- 05 May, 2012 3 commits
-
-
Martin Storsjö authored
Signed-off-by: Martin Storsjö <martin@martin.st>
-
Martin Storsjö authored
This makes sure the length is checked for STAP-A type packets. Signed-off-by: Martin Storsjö <martin@martin.st>
-
Ivan Kovtunov authored
This fixes crashes if given too short data packets. Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 04 May, 2012 4 commits
-
-
Ronald S. Bultje authored
Wrong bit depth can lead to invalid rowsize values, which crashes the decoder further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-
Ronald S. Bultje authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-
Alex Converse authored
CC: libav-stable@libav.org
-
Sean McGovern authored
Also merge POWER3 and POWER4 configuration together with the additions. Signed-off-by: Mans Rullgard <mans@mansr.com>
-
- 03 May, 2012 8 commits
-
-
Mans Rullgard authored
Commit adebad07 "arm: intreadwrite: fix inline asm constraints for gcc 4.6 and later" caused some older gcc versions to miscompile code. This reverts to the old version of the code for these compilers. Signed-off-by: Mans Rullgard <mans@mansr.com>
-
Mans Rullgard authored
The decoder assumes in various places that the image size is a multiple of the block size, and there is no obvious way to support odd sizes. Bailing out early if the header specifies a bad size avoids various errors later on. Fixes CVE-2012-0947. Signed-off-by: Mans Rullgard <mans@mansr.com>
-
Justin Ruggles authored
-
Justin Ruggles authored
This avoids returning duplicate timestamps for multiple packets when the demuxer does not provide all timestamps and packet duration is not known.
-
Justin Ruggles authored
This modifies pts in situations other than what was intended, leading to invalid timestamps. Reverts commit 90bb394d
-
Hendrik Leppkes authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
Hendrik Leppkes authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
Joakim Plate authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
- 02 May, 2012 16 commits
-
-
Alex Converse authored
Prevents illegal reads on truncated and malformed input. CC: libav-stable@libav.org
-
Ronald S. Bultje authored
Progressive data is allocated later in decode_sof(), not allocating that data leads to NULL dereferences. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-
Michael Niedermayer authored
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
-
Ronald S. Bultje authored
Prevents crashes because the old check was incomplete. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-
Ronald S. Bultje authored
Fixes crashes in codepaths not covered by original checks. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-
Ronald S. Bultje authored
This prevents sample_rate/data_length from going negative, which caused various crashes and undefined behaviour further down. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-
Ronald S. Bultje authored
It was to signal that allocations are 16-byte aligned, but AVX requires 32-byte alignment, thus the check is no longer useful (and causes crashes).
-
Ronald S. Bultje authored
This properly synchronizes frame size changes between threads if subsequent threads abort decoding before frame size is initialized, i.e. it prevents the thread after that from ping-ponging back to the original value. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
-
Ronald S. Bultje authored
Fixes a compile error with clang at -O0.
-
Kostya Shishkov authored
-
Mashiat Sarker Shakkhar authored
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
-
Joakim Plate authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
Mans Rullgard authored
Starting with version 4.7, gcc properly supports unaligned memory accesses on ARM. Not using the inline asm with these compilers results in better code. Signed-off-by: Mans Rullgard <mans@mansr.com>
-
Mans Rullgard authored
With a dereferenced type-cast pointer as memory operand, gcc 4.6 and later will sometimes copy the data to a temporary location, the address of which is used as the operand value, if it thinks the target address might be misaligned. Using a pointer to a packed struct type instead does the right thing. The 16-bit case is special since the ldrh instruction addressing modes are limited compared to ldr. The "Uq" constraint produces a memory reference suitable for an ldrsb instruction, which supports the same addressing modes as ldrh. However, the restrictions appear to apply only when the operand addresses a single byte. The memory reference must thus be split into two operands each targeting one byte. Finally, the "Uq" constraint is only available in ARM mode. The Thumb-2 ldrh instruction supports most addressing modes so the normal "m" constraint can be used there. Signed-off-by: Mans Rullgard <mans@mansr.com>
-
Hendrik Leppkes authored
The index of the motion vector has to be checked before being multiplied by 2 for the array index. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
Hendrik Leppkes authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
-
- 01 May, 2012 6 commits
-
-
Mans Rullgard authored
ModeTab.fmode has only 3 elements, so indexing it with ftype in the initialier for 'size' is invalid when ftype == FT_PPC. This fixes crashes with gcc 4.8. Signed-off-by: Mans Rullgard <mans@mansr.com>
-
Justin Ruggles authored
-
Justin Ruggles authored
SDL only supports s16 sample format and a limited number of channel layouts. Some versions of SDL on some systems support 4-channel and 6-channel output, but it's safer overall to downmix any layout with more than 2 channels to stereo.
-
Reimar Döffinger authored
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
-
Jakub Stachowski authored
Reviewed-by: Mashiat Sarker Shakkhar <mashiat.sarker@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
-
Mashiat Sarker Shakkhar authored
This fixes decoding of frames which span more than two packets. Tested with recit24.wma. Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
-
- 30 Apr, 2012 3 commits
-
-
Mans Rullgard authored
Indexing outside array limits is invalid and breaks with gcc 4.8. Signed-off-by: Mans Rullgard <mans@mansr.com>
-
Mans Rullgard authored
Signed-off-by: Mans Rullgard <mans@mansr.com>
-
Mans Rullgard authored
The shift parameter was removed from this interface in 7e1ce6a6. This updates the Altivec implementation to match. Signed-off-by: Mans Rullgard <mans@mansr.com>
-