Fixes: signed integer overflow: 65535 * 65312 cannot be represented in type 'int'
Fixes: 16704/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6294115603447808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5c5575c8dc892473ef9d35ca6419e8dabbc5e5ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.
In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.
There are multiple important problems with this approach:
- the fields in AVCodecContext are in general one of
* stream parameters
* codec options
* codec state
However, it's not clear which ones are which. It is consequently
unclear which fields are a demuxer allowed to set or a muxer allowed to
read. This leads to erratic behaviour depending on whether decoding or
encoding is being performed or not (and whether it uses the AVStream
embedded codec context).
- various synchronization issues arising from the fact that the same
context is used by several different APIs (muxers/demuxers,
parsers, bitstream filters and encoders/decoders) simultaneously, with
there being no clear rules for who can modify what and the different
processes being typically delayed with respect to each other.
- avformat_find_stream_info() making it necessary to support opening
and closing a single codec context multiple times, thus
complicating the semantics of freeing various allocated objects in the
codec context.
Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
* commit 'ef1b23ad21e3f12fc4ff2a73a6d4d4cd9d630c4b': (21 commits)
jvdec: set channel layout
iss: set channel layout
ipmovie: set channel layout
iff: set channel layout
idroqdec: set channel layout
gxfdec: set channel layout when applicable
gsmdec: set channel layout
flvdec: set channel layout
dv: set channel layout
dsicin: set channel layout
daud: set channel layout
cdxl: set channel layout
bmv: set channel layout
bink: set channel layout
bfi: set channel layout
bethsoftvid: set channel layout
apc: set channel layout
amr: set channel_layout
ppc: replace pointer casting with AV_COPY32
ppc: fix some unused variable warnings
...
Conflicts:
libavformat/amr.c
libavformat/iff.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
avformat: Drop pointless "format" from container long names
swscale: bury one more piece of inline asm under HAVE_INLINE_ASM.
wv: K&R formatting cosmetics
configure: Add missing descriptions to help output
h264_ps: declare array of colorspace strings on its own line.
fate: amix: specify f32 sample format for comparison
tiny_psnr: support 32-bit float samples
eamad/eatgq/eatqi: call special EA IDCT directly
eamad: remove use of MpegEncContext
mpegvideo: remove unnecessary inclusions of faandct.h
af_asyncts: avoid overflow in out_size with large delta values
af_asyncts: add first_pts option
Conflicts:
configure
libavcodec/eamad.c
libavcodec/h264_ps.c
libavformat/crcenc.c
libavformat/ffmdec.c
libavformat/ffmenc.c
libavformat/framecrcenc.c
libavformat/md5enc.c
libavformat/nutdec.c
libavformat/rawenc.c
libavformat/yuv4mpeg.c
tests/tiny_psnr.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>