Fixes out of array accesses
Fixes Ticket2850
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3819db745d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes Ticket2844
Found-by: ami_stuff
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 880c73cd76)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Otherwise, during error conditions, the caller will be left with
dangling pointers to a destructed packet => boom.
BUG=242786
TEST=ffmpeg_regression_tests
Commit slightly simplified by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c54a1565f5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 88c1b0e7a852e48d9f0e3d79c44edaa86e59acfe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The volatile is not required here, and prevents a miscompilation with GCC
4.8.1 when building on x86 with --cpu=i686
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 659df32a9d)
This ensures that theres enough data for mpeg_probe() to recognize mpeg-ps
Fixes Ticket2583
Based on code by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c605adbf56)
Fixes a case where multichannel bitrate isn't accurately
targetted by psy model alone, never achieving the target bitrate.
Now fixed.
Fixes ticket #2625.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
Fixes decoding with picky media players.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b448c0a68d)
Conflicts:
libavformat/movenc.c
Many players ignore broken aac frames, so don't abort mov or flv
muxing when encountering one, just print a warning instead.
Fixes ticket #2380.
(cherry picked from commit 1741fece70)
Conflicts:
libavformat/flvenc.c
Fixes Ticket1605
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 519ebb5ee5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
When parsing the Xing/Info tag, don't set the bit rate if it's an Info tag.
When parsing the stream, don't override the bit rate if it's already set,
otherwise calculate the mean bit rate from parsed frames. This way, the bit
rate will be set correctly both for CBR and VBR streams.
Signed-off-by: Alexander Kojevnikov <alexander@kojevnikov.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 29d8cd265a)
Conflicts:
tests/ref/lavf-fate/mp3
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These warnings have no false positives and point to serious bugs.
(cherry picked from commit 99853cb8d4)
Conflicts:
configure
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Other software does not store it in this case, and the information
is provided by the codec stream
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 405cc0d905)
Conflicts:
tests/ref/lavf/mov
tests/ref/seek/lavf_mov
tests/ref/vsynth/vsynth1-dnxhd-1080i
tests/ref/vsynth/vsynth1-mpeg4
tests/ref/vsynth/vsynth2-dnxhd-1080i
tests/ref/vsynth/vsynth2-mpeg4
Fixes vlc decoding for hypothetical files that would contain such cases.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0dfc01c2bb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5ff41ffeb4cb9ea6df49757dc859619dc3d3ab4f)
Conflicts:
libavcodec/huffyuv.c
Prevents out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f67a0d1152)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 95ab8d33e1a680f30a5a9605175112008ab81afc)
Conflicts:
libavcodec/huffyuv.c
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f014567cf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This prevents various values from becoming stuck at NAN and
output to become silent
If someone knows a cleaner solution, thats welcome!
Fixes Ticket2335
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8978c743fb)
