Fixes: signed integer overflow: 1347551268 * 14 cannot be represented in type 'int'
Fixes: 26458/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-5655364324032512
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 321 * 8746632 cannot be represented in type 'int'
Fixes: 26461/clusterfuzz-testcase-minimized-ffmpeg_dem_PVF_fuzzer-6326427831762944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 7111111111111531010 - -7335632962598013506 cannot be represented in type 'long'
Fixes: 26463/clusterfuzz-testcase-minimized-ffmpeg_dem_LRC_fuzzer-6015558333759488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: timeout(>20sec -> 1ms)
Fixes: 26526/clusterfuzz-testcase-minimized-ffmpeg_dem_EA_fuzzer-5672328069120000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 1111111190 by 3 places cannot be represented in type 'int'
Fixes: 26437/clusterfuzz-testcase-minimized-ffmpeg_dem_NISTSPHERE_fuzzer-4886896091856896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 111111111 * 30 cannot be represented in type 'int'
Fixes: 26448/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-5638440374501376
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: left shift of 21378748 by 10 places cannot be represented in type 'int'
Fixes: 26449/clusterfuzz-testcase-minimized-ffmpeg_dem_MVI_fuzzer-5680463374712832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 55255 * 53207 cannot be represented in type 'int'
Fixes: 26387/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS2_fuzzer-5684222226071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 19922944 * 1024 cannot be represented in type 'int'
Fixes: 26402/clusterfuzz-testcase-minimized-ffmpeg_dem_VMD_fuzzer-5745470053548032
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Now the listen timeout is hardcoded(10s).
How to test(30s timeout):
./ffprobe -listen_timeout 30 -protocol_whitelist rtp,udp,file -i test.sdp
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
then we can set the rtp read timeout instead of infinite timeout.
How to test(5s timeout):
./ffprobe -i rtp://192.168.1.67:1234?timeout=5000000
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
During operation, the user exits and interrupts,
causing pls->segment to be released,
resulting in a null pointer crash
Signed-off-by: bevis <javashu2012@gmail.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Fixes: Infinite loop
Fixes: 26445/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5125558331244544
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Prefer to error than to create a broken file. Closes ticket #5829.
Effectively disables remuxing adpcm_swf from flv -> wav.
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
6f69f7a8bf introduced this and it was part
of a very large merging of refactoring. Current behaviour is what is
reflected by this indenting change, however my understanding of timing
is such that this correct behaviour.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1172299744 * 2 cannot be represented in type 'int'
Fixes: 26258/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5672758488596480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Commit a2b1dd0ce3 added support for
parsing annex B HEVC extradata to extract profile and level information.
Yet it only checks for there to be enough data left for the startcode
and the first byte of the NAL unit header and not for the full NAL unit
header; it simply presumes the second byte of the NAL unit header to be
present and skips it. Then the remaining size of the extradata is calculated
which ends up negative if the second byte of the NAL unit header is not
present. Yet when calling ff_nal_unit_extract_rbsp() it
will be converted to an uint32_t and end up as UINT32_MAX which
will cause mayhem.
This is solved by making sure that there is always enough remaining
extradata that could (pending 0x03 escapes) contain the data that we
are interested in.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Fixes: signed integer overflow: 3458015007900000256 + 6425686373040000000 cannot be represented in type 'long'
Fixes: 26430/clusterfuzz-testcase-minimized-ffmpeg_dem_BRSTM_fuzzer-5761175004119040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
fix ticket: 8636
When write keyframe and the keyframe is the frist packet of the segment,
then compute the size of the keyframe which have been write into segment
first packet. and set the start position of the segment, should not use
avio_tell(vs->out) to get the keyframe position, because it can be set
to 0 if close at above of the workflow, that maybe inaccurate, but the
start_pos can be used here, because start_pos is set after write
the previous packet.
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
if the length of the root url is 0, unnecessary process the root_url
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
The target duration will be a negative value when there are
some b frames after prevous frame, the pts after current packet
is large than the pts of current packet, so the target duration
will compute as 0.040000 - 0.080000, then the value of the target
duration will be -0.040000. so hls muxer should check the pts after
current packet minus the pts of current packet, hls muxer can split
the stream as a segment if the target duration is neither negative nor
zero, hls muxer cannot split the stream as a segment if the
target duration is either negative or zero then get the next packet
until the target duration is not negative or zero.
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
Suggested-by: Zhili Zhao <quinkblack@foxmail.com>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
Fixes: signed integer overflow: 1077952576 * 4 cannot be represented in type 'int'
Fixes: 26152/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5674758518341632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -14671840 * 8224 cannot be represented in type 'int'
Fixes: 24793/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5101884323659776
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: SEGV on unknown address 0x000000000000
Fixes: 26379/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-5709011753893888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This takes the used values from ISO/IEC 13818-1 Table 2-45 and adds
them to the mpegts.h header. No functional changes.
Signed-off-by: Brad Hards <bradh@frogmouth.net>
Signed-off-by: Marton Balint <cus@passwd.hu>
- Call srt_epoll_release() to avoid fd leak on libsrt_setup() error.
- Call srt_cleanup() on libsrt_open() failure.
- Fix return value and method on mode parsing failure.
Based on a patch by Nicolas Sugino <nsugino@3way.com.ar>.
Signed-off-by: Marton Balint <cus@passwd.hu>
Such values are not supported by ff_subtitles_queue*
Fixes: signed integer overflow: 10 - -9223372036854775808 cannot be represented in type 'long'
Fixes: 24193/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5714901855895552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
