Fixes segfaults in the absence of fonts; this can happen because the
file didn't contain any or because the allocation of the font-string
failed.
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextenc.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/m
Background colour was never initialized if no style was available.
Use a sane default of zero (i.e. completely transparent).
Fixes Coverity issue #1461471.
Signed-off-by: Andreas Rheinhardt
---
No change for this patch since last time; I am just resending all because
I have added a few patches t
Otherwise the mov_text encoder can segfault when given subtitles with more
than one AVSubtitleRect if one of the first nb_rects - 1 rects contained
a style attribute.
Signed-off-by: Andreas Rheinhardt
---
The earlier commit message claimed to be about a muxer in
avcodec/movtextdec.
I still don't
Signed-off-by: Andreas Rheinhardt
---
Alternatively one could also change the types of the colors in ASSStyle
(ass_split.h) to uint32_t.
libavcodec/movtextenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
index 73d998d080.
It makes no sense to call the functions to write styl, hlit or hclr boxes
with a different box name than "styl", "hlit" or "hclr". Therefore this
commit inlines these values in the functions, removes the function
parameter containing the box's name and removes the (non obsolete) box
names from the
Up until now, the mov_text encoder used the dynamic array API for its
list of style attributes; it used the (horrible) av_dynarray_add() which
works with an array of pointers; on error it frees its array but not
the buffers referenced by the pointers said array contains. It also
returns no error co
The mov_text encoder uses an AVBPrint to assemble the subtitles;
yet mov_text subtitles are not pure text; they also have a binary
portion that was mostly handled as follows:
uint32_t size = /* calculation */;
size = AV_RB32(&size);
av_bprint_append_data(bprint, (const char*)&size, 4);
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextenc.c | 14 +-
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/libavcodec/movtextenc.c b/libavcodec/movtextenc.c
index 2082dc9b25..1bef21e0b9 100644
--- a/libavcodec/movtextenc.c
+++ b/libavcodec/movtextenc.c
@@ -30
On Sat, 17 Oct 2020, caihaonin...@gmail.com wrote:
From: "ruiquan.crq"
Signed-off-by: ruiquan.crq
---
libavformat/tests/url.c | 1 +
libavformat/url.c | 2 +-
tests/ref/fate/url | 4
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavformat/tests/url.c b/libavfo
> 在 2020年10月17日,13:38,徐慧书 写道:
>
> Andreas Rheinhardt 于2020年10月16日周五 下午9:32写道:
>
>> javashu2...@gmail.com:
>>> From: bevis
>>>
>>> Signed-off-by: bevis
>>> ---
>>> libavformat/hls.c | 5 +++--
>>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/libavformat/hls.c b/libav
On Fri, Oct 16, 2020 at 11:03 PM Michael Niedermayer
wrote:
>
> On Fri, Oct 16, 2020 at 04:16:44PM +0300, Jan Ekström wrote:
> > Adds a wrapper function, which handles any errors depending on how
> > fatal a failure would be.
> > ---
> > fftools/ffmpeg.c | 51 -
On Sat, Oct 17, 2020 at 07:52:02AM +1100, Peter Ross wrote:
> On Fri, Oct 16, 2020 at 07:35:29PM +0200, Michael Niedermayer wrote:
> > Fixes: SEGV on unknown address 0x
> > Fixes:
> > 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
> >
> > Found-by: continu
On Sun, Sep 27, 2020 at 10:20:53PM +0200, Michael Niedermayer wrote:
> Fixes: off by 1 error
> Fixes: index 5 out of bounds for type 'COOKSubpacket [5]'
> Fixes:
> 25772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5762459498184704.fuzz
>
> Found-by: continuous fuzzing process
>
On Fri, Oct 09, 2020 at 06:47:15PM +0200, Michael Niedermayer wrote:
> On Fri, Oct 09, 2020 at 10:37:20PM +0800, Steven Liu wrote:
> >
> >
> > > 在 2020年10月9日,03:19,Michael Niedermayer 写道:
> > >
> > > Fixes: Timeout (too long -> 1ms)
> > > Fixes:
> > > 26108/clusterfuzz-testcase-minimized-ffmpe
On Sun, Oct 04, 2020 at 09:41:43PM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: -895002 * 2400 cannot be represented in type
> 'int'
> Fixes:
> 26052/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5431812577558528
>
> Found-by: continuous fuzzing process
>
On Mon, Oct 05, 2020 at 03:24:08AM +0200, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: out of array access
> > Fixes:
> > 26047/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5083031667474432
> >
> > Found-by: continuous fuzzing process
> > https://github.com/goo
On Fri, Oct 16, 2020 at 01:30:27PM +0200, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer
> ---
> libavcodec/hevc_mvs.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
will apply patchset
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0F
Marton Balint 于2020年10月17日周六 下午4:35写道:
> And why not also add # here as well? With the same logic, there can be
> URL-s like dummy.mp4#t=0:02:00,121.5 and they will fail currently.
