[FFmpeg-cvslog] aadec: improve eof detection
ffmpeg | branch: master | Karsten Otto | Sat Jul 7 19:41:27
2018 +0200| [c126065947514ec41f2d3350b8018ab563a054bb] | committer: Michael
Niedermayer
aadec: improve eof detection
Remember the end position of audio content in the file and check it during
read_packet. There always seems to be other data beyond it, which could be
misinterpreted as more audio. Also add some extra avio_read error checks,
to bail early in case of a broken/truncated file.
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c126065947514ec41f2d3350b8018ab563a054bb
---
libavformat/aadec.c | 15 +--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/libavformat/aadec.c b/libavformat/aadec.c
index 8d39b1d9ba..4db71b1939 100644
--- a/libavformat/aadec.c
+++ b/libavformat/aadec.c
@@ -46,6 +46,7 @@ typedef struct AADemuxContext {
struct AVTEA *tea_ctx;
uint8_t file_key[16];
int64_t current_chapter_size;
+int64_t content_end;
} AADemuxContext;
static int get_second_size(char *codec_name)
@@ -197,6 +198,7 @@ static int aa_read_header(AVFormatContext *s)
}
start = TOC[largest_idx].offset;
avio_seek(pb, start, SEEK_SET);
+c->content_end = start + largest_size;
c->current_chapter_size = 0;
return 0;
@@ -214,6 +216,11 @@ static int aa_read_packet(AVFormatContext *s, AVPacket
*pkt)
int ret;
AADemuxContext *c = s->priv_data;
+// are we at the end of the audio content?
+if (avio_tell(s->pb) >= c->content_end) {
+return AVERROR_EOF;
+}
+
// are we at the start of a chapter?
if (c->current_chapter_size == 0) {
c->current_chapter_size = avio_rb32(s->pb);
@@ -234,7 +241,9 @@ static int aa_read_packet(AVFormatContext *s, AVPacket *pkt)
// decrypt c->current_codec_second_size bytes
blocks = c->current_codec_second_size / TEA_BLOCK_SIZE;
for (i = 0; i < blocks; i++) {
-avio_read(s->pb, src, TEA_BLOCK_SIZE);
+ret = avio_read(s->pb, src, TEA_BLOCK_SIZE);
+if (ret != TEA_BLOCK_SIZE)
+return (ret < 0) ? ret : AVERROR_EOF;
av_tea_init(c->tea_ctx, c->file_key, 16);
av_tea_crypt(c->tea_ctx, dst, src, 1, NULL, 1);
memcpy(buf + written, dst, TEA_BLOCK_SIZE);
@@ -242,7 +251,9 @@ static int aa_read_packet(AVFormatContext *s, AVPacket *pkt)
}
trailing_bytes = c->current_codec_second_size % TEA_BLOCK_SIZE;
if (trailing_bytes != 0) { // trailing bytes are left unencrypted!
-avio_read(s->pb, src, trailing_bytes);
+ret = avio_read(s->pb, src, trailing_bytes);
+if (ret != trailing_bytes)
+return (ret < 0) ? ret : AVERROR_EOF;
memcpy(buf + written, src, trailing_bytes);
written = written + trailing_bytes;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Changelog: update
ffmpeg | branch: release/3.4 | Michael Niedermayer | Sun Jul 8 11:37:06 2018 +0200| [89355585366b16238244decae40fbe0cc7ae3e40] | committer: Michael Niedermayer Changelog: update Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89355585366b16238244decae40fbe0cc7ae3e40 --- Changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Changelog b/Changelog index c586c9a508..c9ddfd2ba8 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,8 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. version 3.4.3: +- avformat/movenc: Check input sample count +- avcodec/mjpegdec: Check for odd progressive RGB - avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id - avcodec/vp8_parser: Do not leave data/size uninitialized - avformat/mms: Add missing chunksize check ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mjpegdec: Check for odd progressive RGB
ffmpeg | branch: release/3.4 | Michael Niedermayer |
Fri Jul 6 16:28:14 2018 +0200| [9fc60cebe42e6e492b6e1a7bcc479796ee42c3ca] |
committer: Michael Niedermayer
avcodec/mjpegdec: Check for odd progressive RGB
Fixes: out of array access
Fixes:
9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9fc60cebe42e6e492b6e1a7bcc479796ee42c3ca
---
libavcodec/mjpegdec.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index a94762929f..95d35fbc31 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -616,6 +616,10 @@ unk_pixfmt:
avpriv_report_missing_feature(s->avctx, "Lowres for weird
