- 05 Aug, 2019 1 commit
-
-
Michael Niedermayer authored
Fixes: Timeout (106sec -> 14ms) Fixes: 15576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS1_fuzzer-5688080461201408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by:
Paul B Mahol <onemda@gmail.com> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
- 29 Sep, 2016 1 commit
-
-
Diego Biurrun authored
ptrdiff_t is the correct type for array strides and similar.
-
- 18 Aug, 2016 1 commit
-
-
Anton Khirnov authored
The code currently reads the coded dimensions from the extradata, but expects the display dimensions to be set by the caller, and does not check that they are compatible (i.e. that the displayed size is smaller than the coded size). Make sure that when the display dimensions are set, they are also valid. Fixes possible invalid memory access. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
-
- 28 Feb, 2016 1 commit
-
-
Reimar Döffinger authored
Reported as https://trac.mplayerhq.hu/ticket/2264 but have not been able to reproduce with FFmpeg-only. I have no idea what coded_height is used for here exactly, so this might not be the best fix. Fixes the following chain of events: ff_mss12_decode_init sets coded_height while not setting height. ff_mpv_decode_init then copies coded_height into MpegEncContext height. This is then used by init_context_frame to allocate the data structures. However the wmv9rects are validated/initialized based on avctx->height, not avctx->coded_height. Thus the decode_wmv9 function will try to decode a larger video that we allocated data structures for, causing out-of-bounds writes. Signed-off-by:
Reimar Döffinger <Reimar.Doeffinger@gmx.de>
-
- 17 Jan, 2015 1 commit
-
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
- 22 Mar, 2014 1 commit
-
-
Diego Biurrun authored
-
- 24 Jan, 2013 1 commit
-
-
Michael Niedermayer authored
Fixes assertion failure Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
- 14 Oct, 2012 1 commit
-
-
Michael Niedermayer authored
Signed-off-by:
Michael Niedermayer <michaelni@gmx.at>
-
- 03 Sep, 2012 3 commits
-
-
Alberto Delmás authored
No meaningful generated code differences using gcc -O3. Signed-off-by:
Kostya Shishkov <kostya.shishkov@gmail.com>
-
Alberto Delmás authored
Signed-off-by:
Kostya Shishkov <kostya.shishkov@gmail.com>
-
Alberto Delmás authored
Signed-off-by:
Kostya Shishkov <kostya.shishkov@gmail.com>
-
- 31 Aug, 2012 2 commits
-
-
Alberto Delmás authored
This way it won't interfere with WMV9 initialisation inside MSS2 decoder and avplay will play it fine. Signed-off-by:
Kostya Shishkov <kostya.shishkov@gmail.com>
-
Alberto Delmás authored
Signed-off-by:
Kostya Shishkov <kostya.shishkov@gmail.com>
-
- 27 Aug, 2012 2 commits
-
-
Kostya Shishkov authored
-
Kostya Shishkov authored
They have most of their code in common.
-
- 07 Aug, 2012 1 commit
-
-
Anton Khirnov authored
-
- 15 Jul, 2012 1 commit
-
-
Paul B Mahol authored
The pivot has to lie between 0 and base. Check of ==base is insufficient. Thus replace it by a proper check. Fixes out of array write. Fixes bug #1531. Found-by:
Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by:
Paul B Mahol <onemda@gmail.com>
-
- 10 Jul, 2012 1 commit
-
-
Kostya Shishkov authored
Spotted by Alberto Delmás
-
- 27 Jun, 2012 2 commits
-
-
Kostya Shishkov authored
-
Kostya Shishkov authored
-
- 26 Jun, 2012 1 commit
-
-
Carl Eugen Hoyos authored
Reviewed-by: Paul B Mahol
-
- 25 Jun, 2012 2 commits
-
-
Paul B Mahol authored
Prevents out of array write. Signed-off-by:
Paul B Mahol <onemda@gmail.com>
-
Carl Eugen Hoyos authored
-
- 20 Jun, 2012 1 commit
-
-
Kostya Shishkov authored
-