--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-CC: pkg-multimedia-maintain...@lists.alioth.debian.org
Please unblock package ffmpeg and please decrease the migration delay
to 2 days.
According to Andreas Cadhalpun ffmpeg maintainer it fixes the following
security issues:
1: https://trac.ffmpeg.org/ticket/5992
2: https://trac.ffmpeg.org/ticket/5994
Please see the debdiff attached.
Thanks,
Balint
unblock ffmpeg/7:3.2.2-1
diff -Nru ffmpeg-3.2.1/Changelog ffmpeg-3.2.2/Changelog
--- ffmpeg-3.2.1/Changelog 2016-11-26 03:12:05.000000000 +0100
+++ ffmpeg-3.2.2/Changelog 2016-12-06 00:28:58.000000000 +0100
@@ -1,6 +1,26 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+version 3.2.2:
+- ffserver: Check chunk size
+- Avoid using the term "file" and prefer "url" in some docs and comments
+- avformat/rtmppkt: Check for packet size mismatches
+- zmqsend: Initialize ret to 0
+- avcodec/flacdec: Fix undefined shift in decode_subframe()
+- avcodec/get_bits: Fix get_sbits_long(0)
+- avformat/ffmdec: Check media type for chunks
+- avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed()
+- avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c
+- avformat/oggparsespeex: Check frames_per_packet and packet_size
+- avformat/utils: Check start/end before computing duration in update_stream_timings()
+- avcodec/flac_parser: Update nb_headers_buffered
+- avformat/idroqdec: Check chunk_size for being too large
+- avcodec/me_cmp: Fix median_sad size
+- avformat/utils: Fix type mismatch
+- configure: check for strtoull on msvc
+- http: move chunk handling from http_read_stream() to http_buf_read().
+- http: make length/offset-related variables unsigned
+
version 3.2.1:
- avcodec/aac_adtstoasc_bsf: validate and forward extradata if the stream is already ASC
- mss2: only use error correction for matching block counts
diff -Nru ffmpeg-3.2.1/configure ffmpeg-3.2.2/configure
--- ffmpeg-3.2.1/configure 2016-11-26 03:12:05.000000000 +0100
+++ ffmpeg-3.2.2/configure 2016-12-06 00:28:58.000000000 +0100
@@ -6271,6 +6271,7 @@
EOF
fi
check_func strtoll || add_cflags -Dstrtoll=_strtoi64
+ check_func strtoull || add_cflags -Dstrtoull=_strtoui64
# the new SSA optimzer in VS2015 U3 is mis-optimizing some parts of the code
# this flag should be re-checked on newer compiler releases and put under a
# version check once its fixed
diff -Nru ffmpeg-3.2.1/debian/changelog ffmpeg-3.2.2/debian/changelog
--- ffmpeg-3.2.1/debian/changelog 2016-11-27 02:27:33.000000000 +0100
+++ ffmpeg-3.2.2/debian/changelog 2016-12-06 23:59:13.000000000 +0100
@@ -1,3 +1,12 @@
+ffmpeg (7:3.2.2-1) unstable; urgency=medium
+
+ * Import new upstream bugfix release 3.2.2.
+ * Fix log messages in autopkgtest.
+ * Enable frei0r on powerpcspe.
+ * Drop --disable-tesseract.
+
+ -- Andreas Cadhalpun <andreas.cadhal...@googlemail.com> Tue, 06 Dec 2016 23:58:20 +0100
+
ffmpeg (7:3.2.1-1) unstable; urgency=medium
[ Balint Reczey ]
diff -Nru ffmpeg-3.2.1/debian/control ffmpeg-3.2.2/debian/control
--- ffmpeg-3.2.1/debian/control 2016-11-27 02:27:33.000000000 +0100
+++ ffmpeg-3.2.2/debian/control 2016-12-06 23:59:13.000000000 +0100
@@ -25,7 +25,7 @@
# --enable-libflite
flite1-dev,
# --enable-frei0r
- frei0r-plugins-dev [!powerpcspe] <!stage1>,
+ frei0r-plugins-dev <!stage1>,
# --enable-ladspa
ladspa-sdk,
# --enable-libass
diff -Nru ffmpeg-3.2.1/debian/rules ffmpeg-3.2.2/debian/rules
--- ffmpeg-3.2.1/debian/rules 2016-11-27 02:27:33.000000000 +0100
+++ ffmpeg-3.2.2/debian/rules 2016-12-06 23:59:13.000000000 +0100
@@ -47,7 +47,6 @@
--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
