Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cea0c82d9b9771dfa2ac729c13c0d9e03ea352a7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket240
Based on patch by ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 20431a9982b9bd2c475042d919890a941ad70c71)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
FFmpeg does not support gray16a.
Fixes the crash in ticket #644.
(cherry picked from commit 0c5fd6372e6c257912d7ae64cbfc4d8541f0452f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 554caed2d397e137286f2cc71c6bac477b41fa96)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3fd0f6ed252e51ffaec7765a2637794366a513ba)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with Address Sanitizer
(cherry picked from commit bb4b0ad83b13c3af57675e80163f3f333adef96f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found with Address Sanitizer
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit e0966eb140b3569b3d6b5b5008961944ef229c06)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avfilter_draw_slice() is already called in the end_frame() callback,
this avoids multiple calls. This is done by adding a null draw_slice()
callback.
In particular fix crash occurring with -vf transpose=3,hflip, fix trac
issue #371.
(cherry picked from commit d9c23a0d5a56488b146eef17a19a9b47643be333)
avfilter_draw_slice() is already called in the end_frame() callback,
this avoids multiple calls. This is done by adding a null draw_slice()
callback.
In particular fix crash occurring with -vf transpose=3,hflip, fix trac
issue #371.
(cherry picked from commit d9c23a0d5a56488b146eef17a19a9b47643be333)
There were multiple issues, for example might we have to re-run
the decompression when the size of the buffer increased,
we should always use a decompression buffer large enough for
the header (so we do not get stuck when the size is too small).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896)
(cherry picked from commit 0411b1928965050a940155984a16ad82fe462fc1)
There were multiple issues, for example might we have to re-run
the decompression when the size of the buffer increased,
we should always use a decompression buffer large enough for
the header (so we do not get stuck when the size is too small).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896)
Seems to fix trac issue #569.
Sample is unfortunately not available, but it might be caused by
an index existing for non-existing audio stream (?).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f)
Seems to fix trac issue #569.
Sample is unfortunately not available, but it might be caused by
an index existing for non-existing audio stream (?).
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 6ea6ff053af2aff8a9a898292f9640efa9290c9f)
* release/0.8: (96 commits)
Version numbers for 0.8.6
snow: emu edge support Fixes Ticket592
imc: validate channel count
imc: check for ff_fft_init() failure (cherry picked from commit 95fee70d6773fde1c34ff6422f48e5e66f37f263)
libgsmdec: check output buffer size before decoding (cherry picked from commit b03761b1309293bbf30edef767503875277b01cf)
configure: fix arch x86_32
mp3enc: avoid truncating id3v1 tags by one byte
asfdec: Check packet_replic_size earlier
cin audio: validate the channel count
binkaudio: add some buffer overread checks.
atrac1: validate number of channels (cherry picked from commit bff5b2c1ca1290ea30587ff2f76171f9e3854872)
atrac1: check output buffer size before decoding (cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e)
vp3: fix oob read for negative tokens and memleaks on error. (cherry picked from commit 8370e426e42f2e4b9d14a1fb8107ecfe5163ce7f)
apedec: set s->currentframeblocks after validating nblocks
apedec: use unsigned int for 'nblocks' and make sure that it's within int range
apedec: check for data buffer realloc failure (cherry picked from commit 11ca8b2d7486e879926488404b3b79af774f0f2d)
apedec: check for filter buffer allocation failure (cherry picked from commit 7500781313d11b37772c05a28da20fbc112db478)
mpegaudiodec: check output data size based on avctx->frame_size
resample: Fix array size
resample2: fix potential overflow
...
Conflicts:
Doxyfile
RELEASE
VERSION
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket592
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4416931fc069332e267ab6df037a1227c051d7b1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
ask for a sample if not mono
(cherry picked from commit 7b7f47e73356d113cace74b922eee0b6ff5ffe0b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 078811d9e484892e3ad49819148fe6ae65a1954b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Avoid writing the trailing null-byte for id3v1 tags if length reaches max length.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0f39fa0279e12c7a174d1da9294bffd95cb15c4c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 60fcc19bff49e0b1972eae014afc087afd94a415)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This stops decoding before overreads instead of after.
(cherry picked from commit 101ef19ef4dc9f5c3d536aee8fcc10fff2af4d9e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Jim Radford
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3e7db0a9ee758bf0570a141be1fea64f8d9c03db)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It prevents leaving the AVPacket uninitialized.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bc38e83793be5f7a184c88be55e556453a25224b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 49ec0c818dc3c1c293a582b57fb58ba611a10b32)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
avpicture_get_size() returns the size of buffer required for avpicture_layout.
For pseudo-paletted formats (gray8...) this size does not include the palette.
However, avpicture_layout doesn't know this and still writes the palette. Consequently,
avpicture_layout writes passed the length of the buffer. This fixes it
by fixing avpicture_layout so that it doesn't write the palette for these formats.
Signed-off-by: Matthew Einhorn <moiein2000@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e662b263d9c500270a8f1dc7e1b81b51d5bdfd4e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
