Andreas Rheinhardt:
> Andreas Rheinhardt:
>> Up until now, the microdvd demuxer uses av_strdup() to allocate the
>> extradata from a string; its length is set to strlen() + 1, i.e.
>> including the \0 at the end. Upon remuxing, the muxer would simply copy
>> the extradata at the beginning, includin
Fixes: signed integer overflow: 2003010644 * 2 cannot be represented in type
'int'
Fixes:
19593/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5660628006207488
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Micha
On Thu, Dec 26, 2019 at 11:53:35AM +0100, Andreas Rheinhardt wrote:
> Might happen for annex B H.264.
>
> Signed-off-by: Andreas Rheinhardt
> ---
> No change since last time.
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
He who knows, does no
On Thu, Dec 26, 2019 at 11:53:34AM +0100, Andreas Rheinhardt wrote:
> While the function adding a new element to the keyframe index checked
> the allocation, the caller didn't check the return value. This has been
> changed. To do so, the return value has been changed to an ordinary ret
> instead o
On 12/26/2019 7:53 AM, Andreas Rheinhardt wrote:
> Signed-off-by: Andreas Rheinhardt
> ---
> libavformat/wavenc.c | 5 +
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/libavformat/wavenc.c b/libavformat/wavenc.c
> index 159119d693..269793d571 100644
> --- a/libavformat/wav
On Thu, Dec 26, 2019 at 11:53:27AM +0100, Andreas Rheinhardt wrote:
> Signed-off-by: Andreas Rheinhardt
> ---
> libavformat/wavenc.c | 5 +
> 1 file changed, 1 insertion(+), 4 deletions(-)
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Whi
On Thu, Dec 26, 2019 at 11:53:26AM +0100, Andreas Rheinhardt wrote:
> The write_trailer function doesn't write anything anyway. It only frees
> memory.
>
> Signed-off-by: Andreas Rheinhardt
> ---
> libavformat/spdifenc.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
will apply
t
On Thu, Dec 26, 2019 at 09:31:03AM +0800, lance.lmw...@gmail.com wrote:
> From: Limin Wang
>
> Signed-off-by: Limin Wang
> ---
> libavcodec/ass.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
will apply both patches
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF
On Thu, Dec 26, 2019 at 8:35 PM Nicolas George wrote:
> Andreas Rheinhardt (12019-12-26):
> > b) It guarantees to not allocated more than UINT_MAX - 1 elements, so
> > the caller needn't check for overflow if the desired size is increased
> > in steps of one.
>
> This is preparing trouble for lat
Signed-off-by: Paul B Mahol
---
libavfilter/vf_histogram.c | 110 ++---
1 file changed, 55 insertions(+), 55 deletions(-)
diff --git a/libavfilter/vf_histogram.c b/libavfilter/vf_histogram.c
index 83e8925ea7..2381fe980c 100644
--- a/libavfilter/vf_histogram.c
+++
Signed-off-by: Paul B Mahol
---
doc/filters.texi | 46 ++
libavfilter/Makefile | 1 +
libavfilter/allfilters.c | 1 +
libavfilter/vf_histogram.c | 127 ++---
4 files changed, 151 insertions(+), 24 deletions(-)
diff --git a/doc/fi
Signed-off-by: vitamin-caig
---
libavcodec/raw.c| 11 +++
libavcodec/raw.h| 2 --
libavcodec/rawdec.c | 2 +-
libavcodec/utils.c | 12
4 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/libavcodec/raw.c b/libavcodec/raw.c
index b6fb91c1c6..96b7442f51
On 12/26/2019 3:40 PM, Nicolas George wrote:
> It is no longer used in our code base and does not seem
> to be used much in other projects.
>
> Signed-off-by: Nicolas George
> ---
> doc/APIchanges | 3 +++
> libavutil/avstring.c | 2 ++
> libavutil/avstring.h | 5 +
>
On Wed, Dec 25, 2019 at 10:43:02PM +0100, Marton Balint wrote:
> Now it is possible to set them from a string, to serialize them and to use a
> default value.
