Fixes: 15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7c30ff38880570377168096417f714b21102b343)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The bit_rate field has type int64_t since commit
7404f3bdb90e6a5dcb59bc0a091e2c5c038e557d.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.
In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.
There are multiple important problems with this approach:
- the fields in AVCodecContext are in general one of
* stream parameters
* codec options
* codec state
However, it's not clear which ones are which. It is consequently
unclear which fields are a demuxer allowed to set or a muxer allowed to
read. This leads to erratic behaviour depending on whether decoding or
encoding is being performed or not (and whether it uses the AVStream
embedded codec context).
- various synchronization issues arising from the fact that the same
context is used by several different APIs (muxers/demuxers,
parsers, bitstream filters and encoders/decoders) simultaneously, with
there being no clear rules for who can modify what and the different
processes being typically delayed with respect to each other.
- avformat_find_stream_info() making it necessary to support opening
and closing a single codec context multiple times, thus
complicating the semantics of freeing various allocated objects in the
codec context.
Those problems are resolved by replacing the AVStream embedded codec
context with a newly added AVCodecParameters instance, which stores only
the stream parameters exported by the demuxers or read by the muxers.
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f180a523a71_5052_esvorbei_extd.vqf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fixes probetest failure
The threshold is choosen so that a all printale ascii string will never be
detected as vqf
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '68ff9981283a56c731f00c2ee7901103665092fc':
vqf: Make sure the bitrate is in the valid range
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9277050e2918e0a0df9689721a188a604d886616':
vqf: Make sure sample_rate is set to a valid value
See: e481ba2ed79421d82ed631d187c05c03260c6561
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Even if the sample rate is valid, an invalid bitrate could
pass the mode combination test below.
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
This avoids divisions by zero later (and possibly assertions in
time base scaling), since an invalid rate_flag combined with an
invalid bitrate below could pass the mode combination test.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
tiertexseq: set correct block_align for audio
tiertexseq: set audio stream start time to 0
voc/avs: Do not change the sample rate mid-stream.
segafilm: use the sample rate as the time base for audio streams
ea: fix audio pts
psx-str: fix audio pts
vqf: set packet duration
tta demuxer: set packet duration
mpegaudio_parser: do not ignore information from the first parsed frame
mpegaudio_parser: be less picky about the start position
thp: set audio packet durations
avcodec: add a Vorbis parser to get packet duration
vorbisdec: read the previous window flag for long windows
lavc: free the output packet when encoding failed or produced no output.
lavc: preserve avpkt->destruct in ff_alloc_packet().
lavc: clarify the meaning of AVCodecContext.frame_number.
mpegts: Pad the packet buffer in handle_packet().
mpegts: Do not call read_sl_header() when no bytes remain in the buffer.
Conflicts:
libavcodec/mpegaudio_parser.c
libavcodec/version.h
libavformat/mpegts.c
tests/ref/fate/pva-demux
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Fixes timestamp calculation.
The FATE reference is updated because timestamp calculations are now more
accurate. Previous timestamps were based on average bit rate.
* qatar/master: (58 commits)
amrnbdec: check frame size before decoding.
cscd: use negative error values to indicate decode_init() failures.
h264: prevent overreads in intra PCM decoding.
FATE: do not decode audio in the nuv test.
dxa: set audio stream time base using the sample rate
psx-str: do not allow seeking by bytes
asfdec: Do not set AVCodecContext.frame_size
vqf: set packet parameters after av_new_packet()
mpegaudiodec: use DSPUtil.butterflies_float().
FATE: add mp3 test for sample that exhibited false overreads
fate: add cdxl test for bit line plane arrangement
vmnc: return error on decode_init() failure.
libvorbis: add/update error messages
libvorbis: use AVFifoBuffer for output packet buffer
libvorbis: remove unneeded e_o_s check
libvorbis: check return values for functions that can return errors
libvorbis: use float input instead of s16
libvorbis: do not flush libvorbis analysis if dsp state was not initialized
libvorbis: use VBR by default, with default quality of 3
libvorbis: fix use of minrate/maxrate AVOptions
...
