Fixes a segfault when trying to write nonexistent rtp information.
Signed-off-by: Simon Thelen <ffmpeg-dev@c-14.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70fb5eadc580a82c4b977a1233d70ad0041faba0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The buffer needs s->bpp bytes, at maximum currently 10.
Assert that s->bpp is not larger.
This fixes a stack buffer overflow.
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 3e8e1a660ea182111057d56ec1cfad2c62250f4c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit db374790c75fa4ef947abcb5019fcf21d0b2de85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: b877a6b788a25c70e8b1d014f8628549/asan_heap-oob_1da2c3f_2324_5a1b329b0b3c4bb6b1d775660ac56717.r3d
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 43492ff3ab68a343c1264801baa1d5a02de10167)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: a9502b60f4cecc19475382aee255f73c/asan_heap-oob_1e87fba_2548_a8ad47f6dde36644fe9cdc444d4632d0.sub
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c719cd6cf79ec21d974b81ba874580f4b8e9eb90)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b6fac11da470274d4b93d46ef66527aa1824179)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 54e488b9da4abbceaf405d6492515697/asan_heap-oob_32769b0_160_a8755eb08ee8f9579348501945a33955.TIF
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4a731b84a08f0f3839eaaaf82e97d8d9c67da46)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 24d05e8b84676799c735c9e27d97895e/asan_heap-oob_1b70f6a_2955_7c3652a7f370f9f3ef40642bc2c99bb2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93f30f825c08477fe8f76be00539e96014cc83c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 04715144ba237443010554be0d05343f/asan_heap-oob_1eafc76_1737_c685b48041a563461839e4e7ab97abb8.jpg
Fixes out of array access
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d24888ef19ba38b787b11d1ee091a3d94920c76a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Avoids inheritance of file handles on Windows systems similar to the
O_CLOEXEC/FD_CLOEXEC flag on Linux.
Fixes file lock issues in Windows applications when a child process
is started with handle inheritance enabled (standard input/output
redirection) while a FFmpeg transcoding is running in the parent
process.
Links relevant to the subject:
https://msdn.microsoft.com/en-us/library/w7sa2b22.aspx
Describes the _wsopen() function and the O_NOINHERIT flag. File handles
opened by _wsopen() are inheritable by default.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx
Describes handle inheritance when creating new processes. Handle
inheritance must be enabled (bInheritHandles = TRUE) e.g. when you want
to pass handles for stdin/stdout via lpStartupInfo.
Signed-off-by: Tobias Rapp <t.rapp@noa-audio.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 474665346616e446ecd1407002fdf5f88201bf72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes null pointer dereference
Fixes part of Ticket4977
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9368d2da3d33cac845f2fdf663df500b53625c5e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Context cookies must be updated when a playlist response return Setcookie header.
See: 770dd105044d00263da041f509a08b316296a78e
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes crash
Fixes Ticket4969 part 1
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07225fa74f2cdb29d6d85fd33675539bfdfe9ea5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This ensures that they are always set to valid values
Fixes Ticket4939
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a878dfa4f57d068eb69fb6614f7a4a20f769ee7b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket4931
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c2d4e8700cd3db59bc11ab196c0002215cf601f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Some RTSP servers ("HiIpcam/V100R003 VodServer/1.0.0") respond to
our keepalive GET_PARAMETER request by a truncated RTSP header
(lacking the final empty line to indicate a complete response
header). Prior to 764ec70149, this worked just fine since we
reacted to the $ as interleaved packet indicator anywhere.
Since $ is a valid character within the response header lines,
764ec70149 changed it to be ignored there. But to keep
compatibility with such broken servers, we need to at least
allow reacting to it at the start of lines.
Fixes ticket #4952.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit e02dcdf6bb6835ef4b49986b85a67efcb3495a7f)
Fixes trac ticket 3226. Also see Andreas' analysis in
https://bugs.debian.org/801745, which was very helpful.
(cherry picked from commit 52f84d82bdf1851ecfcc412c1719e5f6f3396209)
Commit 2b3e9bbfb529e6bde238aeb511b55ebe461664c8 caused problems for a
certain API user:
https://code.google.com/p/chromium/issues/detail?id=537725https://code.google.com/p/chromium/issues/detail?id=542032
The problem seems rather arbitrary, because if there's junk, anything
can happen. In this case, the imperfect junk skipping just caused it to
read different junk, from what I can see.
