If the allocated size, despite best efforts, is too small, exit
with the appropriate error.
CC: libav-stable@libav.org
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 58b68e4fdea22e22178e237bda950b09cc6f363a)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
The packet buffer allocation considered as dct-coded, while it is
actually run-coded and thus requires a larger buffer.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 117bc8e6ffc744fedcf77edf2fdb33c964b83370)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevent out of array writes.
Similar to what Michael Niedermayer did to address the same issue.
Bug-Id: CVE-2014-2263
CC: libav-stable@libav.org
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit e8049af1325dd59a51546c15b2e71a0f578e9d27)
Conflicts:
libavformat/mpegtsenc.c
The specification says the value is expressed in 10 bits including
the 4-byte CRC.
(cherry picked from commit 89616408e38ac7257e36976723df0e23d6ee1157)
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Conflicts:
libavformat/mpegtsenc.c
Such changes are neither allowed nor supported
Found-by: ami_stuff
Bug-Id: CVE-2013-7020
CC: libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit da7d839a0d3ec40423a665dc85e0cfaed3f92eb8)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
If the allocated size, despite best efforts, is too small, exit
with the appropriate error.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 52b81ff4635c077b2bc8b8d3637d933b6629d803)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bf10f09bccdcfdb41b9f5bbae01d55961bfd0693)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: snowf.avi
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9a162146ca6cc12ef7ad4a15164349482885962c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3539d6c63a16e1b2874bb037a86f317449c58770)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit efc4fe9d74a5040e465dbff80b29468dbc227c19)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of ticket2236
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956f4087c6eb717e31f3b92fe03fd56a3747eccf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Add padding, clear size, use the correct pointer.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4213fc5b9eebec53c7d22b770c3f1ceecca1c113)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '18f48e05a22a73a389fb3ab4b3eaf78903bab5ef':
cdgraphics: do not return 0 from the decode function
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The input data must remain constant, make a copy instead. This is in
theory a performance hit, but since I failed to find any samples
using this feature, this should not matter in practice.
Also, check the size of the header, avoiding invalid reads on truncated
data.
CC:libav-stable@libav.org
(cherry picked from commit 7b588bb691644e1b3c168b99accf74248a24e3cf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
0 means no data consumed, so it can trigger an infinite loop in the
caller.
CC:libav-stable@libav.org
(cherry picked from commit c7d9b473e28238d4a4ef1b7e8b42c1cca256da36)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes possible invalid memory accesses on corrupted data.
CC:libav-stable@libav.org
Bug-ID: CVE-2013-3674
(cherry picked from commit a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
release branches are detected by checking if "git" is not in RELEASE
This changes "N-64706-g2f71aeb" to "n2.3-8-g2f71aeb"
for git master theres no change
This should improve the readability of lists of versions which come from
more than 1 release branch or master + release. fate.ffmpeg.org is
one possible example
Reviewed-by: Timothy Gu <timothygu99@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ee606fd0317df202b59946cf9b738c0a01056316)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
it overrides what version.sh prints and thus makes its output
from release branches rather useless
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f71aeb30161edb5cb0fea5d3080094a22cc3038)
Conflicts:
VERSION
also check pbuffer before use
Found-by: CSA
Reviewed-by: Stefano Sabatini <stefasab@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1d8d21b90ab91aa471f369e0f9d1ea20fb40733b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: CSA
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e706fe764049b3f1ccf10ba9f686426a4c007906)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: CSA
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e6fdcb7f3c86491408a3699f0aa9dc52b7c5686)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bcc898dd2643c883522ffa565be4b226ce798c78)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 81c1657a593b1c0f8e46fca00ead1d30ee1cd418)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes a infinite loop
Fixes Ticket3804
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cfdb30d2f1241de9354a8efdbf8252d0f1a6f933)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3809
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f95298c913899207344d668a6d5624cb2d2e480c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fcb11ec291e9b3e3f352fa4d3e9026c0f7f64aa8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0782fb6bcb32fe3ab956a99af4cc472ff81da0c2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If there are consecutive IDR pictures, then SPS/PPS should be prepended
to all of them, not only the first one.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bf428bb3145c4f0eef32f8ef00de0ee222b3e414)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
