- 03 Dec, 2019 3 commits
-
-
Guo, Yejun authored
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Linjie Fu authored
Introduced since 07793962. Signed-off-by: Linjie Fu <linjie.fu@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
The unsharp filter uses an array of arrays of uint32_t, each of which is separately allocated. These arrays also need to freed separately; but before doing so, one needs to check whether the array of arrays has actually been allocated, otherwise one would dereference a NULL pointer. This fixes #8408. Furthermore, the array of arrays needs to be zero-initialized so that no uninitialized pointer will be freed in case an allocation of one of the individual arrays fails. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 02 Dec, 2019 3 commits
-
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
This fixes marking keyframes in svc samples. Signed-off-by: James Almer <jamrial@gmail.com>
-
Zhao Zhili authored
-
- 01 Dec, 2019 23 commits
-
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
This reverts commit 8174e5c7. It's no longer needed after the previous commit. Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Defined in Section 7.8 This finishes implementing support for frames using frame_refs_short_signaling. Signed-off-by: James Almer <jamrial@gmail.com>
-
Michael Niedermayer authored
Fixes: Timeout (80sec -> 33sec) Fixes: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This optimizes the code slightly (116 -> 80sec) Testcase: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
buf_size is not updated as buf is advanced so it is wrong after the first iteration Fixes: Timeout (160sec -> 27sec) Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This will be used in the next commit Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
The 0 case was added with the support for multiple packets. It appears unintended and causes extra complexity and out of array accesses (though within padding) No testcase Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This combination would assume different block sizes throughout the code so its better to error out. Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int' Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 18643/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5672182449700864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Assertion failure Fixes: 18630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5201588654440448 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 50176 * 262144 cannot be represented in type 'int' Fixes: 18629/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5182370286403584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 4 * 538976288 cannot be represented in type 'int' Fixes: 18622/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5092166174507008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
This avoids problems if the function is called twice Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
ff_flac_parse_picture() parses a buffer containing a flac metadata picture block by wrapping it in an AVIOContext and using the AVIOContext API. Consequently, when not enough data could be read AVERROR(EIO) was returned although reading didn't really fail: A block that contains a subfield whose size field indicates that it is so big as to extend beyond the buffer is just invalid. This commit changes this by using the bytestream2 API instead; furthermore, the checks for whether there is enough data left are performed before allocating a buffer for said data. Finally, if the length of the picture description is bigger than INT_MAX, it will now raise an error. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
During parsing a flac picture metadata block, the mimetype is read as follows: Its 32b size field is read and checked for being in the range 1..63; afterwards, the actual mimetype-string is read into a buffer of size 64, where the length to read is the minimum of the length field and the size of the destination buffer -1. Then an assert guards that length is indeed < the size of the destination buffer before the string in the buffer is zero-terminated. The FFMIN as well as the assert are actually redundant, as it has been checked that the string (even after terminating) fits into the buffer. In order to make this clear, reword the check "len >= 64" to "len >= sizeof(mimetype)" and drop the FFMIN as well as the assert. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Steven Liu authored
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
-
Steven Liu authored
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
-
Steven Liu authored
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
-
Steven Liu authored
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Reviewed-by: Jun Zhao <barryjzhao@tencent.com> Reviewed-by: Jeyapal, Karthick <kjeyapal@akamai.com> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
-
- 30 Nov, 2019 4 commits
-
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
Andriy Gelman authored
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
Andreas Rheinhardt authored
This happens if allocating extradata fails and s->remove is unset. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Skip the avcC specific size bytes and the NAL header bits. Signed-off-by: James Almer <jamrial@gmail.com>
-
- 29 Nov, 2019 7 commits
-
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
This is required to demux annexb samples when a decoder isn't available. Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
This uses a raw h264 bitstream as source, in order to test the avcC generation code. Signed-off-by: James Almer <jamrial@gmail.com>
-
James Almer authored
Signed-off-by: James Almer <jamrial@gmail.com>
-
Zhao Zhili authored
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Paul B Mahol authored
-