Re: [FFmpeg-devel] [PATCH] http: support retry on connection error
Pinging again... Thanks, Eran From: Eran Kornblau Sent: Sunday, October 25, 2020 3:40 PM To: FFmpeg development discussions and patches mailto:ffmpeg-devel@ffmpeg.org>> Subject: [PATCH] http: support retry on connection error Hi, This patch adds 2 options to http: - reconnect_on_status - a list of http status codes that should be retried. the list can contain explicit status codes or the strings 4xx/5xx. - reconnect_on_err - reconnects on arbitrary errors during connect, e.g. ECONNRESET/ETIMEDOUT. The retry employs the same exponential backoff logic as the existing reconnect/reconnect_at_eof flags. Related tickets: https://trac.ffmpeg.org/ticket/6066 https://trac.ffmpeg.org/ticket/7768 Thanks! Eran ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 5/5] avcodec/cfhd: check peak.offset so it stays within the 32bit range
Michael Niedermayer: > Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type > 'int' > Fixes: > 26907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5746202330267648 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/cfhd.c | 4 > 1 file changed, 4 insertions(+) > > diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c > index a2b9c7c76a..e3fbfa4b91 100644 > --- a/libavcodec/cfhd.c > +++ b/libavcodec/cfhd.c > @@ -617,6 +617,10 @@ static int cfhd_decode(AVCodecContext *avctx, void > *data, int *got_frame, > s->peak.level = 0; > } else if (tag == -PeakLevel && s->peak.offset) { > s->peak.level = data; > +if (s->peak.offset < INT_MIN + 4) { > +ret = AVERROR_INVALIDDATA; > +goto end; > +} > bytestream2_seek(&s->peak.base, s->peak.offset - 4, SEEK_CUR); > } else > av_log(avctx, AV_LOG_DEBUG, "Unknown tag %i data %x\n", tag, > data); > Is this peak.offset actually intended to be signed? And if so wouldn't it make more sense to actually check that the buffer contains the seek target? - Andreas ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 3/5] avformat/utils: wrap_timestamp() is only needed for less than 64 bits
Fixes: shift exponent 64 is too large for 64-bit type 'unsigned long long' Fixes: 26497/clusterfuzz-testcase-minimized-ffmpeg_dem_AVI_fuzzer-5690188355076096 Fixes: 26903/clusterfuzz-testcase-minimized-ffmpeg_dem_LUODAT_fuzzer-5641466929741824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 503e583ad0..e4a4e7651b 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -101,7 +101,7 @@ static int is_relative(int64_t ts) { */ static int64_t wrap_timestamp(const AVStream *st, int64_t timestamp) { -if (st->internal->pts_wrap_behavior != AV_PTS_WRAP_IGNORE && +if (st->internal->pts_wrap_behavior != AV_PTS_WRAP_IGNORE && st->pts_wrap_bits < 64 && st->internal->pts_wrap_reference != AV_NOPTS_VALUE && timestamp != AV_NOPTS_VALUE) { if (st->internal->pts_wrap_behavior == AV_PTS_WRAP_ADD_OFFSET && timestamp < st->internal->pts_wrap_reference) -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/5] avformat/id3v2: Sanity check tlen before alloc and uncompress
Fixes: Timeout (>20sec -> 65ms) Fixes: 26896/clusterfuzz-testcase-minimized-ffmpeg_dem_DAUD_fuzzer-5691024049176576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/id3v2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c index cecd9b9f6d..336a3964de 100644 --- a/libavformat/id3v2.c +++ b/libavformat/id3v2.c @@ -993,6 +993,9 @@ static void id3v2_parse(AVIOContext *pb, AVDictionary **metadata, av_log(s, AV_LOG_DEBUG, "Compresssed frame %s tlen=%d dlen=%ld\n", tag, tlen, dlen); +if (tlen <= 0) +goto seek; + av_fast_malloc(&uncompressed_buffer, &uncompressed_buffer_size, dlen); if (!uncompressed_buffer) { av_log(s, AV_LOG_ERROR, "Failed to alloc %ld bytes\n", dlen); -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 5/5] avcodec/cfhd: check peak.offset so it stays within the 32bit range
