- 09 Jul, 2019 4 commits
-
-
Andreas Rheinhardt authored
1. The loop counter of the substream_directory loop is always less than the number of substreams, yet within the loop it is checked whether it is less than FFMIN(3, s->hdr.num_substreams), although the check for < 3 would suffice. 2. In case the packet is a major sync packet, the last two bytes of the major sync structure were initialized to 0xff and then immediately overwritten afterwards without ever making use of the values just set. 3. When updating the parity_nibble during writing the new substream_directory, the parity_nibble is updated one byte at a time with bytes that might be read from the output packet's data. But one can do both bytes at the same time without resorting to the data just written by XOR'ing with the variable that contains the value that has just been written as a big endian number. This changes the intermediate value of parity_nibble, but in the end it just amounts to a reordering of the sum modulo two that will eventually be written as parity_nibble. Due to associativity and commutativity, this value is unchanged. 4. init_get_bits8 already checks that no overflow happens during the conversion of its argument from bytes to bits. ff_mlp_read_major_sync makes sure not to overread (the maximum size of a major_sync_info is 60 bytes anyway) and last_offset is < 2^13, so that no overflow in the calculation of size can happen, i.e. the check for whether size is >= 0 is unnecessary. But then size is completely unnecessary and can be removed. 5. In case the packet is just passed through, it is unnecessary to read the packet's dts. This is therefore postponed to when we know that the packet is not passed through. 6. Given that it seems overkill to use a bitreader just for one variable, the size of the input access unit is now read directly. 7. A substream's offset (of the end of the substream) is now stored as is (i.e. in units of words). These changes amount to a slight performance improvement: It improved from 5897 decicycles of ten runs with about 262144 runs each (including an insignificant amount -- about 20-25 usually of skips) to 5747 decicycles under the same conditions. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Several checks (e.g. when the size of the input packet is too small) simply used "goto fail", but didn't set the return value appropriately for an error. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
If truehd_core strips Atmos data away, three parts of the output differ in size compared to the input access unit: a) The major_sync_info block if the extra_channel_meaning_data is present, as the newly written output never contains said block; b) the substream_directory (because entries relating to discarded substreams are discarded, too); and c) the actual substream data. b) and c) have already been taken into account when choosing the size of the output packet, but a) has been forgotten. This is also the reason behind the end of the output buffer having been uninitialized until 801d78f0. The workaround added in said commit has been removed, too. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
The most serious bit of the substream_info header field (in a mayor sync packet) indicates whether a 16-channel presentation is present in the bitstream. If set, the extended_substream_info header field contains information about the 16-channel presentation. This presentation always uses substream 3, a substream that is discarded by truehd_core. So substream_info needs to be changed to no longer indicate the presence of a 16-channel presentation in order for truehd_core's output to be consistent. This is implemented in this commit. This change also makes MediaInfo no longer display the presence of Atmos in the output of truehd_core. Also, set the (now irrelevant) extended_substream_info field to zero as this seems to be the common value for ordinary TrueHD. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
- 08 Jul, 2019 36 commits
-
-
Andreas Rheinhardt authored
This has been forgotten in 44cde38c. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Given the recent changes to ff_cbs_delete_unit, it is no longer sensible to use a return value for ff_cbs_h264_delete_sei_message; instead, use asserts to ensure that the required conditions are met and remove the callers' checks for the return value. Also, document said conditions. An assert that is essentially equivalent to the one used in ff_cbs_delete_unit has been removed, too. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
ff_cbs_delete_unit never fails if the index of the unit to delete is valid, as it is with all current callers of the function. So just assert in ff_cbs_delete_unit that the index is valid and change the return value to void in order to remove the callers' checks for whether ff_cbs_delete_unit failed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Thilo Borgmann authored
-
Thilo Borgmann authored
-
Thilo Borgmann authored
-
Thilo Borgmann authored
-
Thilo Borgmann authored
-
Thilo Borgmann authored
-
Thilo Borgmann authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147475672 + 8192 cannot be represented in type 'int' Fixes: 15415/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5712074128228352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: division by 0 Fixes: 15480/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5746727434321920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 15530/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5637370344374272 Fixes: signed integer overflow: 65312 * 65312 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2040 * 1187872 cannot be represented in type 'int' Fixes: 15368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV20_fuzzer-5681657136283648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
libtta 2.3 has a limit of 6 channels, so 16 is substantially above the "official" already Fixes: OOM Fixes: 15249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5643988125614080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (76 sec -> 24 sec) Fixes: 15043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5699856238116864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 15286/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5658245101780992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 20242 * 121095 cannot be represented in type 'int' Fixes: 15310/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5737051745419264 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Infinite loop Fixes: 15337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5757428949319680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147483646 + 2 cannot be represented in type 'int' Fixes: infinite loop Fixes: 15396/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5116605501014016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Instead we ask for a sample, its unclear what to do in this case. Fixes: index 30 out of bounds for type 'int8_t [30][64]' Fixes: 15339/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5749441484554240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1106434976 + 1041773512 cannot be represented in type 'int' Fixes: 15421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5669209314426880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -1027919784 + -1120041624 cannot be represented in type 'int' Fixes: 15406/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5700646528876544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: OOM Fixes: 15410/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-5659464805384192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This checks the ham value much stricter and avoids hitting cases which cannot be reached with data from the libavformat demuxer. Fixes: out of array access Fixes: 15320/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5080476840099840 Fixes: 15423/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5630765833912320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 6494225984479297536 - -6043795377581187040 cannot be represented in type 'long' Fixes: 15285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5632780307791872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself Fixes: 15289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5709034499342336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 15360/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5653837190266880 Fixes: 15412/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5740537648250880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-