Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Fixes a part of CVE-2012-2795
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Based on a patch by Michael Niedermayer <michaelni@gmx.at>
Fixes CVE-2012-2800
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This prevents writing into a too small array if some parameters changed
without the tile being reallocated.
Fixes CVE-2012-2794
CC:libav-stable@libav.org
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This prevents decoding happening on a half initialized context.
Fixes CVE-2012-2779
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Our decoder does not support changing w/h.
Fixes CVE-2012-2777 and CVE-2012-2784.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This practice is not supported by the MinGW developers, and even requires
patching the MinGW runtimes in newer versions. Furthermore, we now support
build with MSVC, so this section is rendered useless.
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
The value should be always 3, as it follows from the specification.
Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
This way we can directly remap channels from Opus' channel order to
libav's internal channel order, instead of mapping channels from
Opus' order to Vorbis' order then to libav's order.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Use the MAX_URL_SIZE define where applicable. Increase buffer
sizes for all buffers that need to fit a long pathname - buffers
that need to fit only the hostname (and other short strings, but
not the pathname - such as "headers" in http_connect) are kept
at 1024 bytes for now.
Also increase the max line length in http_read_header, since it
might need to contain a full url for Location: redirects.
Signed-off-by: Martin Storsjö <martin@martin.st>
Anonymous typedef structs prevent forward declaration, this
change gives the AVIOContext and AVIOInterruptCB structures
a name. These structures are now in line with other common
structures such as AVFormatContext and AVCodecContext.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
This packetization scheme simply places the full packets into the
RTP packet without any extra header bytes.
Signed-off-by: Martin Storsjö <martin@martin.st>
Do not use rlelen field for buffer size in init_get_bits, it is
only the size of the data for the first field.
Since it is not reliable, just use the size of the whole buffer.
Additional comments add removal of unused rlelen variable by
Reimar Döffinger.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
This avoids using the global_quality field and QSCALE flag for
passing the VBR modes, since the value range of the global_quality
field doesn't really map cleanly to this codec's VBR modes.
Signed-off-by: Martin Storsjö <martin@martin.st>
These modes were not originally exposed by the library at all.
In practice, only a few of them work for each sample rate/profile
combination, and they don't work at all for the more uncommon
sample rates.
Signed-off-by: Martin Storsjö <martin@martin.st>
Anton Khirnov
Michael Niedermayer
Derek Buitenhuis
Luca Barbato
Nathan Caldwell
Nicolas George
Kostya Shishkov
Duncan Salerno
Diego Biurrun
Andrew D'Addesio
Dale Curtis
Martin Storsjö
Dmitry Samonenko
Alexandre Colucci