When e2_pts == INT64_MIN and e1_pts >= 0 the calculation of
e2_pts - e1_pts will overflow an int64_t.
Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The AVPacket destined for a demuxer's output has already been
initialized before it reaches the demuxer.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
Since bae8844e the packet will always be unreferenced when a demuxer
returns an error, so that a lot of calls to av_packet_unref() in lots of
demuxers are now redundant and can be removed.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: division by zero
Fixes: 20436/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5763229752229888
Fixes: 20503/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4841641154445312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Adds support for the custom VAG container used by some Simon & Schuster
Interactive games such as Real War, and Real War: Rogue States.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The default is not to write SDT and PAT periodically, only in the beginning of
every segment. After this patch the user might override this if needed.
Signed-off-by: Marton Balint <cus@passwd.hu>
Sometimes it has not been checked whether opening the dynamic buffer for
writing Tags fails; this might have led to segfaults.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This changes the separator character from comma to colon, but since this option
was only added recently I think it should be done for consistency with other
similar options.
Signed-off-by: Marton Balint <cus@passwd.hu>
recvfrom() is not a cancellation point in pthreads-win32, see
https://sourceware.org/pthreads-win32/manual/pthread_cancel.html
In order to be able to cancel the reader thread on Win32 properly we first
shutdown the socket then call CancelIoEx to abort pending IO. Subsequent
recvfrom() calls will fail with WSAESHUTDOWN causing the thread to exit.
Fixes ticket #5717.
Signed-off-by: Marton Balint <cus@passwd.hu>
this usecase will cause a division by zero trap:
1. dashenc has received one frame
2. os->max_pts and os->start_pts have same value
3. delta between max_pts and start_pts is 0
4. av_rescale_q(0, x, y) returns 0
5. this value is used as denominator in division
6. Bang! -> segfault
this fix checks that max_pts > start_pts.
the fix has been tested and works.
Signed-off-by: Alfred E. Heggestad <alfred.heggestad@gmail.com>
Reviewed-by: Jeyapal, Karthick <kjeyapal@akamai.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Fixes: bypassing of checks and assertion failure
Fixes: asan_1003879.mp4
Found-by: Clusterfuzz + asan
Reported-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
In the Libav commit cae448cf, the opaque of every AVIOContext opened
by ffio_fdopen() (which is used internally by avio_open() and avio_open2())
changed: It was a simple pointer to an URLContext before, but now it was
a structure (namely AVIOInternal) containing a pointer to an URLContext
as its only member. The next commits (namely 8c0ceafb and ec4c4839) added
members to AVIOInternal to allow white-/blacklisting of protocols.
But these two commits were never merged into FFmpeg (they were only
merged as no-ops in 510046c2 and 063b26d3), because FFmpeg chose
a different way to implement this (in 93629735); and so our AVIOInternal
still has exactly one member.
This of course means that it is unnecessary to use AVIOInternal as
opaque as it is just adding a level of indirection (not only pointer
dereference, but also wrapper functions). Therefore this commit
removes AVIOInternal entirely and essentially reverts cae448cf.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Suggested-by: Hendrik Leppkes <h.leppkes@gmail.com>
Suggested-by: Nicolas George <george@nsup.org>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Fixes memleak and Coverity issue #1439587.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Write a few numbers directly via AV_WB32 instead of using an AVIOContext
(that is initialized only for this very purpose) to write these numbers
at known offsets into a fixed buffer.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
The Matroska Projection master element has such a small maximum length
that it can always be written with a length field of length one.
So it is unnecessary to first write the element into a dynamic buffer to
get the accurate length in order not to waste bytes on the length field.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
If no error occurs and this AVPacketList is used at all, its packet
substructure will be overwritten and its next pointer explicitly set, so
every field will still be initialized even when using av_malloc.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
In the common case that the input packet was already refcounted,
ff_interleave_add_packet would allocate a new AVPacketList, use
av_packet_ref to create a new reference to the buffer for the
AVPacketList's packet, interleave the packet and finally unreference
the original input packet.
This commit changes this: It uses av_packet_move_ref to transfer
the packet to its destination. In case the input packet is refcounted,
this saves an allocation and a free (of an AVBufferRef); if not, the
packet is made refcounted before moving it. When the input packet has
side data, one saves even more than one allocation+free.
Furthermore, when the packet is in reality an uncoded frame, a hacky
ad-hoc variant of av_packet_move_ref has been employed. Not any more.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes memleaks when the trailer is never written (e.g. if the call to
gxf_write_map_packet() at the end of gxf_write_header() fails).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes memleaks when allocating the private data of the timecode_track
fails or when the trailer is never written.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It will be freed when the AVStream is freed later anyway.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
In order to use ff_audio_rechunk_interleave() (a special interleavement
function for situations where the ordinary "interleave by dts" is not
appropriate), the AVStreams must have private data and this private data
must begin with an AudioInterleaveContext which contains a fifo that may
need to be freed and when ff_audio_interleave_close() was called, it just
assumed that everything has been properly set up, i.e. that every streams
priv_data exists. This implies that this function can not be called from
the deinit function of a muxer, because such functions might be called
if the private data has not been successfully allocated. In order to
change this, add a check for whether the private data exists before
trying to free the fifo in it.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The muxing context has already been zeroed when it was allocated, hence
it is unnecessary to do it again.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The old write_trailer only freed memory, so it is better to make a
dedicated deinit function out of it. Given that this function will also
be called when writing the header fails, one can also remove code that
frees already allocated fifos when allocating another one fails.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Certain types of OBUs are stripped away before muxing into Matroska and
ISOBMFF; there are two functions to do this: One that outputs by
directly writing in an AVIOContext and one that returns a freshly
allocated buffer with the units not stripped away copied into it.
