Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4b15bba2aec93776bfdc69a1bca42a4795a7d191)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
all values before 2.5 seem to be filled in now
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8c8ee17e8d2800144116ec52f26a435a06b49420)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0d64982828aee5f3495a71050e4930fa2898ca15)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
also add deprecation note for avcodec_get_pix_fmt_loss(), avcodec_find_best_pix_fmt_of_2()
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f7a1c5e4d2294a8970ede7f6deb2fe0a64e202a5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bbdd940f36662d4b6156464b1bda5131fc382465)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f30798584fd9709e83644f831107fdc9e26b1311)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket4278
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95d04690aa4f43f6b61640713a11a9649cbf85e9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The vec_ste calls were mistakenly changed to vec_vsx_st in c5ca76a, which
caused stack smashing.
Changing them back fixes crashes on ppc64el, when configured with
--toolchain=hardened.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 840c3c05316a59c70a7470ed27aaa9c2f3ba410a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 03abf55f252945c70f4a79eaf4d609cee4d98710)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: misdetection of test2.mp3
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e15b29bb18bee8b65fab5a3c873540e01fd20afe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If we throw away the buffered incomplete frame, make sure to also
throw away the buffered bits of an incomplete byte at the same
time.
(cherry picked from commit df07c07b3de0a5e8890078944de1eb5cb8372ef8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a66893ac949864352b36b39e48c4cd72bbd81e54)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The frame_rate update was missing leaving the output frame rate
wrong.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a46a23d30fea9c8a5570e07ec4d9c9b4eaa6eb4f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is required as the location of this field could change and is
specified in libavformat not avdevice
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba97cf2c4562b60fbef89103b61516891e31845e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Check memory earlier, check one more allocation and clean up on error.
CC: libav-stable@libav.org
Bug-Id: CID 1257773
(cherry picked from commit 014b6b416fec89777cb9cff61bcf7896eaf7cf39)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The altivec optimizations on little endian ppc64 don't work without vsx.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6108485cf70f04dbf4708bd84ce749da871fa3f1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1260704
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e172f5e53ae4dbbcdcf81c9a3b962dc9f5a8a98d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If refdata was NULL, the memcpy() ended up copying the same memory
block onto itself, which is not only pointless, but also undefined
behavior.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 921706691a87c3ea5f5b92afd9b423e5f8c6e9d9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It uses at least sin().
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f97f2a3527eac2cf60ba86206d1bae9a970a7e71)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7824dc5150c0ea44ffa7cd4d57803f9a9697e7d7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The parser must always set the out_size and out_data pointers. The API
seems to require it, and the common code in parser.c also relies on it.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b88e80589bd11ef935a5e9dab53d4edb00de16e4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids printing uninitialized bytes if no error message is set
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6d1a2efb8ac399a003ea7d3b6f8c641d192567ee)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
dvdsub_decode() can call append_to_cached_buf() 2 times, the second time
with ctx->buf as argument. If the second append_to_cached_buf() reallocs
ctx->buf, the argument will be a pointer to the previous, freed block.
This can cause invalid reads at least with some fuzzed files - and
possibly with valid files.
Since packets can apparently not be larger than 64K (even if packets are
combined), just use a fixed size buffer. It will be allocated as part of
the DVDSubContext, and although some memory is "wasted", it's relatively
minimal by modern standards and should be acceptable.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 816577716bc6170bccfea3b9e865618b69a4b426)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Attemtping to decode them could lead to invalid writes with some fuzzed
samples.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bcaa9099b3648b47060e1724a97dc98b63c83702)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit db27f50e0658e91758e8a17fdcf390e6bc93c1d2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 369b4cd4120bf67aa5187b6bc72574970a24ca22)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bbfca8e84b0e69abba523d665536c0135fc1c00e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e70e4aca50696040cc9256ec96e5c31d9641432)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 383c6a3a07b71981bd32d083496f5a4935f620f9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 145a84717b62e086cdb5f26649ad9f1b51ef38d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The previous code assumed if an atom was marked with a 64-bit
size extension, it actually had that data available. The new
code verfies there's enough data in the atom for this to be
done.
Failure to verify causes total_size > atom.size which will
result in negative size calculations later on.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3ebd76a9c57558e284e94da367dd23b435e6a6d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Under abnormal conditions the item_count may exceed the max
allocation size on 32-bit systems, this causes the allocated
size to overflow and become too small for the given count.
Additionally, if av_reallocp() fails its allocation, the
fragment_index_count is not correctly decremented.
Ensuring further havoc may be wrought, the error code for
read_tfra() is not checked upon return.
Found-by: Paul Mehta <paul@paulmehta.com>
positive return code and use of _array functions by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit db42d93a61be26873be6115c57f5921b4dfdec14)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code previously added 1 to len without checking its size,
resulting in an overflow which can corrupt value[-1] -- which
may be used to store unaligned ptr information for certain
allocators.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
The code blindly trusted buffer offsets read from the file in the RLE
decoder. Explicitly check the offset. Also error out on other RLE
decoding errors.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c9151de7c42553bb145be608df8513c1287f1f24)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array reads
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9bff052b51f27f6cce04e8d7d8b405c710d7ad67)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Such data streams (which then contain no other packets except the faulty one)
confuse some user applications, like VLC
Works around vlcticket 12389
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 322f0f5960a743cac47252d90a0f1ea7a025feff)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3eb5cbe0c50d0a0bbe10bcabbd6b16d73d93c128)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 68fa549230af35179df2a2af2bdb84ee6c825bed)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The RTP muxer enables the actual codepaths within sdp.c,
which depend on hevc.o since e5cfc8fd.
This fixes builds with --disable-everything --enable-muxer=rtp.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit fccfc22d1f304aef42a0b960e4c1d55ce67107f5)
