summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* avformat/av1: add color config values to AV1SequenceParametersJames Almer2019-08-031-14/+18
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* avcodec/vp8: do vp7_fade_frame() laterMichael Niedermayer2019-08-031-8/+11
| | | | | | | | Fixes: Timeout (100sec -> 5sec) Fixes: 15073/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5649257362620416 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Check for end of input in vp4_unpack_vlcs()Michael Niedermayer2019-08-031-0/+2
| | | | | | | | | Fixes: Timeout (too long -> 1sec) Fixes: 15232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-5769583086010368 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross <pross@xvid.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vp3: Check that theora is theoraMichael Niedermayer2019-08-021-0/+4
| | | | | | | | | | | Theora is forced to be non zero if it is zero and a sample is asked for, as suggested by reimar Fixes: Timeout (2min -> 600ms) Fixes: 15366/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5737849938247680 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avutil/mips: Avoid instruction exception caused by gssqc1/gslqc1.Shiyou Yin2019-08-022-2/+2
| | | | Ensure the address accesed by gssqc1/gslqc1 are 16-byte aligned.
* avcodec/msrle: remove unused itemsPaul B Mahol2019-08-021-5/+0
|
* lavu/tx: add support for double precision FFT and MDCTLynne2019-08-029-677/+825
| | | | | | | Simply moves and templates the actual transforms to support an additional data type. Unlike the float version, which is equal or better than libfftw3f, double precision output is bit identical with libfftw3.
* lavfi/zmq: Avoid mem copy past the end of input bufferAndriy Gelman2019-08-011-1/+1
|
* FATE: add hls single file mode test caseSteven Liu2019-08-012-0/+783
| | | | Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* tools/target_dec_fuzzer: fix memleak of extradataMichael Niedermayer2019-07-311-1/+1
| | | | | | | | Fixes: memleak Fixes: 15535/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMACKER_fuzzer-5692162424963072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_pred: Fix invalid shift in scaleforsame()Michael Niedermayer2019-07-311-1/+1
| | | | | | | | Fixes: left shift of negative value -1 Fixes: 15531/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5759556258365440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()Michael Niedermayer2019-07-311-3/+3
| | | | | | | | Fixes: signed integer overflow: 32796 * 65536 cannot be represented in type 'int' Fixes: 15430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5735424087031808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/truemotion2: Fix several integer overflows in tm2_motion_block()Michael Niedermayer2019-07-311-4/+4
| | | | | | | | Fixes: 15524/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5173148372172800 Fixes: signed integer overflow: 13701388 - -2134868270 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Make coeffsA/B uint32_t, this avoids several cases of ↵Michael Niedermayer2019-07-311-3/+3
| | | | | | | | | | | | | undefined behavior Changing the type to an unsigned one to avoid many casts was suggested This may be inadequate for fixing the UB on ILP64 Fixes: signed integer overflow: -1418162611 * 383 cannot be represented in type 'int' Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: make left/right unsigned to avoid undefined behaviorMichael Niedermayer2019-07-311-2/+2
| | | | | | | | Fixes: signed integer overflow: 755176387 + 1515360583 cannot be represented in type 'int' Fixes: 15506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5706859232624640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/apedec: Fix multiple integer overflows and undefined behaviorin ↵Michael Niedermayer2019-07-311-5/+5
| | | | | | | | | | | | | | filter_3800() Fixes: left shift of negative value -4 Fixes: signed integer overflow: -15091694 * 167 cannot be represented in type 'int' Fixes: signed integer overflow: 1898547155 + 453967445 cannot be represented in type 'int' Fixes: 15258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5759095564402688 Fixes: signed integer overflow: 962196438 * 31 cannot be represented in type 'int' Fixes: 15364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718799845687296 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avformat/mpc: deallocate frames array on errorsMichael Niedermayer2019-07-311-2/+5
| | | | | | | | Fixes: memleak on error path Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* lavfi/vf_thumbnail_cuda: fix operator precedence bugRodger Combs2019-07-301-1/+1
| | | | | | Discovered via a warning when building with clang Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
* lavd/v4l2: produce a 0 byte packet when a dequeued buffer's size is unexpectedStephan Hilb2019-07-301-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Behave like we do for V4L2_BUF_FLAG_ERROR, implemented in commit 28f20d2ff4 . For some devices (probably also related to the V4L driver implementation) it happens that when invoking the ioctl DQBUF, the returned buffer is not of the expected size. Here are two examples for such occurrences: [video4linux2,v4l2 @ 0x258b440] Dequeued v4l2 buffer contains 609596 bytes, but 614400 were expected. Flags: 0x00000001. /dev/video1: Invalid data found when processing input [video4linux2,v4l2 @ 0x225f440] Dequeued v4l2 buffer contains 609508 bytes, but 614400 were expected. Flags: 0x00000001. /dev/video1: Invalid data found when processing input For the ffmpeg CLI tool this means it will stop capturing and exit. The described behaviour was observed at least with one OmniVision USB web cam and with some stk1160 devices. If you search the web for the error message, you will find quite a few instances of this problem. Some of them experienced on other devices. Probably fixes ticket #4795 Signed-off-by: Alexander Strasser <eclipse7@gmx.net>
