Fixes an issue in the previous commit where I forgot that 7.x still had the
distinction between the src and src_sched nodes; which was later removed.
Fixes: d65d34d656
When the furthest-behind stream is being fed by a demuxer that is also
feeding packets to a choked filter graph, we need to unchoke that filter
graph to prevent the demuxer from getting stuck trying to write packets to
the choked filter graph.
This situation can also apply recursively - if the demuxer is also writing
to a filtergraph that is also reading from a choked demuxer, there is a
similar deadlock.
Solve all such deadlocks by just brute-force recursively unchoking all
nodes that can somehow prevent this demuxer from writing packets. This
should normally not result in any change in behavior, unless audio/video
streams are badly desynchronized, in which case it may result in extra
memory usage from the too-far-ahead stream buffering packets inside the
muxer. (But this is, of course, preferable to a deadlock)
---------
Backporting changes:
1. Replaced `SchDec.outputs` by `SchDec.dst`
2. Replace `av_unreachable()` by `av_assert0`
Fixes: https://code.ffmpeg.org/FFmpeg/FFmpeg/issues/20611
Backported-From: 133a0bcb13
The mismatch between neon and C functions can be reproduced
using the following bitstream and command line on aarch64 devices.
wget https://streams.videolan.org/ffmpeg/incoming/replay_intra_pred_16x16.h264
./ffmpeg -cpuflags 0 -threads 1 -i replay_intra_pred_16x16.h264 -f framemd5 -y md5_ref
./ffmpeg -threads 1 -i replay_intra_pred_16x16.h264 -f framemd5 -y md5_neon
Signed-off-by: Bin Peng <pengbin@visionular.com>
(cherry picked from commit 3115c0c0e6)
- proper pts for packets. leaving it blank leaves it up for guessing,
but the guess doesn't take seeking into account, causing weirdness.
- clamp to 0 when seeking to negative ts. libopenmpt docs are unclear on
this but not doing this causes an immediate EOF when seeking backwards
to the beginning in mpv.
- only set song duration and packet pts when they are non-negative and
in int64 range. NaNs count as out of range. this isn't a fix for any
specific issue but might be helpful still, and shouldn't break
anything.
(cherry picked from commit ecef5f9e1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Ticket11526
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f3c3a6ecfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Apparently files with milliseconds exist in the wild. And since it cost
nothing to support arbitrary number of digits, extend format to support
that.
Depending on number of digits, the time base of fractional part is
changing. Most LRCs use 2 digits and centiseconds base, but subs with 3
digits and miliseconds exist too.
Set internal time base to AV_TIME_BASE, which in parcitice allows to
hold microseconds with 6 digits. Totally artificial, but who knows maybe
someone wants that.
Fixes: #11677
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit bc3cc0a6af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Slice threading remains available!
The race condition fix is in 8d5efc2182
and bcf08c1171
Backport of these is welcome
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add check for the return value of avcodec_alloc_context3() to avoid potential NULL pointer dereference.
Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d234b433)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_free() to free extra_data if av_packet_add_side_data() fails.
Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 008679ec16)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_packet_free() to free avpkt_clone and avpkt in the error paths to avoid potential memory leak.
Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab040e2565)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: Use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FITS_DEC_fuzzer-5602250833854464
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1687daa93c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninintilaized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-6235973619351552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44864dbbb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NOTCHLC_fuzzer-5597015691296768
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 610d368d9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IAC_fuzzer-6685890556788736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 715df4b1ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-6651797156724736
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e9e7cb3b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninintialized memory
Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-5910856640823296
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea3851bebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d9bf3c141b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: writing 1 byte over the end of the array
Fixes: BIGSLEEP-433502298/test.xml
Found-by: Google Big Sleep
A prettier solution is welcome!