The latter option is bad for performance, especially when the input
does already not contain any of the units intended to be stripped away
(this covers typical remuxing scenarios). Therefore this commit changes
this by avoiding allocating and copying when possible; it is possible if
the OBUs to be retained are consecutively in the input buffer (without
an OBU to be discarded between them). In this case, the caller receives
the offset as well as the length of the part of the buffer that contains
the units to be kept. This also avoids copying when e.g. the only unit
to be discarded is a temporal delimiter at the front.
For a 22.7mb/s file with average framesize 113 kB this improved the time
for the calls to ff_av1_filter_obus_buf() when writing Matroska from
313319 decicycles to 2368 decicycles; for another file with 1.5mb/s
(average framesize 7.3 kB) it improved from 34539 decicycles to 1922
decicyles. For these files the only units that needed to be stripped
away were temporal unit delimiters at the front.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
ff_av1_filter_obus_buf() and ff_avc_parse_nal_units_buf() both have a
pointer-to-pointer parameter which they use to pass a newly allocated
buffer to the caller. And both functions freed what this pointer points to
before overwriting it. But no caller of these functions used this feature,
but some had to initialize the pointer just because of this. So remove
it and update the documentation of ff_av1_filter_obus_buf() wrt this fact.
ff_hevc_annexb2mp4_buf in contrast did not free the pointer. This has been
documented, too.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Both ISOBMFF as well as Matroska require certain OBUs to be stripped
before muxing them. There are two functions for this purpose; one writes
directly into an AVIOContext, the other returns a freshly allocated
buffer with the undesired units stripped away.
The latter one actually relies on the former by means of a dynamic
buffer. This has several drawbacks: The underlying buffer might have to
be reallocated multiple times; the buffer will eventually be
overallocated; the data will not be directly copied into the final
buffer, but rather first in the write buffer (in chunks of 1024 byte)
and then written in these chunks. Moreover, the API for dynamic buffers
is defective wrt error checking and as a consequence, the earlier code
would indicate a length of -AV_INPUT_BUFFER_PADDING_SIZE on allocation
failure, but it would not return an error; there would also be no error
in case the arbitrary limit of INT_MAX/2 that is currently imposed on
dynamic buffers is hit.
This commit changes this: The buffer is now parsed twice, once to get
the precise length which will then be allocated; and once to actually
write the data.
For a 22.7mb/s file with average framesize 113 kB this improved the time
for the calls to ff_av1_filter_obus_buf() when writing Matroska from
753662 decicycles to 313319 decicycles (based upon 50 runs a 2048 frames
each); for another 1.5mb/s file (with average framesize of 7.3 kB) it
improved from 79270 decicycles to 34539 decicycles (based upon 50 runs a
4096 frames).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
If this is not done, the avio_write() calls will cause segfaults
immediately afterwards on error.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
The output size is already returned via a pointer argument, so there is
no need to return it via the ordinary return value as well. The
rationale behind this is to not poison the return value on success.
It also unifies the behaviour of the *_buf-functions for AVC, AV1 and
HEVC.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
ff_hevc_annexb2mp4_buf() could indicate an error, yet leave cleaning
after itself to the caller, so that a caller could not simply return the
error, but had to free the buffer first.
(Given that all current callers have set filter_ps = 0, this error can
currently not be triggered.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Add {, } in situations like
if ()
...
else if ()
/* Comment */
...
else ...
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
This is needed especially for AV1: If a reformatting error happens (e.g.
if the length field of an OBU contained in the current packet indicates
that said OBU extends beyond the current packet), the data pointer is
still NULL, yet the size is unchanged, so that writing the data leads
to a segmentation fault.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
Adds support for the custom ASF container used by some Argonaut Games'
games, such as 'Croc! Legend of the Gobbos', and 'Croc 2'.
Can also handle the sample files in:
https://samples.ffmpeg.org/game-formats/brender/part2.zip
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
It is a common mistake that people only increase fifo_size when they experience
drops, unfortunately this does not help for higher bitrate (> 100 Mbps) streams
when the reader thread simply might not receive the packets in time (especially
under high CPU load) if the default 64 KB of kernel buffer size is used.
New default is determined so that common linux systems can set this buffer size
without tuning kernel parameters.
Signed-off-by: Marton Balint <cus@passwd.hu>
As per the PIFF standard, the timescale of 10000000
is recommended but not mandatory, so don't override
the user-set value.
A warning is shown for non-recommended values.
Dale Curtis
Andreas Rheinhardt
Paul B Mahol
Michael Niedermayer
Zane van Iperen
Marton Balint
Alfred E. Heggestad
Steven Liu
Gyan Doshi