OSDN Git Service
Chih-Wei Huang [Thu, 16 Jul 2015 06:44:42 +0000 (14:44 +0800)]
Merge tag 'n2.1.8' of git://source.ffmpeg.org/ffmpeg into kitkat-x86
FFmpeg 2.1.8 relese
Michael Niedermayer [Thu, 30 Apr 2015 00:04:38 +0000 (02:04 +0200)]
Update for 2.1.8
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 20:37:19 +0000 (22:37 +0200)]
nutdec: fix illegal count check in decode_main_header
The existing check has two problems:
1) i + count can overflow, so that the check '< 256' returns true.
2) In the (i == 'N') case occurs a j-- so that the loop runs once more.
This can trigger the assertion 'nut->header_len[0] == 0' or cause
segmentation faults or infinite hangs.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
7c24ca1bda2d4df1dc9b2b982941be532d60da21)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 18:57:59 +0000 (20:57 +0200)]
nutdec: check chapter creation in decode_info_header
This fixes a segmentation fault when accessing the metadata.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3ff1af2b0db7132d5717be6395227a94c8abab07)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 18:31:56 +0000 (20:31 +0200)]
nutdec: check for negative frame rate in decode_info_header
A negative frame rate triggers an av_assert2 in av_rescale_rnd.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6621105877ce0d65724a8ab60b3a50160adbe65d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 23 Apr 2015 12:29:47 +0000 (14:29 +0200)]
ffmpeg: remove incorrect network deinit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e2877bdf3862325c2982c3237d9bf28f1bbf793f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 09:13:43 +0000 (11:13 +0200)]
apedec: prevent out of array writes in decode_array_0000
s->decoded_buffer is allocated with a min_size of:
2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)
Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8)
to s->decoded[1]) and passed as out buffer to decode_array_0000.
In this function 64 elements of the out buffer are written
unconditionally and outside the array if blockstodecode is too small.
This causes memory corruption, leading to segmentation faults or other
crashes.
Thus change decode_array_0000 to write at most blockstodecode elements
of the out buffer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
699341d647f7af785fb8ceed67604467b0b9ab12)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 27 Apr 2015 22:30:51 +0000 (00:30 +0200)]
apedec: set s->samples only when init_frame_decoder succeeded
Otherwise range_start_decoding is not necessarily run and thus
ctx->rc.range still 0 in range_dec_normalize leading to an infinite
loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
464c49155ce7ffc88ed39eb2511e7a75565c24be)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 23 Apr 2015 02:27:56 +0000 (04:27 +0200)]
tests/fate-run: do not attempt to parse tiny_psnrs output if it failed
This avoids confusing syntax errors with awk later
Likely fixes awk errors at:
http://buildd.debian-ports.org/status/fetch.php?pkg=ffmpeg&arch=sparc64&ver=7%3A2.6.2-1&stamp=
1428928967
Reviewed-by: Timothy Gu <timothygu99@gmail.com>
Thanks-to: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> for the link
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c0d847e457c1ef72843a63853f1135d52b74131e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 23 Apr 2015 22:01:43 +0000 (00:01 +0200)]
alac: reject rice_limit 0 if compression is used
If rice_limit is 0, k can be 0 in decode_scalar, which calls show_bits(gb, k).
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4b657a1b1eedcf38bcf36e89a2f4be6f76b5ce09)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Wed, 22 Apr 2015 14:03:41 +0000 (16:03 +0200)]
alsdec: only adapt order for positive max_order
For max_order = 0 the clipping range is invalid. (amin = 2, amax = 1)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
58d605ee9b3277289278dc40e022311f8e083833)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Vittorio Giovara [Wed, 22 Apr 2015 13:59:56 +0000 (14:59 +0100)]
lavf: Reset global flag on deinit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
32da94fa7f73ac749e0a1e2f20499fad2f6f57fe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Wed, 22 Apr 2015 14:32:42 +0000 (16:32 +0200)]
mpeg4videodec: only allow a positive length
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b3408ae4c64cb674b1d5f0f30171759113ce722a)
Conflicts:
libavcodec/mpeg4videodec.c
Andreas Cadhalpun [Tue, 21 Apr 2015 17:25:50 +0000 (19:25 +0200)]
alsdec: check sample pointer range in revert_channel_correlation
Also change the type of begin, end and smp to ptrdiff_t to make the
comparison well-defined.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
afc7748d1f6abc4b3b1cc957b0fa6941837db3d0)
Conflicts:
libavcodec/alsdec.c
Michael Niedermayer [Mon, 20 Apr 2015 20:22:31 +0000 (22:22 +0200)]
avformat/utils: Ensure that AVFMT_FLAG_CUSTOM_IO is set before use
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ba631b791435c395361e2026fc7419b341e57813)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sat, 18 Apr 2015 18:09:28 +0000 (20:09 +0200)]
alsdec: validate time diff index
If begin is smaller than t, the subtraction 'begin -= t' wraps around,
because begin is unsigned. The same applies for end < t.
