Michael Niedermayer [Wed, 10 Jun 2015 01:26:56 +0000 (03:26 +0200)]
Update for 2.0.7
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 9 Jun 2015 22:47:43 +0000 (00:47 +0200)]
avdevice/lavfi: do not rescale AV_NOPTS_VALUE in lavfi_read_packet()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
913685f55208efd78bfc34d82b261bd449e69774)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 9 Jun 2015 03:11:09 +0000 (05:11 +0200)]
avcodec/x86/h264_weight: handle weight1=128
Fix ticket4596
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e1009665759d4a3938dd2dd07b7e84d8bc9c5290)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 8 Jun 2015 22:37:26 +0000 (00:37 +0200)]
avcodec/jpeg2000dec: Check that coords match before applying ICT
This avoid potential out of array accesses
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
12ba1b2b4d5592c0e27b0fcc83db929e8d6a8eee)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 7 Jun 2015 12:55:10 +0000 (14:55 +0200)]
avformat/ffmdec: Check ffio_set_buf_size() return value
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
dc55477a64cefebf8dcc611f026be71382814ae2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 4 Jun 2015 20:34:12 +0000 (22:34 +0200)]
avcodec/adpcm: Check for overreads
See: vlc ticket 14649
Reported-by: carl
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3c803ed9cb23e5a8d76b6c31d8a8c71cac27e769)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 4 Jun 2015 20:59:34 +0000 (22:59 +0200)]
avcodec/alsdec: Check for overread
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c2657633187e325a439e3297fd9ccd0522ab2e39)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 1 Jun 2015 19:35:02 +0000 (21:35 +0200)]
avformat/mxfenc: Accept MXF D-10 with 49.999840 Mbit/sec
This is the maximum rate possible based on the frame size limit of MXF D-10
Previous version reviewed by tim nicholson <nichot20@yahoo.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d7a762553c6f6c422adb6632354bcc4ff577b701)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Ganesh Ajjanagadde [Wed, 3 Jun 2015 03:17:48 +0000 (23:17 -0400)]
swresample/dither: check memory allocation
check memory allocation in swri_get_dither()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
196b885a5f0aa3ca022c1fa99509f47341239784)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 2 Jun 2015 22:48:29 +0000 (00:48 +0200)]
swresample: Check the return value of resampler->init()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
02915602d9313aa4b108342a3081244b9d2422bf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Luca Barbato [Mon, 25 May 2015 20:30:10 +0000 (22:30 +0200)]
h264: Make sure reinit failures mark the context as not initialized
(cherry picked from commit
3b69f245dbe6e2016659a45c4bfe284f6c5ac57e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/h264_slice.c
(cherry picked from commit
964fef3f3ced60e67831549df223bc177e1537c9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Conflicts:
libavcodec/h264.c
Michael Niedermayer [Thu, 21 Aug 2014 14:33:03 +0000 (16:33 +0200)]
avcodec/h264_slice: More complete cleanup in h264_slice_header_init()
Fixes null pointer dereference
Fixes Ticket3873
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1fa35e4352cc39894987e14de464e3d72b55739f)
Conflicts:
libavcodec/h264_slice.c
Andreas Cadhalpun [Tue, 19 May 2015 22:31:24 +0000 (00:31 +0200)]
nutdec: stop skipping bytes at EOF
This can unnecessarily waste a lot of time.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit
fa7dec8cb00d2d0dd96ff9863ccda38428610a21)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 19 May 2015 22:06:05 +0000 (00:06 +0200)]
nutdec: fix infinite resync loops
nut->last_syncpoint_pos doesn't necessarily change between resync
attempts, so find_any_startcode can return the same startcode again.
Thus remember where the last resync happened and don't try to resync
before that.
