- 11 Dec, 2019 2 commits
-
-
Jun Zhao authored
add linger parameter to libsrt, it's setting the number of seconds that the socket waits for unsent data when closing. Reviewed-by: Andriy Gelman <andriy.gelman@gmail.com> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Fei Wang authored
Signed-off-by: Fei Wang <fei.w.wang@intel.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
- 10 Dec, 2019 13 commits
-
-
Michael Niedermayer authored
Fixes: signed integer overflow: -9223372036854775808 - 17 cannot be represented in type 'long' Fixes: 18768/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674385247830016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 18499/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5749038406434816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: memleaks Fixes: 18429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-6210814364614656 Fixes: 18722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5680535690543104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2119056926 - -134217728 cannot be represented in type 'int' Fixes: 18728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5747539563511808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -34 Fixes: 18719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5642658173419520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: index 33280 out of bounds for type 'float [32768]' Fixes: 18718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5635373899710464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1778647621 + 574372924 cannot be represented in type 'int' Fixes: 18692/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-6248679635943424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: NULL pointer dereference Fixes: 18689/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA1_fuzzer-5715114640015360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147483188 + 2048 cannot be represented in type 'int' Fixes: 18741/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUESPEECH_fuzzer-5748950460268544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both key and value are freed on error (and owned by the destination dictionary on success), so that freeing them again on error is a double-free and therefore forbidden. But it nevertheless happened. Fixes CID 1452489 and 1452421. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Gyan Doshi authored
scale.c is too generic; scale_eval is more representative
-
- 08 Dec, 2019 4 commits
-
-
Andreas Rheinhardt authored
contained in Vorbis comments in the CodecPrivate of flac tracks. Moreover, it also tests header removal compression. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
Michael Niedermayer authored
This should improve coverage Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Gyan Doshi authored
Adjustment of evaluated values shifted to ff_adjust_scale_dimensions Shifted code for force_original_aspect_ratio and force_divisble_by from vf_scale so it is now available for scale_cuda, scale_npp and scale_vaapi as well.
-
Andreas Rheinhardt authored
This test contains a track with zlib compressed CodecPrivate in addition to compressed frames; the former was unchecked before. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
- 07 Dec, 2019 7 commits
-
-
Michael Niedermayer authored
avcodec/atrac9dec: Check q_unit_cnt more completely before using it to access at9_tab_band_ext_group Fixes: index 8 out of bounds for type 'const uint8_t [8][3]' Fixes: 19127/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5709394985091072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Lynne <dev@lynne.ee> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
hwrenx authored
Signed-off-by: hwrenx <hwrenx@126.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
Andreas Rheinhardt authored
ProRes in Matroska is supposed to not contain the first atom header (containing a size field and the tag "icpf") and therefore the Matroska demuxer has to recreate it; this involves an allocation and copy, of course. Whether the old buffer (containing the data without the atom header) needs to be freed or not depends upon whether it is what was directly read (in which case it is owned by an AVBuffer) or whether it has been allocated when reversing the track's content compression (e.g. zlib compression) that Matroska supports. So there are three pointers involved: The one pointing to the directly read data (owned by the AVBuffer), the one pointing to the currently valid data (which coincides with the former if no content compression needed to be reverted) and the one pointing to the new data with the first atom header. The check for whether to free the second of these is simply whether the first two are different. This works mostly, but there is a complication: Some muxers don't strip the first atom header away and in this case, it is also not reinserted and no new buffer is allocated; instead, the second and the third pointers agree. In this case, one must never free the second buffer. Yet it is currently done if the track is e.g. zlib compressed. This commit fixes this. This is a regression since b8e75a2a. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
Jun Zhao authored
This happens if ffurl_open_whitelist fails and stream is unset. Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
Jun Zhao authored
Fix the memory leak in error handle path. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
-
- 06 Dec, 2019 10 commits
-
-
Andriy Gelman authored
In the worst case the startcode prefix has 4 bytes. This fixes a trigerred assertion: Assertion dp <= max_size failed at libavcodec/cbs_h2645.c:1451 Found-by:libFuzzer Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Infinite loop Fixes: 19183/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5666216765292544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
leozhang authored
Signed-off-by: leozhang <leozhang@qiyi.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Ting Fu authored
Signed-off-by: Ting Fu <ting.fu@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Limin Wang authored
Signed-off-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Marton Balint authored
This avoids a memcpy improving performance if SHM is not used. Signed-off-by: Marton Balint <cus@passwd.hu>
-
Gyan Doshi authored
Width and height expressions can refer to each other. Width is evaluated twice to allow for reference to output height. So we should not error out upon failure of first evaluation of width.
-
- 05 Dec, 2019 4 commits
-
-
Zhao Zhili authored
No functional changes. ref/unref vs add/sub is symmetrical. Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: James Almer <jamrial@gmail.com>
-
Michael Niedermayer authored
Fixes: fate-fitsdec-bitpix-64 Possibly Fixes: -nan is outside the range of representable values of type 'unsigned short' Possibly Fixes: 17769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_fuzzer-5678314672357376 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
If an error happens in vobsub_read_header() after allocating the AVFormatContext intended to read the sub-file, both the AVFormatContext as well as the data in the subtitles queues leaks. This has been fixed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-