We can improve the accuracy of junk detection by a lot by checking if 2
consecutive frames use the same configuration. While in theory it might
be completely fine for the 1st frame to have a different format than the
2nd frame, it's exceedingly unlikely, and I can't think of a legitimate
use-case.
This is approximately the same mpg123 does for junk skipping. The
set of compared header bits is the same as the libavcodec mp3 parser
uses for similar purposes.
(cherry picked from commit de1b1a7da9e6ddf42447271e519099a88b389e4a)
Fixes ticket #4924.
Found-by: Jaroslav Šnajdr <jsnajdr@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit df239b76195156f179618ddb8b167d5bf1245247)
Fixes: Ticket4878
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c980c5e54dfe83ce8b631845ce750c38cec56873)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Without EXT-X-MAP support we miss the first bytes of some streams.
These streams worked by luck before byte-ranged segment support was added in
da7759b3579de3e98deb1ac58e642b861280ba54
Fixes ticket #4797.
(cherry picked from commit 909907948846dedf57a730a4d115d04d1117f9e5)
Conflicts:
libavformat/hls.c
Commit ad701326b43078b90 ("avformat/hls: open playlists immediately when
AVDISCARD_ALL is dropped") inadvertently caused first_packet to never be
cleared, causing select_cur_seq_no() to not use the specific code for
live streams.
In practice this means that when the user selects a different audio
track during live stream (i.e. non-VOD) playback, there may be some
additional delay as the code might select an incorrect segment at first,
and we have to wait for video to catch audio (if too late segment was
selected) or to download more following audio segments (if too early
segment was selected).
Fix that by restoring the zeroing of first_packet.
(cherry picked from commit fd74d45d5158812675105a3b4aeb29c67b82f7e8)
The variable is not a constant and can lead to race conditions
Fixes: repro.webm (not reproducable with FFmpeg alone)
Found-by: Dale Curtis <dalecurtis@google.com>
Tested-by: Dale Curtis <dalecurtis@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dabea74d0e82ea80cd344f630497cafcb3ef872c)
When scaling only a slice of a frame the output was written always
in the first lines leaving the rest of the frame black.
(cherry picked from commit 5bd62a1b3c3356b84818efca3fcaf52da27a32af)
If there is no #EXT-X-BYTERANGE specified, there is no need to seek.
Seeking fails anyway for rtmp, because this protocol does not support
url_seek.
This fixes CNN.m3u from trac ticket 4797 (i.e. Debian bug #798189).
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f9f0b4c08e7dc2c178ede137af4f64ca84ab2deb)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
the pps offset is used to locate pps in the spspps_buf; however, the
current calc method is wrong because it is the offset of the original
avctx->extradata;
when there is only one sps in the avcc; the value is correct by
coincidence, however, it will
fail in avcc with multi sps
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6b32d0d86b6bec2b5cb565d6ab4556f8cd66214a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d126ef188639e0b55bdbbb755eafced66f23352)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Broken by commit ba12ba859aabfa7153ba397d869db13acdaba340. This only
happens with HLS streams which use encryption and require preserving
cookies sent by the server.
Fixes trac issue #4846.
(cherry picked from commit 26eb2940079d0ec433cf9b2deae24560707cbcf8)
Commits 43bc5cf9 and c5371f77 add code for skipping initial zeros in mp3
packets. This code forgot to report to the user that data was skipped at
all.
Since audio codecs allow partial packet decoding, the user application
has to rely on the return value. It will remove the data reported as
consumed by the decoder, and feed it to the decoder again. This resulted
in the mp3 frame after the zero region to be decoded over and over
again, until the zero region was finally skipped by the application.
Fix this by including the amount of skipped bytes to the number of
consumed bytes returned by the decode call.
Fixes trac ticket #4890.
(cherry picked from commit cb1da9fb8d71bb611a7b0028914c97afc3f5711d)
Fixes regression since 7218352e0228028dfa009a3799ec93fd041065f1: WebVTT
files were matching the SRT probing.
(cherry picked from commit 40d9d6de90c3652f4c468ab14976c7faf5e40c07)
Should fix compilation with mingw-w64 trunk, where ID3D11VideoDecoder is available
but ID3D11VideoContext still isn't.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b8e4df46ab5a6b8333dbcd872e4f161fc9bba83a)
