* commit '8575f5362f98c937758b20ff8512d6767a56208e':
lavf: make av_probe_input_buffer more robust
lavf: use a fixed width type
lavf: simplify handling of offset in av_probe_input_buffer()
Conflicts:
libavformat/utils.c
See: cdce0e8a50 and previous commits
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f58eab1512)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa)
Conflicts:
libavcodec/vmnc.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c17207ab9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access with RC_VARIANCE set to 0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It is a public function, it must not assert on its parameters.
(cherry picked from commit 94a417acc0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fixes an issue where the B-frame coding mode switches from interlaced
fields to interlaced frames, causing incorrect decisions in the motion
compensation code and resulting in visual artifacts.
CC: libav-stable@libav.org
Signed-off-by: Tim Walker <tdskywalker@gmail.com>
(cherry picked from commit dd2d0039b6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
An invalid VUI is not considered a fatal error, so the SPS containing it
may still be used. Leaving an invalid value of num_reorder_frames there
can result in writing over the bounds of H264Context.delayed_pic.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 9ecabd7892)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavcodec/h264_ps.c
These arrays are normally freed at the end of mov_read_trak,
but make sure they're freed in case mov_read_trak returned
early (due to errors) or in case the atoms that allocate arrays
are encountered at some other point than within a trak (which
we don't have checks against).
Sample-Id: 00000496-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d51f09962d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
It could probably also be considered an error if the pointer isn't
null at this point, but then we might risk rejecting some
slightly broken files that we might have handled so far.
Sample-Id: 00000496-google
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2620df1310)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
And manage the reallocation failure path.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 5e992a4682)
Fixes out of array accesses and integer overflows.
(cherry picked from commit d1916d13e2)
Adresses: CVE-2013-7010, CVE-2013-7014
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This should make no difference but the variable will be used in a subsequent commit
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8893f31e20)
Conflicts:
libavcodec/mjpegdec.c
Always use the actually read size as the offset instead of making
possibly invalid assumptions.
Addresses: CVE-2012-6618
(cherry picked from commit 2115a35974)
Conflicts:
libavformat/utils.c
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* commit '65830277d2d2ee3658e1f070a61044fff261ed3e':
prores: Add a codepath for decoding errors
nut: Fix unchecked allocations
avi: directly resync on DV in AVI read failure
mov: Don't allocate arrays with av_malloc that will be realloced
shorten: Extend fixed_coeffs to properly support pred_order 0
Prepare for 9.11 RELEASE
avi: properly fail if the dv demuxer is missing
prores: Reject negative run and level values
audio_mix: fix channel order in mix_1_to_2_fltp_flt_c
indeo4: Check the inherited quant_mat
Conflicts:
RELEASE
libavcodec/indeo4.c
libavcodec/shorten.c
libavformat/nut.c
libavformat/nutdec.c
libavformat/nutenc.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0358a099f8abe60230dc2e5bec59bfceb7d1be07':
indeo4: Check the block size if reusing the band configuration
ffv1: Assume bitdepth 0 means 8bit
alsa-audio-dec: explicitly cast the delay to a signed int64
matroskadec: pad EBML_BIN data.
motionpixels: clip VLC codes.
avidec: fix a memleak in the dv init code.
Conflicts:
libavcodec/ffv1dec.c
libavcodec/indeo4.c
libavdevice/alsa-audio-dec.c
libavformat/matroskadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7b337b122959b9bf634c31b549892df974f35b40':
truemotion1: make sure index does not go out of bounds
pcx: round up in bits->bytes conversion in a buffer size check
omadec: Fix wrong number of array elements
omadec: check GEOB sizes against buffer size
ac3dec: fix outptr increment.
avio: Use AVERROR_PROTOCOL_NOT_FOUND
Conflicts:
libavcodec/ac3dec.c
libavcodec/pcx.c
libavformat/omadec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0e8ae6d10c609bb968c141aa2436413a55852590':
mpegvideo: Drop a faulty assert
lavr: check that current_buffer is not NULL before using it
pmpdec: check that there is at least one audio packet.
lzw: switch to bytestream2
gifdec: convert to bytestream2
Conflicts:
libavcodec/gifdec.c
libavcodec/lzw.c
libavcodec/lzw.h
libavformat/pmpdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c5c7e3e6f7cf17943c04bd078f260eaf789afbc9':
gifdec: check that the image dimensions are non-zero
gifdec: return meaningful error codes.
eacmv: check the framerate before setting it.
rv30: fix extradata size check.
sdp: Check that fmt->oformat is non-null before accessing it
matroskadec: use correct compression parameters for current track CodecPrivate
vc1: Reset numref if fieldmode is not set
Conflicts:
libavcodec/gifdec.c
libavcodec/rv30.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The header parser uses forward and backward parsing, making the
bulletproof prevention of loops difficult, thus this simple
detection code.
If someone improves the forward/backward parsing so it cannot loop
then this commit should be reverted
Fixes Ticket3278
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c010fd035)
Some muxers store invalid timestamps there, which breaks seeking
Fixes Ticket2739
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5e0c7eab2a)
