The output stream's packet may not have been allocated
at that point. This happens when quitting in the following command line:
$ ./ffmpeg -lavfi abuffer=sample_fmt=u8:sample_rate=48000:channel_layout=stereo -f null -
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit fb215798c7a72b32e889b72efd018f26bb3f88ce)
This reverts commit b5ca8f2c66954614d81579082025f580efc0cffc.
This commit will make new problem about tickets: 9193,9205
It flush data into file with init file context together,
and it can get keyframe size, maybe need more method to get keyframe
size.
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
(cherry picked from commit 59032494e81a1a65c0b960aaae7ec4c2cc9db35a)
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06d67265881249566f385309e2fb5a9449720b6e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2145649668 + 3956526 cannot be represented in type 'int'
Fixes: 38351/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-4647077926273024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0e45886e6ea272f453cb949e95c3bfd8380974c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854775360 + 536870912 cannot be represented in type 'long'
Fixes: 37940/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6095637855207424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 451ceb5131fa67b0b380d4823981e421909c16db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 37197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5877046382297088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 018b611b4ba74a5cecfb8a75a637b49840e7c320)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 128 out of bounds for type 'uint16_t [128]'
Fixes: 38651/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-6296416058736640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85413a5ae6948a1d6e4e947a4fca984b8c686016)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids reallocating per frame
Fixes: Assertion failure
Fixes: 36359/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6733238591684608
Fixes: 38623/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6098656512573440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0faf04e807fc09bb3d72a034c284fe44b54fa76b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: error: 1.66789e+11 is outside the range of representable values of type 'int'
Fixes: Ticket8201
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 245017ec8a87d6e4c764d06afeca37100b980d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 559334865 * 4 cannot be represented in type 'int'
Fixes: 37929/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6751932295806976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90da43557f7257d72e95504f63ae6504406d6eab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long'
Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 737e6bf2162b89d396f4d477bfe8c99f1dd885de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 4611686025627387904 + 4611686025627387904 cannot be represented in type 'long'
Fixes: 35489/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-4862678601433088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f624c92d4c6fa73dfa95959d886090af6790bc36)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: runtime error: signed integer overflow: 65312 * 65535 cannot be represented in type 'int'
Fixes: 32832/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-4817710040088576
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e2c2872393f25253aa40861a9707934c4b83a3af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2788626175500000000 + 7118941284000000000 cannot be represented in type 'long'
Fixes: 35215/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6123272247836672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2768928624793f66694f7f2b0824f052e69e3557)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 7020950083487072256 * 2 cannot be represented in type 'long long'
Fixes: 37523/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5133634955771904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e67deaf86cb1a79054c4f6dcfcaab9b2c60eb8a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -5994697211974418462 + -3255307777713450286 cannot be represented in type 'long'
Fixes: 35332/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5868035117285376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4d81550df9580b454d2530bcb37de20b8354ad6e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 34651/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5157941012463616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 989febfbd0c986e9e3e0f269a6b22778bf79147b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Out of array access
Fixes: 37030/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5387719147651072
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3dd5a8a13510d08a4e25e8f138d718672a0fed4a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Consider data as invalid if ff_wma_run_level_decode
gets out with an error.
It avoids an unpleasant sound distorsion.
See http://trac.ffmpeg.org/ticket/9358
(cherry picked from commit f9fbe2f9a9c7d2db98a6e49504a7154f743cd804)
This way, the calling function can just forward it instead of
making it up.
Signed-off-by: Olivier Crête <olivier.crete@collabora.com>
(cherry picked from commit 521388edb7d3c176b444bbc3a42723cbafab2d55)
Defined in spec 5.9.8. When superres is enabled, SuperresDenom equals
"coded_denom + SUPERRES_DENOM_MIN" instead of coded_denom.
Signed-off-by: Tong Wu <tong1.wu@intel.com>
Signed-off-by: Hendrik Leppkes <h.leppkes@gmail.com>
(cherry picked from commit f31033c6ca4bd88e4bb646bab0bc7fd600d4f8b2)
They were done in preparation for an upcoming 1.0 release.
Keep supporting previous releases for the time being.
Reviewed-by: BBB
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e204846ec16c1ab34c7f3a681734cf5190433018)
In some extrme cases, like with adpcm_ms samples with an extremely high channel
count, get_audio_frame_duration() may return a negative frame duration value.
Don't propagate it, and instead return 0, signaling that a duration could not
be determined.
Fixes ticket #9312
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e01d306c647b5827102260b885faa223b646d2d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Infinite loop
Fixes: 36666/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5912760671141888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c659f861856d751fe3aa1358b1cccff3117f948)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1683879955 - -466265224 cannot be represented in type 'int'
Fixes: 37419/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6074294407921664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 33feb527fff9bf547c4118147434869875cf0c3d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Timeout
Fixes: 37035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XPM_fuzzer-5142718576721920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e58692837c20c8484a23cd9beb63ac422f82458a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 37249/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5754862984888320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 26659fe53ee9e51dc06ea2384321cc18229f5768)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372034248226491 + 3275247799 cannot be represented in type 'long'
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-4538729166077952
Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4de4bc06fdfd0383f3d9012c6557a38408a09d28)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1179337772 + 1392508928 cannot be represented in type 'int'
Fixes: 34088/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5846945303232512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4c98c507ed3c729fc92d641b974385f8aa37b33)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
As the second argument for init_get_bits (buf) can be crafted, a return value check for this function call is necessary.
'buf' is part of 'AVPacket pkt'.
replace init_get_bits with init_get_bits8.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 36341/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6737583085322240
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65892516d52c268bd66ef825c4b1c8050a69d732)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 36331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5140494328922112.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c59b5e3d1e0121ea23b5b326529f5bdca44cf982)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The existing error concealment makes no sense for the image formats, they
use transformed source images which is different from keyframe + MC+difference
for which the error concealment is designed.
Of course feel free to re-enable this if you have a case where it works and
improves vissual results
Fixes: Timeout
Fixes: 36234/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-6300306743885824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 643b2d49bf52d5a3205ce3db732e0c4c396bd457)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 35593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5182217725804544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8f2856a1daa4e3d5767b6efe7a70ec86926dba47)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: reading over the end
Fixes: 36346/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-5366943107383296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2f5e9ff3c8141fe6a2c08f3cc4e46e17b96cbb4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Infinite loop
Fixes: 36311/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-4889181296918528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 89505d38de989bddd579ce3b841f1c011f1d7bf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854775791 + 18 cannot be represented in type 'long'
Fixes: 36307/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-4917863877050368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bbef69b0ba938cce4f9d61bed46d3f3058e56c2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