This can't be done locally in nut_read_packet, because this wouldn't
prevent infinite resync loops, where after the resync a packet is
returned and while reading a following packet the resync happens again.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit
37e679881d364b6da817d829d35869d657218ab3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 22 May 2015 22:23:05 +0000 (00:23 +0200)]
avformat/nutdec: Check X in 2nd branch of index reading
Prevents read of uninitialized variable
Based on patch by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ebb0ca3d70465ab6d369a66b2ef43bb059705db8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 20 May 2015 15:32:48 +0000 (17:32 +0200)]
avformat/nutdec: Fix recovery when immedeately after seeking a failure happens
Found-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b3496b4a33e806b7afdcbbf6f468b0332b676d7c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 20 May 2015 15:13:15 +0000 (17:13 +0200)]
avformat/nutdec: Return error on EOF from get_str()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6bbb2f8f4da67af374d62403742482cc5962aa21)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Martin Storsjö [Fri, 24 Apr 2015 09:38:09 +0000 (12:38 +0300)]
rtsp: Make sure we don't write too many transport entries into a fixed-size array
(cherry picked from commit
b90adb0aba073f9c1b4abca852119947393ced4c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andrey Utkin [Fri, 10 Apr 2015 21:54:10 +0000 (00:54 +0300)]
rtpenc_jpeg: handle case of picture dimensions not dividing by 8
This fixes the calculation of the number of needed blocks to make
sure that ALL pixels are represented by the result.
Reviewed-by: Thomas Volkert <silvo@gmx.net>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
7f64a7503b19b39f1251e4380987034c569bebf5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 20:02:12 +0000 (22:02 +0200)]
avcodec/libtheoraenc: Check for av_malloc failure
Fixes CID1257799
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c64b2d480b4a35d4face9928b4265a0fda3f3dd9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 16:29:40 +0000 (18:29 +0200)]
avcodec/dcadec: Check active_bands
Fixes CID1297594 part2
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
fc624ec9ba7e5c4e8d905ac10f605a43d123f95a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 16:04:12 +0000 (18:04 +0200)]
avcodec/dcadec: Check scale table index
Fixes CID1297594 part 1
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
0f3e6959bfa67d12cd5a173b86eb15abd7d9e4d5)
Conflicts:
libavcodec/dcadec.c
Michael Niedermayer [Fri, 15 May 2015 15:31:58 +0000 (17:31 +0200)]
avcodec/sonic: More completely check sample_rate_index and channels
Fixes CID1271783
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ade8a46154cb45c88b1cb5c616eaa6320c941187)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 15:21:10 +0000 (17:21 +0200)]
avcodec/smvjpegdec: check avcodec_decode_video2() return code
Fixes CID1271810
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cdd25f9a3df3905543a5546cf6076d2eaf895736)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 15:02:28 +0000 (17:02 +0200)]
avcodec/shorten: More complete pred_order check
Fixes CID1239055
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
294469416d8193a28710d802bb0c46e5fa09fad7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 14:48:31 +0000 (16:48 +0200)]
avcodec/shorten: Check skip_bytes()
Fixes CID1210526
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d201becfc0d89c6a5dfe44e96f1044fbc2aadb70)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 14:58:51 +0000 (16:58 +0200)]
avcodec/shorten: Fix code depending on signed overflow behavior
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
2d15588124ab1d4c0612cab66f02a716f1509211)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Fri, 15 May 2015 13:23:32 +0000 (15:23 +0200)]
avcodec/proresdec2: Reset slice_count on deallocation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c4c6aea397f62421bf8ef0449b2b465a53e4ab4d)
Conflicts:
libavcodec/proresdec2.c
Michael Niedermayer [Sat, 9 May 2015 11:07:00 +0000 (13:07 +0200)]
ffmpeg_opt: Fix -timestamp parsing
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
107e4da47644fe615ea821d6a19682d73789aca7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 14 May 2015 19:29:19 +0000 (21:29 +0200)]
avcodec/dcadec: Check subsubframes
Fixes: CID1239152
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
a9bf628bfdad142763880a3d1ccb6058040dda57)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 14 May 2015 18:49:25 +0000 (20:49 +0200)]
avcodec/dcadec: Check nchans
Fixes CID1239110
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
a6a45774d045007f8262cd7c614804390e53122e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 14 May 2015 15:54:40 +0000 (17:54 +0200)]
avcodec/cavsdec: Check esc_code
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
139e1c8009df7729a53eaaae7036ca01071aced5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 13 May 2015 22:09:56 +0000 (00:09 +0200)]
