Andreas Cadhalpun
9aaddbf0ef
sbgdec: prevent NULL pointer access
...
Reviewed-by: Josh de Kock <josh@itanimul.li >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit dbefbb61b7Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:48 +01:00
Andreas Cadhalpun
e00fec907f
rmdec: validate block alignment
...
This fixes division by zero crashes.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit de4ded0636Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:44 +01:00
Andreas Cadhalpun
d8364f4e1d
smacker: limit recursion depth of smacker_decode_bigtree
...
This fixes segmentation faults due to stack-overflow caused by too deep
recursion.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 946ecd19eaAndreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:39 +01:00
Andreas Cadhalpun
7d0cc12a56
mxfdec: fix NULL pointer dereference in mxf_read_packet_old
...
Metadata streams have priv_data set to NULL.
Reviewed-by: Josh de Kock <josh@itanimul.li >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit fdb8c455b6Andreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:33 +01:00
Andreas Cadhalpun
de031809f3
ffmdec: validate codec parameters
...
A negative extradata size for example gets passed to memcpy in
avcodec_parameters_from_context causing a segmentation fault.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 1c7da19a4bAndreas.Cadhalpun@googlemail.com >
2016-11-25 22:21:14 +01:00
Michael Niedermayer
6550d0580b
Update for 3.2.1
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
2016-11-25 21:27:40 +01:00
Michael Niedermayer
dff4f58107
avformat/mpeg: Adjust vid probe threshold to correct mis-detection
...
Fixes: _ij.mp3
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4e5049a230michael@niedermayer.cc >
2016-11-23 20:29:31 +01:00
Michael Niedermayer
e9f3cc7fc7
avcodec/ass_split: Change order of operations in ass_split_section()
...
This matches the other branch
Fixes out of array read
Fixes: 4d142ca76d39fe685effcf5017098723/asan_heap-oob_31ae824_8611_348fdb64f9009b63c8a8eae9a0e497c5.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ae514b1254michael@niedermayer.cc >
2016-11-23 20:29:31 +01:00
James Almer
ee56777379
avcodec/rawdec: check for side data before checking its size
...
Fixes valgrind warnings about usage of uninitialized values.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 51e329918d
2016-11-19 23:50:37 -03:00
James Almer
3bd7ad58a7
avcodec/avpacket: fix leak on realloc in av_packet_add_side_data()
...
If realloc fails, the pointer is overwritten and the previously allocated
buffer is leaked, which goes against the expected behavior of keeping the
packet unchanged in case of error.
Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit 574929d8b6
2016-11-19 20:24:54 -03:00
James Almer
f97bee9ad5
avformat/apngenc: use the stream parameters extradata if available
...
Fixes remuxing apng streams coming from the apng demuxer, which sends extradata
during init.
Signed-off-by: James Almer <jamrial@gmail.com >
2016-11-18 12:33:31 -03:00
James Almer
cf655d1643
Revert "apngdec: use side data to pass extradata to the decoder"
...
This reverts commit e0c6b32046jamrial@gmail.com >
(cherry picked from commit 16c429166d
2016-11-18 12:33:21 -03:00
Stefano Sabatini
31c9c7ad82
ffprobe: fix crash in case -of is specified with an empty string
...
Fix trac issue #5957 .
(cherry picked from commit 427a47abcdAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:51:21 +01:00
Martin Vignali
08f26d99b5
libavcodec/exr : fix channel size calculation for uint32 channel
...
uint32 need 4 bytes not 1.
Fix decoding when there is half/float and uint32 channel.
This fixes crashes due to pointer corruption caused by invalid writes.
The problem was introduced in commit
03152e74dfAndreas.Cadhalpun@googlemail.com >
(cherry picked from commit 52da3f6f70Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:37:05 +01:00
Andreas Cadhalpun
c7d38efbc2
exr: fix out-of-bounds read
...
channel_index can be -1.
This problem was introduced in commit
2dd7b46132onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit ffdc5d09e4Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:19:01 +01:00
Andreas Cadhalpun
cbc9d46066
libschroedingerdec: fix leaking of framewithpts
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 3c0328d58dAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:56 +01:00
Andreas Cadhalpun
2b863d4e9b
libschroedingerdec: don't produce empty frames
...
