OSDN Git Service
Andreas Cadhalpun [Mon, 9 Mar 2015 13:59:44 +0000 (14:59 +0100)]
ffmdec: limit the backward seek to the last resync position
If resyncing leads to the same position as previously, it will again
lead to a resync attempt, resulting in an infinite loop.
Thus don't seek back beyond the last syncpoint.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6b8263b03ab3d16d70525ae1893cb106be7852f1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 8 Mar 2015 22:31:48 +0000 (23:31 +0100)]
ffmdec: fix infinite loop at EOF
If EOF is reached, while skipping bytes, avio_tell(pb) won't change
anymore, resulting in an infinite loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6fa98822eba501a4898fdec5b75acd3026201005)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 14:46:44 +0000 (15:46 +0100)]
avformat/rm: limit packet size
The chunk size is limited to 0xFFFF (written by avio_wb16), so make
sure that the packet size is not too large.
Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
See Ticket244
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
08728f400b8367dc8c983036cb2eff3a2891322b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 19:47:57 +0000 (20:47 +0100)]
avcodec/webp: validate the distance prefix code
According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.
If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
5de2dab12b951b2fe121eb18503accfc91cd1565)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 19:27:26 +0000 (20:27 +0100)]
avcodec/rv10: check size of s->mb_width * s->mb_height
If it doesn't fit into 12 bits it triggers an assertion.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
2578a546183da09d49d5bba8ab5e982dece1dede)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Federico Tomassetti [Wed, 18 Feb 2015 12:11:43 +0000 (12:11 +0000)]
mdec: check for out of bounds read
Bug-Id: CID
1257501
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
2c63081b48d98f3a0d0bed7b0ec3c0347b99144c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Vittorio Giovara [Fri, 27 Feb 2015 19:00:25 +0000 (19:00 +0000)]
aic: Fix decoding files with odd dimensions
Normally the aic decoder finds the proper slice combination (multiple of
some number less than 32) but in case of odd width, it resorts to the
default values, which were actually swapped.
The number of slices is modified to account for such odd width cases.
CC: libav-stable@libav.org
(cherry picked from commit
e878ec0d47cd6228c367b2f3128b76d7523f7255)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 8 Mar 2015 22:27:43 +0000 (23:27 +0100)]
avcodec/tiff: move bpp check to after "end:"
This ensures that all current and future code-pathes get bpp checked
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d5e9fc782150d4596c72440a0aa02b7f4f1254b1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 7 Mar 2015 13:30:34 +0000 (14:30 +0100)]
avcodec/utils: Align YUV411 by as much as the other YUV variants
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash2.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e3201c38d53d2b8b24d0bc95d726b2cb1752dc12)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 5 Mar 2015 21:48:28 +0000 (22:48 +0100)]
webp: ensure that each transform is only used once
According to the WebP Lossless Bitstream Specification
"each transform is allowed to be used only once".
If a transform is more than once this can lead to memory
corruption.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c089e720c1b753790c746a13053636d7facf6bf0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sat, 28 Feb 2015 19:58:31 +0000 (20:58 +0100)]
avformat/flvenc: check that the codec_tag fits in the available bits
flags is later written with avio_w8 and if it doesn't fit in one byte it
triggers an av_assert2.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e8565d21c276ab9ac5ce785549420321fbd0b093)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 27 Feb 2015 02:12:23 +0000 (03:12 +0100)]
swscale/utils: clear formatConvBuffer on allocation
Fixes use of uninitialized memory
Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
007498fc1a639ecee2cda1892cbcff66c7c8c951)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 11 Feb 2015 02:33:53 +0000 (03:33 +0100)]
avcodec/mjpegdec: Skip blocks which are outside the visible area
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
08509c8f86626815a3e9e68d600d1aacbb8df4bf)
Conflicts:
libavcodec/mjpegdec.c
(cherry picked from commit
0861bb66d7c281c92a0746167bb141735a660856)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 26 Feb 2015 20:42:02 +0000 (21:42 +0100)]
avformat/bit: only accept the g729 codec and 1 channel
Other codecs/channel numbers are not supported by this muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d0b8640f75ff7569c98d6fdb03d83451104e088c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 26 Feb 2015 20:38:50 +0000 (21:38 +0100)]
avformat/bit: check that pkt->size is 10 in write_packet
Ohter packet sizes are not supported by this muxer.
