Fixes out of array read
Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket1304
Commit message and extradata size bugfix by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6843b9dc78bc966bb30121828ef4f6b6755cf877)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The size variable is (correctly) unsigned, but is passed to several functions
which take signed parameters, such as avio_read, sometimes after having
numbers added to it. So ensure that size remains within the bounds that
these functions can handle.
CC: libav-stable@libav.org
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit c5560e72d0bb69f8a1ac9536570398f84388f396)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes miss detection of PCM as m4v
Fixes Ticket 3928
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c1835c52a4be2e4e996f83c91a8d5a147b01100)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is currently not supported
Fixes part of Ticket 3539
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2430304dfb3cc0e3a59ce6d1b59ebdcc934a0c2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes reading from freed data
Fixes part of Ticket3539
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c55d0ff3202a04ebc67a72d72391104e9bdb633)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a9734e7d3017ffc9539eaac2a8acce3ad427f746)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes wrong number of segments output and undefined memory access.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 58e0402e02ae5e466c33b9465c1465fdee68d342)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The read_packet callback passes a pointer to a stack-allocated AVPacket.
Attempting to free it with av_free() makes no sense.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b173f5c15572cc82f68128599722e689df4ff137)
Conflicts:
libavformat/oggdec.c
(cherry picked from commit a82401b7284e05e2cf6fb89aeed53738af06a7fd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: CSA
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e6fdcb7f3c86491408a3699f0aa9dc52b7c5686)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Regression since 39d11d599cd292485fe991cd22e10d7a1738b3bc
os->pduration would be wrongly assigned a negative value on invalid packets
instead of aborting.
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c619e14c314b44d86a8d552259afb957c0b6775d)
based on code from oggparsevorbis
Fixes Ticket3124
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7f39352a1b661771cf471986059027acd8e0e31f)
Fixes ticket #3943.
Fixes Ticket2340
Fixes Ticket2341
Based-on mail from Dave Rice <dave@dericed.com>
Tested-by: Dave Rice <dave@dericed.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 88f038ac97a875f25c2eceac6d2107a09314984c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The AVStream.parser field is considered private and its location cannot be
preserved while preserving also ABI compatibility to libav, as libav added fields
before it.
Some tools like ffmpeg.c access this field though
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 62227a70f0a4c07d7ead5775d8bad64797f8ef80)
Conflicts:
RELEASE_NOTES
doc/APIchanges
libavformat/utils.c
libavformat/version.h
(cherry picked from commit a78e6363e9a7ef90bd1ff4aeceee8e5501cbc6d4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes long loop
Fixes Ticket3208
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8202c49b43621c04e26d4a3aa83a10e1e5cc1836)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 86a9370e2b91d67375e66a06d6eb573b5a017775)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 52e563bb2f7897d615391520c3c4acba1ee7dcb4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code was missing 1 bit in the src format
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc145e576a443bfc89efdf35b91fd3c9ca0d8388)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ff6fa0b4b980fc5b9f7653d7b159ae02c3d95210)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Google's plugin for the Internet Explorer refuses to play
files with another document version.
Fixes ticket #3583.
(cherry picked from commit ab21acecc72a0299895583cf83347ab5e2444b71)
Several chunked formats (AIFF, IFF,DSF) store ID3 metadata within an 'ID3 '
chunk tag. If such chunks are stored sequentially, it is possible for the
ID3v2 parser to confuse the chunk tag for the ID3 magic number. e.g.
[1st chunk tag ('ID3 ') | chunk size] [ID3 magic number | metadata ...]
[2nd chunk tag ('ID3 ') | chunk size] [ID3 magic number | metadata ...]
Fixes ticket #3530.
Signed-off-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5331773cc33ba26b9e26ace643d926219e46a17b)
Conflicts:
libavformat/dsfdec.c
libavformat/id3v2.c
Fixes ticket #3530.
Signed-off-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c94305ae23318c8956a30485cd5642829f4f16a9)
This is needed for matroska spec compliance
Fixes playback of SVQ3 in matroska with vlc
Fixes Ticket 3256
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8456bd2c0f3b08756f353646fe3b40a6772e665e)
Fixes playback of some AAC streams, which are otherwise mangled by the
parser, and stss is typically only valid for video anyway.
Fixes a regression since e41ea866.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 019247bdc326a90bf20d3ce5d2413cc642e8bb08)
fixes Ticket3351
Tested-by: carl
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 72d44f15834af68e2620a7051493359d7ee5b2c3)
aviod use of uninitialized memory
Fixes: asan_heap-oob_1487fa4_4706_cov_364534849_cover_art.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 13aa82bbbb71c04bdcecf1341be4a23aee271bec)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array writes
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad)
Conflicts:
libavformat/mpegtsenc.c
This fixes playback of mp3 streams in rtp/asf. This used to work
until 950482bf, but mostly by coincidence.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 2aec9e228cb317cca8cda9e03986c8482ea54404)
Fixes ticket #3223
