Fixes part2 of CVE-2011-3929
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman@shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It can also optionally split the file into individual fragments,
which allows it to be served from any web server without any
server side support.
Signed-off-by: Martin Storsjö <martin@martin.st>
This fixes calculation of trackDuration if the MOVIentry array
is cleared. This is required by the fragmentation support in the
next patch.
Signed-off-by: Martin Storsjö <martin@martin.st>
This commit makes the check specific to the case that needs it.
Regression was introduced by
commit 62adc60b97
Author: Michael Niedermayer <michaelni@gmx.at>
Date: Fri Dec 16 06:13:04 2011 +0100
avidec: Check that the header chunks fit in the available filesize.
Fixes Ticket771
Bug found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2011-3940 (Out of bounds read resulting in out of bounds write)
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (23 commits)
aacenc: Fix identification padding when the bitstream is already aligned.
aacenc: Write correct length for long identification strings.
aud: remove unneeded field, audio_stream_index from context
aud: fix time stamp calculation for ADPCM IMA WS
aud: simplify header parsing
aud: set pts_wrap_bits to 64.
cosmetics: indentation
aud: support Westwood SND1 audio in AUD files.
adpcm_ima_ws: fix stereo decoding
avcodec: add a new codec_id for CRYO APC IMA ADPCM.
vqa: remove unused context fields, audio_samplerate and audio_bits
vqa: clean up audio header parsing
vqa: set time base to frame rate as coded in the header.
vqa: set packet duration.
vqa: use 1/sample_rate as the audio stream time base
vqa: set stream start_time to 0.
lavc: postpone the removal of AVCodecContext.request_channels.
lavf: postpone removing av_close_input_file().
lavc: postpone removing old audio encoding and decoding API
avplay: remove the -er option.
...
Conflicts:
Changelog
libavcodec/version.h
libavdevice/v4l.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
Remove ffmpeg.
aacenc: Simplify windowing
aacenc: Move saved overlap samples to the beginning of the same buffer as incoming samples.
aacenc: Deinterleave input samples before processing.
aacenc: Store channel count in AACEncContext.
aacenc: Move Q^3/4 calculation to it's own table
aacenc: Request normalized float samples instead of converting s16 samples to float.
aacpsy: Replace an if with FFMAX in LAME windowing.
aacenc: cosmetics, replace 'rd' with 'bits' in codebook_trellis_rate to make it more clear what is being calculated.
aacpsy: cosmetics, change a FIXME to a NOTE about subshort comparisons
aacenc: cosmetics: move init() and end() to the bottom of the file.
aacenc: aac_encode_init() cleanup
XWD encoder and decoder
vc1: don't read the interpfrm and bfraction elements for interlaced frames
mxfdec: fix memleak on mxf_read_close()
westwood: split the AUD and VQA demuxers into separate files.
Conflicts:
.gitignore
Changelog
Makefile
configure
doc/ffmpeg.texi
ffmpeg.c
libavcodec/Makefile
libavcodec/aacenc.c
libavcodec/allcodecs.c
libavcodec/avcodec.h
libavcodec/version.h
libavformat/Makefile
libavformat/img2.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This reduces the delay when opening the video with quicktime.
Idea-by: Maksym Veremeyenko <verem@m1stereo.tv>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (25 commits)
riff: fix invalid av_freep() calls on EOF in ff_read_riff_info
pam: Fix a typo that broke writing and reading PAM files.
mxfdec: fix memleak on av_realloc failures
mxfdec: Do not parse slices or DeltaEntryArrays.
mxfdec: hybrid demuxing/seeking solution
mxfdec: Add Avid's essence element key.
mfxdec: Separate mxf_essence_container_uls for audio and video.
mxfdec: Compute packet offsets properly.
mxfdec: Use MaterialPackage - Track - TrackID instead of the system_item hack.
mxfdec: use av_dlog() for 'no corresponding source package found'
mxfdec: Make mxf->partitions sorted by offset.
mxfdec: parse ThisPartition
mxfdec: Speed up metadata and index parsing.
mxfdec: Make sure DataDefinition is consistent between material track and source track.
mxfdec: add EssenceContainer UL found in 0001GL00.MXF.A1.mxf_opatom.mxf
mxfdec: Add hack that adjusts the n_delta calculation when system items are present.
mxfdec: Parse IndexTableSegments and convert them into AVIndexEntry arrays.
mxfdec: Move FooterPartition to MXFContext and make sure it is never zero.
mxfdec: check return value of avio_seek
mxfdec: skip to end of structural sets
...
