When decoding succeeded the array is copied into the permanent one.
This prevents inconsistencies
Fixes assertion failure
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c40f51e15b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 11c3381ce3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes inconsistency ultimately leading to an out of array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 746016598d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 10ece44d09)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f861d16355f_1664_File1_fixed.aac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6433b393ba)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 66e9716a36)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This prevents out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91fd754c6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Other dimensions would not work correctly currently,
also ask for a sample for files that fail this check.
This fixes an integer overflow leading to out of array
accesses.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e00bbb10c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes division by zero
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a527e69259)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ead590c256)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f96e0eb238)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The specification wants round(abs(x))) * sign(x) which is
equivakent to round(x)
Fixes out of array access
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f18d2dff11)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e756635964)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
No valid samples i found use such copies
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bdfe60c769)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fb3e3808ae)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If a reference is unavailable use a field from the current
picture
Fixes null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 23daee0dcc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4c8ce750ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This occurs also with valid files.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ae484e350)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These occur when no context is set for example, thus they are common
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a044a183a3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes incorrectly set error_occured and improves speed
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 90539cea33)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
20 ms is used by libopus encoder.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 74906d3727)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This code changes the input packet, which is read only and can in
rare circumstances lead to decoder errors. (i run into one of these in
the audio decoder, which corrupted the packet during av_find_stream_info()
so that actual decoding that single packet failed later)
Until a better fix is implemented, this commit limits the problem.
A better fix might be to make the subtitle decoders not depend on
data[size] = 0 or to copy their input when this is not the case.
(cherry picked from commit 01923bab98)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The not handling of frame gaps has lead to the lack of a dummy reference
frame, which has lead to the failure of decode_slice_header() which has
lead to one SEI recovery message being skiped which had introduced a
slightly suboptimal recovery point for at least 1 h264 file compared to
JM.
Found-by: Carl & BugMaster
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e5ef1c5c3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1108610
Fixes use of uninitialized variable
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2d8ccf0adc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes potential overreads with crafted files.
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 838f461b07)
Conflicts:
libavcodec/utils.c
Fixes out of bounds access
Fixes CID732170
Fixes CID732169
No filter is known to use this function in a way so the issue can be reproduced.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ab2bfb85d4)
Conflicts:
libavfilter/avfilter.c
(cherry picked from commit 86591b244f3a27293153896813f5569b49b2f5c0)
Conflicts:
libavfilter/avfilter.c
Fixes crash with carefuly designed files.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit a27227d401)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The header parser uses forward and backward parsing, making the
bulletproof prevention of loops difficult, thus this simple
detection code.
If someone improves the forward/backward parsing so it cannot loop
then this commit should be reverted
Fixes Ticket3278
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c010fd035)
Some muxers store invalid timestamps there, which breaks seeking
Fixes Ticket2739
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5e0c7eab2a)
Include the freetype header, in-directly through a macro, like it
is done in the drawtext filter. Do not break if the header is moved.
Unfortunately the drawtext filter included the file where the include
macros are defined in a wrong way. This is not needed and breaks the
build. Remove that #include line too.
(cherry picked from commit cea5812fa7)
Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
Conflicts:
configure
This fixes an assertion failure and regression and restores previous behaviour
Fixes Ticket3197
An alternative would be to fail hard in this case and refuse to mux such data.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit de2a2caf4d)
Fixes ticket #2835.
Signed-off-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6da21c1f81)
Conflicts:
tests/ref/lavf/wtv
tests/ref/seek/lavf-wtv