--incdir=/usr/include/$(DEB_HOST_MULTIARCH) \
--enable-gpl \
- --disable-libtesseract \
--disable-stripping \
--enable-avresample \
--enable-avisynth \
@@ -142,10 +141,10 @@
--disable-libopencv \
--disable-libx264
else
- CONFIG += --enable-libopencv
+ CONFIG += --enable-libopencv \
+ --enable-frei0r
ifeq (,$(filter $(DEB_HOST_ARCH),powerpcspe))
- CONFIG += --enable-frei0r \
- --enable-libx264
+ CONFIG += --enable-libx264
endif
ifeq (,$(filter $(DEB_HOST_ARCH),sh4))
CONFIG += --enable-chromaprint
diff -Nru ffmpeg-3.2.1/debian/tests/encdec ffmpeg-3.2.2/debian/tests/encdec
--- ffmpeg-3.2.1/debian/tests/encdec 2016-11-27 02:27:33.000000000 +0100
+++ ffmpeg-3.2.2/debian/tests/encdec 2016-12-06 23:59:13.000000000 +0100
@@ -313,7 +313,7 @@
else
failures="${failures}${errmsg}\n"
fi
- echo -e "FAILED: $errmsg\n\n"
+ echo -e "\nFAILED: $errmsg\n\n"
continue
fi
ret=0
@@ -326,7 +326,7 @@
else
failures="${failures}${errmsg}\n"
fi
- echo -e "FAILED: $errmsg\n\n"
+ echo -e "\nFAILED: $errmsg\n\n"
continue
fi
ret=0
@@ -339,9 +339,10 @@
else
failures="${failures}${errmsg}\n"
fi
- echo -e "FAILED: $errmsg\n\n"
+ echo -e "\nFAILED: $errmsg\n\n"
continue
fi
+ streamcopy_orig="$streamcopy"
if [ "$streamcopy" == "1" ]; then
ret=0
# test streamcopying the file
@@ -355,7 +356,7 @@
else
failures="${failures}${errmsg}\n"
fi
- echo -e "FAILED: $errmsg\n\n"
+ echo -e "\nFAILED: $errmsg\n\n"
streamcopy=0
fi
fi
@@ -370,13 +371,15 @@
else
failures="${failures}${errmsg}\n"
fi
- echo -e "FAILED: $errmsg\n\n"
+ echo -e "\nFAILED: $errmsg\n\n"
streamcopy=0
fi
fi
works=$([ "$streamcopy" = "1" ] && echo works || echo fails)
- echo -e "\nSUCCESS: correctly created file with format '$mux' and codec '$tenc'; streamcopying $works\n\n"
- num_success=$((num_success + 1))
+ if [ "$streamcopy_orig" = "$streamcopy" ]; then
+ echo -e "\nSUCCESS: correctly created file with format '$mux' and codec '$tenc'; streamcopying $works\n\n"
+ num_success=$((num_success + 1))
+ fi
if [ "$update" ]; then
if [ "x$last_mux" != "x$mux" ]; then
if [ "$last_mux" ]; then
diff -Nru ffmpeg-3.2.1/doc/Doxyfile ffmpeg-3.2.2/doc/Doxyfile
--- ffmpeg-3.2.1/doc/Doxyfile 2016-11-26 03:12:05.000000000 +0100
+++ ffmpeg-3.2.2/doc/Doxyfile 2016-12-06 00:28:58.000000000 +0100
@@ -38,7 +38,7 @@
# could be handy for archiving the generated documentation or if some version
# control system is used.
-PROJECT_NUMBER = 3.2.1
+PROJECT_NUMBER = 3.2.2
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
diff -Nru ffmpeg-3.2.1/doc/ffmpeg.texi ffmpeg-3.2.2/doc/ffmpeg.texi
--- ffmpeg-3.2.1/doc/ffmpeg.texi 2016-10-27 18:17:39.000000000 +0200
+++ ffmpeg-3.2.2/doc/ffmpeg.texi 2016-12-06 00:28:58.000000000 +0100
@@ -12,7 +12,7 @@
@chapter Synopsis
-ffmpeg [@var{global_options}] @{[@var{input_file_options}] -i @file{input_file}@} ... @{[@var{output_file_options}] @file{output_file}@} ...
+ffmpeg [@var{global_options}] @{[@var{input_file_options}] -i @file{input_url}@} ... @{[@var{output_file_options}] @file{output_url}@} ...
@chapter Description
@c man begin DESCRIPTION
@@ -24,10 +24,10 @@
@command{ffmpeg} reads from an arbitrary number of input "files" (which can be regular
files, pipes, network streams, grabbing devices, etc.), specified by the
@code{-i} option, and writes to an arbitrary number of output "files", which are
-specified by a plain output filename. Anything found on the command line which
-cannot be interpreted as an option is considered to be an output filename.
+specified by a plain output url. Anything found on the command line which
+cannot be interpreted as an option is considered to be an output url.
