- 25 Jun, 2019 19 commits
-
-
Xuewei Meng authored
-
Michael Niedermayer authored
Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080 Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664 Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Assertion failure Fixes: crbug971646.mp4 Reported-by:
Matt Wolenetz <wolenetz@google.com> Reviewed-by:
-
Michael Niedermayer authored
Fixes: memleak Fixes: 15171/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5683881644130304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: Integer overflow Fixes: 15134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5722635939348480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 15166/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5731062396747776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: division by zero Fixes: 15210/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5746033243455488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -1539565182 + -798086761 cannot be represented in type 'int' Fixes: 14807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-564925382682214 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -1727985666 - 538976288 cannot be represented in type 'int' Fixes: 15031/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5100228035739648 Signed-off-by: -
Michael Niedermayer authored
Fixes: Timeout (33sec -> 78ms) Fixes: 14668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5767073352908800 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Alfred E. Heggestad authored
-
Zhong Li authored
low_power mode will use a fixed HW engine (SFC), thus can offload EU usage. high quality mode will take EU usage (AVS sampler). Performance and EU usage (Render usage) comparsion on Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz: High quality mode : ffmpeg -hwaccel qsv -c:v h264_qsv -i bbb_sunflower_1080p_30fps_normal_2000frames.h264 \ -vf scale_qsv=w=1280:h=736:mode=hq -f null - fps=389 RENDER usage: 28.10 (provided by MSDK metrics_monitor) Low Power mode: ffmpeg -hwaccel qsv -c:v h264_qsv -i ~/bbb_sunflower_1080p_30fps_normal_2000frames.h264 \ -vf scale_qsv=w=1280:h=736:mode=low_power -f null - fps=343 RENDER usage: 0.00 Low power mode (SFC) may be disabled if not supported by MSDK/Driver/HW, and replaced by AVS mode interanlly. Signed-off-by:Zhong Li <zhong.li@intel.com>
-
Andreas Rheinhardt authored
The mov flavour of timed text uses the first two bytes of the packet as a length field. And up until 11bef2fe said length field has been read correctly in the mov2textsub bsf. But since then the next two bytes are read as if they were the length field. This is fixed in this commit. Reviewed-by:
Philip Langdale <philipl@overt.org> Signed-off-by:
Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by:
James Almer <jamrial@gmail.com>
-
Jun Zhao authored
add automatic bitstream filtering when mux AAC Reported-by: Yabo Wei weiyabogeijing@gmail.com Reviewed-by: Steven Liu<lq@onvideo.cn> Signed-off-by:Jun Zhao <barryjzhao@tencent.com>
-
Andreas Rheinhardt authored
Up until now, when an element was skipped, it was relied upon ffio_limit to make sure that there is enough data available to skip. ffio_limit itself relies upon the availability of the file's size. As this needn't be available, the check has been refined: First one byte less than intended is skipped, then another byte is read, followed by a check of the error flags. Signed-off-by: -
Andreas Rheinhardt authored
This commit fixes a number of bugs: 1. There was no check that no read error/EOF occured during ebml_read_uint, ebml_read_sint and ebml_read_float. 2. ebml_read_ascii and ebml_read_binary did sometimes not forward error codes; instead they simply returned AVERROR(EIO). 3. In particular, AVERROR_EOF hasn't been used and no dedicated error message for it existed. This has been changed. In order to reduce code duplication, the new error code NEEDS_CHECKING has been introduced which makes ebml_parse check the AVIOContext's status for errors. Signed-off-by: -
Andreas Rheinhardt authored
ebml_read_num had a number of flaws: 1. The check for read errors/EOF was totally wrong. E.g. an EBML number beginning with the invalid 0x00 would be considered a read error, although it is just invalid data. 2. The check for read errors/EOF was done just once, after reading the first byte of the EBML number. But errors/EOF can happen inbetween, of course, and this wasn't checked. 3. There was no way to distinguish when EOF should be an error (because the data has to be there) for which an error message should be emitted and when it is not necessarily an error (namely during parsing of EBML IDs). Such a possibility has been added and used. All this was fixed; furthermore, the error messages for invalid EBML numbers were improved and useless initializations were removed. Signed-off-by: -
Andreas Rheinhardt authored
Up until now, webm_dash_manifest_cues used the return values of ebml_read_num and ebml_read_length without checking for errors, i.e. return values < 0. This has been changed. Signed-off-by:
-
- 24 Jun, 2019 3 commits
-
-
Andreas Rheinhardt authored
It is only necessary to zero the initial allocated memory used to store the size of laced frames if the block used Xiph lacing. Otherwise no unintialized data was ever used, so use av_malloc instead of av_mallocz. Also use the correct type for the allocations. Signed-off-by: -
Alexander Strasser authored
