In case an AVBPrint was not complete, icecast_open() would free some
buffers that have not been allocated yet instead of freeing the data of
the AVBPrint (if they have been allocated). Because this error does not
trigger a jump to the general cleanup section any more, one can moreover
remove a (now
This will likely also fix CID 1452571, a false positive resulting from
Coverity thinking that av_dict_set() automatically frees its key and
value parameters (even without the AV_DICT_DONT_STRDUP_* flags).
Signed-off-by: Andreas Rheinhardt
---
libavformat/wtvdec.c | 3 +--
1 file changed, 1 inser
This will probably also fix CID 1452559, a false positive where Coverity
claims a double-free occurs, because it thinks that av_dict_set() frees
its key and value arguments even when the AV_DICT_DONT_STRDUP_* flags
aren't used.
Signed-off-by: Andreas Rheinhardt
---
libavformat/icecast.c | 3 +--
This will likely also fix CID 1452562, a false positive resulting from
Coverity thinking that av_dict_set() automatically frees its key and
value parameters (even without the AV_DICT_DONT_STRDUP_* flags).
Signed-off-by: Andreas Rheinhardt
---
libavformat/matroskadec.c | 12 ++--
1 file c
ff_id3v2_parse_priv_dict() uses av_dict_set() with the flags
AV_DICT_DONT_STRDUP_KEY and AV_DICT_DONT_STRDUP_VAL. In this case both
key and value are freed on error (and owned by the destination
dictionary on success), so that freeing them again on error is a
double-free and therefore forbidden. Bu
This will likely also fix CID 1452574 and 1452565, false positives
resulting from Coverity thinking that av_dict_set() automatically
frees its key and value parameters (even without the
AV_DICT_DONT_STRDUP_* flags).
Signed-off-by: Andreas Rheinhardt
---
libavformat/mov.c | 8
1 file cha
Signed-off-by: Andreas Rheinhardt
---
libavformat/dss.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/libavformat/dss.c b/libavformat/dss.c
index d7f9cafe47..8bc6af134e 100644
--- a/libavformat/dss.c
+++ b/libavformat/dss.c
@@ -103,15 +103,11 @@ static int dss_rea
004ebd4b added a function with a parameter that was declared as restrict
and not av_restrict. This is not supported by MSVC as several FATE-boxes
that now fail to build show. So use av_restrict.
Signed-off-by: Andreas Rheinhardt
---
Here is one of many logs of a failing build with MSVC:
http://fa
Hi Michael,
> On Nov 6, 2019, at 11:02 AM, Michael Niedermayer
> wrote:
>
> On Wed, Nov 06, 2019 at 08:54:50AM -0800, Baptiste Coudurier wrote:
>> Hey Michael,
>>
>>> On Nov 4, 2019, at 12:43 PM, Michael Niedermayer
>>> wrote:
>>>
>>> On Sat, Nov 02, 2019 at 12:06:19PM -0700, Baptiste Coudu
---
libavcodec/dv.h | 1 +
libavcodec/dvenc.c | 561
tests/fate/vcodec.mak | 14 +-
tests/ref/vsynth/vsynth1-dv-fhd | 4 +
tests/ref/vsynth/vsynth1-dv-hd | 4 +
tests/ref/vsynth/vsynth2-dv-fhd | 4 +
tests/ref/vsynth
---
libavformat/mxfenc.c | 15 ---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c
index b7ae5cc637..f7df9c3daf 100644
--- a/libavformat/mxfenc.c
+++ b/libavformat/mxfenc.c
@@ -1092,7 +1092,7 @@ static int64_t mxf_write_cdci_co
---
libavformat/mxfenc.c | 110 ---
1 file changed, 41 insertions(+), 69 deletions(-)
diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c
index 122d336fc3..b7ae5cc637 100644
--- a/libavformat/mxfenc.c
+++ b/libavformat/mxfenc.c
@@ -123,18 +123,8 @@ enu
---
libavformat/mxfenc.c | 126 ---
1 file changed, 45 insertions(+), 81 deletions(-)
diff --git a/libavformat/mxfenc.c b/libavformat/mxfenc.c
index aa23ee3947..122d336fc3 100644
--- a/libavformat/mxfenc.c
+++ b/libavformat/mxfenc.c
@@ -83,6 +83,7 @@ typede
On 11/9/2019 7:01 PM, Derek Buitenhuis wrote:
> On 09/11/2019 21:47, James Almer wrote:
>> No, this encoder doesn't have an AVCodec->encode2() implementation, so
>> it can't be used with the avcodec_encode_video2() API, only with the
>> avcodec_send_frame()/avcodec_receive_packet() one, so no need
Encoders must return reference counted packets.
