- 16 Dec, 2019 1 commit
-
-
Andriy Gelman authored
payload_count is used to track the number of SEI payloads. It is also used to free the SEIs in cbs_h264_free_sei()/cbs_h265_free_sei(). Currently, payload_count is set after for loop is completed. Hence if there is an error and the function exits, the payload remains zero causing a memleak. This commit keeps track of payload_count inside the for loop to fix the issue. Note that that the contents of current are initialized with av_mallocz() so there is no need to zero initialize payload_count. Found-by: libFuzzer Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
-
- 15 Dec, 2019 17 commits
-
-
Andreas Rheinhardt authored
There can be at most 31 SPS and 255 PPS in the mp4/Matroska extradata. Given that each has a size of at most 2^16-1, the length of the output derived from these parameter sets can never overflow an ordinary 32 bit integer. So use a simple uint32_t instead of uint64_t and replace the unnecessary check with an av_assert1. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: -2147483648 - 13 cannot be represented in type 'int' Fixes: 18893/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_APC_fuzzer-5630760442920960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (37sec -> 52ms) Fixes: 18892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TARGA_fuzzer-5739537854889984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (400sec -> 14sec) Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: shift exponent -4 is negative Fixes: 17793/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5766088435957760 Fixes: 18989/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5175008116867072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Infinite loop Fixes: 18914/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5731902946541568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2038337026 + 109343477 cannot be represented in type 'int' Fixes: 18886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5673660505653248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1677721600 * 32 cannot be represented in type 'int' Fixes: 18885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5741242185154560 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAPRO_fuzzer-5755223125786624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of negative value -1 Fixes: 18859/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_XA_fuzzer-5748474213040128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: memleaks Fixes: 18855/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5687647317524480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: shift exponent -1 is negative (and others) Fixes: 18852/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5660855295541248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: left shift of 1 by 31 places cannot be represented in type 'int' Fixes: 18817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-5713317180211200 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (107sec - 75ms> Fixes: 18812/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6295585225441280 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Timeout (unknown -> 15sec) Fixes: 18808/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5677586072207360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: Ticket8430 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 19309/clusterfuzz-testcase-minimized-ffmpeg_BSF_MP3_HEADER_DECOMPRESS_fuzzer-5651002950942720 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
- 14 Dec, 2019 6 commits
-
-
Marton Balint authored
Fixes crashes in command lines such as: ffmpeg -f lavfi -i testsrc2=704x576:r=50,interlace,pad=720:576:8 -f null none Related to ticket #6491. Signed-off-by: Marton Balint <cus@passwd.hu>
-
Marton Balint authored
The filter used to work this way before it was merged into tinterlace. Signed-off-by: Marton Balint <cus@passwd.hu>
-
Marton Balint authored
The old interlace filter worked this way before it was merged with tinterlace. Signed-off-by: Marton Balint <cus@passwd.hu>
-
Marton Balint authored
The documentation still mentions numerical constants in addition to textual ones. It is also wrong to use distinct modes as flags and it disallows us to actually use the flags field for real flags in the future. Signed-off-by: Marton Balint <cus@passwd.hu>
-
Carl Eugen Hoyos authored
-
Carl Eugen Hoyos authored
Regression since cdb5479c Reported by irc user tTh from Mixart-Myrys
-
- 13 Dec, 2019 7 commits
-
-
Paul B Mahol authored
-
Michael Niedermayer authored
"It is a requirement of bitstream conformance that num_y_points is less than or equal to 14." Fixes: index 24 out of bounds for type 'uint8_t [24]' Fixes: 19282/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5747424845103104 Note, also needs a23dd336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: jamrial Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Guo, Yejun authored
convert_from_tensorflow.py: add support when kernel size is 1*1 with one input/output channel (gray image) Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
-
Guo, Yejun authored
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
-
James Almer authored
The IVF muxer autoinserts the av1_metadata filter unconditionally, which is not desirable for these tests. Signed-off-by: James Almer <jamrial@gmail.com>
-
Paul B Mahol authored
-
Martin Storsjö authored
These functions aren't available when building for the restricted UWP/WinRT/WinStore API subsets. Normally when building in this mode, one is probably only building the libraries, but being able to build ffmpeg.exe still is useful (and a ffmpeg.exe targeting these API subsets still can be run e.g. in wine, for testing). Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 12 Dec, 2019 9 commits
-
-
Martin Storsjö authored
As the values generated by av_bmg_get can be arbitrarily large (only the stddev is specified), we can't use a fixed tolerance. Calculate a dynamic tolerance (like in float_dsp from 38f966b2), based on the individual steps of the calculation. This fixes running this test with certain seeds, when built with clang for mingw/x86_32. Signed-off-by: Martin Storsjö <martin@martin.st>
-
Michael Niedermayer authored
Fixes CID 1456556 / 1456555 Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 19129/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_V210_fuzzer-5068171023482880 Maybe fixes: 19130/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_V210_fuzzer-5637264407527424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Limin Wang <lance.lmwang@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Linjie Fu authored
Introduced since 4b4a02b8. Signed-off-by: Linjie Fu <linjie.fu@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Linjie Fu authored
Signed-off-by: Linjie Fu <linjie.fu@intel.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
These functions already free it themselves before they allocate the new extradata. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
It is not uncommon to find code where the caller thinks to know better what the return value should be than the callee. E.g. something like "if (av_new_packet(pkt, size) < 0) return AVERROR(ENOMEM);". This commit changes several instances of this to instead forward the actual error. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-
Andreas Rheinhardt authored
The extradata will be freed automatically when the corresponding stream gets freed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-