Fixes MSVR-11-0088
Credit: Jeong Wook Oh of Microsoft and Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba9a7e0d71)
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68)
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68)
EBML_STOP leaves matroska->current_id set. Then matroska_read_seek changes
the stream position without resetting current_id. The next
matroska_parse_cluster fails due to calculation of incorrect pos. So clear
current_id when avio_seek happens in matroska_read_seek.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit cdc2c1c576)
Specifically crafted samples can reinit ogg->streams[] while
reading samples, and thus we should not cache old pointers since
these may no longer be valid.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit 4cc3467e7a)
Do not use Doxygen for comments that apply to specific implementation
details; merge some duplicated Doxygen comment blocks.
(cherry picked from commit f75e3da535)
Code would allocate a new context but forget to assign it
to the pointer actually passed to avformat_open_input,
potentially causing a crash.
Even if it was initialized it would cause a memleak.
This caused crashes with e.g. mpd, see also
http://bugs.gentoo.org/show_bug.cgi?id=373423
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit 4e59c8ecf1)
Code would allocate a new context but forget to assign it
to the pointer actually passed to avformat_open_input,
potentially causing a crash.
Even if it was initialized it would cause a memleak.
This caused crashes with e.g. mpd, see also
http://bugs.gentoo.org/show_bug.cgi?id=373423
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Before this, almost all module groups have been used for grouping functions
and fields in structures semantically. This causes them to not appear
properly in the file documentation and needlessly clutters up the "Modules"
index.
Additionally, this commit streamlines some spelling and appearances.
(cherry picked from commit 21a19b7912)
convert the comment that documents the metadata API to use
the doxygen markup
(cherry picked from commit 1a53a438dc)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
av_open_input_stream used to allow this, even though it makes no sense.
Make it just print a warning instead of failing, thus restoring
compatibility.
Note that avformat_open_input() will still reject this combination.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 4f731c4429)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
ogg_save() copies streams[], but doesn't keep track of free()'ed
struct members. Thus, if in between a call to ogg_save() and
ogg_restore(), streams[].private was free()'ed, this would result
in a double free -> crash, which happened when e.g. playing small
chained ogg fragments.
(cherry picked from commit 9ed6cbc3ee)
ogg_save() copies streams[], but doesn't keep track of free()'ed
struct members. Thus, if in between a call to ogg_save() and
ogg_restore(), streams[].private was free()'ed, this would result
in a double free -> crash, which happened when e.g. playing small
chained ogg fragments.
(cherry picked from commit 9ed6cbc3ee)
ogg_save() copies streams[], but doesn't keep track of free()'ed
struct members. Thus, if in between a call to ogg_save() and
ogg_restore(), streams[].private was free()'ed, this would result
in a double free -> crash, which happened when e.g. playing small
chained ogg fragments.
(cherry picked from commit 9ed6cbc3ee)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
These blocks don't report audio stream parameters and they are not needed
for decoding.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit cb7b55b096)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This fourcc is used by the "mpegable AVC" codec and files encoded with
this codec decode correctly with our H.264 decoder.
(cherry picked from commit 2ea1ca1714)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
When providing a custom AVIOContex for a AVFMT_NOFILE format
only print a warning instead of erroring out.
This allows the code to work with older MPlayer versions that
just always set pb out of laziness.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
There are 2 known Bink audio codecs. Additionally they have
a different flavor if they are found inside Bink-b "BIKb" file.
In order to guess the correct flavor, the demuxer sets the audio
codec_tag to be the same as the file format tag.
This causes problem because same tag is used for both audio codecs.
The hack works in FFmpeg because audio codecs are identified by their
codec_id, but other players rely on standard behavior.
This fix removes the codec_tag hack and instead uses artificial
extradata format to signal the codec flavor. This would also
allow proper embedding of Bink audio in other containers.
Signed-off-by: Ivan Kalvachev <ikalvachev@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
There is no need to write two HTTP newlines (\r\n) into "headers",
because http_connect (in http.c) already appends one HTTP newline at
the end of the given headers chunk, which would result in sending
three HTTP newlines after the headers. Most of the time it's okay
(although not RFC-conforming), but many proxy servers and the
occasional strict httpd will puke with a "400 bad request".
In this case, the string that was passed couldn't contain
user-defined data and thus there was no risk for injection
bugs, but it's safer this way, if we later change the
content of the options string.
Signed-off-by: Martin Storsjö <martin@martin.st>
Michael Niedermayer
Reimar Döffinger
Alex Converse
Chris Evans
John Stebbins
Diego Biurrun
Reinhard Tartler
Anton Khirnov
Ronald S. Bultje
Kostya Shishkov
Carl Eugen Hoyos
ami_stuff
Kamil Nowosad
ami_stuff
Justin Ruggles
Ivan Kalvachev
Yusuke Nakamura
Kirill Zorin
Martin Storsjö