The previous code assumed if an atom was marked with a 64-bit
size extension, it actually had that data available. The new
code verfies there's enough data in the atom for this to be
done.
Failure to verify causes total_size > atom.size which will
result in negative size calculations later on.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3ebd76a9c5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Under abnormal conditions the item_count may exceed the max
allocation size on 32-bit systems, this causes the allocated
size to overflow and become too small for the given count.
Additionally, if av_reallocp() fails its allocation, the
fragment_index_count is not correctly decremented.
Ensuring further havoc may be wrought, the error code for
read_tfra() is not checked upon return.
Found-by: Paul Mehta <paul@paulmehta.com>
positive return code and use of _array functions by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit db42d93a61)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code previously added 1 to len without checking its size,
resulting in an overflow which can corrupt value[-1] -- which
may be used to store unaligned ptr information for certain
allocators.
Found-by: Paul Mehta <paul@paulmehta.com>
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Such data streams (which then contain no other packets except the faulty one)
confuse some user applications, like VLC
Works around vlcticket 12389
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 322f0f5960)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The RTP muxer enables the actual codepaths within sdp.c,
which depend on hevc.o since e5cfc8fd.
This fixes builds with --disable-everything --enable-muxer=rtp.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit fccfc22d1f)
This simplifies identifying from which revision a binary of a lib came from
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 649c158e8c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
When matroska_execute_seekhead() is called, it goes through the list of
seekhead entries and attempts to read elements not read yet. When doing
this, the parser can find further SeekHead elements, and will extend the
matroska->seekhead list. This can lead to a (practically) infinite loop
with certain broken files. (Maybe it can happen even with valid files.
The demuxer doesn't seem to check correctly whether an element has
already been read.)
Fix this by ignoring elements that were added to the seekhead field
during executing seekhead entries.
This does not fix the possible situation when multiple SeekHead elements
after the file header (i.e. occur after the "before_pos" file position)
point to the same elements. These elements will probably be parsed
multiple times, likely leading to bugs.
Fixes ticket #4162.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6551acab68)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3cec81f4d4f26b62bc2d22bb450bbf51ec3a7f09':
mov: allocate the tag value dynamically
Conflicts:
libavformat/mov.c
See: f31445a82d
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e352b293712ff7cbde67eba3ce3f8510b037de09':
mov: Add an option for exporting all metadata
Conflicts:
libavformat/isom.h
libavformat/mov.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '5639ed9abb58311f82cf3499b682d228290adb09':
mov: do not truncate the language-prefixed tag
Conflicts:
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '604c9b1196c70d79bbbc1f23e75f6a8253a74da3':
rtsp: move the CONFIG_ macros to the beginning of the check
Conflicts:
libavformat/rtsp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This allows to load metadata entries longer than 1024 bytes.
Displaying them is still limited to 1024 characters, but applications
can load them fully now.
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
