Re: [FFmpeg-devel] [PATCH] Gsoc: add the two fuzzy targets

> 在 2021年4月22日，下午6:53，Michael Niedermayer 写道： > > On Thu, Apr 22, 2021 at 04:13:56PM +0800, Heng Zhang wrote: >> >> >>> 在 2021年4月20日，下午7:12，Michael Niedermayer 写道： >>> >>> On Tue, Apr 20, 2021 at 12:34:13PM +0800, Heng Zhang wrote: > 在 2021年4月19日，下午5:47，Michael Niedermayer

Re: [FFmpeg-devel] [PATCH 7/9] avformat/id3v2: Check end for overflow in id3v2_parse()

On 4/19/2021 3:23 PM, Michael Niedermayer wrote: Fixes: signed integer overflow: 9223372036840103978 + 67637280 cannot be represented in type 'long' Fixes: 33341/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-6408154041679872 Found-by: continuous fuzzing process https://github.com/googl

[FFmpeg-devel] [PATCH] avcodec/av1_metadata: don't store the inserted TD OBU in stack

Fixes: stack-use-after-return Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904 Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624 Signed-off-by: James Almer --- libavcodec/av1_metadata_bsf.c | 7 --- 1 file changed, 4

Re: [FFmpeg-devel] [PATCH 1/7] avcodec/avcodec: Actually honour the documentation of subtitle_header

James Almer: > On 4/22/2021 2:34 PM, Andreas Rheinhardt wrote: >> James Almer: >>> On 4/18/2021 11:00 PM, Andreas Rheinhardt wrote: It is only supposed to be freed by libavcodec for decoders, yet avcodec_open2() always frees it on failure. Furthermore, avcodec_close() doesn't free it

Re: [FFmpeg-devel] [PATCH 1/7] avcodec/avcodec: Actually honour the documentation of subtitle_header

On 4/22/2021 2:34 PM, Andreas Rheinhardt wrote: James Almer: On 4/18/2021 11:00 PM, Andreas Rheinhardt wrote: It is only supposed to be freed by libavcodec for decoders, yet avcodec_open2() always frees it on failure. Furthermore, avcodec_close() doesn't free it for decoders. Both of this has b

Re: [FFmpeg-devel] [PATCH 1/7] avcodec/avcodec: Actually honour the documentation of subtitle_header

James Almer: > On 4/18/2021 11:00 PM, Andreas Rheinhardt wrote: >> It is only supposed to be freed by libavcodec for decoders, yet >> avcodec_open2() always frees it on failure. >> Furthermore, avcodec_close() doesn't free it for decoders. >> Both of this has been changed. >> >> Signed-off-by: Andr

Re: [FFmpeg-devel] [PATCH 1/7] avcodec/avcodec: Actually honour the documentation of subtitle_header

On 4/18/2021 11:00 PM, Andreas Rheinhardt wrote: It is only supposed to be freed by libavcodec for decoders, yet avcodec_open2() always frees it on failure. Furthermore, avcodec_close() doesn't free it for decoders. Both of this has been changed. Signed-off-by: Andreas Rheinhardt --- This might

Re: [FFmpeg-devel] [PATCH 1/7] avcodec/avcodec: Actually honour the documentation of subtitle_header

Andreas Rheinhardt: > It is only supposed to be freed by libavcodec for decoders, yet > avcodec_open2() always frees it on failure. > Furthermore, avcodec_close() doesn't free it for decoders. > Both of this has been changed. > > Signed-off-by: Andreas Rheinhardt > --- > This might be squashed wi

[FFmpeg-devel] [PATCH 2/2 v2] avcodec/mjpegdec: postpone calling ff_get_buffer() until the SOS marker

With JPEG-LS PAL8 samples, the JPEG-LS extension parameters signaled with the LSE marker show up after SOF but before SOS. For those, the pixel format chosen by get_format() in SOF is GRAY8, and then replaced by PAL8 in LSE. This has not been an issue given both pixel formats allocate the second da

Re: [FFmpeg-devel] [PATCH 4/9] avformat/wtvdec: Improve size overflow checks in parse_chunks()

On Wed, Apr 21, 2021 at 06:28:41PM +1000, Peter Ross wrote: > On Mon, Apr 19, 2021 at 08:23:41PM +0200, Michael Niedermayer wrote: > > Fixes: signed integer overflow: 32 + 2147483647 cannot be represented in > > type 'int > > Fixes: > > 32967/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5