This causes segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
faf9fe2c224ea81a98afd53e2f0be0a2e13aeca9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 18 Apr 2015 18:50:23 +0000 (20:50 +0200)]
avcodec/alsdec: Use av_mallocz_array() for chan_data to ensure the arrays never contain random data
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
7e104647a3556fc61a139483cee1cb7dfa2dc5bd)
Conflicts:
libavcodec/alsdec.c
Andreas Cadhalpun [Sat, 18 Apr 2015 16:31:36 +0000 (18:31 +0200)]
alsdec: ensure channel reordering is reversible
If the same idx is used for more than one i, at least one entry in
sconf->chan_pos remains uninitialized.
This can cause segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ef16501aebed43e34a3721336e8bee732eca2877)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 19:25:26 +0000 (21:25 +0200)]
ac3: validate end in ff_ac3_bit_alloc_calc_mask
This fixes an invalid read if end is 0:
band_end = ff_ac3_bin_to_band_tab[end-1] + 1;
Depending on what is before the array, this can cause stack smashing,
when band_end becomes too large.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
bc4fee7f2a51635fa3c0f61d1e5164da1efeded3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 18:04:54 +0000 (20:04 +0200)]
aacpsy: avoid psy_band->threshold becoming NaN
If band->thr is 0.0f, the division is undefined, making norm_fac not a
number or infinity, which causes psy_band->threshold to become NaN.
This is passed on to other variables until it finally reaches
sce->sf_idx and is converted to an integer (-
2147483648).
This causes a segmentation fault when it is used as array index.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e224aa41917454e7b5c23d9f2541425743ce595a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 17:12:02 +0000 (19:12 +0200)]
aasc: return correct buffer size from aasc_decode_frame
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
0be54ad280cf114c02306b7063147e8379f8ed1e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 14:58:32 +0000 (16:58 +0200)]
aacdec: consistently use avctx for logging in decode_eld_specific_config
ac may be NULL and then accessing ac->avctx results in a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
5b75689b987e4c4dd4f34d5c8be389547e9cc701)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 12:49:08 +0000 (14:49 +0200)]
msrledec: use signed pixel_ptr in msrle_decode_pal4
This fixes segmentation faults, when pic->linesize[0] is negative.
In that case 'line * pic->linesize[0] + pixel_ptr' is treated as
unsigned and wraps around.
This reverts commit
7d78a964.
The problem was introduced in commit
f7e1367f, which should obsolete
that commit.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ae6fd7300b4e9f81d3b5ba201096ffe7cccf26fb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 8 Apr 2015 22:04:44 +0000 (00:04 +0200)]
avcodec/aacdec: Fix storing state before PCE decode
Fixes Ticket4460
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e88b3852aefaa39b2170ef185ad03dda18732821)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Timothy Gu [Mon, 10 Nov 2014 05:37:18 +0000 (21:37 -0800)]
tests: Fix test name for pixfmts tests(cherry picked from commit
e1ee0521a698809ed216e9e5c11bd2bbb466ed04)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Timothy Gu [Tue, 10 Jun 2014 04:46:37 +0000 (21:46 -0700)]
tests/fate.sh: report different status for different errors
The order of error codes will be useful in my future fateserver patches.
