Sample rate of 11025 takes 16 bits but previous code would pick only 8.
Fixes assertion failure.
Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 3e7d6849120d61bb354376d52786c26f20e20835)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Spell-checked-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3130556c0eb09f3da3c9de6473a97937a4648d62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 15cc98a0f38ac45444d177186cfbf28e14bd5f1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e32d014322eada1812af268d7ea9d53169d279c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a8034b8bc1d1cd7a8889dc385d41744be47b159)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 41e07390e04cf369d84f0cc7ff5858c273290770)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Cleaner solution is welcome!
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a53fbda9dc92273054a103db7539d2bb6e9632b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This feature is not know much or used much AFAIK, and it might be helpfull in
exploits.
No specific case is known where it can be used in an exploit though
subsequent commits depend on this commit though
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 984d58a3440d513f66344b5332f6b589c0a6bbc6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
With this, user applications which use custom IO and have set a IO context will not have
their already opened IO context ignored and glob/seq being interpreted
Comments and tests from maintainers of user apps are welcome!
Liked-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ccedc1c78c9a5140758f515d46ce23de6e6a7d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This feature is mostly only used by NLE software, and is
both of dubious value being enabled by default, and a
possible security risk.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 712d962a6a29b1099cd872cfb07867175a93ac4c)
Conflicts:
libavformat/isom.h
libavformat/mov.c
libavformat/version.h
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: aaa479088e6fb40b04837b3119f47b04/asan_heap-oob_e38c68_8576_9d653078b2470700e2834636f12ff557.tga
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 03d83ba34b2070878909eae18dfac0f519503777)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ef5de0f19774e2c3dd9b08ba2e8ab7241a4862a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 83aedfb29af669c4d6e10f1bfad974d2/asan_heap-oob_1ab42fe_4984_9f6ec14462f8d8a00ea24b320572a963.tif
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 89f464e9c229006e16f6bb5403c5529fdd0a9edd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 321e85e1769ca1fc1567025ae264760790ee7fc9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 372d2df1f04b49e25f109f07f90b1505/asan_heap-oob_2835d2e_8501_99e0114d7ba3a6db885d0b4684d200c1.cine
Fixes out of array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 757248ea3cd917a7755cb15f817a9b1f15578718)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 372d2df1f04b49e25f109f07f90b1505/asan_heap-oob_2835d2e_8501_99e0114d7ba3a6db885d0b4684d200c1.cine
Fixes out of array read
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad3b6fa7d83db7de951ed891649af93a47e74be5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes infinite loops due to seeking back.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit c29e87ad55a2be29cc8ac5c0e047512c1f5d34d4)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
asf_read_payload can unset eof_reached, so check it also before calling
that function.
This fixes infinite loops.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 0e32153e9c296366e004352ecb3f9fcea74dc17d)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes infinite loops due to seeking back.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 3776a72962b0622af17c4aef89a831da2cbaceca)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes infinite loops.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 74474750f1ac522730dae271a5ea5003caa8b73c)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
The loop can be very long, even though the file is very short.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 0002d845e873af4fd00f0519e0248b07d65bef5f)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Both avio_skip and detect_unknown_subobject use int64_t for the size
parameter.
This fixes a segmentation fault due to infinite recursion.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit aa180169961b46cf0d2bcc23cb686f93c079b256)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Otherwise invalid values are used unchecked in the next run.
This can cause NULL pointer dereferencing.
Reviewed-by: Alexandra Hájková <alexandra.khirnova@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 763c572801a3db1cc7a2f07a52fee9d2e35ec95a)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
* commit '8375dc1dd101d51baa430f34c0bcadfa37873896':
asfdec: handle the case when the stream index has an invalid value better
Merged-by: Hendrik Leppkes <h.leppkes@gmail.com>
(cherry picked from commit bf67ae3cfa28ea3c126a6d23f44d9fbb5222b54b)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
src and dst are only 8-bit-aligned, so accessing them as uint16_t causes
SIGBUS crashes on architectures like sparc.
This fixes ubsan runtime error: load of misaligned address for type
'const uint16_t', which requires 2 byte alignment
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 44ac13eed49593f4f8efdb72ab0d5b48e05aa305)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 1cb2331eca0dbde1bc63bc715a0e98771dda8b80)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes NULL pointer dereferencing if the codec is forced to
adpcm_thp even though a different one was detected.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit bcf4ee26a0a1ed349ec7489925540401002b87cc)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes NULL pointer dereferencing.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit d7d37c479fa71639650751648275615e979beb33)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This causes non-unique elements in floor_setup->data.t1.list, which
makes the stream undecodable according to the specification.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit e7a7b3135a4e5ba4bd2e144444d95a7563f53e9b)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
It causes the angle channel number to equal the magnitude channel
number, which makes the stream undecodable according to the
specification.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit b4b13848dec5420fa5dd9e1a7d4dfae5de1932d5)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This fixes segmentation faults caused by passing a packet_ptr of NULL to
memcpy.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit 40eb2531b279abe008012c5c2c292552d3e62449)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
The size of decoding map can differ from one calculated
internally, producing artifacts while decoding video.
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit c293ef258cbb2c058e23651a26edf46e3bc05050)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
(cherry picked from commit 3441fef0f8bfcdfbad69b49b7fc526fcdb2185cd)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Fixes a warning with -Wformat-extra-args
(cherry picked from commit 17e7fdf61a04f52c499e2d06eab2cf2d22343aa9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 78129978f02f27d76ecaf2cd1a7bf7a47253fdab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes a null pointer dereference at least
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cfda1bea4c18ec1edbc11ecc465f788b02851488)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
No case is known where these are needed
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ba42b6482c725a59eb468391544dc0c75b8c6f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array accesses
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8f4c3e4b92212d98f5b9ca2dee13e076effe9589)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec9c5ce8a753175244da971fed9f1e25aef7971)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array reads
Fixes: 07e8b9c5d348ccdf7add0f37de20cf6c/asan_heap-oob_27e8df7_6849_e56653f768070ec8cb52f587048444c2.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eb7802afefb7af4da50bc56818cdab9da07de7d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b6e6895f2cbfa90a39874d03e2fac392bcbd33b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids running various table inits unnecessarily
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cc538e9dbd14b61d1ac8c9fa687d83289673fe90)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
