ffmpeg/libavformat
wm4 9d0aa058c9 avio: fix potential crashes when combining ffio_ensure_seekback + crc
Calling ffio_ensure_seekback() if ffio_init_checksum() has been called
on the same context can lead to out of bounds memory accesses and
crashes. The reason is that ffio_ensure_seekback() does not update
checksum_ptr after reallocating the buffer, resulting in a dangling
pointer.

This effectively fixes potential crashes when opening mp3 files.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc87758775)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-08-20 14:38:25 +02:00
..
4xm.c
Makefile
a64.c
aacdec.c
ac3dec.c
act.c
adp.c
adtsenc.c
adxdec.c avformat/adxdec: check avctx->channels for invalid values 2015-03-29 03:34:22 +02:00
aea.c
afc.c
aiff.h
aiffdec.c
aiffenc.c
allformats.c
amr.c
anm.c
apc.c
ape.c
apetag.c Merge commit 'b45ab61b24a8f2aeafdd4451491b1b30b7875ee5' into release/2.4 2014-09-18 01:04:25 +02:00
apetag.h
aqtitledec.c
asf.c
asf.h
asfcrypt.c
asfcrypt.h
asfdec.c
asfenc.c asfenc: fix leaking asf->index_ptr on error 2015-03-29 03:34:22 +02:00
assdec.c assdec: check av_new_packet return value 2015-01-13 00:05:39 +01:00
assenc.c avformat/assenc: honor ReadOrder 2014-09-13 23:02:51 +02:00
ast.c
ast.h
astdec.c
astenc.c
au.c
audiointerleave.c Merge commit '7c710c38f6481b892e01d3c1e4781ad160b2935e' into release/2.4 2015-01-18 01:19:11 +01:00
audiointerleave.h
avc.c
avc.h
avformat.h avformat: replace some odd 30-60 rates by higher less odd ones in get_std_framerate() 2014-11-30 23:35:37 +01:00
avformatres.rc
avi.h
avidec.c Merge commit 'a55a70644872027fdf76a75edf12a09c9008880f' into release/2.4 2015-05-19 21:24:51 +02:00
avienc.c
avio.c avio: fix sizeof argument 2015-01-13 00:00:43 +01:00
avio.h
avio_internal.h
aviobuf.c avio: fix potential crashes when combining ffio_ensure_seekback + crc 2015-08-20 14:38:25 +02:00
avisynth.c
avlanguage.c
avlanguage.h
avr.c
avs.c
bethsoftvid.c
bfi.c
bink.c bink: check vst->index_entries before using it 2015-04-25 15:06:54 +02:00
bintext.c
bit.c avformat/bit: only accept the g729 codec and 1 channel 2015-03-29 03:34:22 +02:00
bluray.c
bmv.c
boadec.c
brstm.c
c93.c
cache.c
caf.c
caf.h
cafdec.c
cafenc.c
cavsvideodec.c
cdg.c
cdxl.c avformat/cdxl: Fix integer overflow of image_size 2015-01-09 17:18:40 +01:00
cinedec.c cinedec: report white balance gain coefficients using metadata 2014-11-20 02:00:49 +01:00
concat.c
concatdec.c avformat/concatdec: fix "warning: explicitly assigning a variable of type int to itself" 2014-09-10 11:48:39 +02:00
crcenc.c
crypto.c
cutils.c
data_uri.c
dauddec.c
daudenc.c
dfa.c
diracdec.c
dnxhddec.c
dsfdec.c
dsicin.c