Conflicts:
configure
libavcodec/pnm.c
libavformat/mxfdec.c
libavformat/riff.c
libavformat/rtsp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This uses the old demuxing code for OP1a and separate demuxing code for OPAtom.
Timestamp output is added to the old demuxing code.
The seeking code is made to seek to the start of the desired EditUnit only,
from which the normal demuxing code takes over (if OP1a). This means we
do not use delta entries or slices, only StreamOffsets. OPAtom seeking
basically works like before.
This also makes D-10 seeking behave the same way as OP1a and OPAtom. In other
words, we allow seeking before the start or past the end for D-10 too.
Based on several patches by Tomas Härdin <tomas.hardin@codemill.se> and
Reimar Döffinger <Reimar.Doeffinger@gmx.de>.
Changed av_calloc to av_mallocz, added overflow checks.
It is a really bad idea to assign a video codec id
when we have set codec_type to audio and vice versa.
Prevents detection of mp2 in mxf as mpeg2video.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
Specifically, this means parsing as before until we run into essence.
At that point we seek to the footer and parse until EOF. After that we start
seeking backward to the previous partition and parse that until we run into
essence or the next partition. This procedure is repeated until we encounter
the last partition we parsed in the forward direction.
The end result of all this is that large essence containers are not needlessly
parsed. This speeds up parsing large files a lot.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
This fixes 0001GL.MXF.V1.mxf_opatom.mxf and 0001GL00.MXF.A1.mxf_opatom.mxf
getting two streams each due to both using the same SourcePackageID.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
Based on patch from Tomas Härdin <tomas.hardin@codemill.se>
and work by Georg Lippitsch <georg.lippitsch@gmx.at>
Changed av_calloc to av_mallocz and added overflow checks.
This fixes reading of partition packs. The code stops reading after the
operational pattern and should skip the array of essence container
labels that follow.
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
Some applications use the j2c extension for jpeg2000 codestream files.
Signed-off-by: Jean First <jeanfirst@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids (for all practical cases) the issue of reusing
the same UDP port as for an earlier connection. If the remote
doesn't know the previous session was closed, he might keep
on sending packets to that port. If we always start off trying
to open the same UDP port, we might get those packets intermixed
with the new ones.
This is occasionally an issue when testing RTSP stuff with
DSS, perhaps also with other servers.
Signed-off-by: Martin Storsjö <martin@martin.st>
This check isn't relevant in the way the code currently works.
Also change a case of if (x == 0) into if (!x).
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
rtpdec: Use our own SSRC in the SDES field when sending RRs
Finalize changelog for 0.8 Release
Prepare for 0.8 Release
threads: change the default for threads back to 1
threads: update slice_count and slice_offset from user context
aviocat: Remove useless includes
doc/APIChanges: fill in missing dates and hashes
Revert "avserver: fix build after the next bump."
mpegaudiodec: switch error detection check to AV_EF_BUFFER
lavf: rename fer option and document resulting (f_)err_detect options
lavc: rename err_filter option to err_detect and document it
mpegvideo: fix invalid memory access for small video dimensions
movenc: Reorder entries in the MOVIentry struct, for tigheter packing
rtsp: Remove extern declarations for variables that don't exist
aviocat: Flush the output before closing
Conflicts:
Changelog
RELEASE
libavcodec/mpegaudiodec.c
libavcodec/pthread.c
libavformat/options.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The s->ssrc field is the sender's SSRC, we use ssrc + 1 to get
a collision free "unique" SSRC for ourselves in the RR part.
The SDES block in the RTCP packet should describe ourselves,
not the sender.
This was fixed for the RR part in 952139a322, but wasn't
fixed for the SDES part until now.