Re: [FFmpeg-devel] [PATCH 4/4] avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()

On Thu, Apr 15, 2021 at 10:44:20PM +0200, Michael Niedermayer wrote: > Fixes: Timeout > Fixes: > 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed

Re: [FFmpeg-devel] [PATCH 2/4] tools/target_dec_fuzzer: Adjust threshold for paf video

On Thu, Apr 15, 2021 at 10:44:18PM +0200, Michael Niedermayer wrote: > Fixes: Timeout (long -> 2sec) > Fixes: > 32790/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PAF_VIDEO_fuzzer-5497584169910272 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/proj

Re: [FFmpeg-devel] [PATCH 1/4] avformat/mov: check for pts overflow in mov_read_sidx()

On Thu, Apr 15, 2021 at 10:44:17PM +0200, Michael Niedermayer wrote: > Fixes: signed integer overflow: 9223372036846336888 + 4278255871 cannot be > represented in type 'long' > Fixes: > 32782/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6059216516284416 > > Found-by: continuous fuzzing p

Re: [FFmpeg-devel] [PATCH 2/2] avcodec/mjpegdec: postpone calling ff_get_buffer() until the SOS marker

On Wed, Apr 21, 2021 at 02:40:55PM -0300, James Almer wrote: > With JPEG-LS PAL8 samples, the JPEG-LS extension parameters signaled with > the LSE marker show up after SOF but before SOS. For those, the pixel format > chosen by get_format() in SOF is GRAY8, and then replaced by PAL8 in LSE. > This

[FFmpeg-devel] [PATCH v3 3/3] avformat/mpegtsenc: Write stream_id into PES after stream_id decision

Since stream_id will have effect on the existences of PES header fields like PTS/DTS, it should be better to guarantee stream_id variable to be identical with exact written value. Signed-off-by: zheng qian --- libavformat/mpegtsenc.c | 15 --- 1 file changed, 8 insertions(+), 7 delet

[FFmpeg-devel] [PATCH v3 2/3] avformat/mpegtsenc: Fix indentation inside if-clause in mpegts_write_pes()

Fix indentation caused by the added stream_id judgement Signed-off-by: zheng qian --- libavformat/mpegtsenc.c | 180 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/libavformat/mpegtsenc.c b/libavformat/mpegtsenc.c index b59dab5174..967f98

[FFmpeg-devel] [PATCH v3 1/3] avformat/mpegtsenc: Fix mpegts_write_pes() for private_stream_2 and other types

Changes since v2: Fix PES_packet_length mismatch bug According to the PES packet definition defined in Table 2-17 of ISO_IEC_13818-1 specification, some fields like PTS/DTS or pes_extension could only appears if the stream_id meets the condition: if (stream_id != 0xBC && // program_stream_map

Re: [FFmpeg-devel] [PATCH] Gsoc: add the two fuzzy targets

On Thu, Apr 22, 2021 at 04:13:56PM +0800, Heng Zhang wrote: > > > > 在 2021年4月20日，下午7:12，Michael Niedermayer 写道： > > > > On Tue, Apr 20, 2021 at 12:34:13PM +0800, Heng Zhang wrote: > >> > >> > >>> 在 2021年4月19日，下午5:47，Michael Niedermayer 写道： > >>> > >>> On Mon, Apr 19, 2021 at 05:06:10PM +080

Re: [FFmpeg-devel] [PATCH v2 1/3] avformat/mpegtsenc: Fix mpegts_write_pes() for private_stream_2 and other types

On 2021/04/22 12:36, zheng qian wrote: On Thu, Apr 22, 2021 at 12:11 PM Mao Hata wrote: PES_packet_length seems to be inaccurate, because "header_len + 3" has already been added to the variable "len". I'm sorry for that and I'll submit v3 patch set later. Please tell me if there're any other

Re: [FFmpeg-devel] [PATCH] Gsoc: add the two fuzzy targets

> 在 2021年4月20日，下午7:12，Michael Niedermayer 写道： > > On Tue, Apr 20, 2021 at 12:34:13PM +0800, Heng Zhang wrote: >> >> >>> 在 2021年4月19日，下午5:47，Michael Niedermayer 写道： >>> >>> On Mon, Apr 19, 2021 at 05:06:10PM +0800, a397341...@163.com >>> wrote: From: toseven