Fixes out of array read
Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61d59703c9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c919e1ca2e)
Conflicts:
libavcodec/msrle.c
(cherry picked from commit bc1c8ec5e6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa)
Conflicts:
libavcodec/vmnc.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c17207ab9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access with RC_VARIANCE set to 0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 240fd8c96f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e48318802b3caa493a40c0584afc30cc866d9d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket2982
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f31011e9ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These prevent the rgb ljpeg code from being run on parameters that it doesnt
support. No testcase available but it seems possible to trigger these.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61c68000ed)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
q4-q7/d8-d15 are supposed to not be clobbered by the callee.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d307e408d4)
works around bug in gccs inline asm register assignment
Fixes Ticket3177
gcc from 4.4 to 4.6 is affected at least, no non affected gccs known
clang seems not affected
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0538b29ae8)
Do not consider it an error if we have no frames and should discard one.
This condition can easily happen when decoding is started from an I frame
Fixes Ticket2811
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08a8976196)
Conflicts:
libavcodec/h264_refs.c
Fixes out of array accesses
Fixes Ticket2919
Found_by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 86736f59d6)
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 695af8eed6)
Conflicts:
libavcodec/h264.c
* commit '072be3e896':
h264: set parameters from SPS whenever it changes
Conflicts:
libavcodec/h264.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b9d887c225)
Conflicts:
libavcodec/h264.c
Fixes out of array access
Fixes Ticket2895
Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9a271a9368)
Conflicts:
libavcodec/jpeg2000dec.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes Ticket2850
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3819db745d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes Ticket2844
Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 880c73cd76)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 88c1b0e7a852e48d9f0e3d79c44edaa86e59acfe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The volatile is not required here, and prevents a miscompilation with GCC
4.8.1 when building on x86 with --cpu=i686
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 659df32a9d)
Fixes a case where multichannel bitrate isn't accurately
targetted by psy model alone, never achieving the target bitrate.
Now fixed.
Fixes ticket #2625.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
When parsing the Xing/Info tag, don't set the bit rate if it's an Info tag.
When parsing the stream, don't override the bit rate if it's already set,
otherwise calculate the mean bit rate from parsed frames. This way, the bit
rate will be set correctly both for CBR and VBR streams.
Signed-off-by: Alexander Kojevnikov <alexander@kojevnikov.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 29d8cd265a)
Conflicts:
tests/ref/lavf-fate/mp3
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes vlc decoding for hypothetical files that would contain such cases.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0dfc01c2bb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f)
Conflicts:
libavcodec/huffyuv.c
Prevents out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f67a0d1152)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc)
Conflicts:
libavcodec/huffyuv.c
This prevents various values from becoming stuck at NAN and
output to become silent
If someone knows a cleaner solution, thats welcome!
Fixes Ticket2335
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8978c743fb)
This prevents faulty increasing of has_b_frames
Should fix Ticket 2062
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c230af9bcc)
This is consistent with the other ff_ass_split_* functions.
It also fixes a crash when trying to split a dialog with text=NULL
(which seems to happen when the text of the dialog is empty); basically,
this commit fixes crashes when trying to encode an empty text subtitle
dialog (see subrip and mov_text encoders).
Fixes Ticket2048.
(cherry picked from commit c83002a4f8)
I was sadly unable to find a non fuzzed mp3 that uses the
feature that contained the bug (and i searched hard ...), thus
while this fixes the security issue. It may or may not fix
mixed blocks in 8khz mp3s, i cant say due to lack of samples to test.
Security issue exists since: b37d945dd4
Reported-by: Dale Curtis <dalecurtis@google.com>
(Probably) Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 94041febc5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Closes#1619.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 8a57ca5c6a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
