This ensures that theres enough data for mpeg_probe() to recognize mpeg-ps
Fixes Ticket2583
Based on code by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c605adbf56)
Prevent an out of buffer bound write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit af4cc2605c)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The sample rate index is 3 bits even if currently index 5, 6 and 7 are
not supported.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 0933fd1533)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
* qatar/release/0.8:
update Changelog
fate: fetch samples that match the release series
dxva2: include dxva.h if found
iff: validate CMAP palette size
Changelog: document msrle bugfix
Changelog: cosmetics, remove trailing periods and sort
msrledec: check bounds before constructing a possibly invalid pointer,
Conflicts:
Changelog
configure
libavformat/iff.c
tests/Makefile
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '327ff82bac3081d918dceb4931c77e25d0a1480d':
msrle: convert MS RLE decoding function to bytestream2.
Update Changelog for the 0.8.6 Release
wmaprodec: require block_align to be set.
ivi_common: do not call MC for intra frames when dc_transform is unset
roqvideodec: fix a potential infinite loop in roqvideo_decode_frame().
Revert "libmp3lame: use the correct remaining buffer size when flushing"
lzo: fix overflow checking in copy_backptr()
flacdec: simplify bounds checking in flac_probe()
atrac3: avoid oversized shifting in decode_bytes()
avconv: skip attached files when selecting streams to read from.
lavf: fix arithmetic overflows in avformat_seek_file()
Conflicts:
Changelog
avconv.c
libavcodec/libmp3lame.c
libavcodec/msrledec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f82e127dd9c7c0d54bf6400f83c7825e571f9a9e':
parser: fix large overreads
dsputil: fix invalid array indexing
shorten: use the unsigned type where needed
shorten: report meaningful errors
shorten: K&R formatting cosmetics
shorten: set invalid channels count to 0
matroskadec: request a read buffer for the wav header
h264: check for luma and chroma bit depth being equal
vc1: Move init code shared between decoder and parser to common code file.
libmp3lame: use the correct remaining buffer size when flushing
xxan: fix invalid memory access in xan_decode_frame_type0()
wmadec: require block_align to be set.
Conflicts:
libavcodec/h264.c
libavcodec/libmp3lame.c
libavcodec/shorten.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9b79a05289d91d1184455d12e6c4df457f0657c4':
wmaprodec: return an error, not 0, when the input is too small.
vmdaudio: fix invalid reads when packet size is not a multiple of chunk size
vorbisdec: Error on bark_map_size equal to 0.
configure: clean up Altivec detection
Update RELEASE file for 0.8.6
update year to 2013
oggdec: make sure the private parse data is cleaned up (cherry picked from commit d894f74762)
build: Fix CAF demuxer dependencies
doc: developer: Allow tabs in the vim configuration for Automake files
doc: filters: Correct BNF FILTER description
Conflicts:
RELEASE
cmdutils.c
libavcodec/vmdav.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes decoding with picky media players.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b448c0a68d)
Conflicts:
libavformat/movenc.c
Many players ignore broken aac frames, so don't abort mov or flv
muxing when encountering one, just print a warning instead.
Fixes ticket #2380.
(cherry picked from commit 1741fece70)
Conflicts:
libavformat/flvenc.c
Simplify `p->buf > p->buf + p->buf_size - 4' as `p->buf_size < 4'.
Avoid a possible out-of-bounds pointer, which is undefined behavior
in C.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 8425d693ee)
The values compared here can be more than INT64_MAX apart. Since the
difference is always positive, converting to uint64_t before subtracting
gives the correct result without overflows.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 91ac403b13)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.
Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b)
The QuickTime specification does not contain any hint that the atom
must not be written in some cases and both the QuickTime and the
AVID decoders do not fail if the atom is present.
This change allows to signal (visually) interlaced streams with
a codec different from uncompressed video.
As a side-effect, this fixes ticket #2202
(cherry picked from commit 7d0e3b197c)
Conflicts:
libavformat/movenc.c
tests/ref/lavf/mov
tests/ref/seek/lavf_mov
tests/ref/vsynth/vsynth1-avui
tests/ref/vsynth/vsynth1-dnxhd-1080i
tests/ref/vsynth/vsynth1-mpeg4
tests/ref/vsynth/vsynth2-avui
tests/ref/vsynth/vsynth2-dnxhd-1080i
tests/ref/vsynth/vsynth2-mpeg4
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f014567cf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This reverts 312645e :
"Do not set codec_tag property for matroska muxers."
Also adds dummy codec_tag lists with codecs
supported in mkv but not in wav / avi.
Fixes ticket #2169.
(cherry picked from commit df39c3ce38)
Conflicts:
libavformat/matroskaenc.c
* qatar/release/0.8:
Update Changelog
h264: check ref_count validity for num_ref_idx_active_override_flag
h264: check context state before decoding slice data partitions
oggdec: free the ogg streams on read_header failure
oggdec: check memory allocation
Fix uninitialized reads on malformed ogg files.
rtsp: Recheck the reordering queue if getting a new packet
opt: avoid segfault in av_opt_next() if the class does not have an option list
alacdec: do not be too strict about the extradata size
Conflicts:
Changelog
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a335ffd7f4cdaaa6a8fe4187f6f06b0418eea19a':
h264: fix sps parsing for SVC and CAVLC 4:4:4 Intra profiles
h264: check sps.log2_max_frame_num for validity
h264: slice-mt: get last_pic_dropable from master context
ppc: always use pic for shared libraries
h264: error out on unset current_picture_ptr for h->current_slice > 0
flashsv: make sure data for zlib priming is available
h264: enable low delay only if no delayed frames were seen
flashsv: check for keyframe before using differential coding
lavf: avoid integer overflow in ff_compute_frame_duration()
aacdec: Fix an off-by-one overwrite when switching to LTP profile from MAIN.
APIchanges: Fill in missing commit hashes
Conflicts:
doc/APIchanges
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'dcf8f259d107838ff3778343dcb762398130a1a3':
build: Add 'check' target to run all compile and test targets.
Ignore generated aviocat tool.
avconv: only apply presets when we have an encoder.
flacenc: ensure the order is within the min/max range in LPC order search
yuv4mpeg: reject unsupported codecs
vp8: reset loopfilter delta values at keyframes.
vp56: release frames on error
vp56: make parse_header return standard error codes
ivi_common: check that scan pattern is set before using it.
Prepare for 0.8.5 Release
x86: Require an assembler able to cope with AVX instructions
Conflicts:
RELEASE
avconv.c
doc/developer.texi
libavformat/yuv4mpeg.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The ogg decoder wasn't padding the input buffer with the appropriate
FF_INPUT_BUFFER_PADDING_SIZE bytes. Which led to uninitialized reads in
various pieces of parsing code when they thought they had more data than
they actually did.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit ef0d779706)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
If we timed out and consumed a packet from the reordering queue,
but didn't return a packet to the caller, recheck the queue status.
Otherwise, we could end up in an infinite loop, trying to consume
a queued packet that has already been consumed.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8729698d50)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Scaling the denominator instead of the numerator if it is too large
loses precision. Fixes an assert caused by a negative frame duration in
the fuzzed sample nasa-8s2.ts_s202310.
CC: libav-stable@libav.org
(cherry picked from commit 7709ce029a)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Current code would incorrectly process e.g. 'ff 00 ff 00 ff' to
'ff ff ff', while it should be 'ff ff 00 ff'.
Fixes Bug 395.
CC: libav-stable@libav.org
(cherry picked from commit 9ae80e6a9c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
