ffmpeg

Author	SHA1	Message	Date
Michael Niedermayer	0c125519ec	avformat/thp: Check av_get_packet() for failure not only for partial output Fixes null pointer dereference Fixes: signal_sigsegv_db2c1f_3108_cov_163322880_pikmin2_opening1_partial.thp Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f2579dbb4b31e6ae731e7f5555680528ef3020ab) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	ee8e48d386	avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 05e161952954acf247e0fd1fdef00559675c4d4d) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
wm4	600c6ebc7d	avformat/mpc8: fix broken pointer math This could overflow and crash at least on 32 bit systems. Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit b737a2c52857b214be246ff615c6293730033cfa) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
wm4	2515de3b15	avformat/mpc8: fix hang with fuzzed file This can lead to an endless loop by seeking back a few bytes after each attempted chunk read. Assuming negative sizes are always invalid, this is easy to fix. Other code in this demuxer treats negative sizes as invalid as well. Fixes ticket #4262. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 56cc024220886927350cfc26ee695062ca7ecaf4) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
wm4	e2e835f017	avformat/tta: fix crash with corrupted files av_add_index_entry() can fail, for example because the parameters are invalid, or because memory allocation fails. Check this; it can actually happen with corrupted files. The second hunk is just for robustness. Just in case functions like ff_reduce_index() remove entries. (Not sure if this can actually happen.) Fixes ticket #4294. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6a0cd529a35190d9374b0b26504e71857cd67b83) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	b8546aee84	avformat/omadec: fix number suffix Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit f1f7f5903ab49b84789af5341492afbaba808a70) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	84e5b314f3	avformat/smacker: Fix number suffix Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 465f3705b1ef832fd6904750d018f81f9044f3ab) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	1497f355c7	avformat/matroskadec: Fix number suffixes Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit fc3cdb00d084222a107e61e7168903bf3d3d0b47) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	01b5e61845	avformat/utils: Fix number suffixes in tb_unreliable() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 4b15bba2aec93776bfdc69a1bca42a4795a7d191) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:48:08 +01:00
Michael Niedermayer	92595faab9	Merge commit '532c96a2158c04f265d750d54f2f103b8d9fe0ef' into release/2.4 * commit '532c96a2158c04f265d750d54f2f103b8d9fe0ef': matroskadec: Fix read-after-free in matroska_read_seek() Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-02-13 20:32:53 +01:00
Xiaohan Wang	532c96a215	matroskadec: Fix read-after-free in matroska_read_seek() In matroska_read_seek(), \|tracks\| is assigned at the begining of the function. However, functions like matroska_parse_cues() could reallocate the tracks and invalidate \|tracks\|. This assigns \|tracks\| only before using it, so that it will not get invalidated elsewhere. Bug-Id: chromium/427266	2015-01-27 14:32:56 +00:00
Michael Niedermayer	e82140b09b	avformat/librtmp: fix swfurl Found-by: JULIAN GARDNER <joolzg@btinternet.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d1970929b5f8b873aac171586343c9d8142897ad) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:38:01 +01:00
Michael Niedermayer	dc84cf241c	Merge commit '32701252af65014bb68194bb61d67ec1882ae75d' into release/2.4 * commit '32701252af65014bb68194bb61d67ec1882ae75d': xwma: Do not leak on failure path Conflicts: libavformat/xwma.c See: 375a0c03a9a401a328a94b3d9f5338ab1524f7ef Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 02:26:14 +01:00
Michael Niedermayer	c7831e55b5	Merge commit '242fc6394fecb403bcbd0f652920f2647d0b08ae' into release/2.4 * commit '242fc6394fecb403bcbd0f652920f2647d0b08ae': mtv: improve header check and avoid division by zero Conflicts: libavformat/mtv.c See: 8b9b6332dfeb169098c8ab1351d66fc5b474dd55 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:40:01 +01:00
Michael Niedermayer	6f9bb83dbb	Merge commit 'bae05e5326703dad3bfe0ed5b31ba73ee9254515' into release/2.4 * commit 'bae05e5326703dad3bfe0ed5b31ba73ee9254515': matroskaenc: write correct Display{Width, Height} in stereo encoding Conflicts: libavformat/matroskaenc.c See: 6103faaa51d2f46d6ccecaad9a089b4b42ff66ee Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:33:33 +01:00
