This prevents certain tags with a default value assigned to them (as per
the EBML syntax elements) from ever being assigned a NULL value. Other
parts of the code rely on these being non-NULL (i.e. they don't check for
NULL before e.g. using the string in strcmp() or similar), and thus in
effect this prevents crashes when reading of such specific tags fails,
either because of low memory or because of targeted file corruption.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Prefix the functions/tables brktimegm, pcm_read_seek,
dv_offset_reset, voc_get_packet, codec_movaudio_tags,
codec_movvideo_tags.
After this, lavf has no global symbols without the proper prefix.
Signed-off-by: Martin Storsjö <martin@martin.st>
The existing functions defined in intfloat_readwrite.[ch] are
both slow and incorrect (infinities are not handled).
This introduces a new header with fast, inline conversion
functions using direct union punning assuming an IEEE-754
system, an assumption already made throughout the code.
The one use of Intel/Motorola extended 80-bit format is
replaced by simpler code sufficient under the present
constraints (positive normal values).
The old functions are marked deprecated and retained for
compatibility.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68eff78288f40e3c8f41ee2fa081d4a8)
Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
EBML_STOP leaves matroska->current_id set. Then matroska_read_seek changes
the stream position without resetting current_id. The next
matroska_parse_cluster fails due to calculation of incorrect pos. So clear
current_id when avio_seek happens in matroska_read_seek.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Make AVIO_FLAG_ access constants work as flags, and in particular fix
the behavior of functions (such as avio_check()) which expect them to
be flags rather than modes.
This breaks API.
ff_get_wav_header is reading data from a WAVE file and then uses it
(without validation) to malloc a buffer. It then proceeded to read
data into the buffer, without verifying that the allocation succeeded.
To address this, change ff_get_wav_header to return an error if
allocation failed, and adapted all calling code to handle that error.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
When a normal Block is parsed, duration is initialized to
AV_NOPTS_VALUE. If it is not changed, then the track's default
duration is used. But for SimpleBlock, duration is initialized to
0 instead of AV_NOPTS_VALUE. This is due to the difference in how
EBML_NEST vs EBML_PASS are processed. Setting duration to 0 leads
eventually to wrongly estimate the frame duration in util.c
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
In the name of consistency:
put_byte -> avio_w8
put_<type> -> avio_w<type>
put_buffer -> avio_write
put_nbyte will be made private
put_tag will be merged with avio_put_str
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
In the name of consistency:
get_byte -> avio_r8
get_<type> -> avio_r<type>
get_buffer -> avio_read
get_partial_buffer will be made private later
get_strz is left out becase I want to change it later to return
something useful.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
init_put_byte should never be used outside of lavf, since
sizeof(AVIOContext) isn't part of public ABI.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
This validate the length of a mkv element directly after reading
it.
This has the advantage that it is easy to add new limits and makes
it less likely to forget to add checks and also avoids issues like
bits of the length value above the first 32 being ignored because
the parsing functions only takes an int.
Previously discussed in the "mkv 0-byte integer parsing" thread.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>