Fixes Ticket2292
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 02ac3398eb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit bdeb61ccc6)
Conflicts:
libavcodec/h264_ps.c
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8a6449167a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 21cd905cd4)
Conflicts:
libswresample/swresample.c
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e1219cdaf9)
Conflicts:
libavcodec/tiff.c
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1ac0fa50ef)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes integer overflow and out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5260edee7e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 365270aec5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If the first "special" character in a filename is a comma,
it can introduce protocol options, but only if there is a
colon at the end. Otherwise, it is just a filename with a
comma.
Fix trac ticket #2303.
(cherry picked from commit d9fad53f4b)
Write the packet unaltered if found.
Fixes ticket #1917
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b454c64e03)
Fixes Ticket1918
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6f77122bf5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These warnings have no false positives and point to serious bugs.
(cherry picked from commit 99853cb8d4)
Conflicts:
configure
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Other software does not store it in this case, and the information
is provided by the codec stream
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 405cc0d905)
Conflicts:
tests/ref/fate/vsynth1-mpeg4
tests/ref/fate/vsynth2-mpeg4
tests/ref/lavf/mov
tests/ref/seek/lavf_mov
tests/ref/vsynth/vsynth1-dnxhd-1080i
tests/ref/vsynth/vsynth2-dnxhd-1080i
Improves the file from Ticket2050
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 985aa0be82)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The QuickTime specification does not contain any hint that the atom
must not be written in some cases and both the QuickTime and the
AVID decoders do not fail if the atom is present.
This change allows to signal (visually) interlaced streams with
a codec different from uncompressed video.
As a side-effect, this fixes ticket #2202
(cherry picked from commit 7d0e3b197c)
Conflicts:
tests/ref/fate/vsynth1-avui
tests/ref/fate/vsynth1-dnxhd-1080i
tests/ref/fate/vsynth1-mpeg4
tests/ref/fate/vsynth2-avui
tests/ref/fate/vsynth2-dnxhd-1080i
tests/ref/fate/vsynth2-mpeg4
tests/ref/lavf/mov
tests/ref/seek/lavf_mov
This prevents faulty increasing of has_b_frames
Should fix Ticket 2062
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c230af9bcc)
Without any correctly decoded slices, there can be no frame.
Fixes out of array reads
Found-by: Rafaël Carré
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 60af6c3138)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevent out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 96f452ac64)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ab6c9332bf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This prevents a buffer overflow in rle_decode()
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7357ca900e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes state becoming inconsistent
Fixes a null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 23318a5735)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fix writing over the end
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0ceca269b6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f18c873ab5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes vlc decoding for hypothetical files that would contain such cases.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0dfc01c2bb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents out of array writes
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f67a0d1152)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
A negative `size' will bypass FFMIN(). In the subsequent memcpy() call,
`size' will be considered as a large positive value, leading to a buffer
overflow.
Change the type of `size' to unsigned int to avoid buffer overflow, and
simplify overflow checks accordingly.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4e692374f7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Sanity checks like `data + size >= data_end || data + size < data' are
broken, because `data + size < data' assumes pointer overflow, which is
undefined behavior in C. Many compilers such as gcc/clang optimize such
checks away.
Use `size < 0 || size >= data_end - data' instead.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 902cfe2f74)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The check `start + res < start' is broken since pointer overflow is
undefined behavior in C. Many compilers such as gcc/clang optimize
away this check.
Use `res > end - start' instead. Also change `res' to unsigned int
to avoid signed left-shift overflow.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2f014567cf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Avoids integer overflows and out of array accesses.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 49b729d3af)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
