ambisonics mode > 1 does not initialize any layer but layer 0
is unconditionally dereferenced
Fixes: poc-2024-11
Fixes: null pointer dereference
Found-by: 苏童 <220235212@seu.edu.cn>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When using fast chapter marker calculation (default), the last
marker is inadverdently ignored due to an off-by-one.
Signed-off-by: Marth64 <marth64@proxyid.net>
Also fix checks for sc->stts_count that assume it may not be in sync with
sample count.
Missed in 865c73c86f. Fixes parsing durations in
some cases.
Signed-off-by: James Almer <jamrial@gmail.com>
And not just the first, as it was being done for lacing. The spec states that the
flag applies to everything inside the simple box.
Signed-off-by: James Almer <jamrial@gmail.com>
They are needed for audio tracks with priming samples, where negative CTS
offsets can't be used.
Fixes ticket #11031.
Signed-off-by: James Almer <jamrial@gmail.com>
avgBitrate == 0 is used to signal a VBR track, so if that value is propagated by an
encoder, don't overwrite it with a calculated value based on track size.
Part of a fix for ticket #11303.
Signed-off-by: James Almer <jamrial@gmail.com>
Don't reject extradata with missing PS NALUs if array_completeness is not
requested.
Fixes a regression since a696b28886.
Signed-off-by: James Almer <jamrial@gmail.com>
ATSC A/52:2018 Digital Audio Compression (AC-3, E-AC-3), Annex G
defines stream_type 0x87 for E-AC-3 bit streams.
Signed-off-by: Marton Balint <cus@passwd.hu>
Some mp3 files look surprisingly like mpeg PS streams. In order for us
to hint to ffmpeg that the file really is mp3, we can deliver it with a
mime type. The mp3 probe therefore needs to have a mime type registered,
(which is previously did not).
Some DVD muxers signal segments to start with duplicate audio samples
when starting extraction from a chapter marker or terminate seamless PGs
on partial audio samples (causing corrupt AC3 frames). Clean up after
these muxers by tracking frames with duplicate PTS and eliminating
partial AC3 frames.
This results in smoother chapter extraction and overall seeking experience,
with linear PTS and AC3 delay within 32ms (1 frame) away from the video.
The issue was not apparent until the flushing pattern was replaced with
a full subdemux reset, as the flushing dropped the frames prematurely,
along side others, as such they were never present to begin with.
The packets effectively serve no purpose and we are already
dropping packets with PTS less than 0. This also creates
for a smoother seeking experience after the subdemuxer
reset fix.
Signed-off-by: Marth64 <marth64@proxyid.net>
It is wasteful to open the subdemuxer if an error occurs while
initializing streams or reading IFO headers.
Signed-off-by: Marth64 <marth64@proxyid.net>
The "auto" mode serves no functional purpose except for logging
a message and setting the value to 1. The documentation clearly
explains what the option is for.
Signed-off-by: Marth64 <marth64@proxyid.net>
Menu 0 is the VIDEO_TS root menu, which does not appear to be used
commonly for menu segments. Instead, default to the menu of VTS 1.
Signed-off-by: Marth64 <marth64@proxyid.net>
Some discs present titles with bogus NAV packets. We apply this check
for menus and for title MPEG blocks, but we should also apply it
for NAV packets during title demuxing.
Signed-off-by: Marth64 <marth64@proxyid.net>
DVDs naturally consist of segmented MPEG-PS blobs within a VOB
(i.e. VOBs are not linear). NAV packs set the segment boundaries.
When switching between segments, discontinuities occur and thus
the subdemuxer needs to be reset. The current approach to manage
this is by invoking ff_read_frame_flush() on the subdemuxer context,
via a callback function which is invoked during the menu or dvdnav
block functions. The same subdemuxer context is used throughout
the demux, with a stretched PTS wrap bits value (64) + disabled
overflow correction, and then flushed on each segment. Eventually,
a play_end context variable is set to declare EOF.
However, this approach causes frame drops. The block read flushes the
demuxer before the frame read is complete, causing frames to drop
on discontinuity. The play_end signal likewise ends playback before
the frame read is complete, causing frames to drop at end of the title.
To compound the issue, the PTS wrap bits value of 64 is wrong;
the VOBU limit is actually 32 and the overflow correction should work.
Instead, EOF the MPEG-PS subdemuxer organically when each VOB segment
ends, and re-open it if needed with the offset after the full frame read
is complete. In doing so, correct the PTS wrap behavior to 32 bits and
remove the play_end/segment_started signals and callback pattern.
Note that the timestamps as reported by the NAV packets are known as
"PTMs", so the fields storing the time prior to adjustment are renamed
accordingly. This makes it more clear when we are offsetting the
NAV packet reported timestamps versus what we present as a demuxer.
Signed-off-by: Marth64 <marth64@proxyid.net>
The function has a few branches where it discards frames via
FFERROR_REDO; consolidate is via a goto block to simplify the
function and improve readability. Logging still maintains
all the relevant details for the reason of the discard.
Signed-off-by: Marth64 <marth64@proxyid.net>
Menus are generally segmented by cell, so use them as the
marker delimiters. Requires preindex option to be enabled.
Signed-off-by: Marth64 <marth64@proxyid.net>
This consolidates the FFERROR_REDO handling of NAV packets to
dvdvideo_subdemux_read_data(), is a pre-requisite to calculating
chapter markers for menus, and a pre-requisite to fixing the
frame desync issue when the subdemuxer is flushed.
Signed-off-by: Marth64 <marth64@proxyid.net>
Readability improvement; the warning can be bundled beneath
the preceding validations rather than awkwardly between the memcpy
and return.
Signed-off-by: Marth64 <marth64@proxyid.net>
The default "auto" mode is effectively useless; the reasonable
default use case is to use the first PG (segment) of the
selected PGC for both menus and standard titles. Just
default the value to 1, since the option is irrelevant
unless -pgc is also set.
Note that this should not break users using this advanced option.
The "auto" mode errored and asked for a PG number regardless
for non-menus, and for menus the mode simply defaulted to 1.
Signed-off-by: Marth64 <marth64@proxyid.net>
Fixes: use of uninitialized value (untested)
Fixes: 42537627/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-5505802505355264
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized value
Fixes: 42537627/clusterfuzz-testcase-minimized-fuzzer_protocol_memory-6656646223298560-cut
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