This could cause some Axis cameras to send RTCP BYE packets
to us due to the SSRC collision.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
Add a tool that uses avio to read and write, doing a plain copy of data
ARM: fix build with FFT enabled and MDCT disabled
lavf: force single-threaded decoding in avformat_find_stream_info
avidec: migrate last of lavf from FF_ER_* to AV_EF_*
avserver: fix build after the next bump.
Conflicts:
libavformat/Makefile
libavformat/avidec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Originally, sizeof(struct MOVIentry) was 48, after the reordering,
it is 40 in my build configuration.
When writing really long mov/mp4 files, this can make a difference
- this saves a bit over 2 MB of memory per hour of video (down to
10.3 MB per hour from 12.3 MB per hour initially) for a video with
75 packets per second - 25 fps + 50 audio packets (which is the
case for AMR audio).
Signed-off-by: Martin Storsjö <martin@martin.st>
The H.264 decoder needs SPS and PPS for initialization during
multi-threaded decoding. When probed single-threaded SPS and PPS are
copied to extradata and are available for proper initialization of
the decoder before the first frame is decoded.
* qatar/master:
rv34: add NEON rv34_idct_add
rv34: 1-pass inter MB reconstruction
add SMJPEG muxer
avformat: split out common SMJPEG code
pictordec: Use bytestream2 functions
avconv: use avcodec_encode_audio2()
pcmenc: use AVCodec.encode2()
avcodec: bump minor version and add APIChanges for the new audio encoding API
avcodec: Add avcodec_encode_audio2() as replacement for avcodec_encode_audio()
avcodec: add a public function, avcodec_fill_audio_frame().
rv34: Intra 16x16 handling
rv34: Inter/intra MB code split
Conflicts:
Changelog
libavcodec/avcodec.h
libavcodec/pictordec.c
libavcodec/utils.c
libavcodec/version.h
libavcodec/x86/rv34dsp.asm
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Enhances seeking by demuxing until the requested timestamp is reached within
the segment selected by the seek code using the playlist info.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
mov: cosmetics - move a line to a better position and add a comment
Oana Andreea Stratulat submitted a similar patch to trac, but forgot
to notify the ML about it.
Signed-off-by: Jean First <jeanfirst@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
fate: split ADPCM and DPCM test references into separate files.
mov, mxfdec: Employ more meaningful return values.
lavc: Relax API strictness in avcodec_decode_audio3 with a custom get_buffer()
wavpack: fix clipping for 32-bit lossy mode
vb: Use bytestream2 functions
Conflicts:
libavcodec/utils.c
libavcodec/vb.c
libavformat/mxfdec.c
tests/fate/dpcm.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Current code would just return uninitialized data with no way
to detect this condition.
Instead, fill the whole GUID with 0 in that case.
Fixes valgrind uninitialized data errors in fate-seek-lavf_asf.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
With the added benefit that allowing -segment_list_size 0 makes it
possible to keep all segment entries in the list file.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (21 commits)
utils: Check for extradata size overflows.
ARM: rv34: fix asm syntax in dc transform functions
avio: Fix the value of the deprecated URL_FLAG_NONBLOCK
rv34: fix and optimise frame dependency checking
rv34: NEON optimised dc only inverse transform
avprobe: use avio_size() instead of deprecated AVFormatContext.file_size.
ffmenc: remove references to deprecated AVFormatContext.timestamp.
lavf: undeprecate read_seek().
avserver: remove code using deprecated CODEC_CAP_PARSE_ONLY.
lavc: replace some remaining FF_I_TYPE with AV_PICTURE_TYPE_I
lavc: ifdef out parse_only AVOption
nellymoserdec: SAMPLE_FMT -> AV_SAMPLE_FMT
mpegvideo_enc: ifdef out/replace references to deprecated codec flags.
riff: remove references to sonic codec ids
indeo4: add some missing static and const qualifiers
rv34: DC-only inverse transform
avconv: use AVFrame.width/height/format instead of corresponding AVCodecContext fields
lavfi: move version macros to a new installed header version.h
vsrc_buffer: release the buffer on uninit.
rgb2rgb: rgb12tobgr12()
...