subsampling");
return AVERROR_PATCHWELCOME;
}
+if ((AV_RB32(s->upscale_h) || AV_RB32(s->upscale_v)) && s->progressive &&
s->avctx->pix_fmt == AV_PIX_FMT_GBRP) {
+avpriv_report_missing_feature(s->avctx, "progressive for weird
subsampling");
+return AVERROR_PATCHWELCOME;
+}
if (s->ls) {
memset(s->upscale_h, 0, sizeof(s->upscale_h));
memset(s->upscale_v, 0, sizeof(s->upscale_v));
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/movenc: Check input sample count
ffmpeg | branch: release/3.4 | Michael Niedermayer |
Fri Jul 6 22:23:25 2018 +0200| [20ad61ffb7b0fc72d17b5c21035eb85a698ac64b] |
committer: Michael Niedermayer
avformat/movenc: Check input sample count
Fixes: division by 0
Fixes: fpe_movenc.c_199_1.wav
Fixes: fpe_movenc.c_199_2.wav
Fixes: fpe_movenc.c_199_3.wav
Fixes: fpe_movenc.c_199_4.wav
Fixes: fpe_movenc.c_199_5.wav
Fixes: fpe_movenc.c_199_6.wav
Fixes: fpe_movenc.c_199_7.wav
Found-by: #CHEN HONGXU#
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20ad61ffb7b0fc72d17b5c21035eb85a698ac64b
---
libavformat/movenc.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/movenc.c b/libavformat/movenc.c
index aab3e31010..cfbe554dd4 100644
--- a/libavformat/movenc.c
+++ b/libavformat/movenc.c
@@ -5077,6 +5077,11 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket
*pkt)
else
samples_in_chunk = 1;
+if (samples_in_chunk < 1) {
+av_log(s, AV_LOG_ERROR, "fatal error, input packet contains no
samples\n");
+return AVERROR_PATCHWELCOME;
+}
+
/* copy extradata if it exists */
if (trk->vos_len == 0 && par->extradata_size > 0 &&
!TAG_IS_AVCI(trk->tag) &&
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] Tag n3.4.3 : FFmpeg 3.4.3 release
[ffmpeg] [branch: refs/tags/n3.4.3] Tag:fc5ed4a2023d99d7351818f110a4b1316128baba > http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=fc5ed4a2023d99d7351818f110a4b1316128baba Tagger: Michael Niedermayer Date: Sun Jul 8 12:23:40 2018 +0200 FFmpeg 3.4.3 release ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 8b611e2 src/download: Add ffmpeg 3.4.3
The branch, master has been updated via 8b611e2117f130b827275f86bb8b28151936ac76 (commit) from a2406c541a71a7c2ef8c7ba3509f9105cfa76a27 (commit) - Log - commit 8b611e2117f130b827275f86bb8b28151936ac76 Author: Michael Niedermayer AuthorDate: Sun Jul 8 13:00:58 2018 +0200 Commit: Michael Niedermayer CommitDate: Sun Jul 8 13:00:58 2018 +0200 src/download: Add ffmpeg 3.4.3 diff --git a/src/download b/src/download index 655e0fb..d853958 100644 --- a/src/download +++ b/src/download @@ -309,10 +309,10 @@ libpostproc55. 1.100 - FFmpeg 3.4.2 "Cantor" + FFmpeg 3.4.3 "Cantor" -3.4.2 was released on 2018-02-12. It is the latest stable FFmpeg release +3.4.3 was released on 2018-07-08. It is the latest stable FFmpeg release from the 3.4 release branch, which was cut from master on 2017-10-11. It includes the following library versions: @@ -330,19 +330,19 @@ libpostproc54. 7.100 - Download xz tarball - PGP signature + Download xz tarball + PGP signature - Download bzip2 tarball - PGP signature + Download bzip2 tarball + PGP signature - Download gzip tarball - PGP signature + Download gzip tarball + PGP signature - https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.4.2";>Changelog + https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n3.4.3";>Changelog https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/3.4:/RELEASE_NOTES";>Release Notes --- Summary of changes: src/download | 18 +- 1 file changed, 9 insertions(+), 9 deletions(-) hooks/post-receive -- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] ffmpeg: factorize input thread creation and destruction
ffmpeg | branch: release/4.0 | Marton Balint | Wed Jun 27
21:55:38 2018 +0200| [2c138c2d8c343219bd7a10151039ca8a53ca8cae] | committer:
Marton Balint
ffmpeg: factorize input thread creation and destruction
Signed-off-by: Marton Balint
(cherry picked from commit b181cd359b872283d5fcaf7c553bbad88517c78b)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c138c2d8c343219bd7a10151039ca8a53ca8cae
