This is currently not supported
Fixes part of Ticket 3539
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c2430304df)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes reading from freed data
Fixes part of Ticket3539
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1c55d0ff32)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes wrong number of segments output and undefined memory access.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 58e0402e02)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3891
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 63a52ca134)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The read_packet callback passes a pointer to a stack-allocated AVPacket.
Attempting to free it with av_free() makes no sense.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b173f5c155)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3860
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 30f680ee0a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3869
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3fe9e7be4c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Buffers containing copies of the AAC and AC3 header bits were not padded
before parsing, violating init_get_bits() buffer padding requirement,
leading to potential buffer read overflows.
This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer
for parsing the header in each of aac_parser.c and ac3_parser.c.
Based on patch by: Matt Wolenetz <wolenetz@chromium.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fccd85b9f3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The allocation didn't account for headers, that can be easily 79 bytes.
As a result, buffers allocated for a few samples (e.g. 5 in the original
bug) could be undersized.
Fixed ticket #2881.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2ba58bec20)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 11a39bdf53)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3412
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 94f60b6544)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids high scores in random data that has a high 0x47 frequency
Fixes Ticket3844
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 427bcdf035)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The packet buffer allocation considered as dct-coded, while it is
actually run-coded and thus requires a larger buffer.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 117bc8e6ff)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If the allocated size, despite best efforts, is too small, exit
with the appropriate error.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 52b81ff463)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: snowf.avi
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9a162146ca)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes: ffvhuff_f.avi
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ba47d519e5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3837
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6801eb0a09)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3539d6c63a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes assertion failure
Fixes Ticket3822
as a side-effect this makes some mkv files a few bytes smaller
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 64d029de41)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
0 means no data consumed, so it can trigger an infinite loop in the
caller.
CC:libav-stable@libav.org
(cherry picked from commit c7d9b473e2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
also check pbuffer before use
Found-by: CSA
Reviewed-by: Stefano Sabatini <stefasab@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1d8d21b90a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: CSA
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e706fe7640)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: CSA
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e6fdcb7f3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of ticket2236
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956f4087c6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes a infinite loop
Fixes Ticket3804
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cfdb30d2f1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3809
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f95298c913)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If there are consecutive IDR pictures, then SPS/PPS should be prepended
to all of them, not only the first one.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bf428bb314)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer
Mika Raento
Mark Harris
wm4
Christophe Gisquet
Clément Bœsch
Justin Jacobs
Felix Abecassis
Anton Khirnov
Anshul Maheswhwari
Benoit Fouet
Chris \"Koying\" Browet
Gerion Entrup