Make sure the buffer size does not exceed the expected
RLE size.
Prevent an out of array bound write.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Bug-Id: CVE-2013-0852
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
* commit '253d0be6a1ecc343d29ff8e1df0ddf961ab9c772':
pgssubdec: handle more complex PGS scenarios
Conflicts:
libavcodec/pgssubdec.c
Some of this has been split out and commited in cleanly split patches immedeately
before this merge
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Add ability to handle multiple palettes and objects simultaneously.
Each simultaneous object is given its own AVSubtitleRect.
Note that there can be up to 64 currently valid objects, but only
2 at any one time can be "presented".
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes: use of uninitialized memeory
Fixes: msan_uninit-mem_7fa421d0e222_1765_Girl_With_The_Dragon_Tattoo_2_23_56.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '1c5805521c3e406886341d752ebf38f8d41e1d13':
PGS subtitles: Set AVSubtitle pts value
configure: Refactor CPPFLAGS settings for glibc/uclibc
configure: add basic support for ARM AArch64
build: set -U__STRICT_ANSI__ for newlib
Conflicts:
configure
libavcodec/pgssubdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9a07c1332cfe092b57b5758f22b686ca58806c60':
parser: Move Doxygen documentation to the header files
PGS subtitles: Expose forced flag
x86: PMINUB: port to cpuflags
Conflicts:
libavcodec/avcodec.h
libavcodec/pgssubdec.c
libavcodec/version.h
libavcodec/x86/ac3dsp.asm
Merged-by: Michael Niedermayer <michaelni@gmx.at>
According to the sample for trac ticket #1722, PGS subtitles
are decoded from several packets at the same DTS and varying PTS.
The PTS from the presentation segment seem to be the valid one;
in particular, clear subtitles are too early with the other PTS.
* qatar/master:
rtpdec_asf: Set the no_resync_search option for the chained asf demuxer
asfdec: Add an option for not searching for the packet markers
cosmetics: Clean up the tiffenc pix_fmts declaration to match the style of others
cosmetics: Align codec declarations
cosmetics: Convert mimic.c to utf-8
avconv: remove an unused function parameter.
avconv: remove now pointless variables.
avconv: drop support for building without libavfilter.
nellymoserenc: fix crash due to memsetting the wrong area.
libavformat: Only require first packet to be known for audio/video streams
avplay: Don't try to scale timestamps if the tb isn't set
Conflicts:
Changelog
configure
ffmpeg.c
libavcodec/aacenc.c
libavcodec/bmpenc.c
libavcodec/dnxhddec.c
libavcodec/dnxhdenc.c
libavcodec/ffv1.c
libavcodec/flacenc.c
libavcodec/fraps.c
libavcodec/huffyuv.c
libavcodec/libopenjpegdec.c
libavcodec/mpeg12enc.c
libavcodec/mpeg4videodec.c
libavcodec/pamenc.c
libavcodec/pgssubdec.c
libavcodec/pngenc.c
libavcodec/qtrleenc.c
libavcodec/rawdec.c
libavcodec/sgienc.c
libavcodec/tiffenc.c
libavcodec/v210dec.c
libavcodec/wmv2dec.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Also break some long lines, remove codec function placeholder comments
and add spaces in sample/pixel format lists.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
Fix a bunch of common typos.
build: Skip compiling xvmc.h under the correct condition.
configure: darwin: Change dylib install names to include major version.
mpegts: Always honor a registration descriptor if present and there is no other codec information.
aacdec: Fix SCE parity check.
aacdec: Fix out of array writes (stack).
rtsp: Only set the ttl parameter if the server actually gave a value
udp: Set ttl for read-write streams, too, not only for write-only ones
udp: Only bind to the multicast address if in read-only mode
udp: Clarify the comment about binding the multicast address
udp: Reorder comments
Conflicts:
libavcodec/aacdec.c
tools/patcheck
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The previous implementation assumed that a new picture would always
supersede the previous picture. Similarly, presentation segments
were assumed to pertain to the most-recently-read picture.
However, each presentation segment may refer to 0 or more pictures
by their ID. Picture IDs may repeat, and a repeated picture ID
indicates that the old picture for that ID is no longer needed
and may be discarded.
The new implementation allocates a buffer with one slot for each
possible picture ID (the picture ID is a 16-bit field) and
properly decodes presentation segments so that all relevant
pictures are output upon encountering a display segment.
Given that most PGS streams are unlikely to use more than a small
fraction of the available picture IDs, it would probably be better
to use a more memory-efficient data structure. I'm lazy though, so
I leave this to a more motivated individual.
I've tested the code with MKV files in VLC (a recent revision from
their git repo) and with HandBrake (a version that I hacked up to
use ffmpeg's PGS subtitle decoder).
Review-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata.
H.264: tweak some other x86 asm for Atom
probe: Fix insane flow control.
mpegts: remove invalid error check
s302m: use nondeprecated audio sample format API
lavc: use designated initialisers for all codecs.
x86: cabac: add operand size suffixes missing from 6c32576
Conflicts:
libavcodec/ac3enc_float.c
libavcodec/flacenc.c
libavcodec/frwu.c
libavcodec/pictordec.c
libavcodec/qtrleenc.c
libavcodec/v210enc.c
libavcodec/wmv2dec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>