Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2e13a45b1a9a69456631e582bbb06954d169eb55)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: signal_sigsegv_3670fc0_2818_cov_2307326154_moon.mux
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 79a98294da6cd85f8c86b34764c5e0c43b09eea3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_4d5bb0_682_cov_3124593265_Fraunhofer__a_driving_force_in_innovation__small.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 330863c9f19a23c500ba7901a23f1cc377b353bb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
the max value of the lookup in expanded form is:
(((1 << 7) - 1) << 1) - 65 + 1 + 64 = 254
add one entry of padding to inv_map_table[] to prevent out of bounds
access with non-conforming / fuzzed bitstreams
Signed-off-by: James Zern <jzern@google.com>
Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e91f860ea74e11e9178500fe8794c47f57dbf48c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_7f875d_3482_cov_1818465256_ssudec.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0083c16605aa5997534e87e68f97ef85a8c3b7b8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes inconsistency and out of array access
Fixes: asan_heap-oob_17301a3_2100_cov_3226131691_ff_add_pixels_clamped_mmx.m2ts
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4aa0de644a2de62f0bc3013a4533ab9283aa0a65)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: asan_heap-oob_1dd60fd_267_cov_2954683513_5baad44ca4702949724234e35c5bb341.jpg
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 84afc6b70d24fc0bf686e43138c96cf60a9445fe)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b54ac8403bfea4e7fab0799ccfe728ba76959a38)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Previously these chunks where parsed again for each frame with threads
but not without leading to a different path and the potential for
inconsistencies
This also removes a related special case from decode_ihdr_chunk()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f1ffa01dd3dad983481bf05ec47246e7ec0c8932)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is required by the APNG spec
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a1736926e9ae51706b537776722e816a4d1f6b36)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Multiple IHDR chunks are forbidden in PNG
Fixes inconsistency and out of array accesses
Fixes: asan_heap-oob_4d5c5a_1738_cov_2638287726_c-m2-8f2b481b7fd9bd745e620b7c01a18df2.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 47f4e2d8960ca756ca153ab8e3e93d80449b8c91)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Claiming to have decoded more bytes than the packet size is wrong.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 2a4700a4f03280fa8ba4fc0f8a9987bb550f0d1e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes fate/dds-rgb16 on big endian
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f6ab967eae497733f6adc12b30075980fd6eea98)
Conflicts:
tests/ref/fate/dds-rgb16
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e22edbfd413242dda720dc5191fc00a51c24d74c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The pixel buffer base address is never unlocked this causes
a bug with some pixel format types that are produced natively
by the hardware decoder: the first buffer was always used.
Unlock the pixel buffer base address fixes the issue.
(cherry picked from commit c06fdacc3dc706e70d953917fea845532d3703ca)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7604358018229f345dfdf88b16c8930a67984435)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit abb833c5681b84d7025c083e2191140eaa30dca7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The function is specific to little endian
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4df3cf90bf7a54793e90304bd1b6c7599673f36a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d4325b2fea9e2f4f4a17d0b929f12425e9c39964)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c70c6be2259759b75c1b1dc7d68a0cf172f2cab8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Instead print an error and continue
Fixes Ticket4702
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6a1204a1a46674084b1e6b92562f81aaab7aac69)
Any other x265 symbol may not exported, e.g. if the build is a
multilib (10-bit and 8-bit in one) build.
This is the only symbol we directly call, and is available in the
build number we check for.
Fixes the configure check on multilib x265 builds.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
(cherry picked from commit f4be604f1c4d5cb6480c81c671d646cc16b02017)
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0c15f2f158e11950c2a5c831787ea377b7671bf4)
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 910eeab48026060b5f7780b2560445c069eb4d6b)
Fixes Ticket3368
Commit message by commiter
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit a9af9da6311b4ba50abe55d14d42a4d4818e83d8)
Use new H264Ref.reference field to track field picture flags. The
H264Picture.reference flag in DPB is now irrelevant here.
This is a regression from git commit d8151a7, and that affected
multiple interlaced video streams.
