Fixes: double free
Fixes: clusterfuzz-testcase-minimized-5080550145785856
Found-by: ClusterFuzz
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.
In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.
There are multiple important problems with this approach:
- the fields in AVCodecContext are in general one of
* stream parameters
* codec options
* codec state
However, it's not clear which ones are which. It is consequently
unclear which fields are a demuxer allowed to set or a muxer allowed to
read. This leads to erratic behaviour depending on whether decoding or
encoding is being performed or not (and whether it uses the AVStream
embedded codec context).
- various synchronization issues arising from the fact that the same
context is used by several different APIs (muxers/demuxers,
parsers, bitstream filters and encoders/decoders) simultaneously, with
there being no clear rules for who can modify what and the different
processes being typically delayed with respect to each other.
- avformat_find_stream_info() making it necessary to support opening
and closing a single codec context multiple times, thus
complicating the semantics of freeing various allocated objects in the
codec context.
Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
Originally, AVFormatContext and a metadata dict were provided to ff_vorbis_comment(),
but this presented issues if an AVStream was being updated or the metadata on
AVFormatContext wasn't actually being updated. To remedy this, ff_vorbis_stream_comment()
explicitly updates a stream's metadata and sets any necessary flags.
ff_vorbis_comment() does not modify any flags, and any calls to it that update
AVFormatContext's metadata (just a single call) must also update
AVFormatContext.event_flags after detecting any metadata changes to the provided
dictionary, as signaled by a positive return value.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
* commit 'b8604a976128ffbd316653cdec11ba487f1025bb':
oggparsecelt: do not set AVCodecContext.frame_size
Conflicts:
libavformat/oggparsecelt.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '7751e4693dd10ec98c20fbd9887233b575034272':
ogg: check that the expected number of headers had been parsed
libx264: change default to closed gop to match x264cli
Use avcodec_free_frame() to free AVFrames.
lavf: use a malloced AVFrame in try_decode_frame().
lavc: add avcodec_free_frame().
lavc: ensure extended_data is set properly on decoding
lavc: initialize AVFrame.extended_data in avcodec_get_frame_defaults()
lavc: use av_mallocz to allocate AVFrames.
lavc: rename the argument of avcodec_alloc_frame/get_frame_defaults
Conflicts:
doc/APIchanges
doc/examples/decoding_encoding.c
libavcodec/utils.c
libavcodec/version.h
libavfilter/src_movie.c
libavformat/oggdec.c
libavformat/oggdec.h
libavformat/oggparsetheora.c
libavformat/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec: Templatize the code for different g726 bitrate variants
rv40: move loop filter to rv34dsp context
lavf: make av_set_pts_info private.
rtpdec: Add support for G726 audio
rtpdec: Add an init function that can do custom codec context initialization
avconv: make copy_tb on by default.
matroskadec: don't set codec timebase.
rmdec: don't set codec timebase.
avconv: compute next_pts from input packet duration when possible.
lavf: estimate frame duration from r_frame_rate.
avconv: update InputStream.pts in the streamcopy case.
Conflicts:
avconv.c
libavdevice/alsa-audio-dec.c
libavdevice/bktr.c
libavdevice/fbdev.c
libavdevice/libdc1394.c
libavdevice/oss_audio.c
libavdevice/v4l.c
libavdevice/v4l2.c
libavdevice/vfwcap.c
libavdevice/x11grab.c
libavformat/au.c
libavformat/eacdata.c
libavformat/flvdec.c
libavformat/mpegts.c
libavformat/mxfenc.c
libavformat/rtpdec_g726.c
libavformat/wtv.c
libavformat/xmv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
The situation was not clear when support was added but it is now:
CELT and Opus are really two different codecs.
The current code supports CELT via libcelt, not Opus.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
qcelpdec: cosmetics: do not add line break before opening bracket in 'for', 'while', 'if/else', and 'switch' statements.
qcelp: check output buffer size before decoding
qcelpdec: fix the return value of qcelp_decode_frame().
sipr: fix the output data size check and only calculate it once.
Synchronize various 4CCs and codec tags from FFmpeg.
qdm2: check output buffer size before decoding
Fix out of bound reads in the QDM2 decoder.
Check for out of bound writes in the QDM2 decoder.
ogg/celt: do not set sample_fmt in the demuxer
Conflicts:
libavcodec/avcodec.h
libavcodec/qdm2.c
libavformat/oggparsecelt.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (21 commits)
fate: allow testing with libavfilter disabled
x86: XOP/FMA4 CPU detection support
ws_snd: misc cosmetic clean-ups
ws_snd: remove the 2-bit ADPCM table and just subtract 2 instead.
ws_snd: use memcpy() and memset() instead of loops
ws_snd: use samples pointer for loop termination instead of a separate iterator variable.
ws_snd: make sure number of channels is 1
ws_snd: add some checks to prevent buffer overread or overwrite.
ws_snd: decode to AV_SAMPLE_FMT_U8 instead of S16.
flacdec: fix buffer size checking in get_metadata_size()
rtp: Simplify ff_rtp_get_payload_type
rtpenc: Add a payload type private option
rtp: Correct ff_rtp_get_payload_type documentation
avconv: replace all fprintf() by av_log().
avconv: change av_log verbosity from ERROR to FATAL for fatal errors.
cmdutils: replace fprintf() by av_log()
avtools: parse loglevel before all the other options.
oggdec: add support for Xiph's CELT codec
sol: return error if av_get_packet() fails.
cosmetics: reindent and pretty-print
...
Conflicts:
avconv.c
cmdutils.c
libavcodec/avcodec.h
libavcodec/version.h
libavformat/oggparsecelt.c
libavformat/utils.c
libavutil/avutil.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This patch also introduces CODEC_ID_CELT.
Signed-off-by: Nicolas George <nicolas.george@normalesup.org>
Signed-off-by: Diego Biurrun <diego@biurrun.de>