Reviewed-by: Paul B Mahol <onemda@gmail.com>
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Also warn the user that for single images -update should be used, for sequences
a proper pattern should be specified.
Fixes ticket #9748.
Signed-off-by: Marton Balint <cus@passwd.hu>
In order to not generate 0 sized packets or create a huge index table
needlessly.
Fixes: Timeout
Fixes: 43717/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5206008287330304
Fixes: 45738/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6142535657979904
Signed-off-by: Marton Balint <cus@passwd.hu>
Modifying avformat_find_stream_info() behaviour based on the number of EAGAINs
it encounters is a hack which usually only hides the real issue if such thing
happen.
This reverts commit b0cac7082d.
av_fast_realloc and av_fast_mallocz? store the size of
the objects they allocate in an unsigned. Yet they overallocate
and currently they can allocate more than UINT_MAX bytes
in case a user has requested a size of about UINT_MAX * 16 / 17
or more if SIZE_MAX > UINT_MAX (and if the user increased
max_alloc_size via av_max_alloc). In this case it is impossible
to store the true size of the buffer via the unsigned*;
future requests are likely to use the (re)allocation codepath
even if the buffer is actually large enough because of
the incorrect size.
Fix this by ensuring that the actually allocated size
always fits into an unsigned. (This entails erroring out
in case the user requested more than UINT_MAX.)
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Add a short hand parameter for making a fixed size grid. The existing
xstack layout parameter syntax gets tedious if all one wants is a
matrix like grid of the input streams. Add a grid option to the xstack
filter that simplifies this use case by simply specifying the number of
rows and columns instead of specific x/y co-ordinate for each stream.
Also updating the filter documentation to explain the new option.
Signed-off-by: Vignesh Venkatasubramanian <vigneshv@google.com>
The doxy for av_channel_layout_describe() states that the user should look
at the return value to check if the string was truncated. Returning an error
code in this scenario goes against this and is an API break.
A proper fix for the timeout was applied to the Matroska demuxer in 94901a9518.
This reverts commit 8154cb7c2f.
If the stream's channel layout is first set into a native layout using codec
private parameters, this code here could potentially result in an invalid
native layout where popcnt(ch_layout.u.mask) != ch_layout.nb_channels being
propagated.
Fixes: Timeout printing a billion channels
Fixes: 48099/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6754782204788736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Tested-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
This packet may not be writable, hence we must not write to it.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
These packets need not be writable, so we must not modify them.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
A decoder's input packet need not be writable, so we must not modify
the data.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The packets muxers receive are not guaranteed to be writable,
so they must not be modified. Ergo only access the packet's data
via a const uint8_t*.
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
-shortest stops 'recording' when the shortest output stream ends. The
native or even seek-adjusted duration of the source input stream isn't
considered.
davs2_decoder_close doesn't free those on the fly frames which
don't get output yet. It's a design bug, but easy to workaround.
Before the patch:
Direct leak of 1198606 byte(s) in 2 object(s) allocated from:
#0 0x563af5e1e5f0 in malloc (ffmpeg+0x6675f0)
#1 0x563af9765ef3 in davs2_malloc davs2/source/common/common.h:1240
#2 0x563af9765ef3 in davs2_alloc_picture davs2/source/common/header.cc:815
Indirect leak of 3595818 byte(s) in 6 object(s) allocated from:
#0 0x563af5e1e5f0 in malloc (ffmpeg+0x6675f0)
#1 0x563af9765ef3 in davs2_malloc davs2/source/common/common.h:1240
#2 0x563af9765ef3 in davs2_alloc_picture davs2/source/common/header.cc:815
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
Fixes: out of array access
Fixes: 48145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5054524173189120
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: 48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented in type 'int'
Fixes: 46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It results in undefined behaviour. Instead initialize the mutexes
and condition variables once during init (and check these
initializations).
Also combine the corresponding mutex and condition variable
into one structure so that one can allocate their array
jointly.
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Adding a new AVHWAccel also adds a new CONFIG variable for it
and said config variables are typically used to calculate the
size of stack arrays. In such a context, an undefined CONFIG
variable does not evaluate to zero; instead it leads to
a compilation failure. Therefore treat this file like the other
files containing lists of configurable components and prompt
for reconfiguration if it is modified.
(E.g. a44fba0b5b led to compilation
failures for me.)
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>