Fixes: out of memory access
Fixes: 27787/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-4743666463408128.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Those are private fields, no reason to have them exposed in a public
header. Since there are some (semi-)public fields located after these,
even though this section is supposed to be private, keep some dummy
padding there until the next major bump to preserve ABI compatibility.
Since bae8844e the packet will always be unreferenced when a demuxer
returns an error, so that a lot of calls to av_packet_unref() in lots of
demuxers are now redundant and can be removed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.
In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.
There are multiple important problems with this approach:
- the fields in AVCodecContext are in general one of
* stream parameters
* codec options
* codec state
However, it's not clear which ones are which. It is consequently
unclear which fields are a demuxer allowed to set or a muxer allowed to
read. This leads to erratic behaviour depending on whether decoding or
encoding is being performed or not (and whether it uses the AVStream
embedded codec context).
- various synchronization issues arising from the fact that the same
context is used by several different APIs (muxers/demuxers,
parsers, bitstream filters and encoders/decoders) simultaneously, with
there being no clear rules for who can modify what and the different
processes being typically delayed with respect to each other.
- avformat_find_stream_info() making it necessary to support opening
and closing a single codec context multiple times, thus
complicating the semantics of freeing various allocated objects in the
codec context.
Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fd10a199a3c_6204_landing.rpl
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Some fixes provided by Paul B Mahol <onemda@gmail.com>
and Michael Niedermayer <michaelni@gmx.at> and me.
Signed-off-by: Diego Biurrun <diego@biurrun.de>
Signed-off-by: Kostya Shishkov <kostya.shishkov@gmail.com>
* qatar/master:
avformat: Drop pointless "format" from container long names
swscale: bury one more piece of inline asm under HAVE_INLINE_ASM.
wv: K&R formatting cosmetics
configure: Add missing descriptions to help output
h264_ps: declare array of colorspace strings on its own line.
fate: amix: specify f32 sample format for comparison
tiny_psnr: support 32-bit float samples
eamad/eatgq/eatqi: call special EA IDCT directly
eamad: remove use of MpegEncContext
mpegvideo: remove unnecessary inclusions of faandct.h
af_asyncts: avoid overflow in out_size with large delta values
af_asyncts: add first_pts option
Conflicts:
configure
libavcodec/eamad.c
libavcodec/h264_ps.c
libavformat/crcenc.c
libavformat/ffmdec.c
libavformat/ffmenc.c
libavformat/framecrcenc.c
libavformat/md5enc.c
libavformat/nutdec.c
libavformat/rawenc.c
libavformat/yuv4mpeg.c
tests/tiny_psnr.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec: Templatize the code for different g726 bitrate variants
rv40: move loop filter to rv34dsp context
lavf: make av_set_pts_info private.
rtpdec: Add support for G726 audio
rtpdec: Add an init function that can do custom codec context initialization
avconv: make copy_tb on by default.
matroskadec: don't set codec timebase.
rmdec: don't set codec timebase.
avconv: compute next_pts from input packet duration when possible.
lavf: estimate frame duration from r_frame_rate.
avconv: update InputStream.pts in the streamcopy case.
Conflicts:
avconv.c
libavdevice/alsa-audio-dec.c
libavdevice/bktr.c
libavdevice/fbdev.c
libavdevice/libdc1394.c
libavdevice/oss_audio.c
libavdevice/v4l.c
libavdevice/v4l2.c
libavdevice/vfwcap.c
libavdevice/x11grab.c
libavformat/au.c
libavformat/eacdata.c
libavformat/flvdec.c
libavformat/mpegts.c
libavformat/mxfenc.c
libavformat/rtpdec_g726.c
libavformat/wtv.c
libavformat/xmv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
presets: rename presets directory
lavc: make avcodec_get_context_defaults3 "officially" public
lavf: replace av_new_stream->avformat_new_stream part II.
lavf,lavd: replace av_new_stream->avformat_new_stream part I.
lavf: add avformat_new_stream as a replacement for av_new_stream.
Use correct scaling table for bwd-pred MVs in second B-field
Ut Video decoder
Makefile: change presets extension to .avpreset
lavfi: add rgbtestsrc source, ported from MPlayer libmpcodecs
lavfi: add testsrc source
AVOptions: add documentation.
presets: update libx264 ffpresets
Conflicts:
Changelog
doc/APIchanges
doc/ffmpeg.texi
ffpresets/libx264-ipod320.ffpreset
ffpresets/libx264-ipod640.ffpreset
ffserver.c
libavcodec/avcodec.h
libavcodec/options.c
libavcodec/version.h
libavdevice/libdc1394.c
libavfilter/avfilter.h
libavfilter/vsrc_testsrc.c
libavformat/flvdec.c
libavformat/riff.c
libavformat/version.h
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
ffmpeg: fix some indentation
ffmpeg: fix operation with --disable-avfilter
simple_idct: remove disabled code
motion_est: remove disabled code
vc1: remove disabled code
fate: separate lavf-mxf_d10 test from lavf-mxf
cabac: Move code only used in the cabac test program to cabac.c.
ffplay: warn that -pix_fmt is no longer working, suggest alternative
ffplay: warn that -s is no longer working, suggest alternative
lavf: rename enc variable in utils.c:has_codec_parameters()
lavf: use designated initialisers for all (de)muxers.
wav: remove a use of deprecated AV_METADATA_ macro
rmdec: remove useless ap parameter from rm_read_header_old()
dct-test: remove write-only variable
des: fix #if conditional around P_shuffle
Use LOCAL_ALIGNED in ff_check_alignment()
Conflicts:
ffmpeg.c
libavformat/avidec.c
libavformat/matroskaenc.c
libavformat/mp3enc.c
libavformat/oggenc.c
libavformat/utils.c
tests/ref/lavf/mxf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
crypto: Use av_freep instead of av_free
lavf: don't try to free private options if priv_data is NULL.
swscale: fix types of assembly arguments.
swscale: move two macros that are only used once into caller.
swscale: remove unused function.
options: Add missing braces around struct initializer.
mov: Remove leftover crufty debug statement with references to a local file.
dvbsubdec: Fix compilation of debug code.
Remove all uses of now deprecated metadata functions.
Move metadata API from lavf to lavu.
Conflicts:
doc/APIchanges
libavformat/aiffdec.c
libavformat/asfdec.c
libavformat/avformat.h
libavformat/avidec.c
libavformat/cafdec.c
libavformat/matroskaenc.c
libavformat/mov.c
libavformat/mp3enc.c
libavformat/wtv.c
libavutil/avutil.h
libavutil/internal.h
libswscale/swscale.c
libswscale/x86/swscale_template.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
In the name of consistency:
get_byte -> avio_r8
get_<type> -> avio_r<type>
get_buffer -> avio_read
get_partial_buffer will be made private later
get_strz is left out becase I want to change it later to return
something useful.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
(cherry picked from commit b7effd4e83)
In the name of consistency:
get_byte -> avio_r8
get_<type> -> avio_r<type>
get_buffer -> avio_read
get_partial_buffer will be made private later
get_strz is left out becase I want to change it later to return
something useful.
Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>