Fixes: applying zero offset to null pointer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c6c54943d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: applying zero offset to null pointer
partly Fixes: verysmall.flv
Found-by: Elias Myllymäki <elias.myllymaki04p@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66e9888bf4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Found-by: Elias Myllymäki <elias.myllymaki04p@gmail.com>
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 827c073154)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This may be needed for floats
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 402824e9e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: undefined NULL pointer use
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-6363211175493632
This performs equivalent sanity checks as are done in mov_read_trak()
before mov_build_index()
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afbc3a1b23)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 16b3d3e3eb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 377965565/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-4504434689769472
Fixes: out of array access
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 251de1791e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 5 out of bounds for type 'uint8_t [5]'
Fixes: 377748135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5167109774049280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f029bfb7f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: -nan is outside the range of representable values of type 'int'
Fixes: 377072730/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6545416570601472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4485a0fd77)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 1239596184 + 2119376059 cannot be represented in type 'int'
Fixes: 376136844/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6581164455821312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f511b4518)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1082982400 + -1195645138 cannot be represented in type 'int'
Fixes: 376136843/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4791844321427456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 56faee21c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: crash
Found-by: Elias Myllymäki <elias.myllymaki04p@gmail.com>
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffa127aa6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Found-by: Elias Myllymäki <elias.myllymaki04p@gmail.com>
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b72de49295)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Use of uninintialized value
Fixes: 70993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-6378949754552320
Fixes: 71104/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5001538727116800
For the AAC/USAC/SBR code which reads uninitialized memory, it would be good, if it did not
a fix for that is welcome!
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b9b4c9ebf0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized value
Fixes: 70992/clusterfuzz-testcase-minimized-ffmpeg_dem_IMAGE2_fuzzer-5735819170611200
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3f0b95bb17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized value
Fixes: 70988/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5298245077630976
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9578c135d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This occurs on a 32x32 input
Fixes: use of uninitialized value
Fixes: 70897/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5960860961406976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9de721de70)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The code following makes no attempt to initialize all of the buffer
Fixes: use of uninitialized value
Fixes: 70980/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HAP_fuzzer-5329909059223552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7eeeda703b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized value
Fixes: 70932/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4870202133643264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4c62cbcae2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Don't reject extradata with missing PS NALUs if array_completeness is not
requested.
Fixes a regression since a696b28886.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 5813e5aa34)
This was previously adjusted by me in 6b3f9c2e92.
Unfortunately, I traded one integer overflow bug for
another.
Currently, NTP timestamps that exceed INT64_MAX
(~Jan 20, 1968) will cause an overflow when passed
to av_rescale.
This patch replaces av_rescale, which operates on
int64_t, with ff_parse_ntp_time, which operates on
uint64_t. This will give the correct values for
timestamps back around the NTP epoch and present day
timestamps.
Fixes ticket #11388.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c0fbb6d5b7)
Written in the dominant style of the surrounding code block.
Signed-off-by: Marth64 <marth64@proxyid.net>
Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
(cherry picked from commit f46415f373)
Written in the dominant style of the surrounding code block.
Reviewed-by: ePirat <epirat07@gmail.com>
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 3528bfed45)
header is previously declared as an int argument then
shadowed in the scope of the loop as a AV1RawOBUHeader.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 8e8260aabf)
When using fast chapter marker calculation (default), the last
marker is inadverdently ignored due to an off-by-one.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit a5a899bfcb)
There is no reason to accept timestamp values beyond what dvdnav
reported as the duration of the title.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 1d55f54846)
Some DVD muxers signal segments to start with duplicate audio samples
when starting extraction from a chapter marker or terminate seamless PGs
on partial audio samples (causing corrupt AC3 frames). Clean up after
these muxers by tracking frames with duplicate PTS and eliminating
partial AC3 frames.
This results in smoother chapter extraction and overall seeking experience,
with linear PTS and AC3 delay within 32ms (1 frame) away from the video.