dtsdec.c avformat/dtsdec: dts_probe: check reserved bit, check lfe, check sr_code similarity 2014-11-20 01:29:20 +01:00
dtshddec.c
dump.c
dv.c
dv.h
dvenc.c
dxa.c
eacdata.c
electronicarts.c
epafdec.c
ffm.h
ffmdec.c avformat/ffmdec: Check ffio_set_buf_size() return value 2015-08-20 14:29:11 +02:00
ffmenc.c
ffmeta.h
ffmetadec.c
ffmetaenc.c
file.c
file_open.c
filmstripdec.c
filmstripenc.c
flac_picture.c
flac_picture.h
flacdec.c
flacenc.c avformat/flacenc: Check length in flac_write_block_comment() 2015-06-01 23:25:20 +02:00
flacenc.h
flacenc_header.c
flic.c
flv.h
flvdec.c avformat/flvdec: Increase string array size 2015-01-09 17:18:40 +01:00
flvenc.c avformat/flvenc: check that the codec_tag fits in the available bits 2015-03-29 03:34:22 +02:00
format.c lavf/format.c: use AVPROBE_SCORE_MIME instead of AVPROBE_SCORE_EXTENSION for matching mime types 2014-09-13 00:37:35 +02:00
framecrcenc.c
framehash.c
frmdec.c
ftp.c
g722.c
g723_1.c
g729dec.c
gif.c
gifdec.c
golomb_tab.c
gopher.c
gsmdec.c
gxf.c avformat/gxf: Use 64bit for res to avoid overflow 2015-03-29 03:34:21 +02:00
gxf.h
gxfenc.c
h261dec.c
h263dec.c
h264dec.c
hdsenc.c Merge commit '19fc283dbb53a5f7d6658fd4edcfa59b99369b58' into release/2.4 2015-01-18 01:22:14 +01:00
hevc.c avformat: Fix bug in parse_rps for HEVC. 2015-08-20 14:29:12 +02:00
hevc.h
hevcdec.c
hls.c
hlsenc.c avformat/hlsenc: Free context after hls_append_segment 2014-11-30 21:40:36 +01:00
hlsproto.c
hnm.c
http.c
http.h
httpauth.c
httpauth.h
icecast.c Merge commit 'e10028431d5cd90db7b2a4b0d16721bb1a6d75e3' into release/2.4 2015-02-28 19:19:52 +01:00
icodec.c
icoenc.c
id3v1.c
id3v1.h
id3v2.c
id3v2.h
id3v2enc.c
idcin.c avformat/idcin: Use 64bit for ret to avoid overflow 2015-03-29 03:34:21 +02:00
idroqdec.c
idroqenc.c
iff.c
ilbc.c
img2.c
img2.h avformat/img2: Make AVOptions available to img* demuxers defined in other files 2014-09-11 15:10:15 +02:00
img2_alias_pix.c avformat/img2_alias_pix: Add AVClass and image2 AVOptions 2014-09-11 15:34:13 +02:00
img2_brender_pix.c avformat/img2_alias & brender_pix: fix function names 2014-09-11 15:16:24 +02:00
img2dec.c avformat/img2dec: do not rewind custom io buffers 2015-04-25 15:06:53 +02:00
img2enc.c
ingenientdec.c
internal.h Merge commit '19fc283dbb53a5f7d6658fd4edcfa59b99369b58' into release/2.4 2015-01-18 01:22:14 +01:00
ipmovie.c
ircam.c
ircam.h
ircamdec.c
ircamenc.c
isom.c
isom.h avformat/mov: check atom nesting depth 2014-12-16 23:55:35 +01:00
iss.c
iv8.c
ivfdec.c
ivfenc.c
jacosubdec.c
jacosubenc.c
jvdec.c
latmenc.c
libavformat.v
libgme.c
libmodplug.c
libnut.c
libquvi.c
librtmp.c avformat/librtmp: fix swfurl 2015-01-18 02:38:01 +01:00
