Fixes invalid writes with very small image heights.
CC: libav-stable@libav.org
Bug-ID: CVE-2014-8547
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
also change it to a loop
Fixes out of array access
Fixes: asan_heap-oob_ca5410_8_asan_heap-oob_ca5410_97_ID_LSD_Size_Less_Then_Data_Inter_3.gif
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Some files seem to have an off-by-one error. In most cases, it appears to
be on the image width. Therefore, if the decoded image doesn't fit in the
screen:
- If it is wider than the screen (and the lzw decoding buffer), reject it;
- Otherwise, decode the indicated amount, but only write a truncated amount
to the screen.
Fixes ticket #3538.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f084c646637_9261_top_title_green_frog.gif
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Also add an error message an return a more suitable error code
(INVALIDDATA, not EINVAL);
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
It appears gcc forgets to increment the byte stream pointer at -O3
I was not able to spot a reason/excuse for it to do that. It
also disappears if the function isnt inlined.
This should fix the gif fate failures on open & free bsd
See: [FFmpeg-devel] [PATCH] gifdec: workaround old gcc 4.2 mis-compiling code
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Prevents inconsistent state and null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes the colour of the transparent background (as seen with ffplay),
and makes the background of some non-keyframes transparent that was
incorrectly shown as opaque for some samples.
Add capability of reading multiple frames instead of only first.
Implement support for different gif frame 'disposal methods'.
Add option that allows to change background color resulting from
conversion of gif with transparency to any other format which
not support it.
Also bump lavc minor version.
Signed-off-by: Vitaliy E Sugrobov <vsugrob@hotmail.com>
Replace literals with named constants in several pieces of code
like 'return -1' and 'case 0xab'.
Change the way decoder handles absence of image data in a file:
notify gif_decode_frame() caller with got_picture set to zero
instead of returning -1.
Signed-off-by: Vitaliy E Sugrobov <vsugrob@hotmail.com>