-Each input or output file can, in principle, contain any number of streams of
+Each input or output url can, in principle, contain any number of streams of
different types (video/audio/subtitle/attachment/data). The allowed number and/or
types of streams may be limited by the container format. Selecting which
streams from which inputs will go into which output is either done automatically
@@ -243,8 +243,8 @@
files and guessed from the file extension for output files, so this option is not
needed in most cases.
-@item -i @var{filename} (@emph{input})
-input file name
+@item -i @var{url} (@emph{input})
+input file url
@item -y (@emph{global})
Overwrite output files without asking.
@@ -281,7 +281,7 @@
When used as an input option (before @code{-i}), limit the @var{duration} of
data read from the input file.
-When used as an output option (before an output filename), stop writing the
+When used as an output option (before an output url), stop writing the
output after its duration reaches @var{duration}.
@var{duration} must be a time duration specification,
@@ -310,7 +310,7 @@
discarded. When doing stream copy or when @option{-noaccurate_seek} is used, it
will be preserved.
-When used as an output option (before an output filename), decodes but discards
+When used as an output option (before an output url), decodes but discards
input until the timestamps reach @var{position}.
@var{position} must be a time duration specification,
@@ -1129,7 +1129,7 @@
For example, to set the stream 0 PID to 33 and the stream 1 PID to 36 for
an output mpegts file:
@example
-ffmpeg -i infile -streamid 0:33 -streamid 1:36 out.ts
+ffmpeg -i inurl -streamid 0:33 -streamid 1:36 out.ts
@end example
@item -bsf[:@var{stream_specifier}] @var{bitstream_filters} (@emph{output,per-stream})
diff -Nru ffmpeg-3.2.1/doc/ffplay.texi ffmpeg-3.2.2/doc/ffplay.texi
--- ffmpeg-3.2.1/doc/ffplay.texi 2016-10-01 03:12:41.000000000 +0200
+++ ffmpeg-3.2.2/doc/ffplay.texi 2016-12-06 00:28:58.000000000 +0100
@@ -12,7 +12,7 @@
@chapter Synopsis
-ffplay [@var{options}] [@file{input_file}]
+ffplay [@var{options}] [@file{input_url}]
@chapter Description
@c man begin DESCRIPTION
@@ -106,8 +106,8 @@
Use the option "-filters" to show all the available filters (including
sources and sinks).
-@item -i @var{input_file}
-Read @var{input_file}.
+@item -i @var{input_url}
+Read @var{input_url}.
@end table
@section Advanced options
diff -Nru ffmpeg-3.2.1/doc/ffprobe.texi ffmpeg-3.2.2/doc/ffprobe.texi
--- ffmpeg-3.2.1/doc/ffprobe.texi 2016-10-27 18:17:39.000000000 +0200
+++ ffmpeg-3.2.2/doc/ffprobe.texi 2016-12-06 00:28:58.000000000 +0100
@@ -12,7 +12,7 @@
@chapter Synopsis
-ffprobe [@var{options}] [@file{input_file}]
+ffprobe [@var{options}] [@file{input_url}]
@chapter Description
@c man begin DESCRIPTION
@@ -24,8 +24,8 @@
by a multimedia stream and the format and type of each media stream
contained in it.
-If a filename is specified in input, ffprobe will try to open and
-probe the file content. If the file cannot be opened or recognized as
+If a url is specified in input, ffprobe will try to open and
+probe the url content. If the url cannot be opened or recognized as
a multimedia file, a positive exit code is returned.
ffprobe may be employed both as a standalone application or in
@@ -332,8 +332,8 @@
Force bitexact output, useful to produce output which is not dependent
on the specific build.
-@item -i @var{input_file}
-Read @var{input_file}.
+@item -i @var{input_url}
+Read @var{input_url}.