Fixes: signed integer overflow: -2147483648 - 4 cannot be represented in type 'int' Fixes: 26907/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-5746202330267648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/cfhd.c | 4 1 file changed, 4 insertions(+) diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c index a2b9c7c76a..e3fbfa4b91 100644 --- a/libavcodec/cfhd.c +++ b/libavcodec/cfhd.c @@ -617,6 +617,10 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, s->peak.level = 0; } else if (tag == -PeakLevel && s->peak.offset) { s->peak.level = data; +if (s->peak.offset < INT_MIN + 4) { +ret = AVERROR_INVALIDDATA; +goto end; +} bytestream2_seek(&s->peak.base, s->peak.offset - 4, SEEK_CUR); } else av_log(avctx, AV_LOG_DEBUG, "Unknown tag %i data %x\n", tag, data); -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 4/5] avformat/lvfdec: Check stream_index before use
Fixes: assertion failure Fixes: 26905/clusterfuzz-testcase-minimized-ffmpeg_dem_LVF_fuzzer-5724267599364096.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/lvfdec.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/lvfdec.c b/libavformat/lvfdec.c index 8b8d6f01b9..4c87728def 100644 --- a/libavformat/lvfdec.c +++ b/libavformat/lvfdec.c @@ -106,6 +106,7 @@ static int lvf_read_packet(AVFormatContext *s, AVPacket *pkt) unsigned size, flags, timestamp, id; int64_t pos; int ret, is_video = 0; +int stream_index; pos = avio_tell(s->pb); while (!avio_feof(s->pb)) { @@ -121,12 +122,15 @@ static int lvf_read_packet(AVFormatContext *s, AVPacket *pkt) case MKTAG('0', '1', 'w', 'b'): if (size < 8) return AVERROR_INVALIDDATA; +stream_index = is_video ? 0 : 1; +if (stream_index >= s->nb_streams) +return AVERROR_INVALIDDATA; timestamp = avio_rl32(s->pb); flags = avio_rl32(s->pb); ret = av_get_packet(s->pb, pkt, size - 8); if (flags & (1 << 12)) pkt->flags |= AV_PKT_FLAG_KEY; -pkt->stream_index = is_video ? 0 : 1; +pkt->stream_index = stream_index; pkt->pts = timestamp; pkt->pos = pos; return ret; -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/5] avformat/tedcaptionsdec: Check for overflow in parse_int()
Fixes: signed integer overflow: 111 * 10 cannot be represented in type 'long' Fixes: 26892/clusterfuzz-testcase-minimized-ffmpeg_dem_TEDCAPTIONS_fuzzer-5756045055754240 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/tedcaptionsdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/tedcaptionsdec.c b/libavformat/tedcaptionsdec.c index 6c25d602d6..c15aeea06c 100644 --- a/libavformat/tedcaptionsdec.c +++ b/libavformat/tedcaptionsdec.c @@ -172,6 +172,8 @@ static int parse_int(AVIOContext *pb, int *cur_byte, int64_t *result) if ((unsigned)*cur_byte - '0' > 9) return AVERROR_INVALIDDATA; while (BETWEEN(*cur_byte, '0', '9')) { +if (val > INT_MAX/10 - (*cur_byte - '0')) +return AVERROR_INVALIDDATA; val = val * 10 + (*cur_byte - '0'); next_byte(pb, cur_byte); } -- 2.17.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] Ticket #8750 Add inline function for the vec_xl intrinsic in non-VSX environments
On Sat, 31. Oct 10:17, Andriy Gelman wrote: > On Fri, 16. Oct 00:02, Andriy Gelman wrote: > > On Fri, 09. Oct 20:17, Andriy Gelman wrote: > > > From: Chip Kerchner > > > > > > --- > > > libswscale/ppc/yuv2rgb_altivec.c | 10 ++ > > > 1 file changed, 10 insertions(+) > > > > > > diff --git a/libswscale/ppc/yuv2rgb_altivec.c > > > b/libswscale/ppc/yuv2rgb_altivec.c > > > index 536545293d..930ef6b98f 100644 > > > --- a/libswscale/ppc/yuv2rgb_altivec.c > > > +++ b/libswscale/ppc/yuv2rgb_altivec.c > > > @@ -283,6 +283,16 @@ static inline void cvtyuvtoRGB(SwsContext *c, vector > > > signed short Y, > > > * > > > -- > > > */ > > > > > > +#if !HAVE_VSX > > > +static inline vector unsigned char vec_xl(signed long long offset, const > > > ubyte *addr) > > > +{ > > > +const vector unsigned char *v_addr = (const vector unsigned char *) > > > (addr + offset); > > > +vector unsigned char align_perm = vec_lvsl(offset, addr); > > > + > > > +return (vector unsigned char) vec_perm(v_addr[0], v_addr[1], > > > align_perm); > > > +} > > > +#endif /* !HAVE_VSX */ > > > + > > > #define DEFCSP420_CVT(name, out_pixels) > > > \ > > > static int altivec_ ## name(SwsContext *c, const unsigned char **in, > > > \ > > > int *instrides, int srcSliceY, int > > > srcSliceH, \ > > > > Ping. > > This patch fixes PPC64 build on patchwork. > > > > ping > ping > -- > Andriy ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 5/8] tools/target_dem_fuzzer: Consider it an EIO when reading position wraps around 64bit