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cc0057a31c7097839f9c4e4da61e2933b5b0e055)
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
Michael Niedermayer [Sat, 4 Apr 2015 16:08:23 +0000 (18:08 +0200)]
avcodec/h264_refs: Do not set reference to things which dont exist
Fixes deadlock
Fixes Ticket4428
Fixes Ticket4429
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
429de043202286a2b5bcc082cc02de860b734db2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 30 Mar 2015 02:37:42 +0000 (04:37 +0200)]
avutil/pca: Check for av_malloc* failures
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
dadc43eee4d9036aa532665a04720238cc15e922)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 24 Mar 2015 14:50:12 +0000 (15:50 +0100)]
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
Fixes out of array access
Fixes:
da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f7e1367f58263593e6cee3c282f7277d7ee9d553)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 21 Mar 2015 11:54:16 +0000 (12:54 +0100)]
avcodec/hevc_ps: Check cropping parameters more correctly
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
06c70d45373dedc600f28e345685b130b60203c1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 27 Nov 2014 14:03:35 +0000 (15:03 +0100)]
avcodec/hevc_ps: More complete window reset
Fixes out of array read
Fixes: signal_sigsegv_35bcf26_471_cov_2806540268_CAINIT_A_SHARP_4.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
57e5812198aada016e9ba4149123c541f8c8a7ec)
Conflicts:
libavcodec/hevc_ps.c
Anton Khirnov [Fri, 20 Mar 2015 20:28:34 +0000 (21:28 +0100)]
hevc: make the crop sizes unsigned
(cherry picked from commit
c929659bdd7d2d5848ea52e685a3164c7b901bb0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 19 Mar 2015 22:28:39 +0000 (23:28 +0100)]
avcodec/dnxhddec: Check that the frame is interlaced before using cur_field
Fixes Ticket4227
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
2c660e34cf3c2b77cd2bef6f292920334dfd9192)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 14 Mar 2015 20:32:35 +0000 (21:32 +0100)]
avformat/mov: Disallow ".." in dref unless use_absolute_path is set
as this kind of allows to circumvent it to some extend.
We also could add a separate parameter or value to choose this
Found-by: ramiro
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1e4d0498df6621143da1a550006ddc3526ad51cb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 14 Mar 2015 20:24:54 +0000 (21:24 +0100)]
avformat/mov: Check for string truncation in mov_open_dref()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
8003816e1619e77d8de051883264aa090e0d78cc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 14 Mar 2015 20:23:32 +0000 (21:23 +0100)]
avformat/mov: Use sizeof(filename) instead of a literal number
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
21a53dd08dce7cc5b3fdf9c4826b4b74d8300ea0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Rainer Hochecker [Thu, 12 Mar 2015 13:08:25 +0000 (14:08 +0100)]
hevc: delay ff_thread_finish_setup for hwaccel
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
31816eae32019ff0e2243533f618efa2a4da9c33)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 8 Mar 2015 22:12:59 +0000 (23:12 +0100)]
ffmdec: make sure the time base is valid
A negative time base can trigger assertions.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4c91d81be23ffacfa3897b2bcfa77445bb0c2f89)
Conflicts:
libavformat/ffmdec.c
(cherry picked from commit
9678ceb6976ca8194848b24535785a298521211f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 10 Mar 2015 18:18:34 +0000 (19:18 +0100)]
avcodec/012v: redesign main loop
Fixes out of array accesses
Fixes: ffmpeg_012v_crash.ts
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Reviewed-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
48df30d36c3ca360c407d84f96749888d1fbe853)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 10 Mar 2015 19:21:14 +0000 (20:21 +0100)]
avcodec/012v: Check dimensions more completely
Fixes division by 0
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d3b25383daffac154846daeb4e4fb46569e728db)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Martin Storsjö [Thu, 5 Mar 2015 21:38:00 +0000 (23:38 +0200)]
arm: Suppress tags about used cpu arch and extensions
When all the codepaths using manually set .arch/.fpu code is
behind runtime detection, the elf attributes should be suppressed.
This allows tools to know that the final built binary doesn't
strictly require these extensions.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
dcae2e32f7d8a1ca5fb8c1e4aa81313be854dd73
and
b77e335e441040a40fc6156b8e4a134745d10233)
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
9841654c158c80e9d525ba03754135d3f34e306e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Xiaohan Wang [Thu, 6 Nov 2014 20:59:54 +0000 (12:59 -0800)]
Fix read-after-free in matroska_read_seek().
In matroska_read_seek(), |tracks| is assigned at the begining of the function.
However, functions like matroska_parse_cues() could reallocate the tracks so
that |tracks| can get invalidated.
This CL assigns |tracks| only before we use it so that it won't be invalidated.
BUG=427266
TEST=Test case in associated bug passes now.