They are not valid and can cause problems/crashes for API users.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit a86ebbf7f6Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:53 +01:00
Andreas Cadhalpun
598016b85f
dds: limit 4 bpp handling to AV_PIX_FMT_PAL8
...
This fixes NULL pointer dereferencing for formats, where frame->data[1]
is not allocated.
The problem was introduced in commit
257fbc3af4onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 90ebf3c428Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:48 +01:00
Andreas Cadhalpun
a2c7840a6b
mlz: limit next_code to data buffer size
...
This fixes a heap-buffer-overflow detected by AddressSanitizer.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 1abcd972c4Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:42 +01:00
Andreas Cadhalpun
c8f5154fc1
softfloat: handle -INT_MAX correctly
...
This is similar to commit 9ac61e73d0michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 0edd569466Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:35 +01:00
Andreas Cadhalpun
b526958ca4
filmstripdec: correctly check image dimensions
...
This prevents a division by zero in read_packet.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 25012c5644Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:18:29 +01:00
Andreas Cadhalpun
039a3e6db8
pnmdec: make sure v is capped by maxval
...
Otherwise put_bits can be called with a value that doesn't fit in the
sample_len, causing an assertion failure.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit cdb5479c9dAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:17:58 +01:00
Andreas Cadhalpun
d8affeea82
smvjpegdec: make sure cur_frame is not negative
...
This fixes a heap-buffer-overflow detected by AddressSanitizer.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 360bc0d90aAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:17:20 +01:00
Andreas Cadhalpun
1615d83dcf
icodec: correctly check avio_read return value
...
It can read less than the requested amount, in which case buf contains
uninitialized data, causing problems like segmentation faults later on.
Also make sure that image->size is positive, so that it can't match a
negative error code.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 89eb398c7fAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:16:48 +01:00
Andreas Cadhalpun
41359d381a
icodec: fix leaking pkt on error
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 467eece1beAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:16:43 +01:00
Andreas Cadhalpun
581cce0cca
dvbsubdec: fix division by zero in compute_default_clut
...
This problem was introduced in commit
4b90dcb849michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit c82b8ef0e4Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:15:52 +01:00
Andreas Cadhalpun
1ed4b52732
proresdec_lgpl: explicitly check coff[3] against slice_data_size
...
The implicit checks via v_data_size and a_data_size don't work in the case
'(hdr_size > 7) && !ctx->alpha_info'.
This fixes segmentation faults due to invalid reads.
This problem was introduced in commit
547c2f002amichael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 1e33035ee7Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:15:47 +01:00
Andreas Cadhalpun
72a2d6ff56
escape124: reject codebook size 0
...
It causes a cb_depth of 32, leading to assertion failures in get_bits.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 226d35c845Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:15:42 +01:00
Andreas Cadhalpun
9dee25fbc7
mpegts: prevent division by zero
...
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 1bbb18fe82Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:15:07 +01:00
Andreas Cadhalpun
fa24e3780b
matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header
...
The code assumes that s->streams[0] is valid.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit ff100c9dd9Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:14:52 +01:00
Andreas Cadhalpun
1e4979f780
mpegaudio_parser: don't return AVERROR_PATCHWELCOME
...
The API does not allow returning AVERROR codes.
It triggers an assert in av_parser_parse2.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 5249706e9dAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:14:01 +01:00
Andreas Cadhalpun
c11fd9de76
mxfdec: fix NULL pointer dereference
...
Metadata streams have priv_data set to NULL.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 0efb610611Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:13:29 +01:00
Andreas Cadhalpun
c72ac9ffd0
lzf: update pointer p after realloc
...
This fixes heap-use-after-free detected by AddressSanitizer.
Reviewed-by: Luca Barbato <lu_zero@gentoo.org >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit bb6a7b6f75Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:13:19 +01:00
Andreas Cadhalpun
31cebfe789
diracdec: check return code of get_buffer_with_edge
...
If it fails, buffers aren't allocated, causing NULL pointer dereferencing.
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit db79dedb1aAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:13:14 +01:00
Andreas Cadhalpun
b9a24cee3b
diracdec: clear slice_params_num_buf on allocation failure
...
Otherwise it can be non-zero next time decode_lowdelay is called, causing
slice_params_buf not to be allocated, leading to a NULL pointer dereference.
