* commit 'd1d99e3befea5d411ac3aae72dbdecce94f8b547':
pcx: Check the packet size before assuming it fits a palette
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'fc739b3eefa0b58d64e7661621da94a94dbc8a82':
xan: Only read within the data that actually was initialized
Conflicts:
libavcodec/xan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '30db94dc399f6e4ef8905049d9b740556f0fce47':
xan: Use bytestream2 to limit reading to within the buffer
Conflicts:
libavcodec/xan.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9fb0de86b49e9fb0709a8ad1e1875e35da841887':
pcx: Consume the whole packet if giving up due to missing palette
Conflicts:
libavcodec/pcx.c
See: b4e516e30e
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'c231987662194d009dd91bfc57c678e0e70ca161':
mov: Make sure the read sample count is nonnegative
Conflicts:
libavformat/mov.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '640a2427aafa774b83316b7a8c5c2bdc28bfd269':
bfi: Add some very basic sanity checks for input packet sizes
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'a9221e39600a31ee13e736e9e47743cde23f0280':
electronicarts: Add more sanity checking for the number of channels
Note: This check is probably unnecessary
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '59480abce7e4238e22b3a4a904a9fe6abf4e4188':
alac: Do bounds checking of lpc_order read from the bitstream
See: fd4f4923cc
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '8d07258bb6063d0780ce2d39443d6dc6d8eedc5a':
avidec: Make sure a packet is large enough before reading its data
Conflicts:
libavformat/avidec.c
See: 028cc42a16
Note: data!=NULL implies that the allocated array is at least FF_INPUT_BUFFER_PADDING_SIZE large
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '68ff9981283a56c731f00c2ee7901103665092fc':
vqf: Make sure the bitrate is in the valid range
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9277050e2918e0a0df9689721a188a604d886616':
vqf: Make sure sample_rate is set to a valid value
See: e481ba2ed7
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Output plane height used horizontal instead of vertical subsampling.
This is just cosmetic change as filter does not support formats where
vertical subsampling does not match horizontal one.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
This fixes reads out of bounds.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
We read 2 bytes for 15 out of 16 pixels, therefore we need to
have at least 30 bytes, not 16.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Decoded data is always written in pairs within this decoder.
This fixes writes out of bounds.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Previously, we returned 0, meaning successful decoding but 0
bytes consumed, leading to an infinite loop.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
If the input buffer contains more data after the deflate stream,
the loop previously left running infinitely, with inflate returning
Z_STREAM_END.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This avoids setting a negative number of frames, ending up with a
negative average frame rate.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
If a zero-length video packet is to be returned, just return
AVERROR(EAGAIN) and switch back to the audio stream.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This avoids a division by zero for G726.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This avoids a division by zero.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
In lpc_prediction(), we write up to array element 'lpc_order' in
an array allocated to hold 'max_samples_per_frame' elements.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Even if the sample rate is valid, an invalid bitrate could
pass the mode combination test below.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This avoids divisions by zero later (and possibly assertions in
time base scaling), since an invalid rate_flag combined with an
invalid bitrate below could pass the mode combination test.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