This avoids a null pointer dereference of pkt->data.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
eeda2c3de8a8484d9e7d1e47ac836bec850b31fc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Wed, 25 Feb 2015 21:55:44 +0000 (22:55 +0100)]
avformat/adxdec: check avctx->channels for invalid values
This avoids a null pointer dereference of pkt->data.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
7faa40af982960608b117e20fec999b48011e5e0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Dyami Caliri [Thu, 26 Feb 2015 18:17:01 +0000 (10:17 -0800)]
Fix buffer_size argument to init_put_bits() in multiple encoders.
Several encoders were multiplying the buffer size by 8, in order to get
a bit size. However, the buffer_size argument is for the byte size of
the buffer. We had experienced crashes encoding prores (Anatoliy) at
size 4096x4096.
(cherry picked from commit
50833c9f7b4e1922197a8955669f8ab3589c8cef)
Conflicts:
libavcodec/proresenc_kostya.c
James Cowgill [Thu, 26 Feb 2015 13:42:52 +0000 (13:42 +0000)]
mips/acelp_filters: fix incorrect register constraint
Change register constraint on the v variable from = to +. This was causing GCC
to think that the v variable was never read and therefore not initialize it.
This fixes about 20 fate failures on mips64el.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b9de1303a6414174ab2f3bccefa801bfabcf0f88)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 25 Feb 2015 14:51:28 +0000 (15:51 +0100)]
avcodec/hevc_ps: Sanity checks for some log2_* values
log2 values which imply numeric overflow are not supported
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
205b2ba3d677330e023aac2f4bd3f624039256b9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 25 Feb 2015 11:29:10 +0000 (12:29 +0100)]
avcodec/zmbv: Check len before reading in decode_frame()
Fixes out of array read
Fixes: asan_heap-oob_4d4eb0_3994_cov_3169972261_zmbv_15bit.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1f5c7781e63d6519192ada59c1e36bcecc92791d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 24 Feb 2015 19:49:07 +0000 (20:49 +0100)]
avcodec/h264: Only reinit quant tables if a new PPS is allowed
Fixes null pointer dereference
Fixes: signal_sigsegv_3042097_3007_cov_1741463594_non_monotone_timestamps1.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c23a0e77dd492d6c794f89dbff3a438c95745e70)
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Tue, 24 Feb 2015 02:12:22 +0000 (03:12 +0100)]
avcodec/snowdec: Fix ref value check
Fixes integer overflow and out of array read.
Fixes: signal_sigsegv_24169e6_3445_cov_3778346427_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
8f4cbf940212079a34753c7f4d6c6b5a43586d30)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 23 Feb 2015 23:32:39 +0000 (00:32 +0100)]
swscale/utils: More carefully merge and clear coefficients outside the input
Fixes out of array read
Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1895d414aaacece3b57d7bf19502305e9a064fae)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 22 Feb 2015 19:48:38 +0000 (20:48 +0100)]
avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop
Averaging over 2 pixels doesn't work correctly for the last pixel, because the
rest of the buffer is not initialized.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
87513d654546a99f8ddb045ca4fa5d33778a617e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 23 Feb 2015 00:21:30 +0000 (01:21 +0100)]
avcodec/a64multienc: don't set incorrect packet size
This fixes invalid reads of the packet buffer in av_dup_packet
Based on patch by Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d96142e9af92ded84f2580620c571ab96c4bb657)
Conflicts:
libavcodec/a64multienc.c
Andreas Cadhalpun [Sun, 22 Feb 2015 19:43:30 +0000 (20:43 +0100)]
avcodec/a64multienc: use av_frame_ref instead of copying the frame
This fixes freeing the frame buffer twice on cleanup leading to a crash.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
39e4ed7c1d8d840be47f6d604704d47a59a9ae5d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 19 Feb 2015 15:25:29 +0000 (16:25 +0100)]
avcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86()
Based on patch by Francisco Blas Izquierdo Riera
Commit message partly taken from carl
fixes a compilation
error in mlpdsp_init.c with -fstack-check and some gcc compilers (I
reproduced the issue with gcc 4.7.3) by simplifying the code.
