Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2c58931e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes long loop
Fixes Ticket3208
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8202c49b43)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list)
Fixes: LMS-2014-06-16-4
Found-by: "Don A. Bailey" <donb@securitymouse.com>
See: ccda51b14c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d6af26c55c)
Conflicts:
libavutil/lzo.c
The check `src > dst' in the form `&c->out[-back] > c->out' invokes
pointer overflow, which is undefined behavior in C.
Remove the check. Also replace `&c->out[-back] < c->out_start' with
a safe form `c->out - c->out_start < back' to avoid overflow.
CC: libav-stable@libav.org
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit ca6c3f2c53)
Conflicts:
libavutil/lzo.c
Fixes various runtime failures with manually set flags that represent no
existing CPU
Fixes Ticket3653
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6310eb8010)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1194435
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 18af0ce62d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes CID1194388
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b432960528)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code was missing 1 bit in the src format
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc145e576a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 73734282e0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b8598f6ce6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of Ticket3466
Found-by: Andrey_Karpov / PVS-Studio
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ff6fa0b4b9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Matt Oliver <protogonoi@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 46d5625f44)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3540
The function dirac_get_arith_bit in libavcodec/dirac_arith.h can't be
built with PIC and check-stack because the asm code needs 6 registers
and PIC and check-stack options take 1 each and x86 is quite limited
in this area.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d8ab7f31dd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Related to CID1197063
The limit choosen is arbitrary and much larger than what makes sense.
It avoids the need for checking arithmetic operations with the length for overflow
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f9158b01d0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes h264_mp4toannexb_bsf_failure.mkv
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 289b149cec)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes potential divisions by zero and out of array accesses.
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2c16bf2de0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes part of Ticket3256
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5800b08572)
Conflicts:
libavformat/matroskadec.c
This is needed for matroska spec compliance
Fixes playback of SVQ3 in matroska with vlc
Fixes Ticket 3256
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8456bd2c0f)
Fixes playback of some AAC streams, which are otherwise mangled by the
parser, and stss is typically only valid for video anyway.
Fixes a regression since e41ea866.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 019247bdc3)
Fixes out of array read
Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61d59703c9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d42ec8433c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c919e1ca2e)
Conflicts:
libavcodec/msrle.c
(cherry picked from commit bc1c8ec5e6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array writes
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 842b6c14bc)
Conflicts:
libavformat/mpegtsenc.c
(cherry picked from commit e87de3f50b765134588d0b048c32ed4b8acc16fb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa)
Conflicts:
libavcodec/vmnc.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7c17207ab9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access with RC_VARIANCE set to 0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These occur when no context is set for example, thus they are common
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a044a183a3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
