Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c15972f0af7679b466dd4a10a54ab2f04f9372c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2 * 2132811760 cannot be represented in type 'int'
Fixes: 11156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6237685933408256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77e56d74f972537aecd5bc2c5c4111e1d6ad0963)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Otherwise it is left to the value from the previous iteration
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 433d2ae4353f3c513a45780845d9d8ca252cd4dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Out of memory
Fixes: 11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f9728feaf90eb7493f8872356f54150efafb59cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07607a1db879d0d96e2c91e1354bc4e425937d3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Not currently supported.
(cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64, but the value is still 32
in function ff_hevc_sao_edge_filter_8_msa. So, use AV_INPUT_BUFFER_PADDING_SIZE directly.
Also, use MAX_PB_SIZE directly instead of 64. Fate tests passed.
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f652c7a45c60427db0a89fae665e63b546af6ebb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Future gcc may no longer support this
Tested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1cbeb87db4bfc6e281e4254a6c7fdd3854fc9b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids problems if %4 is the stack pointer
the constraints do not allow %4 to be the stack pointer but gcc 9 may
no longer support specifying such constraints
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4325527e1c4fd2da119e81933172065ee1274eda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This will allow performing some fast checks before the slow allocation
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a708aa99cb0e8d76e52117b1fd89d221f0055e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68e011e4103b9cb5ac2d152d73ca8393065a33fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: test failure on powerpc
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8f762c300e29d80ece363edc08e137b371d909f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea30ac1e408246382796f61d645d1e087aed390a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Chromium fuzzing produced a whacky file with extra tkhds. This caused
an AVStream that was already in use to be corrupted by assigning it a
new id, which blows up later in mov_read_trun because the
MOVFragmentStreamInfo.index_entry now points OOB.
Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The affected functions could also be changed into macros, this is the
smaller change to fix it though. And avoids (probably) less readable macros
The extra code should be optimized out when optimizations are done as all values
are known at build after inlining.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c64a6bcd280c64997e6c4799bc89c0a9393bbf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Such low resolution would result in empty output as a minimum of 4x4 is needed
We could also check for multiple of 4 dimensions but that is not needed
Fixes: Timeout
Fixes: 11191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSVIDEO1_fuzzer-5739529588178944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 953bd58861ad933e614510140b05a61e3d1375be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.
Fixes: Timeout
Fixes: 11168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5733782032744448
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6f4341522c3eafb046c47b115d79ce684a899fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.
Fixes: Timeout
Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 09ec182864d41c990bc18f620eabb77444aeff57)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ae39d795613f3c6925c59852b625029b747fe42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
method 0 (inflate/deflate) is the only specified in the specification and the only supported
Fixes: Timeout
Fixes: 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f99674ddddcc33f4c37def0a206e31ad7c4c1af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35040048793bc5d19942277fe17d1235e915a7d8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int'
Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f888771cd1ce8d68d4b18a1009650c1f260aaf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The first element of H264RedundantPPSContext is not a pointer to an
AVClass as required.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6dafcb6fdb6271d35220b889833561705c2b366f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
partitioned_frame is also set/cleared in decode_vop_header()
Fixes: out of array read
Fixes: 9789/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5638681627983872
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 074187d599a2ece2bdf77bd08b4b797c5800eda6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.
Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 70c8c8a818f39bc262565ec29fae2baffb3e1660)
After inspecting the source code of x265, mpv and ffmpeg, I've found that
ffmpeg mistakenly regards EVC_NAL_BLA_N_LP and HEVC_NAL_IDR_N_LP as non-
reference frames, which are acutally reference frames according to the
specification in x265, and drops them.
This patch should address the problem. I have tested it with mpv.
Signed-off-by: Mark Wu <wfwf1997@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 10bc4c3a7df7bb26303067b97311b7eeedfd453e)
Support for it was apparently never in the codebase, and the enum
value was recently removed from the public headers [1]
[1] https://aomedia.googlesource.com/aom/+/df4ffb73140fe31bebdabd17c1a7b53721e74838
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b69ea742ab23ad74b2ae2772764743642212a139)
Found-by: fate
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3cc3cb663bf3061e40356392d2f7638de6a479fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Without this FTP just hangs on eof...
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 6a034adf7516fde8733064ed7ba5c77554298047)
Libx264 uses strtok which is not thread safe. Strtok is used in
x264_param_default_preset in param_apply_tune in x264/common/base.c.
Therefore the flag must be removed.
x264 fixed the issue, once the fix is pushed to stable, an #if can be added
to re-enable the flag based on X264_BUILD number.
Fixes ticket #7446.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit b02490a497009064b7f192802aa246aa0b6a4dad)
