From 7966786250d9581891e0859f769a63f35a5c2729 Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Thu, 25 Jul 2019 15:54:49 -0700
Subject: [PATCH] lafv/wavdec: Fail bext parsing on incomplete reads
avio_read can successfully return even when less than the requested
amount of input was read. wavde
From 031e96bd481b7b8d0c11e5353f74fafc69e37f09 Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Tue, 10 Apr 2018 13:59:25 -0700
Subject: [PATCH] lavc/libopusdec: Allow avcodec_open2 to call .close
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allo
Friendly ping. I'd like to not have to land this in Chromium before upstream
ffmpeg, but I may need to soon.
On Tue, Mar 6, 2018 at 6:43 AM, Michael Niedermayer
wrote:
> Fixes: runtime error: signed integer overflow: 5 * -2147483647 cannot be
> represented in type 'int'
> Fixes: Chromium bug 81
Friendly ping. I'd like to not have to land this in Chromium before upstream
ffmpeg, but I may need to soon.
On Tue, Mar 6, 2018 at 1:56 PM, Michael Niedermayer
wrote:
> Fixes: Chromium bug 800123
> Reported-by: Matt Wolenetz
> Reviewed-by: Matt Wolenetz
> Signed-off-by: Michael Niedermayer
Friendly ping. I'd like to not have to land this in Chromium before upstream
ffmpeg, but I may need to soon.
On Tue, Mar 6, 2018 at 1:56 PM, Michael Niedermayer
wrote:
> Fixes: Chromium bug 800123
> Reported-by: Matt Wolenetz
> Reviewed-by: Matt Wolenetz
> Signed-off-by: Michael Niedermayer
SGTM. Thanks James.
On Tue, Mar 6, 2018 at 6:23 AM, James Almer wrote:
> On 3/5/2018 10:04 PM, Matthew Wolenetz wrote:
> > Perhaps true, but there are a ton of paths to ff_alloc_extradata that are
> > not included in Chromium. Such a wider, general, fix seems more
> appro
Mar 5, 2018 at 2:10 PM, James Almer wrote:
> On 3/5/2018 6:54 PM, Matthew Wolenetz wrote:
> >
> > 0001-lavf-oggparseflac-Free-flac-extradata-before-realloc.patch
> >
> >
> > From 5d28b92d9d164b104e9a47b8183cd7ddedfde366 Mon Sep 17 00:00:00 2001
> > From: Matt
From 7471c1d223b860c13793abfd93174d1557f77d6f Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Mon, 5 Mar 2018 15:59:18 -0800
Subject: [PATCH] lavc/vorbisdec: Allow avcodec_open2 to call .close
If there is a decoder initialization failure detected in avcodec_open2
after .init is called, allow
From 5d28b92d9d164b104e9a47b8183cd7ddedfde366 Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Mon, 5 Mar 2018 12:36:28 -0800
Subject: [PATCH] lavf/oggparseflac: Free flac extradata before reallocating.
Otherwise ff_alloc_extradata() just leaks any existing allocated
memory.
BUG=789835
Chang
From c40925a0d3ec1397cd6ed7d29bae573c5bdf1ec2 Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Fri, 2 Mar 2018 15:12:41 -0800
Subject: [PATCH] ffmpeg: Initialize a potential gap in ctts_data in
mov_build_index
mov_read_ctts ignores ctts entries having count <= 0. Generally, the
aggregate of a
I've separated and updated the mov_read_{senc,saiz}() patch, attached.
It avoids allocation wraps in those two functions.
On Wed, Feb 8, 2017 at 3:48 PM, Matthew Wolenetz
wrote:
> I've separated and updated the mov_read_udta_string() patch, attached.
> It prevents accessing MOVC
I've separated and updated the mov_read_udta_string() patch, attached.
It prevents accessing MOVContext.meta_keys[0] in that method. That array is
1-based.
On Wed, Dec 14, 2016 at 5:40 PM, Andreas Cadhalpun <
andreas.cadhal...@googlemail.com> wrote:
> On 15.12.2016 00:37, Matthew
Updated to SIZE_MAX. Thank you for your comments.
