FFmpeg

Author	SHA1	Message	Date
Michael Niedermayer	a772aaf5dc	avcodec/flacdec: Fix signed integer overflow in decode_subframe_fixed() Fixes undefined behavior Fixes: 640912-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `83a75bf6c3`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	c39e8d05f5	avcodec/flacdsp_template: Fix undefined shift in flac_decorrelate_indep_c Fixes: left shift of negative value Fixes: 668346-media Found-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `acc163c6ab`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	2fb7eb05dc	avcodec/flac_parser: Update nb_headers_buffered Fixes infinite loop Fixes: fuzz.flac Found-by: Frank Liberato <liberato@google.com> Reviewed-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2475858889`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
Michael Niedermayer	2d51cb1d0a	avcodec/me_cmp: Fix median_sad size Fixes out of array read Fixes: COV1396255 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `d9883ded34`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-12-06 00:07:50 +01:00
James Almer	c269c43a83	avcodec/aac_adtstoasc_bsf: validate and forward extradata if the stream is already ASC Fixes ticket #5973 Reviewed-by: Hendrik Leppkes <h.leppkes@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `6e1902bab4`)	2016-11-25 18:51:00 -03:00
Andreas Cadhalpun	d147114b9d	mss2: only use error correction for matching block counts This fixes a heap-buffer-overflow in ff_er_frame_end when decoding mss2 with coded_width/coded_height larger than width/height. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `2566ad98b0`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-25 22:22:19 +01:00
Andreas Cadhalpun	a6a2d9d1e5	libopusdec: default to stereo for invalid number of channels This fixes an out-of-bounds read if avc->channels is 0. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `8c8f543b81`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-25 22:22:11 +01:00
Andreas Cadhalpun	1dc59aaf61	pgssubdec: only set w/h/linesize when allocating data Rects with positive w/h/linesize but no data are invalid. Reviewed-by: Petri Hintukainen <phintuka@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `995512328e`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-25 22:21:52 +01:00
Andreas Cadhalpun	d8364f4e1d	smacker: limit recursion depth of smacker_decode_bigtree This fixes segmentation faults due to stack-overflow caused by too deep recursion. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `946ecd19ea`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-25 22:21:39 +01:00
Michael Niedermayer	e9f3cc7fc7	avcodec/ass_split: Change order of operations in ass_split_section() This matches the other branch Fixes out of array read Fixes: 4d142ca76d39fe685effcf5017098723/asan_heap-oob_31ae824_8611_348fdb64f9009b63c8a8eae9a0e497c5.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `ae514b1254`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-23 20:29:31 +01:00
James Almer	ee56777379	avcodec/rawdec: check for side data before checking its size Fixes valgrind warnings about usage of uninitialized values. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `51e329918d`)	2016-11-19 23:50:37 -03:00
James Almer	3bd7ad58a7	avcodec/avpacket: fix leak on realloc in av_packet_add_side_data() If realloc fails, the pointer is overwritten and the previously allocated buffer is leaked, which goes against the expected behavior of keeping the packet unchanged in case of error. Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `574929d8b6`)	2016-11-19 20:24:54 -03:00
James Almer	cf655d1643	Revert "apngdec: use side data to pass extradata to the decoder" This reverts commit `e0c6b32046`. Said commit changed the behavior of the demuxer and decoder in a non backwards compatible way. Demuxers should make extradata available at init if possible, and send new extradata as side data within a packet if needed. A better fix for the remuxing crash will follow. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit `16c429166d`)	2016-11-18 12:33:21 -03:00
Martin Vignali	08f26d99b5	libavcodec/exr : fix channel size calculation for uint32 channel uint32 need 4 bytes not 1. Fix decoding when there is half/float and uint32 channel. This fixes crashes due to pointer corruption caused by invalid writes. The problem was introduced in commit `03152e74df`. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `52da3f6f70`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:37:05 +01:00
Andreas Cadhalpun	c7d38efbc2	exr: fix out-of-bounds read channel_index can be -1. This problem was introduced in commit `2dd7b46132`. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `ffdc5d09e4`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:19:01 +01:00