Change-Id: I9c7065fe8f4311ca846076281df2282d190ed344
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
33301f001747d7a542073c634cc81da5eff051cf)
Conflicts:
libavformat/matroskadec.c
Andreas Cadhalpun [Mon, 9 Mar 2015 18:24:09 +0000 (19:24 +0100)]
roqvideoenc: set enc->avctx in roq_encode_init
So far it is only set in roq_encode_frame, but it is used in
roq_encode_end to free the coded_frame. This currently segfaults if
roq_encode_frame is not called between roq_encode_init and
roq_encode_end.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cf82c426fadf90105e1fb9d5ecd267cc3aa2b288)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 9 Mar 2015 02:42:00 +0000 (03:42 +0100)]
avcodec/options_table: remove extradata_size from the AVOptions table
allowing access to the size but not the extradata itself is not useful
and could lead to potential problems if writing happens through this field
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Reviewed-by: Lukasz Marek <lukasz.m.luki2@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1f4088b28540080ce1d42345c5614be3e1a6a197)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 9 Mar 2015 13:59:44 +0000 (14:59 +0100)]
ffmdec: limit the backward seek to the last resync position
If resyncing leads to the same position as previously, it will again
lead to a resync attempt, resulting in an infinite loop.
Thus don't seek back beyond the last syncpoint.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6b8263b03ab3d16d70525ae1893cb106be7852f1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 8 Mar 2015 22:31:48 +0000 (23:31 +0100)]
ffmdec: fix infinite loop at EOF
If EOF is reached, while skipping bytes, avio_tell(pb) won't change
anymore, resulting in an infinite loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6fa98822eba501a4898fdec5b75acd3026201005)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 14:46:44 +0000 (15:46 +0100)]
avformat/rm: limit packet size
The chunk size is limited to 0xFFFF (written by avio_wb16), so make
sure that the packet size is not too large.
Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
See Ticket244
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
08728f400b8367dc8c983036cb2eff3a2891322b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 19:47:57 +0000 (20:47 +0100)]
avcodec/webp: validate the distance prefix code
According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.
If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
5de2dab12b951b2fe121eb18503accfc91cd1565)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 19:27:26 +0000 (20:27 +0100)]
avcodec/rv10: check size of s->mb_width * s->mb_height
If it doesn't fit into 12 bits it triggers an assertion.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
2578a546183da09d49d5bba8ab5e982dece1dede)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Federico Tomassetti [Wed, 18 Feb 2015 12:11:43 +0000 (12:11 +0000)]
mdec: check for out of bounds read
Bug-Id: CID
1257501
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
2c63081b48d98f3a0d0bed7b0ec3c0347b99144c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Vittorio Giovara [Fri, 27 Feb 2015 19:00:25 +0000 (19:00 +0000)]
aic: Fix decoding files with odd dimensions
Normally the aic decoder finds the proper slice combination (multiple of
some number less than 32) but in case of odd width, it resorts to the
default values, which were actually swapped.
The number of slices is modified to account for such odd width cases.
CC: libav-stable@libav.org
(cherry picked from commit
e878ec0d47cd6228c367b2f3128b76d7523f7255)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 8 Mar 2015 22:27:43 +0000 (23:27 +0100)]
avcodec/tiff: move bpp check to after "end:"
This ensures that all current and future code-pathes get bpp checked
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d5e9fc782150d4596c72440a0aa02b7f4f1254b1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 7 Mar 2015 13:30:34 +0000 (14:30 +0100)]
avcodec/utils: Align YUV411 by as much as the other YUV variants
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash2.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e3201c38d53d2b8b24d0bc95d726b2cb1752dc12)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 5 Mar 2015 21:48:28 +0000 (22:48 +0100)]
webp: ensure that each transform is only used once
According to the WebP Lossless Bitstream Specification
"each transform is allowed to be used only once".