* lavu/hwcontext_qsv: fix the memory leakLinjie Fu2019-07-301-0/+2
| | | | | | | av_dict_free child_device_opts to fix the memory leak. Signed-off-by: Linjie Fu <linjie.fu@intel.com> Signed-off-by: Zhong Li <zhong.li@intel.com>
* avformat/av1: fix AV1CodecConfigurationBox name in doxyJames Almer2019-07-301-1/+1
| | | | Signed-off-by: James Almer <jamrial@gmail.com>
* cbs_mpeg2: Fix parsing the last unitAndreas Rheinhardt2019-07-291-7/+21
| | | | | | | | | | | | | | There is one way to find out if avpriv_find_start_code has found a start code or not: One has to check whether the state variable contains a start code, i.e. whether the three most significant bytes are 0x00 00 01. Checking for whether the return value is the end of the designated buffer is not enough: If the last four bytes constitute a start code, the return value is also the end of the buffer. This happens with sequence_end_codes which have been ignored for exactly this reason, although e.g. all three files used for fate tests of cbs_mpeg2 contain sequence_end_codes. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* cbs_mpeg2: Rearrange start code searchAndreas Rheinhardt2019-07-291-15/+14
| | | | | | | | | | | | | | | | 1. Currently, cbs_mpeg2_split_fragment uses essentially three variables to hold the start code values found by avpriv_find_start_code. By rearranging the code, one of them can be omitted. 2. The return value of avpriv_find_start_code points to the byte after the byte containing the start code identifier (or to the byte after the last byte of the fragment's data if no start code was found), but cbs_mpeg2_split_fragment needs to work with the pointer to the byte containing the start code identifier; it already did this, but in a clumsy way. This has been changed. 3. Also use the correct type for the variable holding the CodedBitstreamUnitType. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* cbs_mpeg2: Decompose Sequence EndAndreas Rheinhardt2019-07-293-0/+19
| | | | | | | | | Sequence End units (or actually, sequence_end_codes) have up until now not been decomposed; in fact due to a bug in cbs_mpeg2_split_fragment they have mostly been treated as part of the preceding unit. So implement decomposing them as preparation for fixing said bug. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* cbs_h264: Improve adding SEI messagesAndreas Rheinhardt2019-07-291-13/+7
| | | | | | | | | | | | Up until now, if an SEI messages was to be added to a fragment, it was tried to add said SEI message to the first SEI NAL unit of the fragment and if this SEI NAL unit already contained H264_NAL_SEI SEI messages (an arbitrary limit imposed by cbs_h264), adding failed; if there was no SEI NAL unit, a new one has been added. With this commit, the fragment is searched for further NAL units to add the SEI messages to. If all of them are full, a new SEI NAL unit is added. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* cbs: Don't set AVBuffer's opaqueAndreas Rheinhardt2019-07-297-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | cbs is currently inconsistent regarding the opaque field that can be used as a special argument to av_buffer_create in order to be used during freeing the buffer: ff_cbs_alloc_unit_content and all the free functions used name this parameter as if it should contain a pointer to the unit whose content is about to be created; but both ff_cbs_alloc_unit_content as well as ff_cbs_h264_add_sei_message actually use a pointer to the CodedBitstreamContext as opaque. It should actually be neither, because it is unneeded (as is evidenced by the fact that none of the free functions use this pointer at all) and because it ties the unit's content to the lifetime of other objects, although a refcounted buffer is supposed to have its own lifetime that only ends when its reference count reaches zero. This problem manifests itself in the pointer becoming dangling. The pointer to the unit can become dangling if another unit is added to the fragment later as happens in the bitstream filters; in this case, the pointer can point to the wrong unit (if the fragment's unit array needn't be relocated) or it can point to where the array was earlier. It can also become dangling if the unit's content is meant to survive the resetting of the fragment it was originally read with. This applies to the extradata of H.264 and HEVC. The pointer to the context can become dangling if the context is closed before the content is freed. Although this doesn't seem to happen right now, it could happen, in particular if one uses different CodedBitstreamContexts for in- and output. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/eatqi: Check for minimum frame sizeMichael Niedermayer2019-07-291-0/+3
| | | | | | | | | | | | The minimum header is 8 bytes, the smallest bitstream that is passed to the MB decode code is 4 bytes Fixes: Timeout (35sec -> 18sec) Fixes: 15800/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATQI_fuzzer-5684154517159936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/eatgv: Check remaining size after the keyframe headerMichael Niedermayer2019-07-291-0/+3
| | | | | | | | | | The minimal size which unpack() will not fail on is 5 bytes Fixes: Timeout (14sec -> 77ms) (testcase 15508) Fixes: 15508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5700053513011200 Fixes: 15996/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5751353223151616 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* h264_metadata: Support overscan_appropriate_flagMark Thompson2019-07-292-0/+15
| | | | Fixes #8041.