>
> Signed-off-by: Marton Balint
> ---
> libavutil/opt.c | 51 ++-
> libavutil/opt.h | 10
Andreas Rheinhardt (12019-12-26):
> b) It guarantees to not allocated more than UINT_MAX - 1 elements, so
> the caller needn't check for overflow if the desired size is increased
> in steps of one.
This is preparing trouble for later, and as Michael pointed, it will not
work when the number of ele
Paul B Mahol (12019-12-26):
> Also there is bunch of all small different changes in code, which
> conflict more with your proposal.
I had looked at the code before making my comment: a significant part is
exactly identical or only differs by the name of the variable.
The rest can be handled with
On Thu, Dec 26, 2019 at 11:53:36AM +0100, Andreas Rheinhardt wrote:
> This is an array-equivalent of av_fast_realloc(). Its advantages
> compared to using av_fast_realloc() for allocating arrays are as
> follows:
>
> a) It performs its own overflow checks for the multiplication that is
> implicit
On 12/26/19, Paul B Mahol wrote:
> On 12/26/19, Nicolas George wrote:
>> Paul B Mahol (12019-12-26):
>>> Signed-off-by: Paul B Mahol
>>> ---
>>> doc/filters.texi| 46 +
>>> libavfilter/Makefile| 1 +
>>> libavfilter/allfilters.c| 1 +
>>> libavfilter/vf_thistogr
This is an array-equivalent of av_fast_realloc(). Its advantages
compared to using av_fast_realloc() for allocating arrays are as
follows:
a) It performs its own overflow checks for the multiplication that is
implicit in array allocations. (And it only needs to perform these
checks (as well as the
It is no longer used in our code base and does not seem
to be used much in other projects.
Signed-off-by: Nicolas George
---
doc/APIchanges | 3 +++
libavutil/avstring.c | 2 ++
libavutil/avstring.h | 5 +
libavutil/tests/avstring.c | 4
libavutil/version.h
On 12/26/2019 1:30 PM, James Almer wrote:
> On 12/26/2019 1:24 PM, Lynne wrote:
>> Dec 26, 2019, 13:57 by d...@lynne.ee:
>>
>>> Dec 16, 2019, 23:19 by mich...@niedermayer.cc:
>>>
Fixes: out of array read
Fixes:
19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-56
On 12/26/2019 1:24 PM, Lynne wrote:
> Dec 26, 2019, 13:57 by d...@lynne.ee:
>
>> Dec 16, 2019, 23:19 by mich...@niedermayer.cc:
>>
>>> Fixes: out of array read
>>> Fixes:
>>> 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544
>>>
>>> Found-by: continuous fuzzin
Dec 26, 2019, 13:57 by d...@lynne.ee:
> Dec 16, 2019, 23:19 by mich...@niedermayer.cc:
>
>> Fixes: out of array read
>> Fixes:
>> 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544
>>
>> Found-by: continuous fuzzing process
>> https://github.com/google/oss-fuz
On 26-12-2019 08:30 pm, Andreas Rheinhardt wrote:
On Thu, Dec 26, 2019 at 3:55 PM Gyan Doshi wrote:
---
libavformat/utils.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index b83a740500..7ac3920257 100644
---
---
libavformat/utils.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index b472762dd1..1d2c41e6e6 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -883,13 +883,16 @@ int ff_read_packet(AVFormatContext *s,
Ping?