If a transform is more than once this can lead to memory
corruption.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c089e720c1b753790c746a13053636d7facf6bf0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sat, 28 Feb 2015 19:58:31 +0000 (20:58 +0100)]
avformat/flvenc: check that the codec_tag fits in the available bits
flags is later written with avio_w8 and if it doesn't fit in one byte it
triggers an av_assert2.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e8565d21c276ab9ac5ce785549420321fbd0b093)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 27 Feb 2015 02:12:23 +0000 (03:12 +0100)]
swscale/utils: clear formatConvBuffer on allocation
Fixes use of uninitialized memory
Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
007498fc1a639ecee2cda1892cbcff66c7c8c951)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 11 Feb 2015 02:33:53 +0000 (03:33 +0100)]
avcodec/mjpegdec: Skip blocks which are outside the visible area
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
08509c8f86626815a3e9e68d600d1aacbb8df4bf)
Conflicts:
libavcodec/mjpegdec.c
(cherry picked from commit
0861bb66d7c281c92a0746167bb141735a660856)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 26 Feb 2015 20:42:02 +0000 (21:42 +0100)]
avformat/bit: only accept the g729 codec and 1 channel
Other codecs/channel numbers are not supported by this muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d0b8640f75ff7569c98d6fdb03d83451104e088c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 26 Feb 2015 20:38:50 +0000 (21:38 +0100)]
avformat/bit: check that pkt->size is 10 in write_packet
Ohter packet sizes are not supported by this muxer.
This avoids a null pointer dereference of pkt->data.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
eeda2c3de8a8484d9e7d1e47ac836bec850b31fc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Wed, 25 Feb 2015 21:55:44 +0000 (22:55 +0100)]
avformat/adxdec: check avctx->channels for invalid values
This avoids a null pointer dereference of pkt->data.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
7faa40af982960608b117e20fec999b48011e5e0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Dyami Caliri [Thu, 26 Feb 2015 18:17:01 +0000 (10:17 -0800)]
Fix buffer_size argument to init_put_bits() in multiple encoders.
Several encoders were multiplying the buffer size by 8, in order to get
a bit size. However, the buffer_size argument is for the byte size of
the buffer. We had experienced crashes encoding prores (Anatoliy) at
size 4096x4096.
(cherry picked from commit
50833c9f7b4e1922197a8955669f8ab3589c8cef)
Conflicts:
libavcodec/proresenc_kostya.c
James Cowgill [Thu, 26 Feb 2015 13:42:52 +0000 (13:42 +0000)]
mips/acelp_filters: fix incorrect register constraint
Change register constraint on the v variable from = to +. This was causing GCC
to think that the v variable was never read and therefore not initialize it.
This fixes about 20 fate failures on mips64el.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b9de1303a6414174ab2f3bccefa801bfabcf0f88)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 25 Feb 2015 14:51:28 +0000 (15:51 +0100)]
avcodec/hevc_ps: Sanity checks for some log2_* values
log2 values which imply numeric overflow are not supported
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
205b2ba3d677330e023aac2f4bd3f624039256b9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 25 Feb 2015 11:29:10 +0000 (12:29 +0100)]
avcodec/zmbv: Check len before reading in decode_frame()
Fixes out of array read
Fixes: asan_heap-oob_4d4eb0_3994_cov_3169972261_zmbv_15bit.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1f5c7781e63d6519192ada59c1e36bcecc92791d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 24 Feb 2015 19:49:07 +0000 (20:49 +0100)]
avcodec/h264: Only reinit quant tables if a new PPS is allowed
Fixes null pointer dereference
Fixes: signal_sigsegv_3042097_3007_cov_1741463594_non_monotone_timestamps1.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c23a0e77dd492d6c794f89dbff3a438c95745e70)
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Tue, 24 Feb 2015 02:12:22 +0000 (03:12 +0100)]
avcodec/snowdec: Fix ref value check
Fixes integer overflow and out of array read.
Fixes: signal_sigsegv_24169e6_3445_cov_3778346427_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
8f4cbf940212079a34753c7f4d6c6b5a43586d30)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 23 Feb 2015 23:32:39 +0000 (00:32 +0100)]
swscale/utils: More carefully merge and clear coefficients outside the input
Fixes out of array read
Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1895d414aaacece3b57d7bf19502305e9a064fae)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 22 Feb 2015 19:48:38 +0000 (20:48 +0100)]
avcodec/a64multienc: fix use of uninitialized values in to_meta_with_crop
Averaging over 2 pixels doesn't work correctly for the last pixel, because the
rest of the buffer is not initialized.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
87513d654546a99f8ddb045ca4fa5d33778a617e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 23 Feb 2015 00:21:30 +0000 (01:21 +0100)]
avcodec/a64multienc: don't set incorrect packet size
This fixes invalid reads of the packet buffer in av_dup_packet
Based on patch by Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d96142e9af92ded84f2580620c571ab96c4bb657)
Conflicts:
libavcodec/a64multienc.c
Andreas Cadhalpun [Sun, 22 Feb 2015 19:43:30 +0000 (20:43 +0100)]
avcodec/a64multienc: use av_frame_ref instead of copying the frame
This fixes freeing the frame buffer twice on cleanup leading to a crash.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
39e4ed7c1d8d840be47f6d604704d47a59a9ae5d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 19 Feb 2015 15:25:29 +0000 (16:25 +0100)]
avcodec/x86/mlpdsp_init: Simplify mlp_filter_channel_x86()
Based on patch by Francisco Blas Izquierdo Riera
Commit message partly taken from carl
fixes a compilation
error in mlpdsp_init.c with -fstack-check and some gcc compilers (I
reproduced the issue with gcc 4.7.3) by simplifying the code.