Conflicts:
avconv.c
doc/APIchanges
ffprobe.c
libavfilter/Makefile
libavfilter/avfilter.h
libswscale/rgb2rgb.c
libswscale/rgb2rgb.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This isn't used in practice anywhere within libav at the moment,
but change it for consistency until it is removed.
URL_RDONLY/WRONLY were fixed in commit 5b81e29593 (after the
values that actually were used were changed at the major bump,
in commit cbea3ac8), but this flag was unintentionally left unfixed.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
fft: init functions with INIT_XMM/YMM.
pcmenc: set frame_size to 0.
gsm demuxer: use generic seeking instead of a gsm-specific function.
gsm demuxer: return packets with only 1 gsm block at a time.
avcodec: add GSM parser
doc: Replace ffmpeg references in avserver config file by avconv.
doc: Fix names of av_log color environment variables.
Fix a bunch of platform name and other typos.
Add some missing changelog entries and release 0.8_beta2
No longer build libpostproc by default
wtv: fix memleaks during normal operation
threads: add CODEC_CAP_AUTO_THREADS for libvpx and xavs
Conflicts:
Changelog
RELEASE
cmdutils.c
configure
doc/ffserver.conf
doc/platform.texi
ffplay.c
libavcodec/Makefile
libavcodec/version.h
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (22 commits)
rv34: frame-level multi-threading
mpegvideo: claim ownership of referenced pictures
aacsbr: prevent out of bounds memcpy().
ipmovie: fix pts for CODEC_ID_INTERPLAY_DPCM
sierravmd: fix audio pts
bethsoftvideo: Use bytestream2 functions to prevent buffer overreads.
bmpenc: support for PIX_FMT_RGB444
swscale: fix crash in fast_bilinear code when compiled with -mred-zone.
swscale: specify register type.
rv34: use get_bits_left()
avconv: reinitialize the filtergraph on resolution change.
vsrc_buffer: error on changing frame parameters.
avconv: fix -copyinkf.
fate: Update file checksums after the mov muxer change in a78dbada55
movenc: Don't store a nonzero creation time if nothing was set by the caller
bmpdec: support for rgb444 with bitfields compression
rgb2rgb: allow conversion for <15 bpp
doc: fix stray reference to FFmpeg
v4l2: use C99 struct initializer
v4l2: poll the file descriptor
...
Conflicts:
avconv.c
libavcodec/aacsbr.c
libavcodec/bethsoftvideo.c
libavcodec/kmvc.c
libavdevice/v4l2.c
libavfilter/vsrc_buffer.c
libswscale/swscale_unscaled.c
libswscale/x86/input.asm
tests/ref/acodec/alac
tests/ref/acodec/pcm_s16be
tests/ref/acodec/pcm_s24be
tests/ref/acodec/pcm_s32be
tests/ref/acodec/pcm_s8
tests/ref/lavf/mov
tests/ref/vsynth1/dnxhd_1080i
tests/ref/vsynth1/mpeg4
tests/ref/vsynth1/qtrle
tests/ref/vsynth1/svq1
tests/ref/vsynth2/dnxhd_1080i
tests/ref/vsynth2/mpeg4
tests/ref/vsynth2/qtrle
tests/ref/vsynth2/svq1
Merged-by: Michael Niedermayer <michaelni@gmx.at>
If the creation time is stored in the file as a zero, the
mov demuxer skips exporting the creation time. Currently,
files muxed without a creation time get demuxed with a
Jan 1st 1970 creation timestamp.
Signed-off-by: Martin Storsjö <martin@martin.st>
This fixes reads of uninitialized data by the parser when running
FATE sample h264-conformance/SL1_SVA_B.264.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* qatar/master: (29 commits)
cabac: Move code only used within the CABAC test program into the test program.
vp56: Drop unnecessary cabac.h #include.
h264-test: Initialize AVCodecContext.av_class.
build: Skip compiling network.h and rtsp.h if networking is not enabled.
cosmetics: drop some pointless parentheses
Disable annoying warning without changing behavior
faq: Solutions for common problems with sample paths when running FATE.
avcodec: attempt to clarify the CODEC_CAP_DELAY documentation
avcodec: fix avcodec_encode_audio() documentation.
