av_image_copy() expects an array of four pointers according to its
declaration; although it currently only touches pointers that
are actually in use (depending upon the pixel format) this might
change at any time (as has already happened for the linesizes
in d7bc52bf456deba0f32d9fe5c288ec441f1ebef5).
This fixes ticket #9264 as well as a warning from GCC 11.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(It is actually UB if a declaration and its definition differ wrt
their types like they do in this case (the declaration in allfilters
is const).)
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Up until now setting the input and output devices lists is guarded
by a mutex. This prevents data races emanating from multiple concurrent
calls to avpriv_register_devices() (triggered by multiple concurrent
calls to avdevice_register_all()). Yet reading the lists pointers was
done without any lock and with nonatomic variables. This means that
there are data races in case of concurrent calls to
av_(de)muxer_iterate() and avdevice_register_all() (but only if the
iteration in av_(de)muxer_iterate exhausts the non-device (de)muxers).
This commit fixes this by putting said pointers into atomic objects.
Due to the unavailability of _Atomic the object is an atomic_uintptr,
leading to ugly casts. Switching to atomics also allowed to remove
the mutex currently used in avpriv_register_devices().
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: left shift of negative value -1
Fixes: 39223/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5498831521841152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec_receive_packet() already unreferences the packet on its own.
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The output stream's packet may not have been allocated
at that point. This happens when quitting in the following command line:
$ ./ffmpeg -lavfi abuffer=sample_fmt=u8:sample_rate=48000:channel_layout=stereo -f null -
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
When inserting an auto-resampler, it may be that the configuration
of the filters that the auto-resampler is supposed to connect is
already partially merged, i.e. converter->inputs[0].incfg.foo and
converter->outputs[0].outcfg.foo (where foo is one of formats,
samplerates, channel_layouts) can coincide. Therefore merging
the converter filter's input link might modify the outcfg of the
converter' outlink. Yet the current code in avfiltergraph.c used
pointers from before merging the inlink for merging the outlink,
leading to a use-after-free in command lines like:
$ ffmpeg -f lavfi -i anullsrc=cl=stereo -lavfi channelsplit,axcorrelate -f null -
Fix this by not using outdated values when merging the outlink.
This is a regression since 85a6404d7e6c759ddf71d6374812d7ff719728ec.
Found-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: runtime error: signed integer overflow: 727298502 * 3 cannot be represented in type 'int'
Fixes: 39172/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-638602483033702
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2145648640 - 3357696 cannot be represented in type 'int'
Fixes: 38899/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5358815017566208
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 38787/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-4859845799444480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Also covers muxing and demuxing of nonstandard FLAC channel layouts
and the multi-dim-quant option of the FLAC encoder
(all of which was hitherto uncovered).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This brings the FLAC demuxer in line with all the other demuxers.
Furthermore, if it is not done and the FLAC decoder is disabled,
the FLAC parser will overwrite the channel layout with the standard
channel layout for that number of channels.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This allows nicer tests by having a greater range of inputs available
(without requiring adding further samples to the fate-suite).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Provides coverage for the muxer.
(Thanks to tresh for modifying the whitespace commit hook
to allow to push this ref file with tabs.)
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Uninit crashed if an array containing frames could not be allocated
or config_props() has never been called.
Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fix this by switching to av_dynarray_add_nofree() which is more
natural anyway because the entries of the array are pointers.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>