- 16 Nov, 2015 1 commit
-
-
Bryan Huh authored
Signed-off-by:Michael Niedermayer <michael@niedermayer.cc>
-
- 15 Nov, 2015 19 commits
-
-
Hagen Schmidt authored
Signed-off-by: -
Michael Niedermayer authored
Fixes assertion failure Fixes: 136f8b8d47af7892306625e597dee655/signal_sigabrt_7ffff6ae7cc9_8941_ab11bea57c84796418f481f873dc31ba.dvr_ms Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Fixes potential integer overflows Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Fixes assertion failure Fixes: 03e0abe721b1174856d41a1eb5d6a896/signal_sigabrt_7ffff6ae7cc9_3813_e71bf3541abed3ccba031cd5ba0269a4.avi This fix is choosen to be simple to backport, better solution for master is planed Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Signed-off-by: -
Marton Balint authored
Reviewed-by:
Nicolas George <george@nsup.org> Signed-off-by:
Marton Balint <cus@passwd.hu>
-
Michael Niedermayer authored
Fixes assertion failure Fixes: 0256e92df2df7e933b43a2c70e4c8040/signal_sigabrt_7ffff6ae7cc9_1358_999ac18684788221490757582ce9af84.wma Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Ganesh Ajjanagadde authored
It is inherently double precision, and 1.0 is perfectly represented anyway. Signed-off-by:Ganesh Ajjanagadde <gajjanagadde@gmail.com>
-
Ganesh Ajjanagadde authored
This guarantees a "best effort precision". Reviewed-by:
-
Rainer Hochecker authored
avformat/utils: estimate_timings_from_pts - increase retry counter, fixes invalid duration for ts files with hevc codec Fixes a mpegts file with hevc that fails estimating duration. Increasing number of retries fixes the issue. Signed-off-by: -
Michael Niedermayer authored
Fixes out of array access Fixes: ce19e41f0ef1e52a23edc488faecdb58/asan_heap-oob_2504e97_4202_ffa0df1baed14022b9bfd4f8ac23d0cb.smk Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Andreas Cadhalpun authored
Otherwise the h263p decoder can try to copy overread bytes, even though buffer is NULL. Reviewed-by:
Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
-
Matthieu Bouron authored
-
Matthieu Bouron authored
-
Matthieu Bouron authored
The decoder extracts and fills its parameters even if the frame is skipped due to the skip_frame setting.
-
Michael Niedermayer authored
The function is renamed to ff_rint64_clip() This should avoid build failures on VS2012 Feel free to changes this to a different solution Reviewed-by:
James Almer <jamrial@gmail.com> Signed-off-by:
-
Michael Niedermayer authored
Fixes out of array read Fixes: cb3f38b08b4541523974667c7d1eee9e/asan_heap-oob_2659e18_9838_021fd5cd635bf76cede6398cd9ecbcdd.tak Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
- 14 Nov, 2015 18 commits
-
-
Michael Niedermayer authored
Fixes potential out of array read Signed-off-by: -
Michael Niedermayer authored
Fixes out of array read Fixes: c50c4aa6cefda71b19a31ea12302980c/asan_heap-oob_12be5fd_7011_33ebd015a74976215934add72b9c8352.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
The height of tables can be rounded up for MBAFF but this does not imply that is also true for the previous frames Fixes out of array reads Fixes: c106b36fa36db8ff8f3ed0c82be7bea2/asan_heap-oob_32699f0_6321_467b9a1d7e03d7cfd310b7e65dc53bcc.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Andreas Cadhalpun authored
Having both is not valid and can cause a NULL pointer dereference of frame->data[1] later. Reviewed-by:
Vittorio Giovara <vittorio.giovara@gmail.com> Signed-off-by:
-
Michael Niedermayer authored
Fixes division by 0 Fixes: b293a6479bb4b5286cff24d356bfd955/asan_generic_225c3c9_7819_cc526b657450c6cdef1371b526499626.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Fixes out of array read Fixes: 7fcd09eadd046e326d8ea0af66f166c8/asan_heap-oob_4a52e5_2273_fa6078a10dd575df266fb1e0b4114cd5.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Ganesh Ajjanagadde authored
M_SQRT2 is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of a floating literal. Fixed point values produced by C_FIX(), R_FIX() remain identical. Reviewed-by:
-
Ganesh Ajjanagadde authored
M_SQRT2 is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of an ad-hoc define. Fixed point values produced by FIX() remain identical. Reviewed-by:
-
Ganesh Ajjanagadde authored
M_PI is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of an ad-hoc floating literal. Reviewed-by:
-
Ganesh Ajjanagadde authored
M_E is defined in math.h, or in avutil/mathematics.h for compatibility hacks. This uses this value instead of an ad-hoc define. Reviewed-by:
-
Michael Niedermayer authored
Fixes out of array read Fixes: 61cf123c081ee2bb774d307c75bdb99e/asan_heap-oob_1224f76_5546_bee833ffae73f752b489b9eeaac52db7.dpx Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Hendrik Leppkes authored
This implementation does not support TLS listen sockets and loading CA/Certs from files. The Windows API does not support loading PEM certs, and would either require a manual loader or instead be limited to loading Windows PFX certificates TLS listen sockets would have to be implemented quite separately, as many of the APIs are different for server-mode (as opposed to client mode).