Andreas Cadhalpun	cbc9d46066	libschroedingerdec: fix leaking of framewithpts Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `3c0328d58d`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:18:56 +01:00
Andreas Cadhalpun	2b863d4e9b	libschroedingerdec: don't produce empty frames They are not valid and can cause problems/crashes for API users. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `a86ebbf7f6`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:18:53 +01:00
Andreas Cadhalpun	598016b85f	dds: limit 4 bpp handling to AV_PIX_FMT_PAL8 This fixes NULL pointer dereferencing for formats, where frame->data[1] is not allocated. The problem was introduced in commit `257fbc3af4`. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `90ebf3c428`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:18:48 +01:00
Andreas Cadhalpun	a2c7840a6b	mlz: limit next_code to data buffer size This fixes a heap-buffer-overflow detected by AddressSanitizer. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `1abcd972c4`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:18:42 +01:00
Andreas Cadhalpun	039a3e6db8	pnmdec: make sure v is capped by maxval Otherwise put_bits can be called with a value that doesn't fit in the sample_len, causing an assertion failure. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `cdb5479c9d`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:17:58 +01:00
Andreas Cadhalpun	d8affeea82	smvjpegdec: make sure cur_frame is not negative This fixes a heap-buffer-overflow detected by AddressSanitizer. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `360bc0d90a`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:17:20 +01:00
Andreas Cadhalpun	581cce0cca	dvbsubdec: fix division by zero in compute_default_clut This problem was introduced in commit `4b90dcb849`. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `c82b8ef0e4`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:15:52 +01:00
Andreas Cadhalpun	1ed4b52732	proresdec_lgpl: explicitly check coff[3] against slice_data_size The implicit checks via v_data_size and a_data_size don't work in the case '(hdr_size > 7) && !ctx->alpha_info'. This fixes segmentation faults due to invalid reads. This problem was introduced in commit `547c2f002a`. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `1e33035ee7`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:15:47 +01:00
Andreas Cadhalpun	72a2d6ff56	escape124: reject codebook size 0 It causes a cb_depth of 32, leading to assertion failures in get_bits. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `226d35c845`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:15:42 +01:00
Andreas Cadhalpun	1e4979f780	mpegaudio_parser: don't return AVERROR_PATCHWELCOME The API does not allow returning AVERROR codes. It triggers an assert in av_parser_parse2. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `5249706e9d`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:14:01 +01:00
Andreas Cadhalpun	c72ac9ffd0	lzf: update pointer p after realloc This fixes heap-use-after-free detected by AddressSanitizer. Reviewed-by: Luca Barbato <lu_zero@gentoo.org> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `bb6a7b6f75`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:13:19 +01:00
Andreas Cadhalpun	31cebfe789	diracdec: check return code of get_buffer_with_edge If it fails, buffers aren't allocated, causing NULL pointer dereferencing. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `db79dedb1a`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:13:14 +01:00
Andreas Cadhalpun	b9a24cee3b	diracdec: clear slice_params_num_buf on allocation failure Otherwise it can be non-zero next time decode_lowdelay is called, causing slice_params_buf not to be allocated, leading to a NULL pointer dereference. The problem was introduced in commit `dcad4677d6`. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `24d20496d2`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:13:05 +01:00
Andreas Cadhalpun	08b1fd6afb	diracdec: use correct buffer for slice_params_buf realloc This fixes a double-free detected by AddressSanitizer. The problem was introduced in commit `dcad4677d6`. Reviewed-by: Rostislav Pehlivanov <atomnuker@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `8a4ea96448`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:12:58 +01:00
Andreas Cadhalpun	35cb0c47bc	ppc: pixblockdsp: do unaligned block accesses correctly again This was broken by the following Libav commit: `4c387c7` ppc: dsputil: do unaligned block accesses correctly The following tests fail due to this: fate-checkasm fate-vsynth1-dnxhd-2k-hr-hq fate-vsynth1-dnxhd-edge1-hr fate-vsynth1-dnxhd-edge2-hr fate-vsynth1-dnxhd-edge3-hr fate-vsynth1-dnxhd-hr-sq-mov fate-vsynth1-dnxhd-hr-hq-mov fate-vsynth2-dnxhd-2k-hr-hq fate-vsynth2-dnxhd-edge1-hr fate-vsynth2-dnxhd-edge2-hr fate-vsynth2-dnxhd-edge3-hr fate-vsynth2-dnxhd-hr-sq-mov fate-vsynth2-dnxhd-hr-hq-mov fate-vsynth3-dnxhd-2k-hr-hq fate-vsynth3-dnxhd-edge1-hr fate-vsynth3-dnxhd-edge2-hr fate-vsynth3-dnxhd-edge3-hr fate-vsynth3-dnxhd-hr-sq-mov fate-vsynth3-dnxhd-hr-hq-mov Fixes trac ticket #5508. Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `3932ccc472`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:12:50 +01:00
