Incomplete crypted files would lead to a read after buffer boundary
otherwise.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 2219e27b5b17d146e4ab71a3ed86dfc013fb7a93)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavformat/omadec.c
Fix at least a memory leak.
CC: libav-stable@libav.org
(cherry picked from commit ca488ad480360dfafcb5766f7bfbb567a0638979)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
A packet larger than cin->bitmap_size does not make sense.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit fd8189932147a524fe43532b46baa35e8be92a1b)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
If either of the deltas is too large for the multiplications to
succeed, don't use this for setting the avg frame rate.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e740929a071ab032ffa382e89da69c6ec7cf882c)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The time scale is set in mdhd, and later validated in the
enclosing trak atom once all of its children have been parsed.
A loose mdhd atom outside of a trak atom could update the time
scale of the last stream without any validation.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 31931520df35a6f9606fe8293c8a39e2d1fabedf)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This was handled properly in the normal return case at the end
of the function, but not in this special case.
Returning a value larger than the input packet size can cause
problems for certain library users.
Returning the actual input buffer size unconditionally, since
it is not guaranteed that frame_size is set to a sensible
value at this point.
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f24c12be7a3b3ea105e67bba9a867fe210a2333)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
If the channel mapping map multiple output channels to one
input channel, we should only increment the actual pointer once.
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 68e57cde68f3da4c557ca15491fda74d1ea6321e)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e9d394f3fad7e8fd8fc80e3b33cb045bbaceb446)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/mlpdec.c
qdm2 does support only two channels. Loop over the run once.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit adadc3f2443d25b375e21e801516ccfd78e0b080)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Checking per subband would have the index exceed the
dithering noise table size.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 744a11c996641888d477a3981d609e79eeb69ea9)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Apply the usual style plus drop few unnecessary return at the end
of void functions.
(cherry picked from commit 76efedeadb1f6bf79020c44a71dd0cee13d932ad)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The extradata is already freed by avformat_open_input on
failure.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 76f5dfbfd902178df4a38221a68dc8540189345a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This fixes crashes when playing back certain RealRTSP streams.
When invoked from the RTP depacketizer, the full realmedia
demuxer isn't invoked, but only certain functions from it, where
a separate AVIOContext is passed in as parameter (for the buffer
containing the data to parse). The functions called from within
those entry points should only be using that parameter, not
s->pb. In the depacketizer case, s is the RTSP context, where ->pb
is null.
Cc: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d35b6cd3775456a23b63e73316e244b671caa02f)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This makes sure the ffurl_read_complete function actually
returns the number of bytes read, as the documentation of the
function says, even if the underlying protocol uses AVERROR_EOF
instead of 0.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 5d876be87a115b93dd2e644049e3ada2cfb5ccb7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
A sid 0 would be mismatched to the attachment.
Prevent NULL pointer dereference.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit f5e646a00ac21e500dae4bcceded790a0fbc5246)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Fixes Ticket2859
Note, testcases related to the downmix channels are welcome.
(id like to make sure this is working correctly now, as obviously it didnt
work before ...)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c56d4dab039b352961cca298d753b04e2f2fd990)
Without this the block_align or bitrate value is not available to the decoder
Fixes Ticket2858
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3d64845600c6486a2706b118a81805f3bf4d3db5)