---
fftools/ffmpeg.c | 66 ++--
1 file changed, 40 insertions(+), 26 deletions(-)
diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 16ce07c3ab..be1680dac3 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -4015,49 +4015,63 @@ static void *input_thread(void *arg)
return NULL;
}
+static void free_input_thread(int i)
+{
+InputFile *f = input_files[i];
+AVPacket pkt;
+
+if (!f || !f->in_thread_queue)
+return;
+av_thread_message_queue_set_err_send(f->in_thread_queue, AVERROR_EOF);
+while (av_thread_message_queue_recv(f->in_thread_queue, &pkt, 0) >= 0)
+av_packet_unref(&pkt);
+
+pthread_join(f->thread, NULL);
+f->joined = 1;
+av_thread_message_queue_free(&f->in_thread_queue);
+}
+
static void free_input_threads(void)
{
int i;
-for (i = 0; i < nb_input_files; i++) {
-InputFile *f = input_files[i];
-AVPacket pkt;
+for (i = 0; i < nb_input_files; i++)
+free_input_thread(i);
+}
-if (!f || !f->in_thread_queue)
-continue;
-av_thread_message_queue_set_err_send(f->in_thread_queue, AVERROR_EOF);
-while (av_thread_message_queue_recv(f->in_thread_queue, &pkt, 0) >= 0)
-av_packet_unref(&pkt);
+static int init_input_thread(int i)
+{
+int ret;
+InputFile *f = input_files[i];
-pthread_join(f->thread, NULL);
-f->joined = 1;
+if (nb_input_files == 1)
+return 0;
+
+if (f->ctx->pb ? !f->ctx->pb->seekable :
+strcmp(f->ctx->iformat->name, "lavfi"))
+f->non_blocking = 1;
+ret = av_thread_message_queue_alloc(&f->in_thread_queue,
+f->thread_queue_size,
sizeof(AVPacket));
+if (ret < 0)
+return ret;
+
+if ((ret = pthread_create(&f->thread, NULL, input_thread, f))) {
+av_log(NULL, AV_LOG_ERROR, "pthread_create failed: %s. Try to increase
`ulimit -v` or decrease `ulimit -s`.\n", strerror(ret));
av_thread_message_queue_free(&f->in_thread_queue);
+return AVERROR(ret);
}
+
+return 0;
}
static int init_input_threads(void)
{
int i, ret;
-if (nb_input_files == 1)
-return 0;
-
for (i = 0; i < nb_input_files; i++) {
-InputFile *f = input_files[i];
-
-if (f->ctx->pb ? !f->ctx->pb->seekable :
-strcmp(f->ctx->iformat->name, "lavfi"))
-f->non_blocking = 1;
-ret = av_thread_message_queue_alloc(&f->in_thread_queue,
-f->thread_queue_size,
sizeof(AVPacket));
+ret = init_input_thread(i);
if (ret < 0)
return ret;
-
-if ((ret = pthread_create(&f->thread, NULL, input_thread, f))) {
-av_log(NULL, AV_LOG_ERROR, "pthread_create failed: %s. Try to
increase `ulimit -v` or decrease `ulimit -s`.\n", strerror(ret));
-av_thread_message_queue_free(&f->in_thread_queue);
-return AVERROR(ret);
-}
}
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] ffmpeg: fix -stream_loop with multiple inputs
ffmpeg | branch: release/4.0 | Marton Balint | Wed Jun 27 22:27:01 2018 +0200| [acb7907319837f47803351e4ccf6a5ae90d71a7c] | committer: Marton Balint ffmpeg: fix -stream_loop with multiple inputs The input thread needs to be properly cleaned up and re-initalized before we can start reading again in threaded mode. (Threaded input reading is used when there is mode than one input file). Fixes ticket #6121 and #7043. Signed-off-by: Marton Balint (cherry picked from commit da36bcbeb78c78e493d18d3cd3ac92ea401e7031) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=acb7907319837f47803351e4ccf6a5ae90d71a7c --- fftools/ffmpeg.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c index be1680dac3..c0214c42d8 100644 --- a/fftools/ffmpeg.c +++ b/fftools/ffmpeg.c @@ -4213,7 +4213,7 @@ static int process_input(int file_index) AVFormatContext *is; InputStream *ist; AVPacket pkt; -int ret, i, j; +int ret, thread_ret, i, j; int64_t duration; int64_t pkt_dts; @@ -4236,7 +4236,15 @@ static int process_input(int file_index) avcodec_flush_buffers(avctx); } } +#if HAVE_THREADS +free_input_thread(file_index); +#endif ret = seek_to_start(ifile, is); +#if HAVE_THREADS +thread_ret = init_input_thread(file_index); +if (thread_ret < 0) +return thread_ret; +#endif if (ret < 0) av_log(NULL, AV_LOG_WARNING, "Seek to start failed.\n"); else ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavfi/minterpolate: fix blending calc issue.
