This more completely checks for truncation
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 32e06c485b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 69aa79365c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'cba4e6062a02d5bf684e13a770be88aa1fec717e':
More correct printf format specifiers
Conflicts:
libavcodec/h264_ps.c
libavcodec/h264_refs.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e70ab7c1f5005041bba0e4efc1165410f83495b2':
h264: add MVCD to the list of High profiles in SPS
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '614b9e4db8f3d7c23fc0410fc04745a727a82f4e':
h264: use avpriv_request_sample for chroma_format_idc
Conflicts:
libavcodec/h264_ps.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3a0576702825423abecb32627c530dbc4c0f73bc':
h264: store current_sps_id inside the current sps
Conflicts:
libavcodec/h264.c
libavcodec/h264_ps.c
The current_sps_id is not removed as it used in security related code.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '73e8fab31dc19c4371499e612856accbc00b2820':
h264: print values in case of error
Conflicts:
libavcodec/h264.c
libavcodec/h264_ps.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9ecabd7892ff073ae60ded3fc0a1290f5914ed5c':
h264: reset num_reorder_frames if it is invalid
Note, num_reorder_frames is not used in the failure case
Merged-by: Michael Niedermayer <michaelni@gmx.at>
An invalid VUI is not considered a fatal error, so the SPS containing it
may still be used. Leaving an invalid value of num_reorder_frames there
can result in writing over the bounds of H264Context.delayed_pic.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
There is no point in delaying the check and it avoids bugs with a
half-initialized context.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
* commit '94603feb1b3ad01a821a1a1cef1570b13f471821':
h264_ps: when parsing a VUI fails, only abort when explode is set
Merge only for metadata, ignoring invalid data can put the context
into an invalid state and can possibly be used for remote code
execution exploits.
Also we support all non standard VUIs that have been reported so
ignoring parsing failure makes no sense for us unless theres
some issue that has not been reported
Merged-by: Michael Niedermayer <michaelni@gmx.at>
A VUI doesn't contain anything strictly necessary for decoding.
Apparently there are many samples with truncated VUIs in the wild, this
commit should allow decoding them.
* commit 'c18838f5eb7d7001a9dc653f5162868c04c1b2a1':
h264_ps: Use more meaningful error values
Conflicts:
libavcodec/h264_ps.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Most of the changes are just trivial are just trivial replacements of
fields from MpegEncContext with equivalent fields in H264Context.
Everything in h264* other than h264.c are those trivial changes.
The nontrivial parts are:
1) extracting a simplified version of the frame management code from
mpegvideo.c. We don't need last/next_picture anymore, since h264 uses
its own more complex system already and those were set only to appease
the mpegvideo parts.
2) some tables that need to be allocated/freed in appropriate places.
3) hwaccels -- mostly trivial replacements.
for dxva, the draw_horiz_band() call is moved from
ff_dxva2_common_end_frame() to per-codec end_frame() callbacks,
because it's now different for h264 and MpegEncContext-based
decoders.
4) svq3 -- it does not use h264 complex reference system, so I just
added some very simplistic frame management instead and dropped the
use of ff_h264_frame_start(). Because of this I also had to move some
initialization code to svq3.
Additional fixes for chroma format and bit depth changes by
Janne Grunau <janne-libav@jannau.net>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Michael Niedermayer
Christophe Gisquet
Gabriel Dume
Diego Biurrun
Vittorio Giovara
Anton Khirnov