1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-12 19:18:44 +02:00
Commit Graph

94518 Commits

Author SHA1 Message Date
Michael Niedermayer
da8936969f avcodec/hevc_refs: Optimize 16bit generate_missing_ref()
Fixes: Timeout (86sec -> 8sec) [these numbers assume also "[FFmpeg-devel] [PATCH 2/5] [RFC] avcodec/hevcdec: Check for overread in hls_decode_entry()"]
Fixes: 15702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657764929470464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
950a21e83c avcodec/scpr: Use av_memcpy_backptr() in type 17 and 33
This makes the changed code-path faster.

Change not tested except with the fuzzer testcase as I found no other testcase.

Improves: Timeout (136sec -> 74sec)
Improves: 16040/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5705876062601216

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2019-08-11 19:13:21 +02:00
Michael Niedermayer
1fedba3c35 avcodec/tiff: Enforce increasing offsets
This may break some valid tiff files, it appears the specification does not require
the offsets to be increasing. They increase in the 2 test files i have though except
the last offset which is 0 (an end marker) and for which a special case is added to
avoid asking for a sample for that end marker.

See: [FFmpeg-devel] [PATCH 2/2] avcodec/tiff: Detect infinite retry loop
for an alternative implementation

Fixes: Timeout (Infinite -> Finite)
Fixes: 15706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5114674904825856

This variant was requested by paul on IRC
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
9cd1e939cf avcodec/dds: Use ff_set_dimensions()
Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in type 'int'
Fixes: 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
1d72b5d2d5 avformat/vividas: Fix another infinite loop
Not found by the fuzzer

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
52b564ef13 avformat/vividas: Fix infinite loop in header parser
Fixes: Timeout (Infinite -> Finite)
Fixes: 16010/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638616102993920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
e8bb949ade avcodec/mpc8: Fix 32bit mask/enum
Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5636626409062400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
fad3ec89b7 avcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()
This also makes the code consistent with the existing similar MUL64()
in decode_var_block_data()

Fixes: signed integer overflow: -7277630735906765035 + -3272193951413647896 cannot be represented in type 'long'
Fixes: 16015/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5666552818434048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
ce65232406 avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()
Fixes: signed integer overflow: 2147483424 - -1772303236 cannot be represented in type 'int'
Fixes: 15708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5067890362941440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
02346292a3 avcodec/alsdec: fix mantisse shift
Fixes: shift exponent -1 is negative
Fixes: 16039/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5656825657032704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
70432eac0b avcodec/pngdec: consider chunk size in minimal size check
assuming each block contains an empty chunk there has to be at least 8 bytes extra.

Fixes: 15327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5676669303521280
Fixes: Timeout (11->5sec)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
c9415e815a avcodec/vc1_block: Fix invalid shifts in vc1_decode_i_blocks()
Fixes: left shift of negative value -9
Fixes: 15299/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5660922678345728
Fixes: 15557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5673351911047168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
b153ba1c2e avcodec/vc1_block: fix invalid shift in vc1_decode_p_mb()
Fixes: left shift of negative value -5
Fixes: 15294/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5733921754447872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Michael Niedermayer
da93e2b142 avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()
Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int'
Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-11 19:13:21 +02:00
Limin Wang
1ee863a7b0 lavc/videotoolboxenc: make transfer_fnc initialized for unsupport function
The current function will report one error message, but the caller func
haven't check it, so change the default to process as AVCOL_TRC_UNSPECIFIED.

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Rick Kern <kernrj@gmail.com>
2019-08-11 10:52:15 -04:00
Limin Wang
391b67fcb5 lavc/videotoolboxenc: add hdr10, linear, hlg color transfer function for videotoolboxenc
Below is the testing ffmpeg command for the setting:
./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc smpte2084 smpte2048.ts
./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc linear linear.ts
./ffmpeg -i input.ts -c:v hevc_videotoolbox -color_primaries bt2020 -colorspace bt2020_ncl -color_trc arib-std-b67 hlg.ts

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Rick Kern <kernrj@gmail.com>
2019-08-11 10:52:15 -04:00
Thilo Borgmann
33186028fc MAINTAINERS: Add my GnuPG fingerprint. 2019-08-11 12:08:15 +02:00
Carl Eugen Hoyos
2828f5b0d8 lavc/r210enc: Fix undefined behaviour encoding r10k.
Fixes the following ubsan error:
libavcodec/r210enc.c:69:28: runtime error: left shift of 522 by 22 places cannot be represented in type 'int'

