Fixes: shift exponent 4294967163 is too large for 32-bit type 'int'
Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6183636217495552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Don't use different src and dst in av_tea_crypt(); use in-place
modifications instead. Also let av_tea_crypt() encrypt all three
blocks in one call.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
We use ECB, not CBC mode here, so one does not need to reinitialize
the context; for the same reason, one can also just let av_tea_crypt()
loop over the blocks, avoiding a loop here.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Up until now, the packets have been read in blocks of at most
eight bytes at a time; then these blocks have been decrypted
and copied into a buffer on the stack (that was double the size
needed...). From there they have been copied to the dst packet.
This commit changes this: The data is read in one go; and
the decryption avoids temporary buffers, too, by making
use of the fact that src and dst of av_tea_crypt() can coincide.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Due to this bush.aa (from the FATE suite) exported garbage metadata
with key "_040930".
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The concatf protocol returns an opaque error on open if
concatf list file contains trailing newlines.
Signed-off-by: Gyan Doshi <ffmpeg@gyani.pro>
Reviewed-by: James Almer <jamrial@gmail.com>
Instead of storing the protocol pointer in the opaque iteration state,
store just the index of the next protocol, similarly to how
ff_urlcontext_child_class_iterate() works.
Silences e.g. the following warning in gcc 10:
src/libavformat/ftp.c: In function ‘ftp_move’:
src/libavformat/ftp.c:1122:46: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4091 [-Wformat-truncation=]
1122 | snprintf(command, sizeof(command), "RNTO %s\r\n", path);
| ^~ ~~~~
src/libavformat/ftp.c:1122:5: note: ‘snprintf’ output between 8 and 4103 bytes into a destination of size 4096
1122 | snprintf(command, sizeof(command), "RNTO %s\r\n", path);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This reduces codesize because the offsets of commonly used elements
are now smaller and thus need less bytes to encode in ptr+offset
addressing modes (with GCC 11.2 on x64: 0x1b8b -> 0x1a7b).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The documentation states that here 0 should be used for read-only and
1 for a writable buffer. AVIO_FLAG_WRITE however is 2, while it works
due to the way the flag is handled internally, it is still wrong
according to the documentation.
Additionally it makes it seem as if the AVIO_FLAG_* values could be used
here, which is actually not true, as when AVIO_FLAG_READ would be used
here it would create a writable buffer as AVIO_FLAG_READ is defined as 1.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
this allows getting rid of the hardcoded max size of SDP.
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
The number of audio channels is stored after the magic number
identifying the audio format. Prior to this patch the code has been
reading it earlier, causing files with only one audio channel to be
handled incorrectly.
Reviewed-by: Peter Ross <pross@xvid.org>
Adds demuxer for Square Enux SCD files.
Based off [1] and personal investigation.
This has only been tested against Drakengard 3 (PS3) *_SCD.XXX files
(big-endian). As it is highly likely that FFXIV (PC) files are little-endian,
this demuxer is marked as experimental until this can be confirmed.
[1]: http://ffxivexplorer.fragmenterworks.com/research/scd%20files.txt
Reviewed-by: Peter Ross <pross@xvid.org>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
Currently they are ordered as-written (i.e. by increasing position);
in case av_interleaved_write_frame() is used, this is (mostly)
the same as ordered by increasing dts.
Yet the Matroska specification strongly recommends (SHOULD) that
the CuePoints be sorted by CueTime. mkvalidator warns when they are
not. Therefore this commit sorts them accordingly.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If fifo_thread_recover() succeeds immediately after
fifo_thread_dispatch_message() fails, the dts of the packet is scaled
twice, causing cur_dts to be abnormally large and "Application provided
invalid, non monotonically increasing dts to muxer in stream" to occur
repeatedly.
Steps to reproduce:
1. ffmpeg -f lavfi -i testsrc -c:v libx264 -map 0:v -flags +global_header -f fifo -fifo_format flv -attempt_recovery 1 -recover_any_error 1 rtmp://example.com/livekey
2. set a breakpoint on fifo_thread_recover
3. force disconnect from the rtmp server
4. wait for break
5. reconnect to the rtmp server
6. resume execution of ffmpeg
Signed-off-by: Ryoji Gyoda <gy.cft4@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
FLV AMF tags have a 24bit field for timestamps plus an 8bit for extended
timestamps.
All FLV AMF tags except when we write metadata handle this correctly
using the put_timestamp function.
Until now when writing metadata we were only using the first
24 bits and thus the timestamp value was wraping around 4 hours 40
minutes (16,800,000 ms, max 24 bit value 16,777,216) of playback.
This commit fixes this applying this same function put_timestamp
for the metadata FLV tag.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long'
Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Due to reasons, mpv doesn't pass filename when probing. mpv also sets
default probescore threshold to 26. Since the current jpeg_probe
implementation returns 25 until EOI, it means that the whole image needs
to be probed to succeed. Worse, the whole image is not passed at once;
increasingly large buffers are tried before that. Adding it up together,
if many demuxers are enabled, moderately large JPEG files (few MB) can
take several seconds to open, despite taking less than 1 second to
actually decode.
Therefore, adjust the heuristic to be more optimistic if proper JFIF or
Exif segments are found. While not strictly required, the vast majority
of JPEG-ish files have one or the other or both.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
For most check_bitstream() functions this just avoids having
to dereference s->streams[pkt->stream_index] themselves; but for
meta-muxers it will allow to forward the packet to stream with
a different stream_index (belonging to a different AVFormatContext)
without using a spare packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
