Fixes: out of array access
Fixes: 24604/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4843529818603520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7577f8332a6bb2f227b876c83ec6fa45cc9670f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Assertion failure
Fixes: 24612/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6600899842277376.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8931c55789a69f717b4a6954c5bb7acf5475a134)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by zero
Fixes: 24253/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6250318007107584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be090da25f734460f3105075456877b8a66185c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int'
Fixes: 24011/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5486376610168832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d51d569cf68f78aaea8464a156c847a0e294726a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 24457/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5760093644390400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ffa6072fc727a14680a85449259f6b49b47587e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Later the decorrelate_stereo call is guarded by channels == 2
and non-zero decorr_left_weight. Make sure decorr_shift is in
the expected shift range for that case.
Fixes: shift exponent 128 is too large for 32-bit type 'int'
Fixes: 23860/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5751138914402304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4333718b357a9ad195031e5d0ea080d37677b795)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: crash.asf
Found-by: anton listov <greyfarn7@yandex.ru>
Reviewed-by: anton listov <greyfarn7@yandex.ru>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 081e3001edb67dcd55fe0f68505df1fce667476d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
No testcase
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ef59a40c2a0df694cf6f23870f94b6e32deabfe1)
mpegts_read_header stops parsing the file at the first PMT. However the check
that ensured this was wrong because streams can also be added before the first
PMT is received (e.g. EIT).
So let's make sure we are in the header reading phase by checking if ts->pkt is
unset instead of checking if the number of streams found so far is 0.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit bf19833ae26b054a111de79b5ab1681c00cd8d0a)
Version 1.1 (FX Fighter) files all have a sample rate of 44100
in the header, but only play back correctly at 22050.
Force the sample rate to 22050 when reading, and restrict it
when muxing.
(cherry picked from commit d2f7b399149f725138f5551ae980e755596d527c)
This disallows the usage of ? and # in libavformat specific scheme options
(e.g. subfile,,start,32815239,end,0,,:video.ts) but this change was considered
acceptable.
Signed-off-by: ruiquan.crq <caihaoning83@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit ae9a1a96982669926a4ecb92b066814f5f27dc38)
- Call srt_epoll_release() to avoid fd leak on libsrt_setup() error.
- Call srt_cleanup() on libsrt_open() failure.
- Fix return value and method on mode parsing failure.
Based on a patch by Nicolas Sugino <nsugino@3way.com.ar>.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit fb0304fcc9f79a4c9cbdf347f20f484529f169ba)
libsrt changed the:
SRTO_SMOOTHER -> SRTO_CONGESTION
SRTO_STRICTENC -> SRTO_ENFORCEDENCRYPTION
and removed the front of deprecated options (SRTO_SMOOTHER/SRTO_STRICTENC)
in the header, it's lead to build fail
fix#8760
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
(cherry-pick from commit 7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315)
In listener mode the first fd is not closed when libsrt_close() is called
because it is overwritten by the new accept fd. Added the listen_fd to the
context to properly close it when libsrt_close() is called.
Fixes trac ticket #8372.
Signed-off-by: Nicolas Sugino <nsugino@3way.com.ar>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 86f5fd471d35423e3bd5c9d2bd0076b14124faee)
Also add and update some tests.
Change the semantic a little, because for filesytem paths
symlinks complicate things.
See the comments in the code for detail.
Fix trac tickets #8813 and 8814.
(cherry picked from commit 1201687da268c11459891a80ca1972aeaca8db88)
Section 5.9.7 of the spec states
UpscaledWidth = RefUpscaledWidth[ ref_frame_idx[ i ] ]
FrameWidth = UpscaledWidth
FrameHeight = RefFrameHeight[ ref_frame_idx[ i ] ]
RenderWidth = RefRenderWidth[ ref_frame_idx[ i ] ]
RenderHeight = RefRenderHeight[ ref_frame_idx[ i ] ]
Meaning FrameWidth must not be set to RefFrameWidth[ ref_frame_idx[ i ] ]
like we're currently doing.
Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
frame is more commonly used for AV1RawFrameHeader and AV1RawFrame.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 97819f15a8b776e3450cc10217f646da40013bf1)
Implement Section 7.21 "Reference frame loading process" and Section 7.20
"Reference frame update process" for show_existing_frame frames, as required by
the definition in Section 7.4 "Decode frame wrapup process".
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e76b4b2a6b488ecc3f55cb48dea971c17588d075)
This follows the spec and will come in handy in the next commit.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit afbe9ebac7b47fec84703459bfe64fc90c2ad937)
This follows the spec and will come in handy in a following commit.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit e3ed0ce32aaee0487533b10c18f81ab05fd31fa8)
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 6c20207dceefa0452c65c719f0326cbc0177e827)
The frame must be in both the spatial and temporal layers for the
operating point, not just one of them.
(cherry picked from commit b567cb8d0b664775201d843ab985f49fefeb25d5)
Regression since fc6a5883d6af8cae0e96af84dda0ad74b360a084 on SSSE3 enabled
CPUs.
Fixes ticket #8747
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a)
This effectively enables the tests that until now were just running
the C version alone.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 55e1bc39cb3e485e5b0b6b13a41a2fd6f18ed3af)
Some new warnings regarding use of empty macro parameters has
been added, so adjust some x86inc code to silence those.
Fixes part of ticket #8771
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0b2b03568f22fdb361d9a44c262bfb9269335f80)
Fixes: out of array read
Fixes: 24034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5111884337119232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79e8d17024e6c6328a40fcee191ffd70798a9c6e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 86987846-429c8d80-c197-11ea-916b-bb4738e09687.jpg
Fixes: Regression since ec3d8a0e6945fe015d16cd98a1e7dbb4be815c15
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dde60772970ed663b85d475e741013a0222decda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Out of array read
Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a10bc8f6f5d600c44ecb9b43cd9abf13bf3bfae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit 5d91b7718efc581da8882a4e9bf2f5953e41adbf)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
No audio stream is created unconditionally and if none has been created,
no packet with stream_index 1 may be returned. This fixes an assert in
ff_read_packet() in libavformat/utils reported in ticket #8782.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit ec59dc73f0cc8930bf5dae389cd76d049d537ca7)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 806a4d5187aeb82b97898683242886ed1e84f894)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 8683744 * 256 cannot be represented in type 'int'
Fixes: 23527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5679885932822528
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f7b252cdf2d0e0f79d16dc7cd575d1884239863)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 155 + 2147483647 cannot be represented in type 'int'
Fixes: 23421/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5652849097965568
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ddc5e1f3cebca25ade54ee68159d305f210bf5f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
