1. 05 May, 2017 1 commit
  2. 07 Apr, 2017 1 commit
  3. 29 Mar, 2017 1 commit
  4. 18 Nov, 2016 1 commit
  5. 28 Oct, 2016 1 commit
  6. 26 Oct, 2016 2 commits
  7. 18 Sep, 2016 1 commit
  8. 11 May, 2016 1 commit
  9. 06 Dec, 2015 1 commit
  10. 04 Dec, 2015 1 commit
  11. 22 Nov, 2015 1 commit
  12. 17 Nov, 2015 1 commit
  13. 10 Nov, 2015 1 commit
  14. 21 Oct, 2015 1 commit
  15. 22 Sep, 2015 3 commits
    • wm4's avatar
      avcodec/dvdsubdec: don't use a NULL log context · e859a3c8
      wm4 authored
      e859a3c8
    • wm4's avatar
      avcodec/dvdsubdec: reject some broken packets · 9aab2222
      wm4 authored
      If cmd_pos is broken, this would just keep accumulating packets in the
      reassembly buffer, until it fails and flushes the buffer on overflow.
      Since packets are usually rather small, this will take a lot of subtitle
      packets. The perceived effect is that subtitles are not displayed
      anymore after the faulty packet was passed to the decoder.
      
      I'm not terribly sure about this, but on the other hand this code is
      active only when fragmented packets need to be reassembled.
      
      Fixes sample file in trac issue #4872.
      9aab2222
    • wm4's avatar
      avcodec/dvdsub: fix partial packet assembly · f874e272
      wm4 authored
      Assuming the first and second packets are partial, this would append the
      reassembly buffer (ctx->buf) to itself with the second
      append_to_cached_buf() call, because buf is set to ctx->buf.
      
      I do not know a valid sample file which triggers this, and do not know
      if packets can be split into more than 2 sub-packets, but it triggered
      with a (differently) broken sample file in trac issue #4872.
      f874e272
  16. 21 Sep, 2015 1 commit
  17. 28 May, 2015 2 commits
  18. 19 Apr, 2015 1 commit
  19. 17 Feb, 2015 1 commit
  20. 08 Jan, 2015 2 commits
    • wm4's avatar
      avcodec/dvdsubdec: fix accessing dangling pointers · 81657771
      wm4 authored
      dvdsub_decode() can call append_to_cached_buf() 2 times, the second time
      with ctx->buf as argument. If the second append_to_cached_buf() reallocs
      ctx->buf, the argument will be a pointer to the previous, freed block.
      This can cause invalid reads at least with some fuzzed files - and
      possibly with valid files.
      
      Since packets can apparently not be larger than 64K (even if packets are
      combined), just use a fixed size buffer. It will be allocated as part of
      the DVDSubContext, and although some memory is "wasted", it's relatively
      minimal by modern standards and should be acceptable.
      Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
      81657771
    • wm4's avatar
      avcodec/dvdsubdec: error on bitmaps with size 0 · bcaa9099
      wm4 authored
      Attemtping to decode them could lead to invalid writes with some fuzzed
      samples.
      Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
      bcaa9099
  21. 05 Jan, 2015 1 commit
  22. 13 Dec, 2014 1 commit
  23. 21 Nov, 2014 1 commit
  24. 16 Nov, 2014 1 commit
  25. 15 Nov, 2014 1 commit
  26. 22 Sep, 2014 1 commit
  27. 19 Sep, 2014 1 commit
  28. 16 Aug, 2014 1 commit
  29. 15 Aug, 2014 2 commits
  30. 31 Jul, 2014 1 commit
  31. 03 Jul, 2014 2 commits
  32. 04 Apr, 2014 1 commit
  33. 13 Mar, 2014 1 commit