This optimizes lines 2 and later. Line 1 still uses av_memcpy_backptr()
This change originally fixed ossfuzz 10790 but this is now fixed by other
optimizations already
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/smacker: Fix integer overflow in signed int multiply in SMK_BLK_FILL
Fixes: signed integer overflow: 238 * 16843009 cannot be represented in type 'int' Fixes: 16958/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5193905355620352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of negative value -256 Fixes: 16892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-4880802642395136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/alac: fix undefined behavior with INT_MIN in lpc_prediction()
Fixes: signed integer overflow: -2147483648 * -1 cannot be represented in type 'int' Fixes: 16786/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5632818851348480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/utils: Do not assume duration is non negative in compute_pkt_fields()
Several subtitle demuxers set negative durations
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 16925/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5766519790764032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/ffwavesynth: Fix integer overflow in timestamps
Fixes: signed integer overflow: 9223371075321077760 * 2 cannot be represented in type 'long' Fixes: 16447/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5698937431785472 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/cbs_h264: Automatically free SEI payload on error
If adding an SEI message to an access unit fails, said SEI message was
not touched, so that the caller had to free any data associated with it
that might need to be freed. But given that ff_cbs_h264_add_sei_message
can simply call cbs_h264_free_sei_payload, one can easily free
the content of the SEI payload.
This fixes a memleak when inserting a user data unregistered string for
h264_metadata fails.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: signed integer overflow: 61 + 2147483647 cannot be represented in type 'int' Fixes: 15311/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5742552826773504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access Fixes: 17608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_MTAF_fuzzer-5074936267276288 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
James Zern [Fri, 20 Sep 2019 07:04:06 +0000 (00:04 -0700)]
tools/patcheck: remove gcc-2.95 compat check
this conflicts with the current contributing guidance:
http://ffmpeg.org/developer.html#Contributing
FFmpeg is programmed in the ISO C90 language with a few additional
features from ISO C99, namely:
...
for loops with variable definition (‘for (int i = 0; i < 8; i++)’);
Moritz Barsnick [Thu, 12 Sep 2019 09:23:06 +0000 (11:23 +0200)]
avformat/hashenc: add streamhash muxer
Implemented as a variant of the hash muxer, reusing most functions,
and making use of the previously introduced array of hashes.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Moritz Barsnick [Thu, 12 Sep 2019 09:23:05 +0000 (11:23 +0200)]
avformat/hashenc: use an array of hashes
Only the first element of the array is used currently, the other
elements are in preparation for a new muxer calculating multiple
hashes.
Also move alloc/init code from the write_header() functions to
dedicated init() functions, and the cleanup code from the
write_trailer() functions to dedicated deinit() functions.
hash_free() and framehash_free() turn out to be identical here,
but will differ in the subsequent commit, so they are not consolidated.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Moritz Barsnick [Thu, 12 Sep 2019 09:23:04 +0000 (11:23 +0200)]
avformat/hashenc: rearrange options definition
Only the frame* muxers support the format_version option.
Use macros to ease the proliferation of identical options to
coming muxers as well.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Reviewed-by: James Almer <jamrial@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The pointer arguments to memcpy (and several other functions of the
C standard library) are not allowed to be NULL, not even when the number
of bytes to copy is zero. An AVEncryptionInitInfo's data pointer is
explicitly allowed to be NULL and yet av_encryption_init_info_add_side_data
unconditionally used it as a source pointer to copy from. This commit changes
this so that copying is only done if the number of bytes to copy is > 0.
Fixes ticket #8141 as well as a part of ticket #8150.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Moritz Barsnick [Wed, 13 Mar 2019 09:17:40 +0000 (10:17 +0100)]
avformat/aiffdec: parse replaygain metadata
Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Soft Works [Tue, 17 Sep 2019 01:09:05 +0000 (01:09 +0000)]
avutil/opt: Print out numeric values of option constants
It's often not obvious how option constants relate to numerical values.
Defaults are sometimes printed as numbers and from/to are always printed as numbers.
Printing the numeric values of options constants avoids this confusion.
It also allows to see which constants are equivalent.
Before this patch:
-segment_list_type <int> E........ set the segment list type (from -1 to 4) (default -1)
flat E........ flat format
csv E........ csv format
ext E........ extended format
ffconcat E........ ffconcat format
m3u8 E........ M3U8 format
hls E........ Apple HTTP Live Streaming compatible
Afterwards:
-segment_list_type <int> E........ set the segment list type (from -1 to 4) (default -1)
flat 0 E........ flat format
csv 1 E........ csv format
ext 3 E........ extended format
ffconcat 4 E........ ffconcat format
m3u8 2 E........ M3U8 format
hls 2 E........ Apple HTTP Live Streaming compatible
Signed-off-by: softworkz <softworkz@hotmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes the FATE-tests unknown_layout-ac3, ac3-fixed-encode, ac3-encode
and eac3-encode. It furthermore fixes the ac3-encoder bugs mentioned in
tickets #7994, #8144 and #8159.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavfilter/dnn: add layer maximum for native mode.
The reason to add this layer is that it is used by srcnn in vf_sr.
This layer is currently ignored in native mode. After this patch,
we can add multiple outputs support for native mode.
Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
av_mod_uintp2_c uses a bitwise AND with (1 << p) - 1 to clear the high
bits of an unsigned int. But this is undefined if p == 31, because 1 is
an int and 2^31 is not representable in an int. So make 1 unsigned.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
1. Instead of relying on ff_packet_list_get to get the oldest element in
an AVPacketList, ff_read_packet used its own ad-hoc code. Said code
forgot to set the end of the list to NULL if the last element of the
list has been removed, thereby leaving the list in an inconsistent state.
2. Furthermore, if the list was not empty, the oldest element of the
list would always be copied into another packet structure before it was
known whether the oldest entry of the list would be removed. This makes
the ownership confusing and potentially copies unnecessarily.
Both of these issues have been fixed. ff_packet_list_get is used now.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/internal: Improve documentation of ff_packet_list_get
The documentation of ff_packet_list_get currently didn't match the
actual usage:
1. It said that the destination packet is supposed to be initialized.
But this makes no sense given that it will be overwritten completely and
flacenc, mp3enc and ttaenc ignored this.
2. ff_packet_list_get returns an int, although it can't fail in case the
packet list is not empty (for which there is an assert). Again, several
callers didn't check for any return value.
In both cases, the documentation has been adapted to match actual usage.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
tools/target_dec_fuzzer: Adjust threshold for binkvideo
Fixes: Timeout (89sec -> 7sec) Fixes: 17035/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-5737222422134784 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>