libsmbclient.c
libssh.c
lmlm4.c
loasdec.c
log2_tab.c
lrc.c
lrc.h
lrcdec.c
lrcenc.c
lvfdec.c
lxfdec.c
m4vdec.c avformat/m4vdec: Check for non startcode 00 00 00 sequences in probe 2014-09-07 16:39:39 +02:00
matroska.c avformat: remove FF_API_ASS_SSA dead code 2014-09-09 21:34:23 +02:00
matroska.h
matroskadec.c avformat/matroskadec: Use tracks[k]->stream instead of s->streams[k] 2015-06-01 23:25:22 +02:00
matroskaenc.c avformat/matroskaenc: Check ff_vorbiscomment_length in put_flac_codecpriv() 2015-06-01 23:25:20 +02:00
md5enc.c
md5proto.c
metadata.c
metadata.h
mgsts.c
microdvddec.c
microdvdenc.c
mkvtimestamp_v2.c
mlvdec.c
mm.c
mmf.c
mms.c
mms.h
mmsh.c
mmst.c
mov.c avformat/mov: Mark avio context of decompressed atoms as seekable 2015-06-19 11:25:06 +02:00
mov_chan.c mov: abort on EOF in ff_mov_read_chan 2015-08-20 14:29:12 +02:00
mov_chan.h
movenc.c avformat/movenc: workaround bug in "PathScale EKOPath(tm) Compiler Suite Version 4.0.12.1" 2015-01-10 05:02:19 +01:00
movenc.h
movenchint.c
mp3dec.c Merge commit '78a3a4580c5a547af4ae8682c662ea3a4699a599' into release/2.4 2015-05-19 20:25:58 +02:00
mp3enc.c mp3enc: fix a triggerable assert 2014-11-14 20:22:40 +01:00
mpc.c
mpc8.c avformat/mpc8: Use uint64_t in *_get_v() to avoid undefined behavior 2015-02-13 20:48:08 +01:00
mpeg.c avformat/mpeg: do not count PES packets inside PES packets during probing 2015-01-18 00:11:01 +01:00
mpeg.h
mpegenc.c mpegenc: prevent a NULL pointer dereference 2015-01-13 00:16:40 +01:00
mpegts.c avformat/mpegts: Detect changes in packet through CRC instead of just the 5bit version 2015-05-19 20:57:48 +02:00
mpegts.h
mpegtsenc.c
mpegvideodec.c
mpjpeg.c
mpl2dec.c
mpsubdec.c
msnwc_tcp.c
mtv.c Merge commit '242fc6394fecb403bcbd0f652920f2647d0b08ae' into release/2.4 2015-01-18 01:40:01 +01:00
mux.c mux: Do not leave stale side data pointers in ff_interleave_add_packet() 2015-05-19 12:14:18 +01:00
mvdec.c avformat/mvdec: Use 64bit for ret to avoid overflow 2015-03-29 03:34:21 +02:00
mvi.c
mxf.c
mxf.h
mxfdec.c mxfdec: add missing break 2015-01-13 00:04:43 +01:00
mxfenc.c avformat/mxfenc: Accept MXF D-10 with 49.999840 Mbit/sec 2015-08-20 14:29:11 +02:00
mxg.c
ncdec.c
network.c
network.h
nistspheredec.c
noproxy-test.c
nsvdec.c
nullenc.c
nut.c
nut.h nutdec: fix infinite resync loops 2015-06-01 23:25:19 +02:00
nutdec.c nutdec: fix illegal count check in decode_main_header 2015-06-01 23:25:21 +02:00
nutenc.c
nuv.c
oggdec.c
oggdec.h
oggenc.c avformat/oggenc: Check ff_vorbiscomment_length in ogg_write_vorbiscomment() 2015-06-01 23:25:20 +02:00
oggparsecelt.c
oggparsedirac.c
oggparseflac.c
oggparseogm.c
