Fixes out of array read
Fixes: signal_sigsegv_844d59_10_signal_sigsegv_a17bb7_366_mpegts_mpeg2video_mp2_dvbsub_topfield.rec
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c3d7f00ee3e09801f56f25db8b5961f25e842bd2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket1304
Commit message and extradata size bugfix by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6843b9dc78bc966bb30121828ef4f6b6755cf877)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes miss detection of PCM as m4v
Fixes Ticket 3928
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c1835c52a4be2e4e996f83c91a8d5a147b01100)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is currently not supported
Fixes part of Ticket 3539
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2430304dfb3cc0e3a59ce6d1b59ebdcc934a0c2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes reading from freed data
Fixes part of Ticket3539
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c55d0ff3202a04ebc67a72d72391104e9bdb633)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a9734e7d3017ffc9539eaac2a8acce3ad427f746)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes wrong number of segments output and undefined memory access.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 58e0402e02ae5e466c33b9465c1465fdee68d342)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The read_packet callback passes a pointer to a stack-allocated AVPacket.
Attempting to free it with av_free() makes no sense.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b173f5c15572cc82f68128599722e689df4ff137)
Conflicts:
libavformat/oggdec.c
The size variable is (correctly) unsigned, but is passed to several functions
which take signed parameters, such as avio_read, sometimes after having
numbers added to it. So ensure that size remains within the bounds that
these functions can handle.
(cherry picked from commit b45ab61b24a8f2aeafdd4451491b1b30b7875ee5)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
It is written to the file as a 22-bit value.
CC: libav-stable@libav.org
(cherry picked from commit 75bbaf2493a71ee66eaabe3c21fadd84d07888de)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Conflicts:
libavformat/mpegenc.c
* commit '7788297a59656ececd84f602292bfeb79f7eedd7':
mpegts: Do not try to write a PMT larger than SECTION_SIZE
Conflicts:
libavformat/mpegtsenc.c
See: 842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '23376ae2f0247ff659724b6a5313639db0c991ad':
mpegts: Define the section length with a constant
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Prevent out of array writes.
Similar to what Michael Niedermayer did to address the same issue.
Bug-Id: CVE-2014-2263
CC: libav-stable@libav.org
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit e8049af1325dd59a51546c15b2e71a0f578e9d27)
Conflicts:
libavformat/mpegtsenc.c
The specification says the value is expressed in 10 bits including
the 4-byte CRC.
(cherry picked from commit 89616408e38ac7257e36976723df0e23d6ee1157)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavformat/mpegtsenc.c
Found-by: CSA
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e6fdcb7f3c86491408a3699f0aa9dc52b7c5686)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket2340
Fixes Ticket2341
Based-on mail from Dave Rice <dave@dericed.com>
Tested-by: Dave Rice <dave@dericed.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 88f038ac97a875f25c2eceac6d2107a09314984c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'f6b3dce952d66f87883a50d90d6e98416ee397df':
librtmp: Don't free the temp url at the end of rtmp_open
Conflicts:
libavformat/librtmp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
librtmp can keep pointers to this string internally, and may
use them at shutdown as well.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 865461099e062de5a3a109c2a5be98004c11d8bd)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Conflicts:
libavformat/librtmp.c
The AVStream.parser field is considered private and its location cannot be
preserved while preserving also ABI compatibility to libav, as libav added fields
before it.
Some tools like ffmpeg.c access this field though
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 62227a70f0a4c07d7ead5775d8bad64797f8ef80)
Conflicts:
RELEASE_NOTES
doc/APIchanges
libavformat/utils.c
libavformat/version.h
Fixes long loop
Fixes Ticket3208
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8202c49b43621c04e26d4a3aa83a10e1e5cc1836)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
On big endian machines, the default value set via the faulty
AVOption ended up as 2^32 times too big.
This fixes the fate-lavf-ogg test which currently is broken on
big endian machines, broken since 3831362. Since that commit,
a final zero-sized packet is written to the ogg muxer in that test,
which caused different flushing behaviour on little and big endian
depending on whether the pref_duration option was handled as it
should or not.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 103243ca649cc305129ed0352bf4d97e5ddf4d80)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
As indicated in the function documentation, the header MUST be
checked prior to calling it because no consistency check is done
there.
CC:libav-stable@libav.org
(cherry picked from commit f2f2e7627f0c878d13275af5d166ec5932665e28)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 86a9370e2b91d67375e66a06d6eb573b5a017775)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 52e563bb2f7897d615391520c3c4acba1ee7dcb4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eccec203978e53f897a3c6105d011bbdff2a978b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes missdetection of Misdetection_345.mp3
Fixes missdetection of Misdetection_421.mp3
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cd20b93e2f5171054d6b3dd9daee1e832c1f9090)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3ad21c50af042ab17bedf755ff8245392425c259)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 04b15a6055fc230a655091ce21303f9d2a996ed9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids some unneeded computations
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6f6edfe1c0ede584ea4edf5bb0fc9b961f299631)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e532aa82d2b938a3cd913a363a79bf92ddf1a33)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Google's plugin for the Internet Explorer refuses to play
files with another document version.
Fixes ticket #3583.
(cherry picked from commit ab21acecc72a0299895583cf83347ab5e2444b71)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cc8b45c0ce35465fd0efee7103e41bcc28251f99)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3421
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d75730c58f72918a41bb5abda4b448ecdd4273c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Additional fixes by Nigel Touati-Evans <nigel.touatievans@gmail.com>.
Check the index for streams with a time drift of 2s or a buffer drift
of 64MB.
Bug-Id: 666
CC: libav-stable@libav.org
Sample-Id: yet-another-broken-interleaved-avi.avi
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit 9d599e3f6e61438772d8cddd6c9b7c495251f51e)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
As pointed out by Reimar Döffinger.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 0bacfa8d37710b904897e7cbeb8d6f96fbf75e2e)
Conflicts:
libavformat/rtmpproto.c
The code was missing 1 bit in the src format
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc145e576a443bfc89efdf35b91fd3c9ca0d8388)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ff6fa0b4b980fc5b9f7653d7b159ae02c3d95210)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes ticket #2911.
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 36b9c27dae452e10b4fff3d10f836160a5b8fbbd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '79041d92ee7421853ee8c57fc13891cb0c272e0e':
matroska: add the Opus mapping
Conflicts:
libavformat/matroska.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '82cebc0e0544dce507749dd9b1c2983f083de836':
matroskadec: read the CodecDelay element
Conflicts:
libavformat/matroska.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