See also https://bugs.gentoo.org/show_bug.cgi?id=471756
$ make libavcodec/x86/mlpdsp_init.o
libavcodec/x86/mlpdsp_init.c: In function ‘mlp_filter_channel_x86’:
libavcodec/x86/mlpdsp_init.c:142:5: error: can’t find a register in
class ‘GENERAL_REGS’ while reloading ‘asm’
libavcodec/x86/mlpdsp_init.c:142:5: error: ‘asm’ operand has impossible
constraints
4551 -> 4509 dezicycles
Reviewed-by: Ramiro Polla <ramiro.polla@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
03f39fbb2a558153a3c464edec1378d637a755fe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Anton Khirnov [Thu, 12 Feb 2015 12:06:49 +0000 (13:06 +0100)]
h264: initialize H264Context.avctx in init_thread_copy
This prevents using a wrong (first thread's) AVCodecContext if decoding
a frame in the first pass over all threads fails.
(cherry picked from commit
a06b0b1295c51d100101e0ca0434e199ad6de6b5)
Conflicts:
libavcodec/h264.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 20:01:54 +0000 (21:01 +0100)]
avformat/omadec: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
0f55bc29d41585d110b126cb4ed4b395fd46d7ac)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 20:00:57 +0000 (21:00 +0100)]
avformat/vqf: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cb08687180683a755d0fe9d425280d0e4d1e6db2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 19:41:35 +0000 (20:41 +0100)]
avformat/mvdec: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
26c0cc154e06cb0064b3a3da49447ac44d82444f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 19:14:56 +0000 (20:14 +0100)]
avformat/gxf: Use 64bit for res to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
12987f89007ee82b9d3a6090085dfaef8461ab8b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 20 Feb 2015 19:13:06 +0000 (20:13 +0100)]
avformat/idcin: Use 64bit for ret to avoid overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d1923d15a3544cbb94563a59e7169291db76b312)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 7 Feb 2015 02:34:48 +0000 (03:34 +0100)]
avcodec/h264_slice: ignore SAR changes in slices after the first
Fixes race condition and null pointer dereference
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
38d5241b7f36c1571a88517a0650caade16dd5f4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Sat, 7 Feb 2015 01:22:44 +0000 (02:22 +0100)]
avcodec/h264_slice: Check picture structure before setting the related fields
This might fix a hypothetical race condition
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f111831ed61103f9fa8fdda41473a23da016bdaa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Sat, 7 Feb 2015 01:06:20 +0000 (02:06 +0100)]
avcodec/h264_slice: Do not change frame_num after the first slice
Fixes potential race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f906982c9411f3062e3ce68013309b37c213c4dd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264_slice.c
Michael Niedermayer [Fri, 6 Feb 2015 14:09:54 +0000 (15:09 +0100)]
avcodec/h264: Be more strict on rejecting pps/sps changes
Fixes race condition
Fixes: signal_sigsegv_1472ac3_468_cov_2915641226_CABACI3_Sony_B.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6fafc62b0bd0e206deb77a7aabbf3a370ad80789)
Conflicts:
libavcodec/h264.c
Michael Niedermayer [Fri, 6 Feb 2015 03:11:56 +0000 (04:11 +0100)]
avcodec/h264_ps: More completely check the bit depths
Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
69aa79365c1e8e1cb597d33e77bf1062c2ef47d4)
Conflicts:
libavcodec/h264_ps.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 5 Feb 2015 02:45:21 +0000 (03:45 +0100)]
avformat/thp: Check av_get_packet() for failure not only for partial output
Fixes null pointer dereference
Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f2579dbb4b31e6ae731e7f5555680528ef3020ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 4 Feb 2015 23:12:08 +0000 (00:12 +0100)]
swscale/utils: Limit filter shifting so as not to read from prior the array
Fixes out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
692b22626ec9a9585f667c124a186b1a9796e432)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 4 Feb 2015 19:13:18 +0000 (20:13 +0100)]
avcodec/mjpegdec: Check escape sequence validity
Fixes assertion failure
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 4 Feb 2015 19:48:30 +0000 (20:48 +0100)]
avcodec/mjpegdec: Check number of components for JPEG-LS
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
fabbfaa095660982cc0bc63242c459561fa37037)
Conflicts:
libavcodec/mjpegdec.c
Michael Niedermayer [Wed, 4 Feb 2015 13:47:41 +0000 (14:47 +0100)]
avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
05e161952954acf247e0fd1fdef00559675c4d4d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Tue, 3 Feb 2015 18:04:11 +0000 (19:04 +0100)]
avformat/mpc8: fix broken pointer math
This could overflow and crash at least on 32 bit systems.