avcodec/mpeg4audio: add some padding/alignment to MAX_PCE_SIZE
This avoids potential accesses over the end
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
93cfa7d1692c25cff045f99ba1af2c9e5772c45e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 13 May 2015 16:36:19 +0000 (18:36 +0200)]
avcodec/mjpegdec: fix len computation in ff_mjpeg_decode_dqt()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
81cf9108563510dee24f73b2c5d94a7bd07ff747)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 13 May 2015 13:15:55 +0000 (15:15 +0200)]
avcodec/jpeg2000dec: fix boolean operator
Fixes CID1271791 #7-6
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f8f155a18ac454e7ff3312e0e0c3a70eb4359143)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 12 May 2015 22:41:38 +0000 (00:41 +0200)]
avcodec/vqavideo: Check chunk size
Fixes CID1239154
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
8a62b80ce6c8e87e7937f9a5d68f83882c1c8da2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 12 May 2015 16:32:12 +0000 (18:32 +0200)]
avformat/matroskadec: Cleanup error handling for bz2 & zlib
Fixes CID703652
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
171af59d58fc67d82dce8ff7ed11fa671108baa5)
Conflicts:
libavformat/matroskadec.c
Michael Niedermayer [Tue, 12 May 2015 16:20:23 +0000 (18:20 +0200)]
avformat/nutdec: Fix use of uinitialized value
Fixes CID1041175
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
56abf35151c635caa3eb04bbb90454bae5463a09)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 12 May 2015 15:55:40 +0000 (17:55 +0200)]
avformat/rtpenc_jpeg: Check remaining buffer size for SOS
Fixes CID1238818
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
81198a68370e88f7d02f16de58db36713c2a50b6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 12 May 2015 16:03:55 +0000 (18:03 +0200)]
avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet()
Larger packets are not supported and would cause problems later
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
aa5169935e160551fb1c290d1397da2f04325817)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 12 May 2015 01:59:30 +0000 (03:59 +0200)]
tools/graph2dot: use larger data types than int for array/string sizes
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
acf4925f444636a828534ab47d0f86c21a7a9b4e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 10 May 2015 13:38:40 +0000 (15:38 +0200)]
avformat/subtitles: Use size_t for len
string length could theoretically be larger than int
Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
a633928d47057426a9c328da594407d1c7da8a5c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 11 May 2015 01:50:01 +0000 (03:50 +0200)]
avformat/url: Use size_t for len from strlen()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
95efc651294b3cf3e5ec4b3ed36e79d7261545ff)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 11 May 2015 18:01:15 +0000 (20:01 +0200)]
avutil/avstring: Use size_t in av_strlcatf()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ae4eea8be45a0b212fd57ceaac1f11089ab81d98)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 11 May 2015 13:23:51 +0000 (15:23 +0200)]
avformat/vorbiscomment: Check entry length in ff_vorbiscomment_write()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
eca38864a6ce5053e463b8d3fc22b22bc9a49578)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 10 May 2015 14:09:07 +0000 (16:09 +0200)]
avutil/dict: Use size_t for appending strings
the string length is not constrained to INT_MAX
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4c128ea1629116fc4936edc5f96bbd18f3ef1647)
Conflicts:
libavutil/dict.c
Andreas Cadhalpun [Wed, 22 Apr 2015 13:23:24 +0000 (15:23 +0200)]
aacsbr: break infinite loop in sbr_hf_calc_npatches
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
584cc1ade10a3297ef9c107ef3a2081c04024156)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Wed, 6 May 2015 13:34:53 +0000 (15:34 +0200)]
diracdec: check that block length is valid
In init_planes p->xblen and p->yblen are set to:
p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
av_assert2(start_x < end_x && block_w > 0);
av_assert2(start_y < end_y && block_h > 0);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
75fc81c8318505aa7946e05a9bee08d47241fc66)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 5 May 2015 21:51:48 +0000 (23:51 +0200)]
diracdec: check if reference could not be allocated
s->ref_pics[i] is later used as ref argument of interpolate_refplane,
where it is dereferenced.
If it is NULL, it causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d93181ef3eacdb862d93448f31c97765a523d1db)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 5 May 2015 20:10:44 +0000 (22:10 +0200)]
diracdec: avoid overflow of bytes*8 in decode_lowdelay
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
9e66b39aa87eb653a6e5d15f70b792ccbf719de7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 5 May 2015 19:33:08 +0000 (21:33 +0200)]
diracdec: prevent overflow in data_unit_size check
buf_idx + data_unit_size can overflow, causing the '> buf_size' check to
wrongly fail.
This causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
984f50deb2d48f6844d65e10991b996a6d29e87c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 4 May 2015 21:01:45 +0000 (23:01 +0200)]
avidec: avoid infinite loop due to negative ast->sample_size
If max in clean_index is set to a negative ast->sample_size, the
following loop never ends:
while (max < 1024)
max += max;
Thus set ast->sample_size to 0 if it would otherwise be negative.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ca234639ac49a0dc073ac1f10977979acdb94f97)
Conflicts:
libavformat/avidec.c
Michael Niedermayer [Mon, 4 May 2015 13:47:54 +0000 (15:47 +0200)]
avformat/matroskadec: Use tracks[k]->stream instead of s->streams[k]
The later is not correct
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
5d309d309108684f742bbf5fc2393f1c519cda72)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 3 May 2015 21:55:20 +0000 (23:55 +0200)]
matroskadec: check s->streams[k] before using it
This fixes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e54540655f229d06667dc7fa7005f2a20e101e80)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 4 May 2015 11:37:26 +0000 (13:37 +0200)]
avcodec/ffv1dec: Check chroma shift parameters
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d43cd6b08ed555c303478e3133717fbb2236be6e)
Conflicts:
libavcodec/ffv1dec.c
Andreas Cadhalpun [Sun, 3 May 2015 21:07:20 +0000 (23:07 +0200)]
matroskadec: use uint64_t instead of int for index_scale
index_scale is set to matroska->time_scale of type uint64_t.
When index_scale is int, the assignment can overflow and e.g. result
in index_scale = 0. This causes a floating point exception due to the
division by index_scale.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
eb9fb508b0e09d85d234fe694333b2005e1d7a7e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sun, 3 May 2015 13:54:21 +0000 (15:54 +0200)]
avcodec/wavpack: Check L/R values before use to avoid harmless integer overflow and undefined behavior in fate
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
042260cde4ecf716438c5fc92d15ad5f037ee2e1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 20:37:19 +0000 (22:37 +0200)]
nutdec: fix illegal count check in decode_main_header
The existing check has two problems:
1) i + count can overflow, so that the check '< 256' returns true.
2) In the (i == 'N') case occurs a j-- so that the loop runs once more.
This can trigger the assertion 'nut->header_len[0] == 0' or cause
segmentation faults or infinite hangs.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
7c24ca1bda2d4df1dc9b2b982941be532d60da21)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 18:57:59 +0000 (20:57 +0200)]
nutdec: check chapter creation in decode_info_header
This fixes a segmentation fault when accessing the metadata.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
3ff1af2b0db7132d5717be6395227a94c8abab07)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 18:31:56 +0000 (20:31 +0200)]
nutdec: check for negative frame rate in decode_info_header
A negative frame rate triggers an av_assert2 in av_rescale_rnd.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6621105877ce0d65724a8ab60b3a50160adbe65d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 23 Apr 2015 12:29:47 +0000 (14:29 +0200)]
ffmpeg: remove incorrect network deinit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e2877bdf3862325c2982c3237d9bf28f1bbf793f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Tue, 28 Apr 2015 09:13:43 +0000 (11:13 +0200)]
apedec: prevent out of array writes in decode_array_0000
s->decoded_buffer is allocated with a min_size of:
2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)
Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8)
to s->decoded[1]) and passed as out buffer to decode_array_0000.
In this function 64 elements of the out buffer are written
unconditionally and outside the array if blockstodecode is too small.
This causes memory corruption, leading to segmentation faults or other
crashes.
