[FFmpeg-cvslog] nuv: sanitize negative fps rate

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: master | Andreas Cadhalpun | Wed Dec 16 20:52:39 2015 +0100| [f6830cf5ba03fdcfcd81a0358eb32d4081a2fcce] | committer: Andreas Cadhalpun nuv: sanitize negative fps rate Signed-off-by: Andreas Cadhalpun >

[FFmpeg-cvslog] nutdec: only copy the header if it exists

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.8 | Andreas Cadhalpun | Fri Dec 18 15:18:47 2015 +0100| [38f8c80901033042488579c8975efb39ab153793] | committer: Andreas Cadhalpun nutdec: only copy the header if it exists Fixes ubsan runtime error: null pointer passed as argument

[FFmpeg-cvslog] exr: fix out of bounds read in get_code

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.8 | Andreas Cadhalpun | Sun Dec 13 23:17:09 2015 +0100| [945ae04fab4513ee724751d908e87a3447c3e609] | committer: Andreas Cadhalpun exr: fix out of bounds read in get_code This macro unconditionally used out[-1], which causes an out

[FFmpeg-cvslog] on2avc: limit number of bits to 30 in get_egolomb

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.8 | Andreas Cadhalpun | Wed Dec 16 16:48:19 2015 +0100| [6d7b4dbcb4103a0c54d486d3a51aa3122a4914b6] | committer: Andreas Cadhalpun on2avc: limit number of bits to 30 in get_egolomb More don't fit into the integer output. Also use

[FFmpeg-cvslog] nuv: sanitize negative fps rate

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.8 | Andreas Cadhalpun | Wed Dec 16 20:52:39 2015 +0100| [79f407b79a825c3123aff65cef64b383eca5a95e] | committer: Andreas Cadhalpun nuv: sanitize negative fps rate Signed-off-by: Andreas Cadhalpun

[FFmpeg-cvslog] xwddec: prevent overflow of lsize * avctx->height

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.8 | Andreas Cadhalpun | Fri Dec 18 19:28:51 2015 +0100| [778c8de40f2c8d8bdbdf9a52306c59b6a425d401] | committer: Andreas Cadhalpun xwddec: prevent overflow of lsize * avctx->height This is used to check if the input buffer is large

[FFmpeg-cvslog] avfilter/avf_showfreqs: make it possible to split channels

2015-12-20 Thread Paul B Mahol
ffmpeg | branch: master | Paul B Mahol | Sun Dec 20 19:52:51 2015 +0100| [9e569abe995dc41a3e8fb30fb6d9c4d002b8ba4d] | committer: Paul B Mahol avfilter/avf_showfreqs: make it possible to split channels Signed-off-by: Paul B Mahol >

[FFmpeg-cvslog] rawdec: only exempt BIT0 with need_copy from buffer sanity check

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: master | Andreas Cadhalpun | Sat Dec 19 23:45:06 2015 +0100| [699e68371ec7e381e5cc48e3d96e29c669261af7] | committer: Andreas Cadhalpun rawdec: only exempt BIT0 with need_copy from buffer sanity check Otherwise the too small buffer is directly

[FFmpeg-cvslog] avcodec/dirac_parser: Fix potential overflows in pointer checks

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Dec 5 17:11:54 2015 +0100| [cc88d7a640884e29490b1adb598643ab1365d747] | committer: Michael Niedermayer avcodec/dirac_parser: Fix potential overflows in pointer checks Signed-off-by: Michael Niedermayer

[FFmpeg-cvslog] avformat/smacker: fix integer overflow with pts_inc

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Dec 5 13:06:16 2015 +0100| [354fa47018e333baeb3a6979d13cce8703bc19c8] | committer: Michael Niedermayer avformat/smacker: fix integer overflow with pts_inc Fixes:

[FFmpeg-cvslog] avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Nov 27 20:52:39 2015 +0100| [20a96b9d8c71b77761b82edd1971dc54354c175f] | committer: Michael Niedermayer avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*() Fixes out of array access Fixes:

