Michael Niedermayer
934c315c20
avcodec/tscc: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 979bca5134michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
c9c3f1bc38
avcodec/rawdec: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5f0bc0215amichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
e86c933544
avcodec/msvideo1: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 161ccdaa06michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
63cd1b05ed
avcodec/qpeg: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 16793504dfmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
3d46ce10b6
avcodec/qtrle: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 7d196f2a5amichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
71f8f6dcc9
avcodec/msrle: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a6330119a0michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
e9042e9ff1
avcodec/kmvc: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2d99101d09michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
054c4b71a4
avcodec/idcinvideo: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a2b8dde659michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
f43f34cd68
avcodec/cinepak: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 121be31060michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
53f8e8388e
avcodec/8bps: Check side data size before use
...
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 042faa847fmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
acd2c3842c
avcodec/dvdsubdec: Fix off by 1 error
...
Fixes out of array read
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c92f55847amichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
1869ba95f6
avcodec/dvdsubdec: Fix buf_size check
...
Fixes out of array access
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 25ab1a65f3michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Ronald S. Bultje
e44f0fa939
vp9: change order of operations in adapt_prob().
...
This is intended to workaround bug "665 Integer Divide Instruction May
Cause Unpredictable Behavior" on some early AMD CPUs, which causes a
div-by-zero in this codepath, such as reported in Mozilla bug #1293996 .
Note that this isn't guaranteed to fix the bug, since a compiler is free
to reorder instructions that don't depend on each other. However, it
appears to fix the bug in Firefox, and a similar patch was applied to
libvpx also (see Chrome bug #599899 ).
(cherry picked from commit be885da342michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
0ccaf52fda
avcodec/interplayvideo: Check side data size before use
...
Fixes out of array read
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 85d23e5cbcmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
8a25a72770
avcodec/utils: Clear MMX state before returning from avcodec_default_execute*()
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4f96f9d111michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Moritz Barsnick
67a1940707
lavfi: fix typos
...
Signed-off-by: Moritz Barsnick <barsnick@gmx.net >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit f4e4bde1f4michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Ronald S. Bultje
c277b24173
videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations.
...
This can overread (either before start or beyond end) of the buffer in
Nx1 (i.e. height=1) images.
Fixes mozilla bug 1240080.
(cherry picked from commit 0f88b3f82fmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
45f5e17aa4
avformat/avidec: Check nb_streams in read_gab2_sub()
...
Fixes null pointer dereference
Fixes: 1/null_point.avi
Found-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 2679ad4773michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
b490cf4350
avformat/avidec: Remove ancient assert
...
This assert can with crafted files fail, a warning is already printed
for this case.
Fixes assertion failure
Fixes:1/assert.avi
Found-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 14bac7e00dmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
a672688086
avcodec/ansi: Check dimensions
...
Fixes: 1.avi
Found-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 69449da436michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
6438fb1340
avcodec/cavsdsp: use av_clip_uint8() for idct
...
Fixes out of array read
Fixes: 1.swf
Found-by: 连一汉 <lianyihan@360.cn >
Tested-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 0e318f110bmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Xinzheng Zhang
d4585d44c4
avformat/utils: fix timebase error in avformat_seek_file()
...
When there is only one stream and stream_index has not specified,
The ts has been transferd by the timebase of stream0 without modifying the stream_index
In this condation it cause seek failure.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit ecc04b4f2fmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
9243dbb559
avcodec/g726: Add missing ADDB output mask
...
Fixes: 1.poc
Fixes out of array read
Found-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5af1240fcmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
f58794261e
avcodec/avpacket: clear side_data_elems
...
Fixes null pointer dereference
Found-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 5e1bf9d8c0michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
f978601433
swscale/swscale_unscaled: Try to fix Rgb16ToPlanarRgb16Wrapper() with slices
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e57d99dd4emichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
463c859693
swscale/swscale_unscaled: Fix packed_16bpc_bswap() with slices
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 47bc1bdafbmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
1c55151813
avformat/avidec: Fix infinite loop in avi_read_nikon()
...
Fixes: 360/test.poc
Found-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e4e4a9cad7michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Tobias Rapp
f1b8807dae
cmdutils: fix implicit declaration of SetDllDirectory function
...
Pre-processor check changed by commiter.
Signed-off-by: James Almer <jamrial@gmail.com >
(cherry picked from commit c32ce247a0michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
James Almer
afcede09b6
cmdutils: check for SetDllDirectory() availability
...