@end table
@c man end
diff -Nru ffmpeg-3.2.1/ffmpeg_opt.c ffmpeg-3.2.2/ffmpeg_opt.c
--- ffmpeg-3.2.1/ffmpeg_opt.c 2016-10-27 18:17:39.000000000 +0200
+++ ffmpeg-3.2.2/ffmpeg_opt.c 2016-12-06 00:28:58.000000000 +0100
@@ -3108,8 +3108,8 @@
};
static const OptionGroupDef groups[] = {
- [GROUP_OUTFILE] = { "output file", NULL, OPT_OUTPUT },
- [GROUP_INFILE] = { "input file", "i", OPT_INPUT },
+ [GROUP_OUTFILE] = { "output url", NULL, OPT_OUTPUT },
+ [GROUP_INFILE] = { "input url", "i", OPT_INPUT },
};
static int open_files(OptionGroupList *l, const char *inout,
diff -Nru ffmpeg-3.2.1/ffserver.c ffmpeg-3.2.2/ffserver.c
--- ffmpeg-3.2.1/ffserver.c 2016-10-22 01:52:30.000000000 +0200
+++ ffmpeg-3.2.2/ffserver.c 2016-12-06 00:28:58.000000000 +0100
@@ -2702,8 +2702,10 @@
} else if (c->buffer_ptr - c->buffer >= 2 &&
!memcmp(c->buffer_ptr - 1, "\r\n", 2)) {
c->chunk_size = strtol(c->buffer, 0, 16);
- if (c->chunk_size == 0) // end of stream
+ if (c->chunk_size <= 0) { // end of stream or invalid chunk size
+ c->chunk_size = 0;
goto fail;
+ }
c->buffer_ptr = c->buffer;
break;
} else if (++loop_run > 10)
@@ -2725,6 +2727,7 @@
/* end of connection : close it */
goto fail;
else {
+ av_assert0(len <= c->chunk_size);
c->chunk_size -= len;
c->buffer_ptr += len;
c->data_count += len;
diff -Nru ffmpeg-3.2.1/libavcodec/flacdec.c ffmpeg-3.2.2/libavcodec/flacdec.c
--- ffmpeg-3.2.1/libavcodec/flacdec.c 2016-10-01 03:12:41.000000000 +0200
+++ ffmpeg-3.2.2/libavcodec/flacdec.c 2016-12-06 00:28:58.000000000 +0100
@@ -268,7 +268,8 @@
int pred_order, int bps)
{
const int blocksize = s->blocksize;
- int av_uninit(a), av_uninit(b), av_uninit(c), av_uninit(d), i;
+ unsigned av_uninit(a), av_uninit(b), av_uninit(c), av_uninit(d);
+ int i;
int ret;
/* warm up samples */
@@ -447,7 +448,7 @@
if (wasted) {
int i;
for (i = 0; i < s->blocksize; i++)
- decoded[i] <<= wasted;
+ decoded[i] = (unsigned)decoded[i] << wasted;
}
return 0;
diff -Nru ffmpeg-3.2.1/libavcodec/flacdsp_template.c ffmpeg-3.2.2/libavcodec/flacdsp_template.c
--- ffmpeg-3.2.1/libavcodec/flacdsp_template.c 2016-03-29 04:25:15.000000000 +0200
+++ ffmpeg-3.2.2/libavcodec/flacdsp_template.c 2016-12-06 00:28:58.000000000 +0100
@@ -56,7 +56,7 @@
for (j = 0; j < len; j++)
for (i = 0; i < channels; i++)
- S(samples, i, j) = in[i][j] << shift;
+ S(samples, i, j) = (int)((unsigned)in[i][j] << shift);
}
static void FUNC(flac_decorrelate_ls_c)(uint8_t **out, int32_t **in,
diff -Nru ffmpeg-3.2.1/libavcodec/flac_parser.c ffmpeg-3.2.2/libavcodec/flac_parser.c
--- ffmpeg-3.2.1/libavcodec/flac_parser.c 2016-10-22 01:52:30.000000000 +0200
+++ ffmpeg-3.2.2/libavcodec/flac_parser.c 2016-12-06 00:28:58.000000000 +0100
@@ -586,10 +586,12 @@
temp = curr->next;
av_freep(&curr->link_penalty);
av_free(curr);
+ fpc->nb_headers_buffered--;
}
fpc->headers = fpc->best_header->next;
av_freep(&fpc->best_header->link_penalty);
av_freep(&fpc->best_header);
+ fpc->nb_headers_buffered--;
}
/* Find and score new headers. */
diff -Nru ffmpeg-3.2.1/libavcodec/get_bits.h ffmpeg-3.2.2/libavcodec/get_bits.h
--- ffmpeg-3.2.1/libavcodec/get_bits.h 2016-10-22 01:52:30.000000000 +0200
+++ ffmpeg-3.2.2/libavcodec/get_bits.h 2016-12-06 00:28:58.000000000 +0100
@@ -369,6 +369,10 @@
*/
static inline int get_sbits_long(GetBitContext *s, int n)
{
+ // sign_extend(x, 0) is undefined
+ if (!n)
+ return 0;
+
return sign_extend(get_bits_long(s, n), n);
}
diff -Nru ffmpeg-3.2.1/libavcodec/me_cmp.h ffmpeg-3.2.2/libavcodec/me_cmp.h
--- ffmpeg-3.2.1/libavcodec/me_cmp.h 2016-10-27 18:17:39.000000000 +0200
+++ ffmpeg-3.2.2/libavcodec/me_cmp.h 2016-12-06 00:28:58.000000000 +0100
@@ -76,7 +76,7 @@
me_cmp_func frame_skip_cmp[6]; // only width 8 used
me_cmp_func pix_abs[2][4];
- me_cmp_func median_sad[2];
+ me_cmp_func median_sad[6];
} MECmpContext;
void ff_me_cmp_init_static(void);
diff -Nru ffmpeg-3.2.1/libavformat/ffmdec.c ffmpeg-3.2.2/libavformat/ffmdec.c