Conflicts:
Changelog
doc/APIchanges
libavcodec/avcodec.h
libavcodec/dpxenc.c
libavcodec/libvorbis.c
libavcodec/vmnc.c
libavformat/asfdec.c
libavformat/id3v2enc.c
libavformat/internal.h
libavformat/mp3enc.c
libavformat/utils.c
libavformat/version.h
libswscale/utils.c
tests/fate/video.mak
tests/ref/fate/nuv
tests/ref/fate/prores-alpha
tests/ref/lavf/ffm
tests/ref/vsynth1/prores
tests/ref/vsynth2/prores
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (29 commits)
cabac: Move code only used within the CABAC test program into the test program.
vp56: Drop unnecessary cabac.h #include.
h264-test: Initialize AVCodecContext.av_class.
build: Skip compiling network.h and rtsp.h if networking is not enabled.
cosmetics: drop some pointless parentheses
Disable annoying warning without changing behavior
faq: Solutions for common problems with sample paths when running FATE.
avcodec: attempt to clarify the CODEC_CAP_DELAY documentation
avcodec: fix avcodec_encode_audio() documentation.
FATE: xmv-demux test; exercise the XMV demuxer without decoding the perceptual codecs inside.
vqf: recognize more metadata chunks
FATE test: BMV demuxer and associated video and audio decoders.
FATE: indeo4 video decoder test.
FATE: update xxan-wc4 test to a sample with more code coverage.
Change the recent h264_mp4toannexb bitstream filter test to output to an elementary stream rather than a program stream.
g722enc: validate AVCodecContext.trellis
g722enc: set frame_size, and also handle an odd number of input samples
g722enc: split encoding into separate functions for trellis vs. no trellis
mpegaudiodec: Use clearer pointer math
tta: Fix returned error code at EOF
...
Conflicts:
libavcodec/h264.c
libavcodec/indeo3.c
libavcodec/interplayvideo.c
libavcodec/ivi_common.c
libavcodec/libxvidff.c
libavcodec/mpegvideo.c
libavcodec/ppc/mpegvideo_altivec.c
libavcodec/tta.c
libavcodec/utils.c
libavfilter/vsrc_buffer.c
libavformat/Makefile
tests/fate/indeo.mak
tests/ref/acodec/g722
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
flicvideo: fix invalid reads
vorbis: Avoid some out-of-bounds reads
vqf: add more known extensions
cabac: remove unused function renorm_cabac_decoder
h264: Only use symbols from the SVQ3 decoder under proper conditionals.
add bytestream2_tell() and bytestream2_seek() functions
parsers: initialize MpegEncContext.slice_context_count to 1
spdifenc: use special alignment for DTS-HD length_code
Conflicts:
libavcodec/flicvideo.c
libavcodec/h264.c
libavcodec/mpeg4video_parser.c
libavcodec/vorbis.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
rtpdec: Templatize the code for different g726 bitrate variants
rv40: move loop filter to rv34dsp context
lavf: make av_set_pts_info private.
rtpdec: Add support for G726 audio
rtpdec: Add an init function that can do custom codec context initialization
avconv: make copy_tb on by default.
matroskadec: don't set codec timebase.
rmdec: don't set codec timebase.
avconv: compute next_pts from input packet duration when possible.
lavf: estimate frame duration from r_frame_rate.
avconv: update InputStream.pts in the streamcopy case.
Conflicts:
avconv.c
libavdevice/alsa-audio-dec.c
libavdevice/bktr.c
libavdevice/fbdev.c
libavdevice/libdc1394.c
libavdevice/oss_audio.c
libavdevice/v4l.c
libavdevice/v4l2.c
libavdevice/vfwcap.c
libavdevice/x11grab.c
libavformat/au.c
libavformat/eacdata.c
libavformat/flvdec.c
libavformat/mpegts.c
libavformat/mxfenc.c
libavformat/rtpdec_g726.c
libavformat/wtv.c
libavformat/xmv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
vble: remove vble_error_close
VBLE Decoder
tta: use an integer instead of a pointer to iterate output samples
shorten: do not modify samples pointer when interleaving
mpc7: only support stereo input.
