Fixes: division by zero
Fixes: 42198/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-5054366405492736.fuzz
Fixes: 42222/clusterfuzz-testcase-minimized-ffmpeg_dem_MV_fuzzer-4561249331970048
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Because the s->buffer has been freed by av_freep in avio_closep.
It should not av_freep the buffer in label fail after avio_closep.
Then just move the av_freep before avio_closep and remove the label fail.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Reviewed-by: Zhao Zhili <zhilizhao@tencent.com>
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
This piece of code has been added as FFmpeg's answer to
infinite loops in try_decode_frame() in commit
6072a19b4f. There is no loop
around try_decode_frame() any more, so this code can be removed.
This code is only triggered in case a) the codec parameter could
not be determined, b) the decode delay could not be guessed or
c) no packet was ever encountered and the encoder has the
AV_CODEC_CAP_CHANNEL_CONF. In these cases the new code will
no longer emit a "decoding for stream %d failed" message, which is
prima facie false. In case a) an additional "Could not find codec
parameters" message is (and will be) emitted. No warning will be
emitted any more in case b) (this happens e.g. with some
h264-conformance FATE-files).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
When flushing, try_decode_frame() itself loops until the desired
properties have been found or the decoder is drained.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Because the hls_ts_options will be misunderstand by user,
and then user can use hls_segment_options instead of hls_ts_options.
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
Because the hls_ts_options will be misunderstand by user that only can
be used in mpegts segments option. So add this option for segments.
Signed-off-by: Steven Liu <liuqi05@kuaishou.com>
Otherwise there is no way to detect an error returned by avio_close() because
ff_format_io_close cannot get the return value.
Checking the return value of the close function is important in order to check
if all data was successfully written and the underlying close() operation was
successful.
It can also be useful even for read mode because it can return any pending
AVIOContext error, so the user don't have to manually check AVIOContext->error.
In order to still support if the user overrides io_close, the generic code only
uses io_close2 if io_close is either NULL or the default io_close callback.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: shift exponent 4294967163 is too large for 32-bit type 'int'
Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6183636217495552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Don't use different src and dst in av_tea_crypt(); use in-place
modifications instead. Also let av_tea_crypt() encrypt all three
blocks in one call.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
We use ECB, not CBC mode here, so one does not need to reinitialize
the context; for the same reason, one can also just let av_tea_crypt()
loop over the blocks, avoiding a loop here.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Up until now, the packets have been read in blocks of at most
eight bytes at a time; then these blocks have been decrypted
and copied into a buffer on the stack (that was double the size
needed...). From there they have been copied to the dst packet.
This commit changes this: The data is read in one go; and
the decryption avoids temporary buffers, too, by making
use of the fact that src and dst of av_tea_crypt() can coincide.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Due to this bush.aa (from the FATE suite) exported garbage metadata
with key "_040930".
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The concatf protocol returns an opaque error on open if
concatf list file contains trailing newlines.
Signed-off-by: Gyan Doshi <ffmpeg@gyani.pro>
Reviewed-by: James Almer <jamrial@gmail.com>
Instead of storing the protocol pointer in the opaque iteration state,
store just the index of the next protocol, similarly to how
ff_urlcontext_child_class_iterate() works.
Silences e.g. the following warning in gcc 10:
src/libavformat/ftp.c: In function ‘ftp_move’:
src/libavformat/ftp.c:1122:46: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4091 [-Wformat-truncation=]
1122 | snprintf(command, sizeof(command), "RNTO %s\r\n", path);
| ^~ ~~~~
src/libavformat/ftp.c:1122:5: note: ‘snprintf’ output between 8 and 4103 bytes into a destination of size 4096
1122 | snprintf(command, sizeof(command), "RNTO %s\r\n", path);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This reduces codesize because the offsets of commonly used elements
are now smaller and thus need less bytes to encode in ptr+offset
addressing modes (with GCC 11.2 on x64: 0x1b8b -> 0x1a7b).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The documentation states that here 0 should be used for read-only and
1 for a writable buffer. AVIO_FLAG_WRITE however is 2, while it works
due to the way the flag is handled internally, it is still wrong
according to the documentation.
Additionally it makes it seem as if the AVIO_FLAG_* values could be used
here, which is actually not true, as when AVIO_FLAG_READ would be used
here it would create a writable buffer as AVIO_FLAG_READ is defined as 1.
Signed-off-by: Anton Khirnov <anton@khirnov.net>
this allows getting rid of the hardcoded max size of SDP.
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
The number of audio channels is stored after the magic number
identifying the audio format. Prior to this patch the code has been
reading it earlier, causing files with only one audio channel to be
handled incorrectly.
Reviewed-by: Peter Ross <pross@xvid.org>
Adds demuxer for Square Enux SCD files.
Based off [1] and personal investigation.
This has only been tested against Drakengard 3 (PS3) *_SCD.XXX files
(big-endian). As it is highly likely that FFXIV (PC) files are little-endian,
this demuxer is marked as experimental until this can be confirmed.
[1]: http://ffxivexplorer.fragmenterworks.com/research/scd%20files.txt
Reviewed-by: Peter Ross <pross@xvid.org>
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
Currently they are ordered as-written (i.e. by increasing position);
in case av_interleaved_write_frame() is used, this is (mostly)
the same as ordered by increasing dts.
Yet the Matroska specification strongly recommends (SHOULD) that
the CuePoints be sorted by CueTime. mkvalidator warns when they are
not. Therefore this commit sorts them accordingly.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If fifo_thread_recover() succeeds immediately after
fifo_thread_dispatch_message() fails, the dts of the packet is scaled
twice, causing cur_dts to be abnormally large and "Application provided
invalid, non monotonically increasing dts to muxer in stream" to occur
repeatedly.
Steps to reproduce:
1. ffmpeg -f lavfi -i testsrc -c:v libx264 -map 0:v -flags +global_header -f fifo -fifo_format flv -attempt_recovery 1 -recover_any_error 1 rtmp://example.com/livekey
2. set a breakpoint on fifo_thread_recover
3. force disconnect from the rtmp server
4. wait for break
5. reconnect to the rtmp server
6. resume execution of ffmpeg
Signed-off-by: Ryoji Gyoda <gy.cft4@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
FLV AMF tags have a 24bit field for timestamps plus an 8bit for extended
timestamps.
All FLV AMF tags except when we write metadata handle this correctly
using the put_timestamp function.
Until now when writing metadata we were only using the first
24 bits and thus the timestamp value was wraping around 4 hours 40
minutes (16,800,000 ms, max 24 bit value 16,777,216) of playback.
This commit fixes this applying this same function put_timestamp
for the metadata FLV tag.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: signed integer overflow: -776522110086937600 * 16 cannot be represented in type 'long'
Fixes: 40563/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6644829447127040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>