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b737a2c52857b214be246ff615c6293730033cfa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Tue, 3 Feb 2015 18:04:12 +0000 (19:04 +0100)]
avformat/mpc8: fix hang with fuzzed file
This can lead to an endless loop by seeking back a few bytes after each
attempted chunk read. Assuming negative sizes are always invalid, this
is easy to fix. Other code in this demuxer treats negative sizes as
invalid as well.
Fixes ticket #4262.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
56cc024220886927350cfc26ee695062ca7ecaf4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
wm4 [Tue, 3 Feb 2015 13:41:10 +0000 (14:41 +0100)]
avformat/tta: fix crash with corrupted files
av_add_index_entry() can fail, for example because the parameters are
invalid, or because memory allocation fails. Check this; it can actually
happen with corrupted files.
The second hunk is just for robustness. Just in case functions like
ff_reduce_index() remove entries. (Not sure if this can actually
happen.)
Fixes ticket #4294.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6a0cd529a35190d9374b0b26504e71857cd67b83)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:40:13 +0000 (19:40 +0100)]
avcodec/mpegvideo_enc: Fix number suffixes in rc_buffer_size calculation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4531e2c489d279bfc90d54ca26ed898c5b265a7f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:39:22 +0000 (19:39 +0100)]
avcodec/h264_cabac: use int instead of long for mbb_xy
The mb address fits in int
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
592ba6ec106206f97133c9345313010c76361e12)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:36:36 +0000 (19:36 +0100)]
avformat/omadec: fix number suffix
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f1f7f5903ab49b84789af5341492afbaba808a70)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:36:13 +0000 (19:36 +0100)]
avformat/smacker: Fix number suffix
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
465f3705b1ef832fd6904750d018f81f9044f3ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:34:52 +0000 (19:34 +0100)]
avformat/matroskadec: Fix number suffixes
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
fc3cdb00d084222a107e61e7168903bf3d3d0b47)
Conflicts:
libavformat/matroskadec.c
Michael Niedermayer [Sun, 1 Feb 2015 18:27:00 +0000 (19:27 +0100)]
swresample/dither: Cleanup number suffixes
The <<31 case needs LL
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c77cc2c1766666cdb5f14daee0f75e397bf7a194)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 1 Feb 2015 18:19:25 +0000 (19:19 +0100)]
avformat/utils: Fix number suffixes in tb_unreliable()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4b15bba2aec93776bfdc69a1bca42a4795a7d191)
Conflicts:
libavformat/utils.c
Michael Niedermayer [Fri, 5 Dec 2014 23:18:29 +0000 (00:18 +0100)]
avformat/rmdec: Check for overflow in ff_rm_read_mdpr_codecdata()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
03abf55f252945c70f4a79eaf4d609cee4d98710)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Vittorio Giovara [Wed, 17 Dec 2014 15:02:07 +0000 (16:02 +0100)]
swscale: check memory allocations
Bug-Id: CID
1257779
(cherry picked from commit
1dd797e3c9f179f957316a0becbec048b42df8aa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 17 Jan 2015 00:56:03 +0000 (01:56 +0100)]
avcodec/flac_parser: fix handling EOF if no headers are found
Fixes assertion failure
Fixes Ticket4269
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c4d85fc23c100f7a27d9bad710eb153214868e27)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>