Michael Niedermayer	97a55f00d3	Merge commit '26ba78adacd8469fca97c8c833e2e6364b13b7c8' into release/2.4 * commit '26ba78adacd8469fca97c8c833e2e6364b13b7c8': mov: fix assigment check Conflicts: libavformat/mov.c See: af2e5061bbcabf5eae780929fa25784b6127759e Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:30:15 +01:00
Michael Niedermayer	d3316c3f85	Merge commit '19fc283dbb53a5f7d6658fd4edcfa59b99369b58' into release/2.4 * commit '19fc283dbb53a5f7d6658fd4edcfa59b99369b58': lavf: replace rename() with ff_rename() Conflicts: libavformat/hdsenc.c libavformat/internal.h See: 95d2fc6a76f3e0a98329f1ca70f98e7c085f0abf Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:22:14 +01:00
Michael Niedermayer	324797eb83	Merge commit 'b9b689550e7531b1a2cc893d2af623e37f266936' into release/2.4 * commit 'b9b689550e7531b1a2cc893d2af623e37f266936': img2dec: check av_new_packet return value Conflicts: libavformat/img2dec.c See: 3f8148911c6e6e1f2a042bd4ca3ad8516a92130c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:19:51 +01:00
Michael Niedermayer	298f7f1fac	Merge commit '7c710c38f6481b892e01d3c1e4781ad160b2935e' into release/2.4 * commit '7c710c38f6481b892e01d3c1e4781ad160b2935e': audiointerleave: check av_new_packet return value Conflicts: libavformat/audiointerleave.c See: 3ca8a2328878ebdb203e49d0a060df1b5337a370 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:19:11 +01:00
Michael Niedermayer	275cd55a0f	Merge commit '556a5090f2b0a20fd9998e1a327875f5b0c8d1d5' into release/2.4 * commit '556a5090f2b0a20fd9998e1a327875f5b0c8d1d5': mp3dec: fix reading the Xing tag Conflicts: libavformat/mp3dec.c See: 19ff479f694ddccc1fd1fa00eff94f96ca82671b Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:10:56 +01:00
Michael Niedermayer	749fadaa65	Merge commit '1551602b423755c4ed98c5b7b2c2d6504416726e' into release/2.4 * commit '1551602b423755c4ed98c5b7b2c2d6504416726e': nutdec: check av_new_packet return value Conflicts: libavformat/nutdec.c See: bb502411ddb9fe1928d4a999693a3a49b83f8698 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:10:10 +01:00
Michael Niedermayer	8120061be2	Merge commit '4cd0041d38664adcb6f4b3038e277631b85d5dc8' into release/2.4 * commit '4cd0041d38664adcb6f4b3038e277631b85d5dc8': rmdec: check av_new_packet return value Conflicts: libavformat/rmdec.c See: c01a462cda8d7f298a3ac6d20752d23a11e43a8a Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:04:15 +01:00
Michael Niedermayer	153a012384	Merge commit '6cf27b550d66963b89b5917568b85c4b49fb18ba' into release/2.4 * commit '6cf27b550d66963b89b5917568b85c4b49fb18ba': aviobuf: check context before using it See: 7441d1ec330da810a0ffd44a02b2fc60add5b719 Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 01:02:42 +01:00
Michael Niedermayer	1da83d52bc	Merge commit 'b31bb39bdd7b5a53e0d282acc0f0f62b32b17acc' into release/2.4 * commit 'b31bb39bdd7b5a53e0d282acc0f0f62b32b17acc': rtsp: Check a memory allocation Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 00:36:31 +01:00
Michael Niedermayer	564d943b27	avformat/rmdec: Check for overflow in ff_rm_read_mdpr_codecdata() Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 03abf55f252945c70f4a79eaf4d609cee4d98710) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 00:26:12 +01:00
Michael Niedermayer	aded1110a3	avformat/rmdec: rm_read_extradata: add error message for oversized extradata Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 50f9de59a08f4bbacda298377339318e3eb87b8e) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 00:25:55 +01:00
Michael Niedermayer	365e0652f9	Merge commit '036f5c5420e4529f05fa5180f5fa28ca2c5c4065' into release/2.4 * commit '036f5c5420e4529f05fa5180f5fa28ca2c5c4065': rm: Use the correct codec_data_size signedness Conflicts: libavformat/rm.h libavformat/rmdec.c See: a6f730730b82645a9d31aad0968487cb77d6946c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 00:25:10 +01:00
Michael Niedermayer	705e0e0513	avformat/mpeg: do not count PES packets inside PES packets during probing Fixes: misdetection of test2.mp3 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit e15b29bb18bee8b65fab5a3c873540e01fd20afe) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-18 00:11:01 +01:00
Michael Niedermayer	c69fff3790	Merge commit 'cbf31d5f15774b3ffd1e2009159dc7154a767b09' into release/2.4 * commit 'cbf31d5f15774b3ffd1e2009159dc7154a767b09': rtpdec_h263_rfc2190: Clear the stored bits if discarding buffered data Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-17 23:23:27 +01:00