[FFmpeg-cvslog] avutil/mathematics: Fix division by 0

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Wed Dec 9 17:39:38 2015 +0100| [f821441795c4131ba638216ea92f0cb9f660fdbf] | committer: Michael Niedermayer avutil/mathematics: Fix division by 0 Fixes: CID1341571 Signed-off-by: Michael Niedermayer

[FFmpeg-cvslog] avcodec/vp3: ensure header is parsed successfully before tables

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Wed Dec 2 22:59:56 2015 +0100| [63c50350b6e5038e3acf95a56fe58d43e3db5422] | committer: Michael Niedermayer avcodec/vp3: ensure header is parsed successfully before tables Fixes assertion failure Fixes:

[FFmpeg-cvslog] avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Wed Sep 30 13:10:48 2015 +0200| [292842a0ed80afc0ad80626397100fed5e9595f4] | committer: Michael Niedermayer avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup The variable is not a constant and can

[FFmpeg-cvslog] avcodec/cabac_functions: Fix "left shift of negative value -31767"

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Nov 27 12:11:29 2015 +0100| [2da8c533869afc5836d144571fb5e8b824f15e03] | committer: Michael Niedermayer avcodec/cabac_functions: Fix "left shift of negative value -31767" Fixes:

[FFmpeg-cvslog] avutil/timecode: Fix fps check

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Thu Dec 3 03:14:11 2015 +0100| [2e77ab8f100946d2467e3800a7964e2d94eae288] | committer: Michael Niedermayer avutil/timecode: Fix fps check The fps variable is explicitly set to -1 in case of some errors, the check

[FFmpeg-cvslog] avcodec/apedec: Check length in long_filter_high_3800()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Wed Dec 2 21:16:27 2015 +0100| [0350f373f7f0eebc2f49a5144511ba4a7b718c1b] | committer: Michael Niedermayer avcodec/apedec: Check length in long_filter_high_3800() Fixes out of array read Fixes:

[FFmpeg-cvslog] avcodec/vp3: Fix "runtime error: left shift of negative value"

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Dec 4 12:47:20 2015 +0100| [ad09bebe0cad7eaeda0c09eea00c68197c2a8e65] | committer: Michael Niedermayer avcodec/vp3: Fix "runtime error: left shift of negative value" Fixes:

[FFmpeg-cvslog] avcodec/hevc_cabac: Fix multiple integer overflows

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Nov 27 22:45:46 2015 +0100| [4916aa2383153745d2ca54c7f8ea6cbc75f1c00e] | committer: Michael Niedermayer avcodec/hevc_cabac: Fix multiple integer overflows Fixes:

[FFmpeg-cvslog] avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Nov 27 21:02:13 2015 +0100| [40d5f570d8aa42ab54e2f30cded7b257ee8797f5] | committer: Michael Niedermayer avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_encode*() Signed-off-by: Michael Niedermayer

[FFmpeg-cvslog] avcodec/cabac: Check initial cabac decoder state

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Nov 27 13:37:50 2015 +0100| [1f6aea2cc4e379346d0b5b67e9ce775e12b39def] | committer: Michael Niedermayer avcodec/cabac: Check initial cabac decoder state Fixes integer overflows Fixes:

[FFmpeg-cvslog] avcodec/hevc: allocate entries unconditionally

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Nov 27 23:33:03 2015 +0100| [c84ec8d5c93887c2a97c3da514848f5fbb5ba3e6] | committer: Michael Niedermayer avcodec/hevc: allocate entries unconditionally Fixes out of array access Fixes:

[FFmpeg-cvslog] avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Tue Dec 1 12:44:23 2015 +0100| [100dbe1bf007024224c7ae2bb5d1aa956d979722] | committer: Michael Niedermayer avutil/mathematics: Do not treat INT64_MIN as positive in av_rescale_rnd The code expects actual positive