See also https://bugs.gentoo.org/show_bug.cgi?id=471756
$ make libavcodec/x86/mlpdsp_init.o
libavcodec/x86/mlpdsp_init.c: In function ‘mlp_filter_channel_x86’:
libavcodec/x86/mlpdsp_init.c:142:5: error: can’t find a register in
class ‘GENERAL_REGS’ while reloading ‘asm’
libavcodec/x86/mlpdsp_init.c:142:5: error: ‘asm’ operand has impossible
constraints
4551 -> 4509 dezicycles
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
03f39fbb2a558153a3c464edec1378d637a755fe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Anton Khirnov [Thu, 12 Feb 2015 12:06:49 +0000 (13:06 +0100)]
h264: initialize H264Context.avctx in init_thread_copy
This prevents using a wrong (first thread's) AVCodecContext if decoding
a frame in the first pass over all threads fails.
(cherry picked from commit
a06b0b1295c51d100101e0ca0434e199ad6de6b5)
Conflicts:
libavcodec/h264.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 20:01:54 +0000 (21:01 +0100)]
avformat/omadec: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
0f55bc29d41585d110b126cb4ed4b395fd46d7ac)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 20:00:57 +0000 (21:00 +0100)]
avformat/vqf: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cb08687180683a755d0fe9d425280d0e4d1e6db2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 19:41:35 +0000 (20:41 +0100)]
avformat/mvdec: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
26c0cc154e06cb0064b3a3da49447ac44d82444f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 19:14:56 +0000 (20:14 +0100)]
avformat/gxf: Use 64bit for res to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
12987f89007ee82b9d3a6090085dfaef8461ab8b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 19:13:06 +0000 (20:13 +0100)]
avformat/idcin: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d1923d15a3544cbb94563a59e7169291db76b312)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 7 Feb 2015 02:34:48 +0000 (03:34 +0100)]
avcodec/h264_slice: ignore SAR changes in slices after the first
Fixes race condition and null pointer dereference
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
38d5241b7f36c1571a88517a0650caade16dd5f4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Sat, 7 Feb 2015 01:22:44 +0000 (02:22 +0100)]
avcodec/h264_slice: Check picture structure before setting the related fields
This might fix a hypothetical race condition
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f111831ed61103f9fa8fdda41473a23da016bdaa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Sat, 7 Feb 2015 01:06:20 +0000 (02:06 +0100)]
avcodec/h264_slice: Do not change frame_num after the first slice
Fixes potential race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f906982c9411f3062e3ce68013309b37c213c4dd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Fri, 6 Feb 2015 14:09:54 +0000 (15:09 +0100)]
avcodec/h264: Be more strict on rejecting pps/sps changes
Fixes race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6fafc62b0bd0e206deb77a7aabbf3a370ad80789)
Conflicts:
libavcodec/h264.c
Michael Niedermayer [Fri, 6 Feb 2015 03:11:56 +0000 (04:11 +0100)]
avcodec/h264_ps: More completely check the bit depths
Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
69aa79365c1e8e1cb597d33e77bf1062c2ef47d4)
Conflicts:
libavcodec/h264_ps.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 5 Feb 2015 02:45:21 +0000 (03:45 +0100)]
avformat/thp: Check av_get_packet() for failure not only for partial output
Fixes null pointer dereference
Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f2579dbb4b31e6ae731e7f5555680528ef3020ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 4 Feb 2015 23:12:08 +0000 (00:12 +0100)]
swscale/utils: Limit filter shifting so as not to read from prior the array
Fixes out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
692b22626ec9a9585f667c124a186b1a9796e432)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 4 Feb 2015 19:13:18 +0000 (20:13 +0100)]
avcodec/mjpegdec: Check escape sequence validity
Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 4 Feb 2015 19:48:30 +0000 (20:48 +0100)]
avcodec/mjpegdec: Check number of components for JPEG-LS
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
fabbfaa095660982cc0bc63242c459561fa37037)
Conflicts:
libavcodec/mjpegdec.c
Michael Niedermayer [Wed, 4 Feb 2015 13:47:41 +0000 (14:47 +0100)]
avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
05e161952954acf247e0fd1fdef00559675c4d4d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Tue, 3 Feb 2015 18:04:11 +0000 (19:04 +0100)]
avformat/mpc8: fix broken pointer math
This could overflow and crash at least on 32 bit systems.
