Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash2.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e3201c38d53d2b8b24d0bc95d726b2cb1752dc12)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This simplifies identifying from which revision a binary of a lib came from
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 649c158e8c94ac0cff7f03e97d6ea8bbf71b7f02)
Conflicts:
libavdevice/avdevice.c
libswresample/swresample.c
Fixes out of array read
Fixes: asan_heap-oob_4d2250_814_cov_2745172097_JACOsub_capability_tester.jss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3d5d95db3f5d8e2093e9e19d0c46e86f54ed2a5d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes an "initialization discards qualifiers from pointer target type" warning.
(cherry picked from commit f05855414ed4cce97c06ba2a31f4987af47e6d4e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: out of array accesses
Fixes: asan_heap-oob_112c6b3_13_012.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit df74811cd53e45fcbbd3b77a1c42416816687c5c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: asan_heap-oob_12304aa_8_asan_heap-oob_4da4f3_300_intro.jv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 105654e376a736d243aef4a1d121abebce912e6b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3869
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3fe9e7be4c70c8fccdcd56fd19276e668cfb7de8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes build with --disable-everything
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 82a90e7764ad04afd3679e4e4e89d85c7e4d4b53)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This limits ABI issues in case libavcodec is linked to a libavutil with larger AVFrame
Which can happen if they are shiped in seperate binary packages and libavutil is upgraded
A cleaner alternative would be to replace them by pointers but this would likely cause
a small speedloss
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc567ac49e17151f00f31b59030cd10f952612ef)
Conflicts:
libavcodec/h264.h
(cherry picked from commit 618d062bd553a7d7fad194d4236913f2b0a0251e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is a bit tricky, we allocate a correctly sized AVFrame but then only
copy the compile time AVFrame size, this is to ensure that user applications
which do not use the correct av frame API dont end with out of array reads.
Note, applications using the correct API have set extended_data and the
changed code will never be executed for them.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8ab80707841a73ca7708e1e1aa97f3513fff3d35)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The next commit/bugfix will need it
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit da89572004f6c0279134d4c8c1c835496a2c4232)
* commit '8feac29cc46270cc89d6016340e7bac780877131':
lavc: use AVFrame API properly in ff_reget_buffer()
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes inconsistency and out of array accesses
Fixes: 10cdd7e63e7f66e3e66273939e0863dd-asan_heap-oob_1a4ff32_7078_cov_4056274555_mov_h264_aac__mp4box_frag.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e0ab5078a7d865f8f6fd6a6d3cbe0f380ead4a3d':
lavc: do not force the emu edge flag
Conflicts:
libavcodec/utils.c
There should be no such bugs in ffmpeg, but merging it anyway
as its safer.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The default get_buffer2() implementation (and possibly some
user ones) does not allocate edges when this flag is set, which may
expose bugs in some decoders. Until the 10 release is out, it is safer
to remove this part.
* commit 'f7e85ee996b3886c2b13e928b83277382311af96':
lavc: allow the caller to override dimensions in ff_get_buffer()
Conflicts:
libavcodec/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '50079a6aa93291e6dc9d9fb8d33da83f79e9311d':
lavc: do not leak the internal frame if opening the codec fails
Conflicts:
libavcodec/utils.c
See: 8b285f03f70e884312c6c4e00a1377cfd85a3a7a
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '8058284ce09030b47512746d726fb2ad3ae8a20f':
lavc: add 422/444 YUV with alpha to align_dimensions()
Conflicts:
libavcodec/utils.c
Only cosmetical changes happen as these formats already where in the list before
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '5b4797a21db900b7d509660b7a4d49829089b004':
avframe: add AV_FRAME_DATA_MATRIXENCODING side data type.
Conflicts:
libavutil/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
this allows seperate installation of shared libs that should not conflict with
whatever is already installed.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This ensures that theres just one AVFrame allocation function and libs dont
produce multiple AVFrame variants after a minor lib update
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Its possible to implement this with a few lines less code but it then
would flip the order of the list and require registration of external
codecs to be done first, also it could break user applications due to
this. Thus to maintain ABI this slighty more complex solution is
used.
Reviewed-by: Stefano Sabatini
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a1ee1648690726b34e98eaf8db04fd7b3303cfc8':
lavc/decode_video(): always unref the frame if there is no output in decode_video
Conflicts:
libavcodec/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '85f947aefb3dae81f65f518acdffa8e31c679654':
lavc: remove a pointless check in decode_audio4()
Merged-by: Michael Niedermayer <michaelni@gmx.at>