ffmpeg | branch: master | Jun Zhao | Wed Jun 27 15:09:25
2018 +0800| [eb776a16ea3c02096ee4eff2f12da0f03cb03ef3] | committer: Jun Zhao
lavfi/minterpolate: fix blending calc issue.
the right blending calc is:
(alpha * Frame_2 + (MAX - alpha) * Frame_1 + 512) >> 10
Signed-off-by: Jun Zhao
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb776a16ea3c02096ee4eff2f12da0f03cb03ef3
---
libavfilter/vf_minterpolate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_minterpolate.c b/libavfilter/vf_minterpolate.c
index d53431593d..c6a5e63f90 100644
--- a/libavfilter/vf_minterpolate.c
+++ b/libavfilter/vf_minterpolate.c
@@ -1122,8 +1122,8 @@ static void interpolate(AVFilterLink *inlink, AVFrame
*avf_out)
for (y = 0; y < height; y++) {
for (x = 0; x < width; x++) {
avf_out->data[plane][x + y * avf_out->linesize[plane]]
=
- alpha *
mi_ctx->frames[2].avf->data[plane][x + y *
mi_ctx->frames[2].avf->linesize[plane]] +
-((ALPHA_MAX - alpha) *
mi_ctx->frames[1].avf->data[plane][x + y *
mi_ctx->frames[1].avf->linesize[plane]] + 512) >> 10;
+(alpha * mi_ctx->frames[2].avf->data[plane][x + y
* mi_ctx->frames[2].avf->linesize[plane]] +
+ (ALPHA_MAX - alpha) *
mi_ctx->frames[1].avf->data[plane][x + y *
mi_ctx->frames[1].avf->linesize[plane]] + 512) >> 10;
}
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] New commits on branch release/3.2
URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=97321ae36056e2360e1c5a43cbdeef164fe34922 Author: Michael Niedermayer Date: Sun Jul 8 21:07:45 2018 +0200 Update for 3.2.11 Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3571bec56eb302dfe01732cc0cdcf75b35ae8211 Author: Michael Niedermayer Date: Fri Jul 6 22:23:25 2018 +0200 avformat/movenc: Check input sample count Fixes: division by 0 Fixes: fpe_movenc.c_199_1.wav Fixes: fpe_movenc.c_199_2.wav Fixes: fpe_movenc.c_199_3.wav Fixes: fpe_movenc.c_199_4.wav Fixes: fpe_movenc.c_199_5.wav Fixes: fpe_movenc.c_199_6.wav Fixes: fpe_movenc.c_199_7.wav Found-by: #CHEN HONGXU# Signed-off-by: Michael Niedermayer (cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8) Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64993b613b3a296dcdc7e9b7037756bed4732b68 Author: Michael Niedermayer Date: Fri Jul 6 16:28:14 2018 +0200 avcodec/mjpegdec: Check for odd progressive RGB Fixes: out of array access Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7) Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92972f19168f323cfe133a42abf130a5f159bfd6 Author: Michael Niedermayer Date: Wed Jun 27 16:51:51 2018 +0200 avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id Fixes: out of array access Fixes: ffmpeg_bof_1.avi Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart Signed-off-by: Michael Niedermayer (cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50) Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f65d6ff9ab06e2f4036a7e0f71072a216e66d239 Author: Michael Niedermayer Date: Tue Jul 3 20:33:04 2018 +0200 avformat/mms: Add missing chunksize check Fixes: out of array read Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a Found-by: Paul Ch 1st hunk by Paul Ch Tested-by: Paul Ch Signed-off-by: Michael Niedermayer (cherry picked from commit cced03dd667a5df6df8fd40d8de0bff477ee02e8) Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e82a06d2bef568124860090e2ec0b0de887c40a1 Author: Michael Niedermayer Date: Tue Jul 3 22:14:42 2018 +0200 avformat/pva: Check for EOF before