The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly. Also change a literal buffer
size to use sizeof, and limit the amount of data copied in another
memcpy call as well.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '4f56e773fe8a554b8c2662650aaf799c2ece2721':
x86: ac3: Fix HAVE_MMXEXT condition to only refer to external assembly
rtpenc: Start the sequence numbers from a random offset
Conflicts:
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Expose the current sequence number via an AVOption - this can
be used both for setting the initial sequence number, or for
querying the current number.
Signed-off-by: Martin Storsjö <martin@martin.st>
Use AVERROR_INVALIDDATA on invalid inputs, and AVERROR_EOF when no more
frames are available in an interleaved AVI.
Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
* commit '8a4f26206d7914eaf2903954ce97cb7686933382':
dsputil: remove butterflies_float_interleave.
srtp: Move a variable to a local scope
srtp: Add tests for the crypto suite with 32/80 bit HMAC
Conflicts:
libavcodec/x86/dsputil.asm
libavcodec/x86/dsputil_mmx.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3ef6d22e1ba544ab37c73e8fc61382f13aac250f':
srtp: cosmetics: Use fewer lines for the test vectors
srtp: Don't require more input data than what actually is needed
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a2a991b2ddf951454ffceb7bcedc9db93e26c610':
srtp: Improve the minimum encryption buffer size check
srtp: Add support for a few DTLS-SRTP related crypto suites
Conflicts:
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f53490cc0c809975f8238d5a9edbd26f83bd2f84':
rtpdec/srtp: Handle CSRC fields being present
rtpdec: Check the return value from av_new_packet
ac3dec: fix non-optimal dithering of zero bit mantissas
Conflicts:
libavcodec/ac3dec.c
libavformat/rtpdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c6f1dc8e4cd967ae056698eafb891a08003c211c':
rtpdec: Move setting the parsing flags to the actual depacketizers
rtpdec: Split handling of mpeg12 audio/video to a separate depacketizer
Conflicts:
libavformat/rtpdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a717f9904227d7979473bad40c50eb40af41d01d':
mpegts: Share the cleanup code between the demuxer and lavf-internal parser functions
rtpdec_mpeg4: Return one AAC AU per AVPacket
ppc: Include string.h for memset
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This clarifies where the limit number comes from, and only
requires exactly as much padding space as will be needed.
Signed-off-by: Martin Storsjö <martin@martin.st>
The theoretical minimum for a (not totally well formed) RTCP packet
is 8 bytes, so we shouldn't require 12 bytes as minimum input.
Also return AVERROR_INVALIDDATA instead of 0 if something that is
not a proper packet is given.
Signed-off-by: Martin Storsjö <martin@martin.st>
The main difference to the existing suites from RFC 4568 is
that the version with a 32 bit HMAC still uses 80 bit HMAC
for RTCP packets.
Signed-off-by: Martin Storsjö <martin@martin.st>
Several compilers such as clang/icc/pathscale will optimize the check
pos + size < pos (assuming size > 0) into false, since signed integer
overflow is undefined behavior in C. This breaks overflow checking.
Use a safe precondition check instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The lavf-internal parser functions are used when receiving
mpegts over RTP. This fixes memory leaks in this setup.
The normal mpegts demuxer close function was updated in ec7d0d2e in
2004 to fix leaks, but the parsing function used for RTP wasn't
updated and has been leaking ever since.
Signed-off-by: Martin Storsjö <martin@martin.st>
This makes the returned data valid to stream copy into other
containers as well, not only for decoding straight away.
Signed-off-by: Martin Storsjö <martin@martin.st>
Makes ff_id3v2_read reset stream position at the end of ID3 data if the
header size is not matched (caused by an EOF for example).
Current behaviour (without the patch):
filesize = 400
id3 data size = 399
file offset after ff_id3v2_read is 400 instead of 399
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>