On Sun, Oct 25, 2020 at 12:23:09AM +0200, Michael Niedermayer wrote: > Fixes: signed integer overflow: 9223372036854775807 + 564 cannot be > represented in type 'long' > Fixes: > 26494/clusterfuzz-testcase-minimized-ffmpeg_dem_VOC_fuzzer-576754158849228 > Fixes: > 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > tools/target_dem_fuzzer.c | 2 ++ > 1 file changed, 2 insertions(+) will apply [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If you fake or manipulate statistics in a paper in physics you will never get a job again. If you fake or manipulate statistics in a paper in medicin you will get a job for life at the pharma industry. signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v4] Unbreak av_malloc_max(0) API/ABI
Hi, On Fri, Nov 6, 2020 at 11:10 AM Joakim Tjernlund < joakim.tjernl...@infinera.com> wrote: > We unbundle the ffmpeg/mesa and use system mesa/ffmpeg That's the answer to my earlier question also, thank you. I'm fine with applying this, I would suggest that the "new" (correct) behaviour should live under a major update or under a different function name, but I'll leave it to others to make a final decision there... Ronald ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 5/7] avformat/mpegts: Limit copied data to space
On Wed, Nov 04, 2020 at 11:17:53PM +0100, Marton Balint wrote: > > > On Wed, 4 Nov 2020, Michael Niedermayer wrote: > > > Fixes: out of array access > > Fixes: > > 26816/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTSRAW_fuzzer-6282861159907328.fuzz > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavformat/mpegts.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavformat/mpegts.c b/libavformat/mpegts.c > > index ebb09991dc..80d010db6c 100644 > > --- a/libavformat/mpegts.c > > +++ b/libavformat/mpegts.c > > @@ -3169,7 +3169,7 @@ static int mpegts_raw_read_packet(AVFormatContext *s, > > AVPacket *pkt) > > return ret; > > } > > if (data != pkt->data) > > -memcpy(pkt->data, data, ts->raw_packet_size); > > +memcpy(pkt->data, data, TS_PACKET_SIZE); > > finished_reading_packet(s, ts->raw_packet_size); > > if (ts->mpeg2ts_compute_pcr) { > > /* compute exact PCR for each packet */ > > LGTM, thanks. will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The real ebay dictionary, page 1 "Used only once"- "Some unspecified defect prevented a second use" "In good condition" - "Can be repaird by experienced expert" "As is" - "You wouldnt want it even if you were payed for it, if you knew ..." signature.asc Description: PGP signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/2] avcodec/gdv: Remove dead check
lgtm On Sat, Nov 7, 2020 at 2:30 AM Andreas Rheinhardt < andreas.rheinha...@gmail.com> wrote: > At the end of its decode function, the decoder sets *got_frame to 1 and > then checks whether ret is < 0; if so, it is returned, otherwise > avpkt->size is. But it is impossible for ret to be < 0 here and if it > were, it would be nonsense to set *got_frame to 1 before this. Therefore > just return avpkt->size unconditionally. > > Fixes Coverity issue #1439730. > > Signed-off-by: Andreas Rheinhardt > --- > libavcodec/gdv.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/gdv.c b/libavcodec/gdv.c > index f00f3ac145..2be1e2ea7f 100644 > --- a/libavcodec/gdv.c > +++ b/libavcodec/gdv.c > @@ -551,7 +551,7 @@ static int gdv_decode_frame(AVCodecContext *avctx, > void *data, > > *got_frame = 1; > > -return ret < 0 ? ret : avpkt->size; > +return avpkt->size; > } > > static av_cold int gdv_decode_close(AVCodecContext *avctx) > -- > 2.25.1 > > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/2] Revert "avcodec/adpcm_swf: support decoding multiple fixed-sized blocks at once"
Is incorrect behaviour. Was covering for an encoder bug where it produced frames of the wrong size. Fixes: out of array write Fixes: 26821/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_SWF_fuzzer-5764465137811456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg This reverts commit e9dd73d30d09043446ac6dd7b8ad31e557873852. Signed-off-by: Zane van Iperen Will apply series. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".