retrying in read_part_of_packet() Fixes: Infinite loop Fixes: pva-4b1835dbc2027bf3c567005dcc78e85199240d06 Found-by: Paul Ch Signed-off-by: Michael Niedermayer (cherry picked from commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1) Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a42353c7a0c906a38c7cfc2fe29c0242a2c2231 Author: Michael Niedermayer Date: Tue Jul 3 21:37:46 2018 +0200 avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata() Fixes: use after free() Fixes: rmdec-crash-ffe85b4cab1597d1cfea6955705e53f1f5c8a362 Found-by: Paul Ch Signed-off-by: Michael Niedermayer (cherry picked from commit a7e032a277452366771951e29fd0bf2bd5c029f0) Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b8c152327b9a403a648376e1fd3891fcc5fbb38 Author: Michael Niedermayer Date: Mon Jul 2 01:26:44 2018 +0200 avcodec/indeo4: Check for end of bitstream in decode_mb_info() Fixes: Timeout Fixes: 8776/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5361788798369792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 267ba2aa96354c5b6a1ea89b2943fbd7a4893862) Signed-off-by: Michael Niedermayer URL: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7dca182268ac493ba38a18d50c8fcce998ebcaa Author: Michael Niedermayer Date: Mon Jul 2 19:11:46 2018 +0200 avcodec/shorten: Fix undefined addition in shorten_decode_frame() Fixes: signed integer overflow: 1139785606 + 1454196085 cannot be represented in type 'int' Fixes: 8937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6202943597445120 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niederma
[FFmpeg-cvslog] libavcodec/mpegaudiodecheader.h : detect reserved mpeg id
ffmpeg | branch: master | Karsten Otto | Sun Jul 8 12:26:10
2018 +0200| [3bf39f2aeff0defcc11454c497b6ea0ffbcd17ca] | committer: Michael
Niedermayer
libavcodec/mpegaudiodecheader.h : detect reserved mpeg id
Check the MPEG version ID for the reserved bit pattern 01, and abort the
header check in that case. This reduces the chance of misinterpreting
arbitrary data as a valid header, and prevents resulting audio artifacts.
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3bf39f2aeff0defcc11454c497b6ea0ffbcd17ca
---
libavcodec/mpegaudiodecheader.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/mpegaudiodecheader.h b/libavcodec/mpegaudiodecheader.h
index 1cb9216461..ed9961250a 100644
--- a/libavcodec/mpegaudiodecheader.h
+++ b/libavcodec/mpegaudiodecheader.h
@@ -62,6 +62,9 @@ static inline int ff_mpa_check_header(uint32_t header){
/* header */
if ((header & 0xffe0) != 0xffe0)
return -1;
+/* version check */
+if ((header & (3<<19)) == 1)
+return -1;
/* layer check */
if ((header & (3<<17)) == 0)
return -1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] aadec: add chapters and seeking
ffmpeg | branch: master | Karsten Otto | Sun Jul 8 11:46:26
2018 +0200| [6cc6b619b95128ef084720c42ef0d361376e8f09] | committer: Michael
Niedermayer
aadec: add chapters and seeking
read_packet reads content in chunks. Thus seek must be clamped to valid
chunk positions in the file, which in turn are relative to chapter start
positions.
So in read_header, scan for chapter headers once by skipping through the
content. Set stream time_base based on bitrate in bytes/s, for easy
timestamp to position conversion.
Then in read_seek, find the chapter containing the seek position, calculate
the nearest chunk position, and reinit the read_seek state accordingly.
