On the first iteration through this code, last_dts is always
INT64_MIN (AV_NOPTS_VALUE) and the subtraction overflows in
an invalid manner. Although the result is only used if the
input values are valid, performing the subtraction is still
not allowed in a strict environment.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit a31e9f68a4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/release/0.7: (73 commits)
Update Changelog for 0.7.2 release
Update RELEASE file for 0.7.2
lavf: do not set codec_tag for rawvideo
fate: allow testing with libavfilter disabled
fate: separate lavf-mxf_d10 test from lavf-mxf
Fix memory (re)allocation in matroskadec.c, related to MSVR-11-0080.
movenc: fix NULL reference in mov_write_tkhd_tag
movenc: create an alternate group for each media type
flvdec: Check for overflow before allocating arrays
ppc: fix some pointer to integer casts
ppc: fix 32-bit PIC build
rv34: Check for invalid slice offsets
rv34: Fix potential overreads
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
oggdec: fix out of bound write in the ogg demuxer
Fixed size given to init_get_bits().
smacker: fix a few off by 1 errors
Check for invalid VLC value in smacker decoder.
...
Conflicts:
RELEASE
libavcodec/avs.c
libavcodec/ppc/asm.S
libavcodec/rv34.c
libavcodec/xan.c
libavdevice/alsa-audio.h
libavformat/flvdec.c
libavformat/gxf.c
libavformat/utils.c
libswscale/x86/swscale_template.c
tests/ref/lavf/mov
tests/ref/lavf/mxf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
On OS X, av_malloc(0) returns pointers that cause crashes when
freed.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e81e5e8ad2)
Extradata should only be parsed from the avss, fiel, jp2h and alac atoms for
AVS, MJPEG, Motion JPEG 2000 and ALAC respectively.
This also fixes the mov demuxer coming up with bogus extradata for some
AVC-Intra samples due to the presence of fiel atoms.
(cherry picked from commit e571305a71)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 194c2432ee)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit af84d9bb9e)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 247a1dc847)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e47cfe9e5c)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 71e23d39a3)
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0cc44facf1)
The score of 50 can probably be raised if needed
Fixes Ticket490
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3f7dc480c1)
If the demuxer did not set a codec_tag, there is none and
inventing one makes no sense. This change stops the rawvideo
"decoder" over-writing user-supplied pixfmt with one derived
from the codec_tag. The pixfmt-codec_tag-pixfmt round-trip
is lossy since several pixfmts map to the same codec_tag.
This fixes fate-lavf-pixfmt with avfilter disabled.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit bb416bd68c)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68)
Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>
(cherry picked from commit 77d2ef13a8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
st may be NULL when there are more mov streams than AVStreams, e.g. when
chapters are present.
(cherry picked from commit c92a2a4eb8)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
On allocation, the array length is multiplied by sizeof(int64_t),
this prevents the multiplication from overflowing.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a246cefa75)
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
Signed-off-by: David Goldwich <david.goldwich@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 63d64228a7)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Between ogg_save() and ogg_restore() calls, the number of streams
could have been reduced.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 0e7efb9d23)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
init_get_bits() takes a number of bits and not a number of bytes as
its size argument.
Signed-off-by: Alex Converse <alex.converse@gmail.com>
(cherry picked from commit b59efc9434)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Metadata currently is written only at the start of the file in normal
cases, when transcoding from a rtmp source metadata could be
written later and the offset recorded can exceed 32bit.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 7f5bf4fbaf)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents out of bounds reads when extradata is being decoded.
(cherry picked from commit 1f6f58d585)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
According to MPEG-TS specs, the continuity_counter shall not be
incremented when the adaptation_field_control of the packet
equals '00' or '10'.
Signed-off-by: Jindrich Makovicka <jindrich.makovicka@nangu.tv>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 8923cfa328)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Set DV packet durations using fields_per_frame.
This requires turning gxf_stream_info into the demuxer's context for access to the value in gxf_packet().
Since MPEG-2 seems to work fine this done only for DV.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
(cherry picked from commit 99fecc64b0)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Parse the extension flag bit when reading the MPEG4 AudioSpecificConfig.
This has nothing to do with SBR/PS contradictory to what was noted when it was removed.
(cherry picked from commit 7f01a4192c)
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* khirnov/release/0.7: (64 commits)
rv34: Check for invalid slice offsets
rv34: Fix potential overreads
rv34: Avoid NULL dereference on corrupted bitstream
rv10: Reject slices that does not have the same type as the first one
lavf: Fix context pointer in av_open_input_stream when avformat_open_input fails
oggdec: fix out of bound write in the ogg demuxer
Fixed size given to init_get_bits().
smacker: fix a few off by 1 errors
Check for invalid VLC value in smacker decoder.
Check and propagate errors when VLC trees cannot be built in smacker decoder.
Fixed off by one packet size allocation in the smacker demuxer.
Check for invalid packet size in the smacker demuxer.
ape demuxer: fix segfault on memory allocation failure.
xan: Add some buffer checks (cherry picked from commit 0872bb23b4)
Fixed size given to init_get_bits() in xan decoder. (cherry picked from commit 393d5031c6)
smacker demuxer: handle possible av_realloc() failure.
Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
cljr: init_get_bits size in bits instead of bytes (cherry picked from commit 0c1f5b93d9)
indeo2: fail if input buffer too small (cherry picked from commit b7ce4f1d1c)
indeo2: init_get_bits size in bits instead of bytes (cherry picked from commit 68ca330cbd)
...
Conflicts:
ffmpeg.c
libavdevice/alsa-audio.h
libavformat/gxf.c
libswscale/x86/swscale_template.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Unlike other containers RealMedia stores its audio packets in scrambled form,
with interleaver ID preceeding audio codec ID. Currently deinterleaving
decision is tied to the codec while it's possible to have non-default
deinterleaver with audio codec (like Int0 deinterleaver instead of specific
one for Sipro).
Signed-off-by: Anton Khirnov <anton@khirnov.net>
