The earlier requirement was for the new buffer to be bigger than the old
one. This has been relaxed to only demand that the new buffer can hold
all the data written so far. This is in preparation for further commits.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 18715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5659333417500672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Encoders must return reference counted packets.
This was checked only for encoders using the AVCodec->encode2() API, while
blindly accepting whatever encoders using the AVCodec->receive_packet() API
were returning.
Signed-off-by: James Almer <jamrial@gmail.com>
The current approach has two different calls to av_bsf_send_packet():
A normal one, sending a packet; and an extraordinary one just for
flushing. These can be unified into one by making use of the newly
documented fact that av_bsf_send_packet() allows to signal flushing via
empty packets (i.e. packets without data and side-data).
This also fixes CID 1455685 which resulted from the fact that the call
for flushing was not checked given that it couldn't fail.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Explicitly allowing empty packets to signal flushing helps getting rid
of special cases. It does not hinder the ability to send i.e.
timing-only packets, because one can send packets with zero size and
pkt->data set.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This BSF takes Temporal Units split across different AVPackets and merges them
by looking for Temporal Delimiter OBUs.
Signed-off-by: James Almer <jamrial@gmail.com>
This will be needed by the next commit, where packets with a single Temporal
Delimiter OBU with no size will need to be parsed
Signed-off-by: James Almer <jamrial@gmail.com>
remove_side_data is supposed to remove a single instance by design.
Since new_side_data() doesn't forbid add multiple instances of the
same type, remove_side_data should deal with that.
Signed-off-by: Marton Balint <cus@passwd.hu>
mp3 header bitstream syntax:
header()
{
syncword 12bits bslsf
id 1bit bslsf
layer 2bit bslsf
protection_bit 1bit bslsf
bitrate_index 4bits bslsf
sampling_frequency 2bits bslsf
padding_bit 1bit bslsf
private_bit 1bit bslsf
mode 2bits bslsf
mode_extension 2bits bslsf
copyright 1bit bslsf
original/home 1bit bslsf
emphasis 2bits bslsf
}
if the header is masking with MP3_MASK(0xFFFE0CCF), below fields will be cleared:
protection_bit, bitrate_index, sampling_freqency, mode
with SAME_HEADER_MASK(0xFFFE0C00), extra below fields will be cleared which didn't make
sense:
mode_extension, copyright, original/home, emphasis
As the MP3_MASK is good for same mp3 header masking and is defined in the
header, so it's preferable to remove SAME_HEADER_MASK to keep the masking same.
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
004ebd4b added a function with a parameter that was declared as restrict
and not av_restrict. This is not supported by MSVC as several FATE-boxes
that now fail to build show. So use av_restrict.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Tested-by: Matthias Troffaes <matthias.troffaes@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: memleak
Fixes: 17615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5681306024804352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2147450880 - 65535 cannot be represented in type 'int'
Fixes: 18393/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5667520110919680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -30
Fixes: 18392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_OKI_fuzzer-5631771831435264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2046820356 * 8 cannot be represented in type 'int'
Fixes: 18391/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5631674666188800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1494495519 + 1494495519 cannot be represented in type 'int'
Fixes: 18347/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5711714661695488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type 'int'
Fixes: 18348/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_METASOUND_fuzzer-6681325716635648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 25 out of bounds for type 'float [23]'
Fixes: 18355/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5641398941908992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by zero
Fixes: 18362/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5653727679086592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 32 out of bounds for type 'int [32]'
Fixes: 18350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3P_fuzzer-5643794862571520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 538976288 by 8 places cannot be represented in type 'int'
Fixes: 18376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-5741645391200256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 18368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XSUB_fuzzer-5702665442426880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2117181180 + 60483298 cannot be represented in type 'int'
Fixes: 18344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5685327791915008
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
