And notify why the capture is impossible.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit e8c4db0d4d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The image decoding code does expect the image to be decoded immedeatly
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d2184bf3b6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The opt_opencl_bench function copied the device name using strcpy without checking if the source string was larger.
This patch fixes this by replacing the strcpy with av_strlcpy, with the string copy size capped to the destination buffer size.
Signed-off-by: Maneesh Gupta <maneesh.gupta@amd.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cf234552b8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
this quiets a warning:
Failed to set VP8E_SET_NOISE_SENSITIVITY codec control: Unspecified
internal error
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Zern <jzern@google.com>
(cherry picked from commit 238ec505e2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
See sample vp90-2-14-resize-fp-tiles-16-8.webm from the vp9 test vector
set to reproduce the issue.
(cherry picked from commit 3de13d5212)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
See sample vp90-2-14-resize-fp-tiles-16-8-4-2-1.webm from the vp9 test
vector set which reproduces the issue. This probably costs a few cycles,
but I don't think there's an easy way to workaround that.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d02d04a18f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The server is properly equiped not to choke on that now.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7ad27f1221)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes double free with some applications
Fixes vlc ticket14121
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e6e8cc8ce9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
id should be an integer, not a string. It is also optional, so use
contentType instead which is the proper attribute for these values.
This addresses ticket #4545, fixing an MPD validation error.
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 32a4177a62)
This reduces the number of cases where timestamps need to be shifted
Fixes Ticket4487
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9d4fdfe24c)
This allows using pts instead of dts for negative TS avoidance
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7ac5c38ec5)
av_image_fill_pointers always aligns the palette, but the padding
bytes don't (and can't) get initialized in av_image_copy.
Thus initialize them in av_image_alloc.
This fixes 'Syscall param write(buf) points to uninitialised byte(s)'
valgrind warnings.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 51f6455285)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Since commit 676a395a aac->frame->data is not necessarily allocated at
the end of aac_decode_frame_int if avctx->channels is 0.
In this case a bogus frame without any data, but non-zero nb_samples is
returned.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec38a1ba40)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Since len is an unsigned int, the comparison is currently treated as
unsigned and thus ignores all errors from avio_read.
Thus cast len to int, which is unproblematic, because at that point len
is between 0 and 4.
This fixes 'Conditional jump or move depends on uninitialised value'
valgrind warnings in is_tag.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0382c94f13)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
In init_planes p->xblen and p->yblen are set to:
p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
av_assert2(start_x < end_x && block_w > 0);
av_assert2(start_y < end_y && block_h > 0);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 75fc81c831)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
s->ref_pics[i] is later used as ref argument of interpolate_refplane,
where it is dereferenced.
If it is NULL, it causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d93181ef3e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e66b39aa8)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
If bit_rate is negative, it can trigger an av_assert2 in av_rescale_rnd.
Since av_rescale returns int64_t, but st->codec_bit_rate is int, it can
also overflow into a negative value.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0eec40b713)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
index_scale is set to matroska->time_scale of type uint64_t.
When index_scale is int, the assignment can overflow and e.g. result
in index_scale = 0. This causes a floating point exception due to the
division by index_scale.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eb9fb508b0)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
AV_PIX_FMT_MONOBLACK has the AV_PIX_FMT_FLAG_BITSTREAM flag, i.e.
linesize can be smaller than width.
Since x_offset is only check against the width, this can lead to
x_offset * bpp >= image_linesize.
In this case ptr could be set to a position outside the image_buf in
png_handle_row, leading to memory corruption and thus crashes.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 372aa0777a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
During the loop ret can get changed. Since it is not set on all failure
paths, decode_frame_common can return 0 even though an error occurred.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8f760be4d3)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
The existing check has two problems:
1) i + count can overflow, so that the check '< 256' returns true.
2) In the (i == 'N') case occurs a j-- so that the loop runs once more.
This can trigger the assertion 'nut->header_len[0] == 0' or cause
segmentation faults or infinite hangs.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c24ca1bda)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
s->decoded_buffer is allocated with a min_size of:
2 * FFALIGN(blockstodecode, 8) * sizeof(*s->decoded_buffer)
Then it is assigned to s->decoded[0] (and s->decoded_buffer + FFALIGN(blockstodecode, 8)
to s->decoded[1]) and passed as out buffer to decode_array_0000.
In this function 64 elements of the out buffer are written
unconditionally and outside the array if blockstodecode is too small.
This causes memory corruption, leading to segmentation faults or other
crashes.
Thus change decode_array_0000 to write at most blockstodecode elements
of the out buffer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 699341d647)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Otherwise range_start_decoding is not necessarily run and thus
ctx->rc.range still 0 in range_dec_normalize leading to an infinite
loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 464c49155c)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
