- 15 Jun, 2020 1 commit
-
-
Andreas Rheinhardt authored
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit is so big that it extends beyond the end of the input packet; it does so only implicitly by using the checked version of the bytestream2 API. But this has downsides compared to real checks: It can lead to huge allocations (up to 2GiB) even when the input packet is just a few bytes. And furthermore it leads to uninitialized data being output. So add a check to error out early if it happens. Also check directly whether there is enough data for the length field. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> (cherry picked from commit ea1b71e82f5a1752d59d3bfb9704092a79eba6b5)
-
- 14 Jun, 2020 30 commits
-
-
Michael Niedermayer authored
Name suggested by Kieran O Leary and Reto Kromer Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: memleak Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744 Suggested-by: Marton Balint <cus@passwd.hu> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0aa2768cb275bda9e9e1331ed95adc7cd686eafe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: assertion failure Fixes: 23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c517c3f4741b6897ea952d1fba199c93c5217cfe) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Alternatively these conditions could be treated as errors Fixes: 23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896 Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'int64_t' (aka 'long') Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 584d334afd59714ed04637a9227a4f1368c26166) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (longer than my patience vs 1sec) Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75e2ac4f0752649a0b9486e6825ef68341ee974d) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type 'int' Fixes: 22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e361785ee05cc75d3caacf2f254160b0336f5358) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: shift exponent 35 is too large for 32-bit type 'int' Fixes: 22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c579ceffbe30d048c7448c5e9238fc52094de630) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in type 'int' Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit c0dfe134beefde4070d43910518b1f4a58f01794) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented in type 'int' Fixes: 20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75d520e33704447f1b29ac47fd9e40994a6bc659) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768 Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Lynne on IRC Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 70277f12328fb052c2c758fa7f4eb36b9ea89638) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit e53235f06c229a23d3241b47e32647019161fb7c) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: passing zero to clz(), which is not a valid argument Fixes: 23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bd0f81526d3f4c23ecd0a399829103be2445c011) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: memleaks Fixes: 23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9b5fc789fb52af8769ec66e634ea362a67cb5d06) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 51225dee0a6266780d26d43bd6802bbcf736327e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Assertion failure Fixes: 22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5958388889681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 314d10f7a60f1786c85da30a569be61e2b906fef) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit aa88cdfd90f5da0683cd6556c75a5ba5740a1c27) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: division by zero Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0e15b01b4e463d12128db2c15de7741637548347) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 9a42a67c5ca198a3879b7f3663cc44ccbcaf0bd3) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (85sec -> 0.5sec) Fixes: 20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360 Fixes: 21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656 Fixes: 21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 49ba60fed04d7011c36bae378445ba93ccf983c2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Found-by: Kieran Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 48de8f5816aa54dc584aeb2dbbf63a0e880279e2) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: integer overflow Fixes: 22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 38fbf33c7255b503453052c32ab5ae4fb151b29e) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of 243 by 24 places cannot be represented in type 'int' Fixes: 22716/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5704263425851392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit d7a2311a2c5be1e861c3df618d295e7eced8e84b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Dale Curtis authored
Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit bf446711bc8b7f316771870b8d4dc4dd65f5d94b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
James Almer authored
If this happens, it's a sign of parsing issues earlier in the process, or misuse by the calling module. Prevents writing invalid bitstreams. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 318a1a383dc0312ad5b4afec0ddf0d8d231f5c79)
-
James Almer authored
If this happens, it's a sign of parsing issues earlier in the process, or misuse by the calling module. Prevents writing invalid bitstreams. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit ef13fafe229a86480305fbb05e83208102ea962f)
-
Marton Balint authored
Max region ID is 87. Also the region affects not only the G0 charset but G2 and the national subset as well. Signed-off-by: Marton Balint <cus@passwd.hu> (cherry picked from commit 16d29c1be80eda9ab5e2fb92b9cd300a88e5d449)
-
David Holroyd authored
Previously, prompeg_write() would only report to caller that bytes we written when a FEC packet was actually created. Not all RTP packets are expected to generate a FEC packet however, so this behavior was causing avio to retry writing the RTP packet, eventually forcing the FEC state machine to send a FEC packet erroneously (and so breaking out of the retry loop). This was resulting in incorrect FEC data being generated, and far too many FEC packets to be sent (~100% FEC overhead). fix #7863 Signed-off-by: David Holroyd <david.holroyd@m2amedia.tv> (cherry picked from commit ffc1208266c2890a1b0e2391e0a536fe9698e69c)
-
Steven Liu authored
fix ticket: 8673 set the default EXTINF duration to 1ms if duration is smaller than 1ms Signed-off-by: Steven Liu <lq@chinaffmpeg.org> (cherry picked from commit 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc)
-
Steven Liu authored
fix ticket: 8688 should goto failed workflow if cannot get usable string by ff_make_absolute_url Signed-off-by: Steven Liu <lq@chinaffmpeg.org> (cherry picked from commit ea1940c6e2ead234f6e563c095bb67d352e3328f)
-
Steven Liu authored
fix ticket: 8687 workflow should return if there have no value of strchr Signed-off-by: Steven Liu <lq@chinaffmpeg.org> (cherry picked from commit 029ff31af6801dd2bca1b543575e17eaaa6b0772)
-
- 11 Jun, 2020 1 commit
-
-
Anton Khirnov authored
It is a constant known at codec init, so set it in ff_frame_thread_init(). Also, only set it for video, since the meaning of this field is not well-defined for audio with frame threading. Fixes availability of delay in callbacks invoked from the per-thread contexts after 1f4cf92c. (cherry picked from commit 6943ab688d0c75dbab3222b5b80457ab72a0615f)
-
- 09 Jun, 2020 1 commit
-
-
James Almer authored
current_picture was not writable here because a reference existed in at least avctx->coded_frame, and potentially elsewhere if the caller created new ones from it. Signed-off-by: James Almer <jamrial@gmail.com> (cherry picked from commit 1ee3c984b91e0241068d1c093d222ecec2e6052c)
-
- 08 Jun, 2020 7 commits
-
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This causes regressions in end to end timestamps with mp3s and ffmpeg. The revert is to avoid this regression in the 4.3 release See: [FFmpeg-devel] [PATCH] Don't adjust start time for MP3 files; packets are not adjusted. This reverts commit 460132c9.
-
Michael Niedermayer authored
This makes got_output consistent with the code in slice_end() which sets the output in slice_end() if (s->pict_type == AV_PICTURE_TYPE_B || s->low_delay) { int ret = av_frame_ref(pict, s->current_picture_ptr->f); ... } else { Fixes: assertion failure Fixes: 22178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG1VIDEO_fuzzer-5664234440753152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This is needed for fuzzing tiff/tdsc and should increase coverage Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-