- 07 Oct, 2019 17 commits
-
-
Andreas Rheinhardt authored
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
When flushing, MAX_FRAME_HEADER_SIZE bytes (always zero) are supposed to be written to the fifo buffer in order to be able to check the rest of the buffer for frame headers. It was intended to write these by writing a small buffer of size MAX_FRAME_HEADER_SIZE to the buffer. But the way it was actually done ensured that this did not happen: First, it would be checked whether the size of the input buffer was zero, in which case it buf_size would be set to MAX_FRAME_HEADER_SIZE and read_end would be set to indicate that MAX_FRAME_HEADER_SIZE bytes need to be written. Then it would be made sure that there is enough space in the fifo for the data to be written. Afterwards the data is written. The check used here is for whether buf_size is zero or not. But if it was zero initially, it is MAX_FRAME_HEADER_SIZE now, so that not the designated buffer for writing MAX_FRAME_HEADER_SIZE is written; instead the padded buffer (from the stack of av_parser_parse2()) is used. This works because AV_INPUT_BUFFER_PADDING_SIZE >= MAX_FRAME_HEADER_SIZE. Lateron, buf_size is set to zero again. Given that since 7edbd536, the actual amount of data read is no longer automatically equal to buf_size, it is completely unnecessary to modify buf_size at all. Moreover, modifying it is dangerous: Some allocations can fail and because buf_size is never reset to zero in this codepath, the parser might return a value > 0 on flushing. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
For a parser, the input buffer is always != NULL: In case of flushing, the indicated size of the input buffer will be zero and the input buffer will point to a zeroed buffer of size 0 + AV_INPUT_BUFFER_PADDING. Therefore one does not need to check for whether said buffer is NULL or not. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Only decrement the number of buffered headers if a header has actually been freed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
The flac parser uses a fifo to buffer its data. Consequently, when searching for sync codes of flac packets, one needs to take care of the possibility of wraparound. This is done by using an optimized start code search that works on each of the continuous buffers separately and by explicitly checking whether the last pre-wrap byte and the first post-wrap byte constitute a valid sync code. Moreover, the last MAX_FRAME_HEADER_SIZE - 1 bytes ought not to be searched for (the start of) a sync code because a header that might be found in this region might not be completely available. These bytes ought to be searched lateron when more data is available or when flushing. Unfortunately there was an off-by-one error in the calculation of the length to search of the post-wrap buffer: It was too large, because the calculation was based on the amount of bytes available in the fifo from the last pre-wrap byte onwards. This meant that a header might be parsed twice (once prematurely and once regularly when more data is available); it could also mean that an invalid header will be treated as valid (namely if the length of said invalid header is MAX_FRAME_HEADER_SIZE and the invalid byte that will be treated as the last byte of this potential header happens to be the right CRC-8). Should a header be parsed twice, the second instance will be the best child of the first instance; the first instance's score will be FLAC_HEADER_BASE_SCORE - FLAC_HEADER_CHANGED_PENALTY ( = 3) higher than the second instance's score. So the frame belonging to the first instance will be output and it will be done as a zero length frame (the difference of the header's offset and the child's offset). This has serious consequences when flushing, as returning a zero length buffer signals to the caller that no more data will be output; consequently the last frames not yet output will be dropped. Furthermore, a "sample/frame number mismatch in adjacent frames" warning got output when returning the zero-length frame belonging to the first header, because the child's sample/frame number of course didn't match the expected sample frame/number given its parent. filter/hdcd-mix.flac from the FATE-suite was affected by this (the last frame was omitted) which is the reason why several FATE-tests needed to be updated. Fixes ticket #5937. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
The FLACHeaderMarker structure contained a pointer to an array of int; said array was always allocated and freed at the same time as its referencing FLACHeaderMarker; the pointer was never modified to point to a different array and each FLACHeaderMarker had its own unique array. Furthermore, all these arrays had a constant size. Therefore include this array in the FLACHeaderMarker struct. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
FLAC sync codes contain a byte equal to 0xFF and so the function that searches for sync codes first searched for this byte. It did this by checking four bytes at once; these bytes have been read via AV_RB32, but the test works just as well with native endianness. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Put an AVIOContext whose lifetime doesn't extend beyond the function where it is allocated on the stack instead of allocating and freeing it. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andriy Gelman authored
Silence detection can only be set with algorithm version 3. Reviewed-by: Gyan Doshi <ffmpeg@gyani.pro>
-
Andreas Rheinhardt authored
They are not allowed outside of functions. Fixes the warning "ISO C does not allow extra ‘;’ outside of a function [-Wpedantic]" when compiling with GCC and -pedantic. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Paul B Mahol authored
Fixes #8032.
