Fixes: use after free
Fixes: 22484/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5671488765296640
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Gautam Ramakrishnan <gautamramk@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
There are two different ways KLV is used in MISB specs - sync and async.
The corresponding text (in ST1401) says:
ISO/IEC 13818-1 Table-34 defines a stream_type = 0x15 for “Metadata carried in PES packets,”
and Table 2-22 defines a stream_id = 0xFC for “metadata stream.”
and
In ISO/IEC 13818-1, Table-34 defines a stream_type = 0x06 for “PES packets containing private
data,” and Table 2-22 defines a stream_id = 0xBD for “private_stream_1.”
These constants allow us to distinguish the two cases, as codec profiles.
Signed-off-by: Marton Balint <cus@passwd.hu>
Then one doesn't need to free the frame in case the length turns out to
be insufficient.
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
e,g: the command:
ffprobe -show_format -i fate-suite/aac/foo.aac -loglevel 99 will
dump the trace message as follow when start_time is AV_NOPTS_VALUE
[aac @ 0x55bf8e1f3dc0] stream 0: start_time: -326791809695.818 duration: 2.174
[aac @ 0x55bf8e1f3dc0] format: start_time: -9223372036854.775 duration: 2.174 bitrate=120 kb/s
after this fix, will dump the start_time with "NOPTS".
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
Fix vpad.name leak in error path, move the vpad related operation
only if enabled show IR frequency response.
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
Fixes: overread by 1
Fixes: 21880/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_IMA_CUNNING_fuzzer-5717917221257216.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
We need at least a few bits of entropy to determine the start index of each
queue, in order to let filters run in parallel as much as possible, and
rand() is not thread safe and disrupts any external API's usage of rand,
so instead replace it with av_get_random_seed.
While it has more overhead than rand, we only run it once per filter upon init.
Up until now, the HLS muxer uses av_strtok() to split an input string
controlling parameters of the VariantStreams and then duplicates
parts of this string containing parameters such as the language or the
name of the VariantStream. But these parts are proper zero-terminated
strings of their own that are never modified lateron, so one can simply
use the substring as-is without creating a copy. This commit implements
this.
The same also happened for the string controlling the closed caption
groups.
Furthermore, add const to indicate that the pointers to these substrings
are not used to modify them and also to indicate that these strings are
not allocated on their own.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Up until now, the HLS muxer duplicated a string for every VariantStream,
although neither the original nor the copies are ever modified. So use
the original directly and stop copying.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>