| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
This makes sure that small seeks forward on https don't end up
doing new requests.
Signed-off-by: Martin Storsjö <martin@martin.st>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: division by 0
Fixes: 26802/clusterfuzz-testcase-minimized-ffmpeg_dem_IDF_fuzzer-5180591554953216.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
| |
Bigger sizes are misinterpreted as negative numbers by the API
Fixes: infinite loop
Fixes: 26611/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4890614975692800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
| |
Fixes: out of array accesses
Fixes: 26622/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6581200338288640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
| |
Fixes: OOM
Fixes: 26528/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5081929248145408
Fixes: 26584/clusterfuzz-testcase-minimized-ffmpeg_dem_PAF_fuzzer-5172661183053824
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
| |
Fixes: Infinite loop
Fixes: 26576/clusterfuzz-testcase-minimized-ffmpeg_dem_GXF_fuzzer-4823080360476672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
| |
Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
| |
Suggested-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
| |
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Causes a divide-by-zero in the rare case where:
- the file has an audio stream,
- the first audio frame isn't within the first BRP_BASF_LOOKAHEAD frames,
- an audio frame is encountered later, and
- its chunk header (except num_blocks) contains all zeros
(matching the uninitialised structure in the context)
The decoder will discard any garbage data, so the check isn't really needed.
Fixes: division by 0
Fixes: 26667/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-5645146928185344.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
|
|
|
|
|
| |
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
|
|
|
| |
It simplifies freeing them and reduces the amount of allocations.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Follow the same pattern as the previous commits for H.264 and H.265.
Reviewed-By: Jan Ekström <jeebjp@gmail.com>
Tested-By: Xu, Yefeng <yefengx.xu@intel.com>
|
|
|
|
|
|
|
| |
Matching the previous commit for H.264.
Reviewed-By: Jan Ekström <jeebjp@gmail.com>
Tested-By: Xu, Yefeng <yefengx.xu@intel.com>
|
|
|
|
|
|
|
|
|
|
| |
The properties should always be set; only the presence flags want to be
conditional.
Fixes #8959.
Reviewed-By: Jan Ekström <jeebjp@gmail.com>
Tested-By: Xu, Yefeng <yefengx.xu@intel.com>
|
| |
|
| |
|
| |
|
|
|
|
|
| |
At least on Turing, a frame without 512 byte alignment cannot be passed
to cuTexObjectCreate.
|
|
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
| |
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Reading the header terminates when an fcTL chunk is encountered in which
case read_header returned success without checking the length of said
chunk. Yet when read_packet processes this chunk, it checks for the
length to be 26 and errors out otherwise. So do so when reading the header,
too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
apng data consists of parts containing a small header (including a
four-byte size field) and a data part; the size field does not account
for everything and is actually twelve bytes short of the actual size. In
order to make sure that the size fits into an int, the size field is
checked for being > INT_MAX; yet this does not account for the + 12 and
upon conversion to int (which happens when calling append_extradata()),
the size parameter can still wrap around. In this case the currently
used check would lead to undefined signed integer overflow.
Furthermore, append_extradata() appends the new data to the already
existing extradata and therefore needs to make sure that the combined
size of new and old data as well as padding fits into an int. The check
used for this is "if (old_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE -
new_size)". If new_size is > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE
the right side becomes negative if the types are signed (as they are
now); yet changing this to "if (new_size > INT_MAX -
AV_INPUT_BUFFER_PADDING_SIZE - old_size)" is better as this also works
for unsigned types (where it is of course presumed that INT_MAX is
replaced by the corresponding maximum for the new type).
Both of these issues have been fixed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If avio_read() could read anything, it returns the number of bytes read,
even if it could not read as much as the caller desired.
apng_read_header() only checked the return value of its avio_read() calls
for being negative and this meant that it was possible for an incomplete
header to not be detected. The return value of the last successfull call
has been returned instead. This commit changes this.
Fixes: OOM
Fixes: 26608/clusterfuzz-testcase-minimized-ffmpeg_dem_APNG_fuzzer-4839491644424192
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
|
|
|
|
| |
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
|
|
|
|
|
|
|
|
|
| |
Fixes: Assertion failure
Fixes: 26572/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-5166735591997440
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes: memleak
Fixes: 26788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5184116808744960
Regression since: 1bf30a1beb7527887c9b466d07765d20fa3b5412
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
|
| |
Fixes: out array read
Fixes: 26610/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-5631838049271808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|
|
|
|
|
|
|
|
|
| |
Example cmdline:
ffmpeg -hwaccel vaapi -hwaccel_device /dev/dri/renderD128 -v verbose \
-c:v av1 -i input.ivf -pix_fmt yuv420p -vsync passthrough -f md5 \
-y out.md5
Signed-off-by: Fei Wang <fei.w.wang@intel.com>
|
|
|
|
| |
Signed-off-by: James Almer <jamrial@gmail.com>
|
|
|
|
| |
Previously changing single coefficient would give unexpected results.
|
| |
|
|
|
|
|
|
|
|
|
| |
Regression since fc6a5883d6af8cae0e96af84dda0ad74b360a084 on SSSE3 enabled
CPUs.
Fixes ticket #8955.
Signed-off-by: Marton Balint <cus@passwd.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the FATE suite contains a sample file for Musepack 8, it did not
use it to test the decoder; it is only used in the mpc8-demux test that
tests the demuxer via streamcopy. Therefore this commit adds an actual
encoder test.
The test uses the framecrc output, because Musepack SV8 is an encoder
that returns multiple frames for a single packet, so that timing
information in the test output is valueable. Output seeking has been
used in order to limit the size of the ref file as well as to test this
codepath for the first time.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bitrate and speed stats are wrong if the copyts is enabled.
Please test with below command:
wget http://samples.mplayerhq.hu/MPEG2/foxksaz.ts
./ffmpeg -y -copyts -i ./foxksaz.ts -c:v libx264 -x264opts \
nal-hrd=cbr:force-cfr=1 -b:v 3500k -minrate 3500k -maxrate 3500k -bufsize \
1000k -c:a mp2 -muxrate 4500k -vframes 1000 test.ts
before:
frame= 1000 fps=112 q=-1.0 Lsize= 9063kB time=09:10:12.41 bitrate= 2.2kbits/s speed=3.7e+03x
after:
frame= 1000 fps=112 q=-1.0 Lsize= 9062kB time=00:00:15.78 bitrate=4703.4kbits/s speed=1.77x
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
w64_read_header()
Fixes: OOM
Fixes: 26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832
Fixes: 26475/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5770207722995712
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
|