by setting the FF_FMT_INIT_CLEANUP flag.
(Btw: concat_read_close() is not idempotent (it frees cat->files, but
doesn't reset cat->nb_files), so this demuxer was incompatible with
simply calling read_close generically upon read_header failure.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
by setting the FF_FMT_INIT_CLEANUP flag.
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If reading the header fails, the demuxer's read_close() function (if
existing) is not called automatically; instead several demuxers call it
via "goto fail" in read_header().
This commit intends to change this by adding an internal flag for
demuxers that can be used to set on a per-AVInputFormat basis whether
read_close() should be called generically after an error during
read_header().
The flag controlling this behaviour needs to be added because it might
be unsafe to call read_close() generally (e.g. this might lead to
read_close() being called twice and this might e.g. lead to double-frees
if av_free() is used instead of av_freep(); or a size field has not
been reset after freeing the elements (see the mov demuxer for an
example of this)).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Both AVInputFormat and AVOutputFormat currently lack an equivalent to
AVCodec's caps_internal. E.g. if reading a header fails, each demuxer
is currently required to clean up manually, which often means to just
call the demuxer's read_close function. This could (and will) be done
generically via an equivalent of FF_CODEC_CAP_INIT_CLEANUP.
Because of the unholy ABI-relationship between libavdevice and
libavformat adding such a flag is only possible when the ABI is open
(despite the flag not being part of the public API), such as now.
Therefore such a flag is also added to AVOutputFormat, despite there
being no immediate use for it.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: negation of -9223372036854775808 cannot be represented in type 'int64_t' (aka 'long'); cast to an unsigned type to negate this value to itself
Fixes: 33997/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6752039691485184
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Currently it is only checked that the rtp port does not exceed rtp_port_max.
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
92c40ef882 added a listen_timeout option
for sdp. This allowed a user to set variable timeout which was
originally hard coded to 10 seconds.
The commit used the initial_timeout variable to store the value. But
this variable is shared with rtsp where it's used to infer a "listen"
mode. Thus, the timeout value could not be set in rtsp, and the default
value (initial_timeout = -1) would give 100ms timeout.
This was attempted to be fixed in c8101aabee,
which changed the meaning of initial_timeout = -1 to be an infinite
timeout. However, it did not address the issue that the timeout could
still not be set. Being able to set the timeout is useful because it
allows to automatically reconfigure from a udp to tcp connection in the
lower transport.
In this commit this is fixed by using the stimeout variable to
store the timeout value.
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
Maybe such large values could be disallowed earlier and closer to where
they are set.
Fixes: signed integer overflow: 538976288 * 8224 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6704350354341888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 5404200000 - -9223372031709351616 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-6737340551790592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2 * -1725947872 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_QCP_fuzzer-6726807632084992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1207959552 * 4 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_PP_BNK_fuzzer-6747301169201152
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6739990530883584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2048 * 1122336 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MSF_fuzzer-6726959600107520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPL2_fuzzer-6747053545881600
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 15 + 9223372036854775796 cannot be represented in type 'long'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6723520756318208
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6739833034768384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 6365816 * 1000 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_MCC_fuzzer-6737934184218624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 588 * 16719904 cannot be represented in type 'int'
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6748331936186368
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int32_t' (aka 'int'); cast to an unsigned type to negate this value to itself
Fixes: assertion failure
Fixes: 29102/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6744985740378112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When streaming mode is enabled with fMP4/CMAF for DASH output, the
segment files are available to read by players as soon as the first byte
is written instead of only after the file is fully written. The DASH
manifest currently only gets written when the final write to the segment
file occurs. This means that players cannot stream the first segment
while it is being written.
When -lhls is enabled with MP4 segments the HLS manifest is written
immediately to advertise the in-flight segments. This change adds the
same behavior for the DASH manifest so players can stream it
immediately.
Again. 240M matrix is different from BT.601! And 170M is the same
as BT.601. It is primaries that are the same in 240M and 170M, as
for jp2k_rsiz see page 17 of ST 422:2019. IT WAS THERE since 2006.
This wrong jp2k_rsiz is a copy-paste of header_open_partition_key.
Add () to avoid undefined behavior
Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long'
Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Andreas Rheinhardt
Michael Niedermayer
Kyle Schwarz
Andriy Gelman
James Almer
Vadym Bezdushnyi
Robert Bengtsson-Ölund
Nick Ruff
Matthieu Patou
Kevin LaFlamme
Limin Wang
Valerii Zapodovnikov