Instead of scanning backwards for the end of RPU payload, parse it and
report if we didn't land at the terminator byte.
Current expectation was that we can have additional zero bytes after RPU
payload, which were skipped to find playload end. That's not always the
case. So loosen this requirement.
This fixes files where there is additional non-zeroed padding after the
end of the RPU in NALU.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Fixes: signed integer overflow: 9223372036854737920 + 1649410 cannot be
represented in type 'int64_t'
Fixes OSS-Fuzz: 410100610
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
The asumption is that DCE will remove references to those functions.
However some compilers with certain instrumentation enabled doesn't DCE
those at all, resulting in linking failure. Tested with cl.exe -RTCu -RTCs.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
The asumption is that DCE will remove references to those functions.
However some compilers with certain instrumentation enabled doesn't DCE
those at all, resulting in linking failure. Tested with cl.exe -RTCu -RTCs.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
The asumption is that DCE will remove references to those functions.
However some compilers with certain instrumentation enabled doesn't DCE
those at all, resulting in linking failure. Tested with cl.exe -RTCu -RTCs.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
When codec->write_sequence_header is not defined, bit_len was undefined,
and while data bufer was zeroed we could just overread it. Do nothing
when we don't have anything to write.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
If a frame size is absolutely massive, this can spin the parser as it
attempts to decode a permuted TOC. We add a sanity check here for eight
times the size of the image for an internal frame to prevent malicious
bitstreams from slowing the parser down to a crawl.
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Kacper Michajłow <kasper93@gmail.com>
socklen_t underlying type can be signed or unsigned depending on
platform. This is fine, just cast it to size_t before comparison.
Fixes: warning: result of comparison of unsigned expression < 0 is
always false [-Wtautological-unsigned-zero-compare]
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Add type removed function wrappers to resolve UB of calling function
through pointer to incorrect function type.
Fixes: FATE-{hmac,srtp}
Fixes: call to function av_md5_init through pointer to incorrect
function type 'void (*)(void *)' and similar for others.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
av_get_token() allocates an output buffer with the same size as the
input. Generally, this is harmless, but when the input string is large
and consists of many small tokens, calling av_get_token() repeatedly to
extract all tokens will significantly amplify memory allocations.
To fix this, after obtaining the return value, simply realloc the buffer
to the actual size needed for output string.
Fixes OOM when parsing filter graph string.
Fixes OSS-Fuzz: 394983446
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
It's RGB, so check instead if it's packed or planar.
Fixes: libavcodec/ffv1dec.c:461:43: runtime error: applying zero offset to null pointer
Signed-off-by: James Almer <jamrial@gmail.com>
It's not a value stored in the hvcC structure.
Fixes use of uninitialized variable errors under sanitizer when the input extradata is
already hvcC formatted, given we don't parse parameter sets for those.
Signed-off-by: James Almer <jamrial@gmail.com>
When no explicit CAs file is set, load the default locations,
else there is no way for verification to succeed.
This matches the behavior of other TLS backends.
When verification is enabled (using -tls_verify 1) now
the hostname will be verified properly too, while before
only other aspects of the certificate were checked.
Co-Authored-By: Marvin Scholz <epirat07@gmail.com>
For detect_range, the usage of vpbroadcast{b,w} requires the AVX512BW extension, and for
detect_alpha we don't want ZMM instructions downclocking old CPUs.
Signed-off-by: James Almer <jamrial@gmail.com>