-
Michael Niedermayer authored
Fixes out of array read Fixes: 3c857d4d90365731524716e6d051e43a/signal_sigsegv_7f4f59bcc29e_1386_20abd2c8e655cb9c75b24368e65fe3b1.flv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Fixes deallocation of corrupted pointer Fixes: 343dfbe142a38b521ed069dc4ea7c03b/signal_sigsegv_421427_4074_ffb11959610278cd40dbc153464aa254.avi No releases affected Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Fixes out of array read Fixes: 20dd01398dee0f6d83d7e5410a2ae8eb/signal_sigsegv_39eeb1f_4001_62efbdf1c60748dabf1ec310b59525fd.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Ganesh Ajjanagadde authored
The rationale for this function is reflected in the documentation for it, and is copied here: Clip a double value into the long long amin-amax range. This function is needed because conversion of floating point to integers when it does not fit in the integer's representation does not necessarily saturate correctly (usually converted to a cvttsd2si on x86) which saturates numbers > INT64_MAX to INT64_MIN. The standard marks such conversions as undefined behavior, allowing this sort of mathematically bogus conversions. This provides a safe alternative that is slower obviously but assures safety and better mathematical behavior. API: @param a value to clip @param amin minimum value of the clip range @param amax maximum value of the clip range @return clipped value Note that a priori if one can guarantee from the calling side that the double is in range, it is safe to simply do an explicit/implicit cast, and that will be far faster. However, otherwise this function should be used. avutil minor version is bumped. Reviewed-by:
Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by:
-
Michael Niedermayer authored
Fixes integer overflow Fixes: 1e32c6c591d940337c20b197ec1c4d3d/asan_heap-oob_4a52e5_8946_0bb0d9e863def56005e49f1d89bdc94d.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Michael Niedermayer authored
Fixes integer overflow Fixes: 0c2625f236ced104d402b4a03c0d65c7/asan_generic_274e1ce_5990_9314e7a67c26aecf011b178ade9f217c.avi Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by:
-
- 13 Nov, 2015 2 commits
-
-
Michael Niedermayer authored
Fixes: 0231a17345734228011c6f35a64e4594/asan_heap-oob_1d92a72_3218_1213809a9e3affec77e4c191fdfdc0a9.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: -
Bryan Huh authored
When async issues its inner seek via ffurl_seek, it treats failures as EOF being reached. This is not consistent with the behavior of other protocols (e.g. http, cache) which continue to tolerate reads after failed seeks, and therefore does not interact correctly with them. A common pattern where this manifests itself is where avio_seek is called with pos to be the end-of-file - the http range-request would fail here, and async would set io_eof_reached to 1. The background thread would then refuse to read more bytes, and subsequent reads would only empty the fifo and end in an error. Presumably the code may have expected subsequent seeks to unset the io_eof_reached but this is not guaranteed to be true - a subsequent seek that lands in the AVIOContext's buffer (the fact that the previously-failed avio_seek leaves the AVIOContext's buffer intact also suggests that follow-up reads are expected to be tolerated) would not be issued to the async_seek function, and when that buffer is drained only async_read calls would follow, leading to the same error just described. Signed-off-by:
-
