Michael Niedermayer
0e6febff5a
avcodec/ffv1enc: Allocate smaller packet if the worst case size cannot be allocated
...
We are checking during encoding if there is enough space as version 4 needs that
check.
Fixes Ticket6005
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 38a7834bbbmichael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
3f779aef79
avcodec/mpeg4videodec: Fix undefined shifts in mpeg4_decode_sprite_trajectory()
...
Fixes: part of 670190.ogg
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8258e36385michael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
35ef033a19
avformat/oggdec: Skip streams in duration correction that did not had their duration set.
...
Fixes: part of 670190.ogg
Fixes integer overflow
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ee2a6f5df8michael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Michael Niedermayer
aec21cd840
avcodec/ffv1enc: Fix size of first slice
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit cff1c0edaamichael@niedermayer.cc >
2016-12-11 00:21:53 +01:00
Marton Balint
47e47cfb07
ffplay: fix sws_scale possible out of bounds array access
...
As I used simple RGBA formats for subtitles and for the video texture if
avfilter is disabled I kind of assumed that sws_scale won't access data
pointers and strides above index 0, but apparently that is not the case.
Fixes Coverity CID 1396737, 1396738, 1396739, 1396740.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Marton Balint <cus@passwd.hu >
2016-12-10 23:24:05 +01:00
Srinath K R
314c425b16
avfilter/vf_hwupload_cuda: Add min/max limits for the 'device' option
...
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org >
2016-12-08 11:26:34 +01:00
Michael Niedermayer
148c4fb8d2
Update for 3.2.2
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-12-06 00:09:40 +01:00
Michael Niedermayer
c12ee64e80
ffserver: Check chunk size
...
Fixes out of array access
Fixes: poc_ffserver.py
Found-by: Paul Cher <paulcher@icloud.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5d25faa3fmichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
46cd1699f9
Avoid using the term "file" and prefer "url" in some docs and comments
...
This should make it less ambigous that these are URLs
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5f27a9c3amichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
32b95471a8
avformat/rtmppkt: Check for packet size mismatches
...
Fixes out of array access
Found-by: Paul Cher <paulcher@icloud.com >
Reviewed-by: Paul Cher <paulcher@icloud.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7d57ca4d9amichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Timothy Gu
f66bfe71bb
zmqsend: Initialize ret to 0
...
Fixes CID1396857.
(cherry picked from commit d903b4e3admichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
af1e19b9e4
avcodec/flacdec: Fix undefined shift in decode_subframe()
...
Fixes undefined behavior
Fixes: 639961-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 1f5630af51michael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
334901aea0
avcodec/get_bits: Fix get_sbits_long(0)
...
Fixes undefined behavior
Fixes: 640889-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c72fa43234michael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
bbe9a4b542
avformat/ffmdec: Check media type for chunks
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e706e2e775michael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
a772aaf5dc
avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
...
Fixes undefined behavior
Fixes: 640912-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 83a75bf6c3michael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
c39e8d05f5
avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
...
Fixes: left shift of negative value
Fixes: 668346-media
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit acc163c6abmichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
a0715c1e89
avformat/oggparsespeex: Check frames_per_packet and packet_size
...
The speex specification does not seem to restrict these values, thus
the limits where choosen so as to avoid multiplicative overflow
Fixes undefined behavior
Fixes: 635422.ogg
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit afcf15b0dbmichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
a0ed412f38
avformat/utils: Check start/end before computing duration in update_stream_timings()
...
Fixes undefined behavior
Fixes: 637428.ogg
Found-by: Matt Wolenetz <wolenetz@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 90da187f1dmichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
2fb7eb05dc
avcodec/flac_parser: Update nb_headers_buffered
...
Fixes infinite loop
Fixes: fuzz.flac
Found-by: Frank Liberato <liberato@google.com >
Reviewed-by: Frank Liberato <liberato@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2475858889michael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
8e4f737d2f
avformat/idroqdec: Check chunk_size for being too large
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 744a0b5206michael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
2d51cb1d0a
avcodec/me_cmp: Fix median_sad size
...
Fixes out of array read
Fixes: COV1396255
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit d9883ded34michael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
Michael Niedermayer
c165bad0c0
avformat/utils: Fix type mismatch
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a06e84b56emichael@niedermayer.cc >
2016-12-06 00:07:50 +01:00
James Almer
16aa8c8146
configure: check for strtoull on msvc
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit b52d3574d4
2016-12-05 19:20:59 -03:00
Ronald S. Bultje
e5be73e178
http: move chunk handling from http_read_stream() to http_buf_read().
...
(cherry picked from commit 845bb40178
2016-12-05 16:20:12 -05:00
Ronald S. Bultje
0e0a413725
http: make length/offset-related variables unsigned.
...
Fixes #5992 , reported and found by Paul Cher <paulcher@icloud.com >.
(cherry picked from commit 2a05c8f813
2016-12-05 16:20:12 -05:00
James Almer
c269c43a83
avcodec/aac_adtstoasc_bsf: validate and forward extradata if the stream is already ASC
...
Fixes ticket #5973
Reviewed-by: Hendrik Leppkes <h.leppkes@gmail.com >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 6e1902bab4
2016-11-25 18:51:00 -03:00
Andreas Cadhalpun
6f3e3cb8ba
Update Changelog
...
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:23:39 +01:00
Andreas Cadhalpun
d147114b9d
mss2: only use error correction for matching block counts
...
