Fixes out of array access
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6d1c5ea04af3e345232aa70c944de961061dab2d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3556e7ce737edade8c5e628a19e2b5da0809928d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1856162caa912a4a845b7caff51c9e2dff3d39d9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 106790a4e92f40fedbe20631c693c95c7c8f3039)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2c34367b4a17856584b3e8b64cefa1900342ebcd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The value used in allocation is based on a estimate of the
maximum size of the spectral coefficients multiplied with 2
and rounded up. The exact or a tighter limit should be
found and used instead. But this issue shouldnt be left
open until someone works on that.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d56834201bf7511ed497e956fb7ff78d49454b10)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f049729e613ed3fb0abf767eb14423f545385c6e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
I was sadly unable to find a non fuzzed mp3 that uses the
feature that contained the bug (and i searched hard ...), thus
while this fixes the security issue. It may or may not fix
mixed blocks in 8khz mp3s, i cant say due to lack of samples to test.
Security issue exists since: b37d945dd4213cb8e92146571b0374cd45d52286
Reported-by: Dale Curtis <dalecurtis@google.com>
(Probably) Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
nutdec: const correctness for get_v_trace/get_s_trace function arguments
truemotion2: Request samples for old TM2 headers
rtpdec: Remove a useless ff_ prefix from a static symbol
rtpdec: Support depacketizing speex
rtpenc: Add support for packetizing speex
Conflicts:
libavformat/rtpdec.c
libavformat/sdp.c
libavformat/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This reverts commit d25f87f5174df5923be7ce0bb89fad08999286ed.
This breaks decoding of some h264 files
I have tested the original patch with fate but by mistake have
forgotten to specify the fate samples so testing was limited to
the internal regression tests.
* qatar/master:
xsub: feed init_get_bits the whole buffer
libfdk-aac: Allow setting VBR modes via a private option
libfdk-aac: Warn the user that the VBR modes are unsupported
Revert "cbrt_tablegen: Include libm.h"
Conflicts:
libavcodec/xsubdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Do not use rlelen field for buffer size in init_get_bits, it is
only the size of the data for the first field.
Since it is not reliable, just use the size of the whole buffer.
Additional comments add removal of unused rlelen variable by
Reimar Döffinger.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This avoids using the global_quality field and QSCALE flag for
passing the VBR modes, since the value range of the global_quality
field doesn't really map cleanly to this codec's VBR modes.
Signed-off-by: Martin Storsjö <martin@martin.st>
These modes were not originally exposed by the library at all.
In practice, only a few of them work for each sample rate/profile
combination, and they don't work at all for the more uncommon
sample rates.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
pthread: make sure AVFrame.extended_data is set properly.
libfdk-aac: reindent after last commit
libfdk-aac: Limit to supported sample rates.
cbrt_tablegen: Include libm.h
oggparsetheora: make it more robust
ogg: prevent NULL pointer deference in theora gptopts
Conflicts:
libavformat/oggparsetheora.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7751e4693dd10ec98c20fbd9887233b575034272':
ogg: check that the expected number of headers had been parsed
libx264: change default to closed gop to match x264cli
Use avcodec_free_frame() to free AVFrames.
lavf: use a malloced AVFrame in try_decode_frame().
lavc: add avcodec_free_frame().
lavc: ensure extended_data is set properly on decoding
lavc: initialize AVFrame.extended_data in avcodec_get_frame_defaults()
lavc: use av_mallocz to allocate AVFrames.
lavc: rename the argument of avcodec_alloc_frame/get_frame_defaults
Conflicts:
doc/APIchanges
doc/examples/decoding_encoding.c
libavcodec/utils.c
libavcodec/version.h
libavfilter/src_movie.c
libavformat/oggdec.c
libavformat/oggdec.h
libavformat/oggparsetheora.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This breaks bitstream compatibility of 1.3 VLC streams
This fixes very rare errors in the RC stream at the transition point
to VLC.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