On Wed, Dec 14, 2016 at 5:39 PM, Andreas Cadhalpun <
andreas.cadhal...@googlemail.com> wrote:
> On 15.12.2016 00:36, Matthew Wolenetz wrote:
> > From 9d45f272a682b0ea831c20e36f696e15cc0c55fe Mon Sep 17 00:00:00 2001
> >
Updated to SIZE_MAX. Thank you for your comments.
On Thu, Dec 15, 2016 at 5:23 PM, Andreas Cadhalpun <
andreas.cadhal...@googlemail.com> wrote:
> On 15.12.2016 03:25, James Almer wrote:
> > On 12/14/2016 10:39 PM, Andreas Cadhalpun wrote:
> >> On 15.12.2016 00:34
ssue...
Notably, windows still hit this (VS2015 Update 3 19.00.24213.1) *even with
-O2.*
On Thu, Dec 15, 2016 at 1:06 AM, Carl Eugen Hoyos
wrote:
> 2016-12-15 0:31 GMT+01:00 Matthew Wolenetz :
> > Some toolchains failed to link a dynamic library containing wavdec.c,
> > bu
Ah, you're right. My fix was based on a slightly earlier version that
didn't yet have your fix in it. Disregard my patch.
Matt
On Wed, Dec 14, 2016 at 5:43 PM, Andreas Cadhalpun <
andreas.cadhal...@googlemail.com> wrote:
> On 15.12.2016 00:39, Matthew Wolen
Per spec, if cts_offset is negative, the trun box version needs to be set
to 1. Yet I see no corresponding condition around this in
libavformat/movenc.c; version is hardcoded to 0 and the *signed int32*
typed value (track->cluster[i].cts) is written out (with a conversion to
unsigned int32 with sam
Some toolchains failed to link a dynamic library containing wavdec.c,
but with either CONFIG_SPDIF_DEMUXER or CONFIG_W64_DEMUXER disabled.
This change adds #if's to explicitly exclude code rather than depend on
toolchain code elision of same condition using "if".
Reference https://crbug.com/591845.
MPEG Audio frame header must be 4 bytes. If we fail to read
4 bytes bail early to avoid Use-of-uninitialized-value msan error.
Reference https://crbug.com/666874.
From 5ed6e20c09840320784c43b86b75b3ede69742f6 Mon Sep 17 00:00:00 2001
From: Chris Cunningham
Date: Tue, 22 Nov 2016 13:54:50 -0800
Sub
Similar to existing lavc/vorbisdec.c code which first checks that
avc->channels is valid for accessing ff_vorbis_channel_layouts, this
change adds protection to libopusdec.c to prevent accessing that
array with a negative index. Reference https://crbug.com/666794.
From 141e56ccf7fc56646424484d357b6
In ff_index_search_timestamp(), if b == num_entries,
m == num_entries - 1, and entries[m].flags & AVINDEX_DISCARD_FRAME is
true, then the search for the next non-discarded packet could access
entries[nb_entries], exceeding its bounds. This change adds a protection
against that scenario. Reference:
Core of patch is from p...@paulmehta.com
Reference https://crbug.com/643952
From 8622f9398e7c89a664c4c2ceff9d35b89ff17bb5 Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Tue, 6 Dec 2016 12:54:23 -0800
Subject: [PATCH] lavf/mov.c: Avoid heap allocation wraps and OOB in
mov_read_{senc,saiz,udta_
Core of patch is from p...@paulmehta.com
Reference https://crbug.com/643951
From 9d45f272a682b0ea831c20e36f696e15cc0c55fe Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Tue, 6 Dec 2016 12:33:08 -0800
Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
Core of patch is fro
Core of patch is from p...@paulmehta.com
Reference https://crbug.com/643950
From fd878457cd55690d4a27d74411b68a30c9fb2313 Mon Sep 17 00:00:00 2001
From: Matt Wolenetz
Date: Fri, 2 Dec 2016 18:10:39 -0800
Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
Core of patch is fro
24 matches
Mail list logo
