Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 69aa79365c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 692b22626e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes integer overflow and out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fd52d2d3d1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: asan_heap-oob_1c1a4ea_1242_cov_2274415971_TESTcmyk.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fabbfaa095)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This could overflow and crash at least on 32 bit systems.
Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b737a2c528)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This can lead to an endless loop by seeking back a few bytes after each
attempted chunk read. Assuming negative sizes are always invalid, this
is easy to fix. Other code in this demuxer treats negative sizes as
invalid as well.
Fixes ticket #4262.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 56cc024220)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
av_add_index_entry() can fail, for example because the parameters are
invalid, or because memory allocation fails. Check this; it can actually
happen with corrupted files.
The second hunk is just for robustness. Just in case functions like
ff_reduce_index() remove entries. (Not sure if this can actually
happen.)
Fixes ticket #4294.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6a0cd529a3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The mb address fits in int
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 592ba6ec10)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is probably unneeded and normal int would be fine, but its
safer to use LL and this isnt speed relevant
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b4ad2853c5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The <<31 case needs LL
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c77cc2c176)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
all values before 2.5 seem to be filled in now
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8c8ee17e8d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
also add deprecation note for avcodec_get_pix_fmt_loss(), avcodec_find_best_pix_fmt_of_2()
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f7a1c5e4d2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '891de4b27a07b808839b9e873b6a886248c8fd6b':
log: Unbreak no-tty support on 256color terminals
Conflicts:
libavutil/log.c
No change, FFmpeg is not affected by this bug
Merged-by: Michael Niedermayer <michaelni@gmx.at>
ceilf() can only work if the reminder of the division is not 0.
This fixes memory errors with for instance:
ffmpeg -f lavfi -i testsrc=s=800x500 -threads 3 -vf dctdnoiz -frames:v 1 -f null -
(cherry picked from commit eb7efaa924)
In matroska_read_seek(), |tracks| is assigned at the begining of the
function. However, functions like matroska_parse_cues() could reallocate
the tracks and invalidate |tracks|.
This assigns |tracks| only before using it, so that it will not get
invalidated elsewhere.
Bug-Id: chromium/427266
* commit '4039f11ed82d84009b5146f0a563f33ced33e4db':
Prepare for 11.2 Release
Conflicts:
RELEASE
Merge for metadata only as this is not correct for 2.4.*
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '5f6f2412211609e46d3f3573f4ac4e136534f1d4':
doc: Update the Changelog for release 11.2
Conflicts:
Changelog
No change as the changelog is not correct for FFmpeg
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '431f57f0467244686ae63a3d06a8cf51f60090ed':
libopusenc: prevent an out-of-bounds read by returning early
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '88411b87b4bb3c5820ec232f26ba4a284c11a7f9':
display: fix order of operands
Conflicts:
libavcodec/h264.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '29e720da76ca353dbda9f881562902b41c355b77':
librtmp: append the correct field to the string
See: d1970929b5
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '61fdbf7ff64c0ae1bdd6a8d573092dc6924c1dba':
lavc: fix bitshifts amount bigger than the type
Conflicts:
libavcodec/internal.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '527617485914004dc8b772056322ea5ae74c800d':
lavc: Move the libtwolame encoder registration to the list for external libraries
Conflicts:
libavcodec/allcodecs.c
See: f5f98727b3
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '32701252af65014bb68194bb61d67ec1882ae75d':
xwma: Do not leak on failure path
Conflicts:
libavformat/xwma.c
See: 375a0c03a9
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer
wm4
Clément Bœsch
Xiaohan Wang
Luca Barbato
Paul B Mahol