* khirnov/release/0.7: (64 commits)
rv34: Check for invalid slice offsets
rv34: Fix potential overreads
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
oggdec: fix out of bound write in the ogg demuxer
Fixed size given to init_get_bits().
smacker: fix a few off by 1 errors
Check for invalid VLC value in smacker decoder.
Check and propagate errors when VLC trees cannot be built in smacker decoder.
Fixed off by one packet size allocation in the smacker demuxer.
Check for invalid packet size in the smacker demuxer.
ape demuxer: fix segfault on memory allocation failure.
xan: Add some buffer checks (cherry picked from commit 0872bb23b4bd2d94a8ba91070f706d1bc1c3ced8)
Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6aaaf8c2dda4eb5d676974c349fae85)
smacker demuxer: handle possible av_realloc() failure.
Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9b97c4cc3684ba91a040e90bfc760d2)
indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c3add86ece7ca595ea6c4a10b471055)
indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd479111db9cb7649d7530ad59f04cc8)
...
Conflicts:
ffmpeg.c
libavdevice/alsa-audio.h
libavformat/gxf.c
libswscale/x86/swscale_template.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Unlike other containers RealMedia stores its audio packets in scrambled form,
with interleaver ID preceeding audio codec ID. Currently deinterleaving
decision is tied to the codec while it's possible to have non-default
deinterleaver with audio codec (like Int0 deinterleaver instead of specific
one for Sipro).
Signed-off-by: Anton Khirnov <anton@khirnov.net>
It prevents crashes due to non initialized fields.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 3e033da84782e12ed529e6a88dd53b6a72199e8e)
The fields "Number of Bytes" and "Number of Frames" are mixed up. "Bytes"
come first, "Frames" behind.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d305c9398c043f9ae3bbc6d64a3e1dc468c1e63)
The move of avio_seek in avi_read_seek is to avoiding modifying
state if the seek would fail.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f9e083a156f19094cb6fcd134c1ca4ca899a1a6d)
This reduces problems when underlying protocol is not
seekable even if marked as such or if the file has been
cut short.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ac1d489320f476c18d6a8125f73389aecb73f3d3)
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bc851a2946c64eefb96145b70e2190ff7d5a4827)
init_get_bits() takes a number of bits and not a number of bytes as
its size argument.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e5e0580b93a5bda34f62a5df50c1b15e610d4ad1)
If there is only 1 stream in an flv avformat_find_stream_info will continually
read until probesize is reached. This should stop it reading if the metadata
also claims there to be 1 stream.
(cherry picked from commit bcc531f04a0590732d42da133c11c138e8d08b59)
currently libavformat only allows seeking if a request with "Range:
0-" results in a 206 reply from the HTTP server which includes a
Content-Range header. But according to RFC 2616, the server may also
reply with a normal 200 reply (which is more efficient for a request
for the whole file). In fact Apache HTTPD 2.2.20 has changed the
behaviour in this way and it looks like this change will be kept in
future versions. The fix for libavformat is easy: Also look at the
Accept-Ranges header.
(cherry picked from commit 31dfc4959816aa4637e50c7f79660c75205ef84c)
Signed-off-by: David Goldwich <david.goldwich@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 63d64228a7f31d534e3bcae87cbd37f4a0ae2dd6)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
init_get_bits() takes a number of bits and not a number of bytes as
its size argument.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit b59efc94347ccf0cbc2ff14a5a9e99819c5bdc4d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a92d0fa5d234582583d41b67dddecffc2c819573)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e055932f5636a82275837968eea9c8fcb5bca474)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 273aab99bf7be2bcda95dd64101c2317ee0fcb99)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 47a8589f7bc69d1a29da1dfdfbd0dfa78a9e31fd)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Metadata currently is written only at the start of the file in normal
cases, when transcoding from a rtmp source metadata could be
written later and the offset recorded can exceed 32bit.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7f5bf4fbaf1f2142547321a16358f9871fabdcc6)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents out of bounds reads when extradata is being decoded.
(cherry picked from commit 1f6f58d5855288492fc2640a9f1035c01c75d356)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
According to MPEG-TS specs, the continuity_counter shall not be
incremented when the adaptation_field_control of the packet
equals '00' or '10'.
Signed-off-by: Jindrich Makovicka <jindrich.makovicka@nangu.tv>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 8923cfa328e8eb565aebcfe8672b276fd1c19bf7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Set DV packet durations using fields_per_frame.
This requires turning gxf_stream_info into the demuxer's context for access to the value in gxf_packet().
Since MPEG-2 seems to work fine this done only for DV.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 99fecc64b064a013559d3d61f7d9790e3c95c80e)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Parse the extension flag bit when reading the MPEG4 AudioSpecificConfig.
This has nothing to do with SBR/PS contradictory to what was noted when it was removed.
(cherry picked from commit 7f01a4192cdf4565eadee457f76e6b5196e35e0b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 4d5e7ab5c48451404038706ef3113c9925a83087)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Based on a suggestion by Ronald S. Bultje
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a2b66a366d7d9d7dacc217601b5e4406624f91ea)
Fixes MSVR-11-0088
Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba9a7e0d71bd34f8b89ae99322b62a310be163a6)
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)
This fixes a crash with specifically crafted files.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 69619a13c3fef940cba545cf0a283ff22771dd71)
EBML_STOP leaves matroska->current_id set. Then matroska_read_seek changes
the stream position without resetting current_id. The next
matroska_parse_cluster fails due to calculation of incorrect pos. So clear
current_id when avio_seek happens in matroska_read_seek.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit cdc2c1c57616956d975c57b4b69eb73865f513f5)