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b737a2c52857b214be246ff615c6293730033cfa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Tue, 3 Feb 2015 18:04:12 +0000 (19:04 +0100)]
avformat/mpc8: fix hang with fuzzed file
This can lead to an endless loop by seeking back a few bytes after each
attempted chunk read. Assuming negative sizes are always invalid, this
is easy to fix. Other code in this demuxer treats negative sizes as
invalid as well.
Fixes ticket #4262.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
56cc024220886927350cfc26ee695062ca7ecaf4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Tue, 3 Feb 2015 13:41:10 +0000 (14:41 +0100)]
avformat/tta: fix crash with corrupted files
av_add_index_entry() can fail, for example because the parameters are
invalid, or because memory allocation fails. Check this; it can actually
happen with corrupted files.
The second hunk is just for robustness. Just in case functions like
ff_reduce_index() remove entries. (Not sure if this can actually
happen.)
Fixes ticket #4294.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6a0cd529a35190d9374b0b26504e71857cd67b83)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:40:13 +0000 (19:40 +0100)]
avcodec/mpegvideo_enc: Fix number suffixes in rc_buffer_size calculation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4531e2c489d279bfc90d54ca26ed898c5b265a7f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:39:22 +0000 (19:39 +0100)]
avcodec/h264_cabac: use int instead of long for mbb_xy
The mb address fits in int
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
592ba6ec106206f97133c9345313010c76361e12)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:36:36 +0000 (19:36 +0100)]
avformat/omadec: fix number suffix
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f1f7f5903ab49b84789af5341492afbaba808a70)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:36:13 +0000 (19:36 +0100)]
avformat/smacker: Fix number suffix
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
465f3705b1ef832fd6904750d018f81f9044f3ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:34:52 +0000 (19:34 +0100)]
avformat/matroskadec: Fix number suffixes
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
fc3cdb00d084222a107e61e7168903bf3d3d0b47)
Conflicts:
libavformat/matroskadec.c
Michael Niedermayer [Sun, 1 Feb 2015 18:27:00 +0000 (19:27 +0100)]
swresample/dither: Cleanup number suffixes
The <<31 case needs LL
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c77cc2c1766666cdb5f14daee0f75e397bf7a194)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:19:25 +0000 (19:19 +0100)]
avformat/utils: Fix number suffixes in tb_unreliable()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4b15bba2aec93776bfdc69a1bca42a4795a7d191)
Conflicts:
libavformat/utils.c
Michael Niedermayer [Fri, 5 Dec 2014 23:18:29 +0000 (00:18 +0100)]
avformat/rmdec: Check for overflow in ff_rm_read_mdpr_codecdata()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
03abf55f252945c70f4a79eaf4d609cee4d98710)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Vittorio Giovara [Wed, 17 Dec 2014 15:02:07 +0000 (16:02 +0100)]
swscale: check memory allocations
Bug-Id: CID
1257779
(cherry picked from commit
1dd797e3c9f179f957316a0becbec048b42df8aa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 17 Jan 2015 00:56:03 +0000 (01:56 +0100)]
avcodec/flac_parser: fix handling EOF if no headers are found
Fixes assertion failure
Fixes Ticket4269
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c4d85fc23c100f7a27d9bad710eb153214868e27)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 8 Jan 2015 22:02:30 +0000 (23:02 +0100)]
ffmpeg: Clear error message array at init.
This avoids printing uninitialized bytes if no error message is set
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6d1a2efb8ac399a003ea7d3b6f8c641d192567ee)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Thu, 8 Jan 2015 16:19:17 +0000 (17:19 +0100)]
avcodec/dvdsubdec: fix accessing dangling pointers
dvdsub_decode() can call append_to_cached_buf() 2 times, the second time
with ctx->buf as argument. If the second append_to_cached_buf() reallocs
ctx->buf, the argument will be a pointer to the previous, freed block.
This can cause invalid reads at least with some fuzzed files - and
possibly with valid files.
