Fixes: out of array read
Fixes: 20742/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDTOONS_fuzzer-5738148607033344
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
No testcases, found by code review when debuging issue found by oss-fuzz
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Commit 36e156bef0 ("avformat/spdifenc: fix handling of large TrueHD
frame") added an obviously incorrect bitshift that caused incorrect
samples-per-frame calculation for TrueHD streams over 48kHz.
Fix that.
The TrueHD IEC 61937 encapsulation code uses a very naive method of
always inserting 24 TrueHD frames evenly in a MAT frame. This does not
work for larger frames as they may exceed the size of 1/24th of a MAT
frame.
To fix that, use the input_timing field in the TrueHD frame to determine
the proper position of the TrueHD frame in the MAT frame. That field is
basically a dts field, telling the time to feed this frame to the
decoder in sample count units.
This can cause a TrueHD frame to be split between two MAT frames, so a
second concatenation hd_buf is added, alternating with the first buffer.
Large frames are preceded by smaller frames that have input_timing
values that cause the frames to be sent out faster than the nominal rate
(i.e. increasing decoder latency, long decoder buffer), allowing the
larger frames to then be sent out slower than the nominal rate as the
decoder has enough data buffered to keep it busy.
This is preparation for adding a second hd_buf in a followup commit.
Also, slightly improve the comments for hd_buf_x members to clarify
which ones are actually used and kept up-to-date depending on which
codec is being muxed.
wtvfile_read_packet did not abide by the requirements of an
AVIOContext's read_packet-function: If it did not read anything,
it returned zero, which currently leads to a warning in read_packet_wrapper
in aviobuf.c. Said warning will be an av_assert2 as soon as
FF_API_OLD_AVIO_EOF_0 is zero (probably the next major version bump).
So instead forward the error code from the underlying protocol.
This error/assert is triggered in the wtv-demux FATE test.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 20660/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5658290216501248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Enables option for hevc_qsv encoder:
-extbrc
Improvements in BD-Rate could be observed with extbrc on.
Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Zhong Li <zhongli_dev@126.com>
Class name is used in show_help_children(avfilter_get_class(),...)
to prompt the available filters.
$ ffmpeg -h full
Before:
qsvscale AVOptions:
After:
scale_qsv AVOptions:
Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Zhong Li <zhongli_dev@126.com>
Currently width_align and height_align are zero when encoding with mjpeg_qsv,
which causes "Error submitting the frame for encoding". This patch sets the alignments.
There is a little bit more about the problem here http://ffmpeg.org/pipermail/ffmpeg-user/2019-November/046143.html
Signed-off-by: JonCookCubic <jon.cook@cubicmotion.com>
Signed-off-by: Zhong Li <zhongli_dev@126.com>
It's not exclusive for Low Latency streaming. The muxer will serve partial
segments regardless of streaming mode.
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: signed integer overflow: 2045163756 * 2 cannot be represented in type 'int'
Fixes: Ticket5132
Found-by: tsmith
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: Ticket8149
Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -9223372036854775808 - 9223372036854775807 cannot be represented in type 'long'
Fixes: Ticket8142
Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1562273630 * 17 cannot be represented in type 'int'
Fixes: Ticket8323
Found-by: Suhwan
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This muxer does not have any private options and so does not need a
private class.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
- do not require a known file size for seek to work
- read the files till the actual end, do not limit data at the queried file
size
- fix a bug which causes reading 0 byte files for non-existing files
- properly check the return status of the FTP server at the end of the file
retrieval
Signed-off-by: Marton Balint <cus@passwd.hu>
v2: Use s->buffer for creating request (as the old code did) instead of
the AVBPrint internal buffer. Some minor cosmetics.
Signed-off-by: Marton Balint <cus@passwd.hu>
It is explicitly required by the HTTP RFC. Without this patch URLs like
http://example.com?query will not work.
Fixes ticket #8466.
Signed-off-by: Marton Balint <cus@passwd.hu>
RFC 3986 states that the fragment identifier is separated from the rest of the
URI prior to a dereference, and thus the identifying information within the
fragment itself is dereferenced solely by the user agent.
Signed-off-by: Marton Balint <cus@passwd.hu>
RFC 3986 states that the generic syntax uses the slash ("/"), question mark
("?"), and number sign ("#") characters to delimit components that are
significant to the generic parser's hierarchical interpretation of an
identifier.
Signed-off-by: Marton Balint <cus@passwd.hu>
A demuxer might have allocated memory while reading the header. If
reading the header was successfull and an error happens before returning
(e.g. when queueing the attached pictures), the read_close function
would have never been called, so that all those allocations would leak.
This commit changes this.
Furthermore, there would be even more memleaks if the error level was
set to AV_EF_EXPLODE in case there is both metadata and id3v2 metadata.
This has been fixed, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>