Skip to content

Releases: knik0/faad2

FAAD2 2.11.1

14 Nov 07:20
@fabiangreffrath fabiangreffrath
2.11.1
216f00e
Compare
Choose a tag to compare
FAAD2 2.11.1 Latest
Latest

[ Fabian Greffrath ]

  • Build shared libraries and hide symbols by default.
  • Install man page by default.
  • Check for lrintf() availability, link with -lm and define HAVE_LRINTF accordingly.
  • Set a default build type if none was specified.
  • Build DLL name with SOVERSION by default on Windows.
  • Fix inlined lrintf() function signatures.
Assets 2

FAAD2 2.11.0

07 Nov 08:39
@fabiangreffrath fabiangreffrath
2.11.0
09b3c85
Compare
Choose a tag to compare
FAAD2 2.11.0

[ Eugène Filin ]

  • Fix incorrect variable initialization

[ Eugene Kliuchnikov ]

  • CI/CD, build, etc

    • setup GitHub workflows; test build under MSVC, OSX, MSYS2, Linux
    • add CMake build system
    • additionally add Bazel build
    • remove automake and MSVC project files
    • add fuzzers that cover almost all decoder code
    • setup fuzzing for various builds: (no-)FIXED_POINT / (no-)DRM
    • remove dead code
    • address differes compilers warnings
    • move version to distingished place that different build systems can read

  • "Safe" bugs

    "Safe" means that it is unlikely to be exploited; those affect the decoded
    result for (most likely) extreme inputs. Some fixes are useful only for
    "FIXED_POINT" build, since it has more restrictions on intermediate values.

    • "negative range" in estimate_current_envelope
    • integer overflow in channel downmixing
    • integer overflow in estimate_envelope
    • integer overflows caused by "practical infinite" gain
    • integer overflows in HF adjustment code
    • several "left shift of negative value"
    • priming RNG to avoid using values that does not look random at all
    • do not drop the first frame of output; other decoders don't do this
    • touching uninitialized values in lt_update_state
    • touching uninitialized values in bit-reader buffers

  • "Almost Safe" bugs

    "Almost safe" means that those are unlinkly to be exploited; if those surface
    depends on build options / environment.

    • division by zero in HF (noise?) generator and scale factor adjustment
    • division by zero gen_rand_vector

  • "Unsafe" bugs

    "Unsafe" means that those can cause crash, or could somehow else be exploited.

    • CLI: accessing unallocated memory in mp4info (corrupted / zero-samples input) (CVE-2023-38857)
    • CLI: out-of-bounds when parsing mp4 header
    • CLI: crash because of wrong mp4 frame offset calculation (CVE-2023-38857)
    • error handling rvlc_decode_scale_factors (CPU bomb?)
    • null pointer dereference (in DRM + PS build)
    • index-out-of-bounds / stack-buffer-overflow in decode_sce_lfe
      (for streams with PCE)
    • stack-buffer-overflow in pns_decode
    • null pointer derefernce (when channels change their type in the middle
      of the stream)
    • infinite loop on currupted stream
    • add practial limits for scale factors; otherwise calculated NaN/Inf values
      could confuse further logic, resulting in access-out-of-bounds
    • check sf_index in window_grouping_info to avoid access-out-of-bounds
    • clamp bs_pointer values to avoid access-out-of-bounds
    • infinite loop in fill_element
    • sanitize input values in ps_mix_phase to avoid access-out-of-bounds
    • fix internal decoder buffer size calculation to avoid heap-out-of-bounds
    • calculate channel length multiplier even if main channel is already allocated
      to avoid heap-out-of-bounds
    • reserve enough slots for channels in decode_sce_lfe
      to avoid heap-out-of-bounds

[ David Korczynski ]

  • Fuzzing integration with oss-fuzz

[ Steveice10 ]

  • Add define option to disable SBR/PS support
  • Fix coefficient table selection in tns_decode_coef
Assets 2

FAAD2 2.10.1

20 Oct 20:00
@fabiangreffrath fabiangreffrath
2.10.1
3918dee
Compare
Choose a tag to compare
FAAD2 2.10.1

[David Korczynski]

  • Reject buffers of zero size.

