Fixes: signed integer overflow: -1384566925600903168 * 16 cannot be represented in type 'long'
Fixes: 407069502/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-5159255372267520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
AV1DemuxContext.temporal_unit_size is zero after reading the header,
so the position set when reading the header will not be used at all.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
We may write up to 43 bits, so 5 bytes is not enough.
Fixes: Assertion n>=0 && n<=32 failed at ./libavcodec/get_bits.h:406
Fixes: 398527871/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6602025714647040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
The current vvc_probe function checks for SPS, PPS, and IRAP NAL units but does not enforce their detection order. This can lead to false positives when PPS or IRAP appear before SPS, causing malformed or non-compliant bitstreams to be incorrectly identified as valid VVC streams.
This commit modifies the logic to use boolean flags and enforces the correct detection sequence: SPS must be detected before PPS, and PPS before IRAP. This ensures more accurate probing and prevents invalid bitstreams from being misidentified.
For streams with wrong ordering a lower score is returned
This change addresses issues reported in:
- https://trac.ffmpeg.org/ticket/11496
- https://trac.ffmpeg.org/ticket/11087
Signed-off-by: xiongweixiao <xiongweixiaoxxw@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Codec probing was primarily added to the wav demuxer to support DTS-in-wav
files, but DTS probing functions return AVPROBE_SCORE_EXTENSION+1, so we can be
a bit more strict with the required score.
This fixes MP3 misdetections for some wav files.
Fixes ticket #11581.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: division by 0
Fixes: 395163171/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-542604339373670
Reviewed-by: Peter Ross <pross@xvid.org>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This allows the user to set only the one that is needed to ALL or a
specific "wrong" extension like html
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Commit c8140fe7324f264faacf7395b27e12531d1f13f7 had introduced
a check for value_len > UINT16_MAX.
As a consequence, attached images of sizes larger than UINT16_MAX
could no longer be read.
This is a minimal fix of the regression, avoiding the controversies
of my earlier submission regarding int type handling in asfdec.
Signed-off-by: softworkz <softworkz@hotmail.com>
- Change precision to 6 digits to align with other printed times
- Change label to just "Start"
- Add 's' unit to format 'start' value for consistency
Signed-off-by: softworkz <softworkz@hotmail.com>
This is a raw demuxer, it should not read codec level information and export it
as container level information.
The generic demux code will use the recently introduced parser to take care of
that.
Signed-off-by: James Almer <jamrial@gmail.com>
This demuxers reads encapsulation bytes before reading codec data into the
output packets, so take such offset into consideration.
Signed-off-by: James Almer <jamrial@gmail.com>
The init-cleanup flag makes no sense for a demuxer without
a read_close() function.
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
pkt->pos pointed to the actual packet data, not to the start
of the access unit.
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
The signature check would segfault in case the packet could not
be allocated or if nothing could be read.
Furthermore, read_packet callbacks are supposed to return zero
on success, yet the current code returned the size of the packet.
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Fixes potential use of uninitialized data.
Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This can happen for HLS with AES-128 at the middle of m3u8, so old
protocol is https while new protocol is crypt+https.
And change the log level from ERROR to INFO when protocol/host/port
don't match. User should prepared for this function to fail and
retry with new connection.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
According to RFC 6416 the audio stream sender can pass the data rate
for the audio bitstream as "bitrate=" media format parameter.
Signed-off-by: Marvin Scholz <epirat07@gmail.com>
Seeing the offset of video and audio streams to each other is often
a useful metric in diagnosing and understanding issues with playback
or transcoding.
This commit adds those offsets to the stream info print.
Signed-off-by: softworkz <softworkz@hotmail.com>
This add support for WebVTT subtitles in HLS streams.
Just like for separate audio streams, it supports all available
WebVTT streams in all renditions.
No new options are added, it just works and provides subtitles streams
like any other demuxer.
The code prevents downloading subtitle segments which are farther
in the future than the main segments, to avoid loading hundreds
of subtitle segments in advance.
Signed-off-by: softworkz <softworkz@hotmail.com>
