The values compared here can be more than INT64_MAX apart. Since the
difference is always positive, converting to uint64_t before subtracting
gives the correct result without overflows.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Also remove a duplicate function in the MPEG-TS demuxer.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Also make sure extradata is freed in the case where multiple
NUV_EXTRADATA frame types are found. This may not happen in practice,
but it could happen in a malformed stream, which would lead to a memleak
if not handled.
Fixes curruption of metadata in the INFO chunk.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
Scaling the denominator instead of the numerator if it is too large
loses precision. Fixes an assert caused by a negative frame duration in
the fuzzed sample nasa-8s2.ts_s202310.
CC: libav-stable@libav.org
Current code would incorrectly process e.g. 'ff 00 ff 00 ff' to
'ff ff ff', while it should be 'ff ff 00 ff'.
Fixes Bug 395.
CC: libav-stable@libav.org
The following error handling is broken due to signedness.
int file_size;
uint32_t tag_bytes;
int64_t tag_start;
...
tag_start = file_size - tag_bytes - APE_TAG_FOOTER_BYTES;
if (tag_start < 0) { ... }
Note that tag_bytes is unsigned, which makes the right-hand side of
`tag_start = ...' unsigned, too. The 32-bit unsigned value is then
zero-extended to 64 bits. Therefore, tag_start must be non-negative,
and the check (tag_start < 0) is always false, which breaks the error
handling. This patch fixes the check.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Since the pointer `oc' is NULL, oc->oformat->name will cause a null
pointer dereference. This patch changes it to seg->oformat->name.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
