Do this by using the AVStream's priv_data for the buffer holding
the packet size data.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If an array for the packet sizes could not be successfully reallocated
when writing a packet, the CAF muxer frees said array, but does not
reset the number of valid bytes. As a result, when the trailer is
written later, avio_write tries to read that many bytes from NULL,
which segfaults.
Fix this by not freeing the array in case of error; also, postpone
writing the packet data after having successfully (re)allocated the
array, so that even on allocation error the file can be correctly
finalized.
Also remove an unnecessary resetting of the number of size entries
used at the end.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(As long as avio_write() only accepts an int, it makes no sense
to try to support sizes that don't fit into an int.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: signed integer overflow: 9223372036854775360 + 536870912 cannot be represented in type 'long'
Fixes: 37940/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6095637855207424
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This avoids a -Wstringop-truncation warning from GCC which takes
issue with the fact that the destination might not be NUL-terminated.
Reviewed-by: Zane van Iperen <zane@zanevaniperen.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The terminating '\0' is no longer included in the size of
the extradata output by the demuxer since commit
36e61e24e7.
E.g. if one remuxes the JACOsub sample JACOsub_capability_tester.jss
from the FATE suite, one receives a file not recognized as JACOsub
before this patch.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: memleak
Fixes: 38893/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4785231933079552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: assertion failure
Fixes: 38332/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-4522405595316224
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
SRTSOCKET is an abstraction designed by libsrt, it's not guaranteed
to be a real file descriptor. Even if it is, it should not be
operated directly outside of libsrt.
Signed-off-by: Marton Balint <cus@passwd.hu>
It's useful for test client which pass streamid to ffmpeg/ffplay.
For example, use ffmpeg to test streamid support in VLC:
./ffmpeg -v info -re -i foo.mp4 -c copy -f mpegts -mode listener srt://127.0.0.1:9000
./vlc srt://127.0.0.1:9000?streamid=foobar
Signed-off-by: Marton Balint <cus@passwd.hu>
When a possible overflow was detected, there was a break to exit the while
loop. However, it should have already substracted 2 bytes from
program_info_length (descriptor ID + length).
Fixes ticket #9422.
Signed-off-by: Marton Balint <cus@passwd.hu>
libavformat/utils.c has over 4800 lines and is supposed to contain
"various utility functions for use within FFmpeg". In reality it
contains all that and the whole demuxing core of libavformat.
This is especially bad, because said file includes the FFMPEG_VERSION
(the git commit sha) so that it is rebuilt whenever the commit HEAD
points to changes. Therefore this commit makes it smaller by moving
the demuxing code out to a new file, demux.c (in analogy to mux.c
for the muxing code).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
libavformat/utils.c has over 5500 lines and is supposed to contain
"various utility functions for use within FFmpeg". In reality it
contains all that and the whole demuxing+seeking core of libavformat.
This is especially bad, because said file includes the FFMPEG_VERSION
(the git commit sha) so that it is rebuilt whenever the commit HEAD
points to changes. Therefore this commit starts making it smaller
by factoring the seeking code out.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Do this by allocating AVStream together with the data that is
currently in AVStreamInternal; or rather: Put AVStream at the
beginning of a new structure called FFStream (which encompasses
more than just the internal fields and is a proper context in its own
right, hence the name) and remove AVStreamInternal altogether.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This gets rid of ugly "->internal" and is in preparation for removing
AVStreamInternal altogether.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Do this by allocating AVFormatContext together with the data that is
currently in AVFormatInternal; or rather: Put AVFormatContext at the
beginning of a new structure called FFFormatContext (which encompasses
more than just the internal fields and is a proper context in its own
right, hence the name) and remove AVFormatInternal altogether.
The biggest simplifications occured in avformat_alloc_context(), where
one can now simply call avformat_free_context() in case of errors.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This gets rid of ugly "->internal" and is in preparation for removing
AVFormatInternal altogether.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes: signed integer overflow: -682581959642593728 * 16 cannot be represented in type 'long'
Fixes: 37883/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5311691517198336
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 4611686025627387904 + 4611686025627387904 cannot be represented in type 'long'
Fixes: 35489/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-4862678601433088
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Andreas Rheinhardt
Michael Niedermayer
Nicolas Gaullier
Marc-Antoine Arnaud
Zhao Zhili
Nicolas Jorge Dato
James Almer
Nicolas George