Speed improvment 35.5 sec -> 34.7sec
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71bf0330505e2108935d05c5c018ec65eac4b946)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 1080/clusterfuzz-testcase-5353236754071552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce7098b8f2b59c62b5abdb3d74819db75cf67698)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: 619/clusterfuzz-testcase-5803914534322176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61ee2ca7758672128e30b3e87908b6845e006d71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array read
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c92f55847a3d9cd12db60bfcd0831ff7f089c37c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes out of array access
Found-by: Thomas Garnier using libFuzzer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 25ab1a65f3acb5ec67b53fb7a2463a7368f1ad16)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
If it is negative, it causes segmentation faults in decode_rle.
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit f621749d1181987b3f815c6766ea66d6c5d55198)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Otherwise it will never be reset, and remain "stuck" in this state
forever. Can happen when seeking: the decoder will receive fragments
from different file positions, which triggers the condition easily.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
dvdsub_decode() can call append_to_cached_buf() 2 times, the second time
with ctx->buf as argument. If the second append_to_cached_buf() reallocs
ctx->buf, the argument will be a pointer to the previous, freed block.
This can cause invalid reads at least with some fuzzed files - and
possibly with valid files.
Since packets can apparently not be larger than 64K (even if packets are
combined), just use a fixed size buffer. It will be allocated as part of
the DVDSubContext, and although some memory is "wasted", it's relatively
minimal by modern standards and should be acceptable.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The code blindly trusted buffer offsets read from the file in the RLE
decoder. Explicitly check the offset. Also error out on other RLE
decoding errors.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'd466d82faaf6e0e57a3a4be5e38e3902ef251ac3':
dvdsubdec: Do not leak on failure path
Conflicts:
libavcodec/dvdsubdec.c
See: 7fa9f7ef1c2f0cee81ec6ea6a4ff10af4c4fc62c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
improve the debugging function for saving subtitles
to PPM files: Actually use the alpha channel.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Fix an off-by-one error that causes the height of decoded
subtitles to be too small, thus cutting off the lowest row
of pixels.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* commit '3dc6272bed7890a49080e18eacf3c7a4a6594b0d':
Remove a number of unnecessary dsputil.h #includes
Conflicts:
libavcodec/h264pred.c
libavcodec/vc1dsp.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'b3ea76624ad1baab0b6bcc13f3f856be2f958110':
vf_aspect: use the name 's' for the pointer to the private context
Remove commented-out debug #define cruft
Conflicts:
libavcodec/4xm.c
libavcodec/dvdsubdec.c
libavcodec/ituh263dec.c
libavcodec/mpeg12.c
libavfilter/avfilter.c
libavfilter/vf_aspect.c
libavfilter/vf_fieldorder.c
libavformat/rtmpproto.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