Since packets can apparently not be larger than 64K (even if packets are
combined), just use a fixed size buffer. It will be allocated as part of
the DVDSubContext, and although some memory is "wasted", it's relatively
minimal by modern standards and should be acceptable.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
816577716bc6170bccfea3b9e865618b69a4b426)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Wed, 7 Jan 2015 22:57:50 +0000 (23:57 +0100)]
avcodec/dvdsubdec: error on bitmaps with size 0
Attemtping to decode them could lead to invalid writes with some fuzzed
samples.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
bcaa9099b3648b47060e1724a97dc98b63c83702)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Johan Andersson [Sat, 3 Jan 2015 16:31:36 +0000 (17:31 +0100)]
cmdutils: update copyright year to 2015.
(cherry picked from commit
3e160652219ff4da433f5672ae1e5f4956abb815)
Conflicts:
cmdutils.c
Michael Niedermayer [Tue, 6 Jan 2015 18:51:38 +0000 (19:51 +0100)]
avformat/mov: Fix mixed declaration and statement warning
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
db27f50e0658e91758e8a17fdcf390e6bc93c1d2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 6 Jan 2015 11:53:53 +0000 (12:53 +0100)]
avformat/utils: Clear pointer in ff_alloc_extradata() to avoid leaving a stale pointer in memory
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
bbfca8e84b0e69abba523d665536c0135fc1c00e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 6 Jan 2015 11:48:38 +0000 (12:48 +0100)]
avformat/matroskadec: Use av_freep() to avoid leaving stale pointers in memory
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6e70e4aca50696040cc9256ec96e5c31d9641432)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Paul B Mahol [Tue, 6 Jan 2015 09:42:59 +0000 (09:42 +0000)]
lavfi: check av_strdup() return value
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit
145a84717b62e086cdb5f26649ad9f1b51ef38d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Dale Curtis [Tue, 6 Jan 2015 00:34:17 +0000 (16:34 -0800)]
mov: Fix negative size calculation in mov_read_default().
The previous code assumed if an atom was marked with a 64-bit
size extension, it actually had that data available. The new
code verfies there's enough data in the atom for this to be
done.
Failure to verify causes total_size > atom.size which will
result in negative size calculations later on.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3ebd76a9c57558e284e94da367dd23b435e6a6d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 6 Jan 2015 03:29:10 +0000 (04:29 +0100)]
avformat/mov: fix integer overflow in mov_read_udta_string()
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3859868c75313e318ebc5d0d33baada62d45dd75)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Dale Curtis [Tue, 6 Jan 2015 00:19:09 +0000 (16:19 -0800)]
mov: Avoid overflow with mov_metadata_raw()
The code previously added 1 to len without checking its size,
resulting in an overflow which can corrupt value[-1] -- which
may be used to store unaligned ptr information for certain
allocators.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Mon, 5 Jan 2015 03:45:26 +0000 (04:45 +0100)]
avcodec/dvdsubdec: fix out of bounds accesses
The code blindly trusted buffer offsets read from the file in the RLE
decoder. Explicitly check the offset. Also error out on other RLE
decoding errors.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c9151de7c42553bb145be608df8513c1287f1f24)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 4 Jan 2015 00:03:26 +0000 (01:03 +0100)]
avfilter/vf_sab: fix filtering tiny images
Fixes out of array reads
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
9bff052b51f27f6cce04e8d7d8b405c710d7ad67)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 1 Jan 2015 17:15:16 +0000 (18:15 +0100)]
avformat/flvdec: Increase string array size
Fixes parsing httphostheader of Scarlatti\,\ Pieter-Jan\ Belder\ -\ Sonata\ K113\ in\ A\ major\ -\ Alle.flv
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
eb767a276bfdb9a0493bdb0b38203638230b7ccb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 1 Jan 2015 17:07:24 +0000 (18:07 +0100)]
avformat/flvdec: do not inject dts=0 metadata packets which failed to be parsed into a new data stream
Such data streams (which then contain no other packets except the faulty one)
confuse some user applications, like VLC
Works around vlcticket 12389
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
322f0f5960a743cac47252d90a0f1ea7a025feff)
Conflicts:
libavformat/flvdec.c
Michael Niedermayer [Wed, 31 Dec 2014 20:41:46 +0000 (21:41 +0100)]
avformat/cdxl: Fix integer overflow of image_size
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3eb5cbe0c50d0a0bbe10bcabbd6b16d73d93c128)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 30 Dec 2014 15:16:23 +0000 (16:16 +0100)]
Update for 2.1.7
Stefano Sabatini [Tue, 21 Jan 2014 18:58:41 +0000 (19:58 +0100)]
lavf/segment: remove duplicated and inconsistent cleanup code in seg_write_packet()
In particular, avoid to leave around the seg->avf pointer to freed
structure, and fix crash with:
