Fixes out of array access
Fixes: 6b73fa392ac808f02e95a4e0a5770026/asan_static-oob_1b15f9a_1969_e7778535e5f27225fe0d6ded14721430.AVI
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ffe44c5c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Matt Oliver <protogonoi@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3bf142c773)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bbec14de31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If negative pts are possible for some codecs in ogg then the code needs to be
changed to use signed values.
Found-by: Thomas Guilbert <tguilbert@google.com>
Fixes: clusterfuzz_usan-2016-08-02
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c5cc3b08e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes crash in avformat_open_input() when accessing
protocol_whitelist field.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e947b75b1c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fix const corectness and zero init the struct. This example code would actually crash when initializing string.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69630f4d30)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 282477bf45)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4cc896ea5f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5478
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b21f674876)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
It is allocated before, this cannot work
Fixes Ticket5613
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 24f5136196)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 43a4276c69)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes part of ticket 5598
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37005e65eb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes part of ticket 5598
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 250b620d29)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes part of ticket 5598
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bfe945ac3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5326
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit abc957e896)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When multiple threads tries to call av_register_all(), the first thread sets
initialized to 1 and do the register process. At the same time, other thread might
also call av_register_all(), which returns immediately because initialized is set to 1
(even when it has not completed registering codecs). We can avoid this problem
if we set initialised to 1 while exiting from function.
Github: Closes#196
(cherry picked from commit b092ee701f)
Conflicts:
libavformat/allformats.c
Fixes Ticket5598
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d0388bd32e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: usan_granule_overflow
constant type fix by commiter
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1a82d2cf8f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
See: [FFmpeg-devel] [Vote] Code of Conduct
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 89e9393022)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes division by 0 in fate-acodec-ra144
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 635b2ec5f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Avoids unexpected occurance and dependency on NaN behavior and divisions by 0
Testcase: fate-lavf-fate-avi_cram
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6085d6b2ae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Leaking this private structure opens up the possibility that it may
be re-used when parsing later packets in the stream. This is
problematic if the later packets are not the same codec type (e.g.
private allocated during Vorbis parsing, but later packets are Opus
and the private is assumed to be the oggopus_private type in
opus_header()).
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 542f725964)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Larger values would imply file durations of astronomic proportions and cause
overflows
Fixes integer overflow
Fixes: usan_int64_overflow
Found-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8efaee3710)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5443
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11db7eee9b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Functionality used before didn't widen the values from limited to
full range. Additionally, now the decoder uses BT.709 where it
should be used according to the video resolution.
Default for not yet set colorimetry is BT.709 due to most observed
HDMV content being HD.
BT.709 coefficients were gathered from the first two parts of BT.709
to BT.2020 conversion guide in ARIB STD-B62 (Pt. 1, Chapter 6.2.2).
They were additionally confirmed by manually calculating values.
Fixes#4637
(cherry picked from commit 9779b62624)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5319
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9ac154d1fa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Fixes: mozilla bug 1266129
Found-by: Tyson Smith
Tested-by: Tyson Smith
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f36ea57ae6eefb42432220feab0350494f4144c)
Conflicts:
libavcodec/avpacket.c
Sometimes video fails to decode if H.264 configuration changes mid stream.
The reason is that configuration parser assumes that nal_ref_idc is equal to 11b
while actually some codecs but 01b there. The H.264 spec is somewhat
vague about this but it looks like it allows any non-zero nal_ref_idc for sps/pps.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a727606c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Currently, if the movie source filter is used and a seek_point is
specified on a file that has a negative start time, ffmpeg will fail.
An easy way to reproduce this is as follows:
$ ffmpeg -vsync passthrough -filter_complex 'color=d=10,setpts=PTS-1/TB' test.mp4
$ ffmpeg -filter_complex 'movie=filename=test.mp4:seek_point=2' -f null -
The problem is caused by checking for int64_t overflow the wrong way.
In general, to check whether a + b overflows, it is not enough to do:
a > INT64_MAX - b
because b might be negative; the correct way is:
b > 0 && > a > INT64_MAX - b
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1f9734f97)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: maintainer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0cd9ff4e3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Original mail and my own followup on ffmpeg-user earlier today:
I have a device sending out a MJPEG/RTP stream on a low quality setting.
Decoding and displaying the video with libavformat results in a washed
out, low contrast, greyish image. Playing the same stream with VLC results
in proper color representation.
Screenshots for comparison:
http://zevv.nl/div/libav/shot-ffplay.jpghttp://zevv.nl/div/libav/shot-vlc.jpg
A pcap capture of a few seconds of video and SDP file for playing the
stream are available at
http://zevv.nl/div/libav/mjpeg.pcaphttp://zevv.nl/div/libav/mjpeg.sdp
I believe the problem might be in the calculation of the quantization
tables in the function create_default_qtables(), the attached patch
solves the issue for me.
The problem is that the argument 'q' is of the type uint8_t. According to the
JPEG standard, if 1 <= q <= 50, the scale factor 'S' should be 5000 / Q.
Because the create_default_qtables() reuses the variable 'q' to store the
result of this calculation, for small values of q < 19, q wil subsequently
overflow and give wrong results in the calculated quantization tables. The
patch below uses a new variable 'S' (same name as in RFC2435) with the proper
range to store the result of the division.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e3e6a2cff4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5244
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 068026b0f7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes Ticket5345
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 50ef7361cb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Rename luma table to delta table and change how it is used.
CC: libav-stable@libav.org
Signed-off-by: Vittorio Giovara <vittorio.giovara@gmail.com>
Signed-off-by: Diego Biurrun <diego@biurrun.de>
(cherry picked from commit f8c34f4b8d)
(cherry picked from commit 73f3c8f73e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d097a869c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>