It's only available on Windows XP or newer.
Should fix compilation with mingw32 using the default OS target.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc >
Signed-off-by: James Almer <jamrial@gmail.com >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
ea1d555e5d
libavcodec/wmalosslessdec: Check the remaining bits
...
Fixes assertion failure
Fixes: 24ebfda03228b5cc1ef792608cfba458/signal_sigabrt_7ffff6ae7c37_6473_3fa8a111dbc752b1a7c411c5ab79aaa4.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 67318187fbmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
d28e753895
avcodec/diracdec: Check numx/y
...
Fixes division by 0
Fixes: 60261c4469ba3e11059890fb2832a515/asan_generic_135e694_2790_beb94eaa0aeb7d11c0437375a8964a99.drc
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a31e08fa1amichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
4d94486e7e
avcodec/indeo2: check ctab
...
Fixes out of array access
Fixes: 6b73fa392ac808f02e95a4e0a5770026/asan_static-oob_1b15f9a_1969_e7778535e5f27225fe0d6ded14721430.AVI
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 9ffe44c5c7michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
46ecb01f62
avformat/swfdec: Fix inflate() error code check
...
Fixes infinite loop
Fixes endless.poc
Found-by: 连一汉 <lianyihan@360.cn >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a453bbb68fmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Hendrik Leppkes
aa54f09262
cmdutils: remove the current working directory from the DLL search path on win32
...
Reviewed-by: Matt Oliver <protogonoi@gmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 3bf142c773michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
9a3d09e2c9
avcodec/raw: Fix decoding of ilacetest.mov
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bbec14de31michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
68d22a7caa
avformat/oggdec: Fix integer overflow with invalid pts
...
If negative pts are possible for some codecs in ogg then the code needs to be
changed to use signed values.
Found-by: Thomas Guilbert <tguilbert@google.com >
Fixes: clusterfuzz_usan-2016-08-02
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit c5cc3b08e5michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Kacper Michajłow
94fb2fba76
libavformat/rtpdec_asf: zero initialize the AVIOContext struct
...
This fixes crash in avformat_open_input() when accessing
protocol_whitelist field.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit e947b75b1cmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Kacper Michajłow
b0453449fd
libavutil/opt: Small bugfix in example.
...
Fix const corectness and zero init the struct. This example code would actually crash when initializing string.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 69630f4d30michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Sasi Inguva
08ab94e6a6
libx264: Increase x264 opts character limit to 4096
...
Signed-off-by: Sasi Inguva <isasi@google.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 282477bf45michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
d7ab6e93a6
avformat/mov: Check sample size
...
Fixes integer overflow
Fixes: poc.mp4
Found-by: ajax secure <ajax4sec@hotmail.com >
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 8a3221cc67michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
a36a7d3b43
avformat/format: Fix registering a format more than once and related races
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 4cc896ea5fmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
a21a9f9d0b
avcodec/mpc8: Correct end truncation
...
Fixes Ticket5478
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit b21f674876michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
ec704dc779
avcodec/mpegvideo: Do not clear the parse context during init
...
It is allocated before, this cannot work
Fixes Ticket5613
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 24f5136196michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
ff2df4056c
avcodec/utils: check skip_samples signedness
...
Fixes Ticket5528
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 153ab83bd3
2017-08-23 13:15:16 +02:00
Michael Niedermayer
df12a24235
avformat/mpegts: Do not trust BSSD descriptor, it is sometimes not an S302M stream
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit a5eb70ad95
2017-08-23 13:15:16 +02:00
Michael Niedermayer
95eaa6af1d
avcodec/bmp_parser: Check fsize
...
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 43a4276c69michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
c3d08784fd
avcodec/bmp_parser: reset state
...
Fixes part of ticket 5598
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 37005e65ebmichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
987360e769
avcodec/bmp_parser: Fix remaining size
...
Fixes part of ticket 5598
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit 250b620d29michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
ede92da7a6
avcodec/bmp_parser: Fix frame_start_found in cross frame cases
...
Fixes part of ticket 5598
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit bfe945ac3amichael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
Michael Niedermayer
0fb30a9744
avfilter/af_amix: dont fail if there are no samples in output_frame()
...
Fixes Ticket5326
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc >
(cherry picked from commit abc957e896michael@niedermayer.cc >
2017-08-23 13:15:16 +02:00
