- 15 Nov, 2015 5 commits
-
-
Matthieu Bouron authored
-
Matthieu Bouron authored
-
Matthieu Bouron authored
The decoder extracts and fills its parameters even if the frame is skipped due to the skip_frame setting.
-
Michael Niedermayer authored
The function is renamed to ff_rint64_clip() This should avoid build failures on VS2012 Feel free to changes this to a different solution Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes out of array read Fixes: cb3f38b08b4541523974667c7d1eee9e/asan_heap-oob_2659e18_9838_021fd5cd635bf76cede6398cd9ecbcdd.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 14 Nov, 2015 18 commits
-
-
Michael Niedermayer authored
Fixes potential out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes out of array read Fixes: c50c4aa6cefda71b19a31ea12302980c/asan_heap-oob_12be5fd_7011_33ebd015a74976215934add72b9c8352.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
The height of tables can be rounded up for MBAFF but this does not imply that is also true for the previous frames Fixes out of array reads Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Cadhalpun authored
Having both is not valid and can cause a NULL pointer dereference of frame->data[1] later. Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
-
Michael Niedermayer authored
Fixes division by 0 Fixes: b293a6479bb4b5286cff24d356bfd955/asan_generic_225c3c9_7819_cc526b657450c6cdef1371b526499626.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes out of array read Fixes: 7fcd09eadd046e326d8ea0af66f166c8/asan_heap-oob_4a52e5_2273_fa6078a10dd575df266fb1e0b4114cd5.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Ganesh Ajjanagadde authored
M_SQRT2 is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of a floating literal. Fixed point values produced by C_FIX(), R_FIX() remain identical. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
-
Ganesh Ajjanagadde authored
M_SQRT2 is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of an ad-hoc define. Fixed point values produced by FIX() remain identical. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
-
Ganesh Ajjanagadde authored
M_PI is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of an ad-hoc floating literal. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
-
Ganesh Ajjanagadde authored
M_E is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of an ad-hoc define. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
-
Michael Niedermayer authored
Fixes out of array read Fixes: 61cf123c081ee2bb774d307c75bdb99e/asan_heap-oob_1224f76_5546_bee833ffae73f752b489b9eeaac52db7.dpx Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Hendrik Leppkes authored
This implementation does not support TLS listen sockets and loading CA/Certs from files. The Windows API does not support loading PEM certs, and would either require a manual loader or instead be limited to loading Windows PFX certificates TLS listen sockets would have to be implemented quite separately, as many of the APIs are different for server-mode (as opposed to client mode).
-
Michael Niedermayer authored
Fixes out of array read Fixes: 3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes deallocation of corrupted pointer Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi No releases affected Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes out of array read Fixes: 20dd01398dee0f6d83d7e5410a2ae8eb/signal_sigsegv_39eeb1f_4001_62efbdf1c60748dabf1ec310b59525fd.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Ganesh Ajjanagadde authored
The rationale for this function is reflected in the documentation for it, and is copied here: Clip a double value into the long long amin-amax range. This function is needed because conversion of floating point to integers when it does not fit in the integer's representation does not necessarily saturate correctly (usually converted to a cvttsd2si on x86) which saturates numbers > INT64_MAX to INT64_MIN. The standard marks such conversions as undefined behavior, allowing this sort of mathematically bogus conversions. This provides a safe alternative that is slower obviously but assures safety and better mathematical behavior. API: @param a value to clip @param amin minimum value of the clip range @param amax maximum value of the clip range @return clipped value Note that a priori if one can guarantee from the calling side that the double is in range, it is safe to simply do an explicit/implicit cast, and that will be far faster. However, otherwise this function should be used. avutil minor version is bumped. Reviewed-by: Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
-
Michael Niedermayer authored
Fixes integer overflow Fixes: 1e32c6c591d940337c20b197ec1c4d3d/asan_heap-oob_4a52e5_8946_0bb0d9e863def56005e49f1d89bdc94d.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes integer overflow Fixes: 0c2625f236ced104d402b4a03c0d65c7/asan_generic_274e1ce_5990_9314e7a67c26aecf011b178ade9f217c.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 13 Nov, 2015 2 commits
-
-
Michael Niedermayer authored
Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Bryan Huh authored
When async issues its inner seek via ffurl_seek, it treats failures as EOF being reached. This is not consistent with the behavior of other protocols (e.g. http, cache) which continue to tolerate reads after failed seeks, and therefore does not interact correctly with them. A common pattern where this manifests itself is where avio_seek is called with pos to be the end-of-file - the http range-request would fail here, and async would set io_eof_reached to 1. The background thread would then refuse to read more bytes, and subsequent reads would only empty the fifo and end in an error. Presumably the code may have expected subsequent seeks to unset the io_eof_reached but this is not guaranteed to be true - a subsequent seek that lands in the AVIOContext's buffer (the fact that the previously-failed avio_seek leaves the AVIOContext's buffer intact also suggests that follow-up reads are expected to be tolerated) would not be issued to the async_seek function, and when that buffer is drained only async_read calls would follow, leading to the same error just described. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 12 Nov, 2015 6 commits
-
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
KO Myung-Hun authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Will Kelleher authored
Just realized my previous patch doesn't work quite right. I uploaded a better sample file that actually has visible captions to /incoming/hevc_cc.ts. I tested with that file doing hevc->x264 and it works. This is basically an exact copy of the existing h264 logic. Signed-off-by: Will Kelleher <wkelleher@gogoair.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Matt Oliver authored
Signed-off-by: Matt Oliver <protogonoi@gmail.com>
-
Matt Oliver authored
This adds msvc optimisations as well as fixing an error in icl whereby it will generate invalid code otherwise. Signed-off-by: Matt Oliver <protogonoi@gmail.com>
-
- 11 Nov, 2015 9 commits
-
-
Andreas Cadhalpun authored
Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
-
Andreas Cadhalpun authored
A too small buffer will cause segfaults somewhere below decompress_texture_thread. Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
-
Andreas Cadhalpun authored
If it is too small av_image_copy_plane segfaults. Reviewed-by: Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
-
Andreas Cadhalpun authored
This prevents various values from getting an insanely huge exponent. If someone knows a cleaner solution, thats welcome! This is similar to commit 8978c743 for aacsbr. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
-
Michael Niedermayer authored
This fixes a null pointer dereference from the recently introduced AVStream->internal Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Since de0e219a cur_dts is sometimes invalid
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
I didnt find any case that triggers this but if it gets triggered it needs to be investigated Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-