Several subtitle demuxers set negative durations
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 16925/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5766519790764032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
index into segmentlists_tab was specified as 4 instead of 3 causing invalid access
further fix to: 8135
Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: vectronic <hello.vectronic@gmail.com>
prevent attempt to call xmlFree if val was not allocated
fixes: 8135
Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: vectronic <hello.vectronic@gmail.com>
Implemented as a variant of the hash muxer, reusing most functions,
and making use of the previously introduced array of hashes.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Only the first element of the array is used currently, the other
elements are in preparation for a new muxer calculating multiple
hashes.
Also move alloc/init code from the write_header() functions to
dedicated init() functions, and the cleanup code from the
write_trailer() functions to dedicated deinit() functions.
hash_free() and framehash_free() turn out to be identical here,
but will differ in the subsequent commit, so they are not consolidated.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Only the frame* muxers support the format_version option.
Use macros to ease the proliferation of identical options to
coming muxers as well.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
1. Instead of relying on ff_packet_list_get to get the oldest element in
an AVPacketList, ff_read_packet used its own ad-hoc code. Said code
forgot to set the end of the list to NULL if the last element of the
list has been removed, thereby leaving the list in an inconsistent state.
2. Furthermore, if the list was not empty, the oldest element of the
list would always be copied into another packet structure before it was
known whether the oldest entry of the list would be removed. This makes
the ownership confusing and potentially copies unnecessarily.
Both of these issues have been fixed. ff_packet_list_get is used now.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The documentation of ff_packet_list_get currently didn't match the
actual usage:
1. It said that the destination packet is supposed to be initialized.
But this makes no sense given that it will be overwritten completely and
flacenc, mp3enc and ttaenc ignored this.
2. ff_packet_list_get returns an int, although it can't fail in case the
packet list is not empty (for which there is an assert). Again, several
callers didn't check for any return value.
In both cases, the documentation has been adapted to match actual usage.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When the mov/mp4 demuxer encounters an error during decrypting a packet,
it returns the error, yet doesn't free the packet, so that the packet
leaks. This has been fixed in this commit.
Fixes the memleaks from ticket #8150.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 65535 * 65312 cannot be represented in type 'int'
Fixes: 16704/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6294115603447808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
ffio_init_context with NULL seek callback will setting seekable with 0, so
remove the redundancy seekable setting.
Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
ff_format_io_close will check the AVIOContext pointer pb, so drop
the unnecessary check before ff_format_io_close.
Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
This commit fixes a memleak in the hls muxer when one uses a single file
as output. It has been forgotten to free the temporary buffers used to write
the packets so that the size of the leaks basically amounts to the size
of the output file. This commit adds the necessary free.
Reviewed-by: Steven Liu <lq@onvideo.cn>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
free the value in error handling path to avoid the memory leak.
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Ask for a sample for these
Fixes: out of array access
Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Paul B Mahol
Jun Zhao
Michael Niedermayer
Moritz Barsnick
vectronic
James Almer
Anthony Delannoy
Andreas Rheinhardt
hwrenx
Carl Eugen Hoyos
Steven Liu
Daniel Oberhoff