This feature is mostly only used by NLE software, and is
both of dubious value being enabled by default, and a
possible security risk.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 712d962a6a29b1099cd872cfb07867175a93ac4c)
Conflicts:
libavformat/isom.h
libavformat/mov.c
libavformat/version.h
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Conflicts:
libavformat/mov.c
Fixes: 260813283176b57b3c9974fe284eebc3_signal_sigsegv_7ffff713351a_991_xtrem_e2_m64q15_a32sxx.3gp with memlimit of 262144
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15629129dde771446a005282ee33c4ea1199e696)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket4557
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 50393bce31a5618f5125aaaf97bb69886fc4261d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e4f0cfc8ff4ab635ea12bdbd8d85d8bb1ba25f9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
as this kind of allows to circumvent it to some extend.
We also could add a separate parameter or value to choose this
Found-by: ramiro
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e4d0498df6621143da1a550006ddc3526ad51cb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8003816e1619e77d8de051883264aa090e0d78cc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 21a53dd08dce7cc5b3fdf9c4826b4b74d8300ea0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit db27f50e0658e91758e8a17fdcf390e6bc93c1d2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 383c6a3a07b71981bd32d083496f5a4935f620f9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The previous code assumed if an atom was marked with a 64-bit
size extension, it actually had that data available. The new
code verfies there's enough data in the atom for this to be
done.
Failure to verify causes total_size > atom.size which will
result in negative size calculations later on.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3ebd76a9c57558e284e94da367dd23b435e6a6d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3859868c75313e318ebc5d0d33baada62d45dd75)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Under abnormal conditions the item_count may exceed the max
allocation size on 32-bit systems, this causes the allocated
size to overflow and become too small for the given count.
Additionally, if av_reallocp() fails its allocation, the
fragment_index_count is not correctly decremented.
Ensuring further havoc may be wrought, the error code for
read_tfra() is not checked upon return.
Found-by: Paul Mehta <paul@paulmehta.com>
positive return code and use of _array functions by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit db42d93a61be26873be6115c57f5921b4dfdec14)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code previously added 1 to len without checking its size,
resulting in an overflow which can corrupt value[-1] -- which
may be used to store unaligned ptr information for certain
allocators.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Fixes: case1_call_stack_overflow.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit be9ce6e10a8d53b8bc346c9337d75a5a30631a2a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3cec81f4d4f26b62bc2d22bb450bbf51ec3a7f09':
mov: allocate the tag value dynamically
Conflicts:
libavformat/mov.c
See: f31445a82d6acd0b8fab5a26c04e91645f4854d8
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e352b293712ff7cbde67eba3ce3f8510b037de09':
mov: Add an option for exporting all metadata
Conflicts:
libavformat/isom.h
libavformat/mov.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '5639ed9abb58311f82cf3499b682d228290adb09':
mov: do not truncate the language-prefixed tag
Conflicts:
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This allows to load metadata entries longer than 1024 bytes.
Displaying them is still limited to 1024 characters, but applications
can load them fully now.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Also see [FFmpeg-devel] [PATCH] avformat/mov: strengthen some table allocations
which contains more fixes but is unfinished
Fixes: signal_sigabrt_7ffff6ac7bb9_3484_cov_1830000177_starfox2.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '82ee7d0dda0fec8cdb670f4e844bf5c2927ad9de':
Use gmtime_r instead of gmtime and localtime_r instead of localtime
Conflicts:
libavformat/mov.c
libavformat/mxfenc.c
libavformat/wtvdec.c
libavutil/parseutils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9dcf2397219ca796f0fafce2a703770d6fd09920':
lavf: Check the return value of strftime
Conflicts:
libavformat/wtvdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
gmtime isn't thread safe in general. In msvcrt (which lacks gmtime_r),
the buffer used by gmtime is thread specific though.
One call to localtime is left in avconv_opt.c, where thread safety
shouldn't matter (instead of making avconv depend on the libavutil
internal header).
Signed-off-by: Martin Storsjö <martin@martin.st>
If the buffer provided to strftime is too small, the buffer contents
are indeterminate - it does not guarantee actually null terminating
the buffer.
Signed-off-by: Martin Storsjö <martin@martin.st>
If using MFRA for timestamps, the stream may start from a large offset
and/or have gaps. With this change we calculate the bitrate based on
frames we've seen.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '74b02377980321934e33969c84733ace7e9f4eeb':
mov: Correctly check the color transfer characteristics range
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This introduces a new option to the mov demuxer: -use_mfra_for
(pts|dts). When it's given and moofs and a MFRA are present, the MFRA's
TFRAs are read for fragment start times.
Unfortunately some programs that produce fragmented mp4s use the TFRA
time field for dts and some for pts. There is no realistic way to detect
which is the case, hence the responsibility is punted onto the user.
This also means that no behavioural change is enabled by default - you
must pass either dts or pts for anything to happen.
Without this change, timestamps for some discontinuous fragmented mp4 are
wrong, and cause audio/video desync and are not usable for generating
HLS.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
syncframes in E-AC-3 can be combined to provide 6 audio blocks per
sample, thus requiring parsing for proper decoding.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
