The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421
Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 20170829.nsv
Co-Author: 张洪亮(望初)" <wangchu.zhl@alibaba-inc.com>
Found-by: Xiaohei and Wangchu from Alibaba Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.
In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.
There are multiple important problems with this approach:
- the fields in AVCodecContext are in general one of
* stream parameters
* codec options
* codec state
However, it's not clear which ones are which. It is consequently
unclear which fields are a demuxer allowed to set or a muxer allowed to
read. This leads to erratic behaviour depending on whether decoding or
encoding is being performed or not (and whether it uses the AVStream
embedded codec context).
- various synchronization issues arising from the fact that the same
context is used by several different APIs (muxers/demuxers,
parsers, bitstream filters and encoders/decoders) simultaneously, with
there being no clear rules for who can modify what and the different
processes being typically delayed with respect to each other.
- avformat_find_stream_info() making it necessary to support opening
and closing a single codec context multiple times, thus
complicating the semantics of freeing various allocated objects in the
codec context.
Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
* qatar/master: (28 commits)
dfa: use more meaningful return codes
eatgv: check vector_bits
eatgv: check motion vectors
Mark a number of variables only used in av_dlog() calls as av_unused.
dvdec: drop const qualifier from variable to eliminate a warning
avcodec: Improve comment for thread_safe_callbacks to avoid misinterpretation.
tests/utils: don't ignore the return value of fwrite()
lavfi/formats: use sizeof(var) instead of sizeof(type).
lavfi: remove avfilter_default_config_input_link() declaration
lavfi: always enable the scale filter and depend on sws.
vf_split: support user-specifiable number of outputs.
avconv: remove stray useless comment.
mpegmux: add stuffing to avoid incomplete PCM frames
rtsp: avoid const warnings from strtol() call
avserver: check return value of ftruncate()
lagarith: make offset array type unsigned
dfa: add some checks to ensure that decoder won't write past frame end
aacps: NEON optimisations
aacps: align some arrays
aacps: move some loops to function pointers
...
Conflicts:
configure
doc/filters.texi
libavcodec/dfa.c
libavcodec/eatgv.c
libavfilter/Makefile
libavfilter/allfilters.c
libavfilter/avfilter.h
libavfilter/formats.c
libavfilter/vf_split.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec: Use 4 byte startcodes for H.264
matroskadec: Mark variable as av_unused.
Move some conditionally used variables into the block where they are used.
Drop some completely unnecessary av_unused attributes.
swscale: Remove unused variable alpMmxFilter.
Drop unnecessary av_uninit attributes from some variable declarations.
movenc: Support muxing wmapro in ismv/isma
mpegtsenc: Add an AVOption for forcing a new PAT/PMT/SDT to be written
swscale: move YUV2PACKED16WRAPPER() macro down to where it is used.
swscale: handle gray16 as a "planar" YUV format (Y-only, of course).
swscale: use yuv2packed1() functions for unscaled chroma also.
swscale: fix incorrect chroma bias in yuv2rgb48_1_c().
swscale: fix invalid memory accesses in yuvpacked1() functions.
Move PS2 MMI code below the mips subdirectory, where it belongs.
mips: Move MMI function declarations to a header.
build: Set correct dependencies for rtmp* protocols implemented by librtmp.
Conflicts:
libavcodec/ac3enc_template.c
libavformat/mpegtsenc.c
libswscale/output.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