>
> Also a more clear wording for the comment:
> /* lavf "schemes" can contain options but not some RFC 3986 delimit
From: "ruiquan.crq"
Signed-off-by: ruiquan.crq
---
libavformat/tests/url.c | 2 ++
libavformat/url.c | 2 +-
tests/ref/fate/url | 8
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c
index 2440ae08bc..2eb597bb5e
From: "ruiquan.crq"
Signed-off-by: ruiquan.crq
---
libavformat/tests/url.c | 2 ++
libavformat/url.c | 2 +-
tests/ref/fate/url | 8
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c
index 2440ae08bc..2eb597bb5e
> On Sep 18, 2020, at 10:33 PM, Zhao Zhili wrote:
>
> From: Zhao Zhili
>
> ---
> libavformat/mov.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index 9fc0db24d5..f99605c2cd 100644
> --- a/libavformat/mov.c
> +++ b/libavformat
Ping for review.
> On Sep 24, 2020, at 1:28 AM, Zhao Zhili wrote:
>
> If sc->ctts_allocated_size is larger than the new buffer size,
> av_fast_realloc() will return NULL. Since sc->ctts_data is freed,
> ctts_allocated_size should be reset to zero. It's better to avoid
> free sc->ctts_data at the
> On Oct 17, 2020, at 3:37 PM, Andreas Rheinhardt
> wrote:
>
> It makes no sense to call the functions to write styl, hlit or hclr boxes
> with a different box name than "styl", "hlit" or "hclr". Therefore this
> commit inlines these values in the functions, removes the function
> parameter co
Zhao Zhili:
>
>
>> On Oct 17, 2020, at 3:37 PM, Andreas Rheinhardt
>> wrote:
>>
>> It makes no sense to call the functions to write styl, hlit or hclr boxes
>> with a different box name than "styl", "hlit" or "hclr". Therefore this
>> commit inlines these values in the functions, removes the fu
Joakim Tjernlund:
> On Fri, 2020-10-16 at 01:38 +0200, Andreas Rheinhardt wrote:
>> CAUTION: This email originated from outside of the organization. Do not
>> click links or open attachments unless you recognize the sender and know the
>> content is safe.
>>
>>
>> Joakim Tjernlund:
>>> From
>>>
Andreas Rheinhardt:
> Up until now the ASV2 decoder used an ordinary big-endian bitreader to
> read data actually destined for a little-endian bitreader; this is done
> by reversing the whole input packet bitwise, using the big-endian
> bigreader and reversing (and shifting) the result again. This
Up until now, the 3GPP Timed Text decoder used av_dynarray_add()
for a list of font entries, a structure which contains an allocated
string. The font entries are owned by the pointers in the dynamic array
and are therefore unsuitable for av_dynarray_add() which simply frees
the array, but not the f
There is no need to walk through the list of fonts twice.
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextdec.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index e46c932c20..974118c4c1 100644
--- a/libav
Every font entry occupies at least three bytes, so checking early
whether there is that much data available is a low-effort way to exclude
invalid extradata. Doing so leads to an overall simplification.
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextdec.c | 18 +++---
1 file
If allocating fonts fails when reading the header, all fonts are freed,
yet the counter of fonts is not reset and no error is returned; when
subtitles are decoded lateron, the inexistent list of fonts is searched
for the matching font for this particular entry which of course leads to
a segfault.
Up until now, the 3GPP Timed Text decoder used av_dynarray_add()
for a list of style entries. Said entries are inidiviually allocated
and owned by the pointers in the dynamic array and are therefore
unsuitable for av_dynarray_add() which simply frees the array,
but not the entries on error. In this
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextdec.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 95dfb2a0af..ad790bf44c 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.
They would either lead to unnecessary ASS tags being emitted (namely
tags that are reset immediately thereafter) or would lead to problems
when parsing: e.g. if a zero-length style immediately follows another
style, the current code will end the preceding style and set the
zero-length style as the
style_active doesn't do anything any more: It is already assured
that style_active is one when one reaches the end of a style.