On Wed, 25 Dec 2019 at 23:13, vitamin-caig wrote:
> Signed-off-by: vitamin-caig
> ---
> libavcodec/raw.c| 11 +++
> libavcodec/raw.h| 2 --
> libavcodec/rawdec.c | 2 +-
> libavcodec/utils.c | 12
> 4 files changed, 12 insertions(+), 15 deletions(-)
>
> di
On Thu, Dec 26, 2019 at 3:55 PM Gyan Doshi wrote:
> ---
> libavformat/utils.c | 15 +--
> 1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index b83a740500..7ac3920257 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/u
On Wed, Dec 25, 2019 at 10:49:47PM -0300, James Almer wrote:
> On 12/25/2019 9:18 PM, Michael Niedermayer wrote:
> > Fixes: out of array access
> > Fixes:
> > 19542/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5659498341728256
> >
> > Found-by: continuous fuzzing process
> > ht
On Wed, Dec 25, 2019 at 12:59:07PM +0100, Andreas Rheinhardt wrote:
> Unused since f09ae730.
>
> Signed-off-by: Andreas Rheinhardt
> ---
> libavfilter/buffersrc.c | 2 --
> 1 file changed, 2 deletions(-)
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC7870
---
libavformat/utils.c | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index b83a740500..7ac3920257 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -876,13 +876,16 @@ int ff_read_packet(AVFormatContext *s,
> About security
> The file path can reveal a wide range of information like
> The platform used,
> The username,
> A potentially writable location
> And a lot more depending on how the directories are layed out
>
> About privacy
> The username is commonly related to the users real name, thats
> s
> you may have to only activate this (or at least the full path
metadata) feature
> if the user explicitly requests it. Probably the best way to do that
is to
> introduce a new option of the image2 demuxer, probably with an
AV_OPT_TYPE_FLAGS
> type.
Do you mean image2 should, for example, have
Dec 16, 2019, 23:19 by mich...@niedermayer.cc:
> Fixes: out of array read
> Fixes:
> 19327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5679823087468544
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: M
On 12/26/19, Nicolas George wrote:
> Paul B Mahol (12019-12-26):
>> Signed-off-by: Paul B Mahol
>> ---
>> doc/filters.texi| 46 +
>> libavfilter/Makefile| 1 +
>> libavfilter/allfilters.c| 1 +
>> libavfilter/vf_thistogram.c | 358
Paul B Mahol (12019-12-26):
> Signed-off-by: Paul B Mahol
> ---
> doc/filters.texi| 46 +
> libavfilter/Makefile| 1 +
> libavfilter/allfilters.c| 1 +
> libavfilter/vf_thistogram.c | 358
> 4 files changed, 406 insertions(+)
>
Signed-off-by: Paul B Mahol
---
doc/filters.texi| 46 +
libavfilter/Makefile| 1 +
libavfilter/allfilters.c| 1 +
libavfilter/vf_thistogram.c | 358
4 files changed, 406 insertions(+)
create mode 100644 libavfilter/vf_thistogr
The classical ptr = av_realloc(ptr, size).
Signed-off-by: Andreas Rheinhardt
---
libavformat/webmdashenc.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c
index d2f0e0ec4d..e8b7a07974 100644
--- a/libavformat/webmda
It doesn't do anything: All allocated blocks have already been freed in
write_header.
Signed-off-by: Andreas Rheinhardt
---
libavformat/webmdashenc.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/libavformat/webmdashenc.c b/libavformat/webmdashenc.c
index 26b8727304..d2f0e0ec4d 10064
Might happen for annex B H.264.
Signed-off-by: Andreas Rheinhardt
---
No change since last time.
libavformat/flvenc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c
index f6379cbe05..1aaf0333ca 100644
--- a/libavformat/flvenc.c
hdsenc already had an explicit function to free all allocations in case
of an error, but it was not marked as deinit function, so that it was
not called automatically when the AVFormatContext for muxing gets freed.
Using an explicit deinit function also makes the code cleaner by
allowing to return
Currently, the Matroska muxer reallocates its array of index entries
each time another entry is added. This is bad performance-wise,
especially on Windows where reallocations are slow. This is solved
by switching to av_fast_realloc_array() which ensures that actual
reallocations will happen only se
Fixes memleaks when the trailer is never written or when shift_data()
fails when writing the trailer.