* cbs_h264: Fix missing inferred colour description fieldsMark Thompson2019-07-291-0/+4
| | | | | With video_signal_type_present_flag set but colour_description_present_flag unset the colour fields would not have had their correct values inferred.
* dnn: convert tf.pad to native model in python script, and load/execute it in ↵Guo, Yejun2019-07-293-6/+54
| | | | | | | | | the c code. since tf.pad is enabled, the conv2d(valid) changes back to its original behavior. Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
* fate: add unit test for dnn-layer-padGuo, Yejun2019-07-294-1/+226
| | | | | | | 'make fate-dnn-layer-pad' to run the test Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
* dnn: add layer pad which is equivalent to tf.padGuo, Yejun2019-07-293-0/+252
| | | | | | | | | the reason to add this layer first is that vf_sr uses it in its tensorflow model, and the next plan is to update the python script to convert tf.pad into native model. Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
* avcodec/cfhd: add bayer supportPaul B Mahol2019-07-291-8/+94
|
* avformat/hlsenc: Fix overflow of int for durations computeSteven Liu2019-07-291-2/+2
| | | | | | | Fix ticket: 8037 Reported-by: DusanBrejka Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
* avfilter/fade: don't allow nb_frames == 0Gyan Doshi2019-07-291-2/+2
| | | | In filter init, there's a division by nb_frames but value isn't checked.
* lavfi: addroi filterMark Thompson2019-07-284-0/+344
| | | | This can be used to add region of interest side data to video frames.
* vaapi_encode: Add ROI supportMark Thompson2019-07-287-0/+144
|
* avcodec/mips: [loongson] refine process of setting block as 0 in h264dsp_mmi.Shiyou Yin2019-07-281-31/+13
| | | | | | | | | | | | | | | | | | | | | | In function ff_h264_add_pixels4_8_mmi, there is no need to reset '%[ftmp0]' to 0, because it's value has never changed since the start of the asm block. This patch remove the redundant 'xor' and set src to zero once it was loaded. In function ff_h264_idct_add_8_mmi, 'block' is seted to zero twice. This patch removed the first setting zero operation and move the second one after the load operation of block. In function ff_h264_idct8_add_8_mmi, 'block' is seted to zero twice too. This patch just removed the second setting zero operation. This patch mainly simplifies the implementation of functions above, the effect on the performance of whole h264 decoding process is not obvious. According to the perf data, proportion of ff_h264_idct_add_8_mmi decreased from 0.29% to 0.26% and ff_h264_idct8_add_8_mmi decreased from 0.62% to 0.59% when decoding H264 format on loongson 3A3000(For reference only , not very stable.). Reviewed-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* vp9_metadata: Improve spec-compliance and warningsAndreas Rheinhardt2019-07-282-15/+33
| | | | | | | | | | | | | | | | | | The earlier version had three deficits: 1. It allowed to set the stream to RGB although this is not allowed when the profile is 0 or 2. 2. If it set the stream to RGB, then it did not automatically set the range to full range; the result was that one got a warning every time a frame with color_config element was processed if the frame originally had TV range and the user didn't explicitly choose PC range. Now one gets only one warning in such a situation. 3. Intra-only frames in profile 0 are automatically BT.601, but if the user wished another color space, he was not informed about his wishes being unfulfillable. The commit also improves the documentation about this. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* av1/h264_metadata: Don't reinitialize dataAndreas Rheinhardt2019-07-282-31/+11
| | | | | | | | | | If the relevant elements (the color description elements for AV1 and the VUI elements in general for H.264 (since 1156b507)) are absent, then their correct values (usually meaning unknown) have already been inferred by the reading process, so that it is unnecessary to initialize them again in the av1/h264_metadata filters even when they were initially absent. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* cbs_mpeg2: Fix parsing of picture and slice headersAndreas Rheinhardt2019-07-273-58/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. The extra information in slice headers was parsed incorrectly: In the first reading pass to derive the length of the extra information, one should look at bits n, n + 9, n + 18, ... and check whether they equal one (further extra information) or zero (end of extra information), but instead bits n, n + 8, n + 16, ... were inspected. The second pass of reading (where the length is already known and the bytes between the length-determining bits are copied into a buffer) did not record what was in bits n, n + 9, n + 18, ..., presuming they equal one. And during writing, the bytes in the buffer are interleaved with set bits and written. This means that if the detected length of the extra information was greater than the real length, the output was corrupted. Fortunately no sample is known that made use of this mechanism: The extra information in slices is still marked as reserved in the specifications. cbs_mpeg2 is now ready in case this changes. 