Fixes ticket #7982.
2019-08-11 02:06:44 +02:00
Carl Eugen Hoyos
ac457a3bc5 lavc/vc2enc_dwt: Avoid left-shifting a negative value.
Fixes ticket #7985.
2019-08-11 00:06:12 +02:00
Carl Eugen Hoyos
e82a619c2a lavc/frame_thread_encoder: Do not memcpy() from NULL.
Fixes ticket #7981.
2019-08-11 00:03:35 +02:00
Carl Eugen Hoyos
690cab3232 lavc/libx264: Cast cpb bit_rates to int64_t to avoid an integer overflow.
Fixes remaining part of ticket #8071 on next version bump.
2019-08-10 23:52:59 +02:00
Carl Eugen Hoyos
098ed8a73e lavf/dump: Fix cpb bitrate type after next major bump. 2019-08-10 23:46:53 +02:00
Carl Eugen Hoyos
6711419569 lavf/dump: Fix vbv_delay type specifier.
Spotted-by: James Almer
2019-08-10 23:33:10 +02:00
Carl Eugen Hoyos
4b1687f23c lavc/libx264: Cast bit_rate to int64_t to avoid an integer overflow.
Fixes ticket #8071.
2019-08-10 23:29:58 +02:00
Carl Eugen Hoyos
57987deefc lavc/libx264: bit_rates > INT_MAX are not supported. 2019-08-10 23:27:58 +02:00
Olivier Maignial
c29d81e736 avformat/rtpdec_mpeg4: Fix integer parameters size check in SDP fmtp line
=== PROBLEM ===

I was trying to record h264 + aac streams from an RTSP server to mp4 file. using this command line:
    ffmpeg -v verbose -y -i "rtsp://<ip>/my_resources" -codec copy -bsf:a aac_adtstoasc test.mp4

FFmpeg then fail to record audio and output this logs:
    [rtsp @ 0xcda1f0] The profile-level-id field size is invalid (40)
    [rtsp @ 0xcda1f0] Error parsing AU headers
    ...
    [rtsp @ 0xcda1f0] Could not find codec parameters for stream 1 (Audio: aac, 48000 Hz, 1 channels): unspecified sample format

In SDP provided by my RTSP server I had this fmtp line:
    a=fmtp:98 streamType=5; profile-level-id=40; mode=AAC-hbr; config=1188; sizeLength=13; indexLength=3; indexDeltaLength=3;

In FFmpeg code, I found a check introduced by commit 24130234cd. It disallows values greater than 32 for fmtp line parameters.
RFC-4566 (SDP: Session Description Protocol) do not give any limit of size on interger parameters given in an fmtp line.

However, In RFC-6416 (RTP Payload Format for MPEG-4 Audio/Visual Streams) give examples of "profile-level-id" values for AAC, up to 55.

=== FIX ===

As each parameter may have its own min and max values
I propose to introduce a range for each parameter.
For this patch I used RFC-3640 and ISO/IEC 14496-1 as reference for validity ranges.

This patch fix my problem and I now can record my RTSP AAC stream to mp4.
It has passed the full fate tests suite sucessfully.

Signed-off-by: Olivier Maignial <olivier.maignial@smile.fr>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-10 00:01:02 +02:00
Andriy Gelman
90e965be6d tools/zmqsend: Avoid mem copy past the end of input buffer
This patch avoids a read past the end of the input buffer in memcpy since the size
of the received zmq message is recv_buf_size - 1.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-09 23:18:58 +02:00
Michael Niedermayer
86d13e95e7 doc/fate: Document how to request samples upload access
The awnser which most people will seek is put first

Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-09 01:33:49 +02:00
Jun Zhao
e317c255f6 doc/ffmpeg: Document dts_error_threshold option
Document dts_error_threshold option.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-08-08 18:00:37 +08:00
Jun Zhao
e512d893bf examples/encode_video: only add sequence end code for mpeg1/2 video
Only add sequence end code for mpeg1/mpeg2 video, or else use the encoder
libx264 or libx265 in this sample, decoding the output file will get
unknow NALU type error.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-08-08 17:58:50 +08:00
Jun Zhao
e282b7ed7b lavf/showinfo: use error level when get invalid sidedata
Use error level when get invalid sidedata, and remove a unnecessary
newline in error message.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-08-08 17:57:25 +08:00
Jun Zhao
6f6769f3ec lavf/showinfo: support mastering display sidedata
support mastering display sidedata.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-08-08 17:57:12 +08:00
Jun Zhao
5e829262a6 lavf/hls: add http_seekable option for HTTP partial requests
Add http_seekable option for HTTP partial requests, when The
EXT-X-BYTERANGE tag indicates that a Media Segment is a sub-range
of the resource identified by its URI, we can use HTTP partial
requests to get the Media Segment.

Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2019-08-08 17:53:32 +08:00
Linjie Fu
af3ddd581f lavf/vf_vpp_qsv: add support for QSV transpose filter
Add transpose support for qsv_vpp with rotate and hflip:
    - rotate: [0, 3] support clockwise rotation of 0, 90, 180, 270;
    - hflip:  [0, 1] support horizontal flip;

Configure with:
{"cclock_hflip","clock","cclock","clock_hflip","reversal","hflip","vflip"}

CMD:
ffmpeg -hwaccel qsv -c:v h264_qsv -i input.h264
    -vf 'format=qsv,vpp_qsv=transpose=clock' -c:v h264_qsv output.h264

ffmpeg -init_hw_device qsv=hw -filter_hw_device hw -c:v h264_qsv -i input.h264
    -vf 'hwupload=extra_hw_frames=64,format=qsv,vpp_qsv=transpose=cclock_hflip'
                            -f rawvideo -pix_fmt nv12 ./transpose.yuv

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
Signed-off-by: Zhong Li <zhong.li@intel.com>
2019-08-07 20:58:49 +08:00
Ruiling Song
98e419cbf5 avfilter/vf_convolution: add x86 SIMD for filter_3x3()
Tested using a simple command (apply edge enhance):
./ffmpeg_g -i ~/Downloads/bbb_sunflower_1080p_30fps_normal.mp4 \
 -vf convolution="0 0 0 -1 1 0 0 0 0:0 0 0 -1 1 0 0 0 0:0 0 0 -1 1 0 0 0 0:0 0 0 -1 1 0 0 0 0:5:1:1:1:0:128:128:128" \
 -an -vframes 1000 -f null /dev/null

The fps increase from 151 to 270 on my local machine.

Signed-off-by: Ruiling Song <ruiling.song@intel.com>
2019-08-07 14:31:28 +08:00
Michael Niedermayer
6c67c8ca9a Revert "avformat/rtpdec_rfc4175: Fix incorrect copy_offset calculation"
Reverted at the request of the Author due to potential regression with SMPTE 2110-20

This reverts commit 9051092e73.
2019-08-06 10:37:41 +02:00
Ricardo Constantino
5ac28e9cc1 configure: cuda_llvm: fix include path for MSYS2
MSYS2 converts paths to MinGW-based applications from unix to
pseudo-windows paths on execution time.
Since there was no space between '-include' and the path, MSYS2 doesn't
detect the path properly.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2019-08-05 22:54:39 +02:00
Michael Niedermayer
be4fb282f9 avcodec/alsdec: Check for block_length <= 0 in read_var_block_data()
Fixes: left shift of negative value -1
Fixes: 15719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5685731105701888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 18:44:34 +02:00
Michael Niedermayer
02f909dc24 avcodec/vqavideo: Set video size
Fixes: out of array access
Fixes: 15919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-5657368257363968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 18:43:45 +02:00
Michael Niedermayer
172a43ce36 avcodec/sanm: Check extradata_size before allocations
Fixes: Leaks
Fixes: 15349/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5102530557640704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 18:42:51 +02:00
Jacob Siddall
9051092e73 avformat/rtpdec_rfc4175: Fix incorrect copy_offset calculation
The previous calculation code did not account for the fact that the
copy_offset for the start of the frame array is at index 0, yet the
scan line number from the rfc4175 RTP header starts at 1.
This caused 2 issues to appear:
- The first scan line was being copied into the array where the second
  scan line should be. This caused the resulting video to have a green
  line at the top of it.
- Since the packet containing the last scan line would fail the
  calculation, the packet with the RTP marker would not be processed
  which caused a log message saying "Missed previous RTP marker" to be
  outputted for each frame.

Signed-off-by: Jacob Siddall <kobe@live.com.au>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 18:08:08 +02:00
Andreas Rheinhardt
f12e662a3d libavcodec/iff: Use unsigned to avoid undefined behaviour
The initialization of the uint32_t plane32_lut matrix uses left shifts
of the form 1 << plane; plane can be as big as 31 which means that this
is undefined behaviour as 1 will be simply an int. So make it unsigned
to avoid this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
43015afd7c avcodec/mss1: check for overread and forward errors
Fixes: Timeout (106sec -> 14ms)
Fixes: 15576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS1_fuzzer-5688080461201408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
8305a4509a avcodec/loco: Check for end of input in pixel decode
Fixes: Timeout (100sec -> 5sec)
Fixes: 15509/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5724297261219840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
549fcba8fc avcodec/dirac_parser: Fix overflow in dts
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
3c06ba1716 avcodec/ralf: Fix undefined pointer in decode_channel()
Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
ccca484324 avcodec/ralf: Fix integer overflow in apply_lpc()
Fixes: signed integer overflow: 1603085316 + 1238786562 cannot be represented in type 'int'
Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
5a5f12e3b3 avcodec/vorbisdec: Implement vr->classifications = 1
It appears no valid file uses this, so this is not testable with
a valid file.

Fixes: assertion failure
Fixes: 16187/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5638880618872832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
aecc9b96d6 avcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide
Fixes: division by zero
Fixes: 16183/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5688966782648320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00
Michael Niedermayer
652ea23cb3 avformat/realtextdec: Check for duplicate extradata in realtext_read_header()
Fixes: memleak
Fixes: 16140/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5684008052064256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-08-05 17:54:24 +02:00