Signed-off-by: Andreas Rheinhardt
---
libavformat/flvenc.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libavformat/flvenc.c b/libavformat/flvenc.c
index 106be
Signed-off-by: Andreas Rheinhardt
---
libavformat/matroskadec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index fe4a10..268a2dd476 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -154
This is an array-equivalent of av_fast_realloc(). Its advantages
compared to using av_fast_realloc() for allocating arrays are as
follows:
a) It performs its own overflow checks for the multiplication that is
implicit in array allocations. (And it only needs to perform these
checks (as well as the
instead of av_fast_realloc() for allocating an array. It has the
advantage of doing it's own overflow checks and does not overallocate
unnecessarily: It allocates exactly one element if one element is
desired. This is advantageous for CueTrackPositions: While it is
allowed (and supported) to have m
Using a linked list had very much overhead (the pointer to the next
entry increased the size of the index entry struct from 16 to 24 bytes,
not to mention the overhead of having separate allocations), so it is
better to (re)allocate a continuous array for the index.
av_fast_realloc_array() is used
Signed-off-by: Andreas Rheinhardt
---
libavformat/smoothstreamingenc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/smoothstreamingenc.c b/libavformat/smoothstreamingenc.c
index 0e4f531f90..a5fd8a18db 100644
--- a/libavformat/smoothstreamingenc.c
+++ b/libavf
If an AVFormatContext could be allocated, but white-/blacklists couldn't
be copied, the AVFormatContext would leak as it was only accessible
through a local variable that goes out of scope when one goes to fail.
Furthermore, in case writing a header of a submuxer failed, the options
used for said
Signed-off-by: Andreas Rheinhardt
---
libavformat/wavenc.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/libavformat/wavenc.c b/libavformat/wavenc.c
index 159119d693..269793d571 100644
--- a/libavformat/wavenc.c
+++ b/libavformat/wavenc.c
@@ -185,7 +185,6 @@ static av_co
While the function adding a new element to the keyframe index checked
the allocation, the caller didn't check the return value. This has been
changed. To do so, the return value has been changed to an ordinary ret
instead of pb->error. This doesn't pose a problem, as write_packet() in
mux.c already
Nothing written in avformat_write_trailer() for the submuxers will be
output anyway because the AVIOContexts used for actual output have been
closed before the call. Writing the trailer of the subcontext has probably
only been done in order to free the memory allocated by the submuxer.
And this job
The write_trailer function doesn't write anything anyway. It only frees
memory.
Signed-off-by: Andreas Rheinhardt
---
libavformat/spdifenc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/libavformat/spdifenc.c b/libavformat/spdifenc.c
index 4307942a44..d5f7d91e93 10064
Signed-off-by: Andreas Rheinhardt
---
libavformat/smoothstreamingenc.c | 43
1 file changed, 16 insertions(+), 27 deletions(-)
diff --git a/libavformat/smoothstreamingenc.c b/libavformat/smoothstreamingenc.c
index 07745d5cb5..ff38edbe05 100644
--- a/libavformat/s
On Sun, 22 Dec 2019, Marton Balint wrote:
In order to access the original opaque parameter of a buffer in the buffer
pool. (The buffer pool implementation overrides the normal opaque parameter but
also saves it so it is accessible).
v2: add assertion check before dereferencing the BufferPoolE
On 24-12-2019 11:39 am, Gyan wrote:
On 24-12-2019 04:50 am, Michael Niedermayer wrote:
On Tue, Dec 17, 2019 at 02:55:06PM +0530, Gyan wrote:
[...]
@@ -127,6 +204,22 @@ static av_cold int init_dict(AVFilterContext
*ctx, AVDictionary **opts)
if (!scale->h_expr)
av_opt_set(sca
55 matches
Mail list logo
