- Dec 30, 2019
-
-
Auri authoredOriginally written by the Plex team, this change was adapted to fit release/4.2 by Auri <me@aurieh.me>.
-
- Dec 13, 2019
-
-
Andreas Rheinhardt authored
ProRes in Matroska is supposed to not contain the first atom header (containing a size field and the tag "icpf") and therefore the Matroska demuxer has to recreate it; this involves an allocation and copy, of course. Whether the old buffer (containing the data without the atom header) needs to be freed or not depends upon whether it is what was directly read (in which case it is owned by an AVBuffer) or whether it has been allocated when reversing the track's content compression (e.g. zlib compression) that Matroska supports. So there are three pointers involved: The one pointing to the directly read data (owned by the AVBuffer), the one pointing to the currently valid data (which coincides with the former if no content compression needed to be reverted) and the one pointing to the new data with the first atom header. The check for whether to free the second of these is simply whether the first two are different. This works mostly, but there is a complication: Some muxers don't strip the first atom header away and in this case, it is also not reinserted and no new buffer is allocated; instead, the second and the third pointers agree. In this case, one must never free the second buffer. Yet it is currently done if the track is e.g. zlib compressed. This commit fixes this. This is a regression since b8e75a2a. Signed-off-by:
Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by:
James Almer <jamrial@gmail.com> (cherry picked from commit af50f0a5)
-
Andreas Rheinhardt authored
The structure of a ProRes frame in mov/mp4 is that of a typical atom: First a 32 bit BE size field, then a tag detailling the content. Said size field includes the eight bytes of the atom header. This header is actually redundant, as the size of the atom is already known from the containing atom. It is therefore stripped away when muxed into Matroska and so the Matroska demuxer has to recreate upon demuxing. But it did not account for the fact that the size field includes the size of the header and this can lead to problems when a decoder uses the in-band size field. Fixes ticket #8210. Signed-off-by:
-
- Dec 12, 2019
-
-
James Almer authored
Taking into account the code fb(2, ar_coeff_lag); num_pos_luma = 2 * current->ar_coeff_lag * (current->ar_coeff_lag + 1); if (current->num_y_points) num_pos_chroma = num_pos_luma + 1; else num_pos_chroma = num_pos_luma; Max value for ar_coeff_lag is 3 (two bits), for num_pos_luma 24, and for num_pos_chroma 25. Both ar_coeffs_cb_plus_128 and ar_coeffs_cr_plus_128 may have up to num_pos_chroma values. Reviewed-by:Ronald S. Bultje <rsbultje@gmail.com> Signed-off-by:
-
Fei Wang authored
Signed-off-by:
Fei Wang <fei.w.wang@intel.com> Signed-off-by:
-
Andriy Gelman authored
In the worst case the startcode prefix has 4 bytes. This fixes a trigerred assertion: Assertion dp <= max_size failed at libavcodec/cbs_h2645.c:1451 Found-by:libFuzzer Reviewed-by:
Andriy Gelman <andriy.gelman@gmail.com> (cherry picked from commit 02a83e26)
-
- Dec 07, 2019
-
-
Andreas Rheinhardt authored
This happens if allocating extradata fails and s->remove is unset. Reviewed-by:
Paul B Mahol <onemda@gmail.com> Signed-off-by:
-
Andreas Rheinhardt authored
Signed-off-by:
-
- Dec 03, 2019
-
-
Ross Nicholson authored
Signed-off-by:
Aman Gupta <aman@tmm1.net> (cherry picked from commit 460f7449)
-
- Nov 20, 2019
-
-
Mark Thompson authored
With video_signal_type_present_flag set but colour_description_present_flag unset the colour fields would not have had their correct values inferred. (cherry picked from commit f9b85036)
-
James Almer authored
In scearios where a Temporal Unit is written right after reading it using the same CBS context (av1_metadata, av1_frame_merge, etc), the reference frame state used by the writer must not be the state that's the result of the reader having already parsed the current frame in question. This fixes writing Switch frames, and frames using short ref signaling. Signed-off-by:
-
James Almer authored
Reviewed-by:
-
- Nov 19, 2019
-
-
James Almer authored
This ensures they will be reference counted, as required by the AVCodec.receive_packet() API. Should fix ticket #8386. Signed-off-by:
-
- Nov 17, 2019
-
-
Timo Rothenpieler authored
Fixes ticket 8383 Signed-off-by:Timo Rothenpieler <timo@rothenpieler.org>
-
- Sep 28, 2019
-
-
Jun Zhao authored
add chan_config check to avoid indeterminate channels. Signed-off-by:
Jun Zhao <barryjzhao@tencent.com> Signed-off-by:
-
- Sep 26, 2019
-
-
James Almer authored
Fixes ticket #8183. Tested-by:
Thierry Foucu <tfoucu@gmail.com> Signed-off-by:
-
- Sep 24, 2019
-
-
Timo Rothenpieler authored
Signed-off-by:
-
- Sep 23, 2019
-
-
James Almer authored
This can happen when av_bsf_free() is called on av_bsf_alloc() failure. Reviewed-by:
-
- Sep 06, 2019
-
-
Michael Niedermayer authored
Signed-off-by:Michael Niedermayer <michael@niedermayer.cc>
-
Michael Niedermayer authored
Fixes: index 2304 out of bounds for type 'float [2304]' Fixes: 16332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5679142481166336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Ask for a sample for these Fixes: out of array access Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: out of array access Fixes: 16601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5656105392275456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
This reverts a hunk from f1ca40ee Fixes: out of array read Fixes: 16924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5157893162139648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: undefined memcpy() use Fixes: 16302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5678750575886336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int' Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by:
-
Carl Eugen Hoyos authored
This does not affect the rawvideo muxer. Fixes ticket #7979. (cherry picked from commit aef24efb)
-
- Sep 04, 2019
-
-
James Almer authored
Speeds up the process considerably. Fixes ticket #8109. Suggested-by: nevcairiel Suggested-by: cehoyos Signed-off-by:
-
James Almer authored
Signed-off-by:
-
Michael Niedermayer authored
Fixes: left shift of negative value -3 Fixes: 16147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5658392722407424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: left shift of negative value -2 Fixes: 16145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5146671058518016 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: Infinite loop Fixes: 16608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5636229827133440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by:
-
Michael Niedermayer authored
Fixes: Timeout (82sec -> 1sec) Fixes: 16411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-5166958151991296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by:
Peter Ross <pross@xvid.org> Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: 1795032576 + 598344192 cannot be represented in type 'int' Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5636723419119616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: left shift of negative value -1 Fixes: 16424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5656579055026176 Fixes: 16358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5714436358144000 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
non res_sprite leads to decoder delay which leads to assertion failure Fixes: Assertion failure Fixes: 16402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5704510034411520 Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int' Fixes: 16425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5692858838810624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: out of array read Fixes: 16510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5754510382727168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int' Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: Timeout (->9sec) Fixes: 16292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-5747063496638464 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
Michael Niedermayer authored
Fixes: Timeout (122sec -> 13ms) Fixes: 15978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5148925004087296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by:
-
