- 26 Jun, 2019 10 commits
-
-
Michael Niedermayer authored
Fixes: memleak Fixes: 15297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5746203548975104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2314885530818453536 - -8926099139098304480 cannot be represented in type 'long' Fixes: 15259/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5764366093254656 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -13 Fixes: 15260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5702076048343040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -4483 Fixes: 15256/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5738691617619968 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 214013 * 2531011 cannot be represented in type 'int' Fixes: 15254/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDMC_fuzzer-5698137026461696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: shift exponent 64 is too large for 32-bit type 'int' Fixes: 15253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV10_fuzzer-5671114300194816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: division by zero Fixes: 15257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINTEXT_fuzzer-5757352881422336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 3784 * 682038 cannot be represented in type 'int' Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840 Fixes: 15268/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5666502344179712 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -3447 * 2883584 cannot be represented in type 'int' Fixes: 15265/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5088311799971840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Commit 31f9032b added the audio_preload feature; its goal is to interleave audio earlier than the rest. Unfortunately, it has never ever worked, because the check for whether a packet should be interleaved before or after another packet was completely wrong: When audio_preload vanishes, interleave_compare_dts returns 1 if the new packet should be interleaved earlier than the packet it is compared with and that is what the rest of the code expects. But the codepath used when audio_preload is set does the opposite. Also fixes potential undefined behaviour (namely signed integer overflow). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 25 Jun, 2019 20 commits
-
-
Chris Cunningham authored
Codec information may change while reading ogg packets. Update the stream's internal avctx to match.
-
Xuewei Meng authored
-
Michael Niedermayer authored
Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080 Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664 Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Assertion failure Fixes: crbug971646.mp4 Reported-by: Matt Wolenetz <wolenetz@google.com> Reviewed-by: Matt Wolenetz <wolenetz@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: memleak Fixes: 15171/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5683881644130304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Integer overflow Fixes: 15134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5722635939348480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 15166/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731062396747776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: division by zero Fixes: 15210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5746033243455488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -1539565182 + -798086761 cannot be represented in type 'int' Fixes: 14807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-564925382682214 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -1727985666 - 538976288 cannot be represented in type 'int' Fixes: 15031/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5100228035739648 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (33sec -> 78ms) Fixes: 14668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5767073352908800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Alfred E. Heggestad authored
-
Zhong Li authored
low_power mode will use a fixed HW engine (SFC), thus can offload EU usage. high quality mode will take EU usage (AVS sampler). Performance and EU usage (Render usage) comparsion on Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz: High quality mode : ffmpeg -hwaccel qsv -c:v h264_qsv -i bbb_sunflower_1080p_30fps_normal_2000frames.h264 \ -vf scale_qsv=w=1280:h=736:mode=hq -f null - fps=389 RENDER usage: 28.10 (provided by MSDK metrics_monitor) Low Power mode: ffmpeg -hwaccel qsv -c:v h264_qsv -i ~/bbb_sunflower_1080p_30fps_normal_2000frames.h264 \ -vf scale_qsv=w=1280:h=736:mode=low_power -f null - fps=343 RENDER usage: 0.00 Low power mode (SFC) may be disabled if not supported by MSDK/Driver/HW, and replaced by AVS mode interanlly. Signed-off-by: Zhong Li <zhong.li@intel.com>
-
Andreas Rheinhardt authored
The mov flavour of timed text uses the first two bytes of the packet as a length field. And up until 11bef2fe said length field has been read correctly in the mov2textsub bsf. But since then the next two bytes are read as if they were the length field. This is fixed in this commit. Reviewed-by: Philip Langdale <philipl@overt.org> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
Jun Zhao authored
add automatic bitstream filtering when mux AAC Reported-by: Yabo Wei weiyabogeijing@gmail.com Reviewed-by: Steven Liu<lq@onvideo.cn> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Andreas Rheinhardt authored
Up until now, when an element was skipped, it was relied upon ffio_limit to make sure that there is enough data available to skip. ffio_limit itself relies upon the availability of the file's size. As this needn't be available, the check has been refined: First one byte less than intended is skipped, then another byte is read, followed by a check of the error flags. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
This commit fixes a number of bugs: 1. There was no check that no read error/EOF occured during ebml_read_uint, ebml_read_sint and ebml_read_float. 2. ebml_read_ascii and ebml_read_binary did sometimes not forward error codes; instead they simply returned AVERROR(EIO). 3. In particular, AVERROR_EOF hasn't been used and no dedicated error message for it existed. This has been changed. In order to reduce code duplication, the new error code NEEDS_CHECKING has been introduced which makes ebml_parse check the AVIOContext's status for errors. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
