Fixes: out of array read
Fixes: 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 19331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5644115983466496
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by 0
Fixes: 19123/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAV2_fuzzer-5655493121146880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
video is allocated before parameters like bpp are read.
Fixes: out of array access
Fixes: 19084/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5718556033679360
Fixes: 19465/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5759908398235648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes#8079
During initialization of a v4l2m2m device, the configured pix_fmt can be
different to the pix_fmt of the encoder (i.e. avctx->pix_fmt).
For example on the Odroid XU4:
./ffmpeg -f lavfi -i yuvtestsrc -codec:v h264_v4l2m2m out.h264
will configure the v4l2 encoder to pix_fmt nv21, whereas the input
frames will be yuv444p.
This commit checks that the configured v4l2 pix_fmt on device is the
same as avctx->pix_fmt. If they are different the initialization fails
and an error is returned. Tested on RPI4 and Odroid XU4.
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
When the user decides they do not want to to send the Icy-MetaData
header, this should be respected for all requests, not just the first
one.
Fix#5578
Reviewed-by: Liu Steven <lq@chinaffmpeg.org>
Signed-off-by: James Almer <jamrial@gmail.com>
When the user decides they do not want to to send the Icy-MetaData
header, this should be respected for all requests, not just the first
one.
Fix#5578
Reviewed-by: Liu Steven <lq@chinaffmpeg.org>
Signed-off-by: James Almer <jamrial@gmail.com>
Up until now, the microdvd demuxer uses av_strdup() to allocate the
extradata from a string; its length is set to strlen() + 1, i.e.
including the \0 at the end. Upon remuxing, the muxer would simply copy
the extradata at the beginning, including the \0.
This commit changes this by not adding the \0 to the size of the
extradata; the muxer now delimits extradata by inserting a \n. This
required to change the subtitles-microdvd-remux FATE-test.
Furthermore, the extradata is now allocated with zeroed padding.
The microdvd decoder is not affected by this, as it didn't use the size
of the extradata at all, but treated it as a C-string.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Might happen for annex B H.264.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
While the function adding a new element to the keyframe index checked
the allocation, the caller didn't check the return value. This has been
changed. To do so, the return value has been changed to an ordinary ret
instead of pb->error. This doesn't pose a problem, as write_packet() in
mux.c already checks for write errors (since 9ad1e0c1).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The write_trailer function doesn't write anything anyway. It only frees
memory.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 19542/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5659498341728256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Also by wrapping the SHM buffer in an AVBufferRef we eliminate yet another
possible memcpy improving performance.
Signed-off-by: Marton Balint <cus@passwd.hu>
In order to access the original opaque parameter of a buffer in the buffer
pool. (The buffer pool implementation overrides the normal opaque parameter but
also saves it so it is accessible).
v2: add assertion check before dereferencing the BufferPoolEntry.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: out of array read
Fixes: 19300/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_METADATA_fuzzer-5653911730126848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
!(c->pix_fmt != AV_PIX_FMT_NONE || c->got_format_from_params)
equals
(c->pix_fmt == AV_PIX_FMT_NONE) && !c->got_format_from_params
1. When (c->pix_fmt == AV_PIX_FMT_NONE) is true, got_format_from_params is
always false, the flag doesn't contribute to the result.
2. When the first part is false, the second part doesn't matter, the flag
doesn't contribute to the result.
The result only depends on c->pix_fmt.
Michael Niedermayer
Andriy Gelman
Marton Balint
Paul B Mahol
Marvin Scholz
Limin Wang
Andreas Rheinhardt
Gyan Doshi
Zhong Li
Zhao Zhili