The issue was not apparent until the flushing pattern was replaced with
a full subdemux reset, as the flushing dropped the frames prematurely,
along side others, as such they were never present to begin with.
(cherry picked from commit 0912407b9d)
The packets effectively serve no purpose and we are already
dropping packets with PTS less than 0. This also creates
for a smoother seeking experience after the subdemuxer
reset fix.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit f2f238c3a4)
It is wasteful to open the subdemuxer if an error occurs while
initializing streams or reading IFO headers.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit a2c57e27d6)
The "auto" mode serves no functional purpose except for logging
a message and setting the value to 1. The documentation clearly
explains what the option is for.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 60434b483c)
Menu 0 is the VIDEO_TS root menu, which does not appear to be used
commonly for menu segments. Instead, default to the menu of VTS 1.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 4a03e95ff4)
Some discs present titles with bogus NAV packets. We apply this check
for menus and for title MPEG blocks, but we should also apply it
for NAV packets during title demuxing.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit afc152f564)
DVDs naturally consist of segmented MPEG-PS blobs within a VOB
(i.e. VOBs are not linear). NAV packs set the segment boundaries.
When switching between segments, discontinuities occur and thus
the subdemuxer needs to be reset. The current approach to manage
this is by invoking ff_read_frame_flush() on the subdemuxer context,
via a callback function which is invoked during the menu or dvdnav
block functions. The same subdemuxer context is used throughout
the demux, with a stretched PTS wrap bits value (64) + disabled
overflow correction, and then flushed on each segment. Eventually,
a play_end context variable is set to declare EOF.
However, this approach causes frame drops. The block read flushes the
demuxer before the frame read is complete, causing frames to drop
on discontinuity. The play_end signal likewise ends playback before
the frame read is complete, causing frames to drop at end of the title.
To compound the issue, the PTS wrap bits value of 64 is wrong;
the VOBU limit is actually 32 and the overflow correction should work.
Instead, EOF the MPEG-PS subdemuxer organically when each VOB segment
ends, and re-open it if needed with the offset after the full frame read
is complete. In doing so, correct the PTS wrap behavior to 32 bits and
remove the play_end/segment_started signals and callback pattern.
Note that the timestamps as reported by the NAV packets are known as
"PTMs", so the fields storing the time prior to adjustment are renamed
accordingly. This makes it more clear when we are offsetting the
NAV packet reported timestamps versus what we present as a demuxer.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit a1ae66c827)
The function has a few branches where it discards frames via
FFERROR_REDO; consolidate is via a goto block to simplify the
function and improve readability. Logging still maintains
all the relevant details for the reason of the discard.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 1964faa568)
Menus are generally segmented by cell, so use them as the
marker delimiters. Requires preindex option to be enabled.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit c1e4b6c676)
This consolidates the FFERROR_REDO handling of NAV packets to
dvdvideo_subdemux_read_data(), is a pre-requisite to calculating
chapter markers for menus, and a pre-requisite to fixing the
frame desync issue when the subdemuxer is flushed.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit b38ca20bf2)
Readability improvement; the warning can be bundled beneath
the preceding validations rather than awkwardly between the memcpy
and return.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 6bbaa7db49)
The default "auto" mode is effectively useless; the reasonable
default use case is to use the first PG (segment) of the
selected PGC for both menus and standard titles. Just
default the value to 1, since the option is irrelevant
unless -pgc is also set.
Note that this should not break users using this advanced option.
The "auto" mode errored and asked for a PG number regardless
for non-menus, and for menus the mode simply defaulted to 1.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit e1ace1d314)
This will be a pre-requisite to calculating chapter markers
for menus.
Signed-off-by: Marth64 <marth64@proxyid.net>
(cherry picked from commit 39c662f541)
Michael Niedermayer
James Almer
Jonathan Baudanza
Eugene Zemtsov
Marth64