Fixes: signed integer overflow: 129 * 16711680 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6742285317439488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372036854775807 + 86400000000 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6731040263634944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 24672 + 2147483424 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSICIN_fuzzer-6731325979623424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 538976288 * 67372036 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6751696819716096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_BFI_fuzzer-6737028768202752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 9223372033098784808 + 4294967072 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-6732488912273408
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483607 + 64 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6753897878257664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6723467048255488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
For JPEG 2000 essence, the MXF input format module currently uses the value of
byte 14 of the essence container UL to determine whether the J2K essence is
clip- (byte 14 is 0x02) or frame-wrapped (byte 14 is 0x01). Otherwise it
assumes an unknown wrapping.
Additional wrappings are documented in SMPTE ST422:2019:
0x03: Interlaced Frame, 1 field/KLV
0x04: Interlaced Frame, 2 fields/KLV
0x05: Field-wrapped Picture Element
0x06: Frame-wrapped Picture Element
And these should also be handled as frame wrapped content.
Signed-off-by: Pierre-Anthony Lemieux <pal@sandflow.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
It only uses an AVIOContext and an AVBPrint.
When doing so, it turned out that several non-users of
ff_read_line_to_bprint_overwrite() and ff_bprint_to_codecpar_extradata()
relied on libavformat/internal.h to include bprint.h or avstring.h
for them. In order to avoid a repeat of this and in order to reduce
unnecessary dependencies, a forward declaration of struct AVBPrint is
used instead of including bprint.h.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
9888ffb1ce added checks for EOF
in loops in the mov demuxer as a precaution against timeouts;
yet there is no I/O in the loop when parsing the STSZ atom
as the values are read from an already read buffer. So remove said
checks.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
mov_read_stsz() did not ensure that every bit of a buffer is addressable
by an int as is required by the get_bits API, leading to a crash in
ticket #9344. Fix this by restricting the size more thoroughly.
The file from said ticket will then be considered invalid; in the
future, we might read and process the data in chunks to actually support
such files.
Fixes ticket #9344.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: signed integer overflow: 9223372036854775807 + 1442840321 cannot be represented in type 'long'
Fixes: 33670/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644379491106816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Don't attempt to increase the cursor pointer if it was \0.
Fixes invalid reads.
Reviewed-by: Marton Balint <cus@passwd.hu>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: James Almer <jamrial@gmail.com>
The code savings more than offset the size of the table
(1936B vs 768B with GCC 10.3 at -O3).
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: signed integer overflow: 8511838621821575200 - -3954125146725285889 cannot be represented in type 'long'
Fixes: 33414/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6610119325515776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
These have mostly been added because of FF_API_*; yet when these were
removed, removing the header has been forgotten.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
av_shrink_packet() takes int size, so size must fit in int
Fixes: out of array access
Fixes: 35607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4875541323841536
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When streaming mode is enabled, the DASH manifest is written on the
first packet for the segment so that the segment can be advertised
immediately to clients. It was also still writing the manifest at the
end of the segment leading to two duplicate writes.
Some encoders send GET_PARAMETER requests as a keep-alive mechanism.
If the client doesn't reply with an OK message, the encoder will close
the session. This was encountered with the impath i5110 encoder, when
the RTSP Keep-Alive checkbox is enabled under streaming settings.
Alternatively one may set the X-No-Keepalive: 1 header, but this is more
of a workaround. It's better practice to respond to an encoder's
keep-alive request, than disable the mechanism which may be manufacturer
specific.
Signed-off-by: Hayden Myers <hmyers@skylinenet.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
Without end_trimming, the last packet will contain unexpected samples used
for padding.
This commit partially fixes#6367 when the audio length is long enough.
dd if=/dev/zero of=./silence.raw count=20 bs=500
oggenc --raw silence.raw --output=silence.ogg
oggdec --raw --output silence.oggdec.raw silence.ogg
ffmpeg -codec:a libvorbis -i silence.ogg -f s16le -codec:a pcm_s16le silence.libvorbis.ffmpeg.raw
ffmpeg -i silence.ogg -f s16le -codec:a pcm_s16le silence.native.ffmpeg.raw
ls -l *.raw
The original test case in #6367 is still not fixed due to a remaining issue.
The remaining issue is that ogg_stream->private is not kept during
ogg_save()/ogg_restore(). Field final_duration in the private data is
important to calculate end_trimming.
Some common operations such as avformat_open_input() and
avformat_find_stream_info() before reading packet will trigger ogg_save()
and ogg_restore().
Luckily, final_duration will not get updated until the last ogg page. The
save/restore mentioned above will not change final_duration most of the
time. But if the audio length is short, those reads may be performed on
the last ogg page, causing trouble keeping the correct value of
final_duration. We probably need a more complicated patch to address this
issue.
Signed-off-by: Guangyu Sun <gsun@roblox.com>
Frame size of Opus stream was previously presumed here to be 960 samples
(20ms), however sizes of 120, 240, 480, 1920, and 2880 are also allowed.
It can also alter on a per-packet basis and even multiple frames may be
present in a single packet according to the specification, for the sake
of simplicity however, let us assume that this doesn't occur.
Because the mFramesPerPacket field, representing the number of samples
per packet in the ffmpeg terminilogy, is the key factor in calculating
packet durations and all that follows from that (index, bitrate, ...),
it is crucial to get right.
Therefore, if the packet size is not available ahead of time (as it is in
the case of Opus), calculate an average from the stream duration once we
know how many packets there are and update the filed in the header.
POSIX errno is positive. We have strict_pthread_cond_wait to handle
error code during development.
Signed-off-by: zhilizhao <zhilizhao@tencent.com>
Reviewed-by: Jun Zhao <barryjzhao@tencent.com>
The child_class_next API relied on different (de)muxers to use
different AVClasses; yet this API has been replaced by
child_class_iterate.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The child_class_next API relied on different (de)muxers to use
different AVClasses; yet this API has been replaced by
child_class_iterate.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The child_class_next API relied on different (de)muxers to use
different AVClasses; yet this API has been replaced by
child_class_iterate.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The child_class_next API relied on different (de)muxers to use
different AVClasses; yet this API has been replaced by
child_class_iterate.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Marton Balint
Michael Niedermayer
Pierre-Anthony Lemieux
Andreas Rheinhardt
James Almer
Paul B Mahol
Gyan Doshi
Zane van Iperen
Martin Storsjö
Kevin LaFlamme
Hayden Myers
Guangyu Sun
Roman Beranek
Zhao Zhili