When decode_nal_units() previously encountered a NAL_END_SEQUENCE,
and there are some junk bytes left in the input buffer, but no start codes,
buf_index gets stuck 3 bytes before the end of the buffer.
This can trigger an infinite loop in the caller code, eg. in
try_decode_trame(), as avcodec_decode_video() then keeps returning zeroes,
with 3 bytes of the input packet still available.
With this change, the remaining bytes are skipped so the whole packet gets
consumed.
CC:libav-stable@libav.org
Signed-off-by: Jindřich Makovička <makovick@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Be compatible with texi2html 5.0 which doesn't search relative
file names in search paths anymore.
Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
The decode function assumes that the video will have those dimensions.
Fixes CVE-2012-2801
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2012-2800
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Fixes CVE-2012-2794
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Add a small table of integers instead as this is simpler and
avoid rounding issues (though such rounding issues are unlikely in this case)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The values are checked in the wraper function used to call this code.
This was introduced by: ee715f49a0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b146d74730ab9ec5abede9066f770ad851e45fbc':
indeo4: update AVCodecContext width/height on size change
dfa: check that the caller set width/height properly.
indeo5dec: Make sure we have had a valid gop header.
cavsdec: check for changing w/h.
lavc: set channel count from channel layout in avcodec_open2().
doc/platform: Rework the Visual Studio linking section
doc/faq: Change the Visual Studio entry to reflect current status
doc/platform: Replace Visual Studio section with build instructions
doc/platform: Nuke section on linking static MinGW-built libs with MSVC
doc/platform: Remove false claim about MinGW installer
doc/platform: Mention MinGW-w64
dsputil_mmx: fix reading prior of the src array in sub_hfyu_median_prediction()
mpegaudiodec: fix short_start calculation
Conflicts:
doc/faq.texi
doc/platform.texi
libavcodec/cavsdec.c
libavcodec/indeo5.c
libavcodec/ivi_common.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Do not build from scratch the section header for each section, but build
it using the previous level buffer, thus improving efficiency.
Also fix some few corner cases related to numbering which are exposed by
the pending disposition patch.
Do not build from scratch the section header for each section, but build
using the previous level buffer, thus improving efficiency and fix some
few corner cases which are exposed by the pending disposition patch.
Regular section fields nested in a regular section are now prefixed by
the nested section name.
This is required by the pending change related to disposition.
Regular section fields nested in a regular section are now prefixed by
the nested section name.
This is required by the pending change related to disposition.
This prevents decoding happening on a half initialized context.
Fixes CVE-2012-2779
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Our decoder does not support changing w/h.
Fixes CVE-2012-2777 and CVE-2012-2784.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This practice is not supported by the MinGW developers, and even requires
patching the MinGW runtimes in newer versions. Furthermore, we now support
build with MSVC, so this section is rendered useless.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
