Commit Graph
14583 Commits
Author SHA1 Message Date
Laurent AimarandMichael Niedermayer 3b840fab90 Check for out of bound reads in AVS decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7afe9e5638)
2011-10-01 20:59:34 +02:00
Justin RugglesandMichael Niedermayer b8ab1adfcd avcodec: reject audio packets with NULL data and non-zero size
There is no valid reason the user should ever send such packets in the
first place, but the documentation for CODEC_CAP_DELAY states that the
codec is guaranteed not to get a NULL packet unless that capability is
set. That isn't true without preventing this case.
(cherry picked from commit 6326afd5e9)
2011-10-01 20:56:18 +02:00
Laurent AimarandMichael Niedermayer 107ea3057e Fix out of bound writes in fix_bitshift() of the shorten decoder.
The data pointers s->decoded[*] already take into account s->nwrap.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f42b3195d3)
2011-10-01 20:54:48 +02:00
Laurent AimarandMichael Niedermayer 375bd0cfb3 Check for out of bound reads in the Tiertex Limited SEQ decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d7e3d7167)
2011-10-01 20:54:36 +02:00
Laurent AimarandMichael Niedermayer 9b1bf08525 Fix the size of workspace buffers in the motion pixels decoder.
Some buffers must be mod 4 in width and/or height.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 62234a4d3a)
2011-10-01 20:54:31 +02:00
Laurent AimarandMichael Niedermayer 376b099474 Clear FF_INPUT_BUFFER_PADDING_SIZE bytes at the end of the temporary buffer used in motion pixels decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e60619f9b4)
2011-10-01 20:54:26 +02:00
Laurent AimarandMichael Niedermayer 6e774cf67e Check for out of bounds writes in the Delphine Software International CIN decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3035c4034b)
2011-10-01 20:54:21 +02:00
Laurent AimarandMichael Niedermayer 18cfe0238d Check for out of bounds reads in the Delphine Software International CIN decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8e5f093c2c)
2011-10-01 20:54:17 +02:00
Laurent AimarandMichael Niedermayer 603cb031f1 Check for out of bound reads in the QuickDraw decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 44e2f0c3cd)
2011-10-01 20:54:12 +02:00
Laurent AimarandMichael Niedermayer f9efe1d76e Check for out of bound reads in xan_huffman_decode() of the xan decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c8b835954a)
2011-10-01 20:53:44 +02:00
Mans RullgardandMichael Niedermayer 626f11b3bc dca: clear inactive subbands only once in qmf_32_subbands()
Writing zeros to the high entries in the array need only be
done once as the cutoff position is constant throughout the
loop.

Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit bf00a73ace)
2011-10-01 20:52:09 +02:00
Laurent AimarandMichael Niedermayer d414c77ded Check for unsupported parameters in ff_j2k_dwt_init()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b4483a531a)
2011-10-01 20:51:35 +02:00
Laurent AimarandMichael Niedermayer dc9b708f4d Check for out of bound reads in jpeg 2000 decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 02660a8713)
2011-10-01 20:51:28 +02:00
Laurent AimarandMichael Niedermayer f8eabfc16e Prevent calling init_vlc() with invalid parameters in motionpixels decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 41b7389cad)
2011-10-01 20:51:17 +02:00
Laurent AimarandMichael Niedermayer 14617fa7b8 Prevent NULL dereference when the palette is missing in the xan decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 56ee5a9ad1)
2011-10-01 20:51:12 +02:00
Laurent AimarandMichael Niedermayer 485b4317bb Fixed out of bound accesses in xan_unpack() of the xan decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5279141c1d)
2011-10-01 20:51:08 +02:00
Nicolas GeorgeandMichael Niedermayer acfe2c9154 libvpxenc: Replace av_realloc by av_realloc_f when relevant.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 769298a686)
2011-10-01 20:49:34 +02:00
Nicolas GeorgeandMichael Niedermayer bbb191c721 bitstream: Replace av_realloc by av_realloc_f when relevant.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 198ed6474d)
2011-10-01 20:49:26 +02:00
Laurent AimarandMichael Niedermayer fa816e01f4 Check for out of bound reads in the flic decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1f024b8820)
2011-10-01 20:47:42 +02:00
Laurent AimarandMichael Niedermayer 03a4b489f1 Prevent out of bound accesses in the xan decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit feca3ba053)
2011-10-01 20:44:51 +02:00
Laurent AimarandMichael Niedermayer df0d418ce0 Check for invalid/corrupted bitstream in sun raster decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b9596a5037)
2011-10-01 20:44:46 +02:00
Laurent AimarandMichael Niedermayer 6b0565e5b8 Prevent NULL dereferences when missing the reference frame in the xan decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 19e95b8845)
2011-10-01 20:44:40 +02:00
Laurent AimarandMichael Niedermayer 23197f5467 Check for out of bounds reads in sun rasterfile decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 039f3c33ff)
2011-10-01 20:44:35 +02:00
Laurent AimarandMichael Niedermayer 0a5e269f03 Check for corrupted extra data in wmavoice decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61930119cb)
2011-10-01 20:44:30 +02:00
Laurent AimarandMichael Niedermayer 70727e16ca Check for out of bound writes in the wmavoice decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e09ae22ab7)
2011-10-01 20:44:25 +02:00
Laurent AimarandMichael Niedermayer 08decaeb95 Prevent NULL dereferences when missing the reference frame in the bink decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 66aae97a60)
2011-10-01 20:44:19 +02:00
Laurent AimarandMichael Niedermayer 1860053820 Check for out of bound writes when building tree in bink decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 254af56dd1)
2011-10-01 20:39:17 +02:00
Laurent AimarandMichael Niedermayer 184a156f7a Check for various out of bound writes in the bink decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 36bf135d4c)
2011-10-01 20:39:06 +02:00
Laurent AimarandMichael Niedermayer 9851184d30 Reset internal state on corrupted blocks in wavpack decoder.
wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2a016ad4d)
2011-10-01 20:38:43 +02:00
Laurent AimarandMichael Niedermayer 9770127cd8 Validate the number of audio channels before using it in wmapro decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc64434030)
2011-10-01 20:38:33 +02:00
Justin RugglesandMichael Niedermayer 857c7e122b ws_snd: make sure number of channels is 1
(cherry picked from commit 6a818cb3ff)
2011-10-01 20:38:11 +02:00
Justin RugglesandMichael Niedermayer 915b905a1b ws_snd: add some checks to prevent buffer overread or overwrite.
(cherry picked from commit 417364ce1f)
2011-10-01 20:37:36 +02:00
Justin RugglesandMichael Niedermayer 4db466db97 ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16.
8-bit unsigned is the native sample format.
(cherry picked from commit 2322ced8da)
2011-10-01 20:37:34 +02:00
Justin RugglesandMichael Niedermayer 20047f77b9 flacdec: fix buffer size checking in get_metadata_size()
Adds an additional check before reading the next block header and avoids a
potential integer overflow when checking the metadata size against the
remaining buffer size.
(cherry picked from commit 4c5e7b27d5)
2011-10-01 20:33:34 +02:00
Mike ScheutzowandMichael Niedermayer 7e362df304 Fix a buffer overflow in libx264 interface to x264 encoder. Previous code ignored the compressed buffer size passed in. This change returns as many complete NALs as can fit in the buffer, and logs an error message.
Signed-off-by: Mike Scheutzow <mike.scheutzow@alcatel-lucent.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e2dae1faa8)
2011-10-01 20:32:25 +02:00
tipokandMichael Niedermayer be1ae17ec0 libaac+ support
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2011-10-01 20:32:22 +02:00
Laurent AimarandMichael Niedermayer cdb72c827c Check for out of bound bands limit in mpc v8 decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 508e47a575)
2011-10-01 20:30:43 +02:00
Alexander StrasserandMichael Niedermayer 7aa24b157d h264: ff_h264_decode_extradata: check buffer args
The buffer size and pointer were not checked prior to testing the first
byte of the buffer. These were sometimes checked before calling, but it is
better to add it inside the function as it takes buf and size arguments.

Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
(cherry picked from commit 715f259bf9)
2011-10-01 20:29:07 +02:00
Laurent AimarandMichael Niedermayer 1b26a734b2 Fix potential pointer arithmetic overflows in rle_unpack() of vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 35cb6854bb)
2011-10-01 20:25:21 +02:00
Laurent AimarandMichael Niedermayer 02bdeff1ef Fix out of bound reads in rle_unpack() of vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4749e07498)
2011-10-01 20:25:16 +02:00
Laurent AimarandMichael Niedermayer 55efeba2b5 Check for out of bound reads in vmd_decode() of vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e07377e736)
2011-10-01 20:25:10 +02:00
Laurent AimarandMichael Niedermayer 08657a2a8a Fix potential pointer arithmetic overflows in lz_unpack of vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 78cb39d2b2)
2011-10-01 20:24:57 +02:00
Laurent AimarandMichael Niedermayer f40b04e917 Prevent out of bound read in lz_unpack in vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5127f465bd)
2011-10-01 20:24:52 +02:00
Laurent AimarandMichael Niedermayer d92bfc98f9 Prevent NULL dereferences when the previous frame is missing in vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6a6383bebc)
2011-10-01 20:24:46 +02:00
Laurent AimarandMichael Niedermayer 1ed90c84f6 Check for invalid update parameters in vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e7aed1280e)
2011-10-01 20:24:39 +02:00
Laurent AimarandMichael Niedermayer 21c9d92646 Fix potential overread in vmd audio decoder.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 00cbe9e405)
2011-10-01 20:24:31 +02:00
Laurent AimarandMichael Niedermayer be22dc60f5 vp56:Fix error recovery code on size changes in vp5/6 decoder
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1aad9cd9d2)
2011-10-01 20:23:03 +02:00
Laurent AimarandMichael Niedermayer 35f8ad420a vp6:Reset the internal state when aborting key frames header parsing in vp6 decoder.
It prevents leaving the state only half initialized.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 91f104496b)
2011-10-01 20:22:52 +02:00
Michael Niedermayer f71c761a9e h264: pass buffer & size to ff_h264_decode_extradata()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2011-10-01 20:11:00 +02:00
Laurent AimarandMichael Niedermayer 101e38e08a h264: Check for out of bounds reads in ff_h264_decode_extradata().
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 57764c6996)
2011-10-01 19:54:49 +02:00