dpcm: do not try to decode empty packets
dpcm: remove unneeded buf_size==0 check.
twinvq: add SSE/AVX optimized sum/difference stereo interleaving
vqf/twinvq: pass vqf COMM chunk info in extradata
vqf: do not set bits_per_coded_sample for TwinVQ.
twinvq: check for allocation failure in init_mdct_win()
swscale: add padding to conversion buffer.
rtpdec: Simplify finalize_packet
http: Handle proxy authentication
http: Print an error message for Authorization Required, too
AVOptions: don't return an invalid option when option list is empty
AIFF: add 'twos' FourCC for the mux/demuxer (big endian PCM audio)
Conflicts:
libavcodec/avcodec.h
libavcodec/tta.c
libavcodec/vble.c
libavcodec/version.h
libavutil/opt.c
libswscale/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This is needed because the twinvq decoder cannot rely on bit_rate to be set.
The API documentation says that bit_rate is set by libavcodec, not by the
user.
* qatar/master:
presets: rename presets directory
lavc: make avcodec_get_context_defaults3 "officially" public
lavf: replace av_new_stream->avformat_new_stream part II.
lavf,lavd: replace av_new_stream->avformat_new_stream part I.
lavf: add avformat_new_stream as a replacement for av_new_stream.
Use correct scaling table for bwd-pred MVs in second B-field
Ut Video decoder
Makefile: change presets extension to .avpreset
lavfi: add rgbtestsrc source, ported from MPlayer libmpcodecs
lavfi: add testsrc source
AVOptions: add documentation.
presets: update libx264 ffpresets
Conflicts:
Changelog
doc/APIchanges
doc/ffmpeg.texi
ffpresets/libx264-ipod320.ffpreset
ffpresets/libx264-ipod640.ffpreset
ffserver.c
libavcodec/avcodec.h
libavcodec/options.c
libavcodec/version.h
libavdevice/libdc1394.c
libavfilter/avfilter.h
libavfilter/vsrc_testsrc.c
libavformat/flvdec.c
libavformat/riff.c
libavformat/version.h
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
ffmpeg: fix some indentation
ffmpeg: fix operation with --disable-avfilter
simple_idct: remove disabled code
motion_est: remove disabled code
vc1: remove disabled code
fate: separate lavf-mxf_d10 test from lavf-mxf
cabac: Move code only used in the cabac test program to cabac.c.
ffplay: warn that -pix_fmt is no longer working, suggest alternative
ffplay: warn that -s is no longer working, suggest alternative
lavf: rename enc variable in utils.c:has_codec_parameters()
lavf: use designated initialisers for all (de)muxers.
wav: remove a use of deprecated AV_METADATA_ macro
rmdec: remove useless ap parameter from rm_read_header_old()
dct-test: remove write-only variable
des: fix #if conditional around P_shuffle
Use LOCAL_ALIGNED in ff_check_alignment()
Conflicts:
ffmpeg.c
libavformat/avidec.c
libavformat/matroskaenc.c
libavformat/mp3enc.c
libavformat/oggenc.c
libavformat/utils.c
tests/ref/lavf/mxf
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master: (40 commits)
H.264: template left MB handling
H.264: faster fill_decode_caches
H.264: faster write_back_*
H.264: faster fill_filter_caches
H.264: make filter_mb_fast support the case of unavailable top mb
Do not include log.h in avutil.h
Do not include pixfmt.h in avutil.h
Do not include rational.h in avutil.h
Do not include mathematics.h in avutil.h
Do not include intfloat_readwrite.h in avutil.h
Remove return statements following infinite loops without break
RTSP: Doxygen comment cleanup
doxygen: Escape '\' in Doxygen documentation.
md5: cosmetics
md5: use AV_WL32 to write result
md5: add fate test
md5: include correct headers
md5: fix test program
doxygen: Drop array size declarations from Doxygen parameter names.
doxygen: Fix parameter names to match the function prototypes.
...
Conflicts:
libavcodec/x86/dsputil_mmx.c
libavformat/flvenc.c
libavformat/oggenc.c
libavformat/wtv.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>