2. Furthermore, the buffer is now padded and slightly different, but very similar code for reading resp. writing has been replaced by code used for both. This was made possible by a new macro, the equivalent to cbs_h2645's fixed(). 3. These changes also made it possible to remove the extra_bit_slice element from the MPEG2RawSliceHeader structure. Said element was always zero except when the detected length of the extra information was less than the real length. 4. The extra information in picture headers (which uses essentially the same syntax as the extra information in slice headers) has simply been forgotten. This meant that if this extra information was present, it was discarded during reading; and unfortunately writing created invalid bitstreams in this case (an extra_bit_picture - the last set bit of the whole unit - indicated that there would be a further byte of data, although the output didn't contain said data). This has been fixed; both types of extra information are now parsed via the same code and essentially passed through. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* cbs: Remove useless initializationsAndreas Rheinhardt2019-07-275-17/+17
| | | | | | | | | | | Up until now, a temporary variable was used and initialized every time a value was read in CBS; if reading turned out to be successfull, this value was overwritten (without having ever been looked at) with the value read if reading was successfull; on failure the variable wasn't touched either. Therefore these initializations can be and have been removed. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* mpeg2_metadata, cbs_mpeg2: Fix handling of colour_descriptionAndreas Rheinhardt2019-07-273-0/+31
| | | | | | | | | | | | | | If a sequence display extension is read with colour_description equal to zero, but a user wants to add one or more of the colour_description elements, then the colour_description elements the user did not explicitly request to be set are set to zero and not to the value equal to unknown/unspecified (namely 2). A value of zero is not only inappropriate, but explicitly forbidden. This is fixed by inferring the right default values during the reading process if the elements are absent; moreover, changing any of the colour_description elements to zero is now no longer possible. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
* avcodec/assdec: undefined use of memcpy()Michael Niedermayer2019-07-271-1/+2
| | | | | | | | | Fixes: null pointer passed as argument 2, which is declared to never be null Fixes: 16008/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SSA_fuzzer-5650582821404672 (this is a separate issue found in this testcase) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* avcodec/brenderpix: Check input size before allocating imageMichael Niedermayer2019-07-271-1/+4
| | | | | | | | | | | | | An incomplete image is not supported prior to this and will not produce any output. This commit moves the failure before time consuming operations. Fixes: Timeout (81sec -> 76ms) Fixes: 15723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BRENDER_PIX_fuzzer-5147265653538816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* libavfilter/dnn: move dnn files from libavfilter to libavfilter/dnnGuo, Yejun2019-07-267-9/+14
| | | | | | | | | | | | | | | | | it is expected that there will be more files to support native mode, so put all the dnn codes under libavfilter/dnn The main change of this patch is to move the file location, see below: modified: libavfilter/Makefile new file: libavfilter/dnn/Makefile renamed: libavfilter/dnn_backend_native.c -> libavfilter/dnn/dnn_backend_native.c renamed: libavfilter/dnn_backend_native.h -> libavfilter/dnn/dnn_backend_native.h renamed: libavfilter/dnn_backend_tf.c -> libavfilter/dnn/dnn_backend_tf.c renamed: libavfilter/dnn_backend_tf.h -> libavfilter/dnn/dnn_backend_tf.h renamed: libavfilter/dnn_interface.c -> libavfilter/dnn/dnn_interface.c Signed-off-by: Guo, Yejun <yejun.guo@intel.com> Signed-off-by: Pedro Arthur <bygrandao@gmail.com>
* avcodec/adpcm: reindent after last commitPaul B Mahol2019-07-261-30/+30
|
* avcodec/adpcm: add support for 5.1 ADPCM MSPaul B Mahol2019-07-262-1/+32
|
* lafv/wavdec: Fail bext parsing on incomplete readsMatt Wolenetz2019-07-261-5/+7
| | | | | | | | | | | | | | | | | avio_read can successfully return even when less than the requested amount of input was read. wavdec's bext parsing mistakenly assumed a successful avio_read always read the full amount that was requested. The result could be dictionary tags populated with partially uninitialized values. This change also fixes a broken assertion in wav_parse_bext_string that was off-by-one, though no known current usage of that method hits that broken case. Chromium bug: 987270 Signed-off-by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
OpenPOWER on IntegriCloud