A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This ensures that theres enough data for mpeg_probe() to recognize mpeg-ps
Fixes Ticket2583
Based on code by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c605adbf56)
Fixes decoding with picky media players.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b448c0a68d)
Conflicts:
libavformat/movenc.c
Many players ignore broken aac frames, so don't abort mov or flv
muxing when encountering one, just print a warning instead.
Fixes ticket #2380.
(cherry picked from commit 1741fece70)
Conflicts:
libavformat/flvenc.c
libavformat/movenc.c
If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.
Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b)
This reverts 312645e :
"Do not set codec_tag property for matroska muxers."
Also adds dummy codec_tag lists with codecs
supported in mkv but not in wav / avi.
Fixes ticket #2169.
(cherry picked from commit df39c3ce38)
Conflicts:
libavformat/matroskaenc.c
Some files simply contain invalid info tags.
Fixes unrelated bug posted into Ticket1821
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 09456d0df1)
This reverts commit 66f71f3b5e.
This causes regressions with RDT.
(cherry picked from commit c4eec85a1f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
qatar does this too but clobbers the AVPacket.duration by approximate
values.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ad8e3304f7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Author: Michael Niedermayer <michaelni@gmx.at>
Date: Thu Nov 3 22:38:10 2011 +0100
lavf: fix null pointer dereference in rdt
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is no longer needed and causes various problems with RTSP
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1171d938af)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
y41p is a packed 12-bit 4:1:1 YUV format used by Brooktree.
Fixes issue 1123 / ticket #102.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dfa77dead2)
Conflicts:
Changelog
libavcodec/version.h
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
this should fix the failure of h264-bsf-mp4toannexb on freebsd/openbsd
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 490c97bdf5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This works around issues arising from inputs that claim to have a
filesize of 0.
Reported-by: buzz_
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e6362f3a3c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
value before using its output.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5500e65342)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes seeking in Enigma_Principles_of_Lust.flv
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit df0bff6643)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This can easily be NULL as string_size can be 2g in a damaged file.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b9e0e9537a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
audio packet.
This prevents a potentially large memory allocation.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1795fed7bc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
When no data was available both the buffer thread as well as
the main thread would block in select(), when data becomes
available both should move forward and as data is read in the
buffer thread the main thread would block in select() later
the read data was put in the fifo but the main thread still
would be blocked in select() until either the timeout or
another packet would come in.
This is solved in this commit by using a mutex and a condition
variable
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bc900501e0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a4209ad631)
Conflicts:
Changelog
doc/general.texi
libavformat/version.h
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixed Ticket807
Bug found by: Oana Stratulat
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8d960fbc70)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Without this certain files could get the demuxer stuck in a loop
(cherry picked from commit 46d65fb8a5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes SIGSEGV on files where this is actually the case, such as zzuf4.mxf
(cherry picked from commit 184f479096)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
