Fixes: integer overflow and out of array access
Fixes: asfo-crash-46080c4341572a7137a162331af77f6ded45cbd7
Found-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
These changes store id3 chapter data in ID3v2ExtraMeta and introduce
ff_id3v2_parse_chapters to parse them into the format context if needed.
Encoders using ff_id3v2_read, which previously parsed chapters into the
format context automatically, were adjusted to call
ff_id3v2_parse_chapters.
Signed-off-by: wm4 <nfxjfg@googlemail.com>
* commit '0539d84d985e811e5989ef27c13f7e2dda0f9b89':
asfdec: Account for different Format Data sizes
See 76853a3e0c
Merged-by: James Almer <jamrial@gmail.com>
The header was never installed and the function is only used in libavformat
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
This fixes infinite loops due to seeking back.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
asf_read_payload can unset eof_reached, so check it also before calling
that function.
This fixes infinite loops.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes infinite loops due to seeking back.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes infinite loops.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
The loop can be very long, even though the file is very short.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Both avio_skip and detect_unknown_subobject use int64_t for the size
parameter.
This fixes a segmentation fault due to infinite recursion.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Otherwise invalid values are used unchecked in the next run.
This can cause NULL pointer dereferencing.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* commit '8375dc1dd101d51baa430f34c0bcadfa37873896':
asfdec: handle the case when the stream index has an invalid value better
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '00cc10aee380f882507bac994ac469d8358d12e8':
asfdec: do not skip padding if offset is above packet size - padding
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit 'c0a49077ea4ff3a0ad30b9e33f1bb06ba9112aaa':
asfdec: add more checks for size left in asf packet buffer
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '77cf23668991bfd1fb69339f13e1511b4186b7b3':
asfdec: alloc enough space for storing name in asf_read_metadata_obj
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '317cfaa5e09755ed0b34af512ec687963a67bdbf':
asfdec: prevent the memory leak in the asf_read_metada_obj
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit 'fdbc544d29176ba69d67dd879df4696f0a19052e':
asfdec: prevent the memory leak while reading metadata
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit 'cd4d9df22738e6f147521ccb72c7930db6050914':
asfdec: free AVDictionaries properly when closing the demuxer
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit 'b5c1c16247ab7d166c84eaf4564e49a1535fdaaf':
asfdec: do not align Data Object when Broadcast Flag is set
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '9e8627a1ff9207b9e272d248da2e1bd0cc6fe2fe':
asfdec: interpret the first flag in an asf packet as length flag
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit 'aed7715b8fa295980c221f1cd095d42cd3bd74a6':
asfdec: increment nb_streams right after the stream allocation
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit 'ee80f834cbb6dbacdc1efb4c658a7d775e82ebff':
asfdec: set nb_streams to 0 in the asf_read_close
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '2a187a074a7f5ad9f01f72ac9715ddfcb2dbb8ec':
asfdec: avoid crash in the case when chunk_len is 0 or pkt_len is 0
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '93f16f338f9e8aba0c006752eb3afc3fe6e137fd':
asfdec: close the demuxer properly when read_header is failing
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '5655236a67203d923755f285584c6e68abe7e33f':
asfdec: factor out seeking to the Data Object outside while
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '2883ef34b59c9b427c4cfad4620c3235e5778406':
asfdec: read the replicated data in a separate function
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '0989d3ad1fbd7509815208b0a5792918492d2a68':
asfdec: convert condition for the replicated data reading to be safer
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '406627287e015ce381795e85e2557b12bf60ca35':
asfdec: do not read replicated data when their length is 0
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit 'c571424c7f6276a6374e1784ce2a33d4b6a4292d':
asfdec: prevent memory leaks found with Coverity Scan
Merged-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '796268654c7807c9a1cfb322c838383e2b900d60':
asfdec: always reset packet state after seeking
Merged-by: Michael Niedermayer <michael@niedermayer.cc>