[FFmpeg-cvslog] avcodec/dirac_parser: Add basic validity checks for next_pu_offset and prev_pu_offset

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Dec 5 17:14:36 2015 +0100| [09305dca59fd36509b593292a78ef7e7cf8220fd] | committer: Michael Niedermayer avcodec/dirac_parser: Add basic validity checks for next_pu_offset and prev_pu_offset Signed-off-by:

[FFmpeg-cvslog] avcodec/hevc: Check entry_point_offsets

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Nov 27 18:30:05 2015 +0100| [6157938408a020d973b9e80c11d3e3e00899bea7] | committer: Michael Niedermayer avcodec/hevc: Check entry_point_offsets Fixes out of array read Fixes:

[FFmpeg-cvslog] avcodec/utils: Clear dimensions in ff_get_buffer() on failure

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Nov 28 20:08:46 2015 +0100| [a0a2bfbfd876571344df2b7fe5fd781791ec02a3] | committer: Michael Niedermayer avcodec/utils: Clear dimensions in ff_get_buffer() on failure Fixes out of array access Fixes:

[FFmpeg-cvslog] avcodec/hevc: Fix integer overflow of entry_point_offset

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Dec 5 22:08:59 2015 +0100| [929fd61602710211ccfd3c7fd8093fb6b032ad86] | committer: Michael Niedermayer avcodec/hevc: Fix integer overflow of entry_point_offset Fixes out of array read Fixes:

[FFmpeg-cvslog] avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd () for overflows

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Tue Dec 1 13:32:31 2015 +0100| [00fde782a10902270c3d92d92427297683fb911b] | committer: Michael Niedermayer avutil/mathematics: return INT64_MIN (=AV_NOPTS_VALUE) from av_rescale_rnd() for overflows Fixes integer

[FFmpeg-cvslog] avcodec/vp3: Clear context on reinitialization failure

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Nov 28 00:23:54 2015 +0100| [67b29888f4dc03a45dd060fbb785481ac91b0219] | committer: Michael Niedermayer avcodec/vp3: Clear context on reinitialization failure Fixes null pointer dereference Fixes:

[FFmpeg-cvslog] avformat/matroskaenc: Check codecdelay before use

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Wed Dec 9 16:16:46 2015 +0100| [8e053f61f5622feff12609e21847f33342f556f5] | committer: Michael Niedermayer avformat/matroskaenc: Check codecdelay before use Fixes CID1238790 Signed-off-by: Michael Niedermayer

[FFmpeg-cvslog] avformat/utils: estimate_timings_from_pts - increase retry counter, fixes invalid duration for ts files with hevc codec

2015-12-20 Thread Rainer Hochecker
ffmpeg | branch: release/2.6 | Rainer Hochecker | Sun Nov 15 13:58:50 2015 +0100| [bc264004e081db584bdac811536ad8154e07066b] | committer: Michael Niedermayer avformat/utils: estimate_timings_from_pts - increase retry counter, fixes invalid duration for ts files with

[FFmpeg-cvslog] avformat/dump: Fix integer overflow in av_dump_format()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Tue Dec 1 12:40:32 2015 +0100| [93e168705dbe306ad040d56d4c3ac8a8567143ab] | committer: Michael Niedermayer avformat/dump: Fix integer overflow in av_dump_format() Fixes part of mozilla bug 1229167 Found-by: Tyson

[FFmpeg-cvslog] avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Tue Nov 24 22:12:37 2015 +0100| [dd4c2fe74afe76868a279fd96fbc56eeffa5] | committer: Michael Niedermayer avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized Fixes out of array access

[FFmpeg-cvslog] avutil/integer: Fix av_mod_i() with negative dividend

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Tue Dec 1 12:41:43 2015 +0100| [d8a66a150ae1ef88b6d9a43905de0f90f4a1385f] | committer: Michael Niedermayer avutil/integer: Fix av_mod_i() with negative dividend Signed-off-by: Michael Niedermayer

