Casting the left-most byte to unsigned avoids an undefined
result of the shift by 24 if bit 7 is set.
yuvPlanartouyvy_c and yuvPlanartoyuy2_c are affected.
CC: libav-stable@libav.org
Bug-Id: CID 732281 / CID 732282
Also add a note about SNDCTL_DSP_GETFMTS which may fail even if OSS is
available.
CC: libav-stable@libav.org
Bug-Id: CID 1238992
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Having more than 10 consecutive frames decoded as mp3 should be
considered a clear signal that the sample is mp3 and not mpegps.
Reported-By: Florian Iragne <florian@iragne.fr>
CC: libav-stable@libav.org
The input packets are always assumed to be padded and
the av_fast_ family of function takes a pointer to a pointer.
Thanks to Nicolas Dufresne <nicolas.dufresne@collabora.com> for
a similar patch.
Introduced in 7b588bb691644e1b3c168b99accf74248a24e3cf.
Bug-Id: 766
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Fix linking when only a subset of vaapi decoders is enabled.
Bug-Id: 760
CC: libav-stable@libav.org
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Also use the same type for add_entry and check_size.
Bug-Id: CID 700699
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Vittorio Giovara <vittorio.giovarao@gmail.com>
If we throw away the buffered incomplete frame, make sure to also
throw away the buffered bits of an incomplete byte at the same
time.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit df07c07b3de0a5e8890078944de1eb5cb8372ef8)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
ff_mpv_common_init sets s->context_initialized.
This fixes decoding of h261 in the cases where the demuxer
hasn't already set the frame size.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 3bb465245fed6069512e6821000391beae8a6066)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
These have a DXSA tag and contain alpha in addition to
color values for palette.
Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 5a1addd7c1d8ff218ed4b84f4f02fdb83980094c)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
A failure in segment_end() or segment_start() would lead to freeing
a dangling pointer and in general further calls to seg_write_packet()
or to seg_write_trailer() would have the same faulty behaviour.
CC: libav-stable@libav.org
Reported-By: luodalongde@gmail.com
(cherry picked from commit b3f04657368a32a9903406395f865e230b1de348)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Fixes invalid writes when there are more blocks in a run than total
remaining blocks.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit d423dd72be451462c6fb1cbbe313bed0194001ab)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes invalid writes with very small image heights.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 0b39ac6f54505a538c21fe49a626de94c518c903)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The frame size must be set by the caller and each dimension must be a
multiple of 2.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8543
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 17ba719d9ba30c970f65747f42d5fbb1e447ca28)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The frame size must be set by the caller and each dimension must be a
multiple of 8.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8542
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 88626e5af8d006e67189bf10b96b982502a7e8ad)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes possible invalid memory access.
Based on code by Michael Niedermayer <michaelni@gmx.at>
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8541
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 809c3023b699c54c90511913d3b6140dd2436550)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
If a seek is requested before the decoding start there is no
current picture.
CC: libav-stable@libav.org
(cherry picked from commit 3e348ecfc6ab1830e43288a9e12e8f0a000afbcb)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The new reference.pnm is a freely licensed replacement. The photo has
been taken by Reinhard Tartler on August 28 2014, and is licensed under
the expat license as stated at http://www.jclark.com/xml/copying.txt
(cherry picked from commit 8895bf7b78650c0c21c88cec0484e138ec511a4b)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This convinces the pre-receive hook to not consider all *.pnm files as
text files to reduce the patch sizes and avoids triggering whitespace
checks,
Contains a correction by Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit 0f257e29c5520b215e573e7e3abde8e5a4743309)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The buffer pool has to atomically add and remove entries from the linked
list of available buffers. This was done by removing the entire list
with a CAS operation, working on it, and then setting it back again
(using a retry-loop in case another thread was doing the same thing).
This could effectively cause memory leaks: while a thread was working on
the buffer list, other threads would allocate new buffers, increasing
the pool's total size. There was no real leak, but since these extra
buffers were not needed, but not free'd either (except when the buffer
pool was destroyed), this had the same effects as a real leak. For some
reason, growth was exponential, and could easily kill the process due
to OOM in real-world uses.
Fix this by using a mutex to protect the list operations. The fancy
way atomics remove the whole list to work on it is not needed anymore,
which also avoids the situation which was causing the leak.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit fbd6c97f9ca858140df16dd07200ea0d4bdc1a83)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Also add no-op fallbacks when threading is disabled.
This helps keeping the code clean if Libav is compiled for targets
without threading. Since we assume that no threads of any kind are used
in such configurations, doing nothing is ok by definition.
Based on a patch by wm4 <nfxjfg@googlemail.com>.
(cherry picked from commit 2443e522f0059176ff8717c9c753eb6fe7e7bbf1)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
