* fix a possible memory leak (apply_filter returned before freeing)
* use apply_filters in process_major_frame
* revert back to checking bounds with 24 bitdepth, as huff offset takes
care of it
Signed-off-by: Jai Luthra <me@jailuthra.in>
huff offset wasn't always within the bounds before, which lead to
corrupt encoding that didn't always trigger lossless check failures
Signed-off-by: Jai Luthra <me@jailuthra.in>
A value of 24 and above can collaps the range to 0 which would not work.
Fixes: Timeout (75sec -> 21sec)
Fixes: 18707/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5708950892969984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2147407150 + -1871606 cannot be represented in type 'int'
Fixes: 18702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679095417667584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This changes the separator character from comma to colon, but since this option
was only added recently I think it should be done for consistency with other
similar options.
Signed-off-by: Marton Balint <cus@passwd.hu>
This commit reuses the configuration options for VP8 that enables
temporal scalability for VP9. It also adds a way to enable three
preset temporal structures (refer to the documentation for more
detail) that can be used in offline encoding.
Signed-off-by: James Zern <jzern@google.com>
Fixes: signed integer overflow: 2147482897 + 2048 cannot be represented in type 'int'
Fixes: 19240/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5743240326414336
Fixes: 19869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5150136636538880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: inf is outside the range of representable values of type 'int'
Fixes: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'long'
Fixes: 19316/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5677369365102592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This limit is roughly based on the bitreader limit, its likely a much tighter limit
could be used
Fixes: left shift of 1965039647 by 1 places cannot be represented in type 'int'
Fixes: 19545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5695391899320320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 32 by 28 places cannot be represented in type 'int'
Fixes: 19472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PCM_LXF_fuzzer-5704364320096256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 79 by 28 places cannot be represented in type 'int'
Fixes: 20202/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5719004081815552
Fixes: 20219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5641738677125120
Fixes: 20389/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5680721517871104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
recvfrom() is not a cancellation point in pthreads-win32, see
https://sourceware.org/pthreads-win32/manual/pthread_cancel.html
In order to be able to cancel the reader thread on Win32 properly we first
shutdown the socket then call CancelIoEx to abort pending IO. Subsequent
recvfrom() calls will fail with WSAESHUTDOWN causing the thread to exit.
Fixes ticket #5717.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: left shift of negative value -2
Fixes: 20305/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-5677196618498048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Jai Luthra <me@jailuthra.in>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Before this commit v4l2_m2m used two different logging contexts (from
V4L2m2mPriv and AVCodecContext). For consistency always use AVCodecContext.
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Before this commit s->avctx == NULL was used to infer that an encoder is
being initialzed. Code readability has been improved by directly using
!av_codec_is_decoder() instead.
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
There was no consensus about separating AVExprState from AVExpr so here is a
minimal patch using the existing AVExpr to fix ticket #7528.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes use of uninitialized variable and segfault
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
this usecase will cause a division by zero trap:
1. dashenc has received one frame
2. os->max_pts and os->start_pts have same value
3. delta between max_pts and start_pts is 0
4. av_rescale_q(0, x, y) returns 0
5. this value is used as denominator in division
6. Bang! -> segfault
this fix checks that max_pts > start_pts.
the fix has been tested and works.
Signed-off-by: Alfred E. Heggestad <alfred.heggestad@gmail.com>
Reviewed-by: Jeyapal, Karthick <kjeyapal@akamai.com>
Signed-off-by: James Almer <jamrial@gmail.com>
continue is explicitly disallowed for GET_UTF8, so let's fix that as well.
Fixes crash with invalid UTF8 sequences.
Signed-off-by: Marton Balint <cus@passwd.hu>