- 15 Jun, 2020 8 commits
-
-
Andreas Rheinhardt authored
By default, a demuxer's read_close function is not called automatically if an error happens when reading the header; instead it is up to the demuxer to clean up after itself in this case. The mov demuxer did this by calling its read_close function when it encountered some errors when reading the header. Yet for other errors (mostly adding side-data to streams) this has been forgotten, so that all the internal structures of the demuxer leak. This commit fixes this by making sure mov_read_close is called when necessary. Signed-off-by:Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit ac378c535be907ee383dafb430be7216a2920982)
-
Andreas Rheinhardt authored
Fixes possible leaks of id3v2 metadata as well as an AVDES struct in case the content is encrypted and an error happens lateron. Signed-off-by: -
Andreas Rheinhardt authored
In certain error scenarios, the underlying Matroska demuxer was not properly closed, causing leaks. Signed-off-by: -
Andreas Rheinhardt authored
When demuxing a Matroska/WebM file, streams are added for tracks and for attachments, so that the array containing the former can be NULL even when the corresponding AVFormatContext has streams. So check for there to be tracks in the MatroskaDemuxContext instead of just streams in the AVFormatContext before dereferencing the pointer to the tracks. Signed-off-by: -
Andreas Rheinhardt authored
matroska_parse_block currently asserts that the duration is not equal to AV_NOPTS_VALUE, but there is nothing that actually guarantees this. It is easy to create (spec-compliant) files which run into this assert; so replace it and instead cap the duration to INT64_MAX, as the duration field of an AVPacket is an int64_t. Signed-off-by: -
Andreas Rheinhardt authored
EBML binary elements are already made reference-counted when read; so when populating the AVStream.attached_pic, one does not need to allocate a new buffer for the data; instead the current code just creates a new reference to the underlying AVBuffer. But this can be improved even further: Just move the already existing reference. This also fixes a memleak that happens upon error because matroska_read_close has not been called in this scenario. Signed-off-by: -
Andreas Rheinhardt authored
c801ab43 caused a regression: The stream number is now parsed with strtoll without a fixed basis; as a consequence, the "010" in a variant stream mapping like "a:010" is now treated as an octal number (i.e. as eight, not ten). This was not intended and may break some scripts, so this commit restores the old behaviour. Signed-off-by:
-
Andreas Rheinhardt authored
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit is so big that it extends beyond the end of the input packet; it does so only implicitly by using the checked version of the bytestream2 API. But this has downsides compared to real checks: It can lead to huge allocations (up to 2GiB) even when the input packet is just a few bytes. And furthermore it leads to uninitialized data being output. So add a check to error out early if it happens. Also check directly whether there is enough data for the length field. Reviewed-by:
Michael Niedermayer <michael@niedermayer.cc> Signed-off-by:
-
- 14 Jun, 2020 30 commits
-
-
Michael Niedermayer authored
Name suggested by Kieran O Leary and Reto Kromer Signed-off-by: -
Michael Niedermayer authored
Fixes: memleak Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744 Suggested-by:
Marton Balint <cus@passwd.hu> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: assertion failure Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Alternatively these conditions could be treated as errors Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long') Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Timeout (longer than my patience vs 1sec) Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int' Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: shift exponent 35 is too large for 32-bit type 'int' Fixes: 22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int' Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int' Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768 Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Lynne on IRC Signed-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: passing zero to clz(), which is not a valid argument Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: memleaks Fixes: 23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Assertion failure Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: division by zero Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Timeout (85sec -> 0.5sec) Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360 Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656 Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Found-by: Kieran Signed-off-by:
-
Michael Niedermayer authored
Fixes: integer overflow Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: left shift of 243 by 24 places cannot be represented in type 'int' Fixes: 22716/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5704263425851392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Dale Curtis authored
Signed-off-by:
Dale Curtis <dalecurtis@chromium.org> Signed-off-by:
-
James Almer authored
If this happens, it's a sign of parsing issues earlier in the process, or misuse by the calling module. Prevents writing invalid bitstreams. Reviewed-by:
James Almer <jamrial@gmail.com> (cherry picked from commit 318a1a383dc0312ad5b4afec0ddf0d8d231f5c79)
-
James Almer authored
If this happens, it's a sign of parsing issues earlier in the process, or misuse by the calling module. Prevents writing invalid bitstreams. Reviewed-by:
-
Marton Balint authored
Max region ID is 87. Also the region affects not only the G0 charset but G2 and the national subset as well. Signed-off-by: -
David Holroyd authored
Previously, prompeg_write() would only report to caller that bytes we written when a FEC packet was actually created. Not all RTP packets are expected to generate a FEC packet however, so this behavior was causing avio to retry writing the RTP packet, eventually forcing the FEC state machine to send a FEC packet erroneously (and so breaking out of the retry loop). This was resulting in incorrect FEC data being generated, and far too many FEC packets to be sent (~100% FEC overhead). fix #7863 Signed-off-by:David Holroyd <david.holroyd@m2amedia.tv> (cherry picked from commit ffc1208266c2890a1b0e2391e0a536fe9698e69c)
-
Steven Liu authored
fix ticket: 8673 set the default EXTINF duration to 1ms if duration is smaller than 1ms Signed-off-by:Steven Liu <lq@chinaffmpeg.org> (cherry picked from commit 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc)
-
Steven Liu authored
fix ticket: 8688 should goto failed workflow if cannot get usable string by ff_make_absolute_url Signed-off-by: -
Steven Liu authored
fix ticket: 8687 workflow should return if there have no value of strchr Signed-off-by:
-
- 11 Jun, 2020 1 commit
-
-
Anton Khirnov authored
It is a constant known at codec init, so set it in ff_frame_thread_init(). Also, only set it for video, since the meaning of this field is not well-defined for audio with frame threading. Fixes availability of delay in callbacks invoked from the per-thread contexts after 1f4cf92c. (cherry picked from commit 6943ab688d0c75dbab3222b5b80457ab72a0615f)
-
- 09 Jun, 2020 1 commit
-
-
James Almer authored
current_picture was not writable here because a reference existed in at least avctx->coded_frame, and potentially elsewhere if the caller created new ones from it. Signed-off-by:
-