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6cc6b619b95128ef084720c42ef0d361376e8f09
---
libavformat/aadec.c | 85 ++---
1 file changed, 81 insertions(+), 4 deletions(-)
diff --git a/libavformat/aadec.c b/libavformat/aadec.c
index 4db71b1939..17ad20686b 100644
--- a/libavformat/aadec.c
+++ b/libavformat/aadec.c
@@ -35,6 +35,8 @@
#define MAX_TOC_ENTRIES 16
#define MAX_DICTIONARY_ENTRIES 128
#define TEA_BLOCK_SIZE 8
+#define CHAPTER_HEADER_SIZE 8
+#define TIMEPREC 1000
typedef struct AADemuxContext {
AVClass *class;
@@ -46,6 +48,7 @@ typedef struct AADemuxContext {
struct AVTEA *tea_ctx;
uint8_t file_key[16];
int64_t current_chapter_size;
+int64_t content_start;
int64_t content_end;
} AADemuxContext;
@@ -70,7 +73,7 @@ static int aa_read_header(AVFormatContext *s)
uint32_t nkey, nval, toc_size, npairs, header_seed = 0, start;
char key[128], val[128], codec_name[64] = {0};
uint8_t output[24], dst[8], src[8];
-int64_t largest_size = -1, current_size = -1;
+int64_t largest_size = -1, current_size = -1, chapter_pos;
struct toc_entry {
uint32_t offset;
uint32_t size;
@@ -173,19 +176,23 @@ static int aa_read_header(AVFormatContext *s)
st->codecpar->codec_id = AV_CODEC_ID_MP3;
st->codecpar->sample_rate = 22050;
st->need_parsing = AVSTREAM_PARSE_FULL_RAW;
-st->start_time = 0;
+avpriv_set_pts_info(st, 64, 8, 32000 * TIMEPREC);
} else if (!strcmp(codec_name, "acelp85")) {
st->codecpar->codec_id = AV_CODEC_ID_SIPR;
st->codecpar->block_align = 19;
st->codecpar->channels = 1;
st->codecpar->sample_rate = 8500;
+st->codecpar->bit_rate = 8500;
st->need_parsing = AVSTREAM_PARSE_FULL_RAW;
+avpriv_set_pts_info(st, 64, 8, 8500 * TIMEPREC);
} else if (!strcmp(codec_name, "acelp16")) {
st->codecpar->codec_id = AV_CODEC_ID_SIPR;
st->codecpar->block_align = 20;
st->codecpar->channels = 1;
st->codecpar->sample_rate = 16000;
+st->codecpar->bit_rate = 16000;
st->need_parsing = AVSTREAM_PARSE_FULL_RAW;
+avpriv_set_pts_info(st, 64, 8, 16000 * TIMEPREC);
}
/* determine, and jump to audio start offset */
@@ -198,7 +205,28 @@ static int aa_read_header(AVFormatContext *s)
}
start = TOC[largest_idx].offset;
avio_seek(pb, start, SEEK_SET);
+
+// extract chapter positions. since all formats have constant bit rate,
use it
+// as time base in bytes/s, for easy stream position <-> timestamp
conversion
+st->start_time = 0;
+c->content_start = start;
c->content_end = start + largest_size;
+
+while ((chapter_pos = avio_tell(pb)) >= 0 && chapter_pos < c->content_end)
{
+int chapter_idx = s->nb_chapters;
+uint32_t chapter_size = avio_rb32(pb);
+if (chapter_size == 0) break;
+chapter_pos -= start + CHAPTER_HEADER_SIZE * chapter_idx;
+avio_skip(pb, 4 + chapter_size);
+if (!avpriv_new_chapter(s, chapter_idx, st->time_base,
+chapter_pos * TIMEPREC, (chapter_pos + chapter_size) * TIMEPREC,
NULL))
+return AVERROR(ENOMEM);
+}
+
+st->duration = (largest_size - CHAPTER_HEADER_SIZE * s->nb_chapters) *
TIMEPREC;
+
+ff_update_cur_dts(s, st, 0);
+avio_seek(pb, start, SEEK_SET);
c->current_chapter_size = 0;
return 0;
@@ -215,9 +243,10 @@ static int aa_read_packet(AVFormatContext *s, AVPacket
*pkt)
int written = 0;
int ret;
AADemuxContext *c = s->priv_data;
+uint64_t pos = avio_tell(s->pb);
// are we at the end of the audio content?
-if (avio_tell(s->pb) >= c->content_end) {
+if (pos >= c->content_end) {
return AVERROR_EOF;
}
@@ -230,6 +259,7 @@ static int aa_read_packet(AVFormatContext *s, AVPacket *pkt)
av_log(s, AV_LOG_DEBUG, "Chapter %d (%" PRId64 " bytes)\n",
c->chapter_idx, c->current_chapter_size);
c->chapter_idx = c->chapter_idx + 1;
avio_skip(s->pb, 4); // data start offset
+pos += 8;
c->current_codec_second_size = c->codec_second_size;
}
@@ -267,10 +297,56 @@ static int aa_read_packet(AV
