- 22 May, 2020 2 commits
-
-
Andreas Rheinhardt authored
by using a const void * pointer as an intermediate. Signed-off-by:Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
av_stream_get_side_data() tells the caller whether a stream has side data of a specific type; if present it can also tell the caller the size of the side data via an optional argument. The Matroska muxer always used this optional argument, although it doesn't really need the size, as the relevant side-data are not buffers, but structures. So change this. Furthermore, relying on the size also made the code susceptible to a quirk of av_stream_get_side_data(): It only sets the size argument if it found side data of the desired type. mkv_write_video_color() checks for side-data twice with the same variable for the size without resetting the size in between; if the second type of side-data isn't present, the size will still be what it was after the first call. This was not dangerous in practice, as the check for the existence of the second side-data compared the size with the expected size, so it would only be problematic if lots of elements were to be added to AVContentLightMetadata. Reviewed-by:
James Almer <jamrial@gmail.com> Signed-off-by:
-
- 21 May, 2020 18 commits
-
-
Joey Smith authored
Some real-world sites use an authorization header with a bearer token; when combined with lengthy request parameters to identify the video segment, it's rather trivial these days to have a request body of more than 4k bytes. MAX_URL_SIZE is hard-coded to 4k bytes in libavformat/internal.h, and HTTP_HEADERS_SIZE is 4k as well in libavformat/http.h, so this patch increases the buffer size to 8k, as that is the default request body limit in Apache, and most other httpds seem to support at least as much, if not more. Signed-off-by:Marton Balint <cus@passwd.hu>
-
James Almer authored
Both are codec properties and not encoder capabilities. The relevant AVCodecDescriptor.props flags exist for this purpose. Signed-off-by: -
James Almer authored
They are codec properties, not encoder capabilities. Signed-off-by: -
James Almer authored
Signed-off-by: -
James Almer authored
It's been a wrapper for a simple av_bsf_free() call since c96904f5. Signed-off-by:
-
Michael Niedermayer authored
TIFF 6 spec: "Do not use both strip-oriented and tile-oriented fields in the same TIFF file." Fixes: null pointer use, crash Fixes: crash-762680f9d1b27f9b9085e12887ad44893fb2b020 Found-by:
Shiziru <lunasl@protonmail.com> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 65535 * 55335 cannot be represented in type 'int' Fixes: 21955/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGMYUV_fuzzer-5669206981083136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: assertion failure Fixes: 21666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5706468994318336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: division by zero Fixes: 21677/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_MSBF_fuzzer-5712547983654912 Fixes: 21751/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSD_LSBF_fuzzer-5197097180856320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -1238335488 + -1003634688 cannot be represented in type 'int' Fixes: 21649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5112005765890048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -717241856 + -1434459904 cannot be represented in type 'int' Fixes: 21405/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5677143666458624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Timeout Fixes: 21104/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5129580475318272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -9223372036854775808 - 45000 cannot be represented in type 'long' Fixes: ticket8187 Found-by: Suhwan Signed-off-by: -
Michael Niedermayer authored
Fixes: signed integer overflow: 30000299 * 256 cannot be represented in type 'int' Fixes: ticket8184 Found-by: Suhwan Signed-off-by: -
Michael Niedermayer authored
This should improve coverage Signed-off-by: -
Michael Niedermayer authored
Fixes: out of array access Fixes: stack-buffer-overflow-READ-0x0831fff1 Found-by:
GalyCannon <galycannon@gmail.com> Signed-off-by:
-
Michael Niedermayer authored
The limit is based on hevcdec.c Fixes: 20854/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-5160442882424832 Fixes: out of array access Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Andreas Rheinhardt authored
The TTA muxer writes a seektable in a dynamic buffer as it receives packets and when writing the trailer, closes the dynamic buffer using avio_close_dyn_buf(), writes the seektable and frees the buffer. But the TTA muxer already has a deinit function which unconditionally calls ffio_free_dyn_buf() on the dynamic buffer, so switching to avio_get_dyn_buf() means that one can remove the code to free the buffer; furthermore, it also might save an allocation if the seektable is so small that it fits into the dynamic buffer's write buffer or if adding the padding that avio_close_dyn_buf() adds necessitated reallocating of the underlying buffer. Reviewed-by:
-
- 20 May, 2020 8 commits
-
-
Andreas Rheinhardt authored
ff_id3v2_free_extra_meta() takes a ID3V2ExtraMeta ** so that it can already reset the pointer. Reviewed-by:
Jun Zhao <mypopy@gmail.com> Signed-off-by:
-
Andreas Rheinhardt authored
A buffer whose size is not a multiple of four has been initialized using consecutive writes of 32bits. This results in a stack-buffer-overflow reported by ASAN in the checkasm-sw_scale FATE-test. Reviewed-by:
-
Mark Thompson authored
If the RPS we are predicting from has maximum size then at least one of the pictures in it must be discarded before adding the current one. Also revert 588114ce, which added now-redundant checks for the special case of a too-large RPS with all pictures being in the same direction from the current one.
