Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23c3641d50caa288818e8c27647ce74d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit a3d471e500674c31fa4f52a62ef789d5e7fdbd3c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
stereo & 16bit is untested due to lack of samples
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5166376f24545207607f61ed8ff4e1b0572ff320)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 78cd2e18a4aa2835f6d04cf145121fc82099c1a5)
Conflicts:
libavcodec/smacker.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
1<<31 overflows because 1 is signed, so force it to unsigned.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 5938e02185430ca711106aaec9b5622dbf588af3)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Correct computation of implicit weight tables when referencing pictures
that are marked for long reference.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 87cf70eb237e7586cc7399627dafa1b980ec0b7d)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The current check on MMCO parameters prohibits a "max long term frame index
plus 1" of 16 (frame idx of 15) for the "set max long term frame index" MMCO.
Fix this off-by-one error to allow the full range of legal values.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 29a09eae9a827f4dbc9c4517180d8fe2ecef321a)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This removes out-of-edge motion compensation artifacts (easily spotted green
blocks in avplay, gray blocks in transcoding), for example here:
http://samples.libav.org/samples/real/tv_watching_t1.rm
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 331971116d7d36743601bd2dc5384c5211d3bb48)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Metadata currently is written only at the start of the file in normal
cases, when transcoding from a rtmp source metadata could be
written later and the offset recorded can exceed 32bit.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7f5bf4fbaf1f2142547321a16358f9871fabdcc6)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit fe3e7297fe56a383baca484dea2c0d603ae305f8)
Conflicts:
libavformat/flvenc.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Custom PAR num/denum are in 1-256 range.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 0e8696551414d4ea0aab2559f9475d1fe49d08f3)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit bac3ab13ea6a9dd8853e79ef3eacf51d234c8774)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 59a22afa0b50b9037133a7bc26bdc5023e7e1df9)
Conflicts:
libavcodec/h264.c
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This prevents out of bounds reads when extradata is being decoded.
(cherry picked from commit 1f6f58d5855288492fc2640a9f1035c01c75d356)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
On some platforms EINVAL could be positive, ensure we return negative values.
(cherry picked from commit e5985185d2eda942333ebbb72bd7d043ffe40be7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
According to MPEG-TS specs, the continuity_counter shall not be
incremented when the adaptation_field_control of the packet
equals '00' or '10'.
Signed-off-by: Jindrich Makovicka <jindrich.makovicka@nangu.tv>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 8923cfa328e8eb565aebcfe8672b276fd1c19bf7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
buffer_size/4 is the value used by aplay. This fixes output to null
devices, e.g. writing ALSA output to a file.
(cherry picked from commit 8bfd7f6a475225a0595bf657f8b99a8fffb461e4)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 4d5e7ab5c48451404038706ef3113c9925a83087)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Set the frame size when decoding DTS audio.
This has the side effect of fixing the computation of timestamps for DTS-HD in compute_pkt_fields. Since frame_size is
not currently set, the duration of a frame is being guessed based on the streams bitrate. But for DTS-HD, the bitrate
currently used is the rate of the DTS core which is much different than the whole DTS-HD stream and leads to a wildly
inaccurate frame duration estimate.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 49c7006c7e815d4330247624a9e6ba30e288cd02)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 06318968853ff8c628bbc75fb126483c08f22fd9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
filter_mb_fast assumed that qscale_table was padded like many of the other tables.
(cherry picked from commit 5029a406334ad0eaf92130e23d596e405a8a5aa0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fixes decoding of MJPEG files produced by some UVC Logitec web cameras,
such as "Notebook Pro" and "HD C910".
References:
http://trac.videolan.org/vlc/ticket/4215http://ffmpeg.org/trac/ffmpeg/ticket/267
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Reviewed-by: Kostya <kostya.shishkov@gmail.com>
(cherry picked from commit 8c0fa61a9713a1306fca7997dd04d72ea1f060ea)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Supported by mplayer and seen in the wild.
(cherry picked from commit 505345ed5d180093a44da8d70ac541898c31c22f)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Originally committed as revision 23513 to svn://svn.ffmpeg.org/ffmpeg/trunk
(cherry picked from commit 77d3f1f792c2a0bd455c75b0aa8e356b3a470ea7)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)
Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77d2ef13a8fa630e5081f14bde3fd20f84c90aec)
NB: MSVR-11-0080 doesn't seem to exist. This issue seems to be known
as MSVR11-011 instead.
Fixes: CVE-2011-3504
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This removes all valgrind-reported invalid writes with one
specific test file.
Fixes http://www.ocert.org/advisories/ocert-2011-002.html
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 4a71da0f3ab7f5542decd11c81994f849d5b2c78)
Fixes CVE-2011-3362, CVE-2011-3973, CVE-2011-3974
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This version was checked out from the 0.7.2 release and has some bits
reverted to compile in the release/0.6 branch
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
When built with gcc 4.6, the MMX rgb24 to yuv conversion gives
wrong output. The compiler produces this warning:
libswscale/swscale_template.c:1885:5: warning: use of memory input without lvalue in asm operand 4 is deprecated
Changing the memory operand to a register makes it work.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit f344903ca5ce28a833fdd656bc1ed5b16d97e7e9)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Specifically crafted samples can reinit ogg->streams[] while
reading samples, and thus we should not cache old pointers since
these may no longer be valid.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry-picked from commit 4cc3467e7abfea7e8d03b6af511f7719038a5a98)
Gcc 4.6 only preserves the first value when using an array with an "m"
constraint.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 770c410fbb8e1b87ce8ad7f3d7eddaa55e2b8295)
References:
http://bugs.debian.org/635324
Conflicts:
libavcodec/x86/fft_sse.c
This works around a possibly exploitable crash.
Appearently, vlc can be exploited with a malicous file. This should get
reverted as soon as a proper fix is found.
Reported-at: Thu, 21 Apr 2011 14:38:25 +0000
Reported-by: Dominic Chell <Dominic.Chell@ngssecure.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 89f903b3d5ec38c9c5d90fba7e626fa0eda61a32)
(cherry picked from commit 9b919571e506fbb72b81a35ca1e7c1bd6efc4209)
(cherry picked from commit 7089265756a84bf884a7c2290c6cda38d4dfd60f)
Signed-off-by: Reinhard Tartler <siretart@sandy.tauware.de>