[FFmpeg-cvslog] avcodec/vp3: always set pix_fmt in theora_decode_header()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Mon Nov 30 03:32:36 2015 +0100| [4d8d2f1991cd7514a3ccd6e4ad5e62bb8f1fba57] | committer: Michael Niedermayer avcodec/vp3: always set pix_fmt in theora_decode_header() Fixes assertion failure Fixes:

[FFmpeg-cvslog] avcodec/wmaprodec: Fix overflow of cutoff

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Dec 5 13:11:23 2015 +0100| [5164067861ed3fc5311a12b7a197f23ba546b629] | committer: Michael Niedermayer avcodec/wmaprodec: Fix overflow of cutoff Fixes:

[FFmpeg-cvslog] avformat/mxfenc: Do not crash if there is no packet in the first stream

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sun Dec 13 16:13:22 2015 +0100| [10395b4738df2c312293460c84b72c13fa0eac70] | committer: Michael Niedermayer avformat/mxfenc: Do not crash if there is no packet in the first stream Fixes: Ticket4914 Signed-off-by:

[FFmpeg-cvslog] avcodec/jpeg2000dec: Check bpno in decode_cblk()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Dec 4 16:23:24 2015 +0100| [7294d95689f9d70f565cb3aa8f485bed1d79928b] | committer: Michael Niedermayer avcodec/jpeg2000dec: Check bpno in decode_cblk() Fixes: undefined shift Fixes:

[FFmpeg-cvslog] mpegencts: Fix overflow in cbr mode period calculations

2015-12-20 Thread Timo Teräs
ffmpeg | branch: release/2.6 | Timo Teräs | Sat Nov 28 08:27:39 2015 +0200| [e8fa0e3ec633f716a53ba78aa5ebe37dd69694cb] | committer: Michael Niedermayer mpegencts: Fix overflow in cbr mode period calculations ts->mux_rate is int (signed 32-bit) type. The period calculations

[FFmpeg-cvslog] avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Nov 28 17:26:05 2015 +0100| [80a24e88e3db27d3604584069122e359dda4a340] | committer: Michael Niedermayer avcodec/utils: Use 64bit for aspect ratio calculation in avcodec_string() Fixes integer overflow Fixes:

[FFmpeg-cvslog] avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Dec 5 13:48:06 2015 +0100| [e12f07b4751cc4b09b85c8d19b5c7a0b16c07556] | committer: Michael Niedermayer avcodec/wmaprodec: Check bits per sample to be within the range not causing integer overflows Fixes:

[FFmpeg-cvslog] avcodec/h264_refs: Fix long_idx check

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Dec 19 21:59:42 2015 +0100| [d0d9fad2ba5a0d53f59f69f780e3fb6f8ad97dff] | committer: Michael Niedermayer avcodec/h264_refs: Fix long_idx check Fixes out of array read Fixes mozilla bug 1233606 Found-by: Tyson

[FFmpeg-cvslog] swscale/utils: Fix for runtime error: left shift of negative value -1

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Fri Dec 4 21:44:05 2015 +0100| [0fa22a42d6b2d5fe3a0f84c72395ea404421e9da] | committer: Michael Niedermayer swscale/utils: Fix for runtime error: left shift of negative value -1 Fixes:

[FFmpeg-cvslog] avfilter/vf_mpdecimate: Add missing emms_c()

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Mon Dec 14 18:56:13 2015 +0100| [3f7bbb0ded3f16c9c8c5de96bbc1b71b6979274b] | committer: Michael Niedermayer avfilter/vf_mpdecimate: Add missing emms_c() Signed-off-by: Michael Niedermayer