--- ffmpeg-3.2.1/libavformat/ffmdec.c 2016-11-26 03:12:05.000000000 +0100
+++ ffmpeg-3.2.2/libavformat/ffmdec.c 2016-12-06 00:28:58.000000000 +0100
@@ -388,7 +388,7 @@
}
break;
case MKBETAG('S', 'T', 'V', 'I'):
- if (f_stvi++) {
+ if (f_stvi++ || codec->codec_type != AVMEDIA_TYPE_VIDEO) {
ret = AVERROR(EINVAL);
goto fail;
}
@@ -452,7 +452,7 @@
codec->refs = avio_rb32(pb);
break;
case MKBETAG('S', 'T', 'A', 'U'):
- if (f_stau++) {
+ if (f_stau++ || codec->codec_type != AVMEDIA_TYPE_AUDIO) {
ret = AVERROR(EINVAL);
goto fail;
}
@@ -481,7 +481,7 @@
}
break;
case MKBETAG('S', '2', 'V', 'I'):
- if (f_stvi++ || !size) {
+ if (f_stvi++ || !size || codec->codec_type != AVMEDIA_TYPE_VIDEO) {
ret = AVERROR(EINVAL);
goto fail;
}
@@ -496,7 +496,7 @@
goto fail;
break;
case MKBETAG('S', '2', 'A', 'U'):
- if (f_stau++ || !size) {
+ if (f_stau++ || !size || codec->codec_type != AVMEDIA_TYPE_AUDIO) {
ret = AVERROR(EINVAL);
goto fail;
}
diff -Nru ffmpeg-3.2.1/libavformat/http.c ffmpeg-3.2.2/libavformat/http.c
--- ffmpeg-3.2.1/libavformat/http.c 2016-10-27 18:17:40.000000000 +0200
+++ ffmpeg-3.2.2/libavformat/http.c 2016-12-06 00:28:58.000000000 +0100
@@ -62,8 +62,8 @@
int line_count;
int http_code;
/* Used if "Transfer-Encoding: chunked" otherwise -1. */
- int64_t chunksize;
- int64_t off, end_off, filesize;
+ uint64_t chunksize;
+ uint64_t off, end_off, filesize;
char *location;
HTTPAuthState auth_state;
HTTPAuthState proxy_auth_state;
@@ -95,9 +95,9 @@
AVDictionary *cookie_dict;
int icy;
/* how much data was read since the last ICY metadata packet */
- int icy_data_read;
+ uint64_t icy_data_read;
/* after how many bytes of read data a new metadata packet will be found */
- int icy_metaint;
+ uint64_t icy_metaint;
char *icy_metadata_headers;
char *icy_metadata_packet;
AVDictionary *metadata;
@@ -489,7 +489,7 @@
else
h->is_streamed = 1;
- s->filesize = -1;
+ s->filesize = UINT64_MAX;
s->location = av_strdup(uri);
if (!s->location)
return AVERROR(ENOMEM);
@@ -616,9 +616,9 @@
if (!strncmp(p, "bytes ", 6)) {
p += 6;
- s->off = strtoll(p, NULL, 10);
+ s->off = strtoull(p, NULL, 10);
if ((slash = strchr(p, '/')) && strlen(slash) > 0)
- s->filesize = strtoll(slash + 1, NULL, 10);
+ s->filesize = strtoull(slash + 1, NULL, 10);
}
if (s->seekable == -1 && (!s->is_akamai || s->filesize != 2147483647))
h->is_streamed = 0; /* we _can_ in fact seek */
@@ -808,8 +808,9 @@
if ((ret = parse_location(s, p)) < 0)
return ret;
*new_location = 1;
- } else if (!av_strcasecmp(tag, "Content-Length") && s->filesize == -1) {
- s->filesize = strtoll(p, NULL, 10);
+ } else if (!av_strcasecmp(tag, "Content-Length") &&
+ s->filesize == UINT64_MAX) {
+ s->filesize = strtoull(p, NULL, 10);
} else if (!av_strcasecmp(tag, "Content-Range")) {
parse_content_range(h, p);
} else if (!av_strcasecmp(tag, "Accept-Ranges") &&
@@ -818,7 +819,7 @@
h->is_streamed = 0;
} else if (!av_strcasecmp(tag, "Transfer-Encoding") &&
!av_strncasecmp(p, "chunked", 7)) {
- s->filesize = -1;
+ s->filesize = UINT64_MAX;
s->chunksize = 0;
} else if (!av_strcasecmp(tag, "WWW-Authenticate")) {
ff_http_auth_handle_header(&s->auth_state, tag, p);
@@ -842,7 +843,7 @@
if (parse_cookie(s, p, &s->cookie_dict))
av_log(h, AV_LOG_WARNING, "Unable to parse '%s'\n", p);
} else if (!av_strcasecmp(tag, "Icy-MetaInt")) {
- s->icy_metaint = strtoll(p, NULL, 10);
+ s->icy_metaint = strtoull(p, NULL, 10);
} else if (!av_strncasecmp(tag, "Icy-", 4)) {
if ((ret = parse_icy(s, tag, p)) < 0)
return ret;
@@ -972,7 +973,7 @@
char line[MAX_URL_SIZE];
int err = 0;
- s->chunksize = -1;
+ s->chunksize = UINT64_MAX;
for (;;) {
if ((err = http_get_line(s, line, sizeof(line))) < 0)
@@ -1006,7 +1007,7 @@
int post, err;
char headers[HTTP_HEADERS_SIZE] = "";
char *authstr = NULL, *proxyauthstr = NULL;
- int64_t off = s->off;
+ uint64_t off = s->off;
int len = 0;
const char *method;
int send_expect_100 = 0;
@@ -1060,7 +1061,7 @@
// server supports seeking by analysing the reply headers.