Thus change decode_array_0000 to write at most blockstodecode elements
of the out buffer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
699341d647f7af785fb8ceed67604467b0b9ab12)
Conflicts:
libavcodec/apedec.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 27 Apr 2015 22:30:51 +0000 (00:30 +0200)]
apedec: set s->samples only when init_frame_decoder succeeded
Otherwise range_start_decoding is not necessarily run and thus
ctx->rc.range still 0 in range_dec_normalize leading to an infinite
loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
464c49155ce7ffc88ed39eb2511e7a75565c24be)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 23 Apr 2015 02:27:56 +0000 (04:27 +0200)]
tests/fate-run: do not attempt to parse tiny_psnrs output if it failed
This avoids confusing syntax errors with awk later
Likely fixes awk errors at:
http://buildd.debian-ports.org/status/fetch.php?pkg=ffmpeg&arch=sparc64&ver=7%3A2.6.2-1&stamp=
1428928967
Reviewed-by: Timothy Gu <timothygu99@gmail.com>
Thanks-to: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> for the link
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
c0d847e457c1ef72843a63853f1135d52b74131e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 23 Apr 2015 22:01:43 +0000 (00:01 +0200)]
alac: reject rice_limit 0 if compression is used
If rice_limit is 0, k can be 0 in decode_scalar, which calls show_bits(gb, k).
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4b657a1b1eedcf38bcf36e89a2f4be6f76b5ce09)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Wed, 22 Apr 2015 14:03:41 +0000 (16:03 +0200)]
alsdec: only adapt order for positive max_order
For max_order = 0 the clipping range is invalid. (amin = 2, amax = 1)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
58d605ee9b3277289278dc40e022311f8e083833)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Vittorio Giovara [Wed, 22 Apr 2015 13:59:56 +0000 (14:59 +0100)]
lavf: Reset global flag on deinit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
32da94fa7f73ac749e0a1e2f20499fad2f6f57fe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Wed, 22 Apr 2015 14:32:42 +0000 (16:32 +0200)]
mpeg4videodec: only allow a positive length
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
b3408ae4c64cb674b1d5f0f30171759113ce722a)
Conflicts:
libavcodec/mpeg4videodec.c
(cherry picked from commit
3339bae2197a2a02b090e74a8720282b5b87598e)
Andreas Cadhalpun [Tue, 21 Apr 2015 17:25:50 +0000 (19:25 +0200)]
alsdec: check sample pointer range in revert_channel_correlation
Also change the type of begin, end and smp to ptrdiff_t to make the
comparison well-defined.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
afc7748d1f6abc4b3b1cc957b0fa6941837db3d0)
Conflicts:
libavcodec/alsdec.c
(cherry picked from commit
0b5405c443ec8adc3c114e508b71ce2012c83f0d)
Michael Niedermayer [Mon, 20 Apr 2015 20:22:31 +0000 (22:22 +0200)]
avformat/utils: Ensure that AVFMT_FLAG_CUSTOM_IO is set before use
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ba631b791435c395361e2026fc7419b341e57813)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sat, 18 Apr 2015 18:09:28 +0000 (20:09 +0200)]
alsdec: validate time diff index
If begin is smaller than t, the subtraction 'begin -= t' wraps around,
because begin is unsigned. The same applies for end < t.
This causes segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
faf9fe2c224ea81a98afd53e2f0be0a2e13aeca9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 18 Apr 2015 18:50:23 +0000 (20:50 +0200)]
avcodec/alsdec: Use av_mallocz_array() for chan_data to ensure the arrays never contain random data
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
7e104647a3556fc61a139483cee1cb7dfa2dc5bd)
Conflicts:
libavcodec/alsdec.c
Andreas Cadhalpun [Sat, 18 Apr 2015 16:31:36 +0000 (18:31 +0200)]
alsdec: ensure channel reordering is reversible
If the same idx is used for more than one i, at least one entry in
sconf->chan_pos remains uninitialized.
This can cause segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ef16501aebed43e34a3721336e8bee732eca2877)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 19:25:26 +0000 (21:25 +0200)]
ac3: validate end in ff_ac3_bit_alloc_calc_mask
This fixes an invalid read if end is 0:
band_end = ff_ac3_bin_to_band_tab[end-1] + 1;
Depending on what is before the array, this can cause stack smashing,
when band_end becomes too large.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
bc4fee7f2a51635fa3c0f61d1e5164da1efeded3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 18:04:54 +0000 (20:04 +0200)]
aacpsy: avoid psy_band->threshold becoming NaN
If band->thr is 0.0f, the division is undefined, making norm_fac not a
number or infinity, which causes psy_band->threshold to become NaN.
This is passed on to other variables until it finally reaches
sce->sf_idx and is converted to an integer (-
2147483648).
