This allows the user to set only the one that is needed to ALL or a
specific "wrong" extension like html
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f99f223eb1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes part of Ticket11435
Fixes: Elisa Viihde (Finnish online recording service)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68644994fd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This fixes mixing up contexts, use of uninitialized data and crashes.
More specifically:
==1001752== Conditional jump or move depends on uninitialised value(s)
==1001752== at 0xA9ED82: avpriv_h264_has_num_reorder_frames (h264dec.c:64)
==1001752== by 0x668C7E: has_decode_delay_been_guessed (demux.c:757)
==1001752== by 0x66AB13: compute_pkt_fields (demux.c:1137)
==1001752== by 0x66B2E9: parse_packet (demux.c:1265)
==1001752== by 0x66BD84: read_frame_internal (demux.c:1449)
==1001752== by 0x67085B: avformat_find_stream_info (demux.c:2692)
==1001752== by 0x25157C: ifile_open (ffmpeg_demux.c:1814)
==1001752== by 0x272B15: open_files (ffmpeg_opt.c:1366)
==1001752== by 0x272D85: ffmpeg_parse_options (ffmpeg_opt.c:1415)
==1001752== by 0x2925C9: main (ffmpeg.c:991)
==1001752== Uninitialised value was created by a heap allocation
==1001752== at 0x483E0F0: memalign (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1001752== by 0x483E212: posix_memalign (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1001752== by 0x14882CE: av_malloc (mem.c:107)
==1001752== by 0x1463785: av_buffer_alloc (buffer.c:82)
==1001752== by 0x146423F: pool_alloc_buffer (buffer.c:369)
==1001752== by 0x14643C4: av_buffer_pool_get (buffer.c:407)
==1001752== by 0x752C4B: buffer_pool_get (mpegts.c:1142)
==1001752== by 0x7538F2: mpegts_push_data (mpegts.c:1407)
==1001752== by 0x758893: handle_packet (mpegts.c:2909)
==1001752== by 0x758E90: handle_packets (mpegts.c:3048)
==1001752== by 0x759B1D: mpegts_read_packet (mpegts.c:3290)
==1001752== by 0x6687A3: ff_read_packet (demux.c:649)
==1001752== by 0x66B594: read_frame_internal (demux.c:1346)
==1001752== by 0x67085B: avformat_find_stream_info (demux.c:2692)
==1001752== by 0x25157C: ifile_open (ffmpeg_demux.c:1814)
==1001752== by 0x272B15: open_files (ffmpeg_opt.c:1366)
==1001752== by 0x272D85: ffmpeg_parse_options (ffmpeg_opt.c:1415)
==1001752== by 0x2925C9: main (ffmpeg.c:991)
Found-by: Alexander A. Shvedov <shvedov@gmx.com>
CC: Pavel Koshevoy <pkoshevoy@gmail.com>
This reverts commit 0021484d05.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Legal since commit 1cd0a9be4b2d1e7c60184ec68404e00e46e3123e
(Jan 4) in the Cellar Matroska specification git repo.
We still hold out on muxing it due to compatibility with
old demuxers.
Reviewed-by: compn <ff@hawaiiantel.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 8a936b8726)
The structure is padded to an even length with an internal
size field to indicate the real size.
The matroska-matroska-display-metadata test (writing FFV1
in VFW mode) was affected by this.
It should also fix ticket #11613.
Reviewed-by: compn <ff@hawaiiantel.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
(cherry picked from commit 92e310eb82)
I have several .ts captures where video and audio codec changes even
though the PMT version does not change and the PIDs stay the same.
This happens during transition to/from slate (mpeg2 video and audio)
to network broadcast (hevc video and eac3 audio in private PES).
I've updated fate ts-demux expected results.
Codec probing was primarily added to the wav demuxer to support DTS-in-wav
files, but DTS probing functions return AVPROBE_SCORE_EXTENSION+1, so we can be
a bit more strict with the required score.
