A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
track timestamp difference as well.
Patch by Sergiy (mail.composeAddress("piratfm","gmail.com"))
Originally committed as revision 20714 to svn://svn.ffmpeg.org/ffmpeg/trunk
difference, so make all read packets store absolute timestamp.
As a consequence, we don't need to track audio/video timestamps separately
any longer in protocol handler.
Originally committed as revision 20685 to svn://svn.ffmpeg.org/ffmpeg/trunk
instead of assuming it should occur right at given position.
This helps finding human-readable error descriptions in RTMP server replies.
Originally committed as revision 20575 to svn://svn.ffmpeg.org/ffmpeg/trunk
