Comparing changes

Fixes CVE-2012-2776. CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

This prevents writing into a too small array if some parameters changed without the tile being reallocated. Fixes CVE-2012-2794 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>

It's not used outside of ivi_common.c

This prevents writing into a too small array if some parameters changed without the tile being reallocated. Based on a patch by Michael Niedermayer <michaelni@gmx.at> Fixes CVE-2012-2800 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

… them. Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>

Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>

Fixes a part of CVE-2012-2795 CC:libav-stable@libav.org Based on a patch by Michael Niedermayer <michaelni@gmx.at> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

Fixes CVE-2012-2798 CC:libav-stable@libav.org

Fixes CVE-2012-2799 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>

The decode function assumes that the video will have those dimensions. Fixes CVE-2012-2801 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>

Avoids a forward declaration of decode_chunks().

It is got_output, not data_size.

When decode_nal_units() previously encountered a NAL_END_SEQUENCE, and there are some junk bytes left in the input buffer, but no start codes, buf_index gets stuck 3 bytes before the end of the buffer. This can trigger an infinite loop in the caller code, eg. in try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes, with 3 bytes of the input packet still available. With this change, the remaining bytes are skipped so the whole packet gets consumed. CC:libav-stable@libav.org Signed-off-by: Jindřich Makovička <makovick@gmail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>

* commit 'd05f72c75445969cd7bdb1d860635c9880c67fb6': dfa: improve boundary checks in decode_dds1() wmalosslessdec: Fix reading too many bits in decode_channel_residues() wmalosslessdec: fix a get_bits(0) in decode_ac_filter wmalosslessdec: make MCLMS arrays big enough for what is written into them. indeo4/5: check empty tile size in decode_mb_info(). ivi_common: make ff_ivi_process_empty_tile() static. indeo5: check tile size in decode_mb_info(). indeo3: fix out of cell write. Conflicts: libavcodec/dfa.c libavcodec/indeo3.c libavcodec/indeo5.c libavcodec/ivi_common.c libavcodec/wmalosslessdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>

* commit 'd9a2e87b1ce44cce23801e7ec6810f8bf994fa23': mpeg12: move mpeg_decode_frame() lower avsdec: Set dimensions instead of relying on the demuxer. wmalosslessdec: Reset put bit buffer when num_saved_bits is reset. Conflicts: libavcodec/avs.c libavcodec/mpeg12.c Merged-by: Michael Niedermayer <michaelni@gmx.at>

* qatar/master: h264: avoid stuck buffer pointer in decode_nal_units mpeg12: fix the semantics of the int* parameter of decode() Conflicts: libavcodec/mpeg12.c Merged-by: Michael Niedermayer <michaelni@gmx.at>

Found in http://www.makemkv.com/download/ffmpeg/mmffmpeg-1.7.7.patch.gz Commit message by commiter Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Sep 29, 2012

Commits on Sep 30, 2012

This comparison is taking too long to generate.