[François Cartegnie]

  • Fix 7.1 with PCE mapping.
  • Have proper version string in faad.h.
  • Add conditional build with DRC.
Assets 2

FAAD2 2.10.0

20 Oct 06:27
@fabiangreffrath fabiangreffrath
2_10_0
f97f6e9
Compare
Choose a tag to compare
FAAD2 2.10.0

[ tatsuz ]

  • updated Visual Studio projects to VS 2019 (#54)

[ Fabian Greffrath ]

  • mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
  • fix heap-buffer-overflow in mp4read.c

[ Clayton Smith ]

  • Remove non-ASCII characters
  • Remove trailing whitespace

[ Andrew Wesie ]

  • Check return value of ltp_data.
  • Restrict SBR frame length to 960 and 1024 samples.
  • Support object type 29.
  • Support implicit SBR signaling in frontend.
  • Fix PNS decoding when only right channel is noise.
  • Initialize element_id array with an invalid id.
  • Fix NULL pointer dereferences.
  • Fix infinite loop in adts_parse.
  • Fix infinite loop in huffman_getescape.
  • Check for error after each channel decode.
  • Check for inconsistent number of channels.
Assets 2

FAAD2 2.9.2

04 May 19:55
@fabiangreffrath fabiangreffrath
2_9_2
f13d8d0
Compare
Choose a tag to compare
FAAD2 2.9.2

[ Michał Janiszewski ]

  • Only use x86-assembly when explicitly on x86
  • Use unsigned integers correctly
  • Initialize pointers that might otherwise not be

[ Fabian Greffrath ]

  • update README esp. WRT directory structure

[ Rosen Penev ]

  • fix compilation without SBR/PS_DEC (#48)
  • fix compilation with LC_ONLY_DECODER (#47)

[ Fabian Greffrath ]

  • fix "inline function 'cfftf1' declared but never defined" compiler warning
  • fix some inconsistencies in the frontend output
  • mp4read_open: add check for failed frame buffer allocation
  • stszin: add check for allocation error and integer overflow
  • add a pkg-config file

[ Stefan Pöschel ]

  • frontend: address compile warning + add missing LF (#50)

[ François Cartegnie ]

  • library name is faad (#52)
  • Unbreak PS audio (#51)
Assets 2

FAAD2 2.9.1

04 Nov 10:19
@fabiangreffrath fabiangreffrath
2_9_1
043d37b
Compare
Choose a tag to compare
FAAD2 2.9.1

[ Fabian Greffrath ]

  • Include stdio.h in libfaad/ps_dec.c for stderr (Michael Fink)
  • Fix Tille -> Title typo in frontend/mp4read.c (Alexander Thomas)
Assets 2

FAAD2 2.9.0

09 Sep 11:03
@fabiangreffrath fabiangreffrath
2_9_0
365532e
Compare
Choose a tag to compare
FAAD2 2.9.0

[ Krzysztof Nikiel ]

  • Build system fixes and code clean-up

[ LoRd_MuldeR ]

  • Fix compiler warnings and code indentation
  • Fix compilation with GCC <= 4.7.3
  • MSVC solution file clean-up

[ Cameron Cawley ]

  • Fix compilation with GCC 4.7.4
  • Fix compilation with MinGW

[ Michael Fink ]

  • MSVC 2017 project file update

[ Hugo Lefeuvre ]

[ Hugo Beauzée-Luyssen ]

[ Filip Roséen ]

  • Prevent crash on SCE followed by CPE

[ Gianfranco Costamagna ]

  • Fix linking with GCC 9 and "-Wl,--as-needed"

[ Fabian Greffrath ]

  • Enable the frontend to be built reproducibly
Assets 2