Andreas Cadhalpun	3e33685892	apngdec: use side data to pass extradata to the decoder Fixes remuxing apng streams coming from the apng demuxer. This is a regression since `940b8908b9`. Found-by: James Almer <jamrial@gmail.com> Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `e0c6b32046`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:12:29 +01:00
Andreas Cadhalpun	6e5ccabbe8	interplayacm: increase bitstream buffer size by AV_INPUT_BUFFER_PADDING_SIZE This fixes out-of-bounds reads by the bitstream reader. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `60178e78f2`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:12:09 +01:00
Andreas Cadhalpun	266cf258cc	interplayacm: validate number of channels The number of channels is used as divisor in decode_frame, so it must not be zero to avoid SIGFPE crashes. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `5540d6c134`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:11:57 +01:00
Andreas Cadhalpun	c90d521f16	interplayacm: check for too large b This fixes out-of-bounds reads. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `14e4e26559`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:11:49 +01:00
Andreas Cadhalpun	346fa70bb8	doc: fix spelling errors Reviewed-by: Lou Logan <lou@lrcd.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `1e660fe88d`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:11:34 +01:00
Andreas Cadhalpun	1af7ddecda	apng: use side data to pass extradata to muxer This fixes creating apng files, which is broken since commit `5ef1959080`. Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> (cherry picked from commit `940b8908b9`) Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>	2016-11-17 23:11:12 +01:00
Michael Niedermayer	b9a0172260	avcodec/mpeg4videodec: Workaround interlaced mpeg4 edge MC bug Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2c9106257f`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	3f6aae377a	avcodec/mpegvideo: Fix edge emu buffer overlap with interlaced mpeg4 Fixes Ticket5936 Regression since `c5fc8ae126` Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `85407c7e63`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	0f8de7a3db	avcodec/rv40: Test remaining space in loop of get_dimension() Fixes infinite loop Fixes: 178/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_RV40_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `1546d487cf`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	7e8eb30f40	avcodec/ituh263dec: Avoid spending a long time in slice sync Fixes: 177/fuzz-3-ffmpeg_VIDEO_AV_CODEC_ID_FLV1_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `2baf36caed`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	8deaed3b12	avcodec/movtextdec: Add error message for tsmb_size check Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0eb3198005`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	a0c6b4cfd1	avcodec/movtextdec: Fix tsmb_size check==0 check Fixes: 173/fuzz-3-ffmpeg_SUBTITLE_AV_CODEC_ID_MOV_TEXT_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `a609905723`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	20d0f32012	avcodec/movtextdec: Fix potential integer overflow Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `6ea2715768`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	7521d5b8da	avcodec/sunrast: Fix input buffer pointer check Fixes: out of array read Fixes: poc.dat Found-by: Bingchang, Liu @VARAS of IIE Tested-by: bc L <l.bing.chang.bc@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `37138338ff`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	487accbf19	avcodec/tscc: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `979bca5134`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	fa1ee96026	avcodec/rscc: Fix constant Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `e167610794`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	e8b9337281	avcodec/rawdec: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `5f0bc0215a`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	aa896c182d	avcodec/rscc: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `0f64b6cd22`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	956407b5df	avcodec/msvideo1: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `161ccdaa06`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00
Michael Niedermayer	7821c96dd0	avcodec/qpeg: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit `16793504df`) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>	2016-11-17 12:47:40 +01:00

... 8 9 10 11 12 ...

36944 Commits