Fixes: 260813283176b57b3c9974fe284eebc3_signal_sigsegv_7ffff713351a_991_xtrem_e2_m64q15_a32sxx.3gp with memlimit of 262144
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15629129dd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If init_get_bits fails the GetBitContext is invalid and must not be
used. Check the return value in dirac_header and propogate the error.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4f5c2e651a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Also fix typo found by Lou Logan:
Sacrifying -> Sacrificing
Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 28efeb6502)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
In the TTA extradata re-construction the values are written with
avio_wl16 and if they don't fit into uint16_t, this triggers an
av_assert2 in avio_w8.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 92e79a2f7b)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
And default to 8000 if it is invalid.
An invalid sample rate can trigger av_assert2 in av_rescale_rnd.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 5b76c82fd7)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Try to reduce user confusion.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f6c3f1ed60)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
GNUTLS_SHUT_RDWR means GnuTLS will keep waiting for the server's
termination reply. But since we don't shutdown the TCP connection at
this point yet, GnuTLS will just keep skipping actual data from the
server, which basically is perceived as hang.
Use GNUTLS_SHUT_WR instead, which doesn't have this problem.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2222f419da)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Calling ffio_ensure_seekback() if ffio_init_checksum() has been called
on the same context can lead to out of bounds memory accesses and
crashes. The reason is that ffio_ensure_seekback() does not update
checksum_ptr after reallocating the buffer, resulting in a dangling
pointer.
This effectively fixes potential crashes when opening mp3 files.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc87758775)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Neccessary -> Necessary
formated -> formatted
thee -> the
eventhough -> even though
seperately -> separately
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit ed0b1db640)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Make the logic in libavformat/hevc.c parse_rps align with libavcodec/hevc_ps.c ff_hevc_decode_short_term_rps
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6e1f8780c8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The flag was set unintentionally and the code will break if a NULL
packet is passed in.
Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b14086ca38efa1a86cb0f0c6aa147b05f698877b':
mkv: Correctly report the latest packet had been flushed
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The first check is done without the AVIOContext, so alloc it only if said check succeeds
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Janne Grunau <janne-libav@jannau.net>
The first check is done without the AVIOContext, so alloc it only if said check succeeds
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
* commit 'caf7be30b11288c498fae67be4741bfbf083d977':
mpjpgdec: free AVIOContext leak on early probe fail
Conflicts:
libavformat/mpjpegdec.c
See: 34d278f983, this was mistakenly reimplemented, also see ffmpeg IRC log of today
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This can be useful for debugging, or in scenarios where the user
doesn't want to use the system's DNS settings for whatever reason.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
