- 11 Aug, 2019 25 commits
-
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
Fixes the following ubsan errors with the sample from ticket #7980: libavcodec/zmbvenc.c:243:29: runtime error: left shift of negative value -4 libavcodec/zmbvenc.c:244:28: runtime error: left shift of negative value -2
-
Marton Balint authored
Otherwise the user might get a silence padded frame in the beginning or in the middle of the encoding. Some other bug uncovered this: ./ffmpeg -loglevel verbose -y -f data -i /dev/zero \ -filter_complex "nullsrc=s=60x60:d=10[v0];sine=d=10[a]" \ -map '[v0]' -c:v:0 rawvideo \ -map '[a]' -c:a:0 mp2 \ -f mpegts out.ts Signed-off-by: Marton Balint <cus@passwd.hu>
-
Michael Niedermayer authored
Fixes: Timeout (86sec -> 8sec) [these numbers assume also "[FFmpeg-devel] [PATCH 2/5] [RFC] avcodec/hevcdec: Check for overread in hls_decode_entry()"] Fixes: 15702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657764929470464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This makes the changed code-path faster. Change not tested except with the fuzzer testcase as I found no other testcase. Improves: Timeout (136sec -> 74sec) Improves: 16040/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5705876062601216 Reviewed-by: Paul B Mahol <onemda@gmail.com> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-
Michael Niedermayer authored
This may break some valid tiff files, it appears the specification does not require the offsets to be increasing. They increase in the 2 test files i have though except the last offset which is 0 (an end marker) and for which a special case is added to avoid asking for a sample for that end marker. See: [FFmpeg-devel] [PATCH 2/2] avcodec/tiff: Detect infinite retry loop for an alternative implementation Fixes: Timeout (Infinite -> Finite) Fixes: 15706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5114674904825856 This variant was requested by paul on IRC Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in type 'int' Fixes: 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Not found by the fuzzer Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (Infinite -> Finite) Fixes: 16010/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638616102993920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 15817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5636626409062400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This also makes the code consistent with the existing similar MUL64() in decode_var_block_data() Fixes: signed integer overflow: -7277630735906765035 + -3272193951413647896 cannot be represented in type 'long' Fixes: 16015/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5666552818434048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147483424 - -1772303236 cannot be represented in type 'int' Fixes: 15708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5067890362941440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: shift exponent -1 is negative Fixes: 16039/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5656825657032704 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
assuming each block contains an empty chunk there has to be at least 8 bytes extra. Fixes: 15327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5676669303521280 Fixes: Timeout (11->5sec) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -9 Fixes: 15299/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5660922678345728 Fixes: 15557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5673351911047168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -5 Fixes: 15294/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5733921754447872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int' Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Limin Wang authored
The current function will report one error message, but the caller func haven't check it, so change the default to process as AVCOL_TRC_UNSPECIFIED. Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Rick Kern <kernrj@gmail.com>
-
Limin Wang authored
Below is the testing ffmpeg command for the setting: ./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc smpte2084 smpte2048.ts ./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc linear linear.ts ./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc arib-std-b67 hlg.ts Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Rick Kern <kernrj@gmail.com>
-
Thilo Borgmann authored
-
Carl Eugen Hoyos authored
Fixes the following ubsan error: libavcodec/r210enc.c:69:28: runtime error: left shift of 522 by 22 places cannot be represented in type 'int' Fixes ticket #7982.
-
- 10 Aug, 2019 7 commits
-
-
Carl Eugen Hoyos authored
Fixes ticket #7985.
-
Carl Eugen Hoyos authored
Fixes ticket #7981.
-
Carl Eugen Hoyos authored
Fixes remaining part of ticket #8071 on next version bump.
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
Spotted-by: James Almer
-
Carl Eugen Hoyos authored
Fixes ticket #8071.
-
Carl Eugen Hoyos authored
-
- 09 Aug, 2019 2 commits
-
-
Olivier Maignial authored
=== PROBLEM === I was trying to record h264 + aac streams from an RTSP server to mp4 file. using this command line: ffmpeg -v verbose -y -i "rtsp://<ip>/my_resources" -codec copy -bsf:a aac_adtstoasc test.mp4 FFmpeg then fail to record audio and output this logs: [rtsp @ 0xcda1f0] The profile-level-id field size is invalid (40) [rtsp @ 0xcda1f0] Error parsing AU headers ... [rtsp @ 0xcda1f0] Could not find codec parameters for stream 1 (Audio: aac, 48000 Hz, 1 channels): unspecified sample format In SDP provided by my RTSP server I had this fmtp line: a=fmtp:98 streamType=5; profile-level-id=40; mode=AAC-hbr; config=1188; sizeLength=13; indexLength=3; indexDeltaLength=3; In FFmpeg code, I found a check introduced by commit 24130234. It disallows values greater than 32 for fmtp line parameters. RFC-4566 (SDP: Session Description Protocol) do not give any limit of size on interger parameters given in an fmtp line. However, In RFC-6416 (RTP Payload Format for MPEG-4 Audio/Visual Streams) give examples of "profile-level-id" values for AAC, up to 55. === FIX === As each parameter may have its own min and max values I propose to introduce a range for each parameter. For this patch I used RFC-3640 and ISO/IEC 14496-1 as reference for validity ranges. This patch fix my problem and I now can record my RTSP AAC stream to mp4. It has passed the full fate tests suite sucessfully. Signed-off-by: Olivier Maignial <olivier.maignial@smile.fr> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andriy Gelman authored
This patch avoids a read past the end of the input buffer in memcpy since the size of the received zmq message is recv_buf_size - 1. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 08 Aug, 2019 6 commits
-
-
Michael Niedermayer authored
The awnser which most people will seek is put first Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Jun Zhao authored
Document dts_error_threshold option. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Only add sequence end code for mpeg1/mpeg2 video, or else use the encoder libx264 or libx265 in this sample, decoding the output file will get unknow NALU type error. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Use error level when get invalid sidedata, and remove a unnecessary newline in error message. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
support mastering display sidedata. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Add http_seekable option for HTTP partial requests, when The EXT-X-BYTERANGE tag indicates that a Media Segment is a sub-range of the resource identified by its URI, we can use HTTP partial requests to get the Media Segment. Reviewed-by: Steven Liu <lq@chinaffmpeg.org> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-