by setting the FF_FMT_INIT_CLEANUP flag. Furthermore, also remove
an unnecessary check for NULL before avformat_close_input().
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
By default, a demuxer's read_close function is not called automatically
if an error happens when reading the header; instead it is up to the
demuxer to clean up after itself in this case. The mov demuxer did this
by calling its read_close function when it encountered some errors when
reading the header.
This commit changes this by setting the FF_FMT_INIT_CLEANUP flag so that
mov_read_close() is automatically called when an error happens when
reading the header.
(Btw: mov_read_close() is not idempotent: Calling it twice is
dangerouos, because MOVContext.frag_index.item will be av_freep'ed,
yet MOVContext.frag_index.nb_items won't be reset. So the calls to
mov_read_close() have to be removed before the switch to freeing
generically.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
by setting the FF_FMT_INIT_CLEANUP flag.
(Btw: concat_read_close() is not idempotent (it frees cat->files, but
doesn't reset cat->nb_files), so this demuxer was incompatible with
simply calling read_close generically upon read_header failure.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
by setting the FF_FMT_INIT_CLEANUP flag.
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If reading the header fails, the demuxer's read_close() function (if
existing) is not called automatically; instead several demuxers call it
via "goto fail" in read_header().
This commit intends to change this by adding an internal flag for
demuxers that can be used to set on a per-AVInputFormat basis whether
read_close() should be called generically after an error during
read_header().
The flag controlling this behaviour needs to be added because it might
be unsafe to call read_close() generally (e.g. this might lead to
read_close() being called twice and this might e.g. lead to double-frees
if av_free() is used instead of av_freep(); or a size field has not
been reset after freeing the elements (see the mov demuxer for an
example of this)).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Both AVInputFormat and AVOutputFormat currently lack an equivalent to
AVCodec's caps_internal. E.g. if reading a header fails, each demuxer
is currently required to clean up manually, which often means to just
call the demuxer's read_close function. This could (and will) be done
generically via an equivalent of FF_CODEC_CAP_INIT_CLEANUP.
Because of the unholy ABI-relationship between libavdevice and
libavformat adding such a flag is only possible when the ABI is open
(despite the flag not being part of the public API), such as now.
Therefore such a flag is also added to AVOutputFormat, despite there
being no immediate use for it.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The early return caused isses for the "add" mode (got fixed in
c95dfe5cce) and the "select" mode needs a similar
fix. It is probably better to fully remove the check, since all modes work
correctly with NULL metadata.
Signed-off-by: Marton Balint <cus@passwd.hu>
This fixes an issue when multiple cases are fuzzed in a single run and
the limits are adjusted by more than the iteration limit. In that case
the adjusted limit leaked back into the global limit causing the
fuzzer to become ineffective after several iterations, MSS2 was
affected by this for example.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>