s->ref_pics[i] is later used as ref argument of interpolate_refplane,
where it is dereferenced.
If it is NULL, it causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d93181ef3e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e66b39aa8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
buf_idx + data_unit_size can overflow, causing the '> buf_size' check to
wrongly fail.
This causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 984f50deb2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The later is not correct
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d309d3091)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e54540655f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
index_scale is set to matroska->time_scale of type uint64_t.
When index_scale is int, the assignment can overflow and e.g. result
in index_scale = 0. This causes a floating point exception due to the
division by index_scale.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eb9fb508b0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The existing check has two problems:
1) i + count can overflow, so that the check '< 256' returns true.
2) In the (i == 'N') case occurs a j-- so that the loop runs once more.
This can trigger the assertion 'nut->header_len[0] == 0' or cause
segmentation faults or infinite hangs.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c24ca1bda)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
A negative frame rate triggers an av_assert2 in av_rescale_rnd.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6621105877)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The opt_opencl_bench function copied the device name using strcpy without checking if the source string was larger.
This patch fixes this by replacing the strcpy with av_strlcpy, with the string copy size capped to the destination buffer size.
Signed-off-by: Maneesh Gupta <maneesh.gupta@amd.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cf234552b8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Otherwise range_start_decoding is not necessarily run and thus
ctx->rc.range still 0 in range_dec_normalize leading to an infinite
loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 464c49155c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Remove PROTMODE as it doesn't make sense for DLLs. Also fixes a warning with the OpenWatcom linker
Export symbols as names rather then ordinals for better compatibility for minor releases.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket4557
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 50393bce31)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1257799
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c64b2d480b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1271783
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ade8a46154)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1271810
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cdd25f9a3d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1239055
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 294469416d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1210526
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d201becfc0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: CID1239152
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a9bf628bfd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1239110
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a6a45774d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Personally, I need the decoder to back out if get_format() returns no
usable pixel format. This didn't work because the error code was not
propagated down the call chain. This in turn happened because the
variable declaration removed in this patch shadowed the variable, whose
value is returned at the end of the function. Consequently, failures of
decode_nal_unit() were ignored in this place.
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cc5e4bb484)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1239106
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 22f15f5735)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids potential accesses over the end
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 93cfa7d169)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fix crash when doing 8 ch conversion from apps compiled with MSVS
Thanks to Ronald for giving this hint:
https://ffmpeg.org/pipermail/ffmpeg-devel/2015-May/173049.html
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit adb7372f74)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes nothing but maybe helps coverity which does not see that this is failing later
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 65e5032955)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1239099 part 2
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c6ae98d4a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1239099 part 1
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3e9d5e16ad)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1271794
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 93b0ee21a2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1239154
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8a62b80ce6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Since commit 676a395a aac->frame->data is not necessarily allocated at
the end of aac_decode_frame_int if avctx->channels is 0.
In this case a bogus frame without any data, but non-zero nb_samples is
returned.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec38a1ba40)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1238994
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b62b3292d8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1239014
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2cddc0b19a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID703652
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 171af59d58)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>