oggparseopus.c
oggparseskeleton.c
oggparsespeex.c
oggparsetheora.c
oggparsevorbis.c
oggparsevp8.c
oma.c
oma.h
omadec.c avformat/omadec: Use 64bit for ret to avoid overflow 2015-03-29 03:34:21 +02:00
omaenc.c
options.c
options_table.h avformat/options_table: add FF_COMPLIANCE_UNOFFICIAL 2014-11-01 15:36:07 +01:00
os_support.c
os_support.h
paf.c
pcm.c
pcm.h
pcmdec.c
pcmenc.c
pjsdec.c
pmpdec.c
psxstr.c
pva.c
pvfdec.c
qcp.c
qtpalette.h
r3d.c
rawdec.c latm: Do not give a score for a single instance 2015-01-12 23:18:01 +01:00
rawdec.h
rawenc.c
rawenc.h
rawvideodec.c
rdt.c Merge commit '036f5c5420e4529f05fa5180f5fa28ca2c5c4065' into release/2.4 2015-01-18 00:25:10 +01:00
rdt.h
realtextdec.c avformat/realtextdec: UTF-16 support 2014-09-05 23:13:07 +02:00
redspark.c
replaygain.c
replaygain.h
riff.c
riff.h
riffdec.c
riffenc.c avformat/riffenc: Filter out "BottomUp" in ff_put_bmp_header() 2014-10-04 23:52:28 +02:00
rl2.c
rm.c
rm.h Merge commit '036f5c5420e4529f05fa5180f5fa28ca2c5c4065' into release/2.4 2015-01-18 00:25:10 +01:00
rmdec.c Merge commit '4cd0041d38664adcb6f4b3038e277631b85d5dc8' into release/2.4 2015-01-18 01:04:15 +01:00
rmenc.c Merge commit '2ef2f60b4f0308d1c871091c9c1a9641d14ec585' into release/2.4 2015-03-09 01:36:01 +01:00
rmsipr.c
rmsipr.h
rpl.c
rsd.c avformat/rsd: make tag_buf string larger 2014-12-19 18:02:13 -03:00
rso.c
rso.h
rsodec.c
rsoenc.c
rtmp.h
rtmpcrypt.c
rtmpcrypt.h
rtmpdh.c
rtmpdh.h
rtmphttp.c
rtmppkt.c
rtmppkt.h
rtmpproto.c
rtp.c
rtp.h
rtpdec.c
rtpdec.h
rtpdec_amr.c
rtpdec_asf.c
rtpdec_formats.h
rtpdec_g726.c
rtpdec_h261.c
rtpdec_h263.c
rtpdec_h263_rfc2190.c Merge commit 'cbf31d5f15774b3ffd1e2009159dc7154a767b09' into release/2.4 2015-01-17 23:23:27 +01:00
rtpdec_h264.c
rtpdec_hevc.c Merge commit '95e177eeb21f3e968aa9353bc69d1946966cc835' 2014-09-03 14:56:53 +02:00
rtpdec_ilbc.c
rtpdec_jpeg.c
rtpdec_latm.c
rtpdec_mpeg4.c
rtpdec_mpeg12.c
rtpdec_mpegts.c
rtpdec_qcelp.c
rtpdec_qdm2.c
rtpdec_qt.c avformat/rtpdec_qt: Fix 'warning: passing argument 2 of ffio_init_context discards const qualifier from pointer target type' 2014-09-08 16:56:19 +02:00
rtpdec_svq3.c
rtpdec_vp8.c
rtpdec_xiph.c avformat/rtpdec_xiph: Check upper bound on len in xiph_handle_packet() 2015-06-01 23:25:20 +02:00
rtpenc.c Revert "avformat/rtpenc: check av_packet_get_side_data() return, fix null ptr dereference" 2015-08-20 14:29:11 +02:00
rtpenc.h
rtpenc_aac.c
rtpenc_amr.c
rtpenc_chain.c
rtpenc_chain.h
rtpenc_h261.c
rtpenc_h263.c
rtpenc_h263_rfc2190.c
rtpenc_h264.c
rtpenc_jpeg.c avformat/rtpenc_jpeg: Check remaining buffer size for SOS 2015-06-01 23:25:20 +02:00
rtpenc_latm.c
rtpenc_mpv.c
rtpenc_vp8.c