[FFmpeg-cvslog] avcodec/hevc: Check max ctb addresses for WPP

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.6 | Michael Niedermayer | Sat Nov 28 13:42:05 2015 +0100| [3e8d9eade6557aa98813e4c2ae7dc9bc33d0727e] | committer: Michael Niedermayer avcodec/hevc: Check max ctb addresses for WPP Fixes out of array read Fixes:

[FFmpeg-cvslog] nuv: sanitize negative fps rate

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Wed Dec 16 20:52:39 2015 +0100| [7ad058168665a74c8975a2bb1bd4286d37280218] | committer: Andreas Cadhalpun nuv: sanitize negative fps rate Signed-off-by: Andreas Cadhalpun

[FFmpeg-cvslog] exr: fix out of bounds read in get_code

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Sun Dec 13 23:17:09 2015 +0100| [5b88d24f241f1ae31d86d2987b17a1db7547a509] | committer: Andreas Cadhalpun exr: fix out of bounds read in get_code This macro unconditionally used out[-1], which causes an out

[FFmpeg-cvslog] on2avc: limit number of bits to 30 in get_egolomb

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Wed Dec 16 16:48:19 2015 +0100| [3e187a9a2dfacea0d76df90dd88d957938f9d33c] | committer: Andreas Cadhalpun on2avc: limit number of bits to 30 in get_egolomb More don't fit into the integer output. Also use

[FFmpeg-cvslog] nutdec: reject negative value_len in read_sm_data

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Sat Dec 19 12:02:56 2015 +0100| [1dc135e03d83d14274e3049011396a5bcb36e464] | committer: Andreas Cadhalpun nutdec: reject negative value_len in read_sm_data If it is negative, it can cause the byte position to

[FFmpeg-cvslog] nutdec: only copy the header if it exists

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Fri Dec 18 15:18:47 2015 +0100| [7f320ed15d7ba4c4c84764888eb126daea932d7b] | committer: Andreas Cadhalpun nutdec: only copy the header if it exists Fixes ubsan runtime error: null pointer passed as argument

[FFmpeg-cvslog] rawdec: only exempt BIT0 with need_copy from buffer sanity check

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Sat Dec 19 23:45:06 2015 +0100| [3219de21f4e9e9bcd09df9dbc5eab63492dd05a4] | committer: Andreas Cadhalpun rawdec: only exempt BIT0 with need_copy from buffer sanity check Otherwise the too small buffer is

[FFmpeg-cvslog] xwddec: prevent overflow of lsize * avctx->height

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.7 | Andreas Cadhalpun | Fri Dec 18 19:28:51 2015 +0100| [f040f3e5d5abfe4f59036e7b671d7b03eda244e7] | committer: Andreas Cadhalpun xwddec: prevent overflow of lsize * avctx->height This is used to check if the input buffer is large

[FFmpeg-cvslog] nutdec: only copy the header if it exists

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.6 | Andreas Cadhalpun | Fri Dec 18 15:18:47 2015 +0100| [ea5ac146cd94c781136abd2ff3e39daea9994516] | committer: Andreas Cadhalpun nutdec: only copy the header if it exists Fixes ubsan runtime error: null pointer passed as argument

[FFmpeg-cvslog] exr: fix out of bounds read in get_code

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.6 | Andreas Cadhalpun | Sun Dec 13 23:17:09 2015 +0100| [350f1f4919a13555167f378ef8f8f38f39db1a80] | committer: Andreas Cadhalpun exr: fix out of bounds read in get_code This macro unconditionally used out[-1], which causes an out

[FFmpeg-cvslog] nuv: sanitize negative fps rate

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.6 | Andreas Cadhalpun | Wed Dec 16 20:52:39 2015 +0100| [b2cb7db14f82737f0d25602336c7f0ba9bbffdab] | committer: Andreas Cadhalpun nuv: sanitize negative fps rate Signed-off-by: Andreas Cadhalpun

