Fixes Ticket4636
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3a6a8f6ee1cb619913b87b6c78e0436303e2a35f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Calling ffio_ensure_seekback() if ffio_init_checksum() has been called
on the same context can lead to out of bounds memory accesses and
crashes. The reason is that ffio_ensure_seekback() does not update
checksum_ptr after reallocating the buffer, resulting in a dangling
pointer.
This effectively fixes potential crashes when opening mp3 files.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc87758775e2ce8be84e4fe598e12416e83d2845)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is more robust.
And only check if there is actually a frame returned.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit dd6c8575dbc8d3ff5dc2ffacb5028c253066ff78)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Also use the frame pixel format instead of the one from the codec
context, which is more robust.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit fdc64a104410f5fcc7f35b62287b0ae502b7061a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Neccessary -> Necessary
formated -> formatted
thee -> the
eventhough -> even though
seperately -> separately
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit ed0b1db640110cccdbf0db1d882fb952cf3a130d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This reverts commit 04f0002, which made it impossible to enable VSX with
a generic cpu.
This changes the behavior back to what it was before commit b0af404.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 45babb01217f4cf776c50f1bec8ced0065277c89)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Daemon404
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8e91d9652ea5048d9014e7636e12c6ed4732d7b7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes fate tests on PPC64be
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 04f00022910c8b468fcf72c1f12ac410d3588802)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Make the logic in libavformat/hevc.c parse_rps align with libavcodec/hevc_ps.c ff_hevc_decode_short_term_rps
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e1f8780c833ef55815111d4771b95ff78567cdb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If chan2 is not smaller than the number of channels, it can cause
segmentation faults due to dereferencing a NULL pointer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 05c57ba2f42324da2fdc93d83d65bb68dd637613)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The AVFrame values are closer to the AVFrame bitmap changed instead of
the AVCodecContext values, so this should be more robust
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit aef0e0f009802f1a5e21eb6465498632071e4475)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 913685f55208efd78bfc34d82b261bd449e69774)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Otherwise it can be 0 in sonic_decode_frame, causing SIGFPE crashes.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Return layout when FF_API_GET_CHANNEL_LAYOUT_COMPAT is set even if the
layout itself is not in the deprecated style.
Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The flag was set unintentionally and the code will break if a NULL
packet is passed in.
Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b14086ca38efa1a86cb0f0c6aa147b05f698877b':
mkv: Correctly report the latest packet had been flushed
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b380337020e271c5431aa8ef8f8e9dfda5e919b2':
mpjpegdec: don't try to alloc an AVIOContext when probe is guaranteed to fail
See: 1382add59df149193620ca0714ceac0929208c88
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The first check is done without the AVIOContext, so alloc it only if said check succeeds
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
If one of the dimensions is larger than 8176, s->mb_width or
s->mb_height is larger than 511, leading to an int16_t overflow of
s->mv_max.{x,y}. This then causes av_clip to be called with amin > amax.
Changing the type to int avoids the overflow and has no negative
effect, because s->mv_max is only used in clamp_mv for clipping.
Since mv_max.{x,y} is positive and mv_min.{x,y} negative, av_clip can't
increase the absolute value. The input to av_clip is an int16_t, and
thus the output fits into int16_t as well.
For additional safety, s->mv_{min,max}.{x,y} are clipped to int16_t range
before use.
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
The first check is done without the AVIOContext, so alloc it only if said check succeeds
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
