- 01 Oct, 2019 2 commits
-
-
Paul B Mahol authored
-
Paul B Mahol authored
This is shorter and consistent across filters.
-
- 30 Sep, 2019 17 commits
-
-
Michael Niedermayer authored
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 17745/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5734628463214592 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2 * -1306460384 cannot be represented in type 'int' Fixes: 17685/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_fuzzer-5747390337777664 Fixes: 17688/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5739287210885120 Fixes: 17699/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5678394531905536 Fixes: 17738/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-5763415733174272 Fixes: 17746/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINKAUDIO_RDFT_fuzzer-5703008159006720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -24576 Fixes: 17719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APTX_fuzzer-5710508002377728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Paul B Mahol authored
-
Vladimir Panteleev authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Paul B Mahol authored
-
Jun Zhao authored
add new function duration_estimate_name to dump duration estimate method, it's will help to debug some duration issue. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
fix indentation for estimate_timings when dump start_time/duartion. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
in fact, nut demuxer use the PTS for duration estimation. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Add logging context to log, it's will help debuging. Reviewed-by: Paul B Mahol <onemda@gmail.com> Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
change the log level to warning if can't get duration, it's will help to debug some duration issue Signed-off-by: vacingfang <vacingfang@tencent.com> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
- 29 Sep, 2019 6 commits
-
-
Michael Niedermayer authored
Fixes: Timeout (110sec -> 10sec) Fixes: 17705/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5765834135306240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Paul B Mahol authored
Fixes #7991.
-
Paul B Mahol authored
Now they are exactly 10 seconds long. Fixes #5684.
-
Andreas Rheinhardt authored
When performing a comparison of a signed int and an unsigned int, the signed int is first converted to an unsigned int, so that negative values are being treated as big, positive values. This can become a problem in an overread check, namely when an overread already happened. So change the type of the variable containing the amount of bits that need to be left to signed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
The maximum allowed index for an array access is FF_ARRAY_ELEMS - 1; yet the current code allowed FF_ARRAY_ELEMS. This wasn't dangerous in practice, as parameter sets with invalid ids were already filtered out during reading. Found via PVS-Studio (see ticket #8156). Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
James Almer authored
header.data_max and header.data_min are not necessarely set on all decoding scenarios. Fixes a Valgrind reported regression since cfa19377. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
-
- 28 Sep, 2019 15 commits
-
-
Andreas Rheinhardt authored
Up until now, read_frame_internal always initialized the packet it received. But since the recent changes to ff_read_packet, this is no longer needed: If the parsing queue is initially empty upon entering read_frame_internal, the packet will now either contain content upon success or be blank upon failure of ff_read_packet. If the parsing queue is initially not empty, the packet will be overwritten with the oldest one from the parsing queue. Similarly, it is unnecessary to initialize ret in read_frame_internal. In parse_packet, it is easily possible to only initialize the packet used as temporary storage for the output if said packet is used at all; furthermore, this packet doesn't need to be zero-initialized, because av_init_packet will initialize every field except size and data and those fields will be set by av_parser_parse2. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Up until now, parse_packet() used a stack packet in case the stream is flushed. But using such a packet is unnecessary as there is an AVPacket readily available, it just needs to be used. Whether flushing is intended or not will now be signalled by an explicit parameter rather than by whether the packet parameter is NULL. This removes a few checks in parse_packet(), gets rid of the initialization of the stack packet and also reduces usage of sizeof(AVPacket) in libavformat. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Up until now, read_frame_internal in avformat/utils.c uses a spare packet on the stack that serves no real purpose: At no point in this function is there a need for another packet besides the packet destined for output: 1. If the packet doesn't need a parser, but is output as is, the content of the spare packet (that at this point contains a freshly read packet) is simply copied into the output packet (via simple assignment, not av_packet_move_ref, thereby confusing ownership). 2. If the packet needs parsing, the spare packet will be reset after parsing and any packets resulting from the packet read will be put into a packet list; the output packet is not used here at all. 3. If the stream should be discarded, the spare packet will be unreferenced; the output packet is not used here at all either. Therefore the spare packet and the copies can be removed in principle. In practice, one more thing needs to be taken care of: If ff_read_packet failed, the output packet was not affected, now it is. But given that ff_read_packet returns a blank (as if reset via av_packet_unref) packet on failure, there is no problem from this side either. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
When AVFMT_FLAG_GENPTS is set, av_read_frame would put a reference to a packet in the packet list (via av_packet_ref) and then immediately thereafter unreference the original packet. This has been changed to move the reference instead. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Up until now, avformat_find_stream_info had a potential for memleaks: When everything was fine, it read packets and (depending upon whether AVFMT_FLAG_NOBUFFER was set) put them in a packet list or unreferenced them when they were no longer needed. But upon failure, said packets would leak if they were not already on the packet list. This patch fixes this. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Andreas Rheinhardt authored
Since the recent changes to ff_packet_list_put, the source packet will be automatically reset when the reference is moved to the packet list, so that it is unnecessary to reinitialize the packet in the loops in parse_packet and ff_read_packet; initializing once at the beginning is enough. This also fixes a potential, but currently unexisting problem: If the raw packet buffer was initially not empty and probe_codec() failed, then the packet returned would not be initialized. But given that probe_codec() currently can't fail (always returns 0) this was not an acute danger. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
-
Paul B Mahol authored
-
Paul B Mahol authored
This is shorter and consistent across filters.
-
Paul B Mahol authored
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
-
Limin Wang authored
Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Marton Balint <cus@passwd.hu>
-
Michael Niedermayer authored
Fixes: Timeout (30sec -> 25sec) Fixes: 17050/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5719149803732992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
avcodec/ituh263dec: Make the condition for the studio slice start code match between ff_h263_resync() and ff_mpeg4_decode_studio_slice_header() If they mismatch an infinite loop can occur Fixes: Timeout (infinite loop) Fixes: 17043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5695051748868096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -1094995519 * 64 cannot be represented in type 'int' Fixes: 17030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5640695838146560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-