Fixes assertion failure
Found-by: durandal117
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28343139330f557e00293933a4697c7d0fc19c56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit deabcd2c05b2b01689d91394bbf3908da17234ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When there is only one stream and stream_index has not specified,
The ts has been transferd by the timebase of stream0 without modifying the stream_index
In this condation it cause seek failure.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ecc04b4f2f29ac676e6c1d1ebf20ec45f5385f1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1.poc
Fixes out of array read
Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5af1240fce845f645440364c1335e0f8e44ee6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is simpler and fixes an out of array read, fixing it with AVBuffers
would be more complex
Fixes: e00d9e6e50e5495cc93fea41147b97bb/asan_heap-oob_12dcdbb_8798_b32a97ea722dd37bb5066812cc674552.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 752e6dfa3ea97e7901870bdd9e5a51f860607240)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: 1642cd3962249d6aaf0eec2836023fb6/signal_sigsegv_2557a72_2995_04efaf2ff57a052f609a3b4a2ea4e622.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d3099ad8ee67a4612633ea02c7fce10e5537579)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
we need to check that (count + 1) won't cause overflow.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 347cb14b7cba7560e53f4434b419b9d8800253e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e57d99dd4e0d8fe2992da0d65b563580e35ce728)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47bc1bdafb0950ccf128eaa491d8fd7cc0978813)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5800
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c75273310cf1becffee79bab0e2bba0b1606afb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Replace uses of atoi() with strtoll() when trying to read values into
int64_t variables.
Fixes Kodi trac #16926:
http://trac.kodi.tv/ticket/16926
(cherry picked from commit a6f5e25ad989550dff9493311d6ba08d882df079)
They may contain 0xFFs, confusing the start code finding algorithm.
Fixes ticket #5819.
(cherry picked from commit cef5bc0e6e2320d3903cf063d59cef83e91dbc3c)
This also disabled the case of mixed x/ymin with tiles, the code
handles these cases inconsistent for the 2 coordinate axis and is
unlikely working correctly.
Fixes crash
Fixes: poc1.exr, poc2.exr
Found-by: Yaoguang Chen of Aliapy unLimit Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01aee8148d4fa439cce678a11f5110656c98de1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes occurance of NaN/Inf leading to assertion failures and out of array access
Fixes: d1c38a09acc34845c6be3a127a5aacaf/signal_sigsegv_3982225_6121_d18bd5451d4245ee09408f04badd1b83.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77bf96b04710b98a52aaddb93bfd32da0d506191)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: 049fdf78565f1ce5665df236d90f8657/asan_heap-oob_10a5a97_1026_42f9d4855547329560f385768de2f3fb.wtv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cc5e5548df4af48674c7aef518e831b19e99f9fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: f29f134ea5f5590df554a7733294a587/asan_stack-oob_309d14e_9188_ea01743d6355aff20530f3d4cdaa841a.wav
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2a9a30fd6a2914197ae42ee67703a1471fac2eb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: 09f46aa2175cade93e3e3932646a56a9/asan_heap-oob_4a5385_2995_498f6abfdc0248288cefe5f4b7ad316c.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2624695484cde26baedac10192856ebfd97f2cc7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: <durandal_1707>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15dd56c093be480e719d7bbc39f8dbddb586694d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes several regressions in h.264
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 528171ba84b24830b74d9c19dd957ac3609f7270)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reading it from any other position would result in a wrong size being
read, instead fallback to the re-sync mechanic in the else clause.
(cherry picked from commit c3e9b098e12b8932693361625d4a69bc30583d9a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
We know the maximum size of an AnnexB NAL, signaling it as the maximum
NAL size allows ff_h2645_extract_rbsp to determine the correct size.
(cherry picked from commit 83a940e7fb9640954d631870e2ec6e8b3fc528ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f10ea03df3dd1c15e3a957ca0aba528251438a79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The implementation does not currently support len=2
Fixes out of array accesses
Fixes: 29d1b3db5ba2205e82b0b3a533e057a3/asan_heap-oob_12b650c_9254_3b8c4e4d931eb2c32841c18ebb297f1d.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8b36717217c6f45db71c77ad4e7c65521e7d9ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 6b73fa392ac808f02e95a4e0a5770026/asan_static-oob_1b15f9a_1969_e7778535e5f27225fe0d6ded14721430.AVI
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffe44c5c75c485b4cbb12751e228f18da219df3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes use of uninitialized memory
Fixes: 044100cb22845944988a4bd821ff8074/asan_heap-oob_329927a_1366_c3de34ce9217dac820fbb46171031bbb.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 382a68b0088b06b8df20d0133d767d53d8f161ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The parser changes have lost the support for the needed padding, this adds it back
Fixes out of array reads
Fixes: 03ea21d271abc8acf428d42ace51d8b4/asan_heap-oob_3358eef_5692_16f0cc01ab5225e9ce591659e5c20e35.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cc13bc8c4f0f4afa30d0b94c3f3a369ccd2aaf0b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5720
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 369ed11e3c8acc08db39fb2ed4e980a918cab61e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It's only available on Windows XP or newer.
Should fix compilation with mingw32 using the default OS target.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
Reviewed-by: Matt Oliver <protogonoi@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3bf142c77337814458ed8e036796934032d9837f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: poc.swf
Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6aa39080ccea2b60433e920417844c3a3c0da50b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bbec14de3126dbc4e1ec2b32ed714dab173386aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5689
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 803c058a6f0c835c3094621d03d6e8c02565f28e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This will be useful when the amount of streams per subdemuxer is not
known at hls_read_header time in a following commit.
(cherry picked from commit 9884f17e343b37aef442fafa05bd0113cdf47087)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This will avoid a large time difference between variants in the most
common case.
(cherry picked from commit 4d85069e5dff37e4a9904767242b47e14cf62a9c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Commit 81306fd4bdf ("hls: eliminate ffurl_* usage", merged in d0fc5de3a6)
changed the hls demuxer to use AVIOContext instead of URLContext for its
HTTP requests.
HLS demuxer uses the "offset" option of the http demuxer, requesting
the initial file offset for the I/O (http URLProtocol uses the "Range:"
HTTP header to try to accommodate that).
However, the code in libavformat/aviobuf.c seems to be doing its own
accounting for the current file offset (AVIOContext.pos), with the
assumption that the initial offset is always zero.
HLS demuxer does an explicit seek after open_url to account for cases
where the "offset" was not effective (due to the URL being a local file
or the HTTP server not obeying it), which should be a no-op in case the
file offset is already at that position.
However, since aviobuf.c code thinks the starting offset is 0, this
doesn't work properly.
This breaks retrieval of ranged media segments.
To fix the regression, just drop the seek call from the HLS demuxer when
the HTTP(S) protocol is used.
(cherry picked from commit 9cb30f7a880578e995becbd8bf9ffb69788e09a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
