Fixes: 173/fuzz-3-ffmpeg_SUBTITLE_AV_CODEC_ID_MOV_TEXT_fuzzer
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a609905723c01e356d35146425c3d45c090aae7b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6ea27157682200e5f78cadcabdb009eccd9dd9b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11f24e71ff2b598d973fd24bcf950eebaea9b3e6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: poc.dat
Found-by: Bingchang, Liu @VARAS of IIE
Tested-by: bc L <l.bing.chang.bc@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37138338ff602803d174b13fecd363a083bc2f9a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 979bca513424879ed0c653cb1b55fc4156a89576)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e167610794db8f2202f9dbe013c54f6b34d7f7a0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5f0bc0215a0f7099a2bcba5dced2e045e70fee61)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f64b6cd22411f574cbc75cab3b6db7dba023ed6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 161ccdaa06d1d109e8f77d2535bda11ce02720f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 16793504dfba44e738655807db3274301b9bc690)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d196f2a5a48faf25fd904b33b1fd239daae9840)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a6330119a099840c5279697cf80cb768df97a90a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d99101d0964f754822fb4af121c4abc69047dba)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a2b8dde65947bfabf42269e124ef83ecf9c5974a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 121be310607879841d19a34d9f16d4fe9ba7f18c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 042faa847feea820451c474af0034fd3de9cff82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Commit 04964ac311abe670f ("avformat/hls: Fix missing streams in some
cases with MPEG TS") caused a regression where subdemuxer streams that
use probing (e.g. dts/eac3/mp2 in mpegts) no longer get probed properly.
This is because the codec parameters from the subdemuxer stream, once
probed, are not passed on to the main stream.
Fix that by updating the codec parameters if the codec id changes.
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
(cherry picked from commit 3d2f636497f7d4404921bf77387381fa6c98d1b3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf14393635559640f10001fa6af46130cb35fa31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The dynamic buffer does not contain the CRC32 element so calls to avio_tell()
don't take it into account. This resulted in CueRelativePosition values being
six bytes short.
This is a regression since 6724525a1576ca334d2ffdc085620bb44aea7394
Instead of adding yet another custom check for CRC32 to fix a size or an offset,
remove the existing ones and reserve the six bytes in the dynamic buffer.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit eabbc64728c2fdb74f565aededec2ab023d20699)
Some people seem to oppose this the patch seems to have been missed for a month on the ML
lets restart the discussion and solve this after the release
This reverts commit e936c8d176efd1a0a41e22df24564b1178c79ea9.
Allowing larger timestamps makes it impossible to calculate basic things like the
difference of 2 timestamps or their sum without checking each individual computation for
overflow.
This should avoid a significant number of overflow checks
Fixes Ticket5136
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Current code doesn't initialize AVPacket::pos. Made it point to FLVTAG so flv_read_packet can decode from pos
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Allows to write correct value for biBitCount into BITMAPINFOHEADER.
Before, ff_put_bmp_header() always wrote "24" as biBitCount
for utvideo because bits_per_coded_sample was never set by the
encoder.
the bps value is only stored with level >= 1, using rgb48 with level 0 requires the
user app to keep track of the bps by external means, which does not always happen
also we force level >= 1 for other 16bps formats, so this is consistent.
Found-by: Jerome Martinez <jerome@mediaarea.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is intended to workaround bug "665 Integer Divide Instruction May
Cause Unpredictable Behavior" on some early AMD CPUs, which causes a
div-by-zero in this codepath, such as reported in Mozilla bug #1293996.
Note that this isn't guaranteed to fix the bug, since a compiler is free
to reorder instructions that don't depend on each other. However, it
appears to fix the bug in Firefox, and a similar patch was applied to
libvpx also (see Chrome bug #599899).
