Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a2b8dde65947bfabf42269e124ef83ecf9c5974a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 121be310607879841d19a34d9f16d4fe9ba7f18c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 042faa847feea820451c474af0034fd3de9cff82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c92f55847a3d9cd12db60bfcd0831ff7f089c37c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25ab1a65f3acb5ec67b53fb7a2463a7368f1ad16)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is intended to workaround bug "665 Integer Divide Instruction May
Cause Unpredictable Behavior" on some early AMD CPUs, which causes a
div-by-zero in this codepath, such as reported in Mozilla bug #1293996.
Note that this isn't guaranteed to fix the bug, since a compiler is free
to reorder instructions that don't depend on each other. However, it
appears to fix the bug in Firefox, and a similar patch was applied to
libvpx also (see Chrome bug #599899).
(cherry picked from commit be885da3427c5d9a6fa68229d16318afffe67193)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85d23e5cbc9ad6835eef870a5b4247de78febe56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fecb3e82a4ba09dc11a51ad0961ab491881a53a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This function must be called from the mb or slice encoding loop and MMX state may not
be clean there
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 03ec6b780cfae85b8bf0f32b2eda201063ad061b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4f96f9d1118e073d346d16be157fa5075434e7f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3e5d27d7a7350e096eac9f8999d02bf48c3b3a69)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4e4bde1f4cff99d4ec59ed361ff9228b2050e6b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3305f71025289970fb34473adce5d9c65d1af016)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f71c98ee12f9a9e950b4a8fb6b1548fee91ba1f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This can overread (either before start or beyond end) of the buffer in
Nx1 (i.e. height=1) images.
Fixes mozilla bug 1240080.
(cherry picked from commit 0f88b3f82fafd536979993aeaafcb11a22266dbd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This assert can with crafted files fail, a warning is already printed
for this case.
Fixes assertion failure
Fixes:1/assert.avi
Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 14bac7e00d72eac687612d9b125e585011a56d4f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Sasi Inguva <isasi@google.com>
(cherry picked from commit 7e9e1b7070242a79fa6e3acd749d7fe76e39ea7b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes assertion failure
Found-by: durandal117
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28343139330f557e00293933a4697c7d0fc19c56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit deabcd2c05b2b01689d91394bbf3908da17234ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When there is only one stream and stream_index has not specified,
The ts has been transferd by the timebase of stream0 without modifying the stream_index
In this condation it cause seek failure.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ecc04b4f2f29ac676e6c1d1ebf20ec45f5385f1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1.poc
Fixes out of array read
Found-by: 连一汉 <lianyihan@360.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5af1240fce845f645440364c1335e0f8e44ee6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is simpler and fixes an out of array read, fixing it with AVBuffers
would be more complex
Fixes: e00d9e6e50e5495cc93fea41147b97bb/asan_heap-oob_12dcdbb_8798_b32a97ea722dd37bb5066812cc674552.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 752e6dfa3ea97e7901870bdd9e5a51f860607240)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e57d99dd4e0d8fe2992da0d65b563580e35ce728)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47bc1bdafb0950ccf128eaa491d8fd7cc0978813)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It's only available on Windows XP or newer.
Should fix compilation with mingw32 using the default OS target.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes occurance of NaN/Inf leading to assertion failures and out of array access
Fixes: d1c38a09acc34845c6be3a127a5aacaf/signal_sigsegv_3982225_6121_d18bd5451d4245ee09408f04badd1b83.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77bf96b04710b98a52aaddb93bfd32da0d506191)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 6b73fa392ac808f02e95a4e0a5770026/asan_static-oob_1b15f9a_1969_e7778535e5f27225fe0d6ded14721430.AVI
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffe44c5c75c485b4cbb12751e228f18da219df3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Matt Oliver <protogonoi@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3bf142c77337814458ed8e036796934032d9837f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bbec14de3126dbc4e1ec2b32ed714dab173386aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5736
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1bfeda5a34631787e07702f7a3569a41751caeb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If negative pts are possible for some codecs in ogg then the code needs to be
changed to use signed values.
Found-by: Thomas Guilbert <tguilbert@google.com>
Fixes: clusterfuzz_usan-2016-08-02
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c5cc3b08e56fc95665977544486bd9f06e4b7a72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: Thomas Guilbert <tguilbert@google.com>
Fixes: clusterfuzz_usan-2016-08-02
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6cd9a8b67a95a136ea15bfe3c3bab6cf5e6d1cc9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes crash in avformat_open_input() when accessing
protocol_whitelist field.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e947b75b1c76ef6793209c2c445b8c224a28717a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fix const corectness and zero init the struct. This example code would actually crash when initializing string.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69630f4d304a4e35d90957d6a170744af87cbf93)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 282477bf4534439ecb06f14d46446a4f1ab82284)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
