Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf)
Conflicts:
libavcodec/mjpegdec.c
(cherry picked from commit 5553947db2af443778f781a107d9fe9ad6ec5d17)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037)
Conflicts:
libavcodec/mjpegdec.c
* qatar/release/0.7:
cavs: fix some crashes with invalid bitstreams
jpegdec: actually search for and parse RSTn
Conflicts:
libavcodec/mjpegdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes decoding of MJPEG files produced by some UVC Logitec web cameras,
such as "Notebook Pro" and "HD C910".
References:
http://trac.videolan.org/vlc/ticket/4215http://ffmpeg.org/trac/ffmpeg/ticket/267
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Reviewed-by: Kostya <kostya.shishkov@gmail.com>
(cherry picked from commit 8c0fa61a9713a1306fca7997dd04d72ea1f060ea)
This is required specifically for setting frame->format to -1,
otherwise it will be set to 0 = PIX_FMT_YUV420P and code reading
the format from the output decoded frame will get misled.
In particular fix regressions occurring with the pending vsrc_buffer
patch.
It is pretty hopeless that other considerable projects will adopt
libavutil alone in other projects. Projects that need small footprint
are better off with more specialized libraries such as gnulib or rather
just copy the necessary parts that they need. With this in mind, nobody
is helped by having libavutil and libavcore split. In order to ease
maintenance inside and around FFmpeg and to reduce confusion where to
put common code, avcore's functionality is merged (back) to avutil.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
None of these symbols should be accessed directly, so declare them as
hidden.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit d36beb3f6902b1217beda576aa18abf7eb72b03c)
Some of the macros in get_bits.h include a final semicolon,
some do not. This removes these or adds do {} while(0) around
the macros as appropriate and adds semicolons where needed in
calling code.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit bf5f9b528b4117596afc57578a36e7b5728b15d3)
Some of the macros in get_bits.h include a final semicolon,
some do not. This removes these or adds do {} while(0) around
the macros as appropriate and adds semicolons where needed in
calling code.
Signed-off-by: Mans Rullgard <mans@mansr.com>
This fixes a possibly exploitable buffer overflow and it will likely also be needed for future overreading fixes.
Originally committed as revision 25546 to svn://svn.ffmpeg.org/ffmpeg/trunk
Because the order of evaluation of subexpressions is undefined, two
get_bits() calls may not be part of the same expression.
See also r24902.
Originally committed as revision 24906 to svn://svn.ffmpeg.org/ffmpeg/trunk
