We did check video codecs but not audio
Fixes: Assertion failure (on codec_id) in parser.c
Fixes: 472097507/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6016386662203392
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Was inadvertently broken in the switch to ffio_read_size().
Fixes: 6dd83fab44
PR: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21650
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
Fix#20712
When print_sdp() fails during rtp streaming, sch_start()
returns error code without calling wirte_trailer, causing
a memory leak.
The avformat_free_context() will call the mux->deinit, so
we should add a rtp_deinit() to free all internal allocations.
Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
(This also fixes a symbol name collision with libssh,
which has a nonstatic function called md5.)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
We're not writing a kuki chunk because its contents for Opus are currently
unknown, so it's best if we don't allow the creation of non spec compliant
files.
Signed-off-by: James Almer <jamrial@gmail.com>
Given the contents of the Opus kuki are not fully clear, generate it
using know values from the desc and pakt chunks.
Signed-off-by: James Almer <jamrial@gmail.com>
caf_write_deinit() would segfault if the CAFStreamContext
couldn't be allocated. Fix this by moving everything from
CAFStreamContext to the ordinary CAFContext; the separation
doesn't make sense for a format with only one stream anyway
and removing it also avoids an indirection.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
If a codec has fixed block_align and frame_size but a given sample has either
priming or remainder frames, a pakt chunk can be written declaring zero packets
and no table, reporting only the samples to be discarded.
Signed-off-by: James Almer <jamrial@gmail.com>
st->duration is not guaranteed to be set, so store the sum of packet durations instead.
Also, set mPrimingFrames and mRemainderFrames to correct values.
Based on a patch by Jun Zhao.
Signed-off-by: James Almer <jamrial@gmail.com>
Take into account priming frames, exported as start time, and remainder frames,
substracted from the stream duration as well as exported as discard padding
side data in the last packet.
Signed-off-by: James Almer <jamrial@gmail.com>
When s->external_sock is enabled, the underlying sock
will be set after tls_open(), so it should not open a
sock and handshake.
Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
Implement ff_ssl_*_key_cert()
Generate self-signed cert and key in server
mode if there're no key and cert input.
Implement ff_tls_set_external_socket() and
ff_dtls_export_materials()
Add gnutls as dtls protocol deps.
Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
before this commit ffmpeg get Heap Buffer Overflow in DASH Demuxer
via Negative Start Number.
Check the value from mpd xml, set the value to 0 if get negative value.
Fixes: heap buffer overflow
Found-by: Zhenpeng (Leo) Lin from depthfirst
In early code, the BUNDLE always has two stream
id "a=group:BUNDLE 0 1" even though there's only
one stream.
This patch aims to dynamically set BUNDLE value.
Signed-off-by: Jack Lau <jacklau1222@qq.com>
The ICE handshake actually finished after recieve
and handle binding request from peer when the peer
is not ice lite mode.
Log the ice status when it really done.
Signed-off-by: Jack Lau <jacklau1222@qq.com>
Files with multiple consecutive ID3v2 tags were getting low probe
scores (1) because av_probe_input_format3 only skipped the first tag,
leaving subsequent tags to be treated as non-audio data.
Fix by looping to skip all consecutive ID3v2 tags before probing.
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
Exporting unknown layouts as unspec type is pointless in a format that expects
the user to remix the channels in location specific ways.
This simplifies assumptions and reduces the chances of heap buffer overflows.
Fixes: heap-buffer-overflow
Fixes: clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6363647720095744
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: James Almer <jamrial@gmail.com>
The buffer is prepared for avio, so we need to free
the buffer at the end when avio_alloc_context() fails,
otherwise, it will cause memleak.
Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
The fd_set need <sys/select.h> on linux, but it's
not included in os_support.h, it's included in os_support.c
So this patch use poll() to replace select() to avoid
this issue and simplify the code.
Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
The extradata allocated in mov_write_single_packet() for AV1 was missing
the required AV_INPUT_BUFFER_PADDING_SIZE padding bytes. This could lead
to out-of-bounds reads when the extradata is parsed by bitstream readers.
Replace av_memdup() with av_malloc() + memset() + memcpy() to ensure
proper padding is present and zeroed.
Reproduced with:
./ffmpeg -y -f lavfi -i "testsrc=duration=1:size=320x240:rate=30" -c:v libaom-av1 -cpu-used 8 -crf 50 test-av1.mp4
Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