Signed-off-by: Gwenole Beauchesne <gwenole.beauchesne@intel.com>
(cherry picked from commit 88325c2e0b63abf4c3482cecd43870015123764a)
Also fix typo found by Lou Logan:
Sacrifying -> Sacrificing
Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 28efeb6502df37c99ccf18575d2552381d83a877)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
The current check is too strict for newer makeinfo versions.
Existing version strings are:
makeinfo (GNU texinfo) 4.13
makeinfo (GNU texinfo) 5.2
texi2any (GNU texinfo) 5.9.93
Probably version 6 will come in the not too far future.
Reviewed-by: Timothy Gu <timothygu99@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 72654526e4489c0aac05d25cfeca5bbba26026b3)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
In the TTA extradata re-construction the values are written with
avio_wl16 and if they don't fit into uint16_t, this triggers an
av_assert2 in avio_w8.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 92e79a2f7bf2f8bb0cb2d1a3e4d76737557071c4)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
And default to 8000 if it is invalid.
An invalid sample rate can trigger av_assert2 in av_rescale_rnd.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 5b76c82fd7a5f4f36bb901b8c43d7f7319599599)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Fixes undefined behavior and segfault
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8edc17b639c4ac47913c467107ffb43c67c64890)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
QP_store is only 8-bit-aligned, so accessing it as uint32_t causes
SIGBUS crashes on sparc.
The AV_RN32/AV_WN32 macros only do unaligned access in the
HAVE_FAST_UNALIGNED case.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 590743101dc934043f34013f1c9bb9fb261355b0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes segmentation faults, which were introduced in commit
4ba8f327.
Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit d216b9debd9843d31732ebb7344a85b3cd96b7cc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Try to reduce user confusion.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit f6c3f1ed6048ebc55f652ed59f7af9acebbf57e5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Workaround for ticket #4287.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7b1c03aa744f1f82fe30ea2cd2aeef2ea01d5ce9)
Conflicts:
libavcodec/libx264.c
Fixes ticket #4628.
The problem arose, in the sample file at least, in the last block where the
minimum and maximum Rice partition orders were both 0. In that case, and any
other where pmax == pmin, the original UINT32_MAX placeholder value for
bits[opt_porder] was getting overwritten before the comparison to check if the
current partition order is a new optimal, so the correct partition order and
RiceContext params were not being set.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2469ed32c81ebf2347e6883091c566724b286167)
GNUTLS_SHUT_RDWR means GnuTLS will keep waiting for the server's
termination reply. But since we don't shutdown the TCP connection at
this point yet, GnuTLS will just keep skipping actual data from the
server, which basically is perceived as hang.
Use GNUTLS_SHUT_WR instead, which doesn't have this problem.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2222f419da99ef85d49ab04e7e15b76612f4d054)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket4621
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 57078e4d255a06246fef27846073f5ffb312b5dc)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket4611
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d1050d9950610aa2b27878b67bb2b902dd717e7c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes Ticket4636
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 3a6a8f6ee1cb619913b87b6c78e0436303e2a35f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Calling ffio_ensure_seekback() if ffio_init_checksum() has been called
on the same context can lead to out of bounds memory accesses and
crashes. The reason is that ffio_ensure_seekback() does not update
checksum_ptr after reallocating the buffer, resulting in a dangling
pointer.
This effectively fixes potential crashes when opening mp3 files.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit dc87758775e2ce8be84e4fe598e12416e83d2845)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is more robust.
And only check if there is actually a frame returned.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit dd6c8575dbc8d3ff5dc2ffacb5028c253066ff78)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Also use the frame pixel format instead of the one from the codec
context, which is more robust.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit fdc64a104410f5fcc7f35b62287b0ae502b7061a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Neccessary -> Necessary
formated -> formatted
thee -> the
eventhough -> even though
seperately -> separately
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit ed0b1db640110cccdbf0db1d882fb952cf3a130d)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This reverts commit 04f0002, which made it impossible to enable VSX with
a generic cpu.
This changes the behavior back to what it was before commit b0af404.
Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 45babb01217f4cf776c50f1bec8ced0065277c89)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Found-by: Daemon404
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8e91d9652ea5048d9014e7636e12c6ed4732d7b7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