Get rid of pr dependency and write the columns strictly alphabetical without page size considerations (POSIX specifies 66 lines as default). Setting the page size via pr's -l option was considered, but as there is issue #5680 which wants to avoid pr mainly because it's not in busybox, we chose to replace pr instead. Before pr would attempt to write pages, thus if a page boundary was reached, the output looked confusing as one couldn't see there was a new page and the alphabetical order was disrupted when scanning down one of the columns. This change is based on a shell implementation submitted before by Yejun. Possible differences to the current version using pr: 1. pr implementations should truncate items to not overflow columns; depending on how it's done not truncating shall be better IMHO. 2. pr implementations might balance columns differently; we use minimum number of lines and might end up not using all columns or might have lesser entries in the last column(s) 3. we use spaces only for padding the columns; at least the GNU pr version on my system also by default stuffs in tabs in addition to a single space in between columns. I don't see that this behaviour is demanded by POSIX, though I might be very well overlooking things. Anyway for our use case I can't see a need for having the additional tabs, or why it would be better compared to padding with spaces only. Fixes output for sizes with width < column width, too. Fixes remaining part of ticket #5680 Contributor: Guo, Yejun <yejun.guo@intel.com>
-
Bela Bodecs authored
When multiple variant streams are specified by var_stream_map option, %v is expected either in the filename or in the last sub-directory name, but only in one of them. When both of them contains %v string, current error message only states half of the truth. And even %v may appears several times inside the last sub-directory name or in filename pattern. This patch clarifies this in the log message and in the doc also. Signed-off-by:Bela Bodecs <bodecsb@vivanet.hu>
-
- 23 Jun, 2019 11 commits
-
-
Andreas Rheinhardt authored
Up until now, the SimpleBlock was treated specially: It basically had its own EBML category and it was also included in the BlockGroup EBML syntax (although a SimpleBlock must not exist in a BlockGroup according to the Matroska specifications). The latter fact also meant that a MatroskaBlock's buffer was always unreferenced twice. This has been changed: The type of a SimpleBlock is now an EBML_BIN. The only way in which SimpleBlocks are still different is that they share their associated structure with another unit (namely BlockGroup). This is also used to unref the block: It is always unreferenced via the BlockGroup syntax. Signed-off-by: -
Carl Eugen Hoyos authored
Fixes compilation with --enable-hardcoded-tables. Fixes ticket #7962.
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 15381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5668057826983936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by:
Peter Ross <pross@xvid.org> Signed-off-by:
-
Michael Niedermayer authored
Fixes: 15372/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5708881759567872 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by:
-
Andreas Rheinhardt authored
Before this commit, the Matroska muxer would read a block when required to do so, parse the block, create and return the necessary AVPackets and yet keep the blocks (in a dynamically allocated list), although they aren't used at all any more. This has been changed. There is no list any more and the block is immediately discarded after parsing. Signed-off-by: -
Andreas Rheinhardt authored
Every new element of an EbmlList is zeroed initially in ebml_parse_elem, so that in particular a SimpleBlock's duration is initialized to zero. Therefore it is unnecessary to initialize this field again (for SimpleBlocks) in matroska_parse_cluster_incremental. Signed-off-by: -
Andreas Rheinhardt authored
By default, the data_offset member of the AVFormatInternal of the AVFormatContext associated with the MatroskaDemuxContext has not been initialized explicitly by any Matroska-specific function, so that it was initialized by default to the offset at the end of matroska_read_header, i.e. usually to the offset of the length field of the first encountered cluster. This meant that in case that the Matroska-specific seek-code fails because there are no index entries for the target track a seek to data_offset would be performed and ordinary parsing would start from there which is nonsense: The length field would be treated as EBML ID and (if the length field is not longer than four bytes (EBML numbers that long are rejected as invalid EBML IDs)) whatever comes next would be treated as its EBML size although it simply isn't. Signed-off-by: -
Andreas Rheinhardt authored
The earlier code relied on the length of clusters always being coded on eight bytes as was the behaviour of libavformat's Matroska muxer until recently. But given that our own Matroska muxer now (and mkvmerge from time immemorial) creates files that don't conform to this assumption, it is high time to get rid of this assumption. Signed-off-by: -
Andreas Rheinhardt authored
When the new incremental parser was introduced, the old parser was kept, because the new parser was unable to handle the way SSA packets are put into Matroska. But since 2014 (since c7d8dbad) this is no longer needed, so that the old parser can be completely removed. Signed-off-by:
-
Andreas Rheinhardt authored
and drop the redundant checks contained in ebml_read_uint and ebml_read_sint. Signed-off-by: -
Andreas Rheinhardt authored
This commit replaces copying attached pictures by using references to the already existing buffers. Signed-off-by:
-
- 22 Jun, 2019 1 commit
-
-
Bela Bodecs authored
When multiple variant streams are specified by var_stream_map option, implementation assumes that each elementary stream is assigned only once to any variant. But this is not checked. This patch makes this checking. Signed-off-by:
-
- 21 Jun, 2019 6 commits
-
-
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 15118/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5740230004441088 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 44444442 * 100 cannot be represented in type 'int' Fixes: 15117/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5164660531134464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: 15116/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5715173567889408 Fixes: memleak Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 15123/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5738039235575808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
Fixes: memleak Fixes: 15122/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5685964636160000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