ffmpeg -f lavfi -i testsrc -c:v h264 -map 0 -f segment foo-%d.ts
(cherry picked from commit
169065fbfb3da1ab776379c333aebc54bb1f1bc4)
Found-by: Qinghao Tang
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 26 Nov 2014 17:16:15 +0000 (18:16 +0100)]
avformat/mov: Fix memleaks for duplicate STCO/CO64/STSC atoms
Also see [FFmpeg-devel] [PATCH] avformat/mov: strengthen some table allocations
which contains more fixes but is unfinished
Fixes: signal_sigabrt_7ffff6ac7bb9_3484_cov_1830000177_starfox2.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1b5d11240692025f036e945bc37968735679320a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Anton Khirnov [Sun, 14 Dec 2014 20:01:59 +0000 (21:01 +0100)]
mmvideo: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 2.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
See:
8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
These should be redundant, but are backported for saftey anyway
(cherry picked from commit
b0273232d8fffdc8a977ccdad460b8071a0e353c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Anton Khirnov [Sun, 14 Dec 2014 20:01:59 +0000 (21:01 +0100)]
jvdec: check frame dimensions
The frame size must be set by the caller and each dimension must be a
multiple of 8.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
See:
105654e376a736d243aef4a1d121abebce912e6b
These should be redundant, but are backported for saftey anyway
(cherry picked from commit
e012cb8dea7969c7b3927dbf846ef2742cd4a7ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 18 Dec 2014 17:57:27 +0000 (18:57 +0100)]
avcodec/indeo3: ensure offsets are non negative
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
368642361f3a589d7b0c23ea327d988edb434e3f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 18 Dec 2014 02:16:39 +0000 (03:16 +0100)]
avcodec/h264: Check *log2_weight_denom
Fixes undefined behavior
Fixes: signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
61296d41e2de3b41304339e4631dd44c2e15f805)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 18 Dec 2014 01:09:23 +0000 (02:09 +0100)]
avcodec/hevc_ps: Check diff_cu_qp_delta_depth
Fixes undefined behavior
Fixes: asan_static-oob_17aa046_582_cov_1577759978_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3281fa892599d71b4dc298a426af8296419cd90e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 17 Dec 2014 20:27:37 +0000 (21:27 +0100)]
avcodec/h264: Clear delayed_pic on deallocation
Fixes use of freed memory
Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e8714f6f93d1a32f4e4655209960afcf4c185214)
Conflicts:
libavcodec/h264.c
Michael Niedermayer [Wed, 17 Dec 2014 18:42:57 +0000 (19:42 +0100)]
avcodec/hevc: clear filter_slice_edges() on allocation
This avoids use of uninitialized memory
Fixes: asan_static-oob_17aa046_582_cov_212287884_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
8aa8d12554868c32436750f881954193087219c8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 17 Dec 2014 02:14:21 +0000 (03:14 +0100)]
avcodec/indeo3: use signed variables to avoid underflow
Fixes out of array read
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3305acdc92fa37869f160a11a87741c8a0de0454)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 17 Dec 2014 00:31:48 +0000 (01:31 +0100)]
avcodec/h264: make the first field of H264Context an AVClass
Fixes use of freed memory
Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f3b5b139ad853b6f69c6a0b036815a60e7b3f261)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 16 Dec 2014 21:21:21 +0000 (22:21 +0100)]
swscale: increase yuv2rgb table headroom
Fixes out of array access
Fixes: case2_bad_read_yuv2rgbx32.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 16 Dec 2014 20:14:40 +0000 (21:14 +0100)]
avformat/mov: check atom nesting depth
Fixes call stack overflow
Fixes: case1_call_stack_overflow.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
caa7a3914f499f74b3ee346f26d598ebdc0ec210)
Conflicts:
libavformat/isom.h
Conflicts:
libavformat/isom.h
Michael Niedermayer [Tue, 16 Dec 2014 19:45:31 +0000 (20:45 +0100)]
avcodec/utvideodec: Fix handling of slice_height=0
Fixes out of array accesses
Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3881606240953b9275a247a1c98a567f3c44890f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 16 Dec 2014 15:24:55 +0000 (16:24 +0100)]
avcodec/vmdvideo: Check len before using it in method 3
Fixes out of array access
Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3030fb7e0d41836f8add6399e9a7c7b740b48bfd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 15 Dec 2014 03:32:23 +0000 (04:32 +0100)]
configure: create the tests directory like the doc directory
This fixes an issue where the tests directory is not created for out of tree
builds before its needed
Tested-by: Dave Yeo <daveryeo@telus.net>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e631872f13b6be0583603d45a11e53319754bc8d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Mon, 15 Dec 2014 03:32:58 +0000 (04:32 +0100)]
lavu/frame: fix malloc error path in av_frame_copy_props()
The error path frees all side data, but forgets to reset the side data
count. This can blow up later in av_frame_unref() and free_side_data().