FATE: xmv-demux test; exercise the XMV demuxer without decoding the perceptual codecs inside.
vqf: recognize more metadata chunks
FATE test: BMV demuxer and associated video and audio decoders.
FATE: indeo4 video decoder test.
FATE: update xxan-wc4 test to a sample with more code coverage.
Change the recent h264_mp4toannexb bitstream filter test to output to an elementary stream rather than a program stream.
g722enc: validate AVCodecContext.trellis
g722enc: set frame_size, and also handle an odd number of input samples
g722enc: split encoding into separate functions for trellis vs. no trellis
mpegaudiodec: Use clearer pointer math
tta: Fix returned error code at EOF
...
Conflicts:
libavcodec/h264.c
libavcodec/indeo3.c
libavcodec/interplayvideo.c
libavcodec/ivi_common.c
libavcodec/libxvidff.c
libavcodec/mpegvideo.c
libavcodec/ppc/mpegvideo_altivec.c
libavcodec/tta.c
libavcodec/utils.c
libavfilter/vsrc_buffer.c
libavformat/Makefile
tests/fate/indeo.mak
tests/ref/acodec/g722
Merged-by: Michael Niedermayer <michaelni@gmx.at>
rtsp.h relies on network.h and the latter conditionally defines fallback OS
structures that rely on configure tests, which are only run if networking
is enabled.
This fixes various problems with getting stream info. For example playback of the
file of Ticket88. Multithreaded find_stream_info should be reenabled
once it works correctly
This partly reverts 212fd3a1f1
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
flicvideo: fix invalid reads
vorbis: Avoid some out-of-bounds reads
vqf: add more known extensions
cabac: remove unused function renorm_cabac_decoder
h264: Only use symbols from the SVQ3 decoder under proper conditionals.
add bytestream2_tell() and bytestream2_seek() functions
parsers: initialize MpegEncContext.slice_context_count to 1
spdifenc: use special alignment for DTS-HD length_code
Conflicts:
libavcodec/flicvideo.c
libavcodec/h264.c
libavcodec/mpeg4video_parser.c
libavcodec/vorbis.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The decoders should not only be flushed on EOF or error, but also when
e.g. probe size was reached.
It is best to just always flush by default and only disable it
explicitly when we know that we have everything we need.
Fixes trac ticket #879.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
* qatar/master: (21 commits)
ipmovie: do not read audio packets before the codec is known
truemotion2: check size before GetBitContext initialisation
avio: Only do implicit network initialization for network protocols
avio: Add an URLProtocol flag for indicating that a protocol uses network
adpcm: ADPCM Electronic Arts has always two channels
matroskadec: Fix a bug where a pointer was cached to an array that might later move due to a realloc()
fate: Add missing reference file from 9b4767e4.
mov: Support MOV_CH_LAYOUT_USE_DESCRIPTIONS for labeled descriptions.
4xm: Prevent buffer overreads.
mjpegdec: parse RSTn to prevent skipping other data in mjpeg_decode_scan
vp3: add fate test for non-zero last coefficient
vp3: fix streams with non-zero last coefficient
swscale: remove unused U/V arguments from yuv2rgb_write().
timer: K&R formatting cosmetics
lavf: cosmetics, reformat av_read_frame().
lavf: refactor av_read_frame() to make it easier to understand.
Report an error if pitch_lag is zero in AMR-NB decoder.
Revert "4xm: Prevent buffer overreads."
4xm: Prevent buffer overreads.
4xm: pass the correct remaining buffer size to decode_i2_frame().
...
Conflicts:
libavcodec/4xm.c
libavcodec/mjpegdec.c
libavcodec/truemotion2.c
libavformat/ipmovie.c
libavformat/mov_chan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Align IEC 61937 length_code for DTS-HD so that
(length_code & 0xf) == 0x8. This is reportedly needed with some
receivers.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
The implicit network initialization is set to be removed in the
future, but is kept for compatibility. By not doing the implicit
initialization for non-network protocols, we avoid the warning
about avformat_network_init() not being called for these, where
it really doesn't make much sense.
