Fixes out of array read
Fixes: 34260c7981118fb38fba61809bf4dd5a-asan_heap-oob_93b923_1508_cov_951051643_DivX640x480_oggvorbis.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
If a special comment packet shows up in the middle of the stream, we
should extract it out into the vorbis stream metadata dictionary.
Also, if there is metadata in the packet on the way in, it might linger
since we only add data to the dictionary causing stale metadata to be
inserted into the stream. Instead, clear it to remove any doubt about
what is new and old.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Currently, if there are multiple 'performer' tags, the last one is the
only one which appears. Instead, join them with a semicolon.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
When av_reallocp fails, the associated variables that keep track of
the number of elements in the array (and in some cases, the
separate number of allocated elements) need to be reset.
Not all of these might technically be needed, but it's better to
reset them if in doubt, to make sure variables don't end up
conflicting.
Signed-off-by: Martin Storsjö <martin@martin.st>
It is possible to have an initial broken header and then valid packets.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
As far as I can tell the code should not change behaviour
depending on locale in any of these places.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Memory passed to av_realloc cannot be allocated using memalign.
From realloc(3):
The realloc() function changes the size of the memory block pointed to
by ptr to size bytes. (...) Unless ptr is NULL, it must have been returned
by an earlier call to malloc(), calloc() or realloc().
The issue has been found by debugallocation, a part of google-perftools:
http://code.google.com/p/gperftools/ .
Signed-off-by: Paweł Hajdan, Jr <phajdan@google.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Takes encoder delay into account by comparing first the coded page
duration with the calculated page duration. Handles last packet duration
if needed, also by comparing coded duration with calculated duration.
Also does better handling of timestamp generation for packets in the
first page for streamed ogg files where the start time is not
necessarily zero.
The first part of the metadata, the "vendor" string, is required by
libvorbis, it will refuse to play when it is not available.
Also we do not currently parse that part into metadata so it would also
be lost if we removed it as well.
Signed-off-by: Mans Rullgard <mans@mansr.com>
(cherry picked from commit 8cb3c557a9)
The first part of the metadata, the "vendor" string, is required by
libvorbis, it will refuse to play when it is not available.
Also we do not currently parse that part into metadata so it would also
be lost if we removed it as well.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Avoids an assert when the sample rate is invalid and the timebase
is thus set to e.g. 1/0.
Sample file is http://samples.mplayerhq.hu/ogg/fuzzed-srate-crash.ogg
This is a quick fix for a crash, not a final solution.
Signed-off-by: Mans Rullgard <mans@mansr.com>