This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2
with coded_width/coded_height larger than width/height.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 2566ad98b0Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:22:19 +01:00
Andreas Cadhalpun
ad82036626
softfloat: decrease MIN_EXP to cover full float range
...
floats are not necessarily normalized, so a normalized softfloat needs
MIN_EXP lowered by 23 to cover that range.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 2d6f46d801Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:22:15 +01:00
Andreas Cadhalpun
a6a2d9d1e5
libopusdec: default to stereo for invalid number of channels
...
This fixes an out-of-bounds read if avc->channels is 0.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 8c8f543b81Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:22:11 +01:00
Andreas Cadhalpun
6ad2773142
flvdec: require need_context_update when changing codec id
...
Otherwise the codec context and codecpar might disagree on the codec id,
triggering asserts in av_parser_parse2.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 98b3a7979fAndreas.Cadhalpun@googlemail.com >
2016-11-25 22:22:07 +01:00
Andreas Cadhalpun
1dc59aaf61
pgssubdec: only set w/h/linesize when allocating data
...
Rects with positive w/h/linesize but no data are invalid.
Reviewed-by: Petri Hintukainen <phintuka@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 995512328eAndreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:52 +01:00
Andreas Cadhalpun
9aaddbf0ef
sbgdec: prevent NULL pointer access
...
Reviewed-by: Josh de Kock <josh@itanimul.li >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit dbefbb61b7Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:48 +01:00
Andreas Cadhalpun
e00fec907f
rmdec: validate block alignment
...
This fixes division by zero crashes.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit de4ded0636Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:44 +01:00
Andreas Cadhalpun
d8364f4e1d
smacker: limit recursion depth of smacker_decode_bigtree
...
This fixes segmentation faults due to stack-overflow caused by too deep
recursion.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 946ecd19eaAndreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:39 +01:00
Andreas Cadhalpun
7d0cc12a56
mxfdec: fix NULL pointer dereference in mxf_read_packet_old
...
Metadata streams have priv_data set to NULL.
Reviewed-by: Josh de Kock <josh@itanimul.li >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit fdb8c455b6Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:33 +01:00
Andreas Cadhalpun
de031809f3
ffmdec: validate codec parameters
...
A negative extradata size for example gets passed to memcpy in
avcodec_parameters_from_context causing a segmentation fault.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 1c7da19a4bAndreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:14 +01:00
Michael Niedermayer
6550d0580b
Update for 3.2.1
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-11-25 21:27:40 +01:00
Michael Niedermayer
dff4f58107
avformat/mpeg: Adjust vid probe threshold to correct mis-detection
...
Fixes: _ij.mp3
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4e5049a230michael@niedermayer.cc >
2016-11-23 20:29:31 +01:00
Michael Niedermayer
e9f3cc7fc7
avcodec/ass_split: Change order of operations in ass_split_section()
...
This matches the other branch
Fixes out of array read
Fixes: 4d142ca76d39fe685effcf5017098723/asan_heap-oob_31ae824_8611_348fdb64f9009b63c8a8eae9a0e497c5.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ae514b1254michael@niedermayer.cc >
2016-11-23 20:29:31 +01:00
James Almer
ee56777379
avcodec/rawdec: check for side data before checking its size
...
Fixes valgrind warnings about usage of uninitialized values.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 51e329918d
2016-11-19 23:50:37 -03:00
James Almer
3bd7ad58a7
avcodec/avpacket: fix leak on realloc in av_packet_add_side_data()
...
If realloc fails, the pointer is overwritten and the previously allocated
buffer is leaked, which goes against the expected behavior of keeping the
packet unchanged in case of error.
Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 574929d8b6
2016-11-19 20:24:54 -03:00
James Almer
f97bee9ad5
avformat/apngenc: use the stream parameters extradata if available
...
Fixes remuxing apng streams coming from the apng demuxer, which sends extradata
during init.
Signed-off-by: James Almer <jamrial@gmail.com >
2016-11-18 12:33:31 -03:00
James Almer
cf655d1643
Revert "apngdec: use side data to pass extradata to the decoder"
...
This reverts commit e0c6b32046jamrial@gmail.com >
(cherry picked from commit 16c429166d
2016-11-18 12:33:21 -03:00
Stefano Sabatini
31c9c7ad82
ffprobe: fix crash in case -of is specified with an empty string
...
Fix trac issue #5957 .
(cherry picked from commit 427a47abcdAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:51:21 +01:00
Martin Vignali
08f26d99b5
libavcodec/exr : fix channel size calculation for uint32 channel
...
uint32 need 4 bytes not 1.
Fix decoding when there is half/float and uint32 channel.
This fixes crashes due to pointer corruption caused by invalid writes.
The problem was introduced in commit
03152e74dfAndreas.Cadhalpun@googlemail.com >
(cherry picked from commit 52da3f6f70Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:37:05 +01:00
Andreas Cadhalpun
c7d38efbc2
exr: fix out-of-bounds read
...
channel_index can be -1.
This problem was introduced in commit
2dd7b46132onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit ffdc5d09e4Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:19:01 +01:00
Andreas Cadhalpun
cbc9d46066
libschroedingerdec: fix leaking of framewithpts
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 3c0328d58dAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:56 +01:00
Andreas Cadhalpun
2b863d4e9b
libschroedingerdec: don't produce empty frames
...
They are not valid and can cause problems/crashes for API users.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit a86ebbf7f6Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:53 +01:00
Andreas Cadhalpun
598016b85f
dds: limit 4 bpp handling to AV_PIX_FMT_PAL8
...
This fixes NULL pointer dereferencing for formats, where frame->data[1]
is not allocated.
The problem was introduced in commit
257fbc3af4onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 90ebf3c428Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:48 +01:00