-
Martin Storsjö authored
Sticking a full frame in the extradata works, as the code for writing the avcC/hvcC extracts the relevant parameter set NAL units - provided that they actually exist in the frame. Some encoders don't provide split out extradata directly on init (or at all). In particular, the MediaFoundation encoder wrapper doesn't always (depending on the actual encoder device) - this is the case for Qualcomm's HEVC encoder on SD835, and also on some QSV H264 encoders). This only works for cases where the moov hasn't already been written (e.g. when not writing fragmented mp4 with empty_moov, unless using the delay_moov option). Signed-off-by:Martin Storsjö <martin@martin.st>
-
Dale Curtis authored
2d8d554f added a new error condition to mov_read_stsz() but forgot to free a temporary buffer when it occurs. Signed-off-by:
Dale Curtis <dalecurtis@chromium.org> Signed-off-by:
-
Zane van Iperen authored
single: Single-track track{0,1}: Dual-track trunc-t1: Truncated track 1 trunc-t2-track{0,1}: Fully-truncated track 2 trunc-t2a-track{0,1}: Partially-truncated track 2 trunc-h2: Truncated track 2 header Signed-off-by:Zane van Iperen <zane@zanevaniperen.com> Signed-off-by:
-
Mark Reid authored
changes since v1 - default behavior, no longer hidden behind decoder parameter - updated tests to reflect change Reviewed-by:
Paul B Mahol <onemda@gmail.com> Signed-off-by:
-
Paul B Mahol authored
Properly unwrap phase.
-
- 19 May, 2020 12 commits
-
-
James Almer authored
Reviewed-by:
Derek Buitenhuis <derek.buitenhuis@gmail.com> Signed-off-by:
-
wm4 authored
This contains encoder wrappers for H264, HEVC, AAC, AC3 and MP3. This is based on top of an original patch by wm4 <nfxjfg@googlemail.com>. The original patch supported both encoding and decoding, but this patch only includes encoding. The patch contains further changes by Paweł Wegner <pawel.wegner95@gmail.com> (primarily for splitting out the encoding parts of the original patch) and further cleanup, build compatibility fixes and tweaks for use with Qualcomm encoders by Martin Storsjö. Signed-off-by: -
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
Also fixes colorhold filtering.
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Steven Liu authored
because it need be check for success, is should not change the old way if it failure. fix ticket: 8674 Signed-off-by:Steven Liu <liuqi05@kuaishou.com>
-
Andreas Rheinhardt authored
The Matroska muxer has always mapped the title tag to the FileDescription element for attachments streams since support for writing attachments was added in commit c7a63a52. This commit merely documents this fact. Signed-off-by:
-
Andreas Rheinhardt authored
Each AttachedFile in Matroska can have a FileDescription element that contains a human-friendly name for the attached file; yet this element has been ignored up until now. This commit changes this and exports it as title tag instead (the Matroska muxer mapped the title tag to the AttachedFile element since support for Attachments was added). Signed-off-by: -
Andreas Rheinhardt authored
The Matroska muxer writes the Chapters early when chapters were already available when writing the header; in this case any tags pertaining to these chapters get written, too. Yet if no chapters had been supplied before writing the header, Chapters can also be written when writing the trailer if any are supplied. Tags belonging to these chapters were up until now completely ignored. This commit changes this: Writing the tags belonging to chapters has been moved to mkv_write_chapters(). If mkv_write_tags() has not been called yet (i.e. when chapters are written when writing the header), the AVIOContext for writing the ordinary Tags element is used, but not output, as this is left to mkv_write_tags() in order to only write one Tags element. Yet if mkv_write_tags() has already been called, mkv_write_chapters() will output a Tags element of its own which only contains the tags for chapters. When chapters are available initially, the corresponding tags will now be the first tags in the Tags element; but the ordering of tags in Tags is irrelevant anyway. This commit also makes chapter_id_offset local to mkv_write_chapters() as it is used only there and not reused at all. Potentially writing a second Tags element means that the maximum number of SeekHead entries had to be incremented. All the changes to FATE result from the ensuing increase in the amount of space reserved for the SeekHead (21 bytes more). Signed-off-by: -
Andreas Rheinhardt authored
This is needed so that it can access mkv_write_tag() and mkv_check_tag() without using forward declarations (which are unnecessary here). Signed-off-by:
-
