The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Fixes: use of uninitialized memeory
Fixes: msan_uninit-mem_7fbf26b5fefe_5981_intro.jv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '15739a9bd19a7d47ad8afb25348c684a3bdd6ef2':
jvdec: Do not feed the decoder with known wrong data
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'ef1b23ad21e3f12fc4ff2a73a6d4d4cd9d630c4b': (21 commits)
jvdec: set channel layout
iss: set channel layout
ipmovie: set channel layout
iff: set channel layout
idroqdec: set channel layout
gxfdec: set channel layout when applicable
gsmdec: set channel layout
flvdec: set channel layout
dv: set channel layout
dsicin: set channel layout
daud: set channel layout
cdxl: set channel layout
bmv: set channel layout
bink: set channel layout
bfi: set channel layout
bethsoftvid: set channel layout
apc: set channel layout
amr: set channel_layout
ppc: replace pointer casting with AV_COPY32
ppc: fix some unused variable warnings
...
Conflicts:
libavformat/amr.c
libavformat/iff.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec: Templatize the code for different g726 bitrate variants
rv40: move loop filter to rv34dsp context
lavf: make av_set_pts_info private.
rtpdec: Add support for G726 audio
rtpdec: Add an init function that can do custom codec context initialization
avconv: make copy_tb on by default.
matroskadec: don't set codec timebase.
rmdec: don't set codec timebase.
avconv: compute next_pts from input packet duration when possible.
lavf: estimate frame duration from r_frame_rate.
avconv: update InputStream.pts in the streamcopy case.
Conflicts:
avconv.c
libavdevice/alsa-audio-dec.c
libavdevice/bktr.c
libavdevice/fbdev.c
libavdevice/libdc1394.c
libavdevice/oss_audio.c
libavdevice/v4l.c
libavdevice/v4l2.c
libavdevice/vfwcap.c
libavdevice/x11grab.c
libavformat/au.c
libavformat/eacdata.c
libavformat/flvdec.c
libavformat/mpegts.c
libavformat/mxfenc.c
libavformat/rtpdec_g726.c
libavformat/wtv.c
libavformat/xmv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
presets: rename presets directory
lavc: make avcodec_get_context_defaults3 "officially" public
lavf: replace av_new_stream->avformat_new_stream part II.
lavf,lavd: replace av_new_stream->avformat_new_stream part I.
lavf: add avformat_new_stream as a replacement for av_new_stream.
Use correct scaling table for bwd-pred MVs in second B-field
Ut Video decoder
Makefile: change presets extension to .avpreset
lavfi: add rgbtestsrc source, ported from MPlayer libmpcodecs
lavfi: add testsrc source
AVOptions: add documentation.
presets: update libx264 ffpresets
Conflicts:
Changelog
doc/APIchanges
doc/ffmpeg.texi
ffpresets/libx264-ipod320.ffpreset
ffpresets/libx264-ipod640.ffpreset
ffserver.c
libavcodec/avcodec.h
libavcodec/options.c
libavcodec/version.h
libavdevice/libdc1394.c
libavfilter/avfilter.h
libavfilter/vsrc_testsrc.c
libavformat/flvdec.c
libavformat/riff.c
libavformat/version.h
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Manual replacements are done in this commit.
In many cases, the id is some constant made up number (e.g. 0 for video
and 1 for audio), which is then not used in the demuxer for anything.
Those ids are removed.
* qatar/master:
Fix parser: mark av_parser_parse() for removal on next major bump
swscale: postpone sws_getContext removal until next major bump.
fate: add AAC LATM test
mmst: get rid of deprecated AVERRORs
lxfdec: use AVERROR(ENOMEM) instead of deprecated AVERROR_NOMEM.
Reemove remaining uses of deprecated AVERROR_NOTSUPP.
REIMPLEMENTED in 2 lines of code: lavf: if id3v2 tag is present and all else fails, guess by file extension
Conflicts:
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
Fixed-point MDCT with 32-bit unscaled output
lavc: deprecate rate_emu
lavc: mark hurry_up for removal on next major bump
parser: mark av_parser_parse() for removal on next major bump
lavc: add missing audioconvert includes
jvdec: don't use deprecated CODEC_TYPE_*/PKT_FLAG_KEY
Conflicts:
libavcodec/h264.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
In the event of overflow, the JV_PADDING state will avio_skip over
any overflow bytes (using JVFrame.total_size).
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>