This causes a segmentation fault when it is used as array index.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e224aa41917454e7b5c23d9f2541425743ce595a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 17:12:02 +0000 (19:12 +0200)]
aasc: return correct buffer size from aasc_decode_frame
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
0be54ad280cf114c02306b7063147e8379f8ed1e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Thu, 16 Apr 2015 12:49:08 +0000 (14:49 +0200)]
msrledec: use signed pixel_ptr in msrle_decode_pal4
This fixes segmentation faults, when pic->linesize[0] is negative.
In that case 'line * pic->linesize[0] + pixel_ptr' is treated as
unsigned and wraps around.
This reverts commit
7d78a964.
The problem was introduced in commit
f7e1367f, which should obsolete
that commit.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
ae6fd7300b4e9f81d3b5ba201096ffe7cccf26fb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Wed, 8 Apr 2015 22:04:44 +0000 (00:04 +0200)]
avcodec/aacdec: Fix storing state before PCE decode
Fixes Ticket4460
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
e88b3852aefaa39b2170ef185ad03dda18732821)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Timothy Gu [Mon, 10 Nov 2014 05:37:18 +0000 (21:37 -0800)]
tests: Fix test name for pixfmts tests(cherry picked from commit
e1ee0521a698809ed216e9e5c11bd2bbb466ed04)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Timothy Gu [Tue, 10 Jun 2014 04:46:37 +0000 (21:46 -0700)]
tests/fate.sh: report different status for different errors
The order of error codes will be useful in my future fateserver patches.
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cc0057a31c7097839f9c4e4da61e2933b5b0e055)
Signed-off-by: Timothy Gu <timothygu99@gmail.com>
Michael Niedermayer [Sat, 4 Apr 2015 16:08:23 +0000 (18:08 +0200)]
avcodec/h264_refs: Do not set reference to things which dont exist
Fixes deadlock
Fixes Ticket4428
Fixes Ticket4429
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
429de043202286a2b5bcc082cc02de860b734db2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 30 Mar 2015 02:37:42 +0000 (04:37 +0200)]
avutil/pca: Check for av_malloc* failures
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
dadc43eee4d9036aa532665a04720238cc15e922)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 24 Mar 2015 14:50:12 +0000 (15:50 +0100)]
avcodec/msrledec: restructure msrle_decode_pal4() based on the line number instead of the pixel pointer
Fixes out of array access
Fixes:
da14e86d8462be6493eab16bc2d40f88/asan_heap-oob_204cfd2_528_cov_340150052_COMPRESS.BMP
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
f7e1367f58263593e6cee3c282f7277d7ee9d553)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Thu, 19 Mar 2015 22:28:39 +0000 (23:28 +0100)]
avcodec/dnxhddec: Check that the frame is interlaced before using cur_field
Fixes Ticket4227
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
2c660e34cf3c2b77cd2bef6f292920334dfd9192)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 14 Mar 2015 20:32:35 +0000 (21:32 +0100)]
avformat/mov: Disallow ".." in dref unless use_absolute_path is set
as this kind of allows to circumvent it to some extend.
We also could add a separate parameter or value to choose this
Found-by: ramiro
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1e4d0498df6621143da1a550006ddc3526ad51cb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 14 Mar 2015 20:24:54 +0000 (21:24 +0100)]
avformat/mov: Check for string truncation in mov_open_dref()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
8003816e1619e77d8de051883264aa090e0d78cc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Sat, 14 Mar 2015 20:23:32 +0000 (21:23 +0100)]
avformat/mov: Use sizeof(filename) instead of a literal number
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
21a53dd08dce7cc5b3fdf9c4826b4b74d8300ea0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 8 Mar 2015 22:12:59 +0000 (23:12 +0100)]
ffmdec: make sure the time base is valid
A negative time base can trigger assertions.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
4c91d81be23ffacfa3897b2bcfa77445bb0c2f89)
Conflicts:
libavformat/ffmdec.c
(cherry picked from commit
9678ceb6976ca8194848b24535785a298521211f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 10 Mar 2015 18:18:34 +0000 (19:18 +0100)]
avcodec/012v: redesign main loop
Fixes out of array accesses
Fixes: ffmpeg_012v_crash.ts
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Reviewed-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
48df30d36c3ca360c407d84f96749888d1fbe853)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Tue, 10 Mar 2015 19:21:14 +0000 (20:21 +0100)]
avcodec/012v: Check dimensions more completely
Fixes division by 0
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
d3b25383daffac154846daeb4e4fb46569e728db)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Martin Storsjö [Thu, 5 Mar 2015 21:38:00 +0000 (23:38 +0200)]
arm: Suppress tags about used cpu arch and extensions
When all the codepaths using manually set .arch/.fpu code is
behind runtime detection, the elf attributes should be suppressed.
