This limits ABI issues in case libavcodec is linked to a libavutil with larger AVFrame
Which can happen if they are shiped in seperate binary packages and libavutil is upgraded
A cleaner alternative would be to replace them by pointers but this would likely cause
a small speedloss
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fc567ac49e)
Conflicts:
libavcodec/h264.h
This is a bit tricky, we allocate a correctly sized AVFrame but then only
copy the compile time AVFrame size, this is to ensure that user applications
which do not use the correct av frame API dont end with out of array reads.
Note, applications using the correct API have set extended_data and the
changed code will never be executed for them.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8ab8070784)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: d4476f68ca1c1c57afbc45806f581963-asan_heap-oob_2266b27_8607_cov_4044577381_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61d59703c9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d42ec8433c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: 14a74a0a2dc67ede543f0e35d834fbbe-asan_heap-oob_49572c_556_cov_215466444_44_001_engine_room.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c919e1ca2e)
Conflicts:
libavcodec/msrle.c
Fixes inconsistency and out of array accesses
Fixes: 10cdd7e63e7f66e3e66273939e0863dd-asan_heap-oob_1a4ff32_7078_cov_4056274555_mov_h264_aac__mp4box_frag.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e5c7229999)
Conflicts:
libavcodec/utils.c
(cherry picked from commit 4f94e1901a1ff0073c64122c577b6efd3dee22d4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_19c7a94_6470_cov_1453611734_luckynight-partial.tak
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f58eab1512)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses with CODEC_FLAG_EMU_EDGE
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8001e9f7d1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array accesses with CODEC_FLAG_EMU_EDGE
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6ba02602aa)
Conflicts:
libavcodec/vmnc.c
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access with RC_VARIANCE set to 0
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1caaa1c61)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
about 1ms faster startup time
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 133fbfc781)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
20 ms is used by libopus encoder.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 74906d3727)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array reads
Fixes: asan_heap-oob_f0de57_6823_mjp2.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3d5a5e86be)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This code changes the input packet, which is read only and can in
rare circumstances lead to decoder errors. (i run into one of these in
the audio decoder, which corrupted the packet during av_find_stream_info()
so that actual decoding that single packet failed later)
Until a better fix is implemented, this commit limits the problem.
A better fix might be to make the subtitle decoders not depend on
data[size] = 0 or to copy their input when this is not the case.
(cherry picked from commit 01923bab98)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
also remove failed attempt at a compatibility layer, the code simply cannot work
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c3814ab654)
Conflicts:
libavcodec/version.h
The not handling of frame gaps has lead to the lack of a dummy reference
frame, which has lead to the failure of decode_slice_header() which has
lead to one SEI recovery message being skiped which had introduced a
slightly suboptimal recovery point for at least 1 h264 file compared to
JM.
Found-by: Carl & BugMaster
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e5ef1c5c3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes Ticket3080
Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 780669ef7c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes potential overreads with crafted files.
Found-by: wm4
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 838f461b07)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes Ticket2898
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a1b9004b76)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket2921
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit fe448cd28d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fix https://trac.ffmpeg.org/ticket/3204
The problem was that intensity compensation was always used once it was
encountered. This is because v->next_use_ic was never set back to zero.
To fix this, when resetting v->next_luty/uv, also reset v->next_use_ic.
This improved (restored) performance by 85% when decoding
http://bit.ly/bbbwmv
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ed5bed4152)
q4-q7/d8-d15 are supposed to not be clobbered by the callee.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit d307e408d4)
works around bug in gccs inline asm register assignment
Fixes Ticket3177
gcc from 4.4 to 4.6 is affected at least, no non affected gccs known
clang seems not affected
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0538b29ae8)
This ensures that frames do not get mixed on context reinits
Fixes Ticket2836
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3c9dd93faa)
Do not consider it an error if we have no frames and should discard one.
This condition can easily happen when decoding is started from an I frame
Fixes Ticket2811
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08a8976196)
This simplifies the code and fixes a deadlock
Fixes Ticket2927
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 29ffeef5e7)
Fixes crash with carefuly designed files.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit a27227d401)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket2982
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f31011e9ab)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket3008
Fate changes as PAL8 gets used instead of BGR8
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95666b2298)
Currently the code can in some cases draw tiles that hang outside the
allocated buffer. This patch increases the buffer size to avoid out
of array accesses. An alternative would be to fail if such tiles are
encountered.
I do not know if any valid files use such hanging tiles.
Fixes Ticket2971
Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e07ac727c1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes Ticket2922
Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 821a5938d1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These prevent the rgb ljpeg code from being run on parameters that it doesnt
support. No testcase available but it seems possible to trigger these.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 61c68000ed)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
