- 05 Dec, 2019 9 commits
-
-
Andreas Rheinhardt authored
When parsing EBML lacing, for every number read, a new AVIOContext has been initialized (via ffio_init_context()) just for this number. This has been changed: The context is kept now. Signed-off-by:
Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by:
James Almer <jamrial@gmail.com>
-
Andreas Rheinhardt authored
When parsing the sizes of the frames in a lace fails, sometimes no error message was raised (e.g. when using xiph or fixed-size lacing). Only EBML lacing generated error messages (which were wrongly declared as AV_LOG_INFO), but even here not all errors resulted in an error message. So add a generic error message to catch them all. Moreover, if parsing one of the EBML numbers fails, ebml_read_num already emits its own error messages, so that all that is needed is a generic error message to indicate that this happened during parsing the sizes of the frames in a block; in other words, the error messages specific to parsing EBML lace numbers can be and have been removed. Signed-off-by:
-
Andreas Rheinhardt authored
870e7552 introduced validating the lace sizes when they are parsed and removed the old check; yet when merging this libav commit in 6902c3ac, the old check for whether the frame extends beyond the frame has been kept. It is unnecessary and has been removed. Signed-off-by:
-
Andreas Rheinhardt authored
Up until now, when an error happened in one of the inner loops in matroska_parse_laces, a variable designated for the return value has been set to an error value and break has been used to exit the current loop/case. This was done so that the end of matroska_parse_laces is reached, because said function allocated memory which is later used and freed in the calling function and passed at the end of matroska_parse_laces. But given that there is no allocation any more, one can now return immediately. And this commit does this. Signed-off-by:
-
Andreas Rheinhardt authored
The maximal number of frames in a lace can be 256; hence one has a not excessive upper bound on the size of an array that can hold the sizes of all the frames in a lace. Yet up until now, said array has been dynamically allocated. This has been changed. Signed-off-by:
-
Andreas Rheinhardt authored
It avoids the overhead of function calls. Signed-off-by:
-
Andreas Rheinhardt authored
Up until c4e0e314, the seek table has been included in the tta extradata, so that the size of said extradata was 22 (the size of a TTA1 header) + 4 * number of frames. The decoder rejected anything below a size of 30 and so the Matroska demuxer exported 30 byte long extradata, of which only 18 were set (it ignores a CRC-32 and simply leaves it at 0). But this is unnecessary since said commit, so reduce the size to 22. Furthermore, replace 30 by 22 in a comment about the extradata size in libavcodec/tta.c. Signed-off-by:
-
Andreas Rheinhardt authored
That way one doesn't have to free later. In this case (concerning TTA extradata), this also fixes a memleak when the output samplerate is invalid. Signed-off-by:
-
James Almer authored
Signed-off-by:
-
- 04 Dec, 2019 6 commits
-
-
hwren authored
Signed-off-by:
hwren <hwrenx@126.com> Signed-off-by:
Michael Niedermayer <michael@niedermayer.cc>
-
hwren authored
Signed-off-by:
-
hwren authored
Signed-off-by:
-
hwren authored
Signed-off-by:
-
Limin Wang authored
Signed-off-by:
Limin Wang <lance.lmwang@gmail.com> Signed-off-by:
-
Andreas Rheinhardt authored
Signed-off-by:
-
- 03 Dec, 2019 11 commits
-
-
Kusanagi Kouichi authored
Fix a NULL dereference and leaks. Signed-off-by:
Kusanagi Kouichi <slash@ac.auone-net.jp> Signed-off-by:
Marton Balint <cus@passwd.hu>
-
Michael Niedermayer authored
This should improve coverage Signed-off-by: -
Michael Niedermayer authored
This should increase coverage Signed-off-by: -
Marton Balint authored
6144 byte alignment is needed. Signed-off-by: -
Marton Balint authored
Signed-off-by: -
Marton Balint authored
Signed-off-by: -
Marton Balint authored
Signed-off-by: -
Marton Balint authored
This sets the range of the first automatically assigned PMT PID or elementary stream PID parameters to [0x20, 0x1ffa]. You can still assign manually a PID for a stream using AVStream->id in the wider [0x10, 0x1ffe] range as specified by ISO13818-1. But since DVB and ATSC both reserves some PIDs, let's not allow them to be automatically assigned. Also make sure that assigned PID numbers are valid and fix the error message for the previous PID collision checks. Signed-off-by: -
Guo, Yejun authored
Signed-off-by:
Guo, Yejun <yejun.guo@intel.com> Signed-off-by:
-
Linjie Fu authored
Introduced since 07793962. Signed-off-by:
Linjie Fu <linjie.fu@intel.com> Signed-off-by:
-
Andreas Rheinhardt authored
The unsharp filter uses an array of arrays of uint32_t, each of which is separately allocated. These arrays also need to freed separately; but before doing so, one needs to check whether the array of arrays has actually been allocated, otherwise one would dereference a NULL pointer. This fixes #8408. Furthermore, the array of arrays needs to be zero-initialized so that no uninitialized pointer will be freed in case an allocation of one of the individual arrays fails. Signed-off-by:
Paul B Mahol <onemda@gmail.com> Signed-off-by:
-
- 02 Dec, 2019 3 commits
-
-
James Almer authored
Signed-off-by: -
James Almer authored
This fixes marking keyframes in svc samples. Signed-off-by: -
Zhao Zhili authored
-
- 01 Dec, 2019 11 commits
-
-
James Almer authored
Signed-off-by: -
James Almer authored
Signed-off-by: -
James Almer authored
This reverts commit 8174e5c7. It's no longer needed after the previous commit. Signed-off-by:
-
James Almer authored
Defined in Section 7.8 This finishes implementing support for frames using frame_refs_short_signaling. Signed-off-by: -
Michael Niedermayer authored
Fixes: Timeout (80sec -> 33sec) Fixes: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
This optimizes the code slightly (116 -> 80sec) Testcase: 18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248 Signed-off-by: -
Michael Niedermayer authored
Signed-off-by: -
Michael Niedermayer authored
buf_size is not updated as buf is advanced so it is wrong after the first iteration Fixes: Timeout (160sec -> 27sec) Fixes: 18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by:
-
Michael Niedermayer authored
This will be used in the next commit Signed-off-by: -
Michael Niedermayer authored
The 0 case was added with the support for multiple packets. It appears unintended and causes extra complexity and out of array accesses (though within padding) No testcase Signed-off-by: -
Michael Niedermayer authored
This combination would assume different block sizes throughout the code so its better to error out. Fixes: signed integer overflow: -1082385168 * 2 cannot be represented in type 'int' Fixes: 19110/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ACELP_KELVIN_fuzzer-5643993950191616 Signed-off-by:
-