A testcase exists only for the baseurl case
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce0a655f85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read in the chroma plane
Fixes: 428034092/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_DEC_fuzzer-5582608941776896.test
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b849ac006b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 427532813/clusterfuzz-testcase-minimized-ffmpeg_dem_MXG_fuzzer-5661938917113856
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b12e919cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 412125811/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-6253774274887680
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1b7a327b3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 394990189/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6431722199908352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b16e1ddd9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized memory
Fixes: 403675492/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-4754281823797248
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fa197924a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If a frame size is absolutely massive, this can spin the parser as it
attempts to decode a permuted TOC. We add a sanity check here for eight
times the size of the image for an internal frame to prevent malicious
bitstreams from slowing the parser down to a crawl.
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 829680f96a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 40000 - -9223372036854770000 cannot be represented in type 'long'
Fixes: 427262541/clusterfuzz-testcase-minimized-ffmpeg_dem_CONCAT_fuzzer-4831506940100608
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8cdb47e47a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The true problem happens in several previous get_vlc_symbol()
but checking that is more expensive (involving FFABS())
here its just a simple check between 2 variables we have.
Fixes: Assertion log >= k failed at libavcodec/golomb.h:406
Fixes: 429296194/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_DEC_fuzzer-4691594622337024
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 051e0d7744)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: libavcodec/motion_est.c:94:31: runtime error: applying zero offset to null pointer
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 585a8d5357)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: libswscale/swscale_unscaled.c:916:20: runtime error: applying zero offset to null pointer
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit af9b43455a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add check for the return value of av_malloc_array() and av_calloc()
to avoid potential NULL pointer dereference.
Fixes: dcfd24b10c ("avcodec/alsdec: Implement floating point sample data decoding")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35a6de137a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reduces allocations on random input
Fixes: 421650030/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKAUD_fuzzer-6144441767493632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9899c8c00b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
CLI option parser checks if argument exists when needed, but in this
case only OPT_TYPE_BOOL where checked, so OPT_TYPE_FUNC without argument
where trying to load a file from `arg` which is NULL in this case.
Fixes crash on `ffmpeg -/version`
Fixes: 6d17991b7e
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f62e2de98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
EOF only need to be forwarded back if all outputs have reached EOF.
Fixes infinte loop with ffprobe -f lavfi -i "smptebars=d=1,select=n=2:e=1[out0][out1]"
Regression since d9e41ead82.
Fixes ticket #10959.
Fixes ticket #11366.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit a736ac72bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add handling here for
sps_scaling_matrix_for_alternative_colour_space_disabled_flag.
Also add parentheses to make behaviour a little more explicit,
where &&'s precedence over || was relied on previously.
Reported-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Frank Plowman <post@frankplowman.com>
(cherry picked from commit 540a2497d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by 0
Fixes: 418396712/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6104388018176000
Fixes: 418478219/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4569544410857472
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5b1301004b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8e30d9eeb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This returns to code closer to prior 56c334d732
The prior fixes should limit the sum and avoid the need for double argument log2()
Fixes: Assertion n>=0 && n<=32 failed at libavcodec/get_bits.h:406
Fixes: 410109093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6550900028276736
No testcases except fuzzers
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a5f861d335)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It seems this is basically unused and unfinished code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b587afcb65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 410109093/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OSQ_fuzzer-6550900028276736
Note, none of the available osq files uses update_stats(), this change may fix or break
files using coding_mode == 2. The code prior looks wrong though
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c909ef31be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
As described in section F.6.1 from ETSI TS 102 366.
Found-by: nyanmisaka
Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 17729aa80c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The code uses int, unsigned int and uint16_t to store num_entry_point_offsets
This limits it to the smallest of the 3.
Alternatively uint16_t can be changed and then a larger limit used.
A Check will still be needed.
Fixes: 391974932/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5966648879677440
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 791a333a0e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Niklas Haas
Bin Peng
James Almer
Michael Niedermayer
Kimapr
Kacper Michajłow
Jiasheng Jiang
Leo Izen
Marton Balint
Frank Plowman