This fixes MP3 misdetections for some wav files.
Fixes ticket #11581.
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit ce01c7fb58)
The offset and end_offset options are meant for segment, not for key.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit bb0c4649fb)
Don't select sample with small dts when interleaved_read is disabled.
Signed-off-by: Zhao Zhili <zhilizhao@tencent.com>
(cherry picked from commit ca964ba139)
(setting to 100 as a reasonable compromise)
The change has caused regressions for many users and consumers.
Playlist reloads only happen when a playlist doesn't indicate that it
has ended (via #EXT-X-ENDLIST), which means that the addition of future
segments is still expected.
It is well possible that an HLS server is temporarily unable to serve
further segments but resumes after some time, either indicating a
discontinuity or even by fully catching up.
With a segment length of 3s, a max_reload value of 1000 corresponds to
a duration of 50 minutes which appears to be a reasonable default.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ace9f03a6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This blocks disallowed extensions from probing
It also requires all available segments to have matching extensions to the format
mpegts is treated independent of the extension
It is recommended to set the whitelists correctly
instead of depending on extensions, but this should help a bit,
and this is easier to backport
Fixes: CVE-2023-6602 II. HLS Force TTY Demuxer
Fixes: CVE-2023-6602 IV. HLS XBIN Demuxer DoS Amplification
The other parts of CVE-2023-6602 have been fixed by prior commits
Found-by: Harvey Phillips of Amazon Element55 (element55)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 91d96dc8dd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When running the cleanup in rtmp_close on failures in rtmp_open,
we can in rare cases end up using rt->playpath, assuming that it
is still set.
The crash could happen if we hit the fail codepath in rtmp_open
while publishing (rt->is_input == 0) with rt->state set to
a value > STATE_FCPUBLISH.
This would normally not happen while publishing; either we have
an error (and rt->state <= STATE_FCPUBLISH) or we reach
rt->state = STATE_PUBLISHING, and then we also return successfully
from rtmp_open.
The unexpected combination of states could happen if the server
responds with e.g. "NetStream.Play.Stop" while expecting
"NetStream.Publish.Start"; this sets rt->state to STATE_STOPPED,
which also fulfills the condition "> STATE_FCPUBLISH".
We don't need to free the rt->playpath/tcurl/flashver strings here;
they're handled via AVOption, and thus are freed automatically when
the protocol instance is freed (that's why they aren't freed
manually within the rtmp_close function either).
We also don't need to free the AVDictionary with options; it's
owned by the caller.
A smaller fix would be to just call rtmp_close before freeing
the strings and dictionary, but as we don't need to free them
at all, let's remove that redundant code.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 8f4819ce01)
Fixes: signed integer overflow: 7803923888585309955 - -3407677434275325337 cannot be represented in type 'int64_t' (aka 'long')
Fixes: 377736723/clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5052449500889088
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 02958ab715)
Fixes: undefined NULL pointer use
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-6363211175493632
This performs equivalent sanity checks as are done in mov_read_trak()
before mov_build_index()
Reported-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit afbc3a1b23)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: use of uninitialized value
Fixes: 70988/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5298245077630976
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9578c135d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Don't reject extradata with missing PS NALUs if array_completeness is not
requested.
Fixes a regression since a696b28886.
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 5813e5aa34)
This was previously adjusted by me in 6b3f9c2e92.
Unfortunately, I traded one integer overflow bug for
another.
Currently, NTP timestamps that exceed INT64_MAX
(~Jan 20, 1968) will cause an overflow when passed
to av_rescale.
This patch replaces av_rescale, which operates on
int64_t, with ff_parse_ntp_time, which operates on
uint64_t. This will give the correct values for
timestamps back around the NTP epoch and present day
timestamps.
Fixes ticket #11388.
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit c0fbb6d5b7)
Written in the dominant style of the surrounding code block.
Signed-off-by: Marth64 <marth64@proxyid.net>
Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
(cherry picked from commit f46415f373)