if (!has_header(s->headers, "\r\nRange: ") && !post && (s->off > 0 || s->end_off || s->seekable == -1)) {
len += av_strlcatf(headers + len, sizeof(headers) - len,
- "Range: bytes=%"PRId64"-", s->off);
+ "Range: bytes=%"PRIu64"-", s->off);
if (s->end_off)
len += av_strlcatf(headers + len, sizeof(headers) - len,
"%"PRId64, s->end_off - 1);
@@ -1135,7 +1136,7 @@
s->line_count = 0;
s->off = 0;
s->icy_data_read = 0;
- s->filesize = -1;
+ s->filesize = UINT64_MAX;
s->willclose = 0;
s->end_chunked_post = 0;
s->end_header = 0;
@@ -1167,6 +1168,34 @@
{
HTTPContext *s = h->priv_data;
int len;
+
+ if (s->chunksize != UINT64_MAX) {
+ if (!s->chunksize) {
+ char line[32];
+ int err;
+
+ do {
+ if ((err = http_get_line(s, line, sizeof(line))) < 0)
+ return err;
+ } while (!*line); /* skip CR LF from last chunk */
+
+ s->chunksize = strtoull(line, NULL, 16);
+
+ av_log(h, AV_LOG_TRACE,
+ "Chunked encoding data size: %"PRIu64"'\n",
+ s->chunksize);
+
+ if (!s->chunksize)
+ return 0;
+ else if (s->chunksize == UINT64_MAX) {
+ av_log(h, AV_LOG_ERROR, "Invalid chunk size %"PRIu64"\n",
+ s->chunksize);
+ return AVERROR(EINVAL);
+ }
+ }
+ size = FFMIN(size, s->chunksize);
+ }
+
/* read bytes from input buffer first */
len = s->buf_end - s->buf_ptr;
if (len > 0) {
@@ -1175,15 +1204,13 @@
memcpy(buf, s->buf_ptr, len);
s->buf_ptr += len;
} else {
- int64_t target_end = s->end_off ? s->end_off : s->filesize;
- if ((!s->willclose || s->chunksize < 0) &&
- target_end >= 0 && s->off >= target_end)
+ uint64_t target_end = s->end_off ? s->end_off : s->filesize;
+ if ((!s->willclose || s->chunksize == UINT64_MAX) && s->off >= target_end)
return AVERROR_EOF;
len = ffurl_read(s->hd, buf, size);
- if (!len && (!s->willclose || s->chunksize < 0) &&
- target_end >= 0 && s->off < target_end) {
+ if (!len && (!s->willclose || s->chunksize == UINT64_MAX) && s->off < target_end) {
av_log(h, AV_LOG_ERROR,
- "Stream ends prematurely at %"PRId64", should be %"PRId64"\n",
+ "Stream ends prematurely at %"PRIu64", should be %"PRIu64"\n",
s->off, target_end
);
return AVERROR(EIO);
@@ -1191,8 +1218,10 @@
}
if (len > 0) {
s->off += len;
- if (s->chunksize > 0)
+ if (s->chunksize > 0) {
+ av_assert0(s->chunksize >= len);
s->chunksize -= len;
+ }
}
return len;
}
@@ -1247,25 +1276,6 @@
return err;
}
- if (s->chunksize >= 0) {
- if (!s->chunksize) {
- char line[32];
-
- do {
- if ((err = http_get_line(s, line, sizeof(line))) < 0)
- return err;
- } while (!*line); /* skip CR LF from last chunk */
-
- s->chunksize = strtoll(line, NULL, 16);
-
- av_log(NULL, AV_LOG_TRACE, "Chunked encoding data size: %"PRId64"'\n",
- s->chunksize);
-
- if (!s->chunksize)
- return 0;
- }
- size = FFMIN(size, s->chunksize);
- }
#if CONFIG_ZLIB
if (s->compressed)
return http_buf_read_compressed(h, buf, size);
@@ -1273,17 +1283,17 @@
read_ret = http_buf_read(h, buf, size);
if ( (read_ret < 0 && s->reconnect && (!h->is_streamed || s->reconnect_streamed) && s->filesize > 0 && s->off < s->filesize)
