Fixes Ticket4227
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2c660e34cf)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
as this kind of allows to circumvent it to some extend.
We also could add a separate parameter or value to choose this
Found-by: ramiro
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1e4d0498df)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is the remaining error, the output on the SPX samples,
respectively csi_miami_stereo_128_spx.eac3 and
csi_miami_5.1_256_spx.eac3, goes from:
stddev: 8.71 PSNR: 77.52 MAXDIFF: 235
stddev:24270.51 PSNR: 22.17 MAXDIFF:47166
to:
stddev: 0.12 PSNR:114.12 MAXDIFF: 1
stddev: 0.12 PSNR:114.73 MAXDIFF: 1
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0c3339f4bd)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It was set to 1 instead of sqrt(3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c4bf3833f4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Should also improve decoding, but actually doesn't...
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b083440060)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The AC3DecodeContext has a float (USE_FIXED=0) and an integer
(USE_FIXED=1) variant, both of which can be present in the same binary.
This is not only very confusing, but it also breaks horribly, when one
variant is used by code expecting the other.
This currently happens, because eac3dec.c is only compiled for the float
variant, but also used from ac3dec_fixed.c, which uses the integer
variant.
The result is memory corruption, leading to crashes.
So compile eac3dec.c once for each variant and adapt it, so that it
works with the integer variant.
A loss of precission and scaling bug has been fixed by the committer
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7b05b5093e)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: ffmpeg_012v_crash.ts
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Reviewed-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 48df30d36c)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes division by 0
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d3b25383da)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2c8cff2be4)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
So far it is only set in roq_encode_frame, but it is used in
roq_encode_end to free the coded_frame. This currently segfaults if
roq_encode_frame is not called between roq_encode_init and
roq_encode_end.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit cf82c426fa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
allowing access to the size but not the extradata itself is not useful
and could lead to potential problems if writing happens through this field
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Reviewed-by: Lukasz Marek <lukasz.m.luki2@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1f4088b285)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If resyncing leads to the same position as previously, it will again
lead to a resync attempt, resulting in an infinite loop.
Thus don't seek back beyond the last syncpoint.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6b8263b03a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
A negative time base can trigger assertions.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4c91d81be2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If EOF is reached, while skipping bytes, avio_tell(pb) won't change
anymore, resulting in an infinite loop.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6fa98822eb)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
They are used in a switch statement, but it is not guaranteed that the
COMM case (where they are set to 0) is reached before the other cases.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 66879ee125)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The chunk size is limited to 0xFFFF (written by avio_wb16), so make
sure that the packet size is not too large.
Such large frames need to be split into slices smaller than 64 kB, but
that is currently supported neither by the rv10/rv20 encoders nor the rm
muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
See Ticket244
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 08728f400b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.
If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5de2dab12b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If it doesn't fit into 12 bits it triggers an assertion.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 2578a54618)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
When all the codepaths using manually set .arch/.fpu code is
behind runtime detection, the elf attributes should be suppressed.
This allows tools to know that the final built binary doesn't
strictly require these extensions.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit dcae2e32f7)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Normally the aic decoder finds the proper slice combination (multiple of
some number less than 32) but in case of odd width, it resorts to the
default values, which were actually swapped.
The number of slices is modified to account for such odd width cases.
CC: libav-stable@libav.org
(cherry picked from commit e878ec0d47)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This ensures that all current and future code-pathes get bpp checked
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d5e9fc7821)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 10fd7ff814)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The str variable is a char ** here.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 6448f15af0)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array access
Fixes: ffmpeg_opus_crash1.ogg
This solution is likely not optimal in terms of error concealment but
its simple and fixes the out of array access.
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 6c583e9048)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is safer than to assume that all error pathes cleared them and
nothing will use uncleared pointers.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1ae092587f)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array accesses
Fixes: ffmpeg_mjpeg_crash2.avi
Found-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Tested-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e3201c38d5)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
According to the WebP Lossless Bitstream Specification
"each transform is allowed to be used only once".
If a transform is more than once this can lead to memory
corruption.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit c089e720c1)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
s->listen_timeout is passed to ff_listen_bind(), which accepts a timeout
value expressed in milliseconds.
The unit was incorrectly set in 1b4da43ce0.
(cherry picked from commit 6db20926c3)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
flags is later written with avio_w8 and if it doesn't fit in one byte it
triggers an av_assert2.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit e8565d21c2)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 732c3ebffa)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
These could trigger assert failures previously
Found-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5705dc5276)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes use of uninitialized memory
Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 007498fc1a)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Other codecs/channel numbers are not supported by this muxer.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit d0b8640f75)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Ohter packet sizes are not supported by this muxer.
This avoids a null pointer dereference of pkt->data.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eeda2c3de8)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This avoids a null pointer dereference of pkt->data.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 7faa40af98)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It is used in adx_read_packet, which currently depends on the decoder/parser setting this value between reading the file header and demuxing the first packet.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 64ea4a0598)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Several encoders were multiplying the buffer size by 8, in order to get
a bit size. However, the buffer_size argument is for the byte size of
the buffer. We had experienced crashes encoding prores (Anatoliy) at
size 4096x4096.
(cherry picked from commit 50833c9f7b)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Change register constraint on the v variable from = to +. This was causing GCC
to think that the v variable was never read and therefore not initialize it.
This fixes about 20 fate failures on mips64el.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b9de1303a6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
log2 values which imply numeric overflow are not supported
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 205b2ba3d6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes out of array read
Fixes: asan_heap-oob_4d4eb0_3994_cov_3169972261_zmbv_15bit.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 1f5c7781e6)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes integer overflow and out of array read.
Fixes: signal_sigsegv_24169e6_3445_cov_3778346427_snow_chroma_bug.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 8f4cbf9402)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