Signed-off-by: Martin Storsjö <martin@martin.st>
This definition is in two files, since the definitions will move
to the private header at the next bump.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master: (46 commits)
mtv: Make sure audio_subsegments is not 0
v4l2: use V4L2_FMT_FLAG_EMULATED only if it is defined
avconv: add symbolic names for -vsync parameters
flvdec: Fix compiler warning for uninitialized variables
rtsp: Fix compiler warning for uninitialized variable
ulti: convert to new bytestream API.
swscale: Use standard multiple inclusion guards in ppc/ header files.
Place some START_TIMER invocations in separate blocks.
v4l2: list available formats
v4l2: set the proper codec_tag
v4l2: refactor device_open
v4l2: simplify away io_method
v4l2: cosmetics
v4l2: uniform and format options
v4l2: do not force interlaced mode
avio: exit early in fill_buffer without read_packet
vc1dec: fix invalid memory access for small video dimensions
rv34: fix invalid memory access for small video dimensions
rv34: joint coefficient decoding and dequantization
avplay: Don't call avio_set_interrupt_cb(NULL)
...
Conflicts:
Changelog
avconv.c
doc/APIchanges
doc/indevs.texi
libavcodec/adxenc.c
libavcodec/dnxhdenc.c
libavcodec/h264.c
libavdevice/v4l2.c
libavformat/flvdec.c
libavformat/mtv.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Author: Michael Niedermayer <michaelni@gmx.at>
Date: Thu Nov 3 22:38:10 2011 +0100
lavf: fix null pointer dereference in rdt
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is no longer needed and causes various problems with RTSP
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
a realloc()
BUG=100492
Review URL: http://codereview.chromium.org/8366004
Fixes: 1 of 2 for CVE-2011-3893
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes an invalid free() with ass in avi. The sample in bug 98 passes
parts of AVPacket.data as buffer for the AVIOContext. Since the packet
is quite large fill_buffer tries to reallocate the buffer before doing
nothing. Fixes bug 98.
* qatar/master:
fate: add dxtory test
adx_parser: rewrite.
adxdec: Validate channel count to fix a division by zero.
adxdec: Do not require extradata.
cmdutils: K&R reformatting cosmetics
alacdec: implement the 2-pass prediction type.
alacenc: implement the 2-pass prediction type.
alacenc: do not generate invalid multi-channel ALAC files
alacdec: fill in missing or guessed info about the extradata format.
utvideo: proper median prediction for interlaced videos
lavu: bump lavu minor for av_popcount64
dca: K&R formatting cosmetics
dct: K&R formatting cosmetics
lavf: flush decoders in avformat_find_stream_info().
win32: detect number of CPUs using affinity
Add av_popcount64
snow: Restore three mistakenly removed casts.
Conflicts:
cmdutils.c
doc/APIchanges
libavcodec/adx_parser.c
libavcodec/adxdec.c
libavcodec/alacenc.c
libavutil/avutil.h
tests/fate/screen.mak
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mpegenc: use avctx->slices as number of slices
v410enc: fix undefined signed left shift caused by integer promotion
Release notes: mention cleaned up header includes
fix Changelog file
Fix a bunch of typos.
Drop some pointless void* return value casts from av_malloc() invocations.
wavpack: fix typos in previous cosmetic clean-up commit
wavpack: cosmetics: K&R pretty-printing
avconv: remove the 'codec framerate is different from stream' warning
wavpack: determine sample_fmt before requesting a buffer
bmv audio: implement new audio decoding API
mpegaudiodec: skip all channels when skipping granules
mpegenc: simplify muxrate calculation
Conflicts:
Changelog
avconv.c
doc/RELEASE_NOTES
libavcodec/h264.c
libavcodec/mpeg12.c
libavcodec/mpegaudiodec.c
libavcodec/mpegvideo.c
libavformat/mpegenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The fate-h264-bsf-mp4toannexb failures were caused by an integer
overflow of the unneeded multiplication.
Inspired by patch by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
FATE: add tests for dfa
mpegaudiodec: fix seeking.
mpegaudiodec: fix compilation when testing the unchecked bitstream reader
threads: add sysconf based number of CPUs detection
threads: always include necessary headers for number of CPUs detection
threads: default to automatic thread count detection
Changelog: restore version <next> header
cook: K&R formatting cosmetics
Conflicts:
Changelog
libavcodec/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