ebml_read_num had a number of flaws: 1. The check for read errors/EOF was totally wrong. E.g. an EBML number beginning with the invalid 0x00 would be considered a read error, although it is just invalid data. 2. The check for read errors/EOF was done just once, after reading the first byte of the EBML number. But errors/EOF can happen inbetween, of course, and this wasn't checked. 3. There was no way to distinguish when EOF should be an error (because the data has to be there) for which an error message should be emitted and when it is not necessarily an error (namely during parsing of EBML IDs). Such a possibility has been added and used. All this was fixed; furthermore, the error messages for invalid EBML numbers were improved and useless initializations were removed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Up until now, webm_dash_manifest_cues used the return values of ebml_read_num and ebml_read_length without checking for errors, i.e. return values < 0. This has been changed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
- 24 Jun, 2019 3 commits
-
-
Andreas Rheinhardt authored
It is only necessary to zero the initial allocated memory used to store the size of laced frames if the block used Xiph lacing. Otherwise no unintialized data was ever used, so use av_malloc instead of av_mallocz. Also use the correct type for the allocations. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Alexander Strasser authored
Get rid of pr dependency and write the columns strictly alphabetical without page size considerations (POSIX specifies 66 lines as default). Setting the page size via pr's -l option was considered, but as there is issue #5680 which wants to avoid pr mainly because it's not in busybox, we chose to replace pr instead. Before pr would attempt to write pages, thus if a page boundary was reached, the output looked confusing as one couldn't see there was a new page and the alphabetical order was disrupted when scanning down one of the columns. This change is based on a shell implementation submitted before by Yejun. Possible differences to the current version using pr: 1. pr implementations should truncate items to not overflow columns; depending on how it's done not truncating shall be better IMHO. 2. pr implementations might balance columns differently; we use minimum number of lines and might end up not using all columns or might have lesser entries in the last column(s) 3. we use spaces only for padding the columns; at least the GNU pr version on my system also by default stuffs in tabs in addition to a single space in between columns. I don't see that this behaviour is demanded by POSIX, though I might be very well overlooking things. Anyway for our use case I can't see a need for having the additional tabs, or why it would be better compared to padding with spaces only. Fixes output for sizes with width < column width, too. Fixes remaining part of ticket #5680 Contributor: Guo, Yejun <yejun.guo@intel.com>
-
Bela Bodecs authored
When multiple variant streams are specified by var_stream_map option, %v is expected either in the filename or in the last sub-directory name, but only in one of them. When both of them contains %v string, current error message only states half of the truth. And even %v may appears several times inside the last sub-directory name or in filename pattern. This patch clarifies this in the log message and in the doc also. Signed-off-by: Bela Bodecs <bodecsb@vivanet.hu>
-
- 23 Jun, 2019 7 commits
-
-
Andreas Rheinhardt authored
Up until now, the SimpleBlock was treated specially: It basically had its own EBML category and it was also included in the BlockGroup EBML syntax (although a SimpleBlock must not exist in a BlockGroup according to the Matroska specifications). The latter fact also meant that a MatroskaBlock's buffer was always unreferenced twice. This has been changed: The type of a SimpleBlock is now an EBML_BIN. The only way in which SimpleBlocks are still different is that they share their associated structure with another unit (namely BlockGroup). This is also used to unref the block: It is always unreferenced via the BlockGroup syntax. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Carl Eugen Hoyos authored
Fixes compilation with --enable-hardcoded-tables. Fixes ticket #7962.
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 15381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5668057826983936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 15372/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5708881759567872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Before this commit, the Matroska muxer would read a block when required to do so, parse the block, create and return the necessary AVPackets and yet keep the blocks (in a dynamically allocated list), although they aren't used at all any more. This has been changed. There is no list any more and the block is immediately discarded after parsing. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Every new element of an EbmlList is zeroed initially in ebml_parse_elem, so that in particular a SimpleBlock's duration is initialized to zero. Therefore it is unnecessary to initialize this field again (for SimpleBlocks) in matroska_parse_cluster_incremental. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
By default, the data_offset member of the AVFormatInternal of the AVFormatContext associated with the MatroskaDemuxContext has not been initialized explicitly by any Matroska-specific function, so that it was initialized by default to the offset at the end of matroska_read_header, i.e. usually to the offset of the length field of the first encountered cluster. This meant that in case that the Matroska-specific seek-code fails because there are no index entries for the target track a seek to data_offset would be performed and ordinary parsing would start from there which is nonsense: The length field would be treated as EBML ID and (if the length field is not longer than four bytes (EBML numbers that long are rejected as invalid EBML IDs)) whatever comes next would be treated as its EBML size although it simply isn't. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-