| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DVD subtitle parser handles two types of packets: "normal"
packets with a 16-bit length, and HD-DVD packets that set the
16-bit length to 0 and encode a 32-bit length in the next four
bytes. This implies that HD-DVD packets are at least six bytes
long, but the code didn't actually verify this.
The faulty length check results in an out of bounds read for
zero-length "normal" packets that occur in the input, which are
only 2 bytes long, but get misinterpreted as an HD-DVD packet.
When this happens the parser reads packet_len from beyond the
end of the input buffer. The subtitle stream is not correctly
decoded after this point due to the garbage packet_len.
Fixing this is pretty simple: fix the length check so packets
less than 6 bytes long will not be mistakenly parsed as HD-DVD
packets.
Signed-off-by: Aidan MacDonald <aidanmacdonald.0x0@gmail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
|
| |
|
|
|
|
|
| |
Possible now that the next pointer no longer exists.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
|
| |
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fixes: out of array read
Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
| |
No testcase
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
| |
|
|
|
|
| |
size field
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
|
|
| |
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |
|
|
|
|
|
| |
Fixes a infinite loop
Fixes Ticket3804
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master:
Fix even more missing includes after the common.h removal
build: Factor out rangecoder dependencies to CONFIG_RANGECODER
build: Factor out error resilience dependencies to CONFIG_ERROR_RESILIENCE
x86: avcodec: Consistently name all init files
Add more missing includes after removing the implicit common.h
Add some more missing includes after removing the implicit common.h
Don't include common.h from avutil.h
rtmp: Automatically compute the hash for SWFVerification
Conflicts:
configure
doc/APIchanges
doc/examples/decoding_encoding.c
libavcodec/Makefile
libavcodec/assdec.c
libavcodec/audio_frame_queue.c
libavcodec/avpacket.c
libavcodec/dv_profile.c
libavcodec/dwt.c
libavcodec/libtheoraenc.c
libavcodec/rawdec.c
libavcodec/rv40dsp.c
libavcodec/tiff.c
libavcodec/tiffenc.c
libavcodec/v210dec.h
libavcodec/vc1dsp.c
libavcodec/x86/Makefile
libavfilter/asrc_anullsrc.c
libavfilter/avfilter.c
libavfilter/buffer.c
libavfilter/formats.c
libavfilter/vf_ass.c
libavfilter/vf_drawtext.c
libavfilter/vf_fade.c
libavfilter/vf_select.c
libavfilter/video.c
libavfilter/vsrc_testsrc.c
libavformat/version.h
libavutil/audioconvert.c
libavutil/error.h
libavutil/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | |
| |
| |
| | |
Signed-off-by: Martin Storsjö <martin@martin.st>
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '36ef5369ee9b336febc2c270f8718cec4476cb85':
Replace all CODEC_ID_* with AV_CODEC_ID_*
lavc: add AV prefix to codec ids.
Conflicts:
doc/APIchanges
doc/examples/decoding_encoding.c
doc/examples/muxing.c
ffmpeg.c
ffprobe.c
ffserver.c
libavcodec/8svx.c
libavcodec/avcodec.h
libavcodec/dnxhd_parser.c
libavcodec/dvdsubdec.c
libavcodec/error_resilience.c
libavcodec/h263dec.c
libavcodec/libvorbisenc.c
libavcodec/mjpeg_parser.c
libavcodec/mjpegenc.c
libavcodec/mpeg12.c
libavcodec/mpeg4videodec.c
libavcodec/mpegvideo.c
libavcodec/mpegvideo_enc.c
libavcodec/pcm.c
libavcodec/r210dec.c
libavcodec/utils.c
libavcodec/v210dec.c
libavcodec/version.h
libavdevice/alsa-audio-dec.c
libavdevice/bktr.c
libavdevice/v4l2.c
libavformat/asfdec.c
libavformat/asfenc.c
libavformat/avformat.h
libavformat/avidec.c
libavformat/caf.c
libavformat/electronicarts.c
libavformat/flacdec.c
libavformat/flvdec.c
libavformat/flvenc.c
libavformat/framecrcenc.c
libavformat/img2.c
libavformat/img2dec.c
libavformat/img2enc.c
libavformat/ipmovie.c
libavformat/isom.c
libavformat/matroska.c
libavformat/matroskadec.c
libavformat/matroskaenc.c
libavformat/mov.c
libavformat/movenc.c
libavformat/mp3dec.c
libavformat/mpeg.c
libavformat/mpegts.c
libavformat/mxf.c
libavformat/mxfdec.c
libavformat/mxfenc.c
libavformat/nsvdec.c
libavformat/nut.c
libavformat/oggenc.c
libavformat/pmpdec.c
libavformat/rawdec.c
libavformat/rawenc.c
libavformat/riff.c
libavformat/sdp.c
libavformat/utils.c
libavformat/vocenc.c
libavformat/wtv.c
libavformat/xmv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* qatar/master: (44 commits)
replacement Indeo 3 decoder
gsm demuxer: do not allocate packet twice.
flvenc: use first packet delay as global delay.
ac3enc: doxygen update.
imc: return error codes instead of 0 for error conditions.
imc: return meaningful error codes instead of -1
imc: do not set channel layout for stereo
imc: validate channel count
imc: check for ff_fft_init() failure
imc: check output buffer size before decoding
imc: use DSPContext.bswap16_buf() to byte-swap packet data
rtsp: add allowed_media_types option
libgsm: add flush function to reset the decoder state when seeking
libgsm: simplify decoding by using a loop
gsm: log error message when packet is too small
libgsmdec: do not needlessly set *data_size to 0
gsmdec: do not needlessly set *data_size to 0
gsmdec: add flush function to reset the decoder state when seeking
libgsmdec: check output buffer size before decoding
gsmdec: log error message when output buffer is too small.
...
Conflicts:
Changelog
ffplay.c
libavcodec/indeo3.c
libavcodec/mjpeg_parser.c
libavcodec/vp3.c
libavformat/cutils.c
libavformat/id3v2.c
libavutil/parseutils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
| | |
| |
| |
| |
| |
| |
| | |
None of these symbols should be accessed directly, so declare them as
hidden.
Signed-off-by: Mans Rullgard <mans@mansr.com>
|
| |/
|
|
|
|
|
|
| |
None of these symbols should be accessed directly, so declare them as
hidden.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit d36beb3f6902b1217beda576aa18abf7eb72b03c)
|
| |
|
|
|
|
| |
Patch by Daniel Verkamp daniel at drv dot nu.
Originally committed as revision 17526 to svn://svn.ffmpeg.org/ffmpeg/trunk
|
| |
|
|
| |
Originally committed as revision 16684 to svn://svn.ffmpeg.org/ffmpeg/trunk
|
| |
|
|
| |
Originally committed as revision 16556 to svn://svn.ffmpeg.org/ffmpeg/trunk
|
| |
|
|
|
|
| |
Patch by: Ian Caulfield, ian caulfield & gmx at
Originally committed as revision 9790 to svn://svn.ffmpeg.org/ffmpeg/trunk
|
| |
|
|
| |
Originally committed as revision 8921 to svn://svn.ffmpeg.org/ffmpeg/trunk
|
|
|
Originally committed as revision 8910 to svn://svn.ffmpeg.org/ffmpeg/trunk
|