[FFmpeg-cvslog] xwddec: prevent overflow of lsize * avctx->height

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.6 | Andreas Cadhalpun | Fri Dec 18 19:28:51 2015 +0100| [c4b2985d9ab0eaac9e8b454b693570ef80f41175] | committer: Andreas Cadhalpun xwddec: prevent overflow of lsize * avctx->height This is used to check if the input buffer is large

[FFmpeg-cvslog] mlvdec: check that index_entries exist

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.6 | Andreas Cadhalpun | Sat Dec 19 23:44:53 2015 +0100| [c51800d324a9a86dcc84a57d29fff8f9d8f5b1e3] | committer: Andreas Cadhalpun mlvdec: check that index_entries exist This fixes NULL pointer dereferencing. Reviewed-by: Michael

[FFmpeg-cvslog] nutdec: reject negative value_len in read_sm_data

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.6 | Andreas Cadhalpun | Sat Dec 19 12:02:56 2015 +0100| [4d2f9368034353037ae4fb96c1156848fe0ebe7a] | committer: Andreas Cadhalpun nutdec: reject negative value_len in read_sm_data If it is negative, it can cause the byte position to

[FFmpeg-cvslog] rawdec: only exempt BIT0 with need_copy from buffer sanity check

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.6 | Andreas Cadhalpun | Sat Dec 19 23:45:06 2015 +0100| [462afe5d00c815aef20ee33aaabcf1d30e4455c8] | committer: Andreas Cadhalpun rawdec: only exempt BIT0 with need_copy from buffer sanity check Otherwise the too small buffer is

[FFmpeg-cvslog] exr: fix out of bounds read in get_code

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Sun Dec 13 23:17:09 2015 +0100| [79d75f1554de110d020a8035c86458a80dd7d773] | committer: Andreas Cadhalpun exr: fix out of bounds read in get_code This macro unconditionally used out[-1], which causes an out

[FFmpeg-cvslog] nutdec: only copy the header if it exists

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Fri Dec 18 15:18:47 2015 +0100| [0f1e398874399ddf0586b54735d8c85ff1228c85] | committer: Andreas Cadhalpun nutdec: only copy the header if it exists Fixes ubsan runtime error: null pointer passed as argument

[FFmpeg-cvslog] ffm: reject invalid codec_id and codec_type

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Mon Dec 14 22:11:55 2015 +0100| [5478e7bbc106b5781b7a49429b2b9db0f2d4f378] | committer: Andreas Cadhalpun ffm: reject invalid codec_id and codec_type A negative codec_id cannot be handled by the found_decoder

[FFmpeg-cvslog] on2avc: limit number of bits to 30 in get_egolomb

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Wed Dec 16 16:48:19 2015 +0100| [105be66545ec3fa250e3a4e4792b097cec7f62a1] | committer: Andreas Cadhalpun on2avc: limit number of bits to 30 in get_egolomb More don't fit into the integer output. Also use

[FFmpeg-cvslog] nuv: sanitize negative fps rate

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Wed Dec 16 20:52:39 2015 +0100| [eca27eeea95f906c7d887cd98e5406e8531f1e44] | committer: Andreas Cadhalpun nuv: sanitize negative fps rate Signed-off-by: Andreas Cadhalpun

[FFmpeg-cvslog] nutdec: reject negative value_len in read_sm_data

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Sat Dec 19 12:02:56 2015 +0100| [2db78f83bad187012f446ca43f6edcb845e7f513] | committer: Andreas Cadhalpun nutdec: reject negative value_len in read_sm_data If it is negative, it can cause the byte position to

[FFmpeg-cvslog] opus_silk: fix typo causing overflow in silk_stabilize_lsf

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Tue Dec 15 22:00:31 2015 +0100| [31d6900161221f6b83b76aa85221de49b7adbf32] | committer: Andreas Cadhalpun opus_silk: fix typo causing overflow in silk_stabilize_lsf Due to this typo max_center can be too

