Fixes: signed integer overflow: -293650 * 16525 cannot be represented in type 'int'
Fixes: 408304111/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-4762210299871232
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: -1384566925600903168 * 16 cannot be represented in type 'long'
Fixes: 407069502/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-5159255372267520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read
Fixes: 402587670/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-6343867775647744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The encoder uses max 128 taps, which is quiet a lot already
If work is done to improve sonic, it will be more radical than changing the taps
Fixes: Timeout
Fixes: 402539974/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-6122944271286272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This is based on discussion with the GA and its simply the people
who have done or tried to do some uploads recently.
Everyone who has a shell account on ffmpeg.org should have powers to
upload samples.
CC: compn <compn@ffmpeg.org>
CC: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Up until now if avcodec_send_packet() returned an error,
no attempt to receive a frame from the decoder would be made.
Instead the decoder was presumed to be drained, so that more
packets could be sent to it. Yet this need not be so:
It can happen that a packet would decode to multiple frames
and that decoding the first of these (the one that is decoded
during the avcodec_send_packet() call) returns an error,
in which case the decoder is not yet ready to receive more
input as the remaining parts of the packet have not been decoded
yet. In this case, an AERROR_BUG is triggered.
This happens in ticket #11553 with VP9 (which uses a BSF
to split VP9 superframes and is therefore affected by this).
Fix this by always calling avcodec_receive_frame() unless
xerror is set.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
AV1DemuxContext.temporal_unit_size is zero after reading the header,
so the position set when reading the header will not be used at all.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
We may write up to 43 bits, so 5 bytes is not enough.
Fixes: Assertion n>=0 && n<=32 failed at ./libavcodec/get_bits.h:406
Fixes: 398527871/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6602025714647040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
When decoding a bitstream with weighted-bipred enabled,
the results on ARM and x86 platforms may differ.
The reason for the inconsistency is that the value of
STRIDE_ALIGN differs between platforms. And STRIDE_ALIGN
is set to the buffer stride of temporary buffers for U
and V components in mc_part_weighted.
If the buffer stride is 32 or 64 (as on x86 platforms),
the U and V pixels can be interleaved row by row without
overlapping, resulting in correct output.
However, on ARM platforms where the stride is 16,
the V component did overwrite part of the U component's pixels,
leading to incorrect predicted pixels.
The bug can be reproduced by the following bitstream.
https://trac.ffmpeg.org/attachment/ticket/11357/inter_weighted_bipred2.264
Fixes: ticket 11357
Commit-msg-mostly-by: Bin Peng <pengbin@visionular.com>
Reviewed-by: Bin Peng <pengbin@visionular.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This differs from libvorbis by
stddev: 2.44 PSNR: 88.58 MAXDIFF: 41 bytes: 834304/ 834304
for the file from the ticket
Fixes: Ticket11427
Regression since: dc89cf804a811c0d25f4649a99f7fab4b5b416fa
This is a similar solution to what james proposed earlier in
[FFmpeg-devel] [PATCH] avcodec/vorbisdec: don't abort on EOD when decoding residuals
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The current vvc_probe function checks for SPS, PPS, and IRAP NAL units but does not enforce their detection order. This can lead to false positives when PPS or IRAP appear before SPS, causing malformed or non-compliant bitstreams to be incorrectly identified as valid VVC streams.
This commit modifies the logic to use boolean flags and enforces the correct detection sequence: SPS must be detected before PPS, and PPS before IRAP. This ensures more accurate probing and prevents invalid bitstreams from being misidentified.
For streams with wrong ordering a lower score is returned
This change addresses issues reported in:
- https://trac.ffmpeg.org/ticket/11496
- https://trac.ffmpeg.org/ticket/11087
Signed-off-by: xiongweixiao <xiongweixiaoxxw@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Elapsed time is much less important than the actual progress, and I am guessing
several ffmpeg CLI frontends use the existing status line for showing progress,
so putting a new field in the beginning is less optimal anyway.
Related to ticket #11582.
Signed-off-by: Marton Balint <cus@passwd.hu>
Codec probing was primarily added to the wav demuxer to support DTS-in-wav
files, but DTS probing functions return AVPROBE_SCORE_EXTENSION+1, so we can be
a bit more strict with the required score.
This fixes MP3 misdetections for some wav files.
Fixes ticket #11581.
Signed-off-by: Marton Balint <cus@passwd.hu>
Fixes: shift exponent 49 is too large for 32-bit type 'int'
Fixes: 398060145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5023082406543360
Reviewed-by: James Almer <jamrial@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: out of array read in decode_cu_16x16()
Fixes: 398049430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RV60_fuzzer-5525836849807360
Reviewed-by: Peter Ross <pross@xvid.org>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: division by 0
Fixes: 395163171/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-542604339373670
Reviewed-by: Peter Ross <pross@xvid.org>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 391935573/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MMVIDEO_fuzzer-4655048979709952
Fixes: out of array access
Reviewed-by: Peter Ross <pross@xvid.org>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
