the string length is not constrained to INT_MAX
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4c128ea162)
Conflicts:
libavutil/dict.c
the string length is not constrained to INT_MAX
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4950bd4ebe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This was introduced in cde6e328de
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 23e6cf832f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket4533
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7f45f7fc7f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
And notify why the capture is impossible.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit e8c4db0d4d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The image decoding code does expect the image to be decoded immedeatly
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d2184bf3b6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The opt_opencl_bench function copied the device name using strcpy without checking if the source string was larger.
This patch fixes this by replacing the strcpy with av_strlcpy, with the string copy size capped to the destination buffer size.
Signed-off-by: Maneesh Gupta <maneesh.gupta@amd.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cf234552b8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
this quiets a warning:
Failed to set VP8E_SET_NOISE_SENSITIVITY codec control: Unspecified
internal error
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Zern <jzern@google.com>
(cherry picked from commit 238ec505e2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
See sample vp90-2-14-resize-fp-tiles-16-8.webm from the vp9 test vector
set to reproduce the issue.
(cherry picked from commit 3de13d5212)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
See sample vp90-2-14-resize-fp-tiles-16-8-4-2-1.webm from the vp9 test
vector set which reproduces the issue. This probably costs a few cycles,
but I don't think there's an easy way to workaround that.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d02d04a18f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The server is properly equiped not to choke on that now.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7ad27f1221)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes double free with some applications
Fixes vlc ticket14121
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e6e8cc8ce9)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
id should be an integer, not a string. It is also optional, so use
contentType instead which is the proper attribute for these values.
This addresses ticket #4545, fixing an MPD validation error.
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 32a4177a62)
This reduces the number of cases where timestamps need to be shifted
Fixes Ticket4487
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9d4fdfe24c)
This allows using pts instead of dts for negative TS avoidance
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7ac5c38ec5)
This fixes a memleak if read_kuki_chunk is executed more than once.
Reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit cb7c4f73e5)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
If avio_read fails, the buffer can contain uninitialized values.
Reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit a3ede6b742)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
av_image_fill_pointers always aligns the palette, but the padding
bytes don't (and can't) get initialized in av_image_copy.
Thus initialize them in av_image_alloc.
This fixes 'Syscall param write(buf) points to uninitialised byte(s)'
valgrind warnings.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 51f6455285)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Since commit 676a395a aac->frame->data is not necessarily allocated at
the end of aac_decode_frame_int if avctx->channels is 0.
In this case a bogus frame without any data, but non-zero nb_samples is
returned.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit ec38a1ba40)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Since len is an unsigned int, the comparison is currently treated as
unsigned and thus ignores all errors from avio_read.
Thus cast len to int, which is unproblematic, because at that point len
is between 0 and 4.
This fixes 'Conditional jump or move depends on uninitialised value'
valgrind warnings in is_tag.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0382c94f13)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
And either error out or set it to 0 if it is negative.
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 4d0ee4962b)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Conflicts:
libavformat/avidec.c
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 584cc1ade1)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
In init_planes p->xblen and p->yblen are set to:
p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
av_assert2(start_x < end_x && block_w > 0);
av_assert2(start_y < end_y && block_h > 0);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 75fc81c831)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
s->ref_pics[i] is later used as ref argument of interpolate_refplane,
where it is dereferenced.
If it is NULL, it causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d93181ef3e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
If bytes is large enough, bytes*8 can overflow and become negative.
In that case 'bufsize -= bytes*8' causes bufsize to increase instead of
decrease.
This leads to a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9e66b39aa8)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
buf_idx + data_unit_size can overflow, causing the '> buf_size' check to
wrongly fail.
This causes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 984f50deb2)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
If bit_rate is negative, it can trigger an av_assert2 in av_rescale_rnd.
Since av_rescale returns int64_t, but st->codec_bit_rate is int, it can
also overflow into a negative value.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0eec40b713)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
The later is not correct
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5d309d3091)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e54540655f)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
index_scale is set to matroska->time_scale of type uint64_t.
When index_scale is int, the assignment can overflow and e.g. result
in index_scale = 0. This causes a floating point exception due to the
division by index_scale.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eb9fb508b0)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
AV_PIX_FMT_MONOBLACK has the AV_PIX_FMT_FLAG_BITSTREAM flag, i.e.
linesize can be smaller than width.
Since x_offset is only check against the width, this can lead to
x_offset * bpp >= image_linesize.
In this case ptr could be set to a position outside the image_buf in
png_handle_row, leading to memory corruption and thus crashes.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 372aa0777a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
During the loop ret can get changed. Since it is not set on all failure
paths, decode_frame_common can return 0 even though an error occurred.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8f760be4d3)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This check was removed in commit 08aec6f6, but
s->last_picture.f->data[0] is still used in handle_p_frame_apng
unconditionally.
This fixes a segmentation fault.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 287dbb0771)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
