Prevent out of array writes.
Similar to what Michael Niedermayer did to address the same issue.
Bug-Id: CVE-2014-2263
CC: libav-stable@libav.org
Signed-off-by: Diego Biurrun <diego@biurrun.de>
It is basically a wrapper around av_get_audio_frame_duration(), with a
fallback to AVCodecContext.frame_size. However, that field is set only
when the stream codec context is actually used for encoding or decoding,
which is discouraged.
For muxing, it is generally the responsibility of the caller to set the
packet duration.
For demuxing, if the duration is not stored at the container level, it
should be set by the parser.
Therefore, removing the frame_size fallback should not break any
important case.
The cur_*auth_type variables were set before the http_connect call
prior to 6a463e7fb - their sole purpose is to record the
authentication type used to do the latest request, since parsing
the http response sets the new type in the auth state.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Originally, AVFormatContext and a metadata dict were provided to ff_vorbis_comment(),
but this presented issues if an AVStream was being updated or the metadata on
AVFormatContext wasn't actually being updated. To remedy this, ff_vorbis_stream_comment()
explicitly updates a stream's metadata and sets any necessary flags.
ff_vorbis_comment() does not modify any flags, and any calls to it that update
AVFormatContext's metadata (just a single call) must also update
AVFormatContext.event_flags after detecting any metadata changes to the provided
dictionary, as signaled by a positive return value.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Currently, only onMetaData is used, but some providers (wrongly)
put metadata into onCuePoint events, and it's still nice to be
able to use that data.
onCuePoint events also present metadata slightly differently than
onMetaData events: all metadata is found inside an object called
"parameters". In order to extract this metadata, it's easiest to
recurse through the object tree and pull out anything found in
child objects and put it in the top-level metadata.
Reference: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/2/help.html?content=00001404.html
Signed-off-by: Anton Khirnov <anton@khirnov.net>
If any option named "metadata" is set inside the context, it is pulled up to
the context and then the option is cleared.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
In order to support metadata being set as an option, it's necessary to be able
to set dictionaries as values.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The only flags, for now, indicate if metadata was updated and are set after each call to
av_read_frame(). This comes with the caveat that, on stream start, it might not be set properly
as packets might be buffered in AVFormatContext.packet_buffer before being given to the user
in av_read_frame().
Signed-off-by: Anton Khirnov <anton@khirnov.net>
On mingw64 with c++11 support, the link libraries do contain a
nanosleep function, while it isn't exposed via the headers. Using
check_func_headers instead of a plain check_func fixes this
misdetection.
Signed-off-by: Martin Storsjö <martin@martin.st>
When explicitly targeting Vista or newer (which only happens if the
caller explicitly sets _WIN32_WINNT to a high enough value via the
extra cflags option - otherwise configure script sets
-D_WIN32_WINNT=0x0502), we already unconditionally link to the
ConditionVariable functions, since 4622f11f9.
Similarly use the newer -Ex versions of CreateEvent, CreateSemaphore,
InitializeCriticalSection and WaitForSingleObject, that all appeared
in Vista. When building Windows Store applications, the older versions
of these functions aren't available, only the -Ex functions. When
doing such a build, the user can set -D_WIN32_WINNT=0x0600 to
forcibly use the newer functions instead.
Signed-off-by: Martin Storsjö <martin@martin.st>
Previously this logic was only used if the server didn't
respond with Connection: close, but use it even for that case,
if the server response is non-chunked.
Originally the http code has relied on Connection: close to close
the socket when the file/stream is received - the http protocol
code just kept reading from the socket until the socket was closed.
In f240ed18 we added a check for the file size, because some
http servers didn't respond with Connection: close (and wouldn't
close the socket) even though we requested it, which meant that the
http protocol blocked for a long time at the end of files, waiting
for a socket level timeout.
When reading over tls, trying to read at the end of the connection,
when the peer has closed the connection, can produce spurious (but
harmless) warnings. Therefore always voluntarily stop reading when
the specified file size has been received, if not using a chunked
transfer encoding. (For chunked transfers, we already return 0
as soon as we get the chunk header indicating end of stream.)
Signed-off-by: Martin Storsjö <martin@martin.st>
Such changes are neither allowed nor supported
Found-by: ami_stuff
Bug-Id: CVE-2013-7020
CC: libav-stable@libav.org
Signed-off-by: Anton Khirnov <anton@khirnov.net>
Reduces the number of calls to tmvp derivation from 933685 to 586271 on
a sequence.
Reviewed-by: Mickaël Raulet <mraulet@insa-rennes.fr>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The position is either rounded or not checked, so delay the wait to
check the proper value.
Reviewed-by: Mickaël Raulet <mraulet@insa-rennes.fr>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
The -MD option (for enabling a dynamically linked crt) gets interpreted
as a cpp option for generating dependency information (into a file named
'-.d', when preprocessing to a pipe). We shouldn't be passing
any and all C compiler flags to armasm (which is a plain assembler,
only with cpp bolted on via gas-preprocessor), but these are the
main conflicting ones.
Signed-off-by: Martin Storsjö <martin@martin.st>
Only use PAL8 if palette is present, else use GRAY8 for pixfmt.
Instead of simulating a grayscale palette, use real grayscale pixels, if no
palette is actually defined.
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>