- Dec 21, 2013
-
-
Martin Storsjö authored
q4-q7/d8-d15 are supposed to not be clobbered by the callee. CC: libav-stable@libav.org Signed-off-by:
Martin Storsjö <martin@martin.st> (cherry picked from commit d307e408)
-
- Oct 27, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2143 Signed-off-by:
Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 1e5271a9)
-
- Oct 06, 2013
-
-
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array accesses Fixes Ticket2919 Found_by: ami_stuff Signed-off-by:
-
Michael Niedermayer authored
Might fix Ticket1907 (I have no testcase so i cant test) Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array access Fixes Ticket2895 Found-by:
Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array accesses Fixes Ticket2850 Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Signed-off-by:
-
- Sep 26, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2982 Signed-off-by:
-
- Sep 22, 2013
-
-
Michael Niedermayer authored
* qatar/release/0.7: Update changelog for 0.7.8 release aac: check the maximum number of channels oggdec: fix faulty cleanup prototype qdm2: check that the FFT size is a power of 2 rv10: check that extradata is large enough lavf: make sure stream probe data gets freed. dfa: check for invalid access in decode_wdlt(). avfiltergraph: check for sws opts being non-NULL before using them. Conflicts: Changelog libavformat/utils.c Merged-by: -
Michael Niedermayer authored
* commit 'f844cb9b': iff: validate CMAP palette size wmaprodec: require block_align to be set. lzo: fix overflow checking in copy_backptr() flacdec: simplify bounds checking in flac_probe() atrac3: avoid oversized shifting in decode_bytes() lavf: fix arithmetic overflows in avformat_seek_file() Conflicts: libavformat/iff.c Merged-by:
-
Michael Niedermayer authored
* commit '9c713f30': parser: fix large overreads dsputil: fix invalid array indexing shorten: use the unsigned type where needed Merged-by:
-
Michael Niedermayer authored
* commit '5ebb5a32': shorten: report meaningful errors shorten: set invalid channels count to 0 Merged-by:
-
Michael Niedermayer authored
* commit 'd785f694': shorten: validate that the channel count in the header is not <= 0 matroskadec: request a read buffer for the wav header h264: check for luma and chroma bit depth being equal xxan: fix invalid memory access in xan_decode_frame_type0() wmadec: require block_align to be set. Merged-by:
-
Michael Niedermayer authored
* commit '5025dbc5': wmaprodec: return an error, not 0, when the input is too small. vorbisdec: Error on bark_map_size equal to 0. Update RELEASE file for 0.7.8 update year to 2013 oggdec: make sure the private parse data is cleaned up indeo5: update AVCodecContext width/height on size change doc: filters: Correct BNF FILTER description Conflicts: RELEASE Merged-by:
-
- Jul 09, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2574 Signed-off-by:
-
- Jul 07, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2632 Signed-off-by:
-
- Jun 19, 2013
-
-
Carl Eugen Hoyos authored
Fixes ticket #2688. (cherry picked from commit 06bede95)
-
- Jun 13, 2013
-
-
Michael Niedermayer authored
Fixes ticket #2497 Signed-off-by:
-
- May 30, 2013
-
-
Michael Niedermayer authored
Fixes Ticket2606 Signed-off-by:
-
- May 11, 2013
-
-
Reinhard Tartler authored
-
- May 09, 2013
-
-
Reinhard Tartler authored
Broken bitstreams could report a larger than specified number of channels and cause outbound writes. CC:libav-stable@libav.org (cherry picked from commit a943a132) Signed-off-by:
Luca Barbato <lu_zero@gentoo.org> Conflicts: libavcodec/aacdec.c
-
Luca Barbato authored
(cherry picked from commit fba8e5b6) Signed-off-by:
Reinhard Tartler <siretart@tauware.de>
-
Anton Khirnov authored
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 34f87a58) Signed-off-by:
-
Anton Khirnov authored
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org (cherry picked from commit 01d376f5) Conflicts: libavcodec/rv10.c
-
Kostya Shishkov authored
Fixes CVE-2013-2495 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
Anton Khirnov authored
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit dbb14258) Signed-off-by:
-
Anton Khirnov authored
Avoids an infinite loop in the calling programs with decoder not consuming any input and not returning output. CC:libav-stable@libav.org (cherry picked from commit cacad1c0) Signed-off-by:
-
Anton Khirnov authored
This can happen when the number of skipped lines is not consistent with the number of coded lines. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org (cherry picked from commit 3623589e) Signed-off-by:
-
Anton Khirnov authored
Avoid snprintfing a NULL pointer. CC: libav-stable@libav.org (cherry picked from commit 6e3c13a5) Signed-off-by:
-
Michael Niedermayer authored
Signed-off-by:
Justin Ruggles <justin.ruggles@gmail.com> (cherry picked from commit 096abfa1) Signed-off-by:
-
Xi Wang authored
The check `src > dst' in the form `&c->out[-back] > c->out' invokes pointer overflow, which is undefined behavior in C. Remove the check. Also replace `&c->out[-back] < c->out_start' with a safe form `c->out - c->out_start < back' to avoid overflow. CC: libav-stable@libav.org Signed-off-by:
Xi Wang <xi.wang@gmail.com> Signed-off-by:
-
Mans Rullgard authored
Indexing outside an array is invalid and causes errors with gcc 4.8. Signed-off-by:
Mans Rullgard <mans@mansr.com> (cherry picked from commit 0a07f2b3) Signed-off-by:
Diego Biurrun <diego@biurrun.de>
-
Xi Wang authored
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'. Avoid a possible out-of-bounds pointer, which is undefined behavior in C. CC: libav-stable@libav.org Signed-off-by:
-
Xi Wang authored
When `off' is 0, `0x537F6103 << 32' in the following expression invokes undefined behavior, the result of which is not necessarily 0. (0x537F6103 >> (off * 8)) | (0x537F6103 << (32 - (off * 8))) Avoid oversized shifting. CC: libav-stable@libav.org Signed-off-by: -
Mans Rullgard authored
The values compared here can be more than INT64_MAX apart. Since the difference is always positive, converting to uint64_t before subtracting gives the correct result without overflows. Signed-off-by:
-
