cache protocol indexes its cache using AVTreeNodes which require a cmp
function for inserting and searching new cache-entries. This cmp
function expects a 32-bit int return value (negative, zero, or positive)
but the cache cmp function returns an int64_t which can overflow the
int, giving negative numbers for when it should be positive, vice versa.
This manifests itself only for very large files (e.g. 4GB+)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Sebastian Dröge <sebastian@centricular.com>
Previous version reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes an issue where an int64_t ffurl_seek return-value was being stored
in an int (32-bit) "r" variable, leading to integer overflow when seeking
into a large file (>2GB), and ultimately a "Failed to perform internal
seek" error mesage.
To test, try running `ffprobe 'cache:http://<something>'` on a file that
is ~3GB large, whose moov atom is at the end of the file
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
FFDIFFSIGN was created explicitly for this purpose, since the common
return a - b idiom is unsafe regarding overflow on signed integers. It
optimizes to branchless code on common compilers.
FFDIFFSIGN also has the subjective benefit of being easier to read due
to lack of ternary operators.
Tested with FATE.
Things not covered by this are unsigned integers, for which overflows
are well defined, and also places where overflow is clearly impossible,
e.g an instance where the a - b was being done on 24 bit values.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Clément Bœsch <u@pkh.me>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
* commit '00b62968d079e63bf22028f253ac297292436ebe':
os_support: Don't try to return the service name as a string in getnameinfo
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
The size of decoding map can differ from one calculated
internally, producing artifacts while decoding video.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
ISO C restricts enumerator values to the range of int. Thus (for instance) 0x80000000
unfortunately does not work, and throws a warning with -Wpedantic on
clang 3.7.
This fixes it by using alternative expressions that result in identical
values but do not have this issue.
Tested with FATE.
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Some systems may be lacking getservbyport; the previous ifdef wasn't
quite enough since it still assumed that struct servent was defined,
as pointed out by Clément Gregoire.
Simply remove the possibility to return non-numeric services in
getnameinfo; no caller of getnameinfo within libavformat
currently try to use getnameinfo for retrieving the port number without
NI_NUMERICSERV, and falling back on getservbyport may be non-threadsafe.
Signed-off-by: Martin Storsjö <martin@martin.st>
They are not in public headers and not used outside of libavformat.
Reviewed-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
For protocols other than local files ff_rename() is not implemented
For split planes support the implementation is simply wrong
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* commit '18f9308e6a96bbeb034ee5213a6d41e0b6c2ae74':
mpjpeg: Cope with multipart lacking the initial CRLF
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '22f4d9c303ede1a240538fd105c97047db40dc86':
img2enc: Make sure the images are atomically written
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit '5ea5a24eb70646a9061b85af407fcbb5dd4f89fd':
movenc: Honor flush requests with delay_moov, when some tracks lack samples
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
* commit 'e02dcdf6bb6835ef4b49986b85a67efcb3495a7f':
rtsp: Allow $ as interleaved packet indicator before a complete response header
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>