This was checked only for encoders using the encode2 AVCodec API, while
blindly accepting whatever encoders using the receive_packet AVCodec API
were returning.
Signed-off-by: James Almer
---
libavcodec/encode.c | 8 +++-
1 file changed, 7 ins
Fixes: Timeout (80sec -> 33sec)
Fixes:
18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
---
libavcodec/alsdec.c | 8
The 0 case was added with the support for multiple packets. It
appears unintended and causes extra complexity and out of array
accesses (though within padding)
No testcase
Signed-off-by: Michael Niedermayer
---
libavcodec/g729dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --g
Signed-off-by: Michael Niedermayer
---
libavcodec/g729dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c
index 4d70cb6eba..75e422814c 100644
--- a/libavcodec/g729dec.c
+++ b/libavcodec/g729dec.c
@@ -458,7 +458,7 @@ static int deco
buf_size is not updated as buf is advanced so it is wrong after the first
iteration
Fixes: Timeout (160sec -> 27sec)
Fixes:
18658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_G729_fuzzer-5729784269373440
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/pr
This optimizes the code slightly (116 -> 80sec)
Testcase:
18668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5710836719157248
Signed-off-by: Michael Niedermayer
---
libavcodec/alsdec.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/alsdec.c
This will be used in the next commit
Signed-off-by: Michael Niedermayer
---
libavcodec/g729dec.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c
index d728b388b4..300fac1c04 100644
--- a/libavcodec/g729dec.c
+++ b/libavcodec/
This combination would assume different block sizes throughout the code so its
better to error out.
No testcase
Signed-off-by: Michael Niedermayer
---
libavcodec/g729dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/g729dec.c b/libavcodec/g729dec.c
index 67054
On 11/9/2019 7:00 PM, Derek Buitenhuis wrote:
> Port to the new send/receive API by: James Almer .
>
> Signed-off-by: Derek Buitenhuis
> ---
> Only difference to v6 is the call to av_new_packet().
> ---
> configure | 5 +
> doc/encoders.texi | 43 +++
> doc/general.texi
On 09/11/2019 21:47, James Almer wrote:
> No, this encoder doesn't have an AVCodec->encode2() implementation, so
> it can't be used with the avcodec_encode_video2() API, only with the
> avcodec_send_frame()/avcodec_receive_packet() one, so no need to take
> user provided packets into consideration
Port to the new send/receive API by: James Almer .
Signed-off-by: Derek Buitenhuis
---
Only difference to v6 is the call to av_new_packet().
---
configure | 5 +
doc/encoders.texi | 43 +++
doc/general.texi | 7 +
libavcodec/Makefile| 1 +
libavcodec/allcodecs.
On 11/9/2019 6:15 PM, Derek Buitenhuis wrote:
> On 09/11/2019 18:03, James Almer wrote:
>>> +if (ctx->tile_rows >= 0) {
>>
>> Since these are no longer log2 values, does rav1e change 0 to 1 internally?
>> It may be a better idea to make 0 the default, and only call
>> rav1e_config_parse_int() i
Port to the new send/receive API by: James Almer .
Signed-off-by: Derek Buitenhuis
---
All previous requests applied/fixed.
---
configure | 5 +
doc/encoders.texi | 43 +++
doc/general.texi | 7 +
libavcodec/Makefile| 1 +
libavcodec/allcodecs.c | 1 +
libavc
On 09/11/2019 18:03, James Almer wrote:
>> +if (ctx->tile_rows >= 0) {
>
> Since these are no longer log2 values, does rav1e change 0 to 1 internally?
> It may be a better idea to make 0 the default, and only call
> rav1e_config_parse_int() if it's > 0.
Yes.
Changed to match this.
>> +i
On 11/9/2019 2:06 PM, Derek Buitenhuis wrote:
> Port to the new send/receive API by: James Almer .
>
> Signed-off-by: Derek Buitenhuis
> ---
> rav1e now has a release, and is committed to proper semver for its soname:
> https://github.com/xiph/rav1e/releases/tag/0.1.0
>
> * All problems and
On Sat, Nov 09, 2019 at 04:11:13PM +0100, Paul B Mahol wrote:
> ok
will apply
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In fact, the RIAA has been known to suggest that students drop out
of college or go to community college in order to be able to
On Sat, Oct 26, 2019 at 05:04:20AM +0200, Andreas Rheinhardt wrote:
> On Fri, Oct 25, 2019 at 10:44 PM Michael Niedermayer
> wrote:
>
> > On Fri, Oct 25, 2019 at 11:11:46AM +0200, Andreas Rheinhardt wrote:
> > > Using a linked list had very much overhead (the pointer to the next
> > > entry incre
Port to the new send/receive API by: James Almer .