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
This filter changes output size and thus can not have support for timeline.
-
Paul B Mahol authored
-
Paul B Mahol authored
-
- 06 Oct, 2019 14 commits
-
-
Paul B Mahol authored
-
Michael Niedermayer authored
Fixes: null pointer dereference Fixes: 17828/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5645915116797952 Fixes: Ticket8147 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (17sec ->281ms) Fixes: 17833/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5638346914660352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'. Affected the FATE-tests vsynth1-cinepak, vsynth2-cinepak and vsynth_lena-cinepak. Also fixes ticket #8220. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Put an AVIOContext whose lifetime doesn't extend beyond the function where it is allocated on the stack instead of allocating and freeing it. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Jun Zhao authored
Update documentation for flags/flags2 Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Correct the flags for AVCodecContext.flags2. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
fix indentation. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Gyan Doshi <ffmpeg@gyani.pro> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Mengye Lv authored
When used ROUNDED_DIV(a,b), if a is unsigned integer zero, it's will lead to an underflow issue(it called unsigned integer wrapping). Fixes #8062 Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Mengye Lv <mengyelv@tencent.com> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
James Almer authored
Simplifies code. Signed-off-by: James Almer <jamrial@gmail.com>
-
- 05 Oct, 2019 1 commit
-
-
Paul B Mahol authored
-
- 04 Oct, 2019 4 commits
-
-
Zhao Zhili authored
Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
-
Daniel Kolesa authored
The argument to vec_splat_u16 must be a literal. By making the function always inline and marking the arguments const, gcc can turn those into literals, and avoid build errors like: swscale_vsx.c:165:53: error: argument 1 must be a 5-bit signed literal Fixes #7861. Signed-off-by: Daniel Kolesa <daniel@octaforge.org> Signed-off-by: Lauri Kasanen <cand@gmx.com>
-
Daniel Kolesa authored
While this technically compiles in current ffmpeg, this is only because ffmpeg is compiled in strict ISO C mode, which disables the builtin 'vector' keyword for AltiVec/VSX. Instead this gets replaced with a macro inside altivec.h, which defines vector to be actually __vector, which accepts random types. Normally, the vector keyword should be used only with plain scalar non-typedef types, such as unsigned int. But we have the vec_(s|u)(8|16|32) macros, which can be used in a portable manner, in util_altivec.h in libavutil. This is also consistent with other AltiVec/VSX code elsewhere in the tree. Fixes #7861. Signed-off-by: Daniel Kolesa <daniel@octaforge.org> Signed-off-by: Lauri Kasanen <cand@gmx.com>
-
Andreas Rheinhardt authored
The structure of a ProRes frame in mov/mp4 is that of a typical atom: First a 32 bit BE size field, then a tag detailling the content. Said size field includes the eight bytes of the atom header. This header is actually redundant, as the size of the atom is already known from the containing atom. It is therefore stripped away when muxed into Matroska and so the Matroska demuxer has to recreate upon demuxing. But it did not account for the fact that the size field includes the size of the header and this can lead to problems when a decoder uses the in-band size field. Fixes ticket #8210. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
- 03 Oct, 2019 4 commits
-
-
Michael Niedermayer authored
Fixes: memleaks Fixes: 17813/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5145600206569472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -6 Fixes: 17810/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5638541240958976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: null pointer dereference Fixes: signed integer overflow: 512 * 2147483647 cannot be represented in type 'int' Fixes: 17809/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5634409947987968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
The check "if (!pb->seekable & AVIO_SEEKABLE_NORMAL)" is wrong, because ! has higher precendence than &. But it is also redundant, because this part of the code is only ever reached when the AVIO_SEEKABLE_NORMAL flag is set for pb. So simply remove the check. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Matthieu Bouron <matthieu.bouron@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-