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextdec.c | 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/libavcodec/movtextdec.c b/liba
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextdec.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 1bfca8b79d..e5ce58a184 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -430,7 +430,
Improves readability.
Signed-off-by: Andreas Rheinhardt
---
libavcodec/movtextdec.c | 74 -
1 file changed, 28 insertions(+), 46 deletions(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index e5ce58a184..95dfb2a0af 100644
--- a/libavcod
The checks for whether a style should be opened/closed at the current
character position are as follows: A variable entry contained the index
of the currently active or potentially next active style. If the current
character position coincided with the start of style[entry], the style
was activated
Signed-off-by: James Almer
---
libavcodec/av1dec.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index 54aeba1812..04aaf5d148 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -109,13 +109,18 @@ static void read_
av_probe_input_buffer2() iterates until *fmt is found. If *fmt is not
zeroed out beforehand, no probes will be taken because it is detected
that format is already found at the beginning. In these cases method
returns success with *fmt potentially containing the previous junk.
Signed-off-by: zsugab
Signed-off-by: Paul B Mahol
---
doc/filters.texi| 30
libavfilter/Makefile| 2 +
libavfilter/af_afreqshift.c | 274
libavfilter/allfilters.c| 2 +
4 files changed, 308 insertions(+)
create mode 100644 libavfilter/af_afreqshif
Fixes: OOM
Fixes:
26414/clusterfuzz-testcase-minimized-ffmpeg_dem_FWSE_fuzzer-5070632544632832
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavformat/wavdec.c | 3 ++-
1 file changed, 2 insertions(+
Fixes: Infinite loop
Fixes:
26392/clusterfuzz-testcase-minimized-ffmpeg_dem_GIF_fuzzer-5713658237419520
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavformat/ifv.c | 14 +++---
1 file chang
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type
'int'
Fixes:
26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niede
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type
'int'
Fixes:
26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-568426071552
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Nieder
Fixes: Infinite loop
Fixes:
26376/clusterfuzz-testcase-minimized-ffmpeg_dem_PCM_U32LE_fuzzer-6050518830678016
Fixes:
26377/clusterfuzz-testcase-minimized-ffmpeg_dem_TY_fuzzer-4838195726123008
Fixes:
26384/clusterfuzz-testcase-minimized-ffmpeg_dem_G729_fuzzer-5173450337157120
Fixes:
26396/cluste
Fixes: Timeout (too looong -> 1 ms)
Fixes:
26366/clusterfuzz-testcase-minimized-ffmpeg_dem_SDX_fuzzer-5655584843759616
Fixes:
26391/clusterfuzz-testcase-minimized-ffmpeg_dem_ALP_fuzzer-5484026133217280
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/
___
From: ffmpeg-devel on behalf of Michael
Niedermayer
Sent: Thursday, October 15, 2020 11:35 PM
To: FFmpeg development discussions and patches
Subject: Re: [FFmpeg-devel] [PATCH] libavformat/hls: add support for SAMPLE-AES
decryption in HLS demuxer
On Thu,
On 16/10/20 4:22 pm, Zane van Iperen wrote:
>
> adpcm_swf support in WAV is completely broken. block_align isn't set
> correctly, so
> the demuxer gives incorrect packets to the decoder. The encoder doesn't
> provide a
> value for block_align, so it's set to 1.
>
> All of this has no bearing
On 18/10/20 6:45 am, Paul B Mahol wrote:
>
> Signed-off-by: Paul B Mahol
> ---
> doc/filters.texi| 30
> libavfilter/Makefile| 2 +
> libavfilter/af_afreqshift.c | 274
> libavfilter/allfilters.c| 2 +
> 4 files change
Saves about 10KB.
Signed-off-by: Andreas Rheinhardt
---
libavcodec/on2avcdata.c | 921 ++--
1 file changed, 36 insertions(+), 885 deletions(-)
diff --git a/libavcodec/on2avcdata.c b/libavcodec/on2avcdata.c
index ec983572e6..0aa49cee78 100644
--- a/libavcodec/
Up until now, quad VLCs are initialized with codes of type uint32_t,
pair VLCs with codes of type uint16_t. There were two separate loops in
the decoder's init function for each type of VLC. This commit unifies
this: The type of the codes are now passed in as void * and the actual
size of the codes
The longest codes of any VLC codebooks are 18 bits long and the VLC
tables itself use 9 bits; therefore it is sufficient to read twice from
the table, yet this has been done thrice.
Signed-off-by: Andreas Rheinhardt
---
libavcodec/on2avc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-
52 matches
Mail list logo