[FFmpeg-cvslog] xwddec: prevent overflow of lsize * avctx->height

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Fri Dec 18 19:28:51 2015 +0100| [882391f9758ea13643639e21de81e3f7978b0695] | committer: Andreas Cadhalpun xwddec: prevent overflow of lsize * avctx->height This is used to check if the input buffer is large

[FFmpeg-cvslog] sonic: make sure num_taps * channels is not larger than frame_size

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Tue Dec 15 23:43:03 2015 +0100| [46e7a63b6e011b47d87b54659b2a3799056e5753] | committer: Andreas Cadhalpun sonic: make sure num_taps * channels is not larger than frame_size If that is the case, the loop

[FFmpeg-cvslog] aaccoder: prevent crash of anmr coder

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Fri Dec 4 18:13:07 2015 +0100| [26b74a7213bf720f2818e9b5e8c8359cbadf9207] | committer: Andreas Cadhalpun aaccoder: prevent crash of anmr coder If minq is negative, the range of sf_idx can be larger than

[FFmpeg-cvslog] ffmdec: reject zero-sized chunks

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.5 | Andreas Cadhalpun | Wed Dec 2 22:47:12 2015 +0100| [cc77012329f0b68373f6fadc2fda19e0d1f661cb] | committer: Andreas Cadhalpun ffmdec: reject zero-sized chunks If size is zero, avio_get_str fails, leaving the buffer

[FFmpeg-cvslog] avcodec/s302menc: check if buf_size can actually be put into 16bit size

2015-12-20 Thread Paul B Mahol
ffmpeg | branch: master | Paul B Mahol | Sat Dec 19 21:52:19 2015 +0100| [db6e337b41fce401e67daa2f05fbe0663f825240] | committer: Paul B Mahol avcodec/s302menc: check if buf_size can actually be put into 16bit size This disallows creating unplayable audio. Signed-off-by: Paul

[FFmpeg-cvslog] ffm: reject invalid codec_id and codec_type

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Mon Dec 14 22:11:55 2015 +0100| [6fc3f6f43b24b98a768acc28f03fec37ef1a79e3] | committer: Andreas Cadhalpun ffm: reject invalid codec_id and codec_type A negative codec_id cannot be handled by the found_decoder

[FFmpeg-cvslog] mlvdec: check that index_entries exist

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Sat Dec 19 23:44:53 2015 +0100| [f0eea9cc3a112f69991ffba79d6ca224d9eb60f5] | committer: Andreas Cadhalpun mlvdec: check that index_entries exist This fixes NULL pointer dereferencing. Reviewed-by: Michael

[FFmpeg-cvslog] xwddec: prevent overflow of lsize * avctx->height

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Fri Dec 18 19:28:51 2015 +0100| [dcecc180a6ad9e05f2b1f5802ec04c95a4cc6a8d] | committer: Andreas Cadhalpun xwddec: prevent overflow of lsize * avctx->height This is used to check if the input buffer is large

[FFmpeg-cvslog] avcodec/mpeg4videodec: also for empty partitioned slices

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.4 | Michael Niedermayer | Sat Dec 19 23:21:33 2015 +0100| [fbfb2814b28d24c275c5809a7f6f6e33efe7b7dc] | committer: Andreas Cadhalpun avcodec/mpeg4videodec: also for empty partitioned slices Fixes assertion failure Fixes:

[FFmpeg-cvslog] rawdec: only exempt BIT0 with need_copy from buffer sanity check

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Sat Dec 19 23:45:06 2015 +0100| [b0a8095f2bf0bc03c5d4dfccaba845de6fd5bb4f] | committer: Andreas Cadhalpun rawdec: only exempt BIT0 with need_copy from buffer sanity check Otherwise the too small buffer is

[FFmpeg-cvslog] on2avc: limit number of bits to 30 in get_egolomb

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Wed Dec 16 16:48:19 2015 +0100| [e32095807b86480dfa5395972f7734990e27c146] | committer: Andreas Cadhalpun on2avc: limit number of bits to 30 in get_egolomb More don't fit into the integer output. Also use