The problem was introduced in commit
dcad4677d6atomnuker@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 24d20496d2Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:13:05 +01:00
Andreas Cadhalpun
08b1fd6afb
diracdec: use correct buffer for slice_params_buf realloc
...
This fixes a double-free detected by AddressSanitizer.
The problem was introduced in commit
dcad4677d6atomnuker@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 8a4ea96448Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:12:58 +01:00
Andreas Cadhalpun
35cb0c47bc
ppc: pixblockdsp: do unaligned block accesses correctly again
...
This was broken by the following Libav commit:
4c387c7#5508 .
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 3932ccc472Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:12:50 +01:00
Andreas Cadhalpun
dc2942bbc8
avformat: close parser if codec changed
...
The parser depends on the codec and thus must not be used with a different one.
If it is, the 'avctx->codec_id == s->parser->codec_ids[0] ...' assert in
av_parser_parse2 gets triggered.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit f84ae3f04aAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:12:43 +01:00
Andreas Cadhalpun
35db873534
fate: add streamcopy test for apng
...
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 719c15aa9aAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:12:33 +01:00
Andreas Cadhalpun
3e33685892
apngdec: use side data to pass extradata to the decoder
...
Fixes remuxing apng streams coming from the apng demuxer.
This is a regression since 940b8908b9jamrial@gmail.com >
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit e0c6b32046Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:12:29 +01:00
Andreas Cadhalpun
d95568f9a2
mov: immediately return from mov_fix_index without old index entries
...
If there are no index entries, e_old = st->index_entries is only one
byte large, since it was created by av_realloc called with size 0.
Thus accessing e_old[0].timestamp causes a heap buffer overflow.
Reviewed-by: Sasi Inguva <isasi@google.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 9d83b209d8Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:12:23 +01:00
Andreas Cadhalpun
6e5ccabbe8
interplayacm: increase bitstream buffer size by AV_INPUT_BUFFER_PADDING_SIZE
...
This fixes out-of-bounds reads by the bitstream reader.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 60178e78f2Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:12:09 +01:00
Andreas Cadhalpun
266cf258cc
interplayacm: validate number of channels
...
The number of channels is used as divisor in decode_frame, so it must
not be zero to avoid SIGFPE crashes.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 5540d6c134Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:11:57 +01:00
Andreas Cadhalpun
c90d521f16
interplayacm: check for too large b
...
This fixes out-of-bounds reads.
Reviewed-by: Paul B Mahol <onemda@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 14e4e26559Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:11:49 +01:00
Andreas Cadhalpun
346fa70bb8
doc: fix spelling errors
...
Reviewed-by: Lou Logan <lou@lrcd.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 1e660fe88dAndreas.Cadhalpun@googlemail.com >
2016-11-17 23:11:34 +01:00
Andreas Cadhalpun
e92f585bd9
configure: make sure LTO does not optimize out the test functions
...
Fixes trac ticket #5909
Bud-Id: https://bugs.gentoo.org/show_bug.cgi?id=598054
Acked-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 890eb3d7c4Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:11:29 +01:00
Andreas Cadhalpun
e622d7723b
fate: add apng encoding/muxing test
...
Also test the fallback to png creation for a single frame.
Reviewed-by: James Almer <jamrial@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 97792e85c3Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:11:22 +01:00
Andreas Cadhalpun
1af7ddecda
apng: use side data to pass extradata to muxer
...
This fixes creating apng files, which is broken since commit
5ef1959080jamrial@gmail.com >
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com >
(cherry picked from commit 940b8908b9Andreas.Cadhalpun@googlemail.com >
2016-11-17 23:11:12 +01:00
Michael Niedermayer
b9a0172260
avcodec/mpeg4videodec: Workaround interlaced mpeg4 edge MC bug
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2c9106257fmichael@niedermayer.cc >
2016-11-17 12:47:40 +01:00
Michael Niedermayer
3f6aae377a
avcodec/mpegvideo: Fix edge emu buffer overlap with interlaced mpeg4
...
Fixes Ticket5936
Regression since c5fc8ae126michael@niedermayer.cc >
(cherry picked from commit 85407c7e63michael@niedermayer.cc >
2016-11-17 12:47:40 +01:00
