- 12 Feb, 2020 6 commits
-
-
Andreas Rheinhardt authored
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -463 Fixes: 20542/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5688714435231744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Compared to ad-hoc if(printed) ... code this allows the user to disable it by adjusting the log level Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 11 Feb, 2020 7 commits
-
-
Dale Curtis authored
When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of e2_pts - e1_pts will overflow an int64_t. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Wonkap Jang authored
In order for rate control to correctly allocate bitrate to each temporal layer, correct temporal layer id has to be set to each frame. This commit provides the ability to set correct temporal layer id for each frame. Signed-off-by: James Zern <jzern@google.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Martin Storsjö authored
Previously, it was always left in the automatic mode, if the option was set to the only special (negative) value. Now there's two separate special values for this option, -1 for automatic (metadata based) and -2 for explicitly disabled. Signed-off-by: Martin Storsjö <martin@martin.st>
-
Martin Storsjö authored
It was disabled by default in 2dbd35b0 as it added delay, but now we compensate for the delay properly by offsetting timestamps. Signed-off-by: Martin Storsjö <martin@martin.st>
-
Martin Storsjö authored
The delay is normally zero when the level limiter is disabled, but if enabled, there's a small delay. Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 10 Feb, 2020 9 commits
-
-
Andreas Rheinhardt authored
The AVPacket destined for a demuxer's output has already been initialized before it reaches the demuxer. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
-
Andreas Rheinhardt authored
Even in this scenario, the frame still contains references to data that won't be freed if the frame isn't unreferenced. And the AVFrame itself will leak, too. Fixes Coverity issue #1441422. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Since bae8844e the packet will always be unreferenced when a demuxer returns an error, so that a lot of calls to av_packet_unref() in lots of demuxers are now redundant and can be removed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Ting Fu authored
Tested using this command: /ffmpeg -pix_fmt yuv420p -s 1920*1080 -i ArashRawYuv420.yuv \ -vcodec rawvideo -s 1920*1080 -pix_fmt rgb24 -f null /dev/null The fps increase from 389 to 640 on Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz Signed-off-by: Ting Fu <ting.fu@intel.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
- 09 Feb, 2020 18 commits
-
-
Andreas Rheinhardt authored
This is possible because the size of a scan header is always a multiple of a byte. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
They are spec-incompliant. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -2147479324 + -32568 cannot be represented in type 'int' Fixes: 20103/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GREMLIN_DPCM_fuzzer-5667667579240448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -53716100 * 256 cannot be represented in type 'int' Fixes: 20143/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5716604000403456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 20059/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5691776237305856 No testcase except the fuzzed one. Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: timeout (252sec -> 170msec) Fixes: 20023/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5681192565473280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Gautam Ramakrishnan authored
Bug #8255 points out a double free error in libwscale/utils.c file. The double free is because the pointer to cascaded_context of an sw_context is not set to NULL after freeing it. When the sw_context is later freed, sws_freeContext is called on the cascaded_context, causing a double free. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (270sec -> 25ms) Fixes: 20485/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5636954207289344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: division by zero Fixes: 20436/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5763229752229888 Fixes: 20503/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4841641154445312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 20495/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5711179129552896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 20494/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVDV_fuzzer-5681452423577600 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
ff_cbs_insert_unit_data() has two modes of operation: It can insert a unit with a newly created reference to an already existing AVBuffer; or it can take a buffer and create an AVBuffer for it. Said buffer will then become owned by the unit lateron. A potential memleak/double-free exists in the second case, because if creating the AVBuffer fails, the function immediately returns, but when it fails lateron, the supplied buffer will be freed. The caller has no way to distinguish between these two outcomes. The only such caller (cbs_jpeg_split_fragment() in cbs_jpeg.c) opted for a potential double-free. This commit changes this by explicitly stating that a non-refcounted buffer will be freed on error. The aforementioned caller has been brought in line with this. Fixes CID 1452623. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Mark Thompson authored
-
Mark Thompson authored
Fixes CID 1452400, 1452416, 1452550, 1452590, 1452760.
-
Mark Thompson authored
Fixes CID 1452753.
-