Fixes out of array reads
Fixes: signal_sigsegv_e74c1e_1092_BROCIME.HNM
Fixes: signal_sigsegv_e74e85_2620_PLAQUE0.HNM
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
before:
./ffmpeg -v 0 -nostats -i ~/samples/vp9/etv.webm -f null - 16.29s user 0.02s system 99% cpu 16.323 total
./ffmpeg -v 0 -nostats -i ~/samples/vp9/etv.webm -f null - 16.32s user 0.01s system 99% cpu 16.351 total
./ffmpeg -v 0 -nostats -i ~/samples/vp9/etv.webm -f null - 16.27s user 0.05s system 99% cpu 16.335 total
after:
./ffmpeg -v 0 -nostats -i ~/samples/vp9/etv.webm -f null - 15.22s user 0.03s system 99% cpu 15.257 total
./ffmpeg -v 0 -nostats -i ~/samples/vp9/etv.webm -f null - 15.20s user 0.02s system 99% cpu 15.237 total
./ffmpeg -v 0 -nostats -i ~/samples/vp9/etv.webm -f null - 15.19s user 0.02s system 99% cpu 15.227 total
Avoids len from becoming negative and causing assertion failure
Fixes: signal_sigabrt_7ffff7126425_5140_fd44dc63fa7bdd12ee34fc602231ef02.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c918e08b9cc9ce8d06159c51da55ec5ab018039a':
truemotion1: make sure index does not go out of bounds
See: fd4c1c0b70
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c453723ad7d14abc5e82677eebaa6025fa598f08':
gifdec: check that the image dimensions are non-zero
Conflicts:
libavcodec/gifdec.c
See: 286930d302
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '074c769de93bf12e9f44d77e58a8c7167f9dfb13':
h264_cavlc: check the size of the intra PCM data.
This check is redundant, but does no harm
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Happens on a B-frame when neither low_delay nor last_picture_ptr is set
(probably corrupted streams only).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Also add an error message an return a more suitable error code
(INVALIDDATA, not EINVAL);
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
This code changes the input packet, which is read only and can in
rare circumstances lead to decoder errors. (i run into one of these in
the audio decoder, which corrupted the packet during av_find_stream_info()
so that actual decoding that single packet failed later)
Until a better fix is implemented, this commit limits the problem.
A better fix might be to make the subtitle decoders not depend on
data[size] = 0 or to copy their input when this is not the case.
These functions are intended for use with side_data which comes in an
AVPacket.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Reviewed-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This type is intended to be used to allow codecs to pass updated
metadata to applications.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Reviewed-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Some of context fields which must be overrided by this wrapper decoder
may be set and used by user, so we have to save and restore them before
and after invoking the inner decoder to secure user.