Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 5f14f9e9849579b3418aebfde8a162d9c172d0ea)
The frame_rate update was missing leaving the output frame rate
wrong.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a46a23d30fea9c8a5570e07ec4d9c9b4eaa6eb4f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is required as the location of this field could change and is
specified in libavformat not avdevice
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba97cf2c4562b60fbef89103b61516891e31845e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1260704
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e172f5e53ae4dbbcdcf81c9a3b962dc9f5a8a98d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If refdata was NULL, the memcpy() ended up copying the same memory
block onto itself, which is not only pointless, but also undefined
behavior.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 921706691a87c3ea5f5b92afd9b423e5f8c6e9d9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Tested-by: Andreas Haupt
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cab6302534962331753fb69c674df86a458b098d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08509c8f86626815a3e9e68d600d1aacbb8df4bf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2fd9ce92af43e6dcbc8ed7c26c00b052de48ccad)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This might fix a hypothetical race condition
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f111831ed61103f9fa8fdda41473a23da016bdaa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1750b45cdf7498d0a05bea29cafcb26aa576d595)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a0640e63463e6428b80422c89e1bfc96147ecfc6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 69aa79365c1e8e1cb597d33e77bf1062c2ef47d4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 692b22626ec9a9585f667c124a186b1a9796e432)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes integer overflow and out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fd52d2d3d1ee41822a9801dffd41c0e1a2db32a8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fabbfaa095660982cc0bc63242c459561fa37037)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 05e161952954acf247e0fd1fdef00559675c4d4d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This could overflow and crash at least on 32 bit systems.
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This can lead to an endless loop by seeking back a few bytes after each
attempted chunk read. Assuming negative sizes are always invalid, this
is easy to fix. Other code in this demuxer treats negative sizes as
invalid as well.
Fixes ticket #4262.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 56cc024220886927350cfc26ee695062ca7ecaf4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
av_add_index_entry() can fail, for example because the parameters are
invalid, or because memory allocation fails. Check this; it can actually
happen with corrupted files.
The second hunk is just for robustness. Just in case functions like
ff_reduce_index() remove entries. (Not sure if this can actually
happen.)
Fixes ticket #4294.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6a0cd529a35190d9374b0b26504e71857cd67b83)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4531e2c489d279bfc90d54ca26ed898c5b265a7f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The mb address fits in int
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 592ba6ec106206f97133c9345313010c76361e12)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1f7f5903ab49b84789af5341492afbaba808a70)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 465f3705b1ef832fd6904750d018f81f9044f3ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc3cdb00d084222a107e61e7168903bf3d3d0b47)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is probably unneeded and normal int would be fine, but its
safer to use LL and this isnt speed relevant
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b4ad2853c50d055e9ba8c29f2e1c83b292f29d7a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The <<31 case needs LL
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c77cc2c1766666cdb5f14daee0f75e397bf7a194)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4b15bba2aec93776bfdc69a1bca42a4795a7d191)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
all values before 2.5 seem to be filled in now
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8c8ee17e8d2800144116ec52f26a435a06b49420)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0d64982828aee5f3495a71050e4930fa2898ca15)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
also add deprecation note for avcodec_get_pix_fmt_loss(), avcodec_find_best_pix_fmt_of_2()
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f7a1c5e4d2294a8970ede7f6deb2fe0a64e202a5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bbdd940f36662d4b6156464b1bda5131fc382465)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '891de4b27a07b808839b9e873b6a886248c8fd6b':
log: Unbreak no-tty support on 256color terminals
Conflicts:
libavutil/log.c
No change, FFmpeg is not affected by this bug
Merged-by: Michael Niedermayer <michaelni@gmx.at>
ceilf() can only work if the reminder of the division is not 0.
This fixes memory errors with for instance:
ffmpeg -f lavfi -i testsrc=s=800x500 -threads 3 -vf dctdnoiz -frames:v 1 -f null -
(cherry picked from commit eb7efaa9244720c5f2051d76d76faeec864eca7a)
In matroska_read_seek(), |tracks| is assigned at the begining of the
function. However, functions like matroska_parse_cues() could reallocate
the tracks and invalidate |tracks|.
This assigns |tracks| only before using it, so that it will not get
invalidated elsewhere.
Bug-Id: chromium/427266
* commit '4039f11ed82d84009b5146f0a563f33ced33e4db':
Prepare for 11.2 Release
Conflicts:
RELEASE
Merge for metadata only as this is not correct for 2.4.*
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '5f6f2412211609e46d3f3573f4ac4e136534f1d4':
doc: Update the Changelog for release 11.2
Conflicts:
Changelog
No change as the changelog is not correct for FFmpeg
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '431f57f0467244686ae63a3d06a8cf51f60090ed':
libopusenc: prevent an out-of-bounds read by returning early
Merged-by: Michael Niedermayer <michaelni@gmx.at>
