This prevents certain tags with a default value assigned to them (as per
the EBML syntax elements) from ever being assigned a NULL value. Other
parts of the code rely on these being non-NULL (i.e. they don't check for
NULL before e.g. using the string in strcmp() or similar), and thus in
effect this prevents crashes when reading of such specific tags fails,
either because of low memory or because of targeted file corruption.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
The parser was fixed so this workaround should no longer
be necessary.
This allows using stream-copy to fix files with keyframes
incorrectly marked.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
This allows handling matroska files with errors.
Fixes test4.mkv and test7.mkv from the official Matroska test suite.
These are also trac issues #544 and #545.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Prefix the functions/tables brktimegm, pcm_read_seek,
dv_offset_reset, voc_get_packet, codec_movaudio_tags,
codec_movvideo_tags.
After this, lavf has no global symbols without the proper prefix.
Signed-off-by: Martin Storsjö <martin@martin.st>
In particular, detect when the index is obviously broken.
This fixes the worst symptoms of trac issue #958 and makes
sense to allow seeking in files without index.
However it is possible that there still is an index parsing bug
with that file.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Otherwise when we run into levels beyond the max. allowed
playback will be permanently broken.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
a realloc()
BUG=100492
Review URL: http://codereview.chromium.org/8366004
Fixes: 1 of 2 for CVE-2011-3893
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The existing functions defined in intfloat_readwrite.[ch] are
both slow and incorrect (infinities are not handled).
This introduces a new header with fast, inline conversion
functions using direct union punning assuming an IEEE-754
system, an assumption already made throughout the code.
The one use of Intel/Motorola extended 80-bit format is
replaced by simpler code sufficient under the present
constraints (positive normal values).
The old functions are marked deprecated and retained for
compatibility.
Signed-off-by: Mans Rullgard <mans@mansr.com>
This reverts commit 5dd514af93.
Silently ignoring errors allows some broken files to simply be played, instead of failing.
(cherry picked from commit 7804b0693375c1a7ba1046f7a3579e9f63c2b15a)
The intended goal (as confirmed with its author) of fixing a crash has been
fixed differently prior to the application of this patch and this patch does
notsucessfully propagate parse errors either.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 956c901c68)
Further suggestions from Kostya <kostya.shishkov@gmail.com> have been
implemented by Reinhard Tartler <siretart@tauware.de>
Signed-off-by: Reinhard Tartler <siretart@tauware.de>
This change fixes a bug where seeking doesn't work properly for
matroska files that have the CUES element before the first cluster.
This bug was accidentally introduced a few months ago by my deferred CUES
loading patch<http://git.videolan.org/?p=ffmpeg.git;a=commit;h=31ad14c21e0735387ba8082c6e3436241f7ccfc8>
.
When the CUES element appears before the first cluster in the file, the data
is parsed and placed in matroska->index but that data is never added to the
seek index. Currently the transfer from matroska->index to the seek index
only happens when matroska_parse_cues() is called.
Matroska_parse_cues() only gets called on a seek if cues_parsing_deferred is
set. Cues_parsing_deferred only gets set if parsing the CUES requires
seeking past the first cluster. There is no code to handle the case where
CUES is before the first cluster.
This fix essentially restores the matroska->index processing that was
happening at the end of matroska_read_header() before I made my CUES
deferral change. In the case where CUES is before the first
cluster, matroska->index will have data and the seek index will be updated.
In the case where CUES is later in the file, matroska->index will be empty
and cues_parsing_deferred will be set so loading will happen later.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Whitespace of the patch cleaned up by Aurel
Some of the issues have been reported by Steve Manzuik / Microsoft Vulnerability Research (MSVR)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
EBML_STOP leaves matroska->current_id set. Then matroska_read_seek changes
the stream position without resetting current_id. The next
matroska_parse_cluster fails due to calculation of incorrect pos. So clear
current_id when avio_seek happens in matroska_read_seek.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
Michael Niedermayer
Aaron Colwell
Ronald S. Bultje
Alex Converse
Reimar Döffinger
Martin Storsjö
Diego Biurrun
Anton Khirnov
Chris Evans
Mans Rullgard
Hendrik Leppkes
Dustin Brody
Aurelien Jacobs
John Stebbins
Ami Fischman
Clément Bœsch