|| (read_ret == 0 && s->reconnect_at_eof && (!h->is_streamed || s->reconnect_streamed))) {
- int64_t target = h->is_streamed ? 0 : s->off;
+ uint64_t target = h->is_streamed ? 0 : s->off;
if (s->reconnect_delay > s->reconnect_delay_max)
return AVERROR(EIO);
- av_log(h, AV_LOG_INFO, "Will reconnect at %"PRId64" error=%s.\n", s->off, av_err2str(read_ret));
+ av_log(h, AV_LOG_INFO, "Will reconnect at %"PRIu64" error=%s.\n", s->off, av_err2str(read_ret));
av_usleep(1000U*1000*s->reconnect_delay);
s->reconnect_delay = 1 + 2*s->reconnect_delay;
seek_ret = http_seek_internal(h, target, SEEK_SET, 1);
if (seek_ret != target) {
- av_log(h, AV_LOG_ERROR, "Failed to reconnect at %"PRId64".\n", target);
+ av_log(h, AV_LOG_ERROR, "Failed to reconnect at %"PRIu64".\n", target);
return read_ret;
}
@@ -1338,10 +1348,11 @@
{
HTTPContext *s = h->priv_data;
/* until next metadata packet */
- int remaining = s->icy_metaint - s->icy_data_read;
+ uint64_t remaining;
- if (remaining < 0)
+ if (s->icy_metaint < s->icy_data_read)
return AVERROR_INVALIDDATA;
+ remaining = s->icy_metaint - s->icy_data_read;
if (!remaining) {
/* The metadata packet is variable sized. It has a 1 byte header
@@ -1455,7 +1466,7 @@
{
HTTPContext *s = h->priv_data;
URLContext *old_hd = s->hd;
- int64_t old_off = s->off;
+ uint64_t old_off = s->off;
uint8_t old_buf[BUFFER_SIZE];
int old_buf_size, ret;
AVDictionary *options = NULL;
@@ -1466,7 +1477,7 @@
((whence == SEEK_CUR && off == 0) ||
(whence == SEEK_SET && off == s->off)))
return s->off;
- else if ((s->filesize == -1 && whence == SEEK_END))
+ else if ((s->filesize == UINT64_MAX && whence == SEEK_END))
return AVERROR(ENOSYS);
if (whence == SEEK_CUR)
@@ -1621,7 +1632,7 @@
s->buf_ptr = s->buffer;
s->buf_end = s->buffer;
s->line_count = 0;
- s->filesize = -1;
+ s->filesize = UINT64_MAX;
cur_auth_type = s->proxy_auth_state.auth_type;
/* Note: This uses buffering, potentially reading more than the
diff -Nru ffmpeg-3.2.1/libavformat/idroqdec.c ffmpeg-3.2.2/libavformat/idroqdec.c
--- ffmpeg-3.2.1/libavformat/idroqdec.c 2016-10-22 01:52:30.000000000 +0200
+++ ffmpeg-3.2.2/libavformat/idroqdec.c 2016-12-06 00:28:58.000000000 +0100
@@ -157,6 +157,9 @@
chunk_size = AV_RL32(&preamble[2]) + RoQ_CHUNK_PREAMBLE_SIZE * 2 +
codebook_size;
+ if (chunk_size > INT_MAX)
+ return AVERROR_INVALIDDATA;
+
/* rewind */
avio_seek(pb, codebook_offset, SEEK_SET);
diff -Nru ffmpeg-3.2.1/libavformat/oggparsespeex.c ffmpeg-3.2.2/libavformat/oggparsespeex.c
--- ffmpeg-3.2.1/libavformat/oggparsespeex.c 2016-10-22 01:52:30.000000000 +0200
+++ ffmpeg-3.2.2/libavformat/oggparsespeex.c 2016-12-06 00:28:58.000000000 +0100
@@ -78,6 +78,13 @@
spxp->packet_size = AV_RL32(p + 56);
frames_per_packet = AV_RL32(p + 64);
+ if (spxp->packet_size < 0 ||
+ frames_per_packet < 0 ||
+ spxp->packet_size * (int64_t)frames_per_packet > INT32_MAX / 256) {