Signed-off-by: Derek Buitenhuis
---
rav1e now has a release, and is committed to proper semver for its soname:
https://github.com/xiph/rav1e/releases/tag/0.1.0
* All problems and nits form v4 have been addressed.
* Default mode is now QP 100
On Fri, Oct 25, 2019 at 03:02:18PM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: -2147450880 - 65535 cannot be represented in
> type 'int'
> Fixes:
> 18393/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-5667520110919680
>
> Found-by: continuous fuzzi
On Fri, Oct 25, 2019 at 03:02:17PM +0200, Michael Niedermayer wrote:
> Fixes: left shift of negative value -30
> Fixes:
> 18392/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_OKI_fuzzer-5631771831435264
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tr
On Fri, Oct 25, 2019 at 03:02:16PM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 2046820356 * 8 cannot be represented in type
> 'int'
> Fixes:
> 18391/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5631674666188800
>
> Found-by: continuous fuzzing process
>
On Tue, Oct 22, 2019 at 04:27:03PM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 1494495519 + 1494495519 cannot be represented
> in type 'int'
> Fixes:
> 18347/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SBC_fuzzer-5711714661695488
>
> Found-by: continuous fuzzing pro
On Tue, Oct 22, 2019 at 04:27:04PM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 538976288 * 8 cannot be represented in type
> 'int'
> Fixes:
> 18348/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_METASOUND_fuzzer-6681325716635648
>
> Found-by: continuous fuzzing process
On Wed, Oct 23, 2019 at 08:57:11PM +0200, Michael Niedermayer wrote:
> Fixes: index 32 out of bounds for type 'int [32]'
> Fixes:
> 18350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3P_fuzzer-5643794862571520
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuz
On Wed, Oct 23, 2019 at 08:57:13PM +0200, Michael Niedermayer wrote:
> Fixes: division by zero
> Fixes:
> 18362/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5653727679086592
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
On Wed, Oct 23, 2019 at 08:57:14PM +0200, Michael Niedermayer wrote:
> Fixes: index 25 out of bounds for type 'float [23]'
> Fixes:
> 18355/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_COOK_fuzzer-5641398941908992
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz
On Thu, Oct 24, 2019 at 12:54:25AM +0200, Michael Niedermayer wrote:
> Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
> Fixes:
> 18368/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XSUB_fuzzer-5702665442426880
>
> Found-by: continuous fuzzing process
> https://gith
On Mon, Oct 21, 2019 at 01:20:59AM +0200, Michael Niedermayer wrote:
> Fixes: signed integer overflow: 2117181180 + 60483298 cannot be represented
> in type 'int'
> Fixes:
> 18344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5685327791915008
>
> Found-by: continuous fuzzing proce
On Sat, Oct 19, 2019 at 10:39:48PM +0200, Michael Niedermayer wrote:
> Fixes: memleaks
> Fixes:
> 18332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC3P_fuzzer-5655654374572032
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Si
On 09-11-2019 09:39 pm, Michael Niedermayer wrote:
On Tue, Nov 05, 2019 at 06:35:54PM +0530, Gyan wrote:
On 05-11-2019 03:55 pm, Michael Niedermayer wrote:
On Tue, Nov 05, 2019 at 10:13:52AM +0530, Gyan wrote:
On 05-11-2019 04:35 am, Michael Niedermayer wrote:
On Sun, Nov 03, 2019 at 11:14
ok
On 11/9/19, Michael Niedermayer wrote:
> On Thu, Sep 26, 2019 at 09:50:15AM +0200, Paul B Mahol wrote:
>> bettter add init cleanup?
>
> Thats not the problem, init does not fail with the testcase
> also the cleanup is called for every case init is called
>
> The problem is that ff_get_buffer()
On Tue, Nov 05, 2019 at 06:35:54PM +0530, Gyan wrote:
>
>
> On 05-11-2019 03:55 pm, Michael Niedermayer wrote:
> >On Tue, Nov 05, 2019 at 10:13:52AM +0530, Gyan wrote:
> >>
> >>On 05-11-2019 04:35 am, Michael Niedermayer wrote:
> >>>On Sun, Nov 03, 2019 at 11:14:25AM +0530, Gyan wrote:
> Help
Clipping is done as it was preferred in review
See: [FFmpeg-devel] [PATCH 1/5] avcodec/atrac9dec: Check precision_fine/coarse
Fixes: out of array access
Fixes:
18330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5641113058148352
Signed-off-by: Michael Niedermayer
---
libavcod
On Sun, Oct 20, 2019 at 02:15:11AM +0200, Lynne wrote:
> Oct 19, 2019, 21:39 by mich...@niedermayer.cc:
> I do not know if this or some clipping or other is the best course of action.
