARE_ALIGNED is used so it matches the manual alignment
case, ensuring invalid use will not compile on x86 only to
fail on everything else.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
|
|
|
|
|
|
|
|
|
| |
The initial testing of the VFW binary codec was flawed,
likely due to an AviSynth bug.
Re-testing using VirtualDub and various professional editing
applications has revealed it should have been flipped.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
|
|
|
|
|
| |
This function is an exact duplicate of the generic one.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
|
|
|
|
|
| |
This macro has never been used.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
|
|
|
| |
Signed-off-by: Martin Storsjö <martin@martin.st>
|
|
|
|
| |
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
| |
|
|
|
|
| |
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
| |
|
| |
|
|
|
|
|
|
| |
Fixes valgrind --undef-value-errors=yes warnings caused by valid
overreads in the fate vsynth jpegls, cover-art-ape and cover-art-wv
tests.
|
|
|
|
|
|
|
| |
Prevent an invalid write into coeffs[scantable[-1]] if zeros_left
itself was an invalid VLC code (and thus -1).
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
This prevents undefined behaviour of signed left shift if the coded
value is larger than 2^31. Large values are most likely invalid and
caused errors or by feeding random.
Validate every use of svq3_get_ue_golomb() and changed the place there
the return value was compared with negative numbers. dirac.c was clean,
fixed rv30 and svq3.
|
|
|
|
|
|
|
| |
When LOCAL_ALIGNED uses manual alignment initialisation is not
possible.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
|
|
|
|
|
|
|
| |
When LOCAL_ALIGNED uses manual alignment initialisation is not
possible.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
|
|
|
|
| |
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
|
|
|
|
|
|
|
| |
Also remove a duplicate function in the MPEG-TS demuxer.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
|
|
|
|
|
|
|
| |
This is consistent with usual ARM nomenclature as well as with the
VFPV3 and NEON symbols which both lack the ARM prefix.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
|
|
|
|
|
| |
These macros reflect the actual capabilities required here.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
|
|
|
| |
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When initialising an FFTContext for a plain FFT, mdct_bits is not set
and can contain a garbage value. Since nbits is always valid and for
MDCT operation is mdct_bits - 2 checking this instead avoids using an
uninitialised value while having the same effect.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|