- Mar 21, 2014
-
-
Michael Niedermayer authored
Signed-off-by:Michael Niedermayer <michaelni@gmx.at>
-
Michael Niedermayer authored
This fixes potential divisions by zero and out of array accesses. Reported-by:
Dale Curtis <dalecurtis@chromium.org> Found-by:
<inferno@chromium.org> Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array read Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array access Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Prevents out of array writes Signed-off-by:
-
Michael Niedermayer authored
Fixes corruption of context Fixes: 8835659dde6a4f7dcdf341de6a45c6c8-signal_sigsegv_1dce67b_4564_cov_2504444599_classical_22_16_1_14000_v3c_0_extend_0_29.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Fixes NULL pointer dereference Fixes: signal_sigsegv_1ab8bf4_2847_cov_4254117347_SA10091.vc1 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Michael Niedermayer authored
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array access with RC_VARIANCE set to 0 Signed-off-by:
-
Michael Niedermayer authored
Fixes infinite loop Fixes Ticket3086 Signed-off-by:
-
Michael Niedermayer authored
Fixes out of bounds access Fixes CID732170 Fixes CID732169 No filter is known to use this function in a way so the issue can be reproduced. Signed-off-by:
-
Michael Niedermayer authored
Fixes Ticket2982 Signed-off-by:
-
- Dec 21, 2013
-
-
Martin Storsjö authored
q4-q7/d8-d15 are supposed to not be clobbered by the callee. CC: libav-stable@libav.org Signed-off-by:
Martin Storsjö <martin@martin.st> (cherry picked from commit d307e408)
-
- Oct 27, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2143 Signed-off-by:
-
- Oct 26, 2013
-
-
Michael Niedermayer authored
Do not consider it an error if we have no frames and should discard one. This condition can easily happen when decoding is started from an I frame Fixes Ticket2811 Signed-off-by:
-
- Oct 24, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2968 Signed-off-by:
-
- Sep 23, 2013
-
-
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array accesses Fixes Ticket2919 Found_by: ami_stuff Signed-off-by:
-
- Sep 22, 2013
-
-
Michael Niedermayer authored
Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array access Fixes Ticket2895 Found-by:
Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array accesses Fixes Ticket2850 Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array accesses Fixes Ticket2844 Found-by: ami_stuff Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Fixes Ticket1605 Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Signed-off-by:
-
Diego Biurrun authored
These warnings have no false positives and point to serious bugs. (cherry picked from commit 99853cb8) Conflicts: configure Signed-off-by:
-
Michael Niedermayer authored
Fixes vlc decoding for hypothetical files that would contain such cases. Signed-off-by:
-
Michael Niedermayer authored
Prevents out of array writes Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Xi Wang authored
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call, `size' will be considered as a large positive value, leading to a buffer overflow. Change the type of `size' to unsigned int to avoid buffer overflow, and simplify overflow checks accordingly. Signed-off-by:
Xi Wang <xi.wang@gmail.com> Signed-off-by:
-
Xi Wang authored
Sanity checks like `data + size >= data_end || data + size < data' are broken, because `data + size < data' assumes pointer overflow, which is undefined behavior in C. Many compilers such as gcc/clang optimize such checks away. Use `size < 0 || size >= data_end - data' instead. Signed-off-by:
-
- Aug 31, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2861 Signed-off-by:
-
- Jul 09, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2574 Signed-off-by:
-
- Jul 07, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2632 Signed-off-by:
-
Michael Niedermayer authored
Fix null pointer dereference Fixes Ticket2588 Signed-off-by:
-
- Jun 21, 2013
-
-
Michael Niedermayer authored
This ensures that theres enough data for mpeg_probe() to recognize mpeg-ps Fixes Ticket2583 Based on code by: Paul B Mahol <onemda@gmail.com> Signed-off-by:
-
