Prevent an out of buffer bound write.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit af4cc2605c7a56ecfd84c264aa2b325020418472)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Broken bitstreams could report a larger than specified number of
channels and cause outbound writes.
CC:libav-stable@libav.org
(cherry picked from commit a943a132f36f4df8fe2f749744677b71984abce7)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Prevent an infinite loop.
Inspired by a patch from Michael Niedermayer
CC: libav-stable@libav.org
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 8e329dba378cef0ff6400c7df9c51da167d5a1f0)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
They can be different if the last keyframe failed to decode correctly.
Fixes possible invalid reads in such a case.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit b1bb8fb860b47e90dd67f0c5740698128fc82dcc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Also add an additional sanity check to the alt_quant table.
Fixes invalid reads with corrupted files.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 66531d634e75b834e89e4a6a0f7470ca018712a1)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The data offsets are relative to the bistream header, which is 16 bytes
after the start of the data.
Fixes invalid reads with corrupted files.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
(cherry picked from commit 34e6af9e204ca6bb18d8cf8ec68fe19b0e083e95)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This can happen when the number of skipped lines is not consistent with
the number of coded lines.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 3623589edc7b1257bb45aa9e52c9631e133f22b6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
It can be 0 or -1 for invalid files, which may result in invalid memory
access.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit b88f902125ee808c8366e9dcb3f21e4c227483fc)
Conflicts:
libavcodec/bmv.c
Each lace must be independent according to the specification.
Fix heap-buffer-overflow in matroska_parse_block for
corrupted real media in mkv files.
Stricter check than fc43c19a567aa945398dccb491d972c11ec2a065
CC: libav-stable@libav.org
(cherry picked from commit 25a80a931a3829f9d730971dbd269aa39cc273f6)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Fix heap-buffer-overflow in matroska_parse_block for
corrupted real media in mkv files.
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit fc43c19a567aa945398dccb491d972c11ec2a065)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Make sure we notice when the lace_size[n] is a negative value.
CC: libav-stable@libav.org
(cherry picked from commit 8a96df7b70be509dae9ceec82d2c10a20361356d)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Regression since a93b572ae4f517ce0c35cf085167c318e9215908.
Fixes#2426.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit e3cc92a623a6ece42816c7a692c8815688a99ab0)
Fixes decoding with picky media players.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b448c0a68d0cc7dfef736267dfdaed0e213c020b)
(cherry picked from commit 2e2ec667416d8ed345491ac360fccc94e7a4772f)
This is a fixup for f074618 to reenable auto-detection of dxva in the
build environment.
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
The sample rate index is 3 bits even if currently index 5, 6 and 7 are
not supported.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit 0933fd1533560fbc718026e12f19a4824b041237)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This is needed in order for the FLV demuxer not to detect a codec change when
using the "flv_metadata" option.
(cherry picked from commit e46a2a7309d8e8b8c1573047731dea77695d0ce1)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Many players ignore broken aac frames, so don't abort mov or flv
muxing when encountering one, just print a warning instead.
Fixes ticket #2380.
(cherry picked from commit 1741fece7073f51efdd837a4f307ea2cdf3d1cfb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7e1efeb5707ec0fec000d42fa9f2861bab97bd8f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 80f91a70be5f03fc95eb89d222d760eeaf91b135)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket2022
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dae38a66ebd8a71aad51a29311f1c50df3ae3a2e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 361319d0f49475bc14c744194870f9bab78a8a83)
Conflicts:
tests/ref/lavf/dpx
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket1605
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 519ebb5ee5b89b8ecc80b4a4540fcbeb65cda172)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/9:
hqdn3d: Fix out of array read in LOWPASS
vf_gradfun: fix uninitialized variable use
Conflicts:
libavfilter/vf_hqdn3d.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c50241080d7599c90fc8b4e74c5f8d62a4caae52':
vf_hqdn3d: fix uninitialized variable use
lzo: fix overflow checking in copy_backptr()
flacdec: simplify bounds checking in flac_probe()
atrac3: avoid oversized shifting in decode_bytes()
shorten: use the unsigned type where needed
shorten: report meaningful errors
shorten: K&R formatting cosmetics
shorten: set invalid channels count to 0
Conflicts:
libavcodec/shorten.c
libavformat/flacdec.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
