Fixes out of array access
Fixes: asan_heap-oob_22388d0_3435_cov_3297128910_small_roll5_FlashCine1.cine
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1d3a3b9f89)
Conflicts:
libavcodec/rawdec.c
Fixes out of array access
Fixes: asan_heap-oob_20a6c26_2690_cov_3434532168_mail.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 79ceaf827b)
Conflicts:
libavcodec/pngdec.c
Fixes out of array access
Fixes: signal_sigsegv_324b135_3398_cov_246853371_short.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e5c01ccdf5)
Conflicts:
libavcodec/flacdec.c
Fixes out of array read
Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3d5d95db3f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_1ca4f85_2760_cov_144449187_miss_congeniality_pegasus_ljpg.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0eecf40935)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids out of array accesses
Should fix Ticket3451
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4388e78a0f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_heap-oob_2aec5b0_1828_classical_22_16_2_16000_v3c_0_exclusive_0_29.wma
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5dcb99033d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_heap-oob_2573085_3783_utvideo_rgba_median.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7656c4c6e6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes an "initialization discards qualifiers from pointer target type" warning.
(cherry picked from commit f05855414e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
When matroska_execute_seekhead() is called, it goes through the list of
seekhead entries and attempts to read elements not read yet. When doing
this, the parser can find further SeekHead elements, and will extend the
matroska->seekhead list. This can lead to a (practically) infinite loop
with certain broken files. (Maybe it can happen even with valid files.
The demuxer doesn't seem to check correctly whether an element has
already been read.)
Fix this by ignoring elements that were added to the seekhead field
during executing seekhead entries.
This does not fix the possible situation when multiple SeekHead elements
after the file header (i.e. occur after the "before_pos" file position)
point to the same elements. These elements will probably be parsed
multiple times, likely leading to bugs.
Fixes ticket #4162.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6551acab68)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c4abee734d)
Conflicts:
tests/fate/vcodec.mak
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Theres no reason to remove the volatile keyword in a release branch
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0e216ed407)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
the old code worked fine for a long time and was not affected by
the bug the new code fixes and the new is not widely tested yet.
This can be reverted once the code received more testing in
master
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f783259fdb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c790e31ae46d4304af893d04806ec9e3bff5ae28':
lavu: fix memory leaks by using a mutex instead of atomics
Conflicts:
libavutil/buffer.c
The atomics code is left in place as a fallback for synchronization in the
absence of p/w32 threads. Our ABI did not requires applications to
only use threads (and matching ones) to what libavutil was build with
Our code also was not affected by the leak this change fixes, though
no question the atomics based implementation is not pretty at all.
First and foremost the code must work, being pretty comes after that.
If this causes problems, for example when libavutil is used by multiple
applications each using a different kind of threading system then the
default possibly has to be changed to the uglier atomics.
See: cea3a63ba3
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '871d99ef77336069e5a8ece947c8160d9bc4d5ea':
mp3enc: fix a triggerable assert
Conflicts:
libavformat/mp3enc.c
No change, the faulty assert was not in FFmpeg
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The new reference.pnm is a freely licensed replacement. The photo has
been taken by Reinhard Tartler on August 28 2014, and is licensed under
the expat license as stated at http://www.jclark.com/xml/copying.txt
(cherry picked from commit e38231007e19e5f27b0e77e72bcd26fb3d76edfb)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This convinces the pre-receive hook to not consider all *.pnm files as
text files to reduce the patch sizes and avoids triggering whitespace
checks,
Contains a correction by Janne Grunau <janne-libav@jannau.net>
(cherry picked from commit b877814e09b9f25308ec205cf48bb9554b33e95c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The buffer pool has to atomically add and remove entries from the linked
list of available buffers. This was done by removing the entire list
with a CAS operation, working on it, and then setting it back again
(using a retry-loop in case another thread was doing the same thing).
This could effectively cause memory leaks: while a thread was working on
the buffer list, other threads would allocate new buffers, increasing
the pool's total size. There was no real leak, but since these extra
buffers were not needed, but not free'd either (except when the buffer
pool was destroyed), this had the same effects as a real leak. For some
reason, growth was exponential, and could easily kill the process due
to OOM in real-world uses.
Fix this by using a mutex to protect the list operations. The fancy
way atomics remove the whole list to work on it is not needed anymore,
which also avoids the situation which was causing the leak.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit fbd6c97f9c)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 517ce1d09b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Also add no-op fallbacks when threading is disabled.
This helps keeping the code clean if Libav is compiled for targets
without threading. Since we assume that no threads of any kind are used
in such configurations, doing nothing is ok by definition.
Based on a patch by wm4 <nfxjfg@googlemail.com>.
(cherry picked from commit 2443e522f0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 46a17d886b)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
We have to check against the number of bytes actually needed, not the
theoretical maximum size.
(cherry picked from commit 12700b0219)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
this also uses avpriv_find_start_code(), though no speed change is expected as
the area searched is generally small
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3b678da5e3)
Conflicts:
libavcodec/h264.h
This allows sharing them with the h264 parser
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4898440f6b)
Conflicts:
libavcodec/h264.c
libavcodec/h264.h
This avoids out of array accesses
Fixes: asan_heap-uaf_21f42e4_9_asan_heap-uaf_21f42e4_278_gl2.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 075a165d27)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_stack-oob_49b1e5_10_009.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91ba2efa9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_heap-oob_fb5c50_19_018.rmvb
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 10e32618ac)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_12a55d3_30_029.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 32e666c354)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: out of array accesses
Fixes: asan_heap-oob_112c6b3_13_012.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit df74811cd5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: asan_heap-oob_22c9a39_16_015.mxf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f3c0e0bf6f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_11222fb_21_020.dxa
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e70312dfc2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes very long but finite loop
Fixes: asan_heap-oob_107866c_42_041.drc
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5145d22b88)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