Michael Niedermayer	cc598bf7dc	Merge commit 'f6c82b34a320f105af266997f5951cbe7dfc8a05' into release/2.4 * commit 'f6c82b34a320f105af266997f5951cbe7dfc8a05': segment: Fix the failure paths Conflicts: libavformat/segment.c Merged-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-17 22:56:52 +01:00
wm4	b96163f055	avformat/utils: check for malloc failure Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit a66893ac949864352b36b39e48c4cd72bbd81e54) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>	2015-01-17 22:39:23 +01:00
Vittorio Giovara	29e720da76	librtmp: append the correct field to the string Also prevent a NULL pointer dereference. CC: libav-stable@libav.org Bug-Id: CID 1250329 / CID 1250331 (cherry picked from commit a28468d0daf4be14761c16a3ddd33266b2380123) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-01-13 00:16:41 +01:00
Luca Barbato	32701252af	xwma: Do not leak on failure path CC: libav-stable@libav.org Bug-Id: CID 1087092 (cherry picked from commit fd9badd3cb3b60f5c54dcea35523e1ecca2f67a6) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-01-13 00:16:40 +01:00
Vittorio Giovara	cce99f72d1	mpegenc: prevent a NULL pointer dereference CC: libav-stable@libav.org Bug-Id: CID 29261 (cherry picked from commit 065923b0781b06a2604f69f4e2c2407b7750a854) Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-01-13 00:16:40 +01:00
Vittorio Giovara	34e7f70f9f	assdec: check av_new_packet return value CC: libav-stable@libav.org Bug-Id: CID 703626	2015-01-13 00:05:39 +01:00
Vittorio Giovara	242fc6394f	mtv: improve header check and avoid division by zero CC: libav-stable@libav.org Bug-Id: CID 732203 / CID 732204	2015-01-13 00:05:27 +01:00
Vittorio Giovara	bae05e5326	matroskaenc: write correct Display{Width, Height} in stereo encoding should be the raw amount of pixels (for example 3840x1080 for full HD side by side) and the DisplayWidth/Height in pixels should be the amount of pixels for one plane (1920x1080 for that full HD stream)." So, move the aspect ratio check in the mkv_write_stereo_mode() function and always write the embl when stereo format and/or aspect ration is set. Also add a few comments to that function. CC: libav-stable@libav.org Found-by: Asan Usipov <asan.usipov@gmail.com>	2015-01-13 00:05:13 +01:00
Vittorio Giovara	26ba78adac	mov: fix assigment check CC: libav-stable@libav.org Bug-Id: CID 1197050	2015-01-13 00:04:56 +01:00
Vittorio Giovara	8a982092cc	mxfdec: add missing break CC: libav-stable@libav.org Bug-Id: CID 732232	2015-01-13 00:04:43 +01:00
Luca Barbato	19fc283dbb	lavf: replace rename() with ff_rename() The new function wraps errno so that its value is correctly reported when other functions overwrite it (eg. in case of logging). CC: libav-stable@libav.org Bug-Id: CID 1135748 Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>	2015-01-13 00:04:24 +01:00
Vittorio Giovara	b9b689550e	img2dec: check av_new_packet return value CC: libav-stable@libav.org Bug-Id: CID 1087077	2015-01-13 00:03:10 +01:00
Vittorio Giovara	7c710c38f6	audiointerleave: check av_new_packet return value CC: libav-stable@libav.org Bug-Id: CID 1087078	2015-01-13 00:02:45 +01:00
Anton Khirnov	556a5090f2	mp3dec: fix reading the Xing tag The quality scale field is only supposed to be present if the fourth bit is set. In practice, lame always sets it, but other tools might not. CC:libav-stable@libav.org	2015-01-13 00:02:16 +01:00
Vittorio Giovara	1551602b42	nutdec: check av_new_packet return value CC: libav-stable@libav.org Bug-Id: CID 733713	2015-01-13 00:01:33 +01:00
Vittorio Giovara	4cd0041d38	rmdec: check av_new_packet return value CC: libav-stable@libav.org Bug-Id: CID 733714	2015-01-13 00:01:18 +01:00
Vittorio Giovara	6cf27b550d	aviobuf: check context before using it Avoid a possible null pointer dereference. CC: libav-stable@libav.org Bug-Id: CID 1135769	2015-01-13 00:00:56 +01:00
Michael Niedermayer	5aceced0a0	avio: fix sizeof argument CC: libav-stable@libav.org Bug-Id: CID 732284	2015-01-13 00:00:43 +01:00
Luca Barbato	bb823e26b1	avformat: Make avformat_free_context handle NULL Work as the other free()-like functions. Bug-Id: CID 1087081 CC: libav-stable@libav.org	2015-01-12 23:58:25 +01:00
Michael Lynch	b31bb39bdd	rtsp: Check a memory allocation CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st>	2015-01-12 23:58:05 +01:00
Luca Barbato	036f5c5420	rm: Use the correct codec_data_size signedness The function takes a size and not an offset. CC: libav-stable@libav.org Sample-Id: rm_deadlock.rm Signed-off-by: Luca Barbato <lu_zero@gentoo.org>	2015-01-12 23:18:01 +01:00

1 2 3 4 5 ...

15872 Commits