Fixes: out of array read
Fixes: BIGSLEEP-445383648
Fixes: crash_input_1/2/3.dhav
Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55e71768cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Otherwise it might be > buf_ptr in which case ffio_get_checksum()
could segfault (s->buf_ptr - s->checksum_ptr would be negative
which would be converted to something very big when converted
to unsigned for the update_checksum callback).
Fixes ticket #11233.
Reported-by: Du4t
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 987c955cd7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Last parameter to recvfrom() is not initialized, causing
recvfrom() to randomly return EINVAL. Issue was introduced in
af04a27893.
(cherry picked from commit 4348bde2d2)
The parser API doesn't work with packets, only raw data, so in order for it to
be made aware of new extradata propagated through packet side data we need to
pass it in some other form, namely, replacing the main extradata and ensuring
it will be parsed by restarting the parser.
Signed-off-by: James Almer <jamrial@gmail.com>
When parsing the RTSP message reason, the whole remainder
after parsing the status code was used, which would lead to
a leading space in the parsed reason string.
(cherry picked from commit e63e040f0c)
Signed-off-by: Marvin Scholz <epirat07@gmail.com>
When reading fails the first time, ch would be uninitialized and
printed in the log message. Instead check for an error early and
log it properly.
(cherry picked from commit 2ed47ab725)
Signed-off-by: Marvin Scholz <epirat07@gmail.com>
When using a literal IPv6 address as hostname, it can contain a Zone ID
especially in the case of link-local addresses. Sending this to the
server in the Host header is not useful to the server and in some cases
servers refuse such requests.
To prevent any such issues, strip the Zone ID from the address if it's
an IPv6 address. This also removes it for the Cookies lookup.
Based on a patch by: Daniel N Pettersson <danielnp@axis.com>
(cherry picked from commit 5cb6d2221a)
Signed-off-by: Marvin Scholz <epirat07@gmail.com>
fix a regression introduced in 4eca8df,
writing chapters failed if chapters where
not available before mov_write_header().
(cherry picked from commit b2f5bc7fd3)
The array is only ever needed for streams where each sample entry may have a
different value. Given that for non animated HEIF there's a single value that
applies to the image, use the field defined for that.
Fixes: NULL pointer dereference
Fixes: 437528618/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6537287645331456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit a28e01a6c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
heif_items are reused and to avoid leaking memory or using stale name,
clear it first.
Fixes: 432505829/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6654363487764480
Found-by: OSS-Fuzz
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
(cherry picked from commit 3bf8bf965f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Simple parser that only parses frame information.
This helps avoid requiring the software decoder on init to decode a
single frame, since the decoder can be quite slow.
Fixes: utils.c:524:9: runtime error: call to function
handle_init_section_args through pointer to incorrect function type
'void (*)(void *, const char *, int, char **, int *)'
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
In general, a provider code corresponds to a company/organization, and
the name should be that of the company, not of a given feature.
The feature is signalled in the "provider oriented code".
The exception is HDR Vivid, where the code 0x0004 indicates the HDR Vivid
feature itself rather than CUVA (China UHD Video Industry Alliance),
according to the UHD World Associations 'HDR Video Technology Part 2-1
Application Guide to System Integration' document.
ITU_T_T35_PROVIDER_CODE_CUVA -> ITU_T_T35_PROVIDER_CODE_HDR_VIVID
ITU_T_T35_PROVIDER_CODE_LCEVC-> ITU_T_T35_PROVIDER_CODE_VNOVA
ITU_T_T35_PROVIDER_CODE_SMTPE -> ITU_T_T35_PROVIDER_CODE_SAMSUNG
Signed-off-by: Maryla Ustarroz-Calonge <maryla@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Introduced by 307983b292
Use the following command line to reproduce the issue:
./configure --toolchain=msvc --disable-asm --enable-ffmpeg \
--disable-everything --enable-decoder=vvc --enable-parser=vvc \
--enable-demuxer='vvc,mpegts' --enable-protocol='file,pipe' \
--enable-encoder='rawvideo,wrapped_avframe' \
--enable-muxer='rawvideo,md5,null'
Signed-off-by: Wu Jianhua <toqsxw@outlook.com>
The check to return on EOF should not be inside a block that will not be entered after reaching EOF.
Should fix "libavcodec/bytestream.h:144:27: runtime error: applying zero offset to null pointer".
Signed-off-by: James Almer <jamrial@gmail.com>
- proper pts for packets. leaving it blank leaves it up for guessing,
but the guess doesn't take seeking into account, causing weirdness.
- clamp to 0 when seeking to negative ts. libopenmpt docs are unclear on
this but not doing this causes an immediate EOF when seeking backwards
to the beginning in mpv.
- only set song duration and packet pts when they are non-negative and
in int64 range. NaNs count as out of range. this isn't a fix for any
specific issue but might be helpful still, and shouldn't break
anything.
Allows to output LRC with more precision than standard centiseconds.
Time base is determined by number of requested digits.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Apparently files with milliseconds exist in the wild. And since it cost
nothing to support arbitrary number of digits, extend format to support
that.
Depending on number of digits, the time base of fractional part is
changing. Most LRCs use 2 digits and centiseconds base, but subs with 3
digits and miliseconds exist too.
Set internal time base to AV_TIME_BASE, which in parcitice allows to
hold microseconds with 6 digits. Totally artificial, but who knows maybe
someone wants that.
Fixes: #11677
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
This will ensure it will be stored in the stream's private context, so it can
be fetched and replaced as required.
Fixes a regression since eefa6de7d5.
Fixes avc-intra-panasonic-AG-HPX301E.mov
Signed-off-by: James Almer <jamrial@gmail.com>