This allows tools to know that the final built binary doesn't
strictly require these extensions.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
dcae2e32f7d8a1ca5fb8c1e4aa81313be854dd73
and
b77e335e441040a40fc6156b8e4a134745d10233)
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit
9841654c158c80e9d525ba03754135d3f34e306e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Xiaohan Wang [Thu, 6 Nov 2014 20:59:54 +0000 (12:59 -0800)]
Fix read-after-free in matroska_read_seek().
In matroska_read_seek(), |tracks| is assigned at the begining of the function.
However, functions like matroska_parse_cues() could reallocate the tracks so
that |tracks| can get invalidated.
This CL assigns |tracks| only before we use it so that it won't be invalidated.
BUG=427266
TEST=Test case in associated bug passes now.
Change-Id: I9c7065fe8f4311ca846076281df2282d190ed344
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
33301f001747d7a542073c634cc81da5eff051cf)
Conflicts:
libavformat/matroskadec.c
Andreas Cadhalpun [Mon, 9 Mar 2015 18:24:09 +0000 (19:24 +0100)]
roqvideoenc: set enc->avctx in roq_encode_init
So far it is only set in roq_encode_frame, but it is used in
roq_encode_end to free the coded_frame. This currently segfaults if
roq_encode_frame is not called between roq_encode_init and
roq_encode_end.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
cf82c426fadf90105e1fb9d5ecd267cc3aa2b288)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer [Mon, 9 Mar 2015 02:42:00 +0000 (03:42 +0100)]
avcodec/options_table: remove extradata_size from the AVOptions table
allowing access to the size but not the extradata itself is not useful
and could lead to potential problems if writing happens through this field
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Reviewed-by: Lukasz Marek <lukasz.m.luki2@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
1f4088b28540080ce1d42345c5614be3e1a6a197)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 9 Mar 2015 13:59:44 +0000 (14:59 +0100)]
ffmdec: limit the backward seek to the last resync position
If resyncing leads to the same position as previously, it will again
lead to a resync attempt, resulting in an infinite loop.
Thus don't seek back beyond the last syncpoint.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6b8263b03ab3d16d70525ae1893cb106be7852f1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Sun, 8 Mar 2015 22:31:48 +0000 (23:31 +0100)]
ffmdec: fix infinite loop at EOF
If EOF is reached, while skipping bytes, avio_tell(pb) won't change
anymore, resulting in an infinite loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
6fa98822eba501a4898fdec5b75acd3026201005)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 14:46:44 +0000 (15:46 +0100)]
avformat/rm: limit packet size
The chunk size is limited to 0xFFFF (written by avio_wb16), so make
sure that the packet size is not too large.
Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
See Ticket244
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
08728f400b8367dc8c983036cb2eff3a2891322b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Andreas Cadhalpun [Mon, 2 Mar 2015 19:27:26 +0000 (20:27 +0100)]
avcodec/rv10: check size of s->mb_width * s->mb_height
If it doesn't fit into 12 bits it triggers an assertion.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit
2578a546183da09d49d5bba8ab5e982dece1dede)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Federico Tomassetti [Wed, 18 Feb 2015 12:11:43 +0000 (12:11 +0000)]
mdec: check for out of bounds read
Bug-Id: CID
1257501
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
2c63081b48d98f3a0d0bed7b0ec3c0347b99144c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Vittorio Giovara [Fri, 27 Feb 2015 19:00:25 +0000 (19:00 +0000)]
aic: Fix decoding files with odd dimensions
Normally the aic decoder finds the proper slice combination (multiple of
some number less than 32) but in case of odd width, it resorts to the
default values, which were actually swapped.
The number of slices is modified to account for such odd width cases.
CC: libav-stable@libav.org
(cherry picked from commit
e878ec0d47cd6228c367b2f3128b76d7523f7255)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>