Remove redundant av_freep() to avoid double free since task will be freed in dnn_free_model_tf() after the success of ff_queue_push_back().
Fixes: af052f9066 ("lavfi/dnn: fix mem leak in TF backend error handle")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
(cherry picked from commit b8d5f65b9e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: BIGSLEEP-436511754/testcase.exr
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0469d68acb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
clr is passing into decode_run_p() its not used when not set
but this possibly triggers msan (it doesnt locally)
Fixes?: use of uninintialized memory
Fixes?: 436997807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-6253316466606080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3542260376)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When timeclamp and/or fps are low, j can be negative.
Fix Ticket11640
(cherry picked from commit 35ea458354)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: index 50 out of bounds for type 'INTFLOAT [40][2]'
Fixes: 401661737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-4866055713652736
Someone knowing AAC well should review this, there is likely a nicer fix
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 01a1b99fc2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: BIGSLEEP-436510153/dwa_uncompress_read.exr
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0d9c003d76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array access
Fixes: BIGSLEEP-436510316/dwa_uncompress_write.exr
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f45da79b2c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add check for the return value of av_packet_alloc() to avoid potential NULL pointer dereference.
Moreover, replace redundant av_free() with fprintf().
Fixes: 9a38184a14 ("examples/decode_audio: allocate the packet dynamically")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c64cff64a2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_free() to free s.temp_dwt_buffer and s.temp_idwt_buffer at the end of the function to avoid memory leak.
Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 446cfbfb74)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add check for the return value of av_malloc_array() to avoid potential NULL pointer dereference.
Fixes: d3be186ed1 ("avfilter/firequalizer: add dumpfile and dumpscale option")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a25462482c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Move av_malloc() after the check for subsampling to avoid memory leak if subsampling < 0 and av_malloc() succeeds.
Fixes: a41a2efc85 ("lavc/videotoolbox: add VP9 hardware acceleration")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b4e6ccb13)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
current->num_tile_columns is not updated in the loop, so the existing
check was not working. Check current index instead and break. This also
simplifies duplicated log.
Fixes: 435225531/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-6639684232216576
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit fb862976df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
- proper pts for packets. leaving it blank leaves it up for guessing,
but the guess doesn't take seeking into account, causing weirdness.
- clamp to 0 when seeking to negative ts. libopenmpt docs are unclear on
this but not doing this causes an immediate EOF when seeking backwards
to the beginning in mpv.
- only set song duration and packet pts when they are non-negative and
in int64 range. NaNs count as out of range. this isn't a fix for any
specific issue but might be helpful still, and shouldn't break
anything.
(cherry picked from commit ecef5f9e1f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Apparently files with milliseconds exist in the wild. And since it cost
nothing to support arbitrary number of digits, extend format to support
that.
Depending on number of digits, the time base of fractional part is
changing. Most LRCs use 2 digits and centiseconds base, but subs with 3
digits and miliseconds exist too.
Set internal time base to AV_TIME_BASE, which in parcitice allows to
hold microseconds with 6 digits. Totally artificial, but who knows maybe
someone wants that.
Fixes: #11677
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit bc3cc0a6af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Slice threading remains available!
The race condition fix is in 8d5efc2182
and bcf08c1171
Backport of these is welcome
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Dithering relies on a 8 line dithering table and the code always uses it from
the beginning. So in order to make dithering independent from height of the
slices used we must enforce a 8 line alignment.
Fixes issue #20071.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit b61e510e75)
Add check for the return value of avcodec_alloc_context3() to avoid potential NULL pointer dereference.
Fixes: 5d48e4eafa ("Merge commit 'a6a750c7ef240b72ce01e9653343a0ddf247d196'")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d234b433)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Add av_packet_free() to free avpkt_clone and avpkt in the error paths to avoid potential memory leak.
Fixes: da3c69a5a9 ("Added test for libavcodec/avpacket.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab040e2565)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: writing 1 byte over the end of the array
Fixes: BIGSLEEP-433502298/test.xml
Found-by: Google Big Sleep
A prettier solution is welcome!
A testcase exists only for the baseurl case
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce0a655f85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If a frame size is absolutely massive, this can spin the parser as it
attempts to decode a permuted TOC. We add a sanity check here for eight
times the size of the image for an internal frame to prevent malicious
bitstreams from slowing the parser down to a crawl.
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 829680f96a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