+ av_log(s, AV_LOG_ERROR, "invalid packet_size, frames_per_packet %d %d\n", spxp->packet_size, frames_per_packet);
+ spxp->packet_size = 0;
+ return AVERROR_INVALIDDATA;
+ }
if (frames_per_packet)
spxp->packet_size *= frames_per_packet;
diff -Nru ffmpeg-3.2.1/libavformat/rtmppkt.c ffmpeg-3.2.2/libavformat/rtmppkt.c
--- ffmpeg-3.2.1/libavformat/rtmppkt.c 2016-06-27 01:54:30.000000000 +0200
+++ ffmpeg-3.2.2/libavformat/rtmppkt.c 2016-12-06 00:28:58.000000000 +0100
@@ -235,6 +235,14 @@
if (hdr != RTMP_PS_TWELVEBYTES)
timestamp += prev_pkt[channel_id].timestamp;
+ if (prev_pkt[channel_id].read && size != prev_pkt[channel_id].size) {
+ av_log(NULL, AV_LOG_ERROR, "RTMP packet size mismatch %d != %d\n",
+ size,
+ prev_pkt[channel_id].size);
+ ff_rtmp_packet_destroy(&prev_pkt[channel_id]);
+ prev_pkt[channel_id].read = 0;
+ }
+
if (!prev_pkt[channel_id].read) {
if ((ret = ff_rtmp_packet_create(p, channel_id, type, timestamp,
size)) < 0)
diff -Nru ffmpeg-3.2.1/libavformat/utils.c ffmpeg-3.2.2/libavformat/utils.c
--- ffmpeg-3.2.1/libavformat/utils.c 2016-11-26 03:12:05.000000000 +0100
+++ ffmpeg-3.2.2/libavformat/utils.c 2016-12-06 00:28:58.000000000 +0100
@@ -2597,11 +2597,14 @@
if (ic->nb_programs > 1) {
for (i = 0; i < ic->nb_programs; i++) {
p = ic->programs[i];
- if (p->start_time != AV_NOPTS_VALUE && p->end_time > p->start_time)
+ if (p->start_time != AV_NOPTS_VALUE &&
+ p->end_time > p->start_time &&
+ p->end_time - (uint64_t)p->start_time <= INT64_MAX)
duration = FFMAX(duration, p->end_time - p->start_time);
}
- } else
+ } else if (end_time >= start_time && end_time - (uint64_t)start_time <= INT64_MAX) {
duration = FFMAX(duration, end_time - start_time);
+ }
}
}
if (duration != INT64_MIN && duration > 0 && ic->duration == AV_NOPTS_VALUE) {
@@ -3361,7 +3364,7 @@
int64_t max_subtitle_analyze_duration;
int64_t probesize = ic->probesize;
int eof_reached = 0;
- int64_t *missing_streams = av_opt_ptr(ic->iformat->priv_class, ic->priv_data, "missing_streams");
+ int *missing_streams = av_opt_ptr(ic->iformat->priv_class, ic->priv_data, "missing_streams");
flush_codecs = probesize > 0;
diff -Nru ffmpeg-3.2.1/RELEASE ffmpeg-3.2.2/RELEASE
--- ffmpeg-3.2.1/RELEASE 2016-11-26 03:12:05.000000000 +0100
+++ ffmpeg-3.2.2/RELEASE 2016-12-06 00:28:58.000000000 +0100
@@ -1 +1 @@
-3.2.1
+3.2.2
diff -Nru ffmpeg-3.2.1/tools/zmqsend.c ffmpeg-3.2.2/tools/zmqsend.c
--- ffmpeg-3.2.1/tools/zmqsend.c 2016-03-29 04:25:36.000000000 +0200
+++ ffmpeg-3.2.2/tools/zmqsend.c 2016-12-06 00:28:58.000000000 +0100
@@ -53,7 +53,7 @@
{
AVBPrint src;
char c, *src_buf, *recv_buf;
- int recv_buf_size, ret;
+ int recv_buf_size, ret = 0;
void *zmq_ctx, *socket;
const char *bind_address = "tcp://localhost:5555";
const char *infilename = NULL;
diff -Nru ffmpeg-3.2.1/VERSION ffmpeg-3.2.2/VERSION
--- ffmpeg-3.2.1/VERSION 2016-11-26 03:12:05.000000000 +0100
+++ ffmpeg-3.2.2/VERSION 2016-12-06 00:28:58.000000000 +0100
@@ -1 +1 @@
-3.2.1
+3.2.2
--- End Message ---
