| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Packets without data need to be handled specially in order to avoid
undefined reads. Pass these packets through unchanged in case there
are no cached packets* and error out in case there are cached packets:
Returning the packet would mess with the order of the packets;
if one returned the zero-sized packet before the superframe that will
be created from the packets in the cache, the zero-sized packet would
overtake the packets in the cache; if one returned the packet later,
the packets that complete the superframe will overtake the zero-sized
packet.
*: This case e.g. encompasses the scenario of updated extradata
side-data at the end.
Fixes: Out of array read
Fixes: 45722/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_fuzzer-5173378975137792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch is analogous to 20f972701806be20a77f808db332d9489343bb78:
It hides the internal part of AVBitStreamFilter by adding a new
internal structure FFBitStreamFilter (declared in bsf_internal.h)
that has an AVBitStreamFilter as its first member; the internal
part of AVBitStreamFilter is moved to this new structure.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
| |
|
|
|
|
| |
This will allow adding a public header named bsf.h
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up until now, the vp9_superframe bsf used distinct packets for input and
output. But at no point in the bsf are the input and output packets used
at the same time (except during a call to av_packet_move_ref()), so that
one can avoid using two packets if one switches to ff_bsf_get_packet_ref
at the same time. This also saves one malloc+free of an AVPacket
structure per filtered packet.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
|
|
|
|
|
|
| |
Add "\n" to avoid continuous error messages in one line.
Signed-off-by: Fu Linjie <linjie.fu@intel.com>
|
|
|
|
| |
Signed-off-by: James Almer <jamrial@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
rather than moving them"
This reverts commit 7a02b364b68c0bf7f065f5c217fae458f0efdb8d.
The packet fetched by ff_bsf_get_packet() and ff_bsf_get_packet_ref()
is now guaranteed to be reference counted.
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '5c22c90c1d5050f1206e46494b193320ac2397cb':
vp9_superframe_bsf: cache packets by creating new references instead of moving pointers
See 37f4a093f7f95241e4fcd582758504491e85e488
7a02b364b68c0bf7f065f5c217fae458f0efdb8d
Merged-by: James Almer <jamrial@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
moving pointers
Fixes invalid reads after free.
Signed-off-by: James Almer <jamrial@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
than moving them
Should hopefully fix the invalid reads after free introduced in
e1bc3f4396ade6033787717d3650fb62663eae8 for all targets.
Signed-off-by: James Almer <jamrial@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also use av_packet_move_ref() to cache them instead of copying
pointers.
Fixes invalid reads since e1bc3f4396ade6033787717d3650fb62663eae8.
Signed-off-by: James Almer <jamrial@gmail.com>
|
|\|
| |
| |
| |
| |
| |
| | |
* commit '3fb6b98b5e247434456916c35ba7e08efa03e85d':
vp9_superframe_bsf: cache input packets directly
Merged-by: James Almer <jamrial@gmail.com>
|
| |
| |
| |
| | |
Avoids unnecessary allocs+copies and makes the code slightly simpler.
|
| | |
|
|\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* commit '0cf949a01193dcf6f83fd95d46792dd94479b4e4':
vp9: Add bsf to merge superframes
[14:25:37] <@BBB> the functional change is wrong
[14:25:48] <@BBB> it allows recusrively packing superframes in superframes
[14:26:37] <@BBB> so I would ignore the remainder
See 2e6636aa87303d37b112e79f093ca39500f92364
Merged-by: James Almer <jamrial@gmail.com>
|
|
|
|
| |
From ffmpeg commit 2e6636aa87303d37b112e79f093ca39500f92364.
|
|
|
|
|
|
|
|
|
| |
* commit '33d18982fa03feb061c8f744a4f0a9175c1f63ab':
lavc: add a new bitstream filtering API
Conversions-by: Hendrik Leppkes <h.leppkes@gmail.com>
Conversions-by: Derek Buitenguis <derek.buitenhuis@gmail.com>
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
|
| |
|
|
Fixes ticket 4313.
|