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
a400edbb6d00c0211de38e4f1b4f593681db91d8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 14 Dec 2014 16:26:11 +0000 (17:26 +0100)]
avformat/aviobuf: Check that avio_seek() target is non negative
Fixes out of array access
Suggested-by: Andrew Scherkus <scherkus@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ed86dbd05d61363dc1c0d33f3267e2177c985fdd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Rob Sykes [Sat, 13 Dec 2014 20:12:56 +0000 (21:12 +0100)]
swresample/soxr_resample: fix error handling
Fixes CID1257659
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4b6f2253741f3023928e61ae5105ccd4b1c515fb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Sat, 6 Dec 2014 15:53:30 +0000 (16:53 +0100)]
avformat/matroskadec: fix handling of recursive SeekHead elements
When matroska_execute_seekhead() is called, it goes through the list of
seekhead entries and attempts to read elements not read yet. When doing
this, the parser can find further SeekHead elements, and will extend the
matroska->seekhead list. This can lead to a (practically) infinite loop
with certain broken files. (Maybe it can happen even with valid files.
The demuxer doesn't seem to check correctly whether an element has
already been read.)
Fix this by ignoring elements that were added to the seekhead field
during executing seekhead entries.
This does not fix the possible situation when multiple SeekHead elements
after the file header (i.e. occur after the "before_pos" file position)
point to the same elements. These elements will probably be parsed
multiple times, likely leading to bugs.
Fixes ticket #4162.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6551acab6877addae815decd02aeca33ba4990c8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 3 Dec 2014 19:21:56 +0000 (20:21 +0100)]
swscale/x86/rgb2rgb_template: fix crash with tiny size and nv12 output
Fixes Ticket4151
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
8524558858b7e14bc50afa10233e0194f591ab9d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 3 Dec 2014 19:01:18 +0000 (20:01 +0100)]
avformat/rmdec: Check codec_data_size
Fixes infinite loop
Fixes Ticket4154
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
a6f730730b82645a9d31aad0968487cb77d6946c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 1 Dec 2014 12:23:24 +0000 (13:23 +0100)]
avcodec/motion_est: use 2x8x8 for interlaced qpel
Fixes out of array read
Fixes Ticket4121
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b50e003e1cb6a215df44ffa3354603bf600b4aa3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Stypa [Fri, 28 Nov 2014 14:54:50 +0000 (15:54 +0100)]
fix Makefile objects for pulseaudio support
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cb58c771ade66afcc623250e1c7ac8191381d991)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Clément Bœsch [Fri, 19 Dec 2014 23:17:43 +0000 (00:17 +0100)]
avformat/rsd: make tag_buf string larger
av_get_codec_tag_string() uses more that 1 char for unprintable characters.
(cherry picked from commit
edbbb11488e1fce9b9703535936d2e1731e2e318)
Michael Niedermayer [Fri, 28 Nov 2014 19:04:28 +0000 (20:04 +0100)]
Update for 2.1.6
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 3 Oct 2014 22:13:26 +0000 (00:13 +0200)]
avcodec/svq3: Dont memcpy AVFrame
This avoids out of array accesses
Fixes: asan_heap-uaf_21f42e4_9_asan_heap-uaf_21f42e4_278_gl2.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
075a165d2715837d125a9cc714fb430ccf6c9d6b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>