rtpenc_xiph.c
rtpproto.c
rtpproto.h
rtsp.c Merge commit 'f77c9d71615e17414aacbb1720693b800a5a32d3' into release/2.4 2015-05-19 20:50:54 +02:00
rtsp.h
rtspcodes.h
rtspdec.c
rtspenc.c
samidec.c avformat/samidec: UTF-16 support 2014-09-05 23:13:07 +02:00
sapdec.c
sapenc.c
sauce.c
sauce.h
sbgdec.c
sctp.c
sdp.c sdp: add support for H.261 2014-10-04 23:52:29 +02:00
sdr2.c
seek-test.c
seek.c
seek.h
segafilm.c
segment.c Merge commit 'f6c82b34a320f105af266997f5951cbe7dfc8a05' into release/2.4 2015-01-17 22:56:52 +01:00
sierravmd.c
siff.c
smacker.c avformat/smacker: Fix number suffix 2015-02-13 20:48:08 +01:00
smjpeg.c
smjpeg.h
smjpegdec.c
smjpegenc.c
smoothstreamingenc.c Merge commit '19fc283dbb53a5f7d6658fd4edcfa59b99369b58' into release/2.4 2015-01-18 01:22:14 +01:00
smush.c
sol.c
sox.h
soxdec.c
soxenc.c
spdif.c
spdif.h
spdifdec.c
spdifenc.c
srtdec.c avformat/srtdec: speed up probing 2014-09-05 23:13:08 +02:00
srtenc.c
srtp.c
srtp.h
srtpproto.c
subfile.c
subtitles.c avformat/subtitles: Use size_t for len 2015-06-01 23:25:20 +02:00
subtitles.h avformat/subtitles: Use size_t for len 2015-06-01 23:25:20 +02:00
subviewer1dec.c
subviewerdec.c
swf.c
swf.h
swfdec.c avformat/swfdec: Do not error out on pixel format changes 2015-07-08 12:46:58 +02:00
swfenc.c
takdec.c
tcp.c
tedcaptionsdec.c
tee.c
thp.c avformat/thp: Check av_get_packet() for failure not only for partial output 2015-02-13 20:48:08 +01:00
tiertexseq.c
tls.c
tmv.c
tta.c avformat/tta: fix crash with corrupted files 2015-02-13 20:48:08 +01:00
tty.c
txd.c
udp.c
uncodedframecrcenc.c
unix.c
url-test.c
url.c avformat/url: Use size_t for len from strlen() 2015-06-01 23:25:20 +02:00
url.h
urldecode.c
urldecode.h
utils.c lavf: Reset global flag on deinit 2015-04-25 15:06:55 +02:00
vc1test.c
vc1testenc.c
version.h avformat: remove FF_API_ASS_SSA dead code 2014-09-09 21:34:23 +02:00
vivo.c
voc.c
voc.h
vocdec.c
vocenc.c
vorbiscomment.c avformat/vorbiscomment: Check entry length in ff_vorbiscomment_write() 2015-06-01 23:25:20 +02:00
vorbiscomment.h
vplayerdec.c
vqf.c avformat/vqf: Use 64bit for ret to avoid overflow 2015-03-29 03:34:21 +02:00
w64.c
w64.h
wavdec.c avformat/wavdec: Increase dts packet threshold to fix more misdetections 2015-06-01 23:25:19 +02:00
wavenc.c
wc3movie.c
webmdashenc.c
webvttdec.c
webvttenc.c
westwood_aud.c
westwood_vqa.c
wtv.h
wtv_common.c
wtvdec.c avformat/wtvdec: Use 64bit for ret to avoid overflow 2015-03-29 03:34:21 +02:00
wtvenc.c
wv.c
wv.h
wvdec.c
wvenc.c
xa.c
xmv.c
xwma.c Merge commit '32701252af65014bb68194bb61d67ec1882ae75d' into release/2.4 2015-01-18 02:26:14 +01:00
yop.c
yuv4mpeg.h
yuv4mpegdec.c
yuv4mpegenc.c