> I have only a fuzzed file which triggers this and neither reference code nor
> specification which would document
On Sun, Oct 20, 2019 at 12:13:29PM +0200, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer
> ---
> libavutil/lfg.h | 6 ++
> 1 file changed, 6 insertions(+)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The real ebay dictionary,
On Sat, Oct 19, 2019 at 12:19:22AM +0200, Michael Niedermayer wrote:
> Fixes: Timeout (109sec -> 0.6sec)
> Fixes:
> 18309/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INTERPLAY_ACM_fuzzer-6226598168100864
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/mas
On Fri, Oct 18, 2019 at 08:24:21PM +0200, Michael Niedermayer wrote:
> On Fri, Oct 18, 2019 at 03:09:48AM +0200, Lynne wrote:
> > Oct 17, 2019, 23:25 by mich...@niedermayer.cc:
> > Signed-off-by: Michael Niedermayer
> > ---
> > libavcodec/ffv1.h| 1 +
> > libavcodec/ffv1dec.c | 10 +++---
On Wed, Oct 16, 2019 at 01:07:13AM +0200, Michael Niedermayer wrote:
> Fixes: Ticket8152
>
> Signed-off-by: Michael Niedermayer
> ---
> libavformat/flvenc.c | 6 ++
> 1 file changed, 6 insertions(+)
will apply
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FA
On Wed, Oct 16, 2019 at 01:05:44AM +0200, Michael Niedermayer wrote:
> Fixes: Timeout (too long -> 42sec)
> Fixes:
> 18181/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-5736646250594304
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/proje
On Tue, Oct 08, 2019 at 05:44:55PM +0200, Paul B Mahol wrote:
> How are you sure this is still correctly decoding samples?
get_ur_golomb() implements a optimized ur golomb reader for short limits with
escape codes.
get_ur_golomb_jpegls() supports longer codes but is slower, it differs in how
it ha
On 05-11-2019 06:35 pm, Gyan wrote:
On 05-11-2019 03:55 pm, Michael Niedermayer wrote:
On Tue, Nov 05, 2019 at 10:13:52AM +0530, Gyan wrote:
On 05-11-2019 04:35 am, Michael Niedermayer wrote:
On Sun, Nov 03, 2019 at 11:14:25AM +0530, Gyan wrote:
Helps better identification of expr eval f
On Sat, Oct 12, 2019 at 09:35:43PM +0200, Michael Niedermayer wrote:
> Fixes: Timeout (196sec -> 2sec)
> Fixes:
> 18026/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5640941108461568
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects
On Sun, Sep 29, 2019 at 01:53:42AM +0200, Michael Niedermayer wrote:
> Fixes: Timeout (147sec -> 2sec)
> Fixes:
> 17704/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5723851098423296
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/pro
On Fri, Oct 11, 2019 at 12:40:10AM +0200, Michael Niedermayer wrote:
> Fixes: Timeout (65sec -> 0.5sec)
> Fixes:
> 18072/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5722709366931456
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/pro
On Sat, Oct 05, 2019 at 11:41:06PM +0200, Michael Niedermayer wrote:
> Fixes: Timeout (22 -> 100 ms)
> Fixes:
> 15173/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQX_fuzzer-5662556846292992
> Fixes:
> 17896/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQX_fuzzer-5679312077848576
>
> F
On Thu, Sep 26, 2019 at 09:50:15AM +0200, Paul B Mahol wrote:
> bettter add init cleanup?
Thats not the problem, init does not fail with the testcase
also the cleanup is called for every case init is called
The problem is that ff_get_buffer() during init is not fully supported
Also API says "Thi
On Tue, Oct 15, 2019 at 01:48:38AM +0200, Michael Niedermayer wrote:
> Fixes: Ticket7990
>
> Signed-off-by: Michael Niedermayer
> ---
> libavcodec/snowenc.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
will apply patchset
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF673
Hi Jan,
Thank you for the comment.
> All of the samples I've seen in the wild (well, on the DASH-IF test
> vector list, which is the only place I've seen both AC-4 and MPEG-H
> Audio at until now) seem to utilize mha1, such as
> https://dash.akamaized.net/dash264/TestCasesMCA/fraunhofer/MPEGH_714
62 matches
Mail list logo