[FFmpeg-cvslog] nutdec: only copy the header if it exists

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Fri Dec 18 15:18:47 2015 +0100| [2306964b3a0336e24d1c9d04bd54aaecf2d198d7] | committer: Andreas Cadhalpun nutdec: only copy the header if it exists Fixes ubsan runtime error: null pointer passed as argument

[FFmpeg-cvslog] opus_silk: fix typo causing overflow in silk_stabilize_lsf

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Tue Dec 15 22:00:31 2015 +0100| [7a26ea7a7e67cff8c1f3367e4f505f1c650ca0f5] | committer: Andreas Cadhalpun opus_silk: fix typo causing overflow in silk_stabilize_lsf Due to this typo max_center can be too

[FFmpeg-cvslog] sonic: make sure num_taps * channels is not larger than frame_size

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Tue Dec 15 23:43:03 2015 +0100| [465dd4bc941e96abc00e60e35947673d64d34907] | committer: Andreas Cadhalpun sonic: make sure num_taps * channels is not larger than frame_size If that is the case, the loop

[FFmpeg-cvslog] nuv: sanitize negative fps rate

2015-12-20 Thread Andreas Cadhalpun
ffmpeg | branch: release/2.4 | Andreas Cadhalpun | Wed Dec 16 20:52:39 2015 +0100| [1317c63b4b1d96c554f88a92a6b770341c529a66] | committer: Andreas Cadhalpun nuv: sanitize negative fps rate Signed-off-by: Andreas Cadhalpun

[FFmpeg-cvslog] avcodec/mpeg4videodec: also for empty partitioned slices

2015-12-20 Thread Michael Niedermayer
ffmpeg | branch: release/2.5 | Michael Niedermayer | Sat Dec 19 23:21:33 2015 +0100| [8cd0e23be83d7967ce6d0c1e933e1bd0819c8cb6] | committer: Andreas Cadhalpun avcodec/mpeg4videodec: also for empty partitioned slices Fixes assertion failure Fixes:

[FFmpeg-cvslog] avcodec/flacenc: use designated initializers for AVClass

2015-12-20 Thread Paul B Mahol
ffmpeg | branch: master | Paul B Mahol | Sun Dec 20 17:47:21 2015 +0100| [367ffa0c151792651a741554c608a73bad112663] | committer: Paul B Mahol avcodec/flacenc: use designated initializers for AVClass Signed-off-by: Paul B Mahol >

[FFmpeg-cvslog] x86/hevc_sao: simplify sao_edge_filter 10/12bit

2015-12-20 Thread James Almer
ffmpeg | branch: master | James Almer | Sun Dec 6 02:46:51 2015 -0300| [3ff2beff65af87fc9ce75d55f2c06e01d606cebc] | committer: James Almer x86/hevc_sao: simplify sao_edge_filter 10/12bit Reviewed-by: Michael Niedermayer Reviewed-by: Christophe Gisquet

[FFmpeg-cvslog] avcodec/indeo2: use init_get_bits8

2015-12-20 Thread Paul B Mahol
ffmpeg | branch: master | Paul B Mahol | Sun Dec 20 21:31:55 2015 +0100| [484cc66f577ba25c142d73c1c2c6590b01d031c2] | committer: Paul B Mahol avcodec/indeo2: use init_get_bits8 Signed-off-by: Paul B Mahol >

[FFmpeg-cvslog] x86/hevc_sao: simplify sao_band_filter 10/12bit

2015-12-20 Thread James Almer
ffmpeg | branch: master | James Almer | Sun Dec 6 02:42:34 2015 -0300| [34b2bd03cf94e26e0352b4edd5f9ca86c5e95b0b] | committer: James Almer x86/hevc_sao: simplify sao_band_filter 10/12bit Reviewed-by: Michael Niedermayer Reviewed-by: Christophe Gisquet