Fixes use of freed memory
Fixes: case5_av_frame_copy_props.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids use of uninitialized memory
Fixes: asan_static-oob_17aa046_582_cov_212287884_DBLK_G_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '456e93bfdd4cbc5e995dea415019abd0703d0e16':
dashenc: Adjust the start time of a segment to the end of the previous segment
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '2f628d5943c12389c07d652d23d3916997f9f0f6':
dashenc: Write segment timelines properly if the timeline has gaps
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is the same adjustment that the mp4 muxer does to the start
timestamp of fragments, since the timestamp of a sample in an mp4
file is implicit from the sum of earlier sample durations.
This avoids gaps in the timeline (which can stop dash.js from
playing it back), and makes sure the timestamp on the segmenter
level matches what the mp4 muxer actually writes into the segments.
This is only an issue if the AVPacket duration of the last
packet of a segment doesn't point to the actual start timestamp
of the next packet (the first in the next segment).
Signed-off-by: Martin Storsjö <martin@martin.st>
Write a new start time if the duration of the previous segment
didn't match the start of the next one. Check that segments
actually are continuous before writing a repeat count.
This makes sure timestamps deduced from the timeline actually
match the real start timestamp as written in filenames (if
using a template containing $Time$).
Signed-off-by: Martin Storsjö <martin@martin.st>
Fixes out of array read
Fixes: signal_sigsegv_1b0a4da_1865_cov_2167818389_computer_anger.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Should improve cache usage and reduces stack usage.
Also reduces number of copies in case many levels
have the same number of bits.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Fixes use of freed memory
Fixes: asan_heap-uaf_3660f67_757_cov_1257014655_Hi422FR1_SONY_A.jsv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: case2_bad_read_yuv2rgbx32.mp4
Found-by: Michal Zalewski <lcamtuf@coredump.cx>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: asan_heap-oob_25bcd7e_3783_cov_3553517262_utvideo_rgba_median.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_stack-oob_32c12e5_2536_cov_2442316831_lena.xface
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_4d23ba_91_cov_3853393937_128.vmd
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Close segment I/O context and append segment in hls_write_trailer() only
when segment I/O context is allocated.
Signed-off-by: Christian Suloway <csuloway@globaleagleent.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If allocation fails earlier on, and the next frame is processed,
the slice buffer could be left in a state where line and data_stack
have already been freed, or are otherwise null pointers.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Since 3cec81f4d4, a zero-length metadata value would try to
allocate 2*0 bytes, where av_malloc() returns NULL.
Always add one to the allocated length, to allow space for
a null terminator in the zero-length case.
Incidentally, this fixes fate-alac on RVCT 4.0, where a compiler
bug seems to mess up the mov muxer to the point that it writes
the wrong sort of metadata. Previously this bug was undetected,
but since 3cec81f4d4 such mov files started returning
AVERROR(ENOMEM) in the mov demuxer.
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit '10d4c5e55e5b23e165aa4c7723073ebe2c2e7da0':
tiff: set the correct return value when check_size() fails
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3c27275c1309190f2d6ed69140b67d014215b6c9':
tiff: Check the check_size() return value and forward it
Conflicts:
libavcodec/tiffenc.c
See: d50aa006fb
Merged-by: Michael Niedermayer <michaelni@gmx.at>
