ffmpeg.git
14 months agoavcodec/snowdec: Fix integer overflow with motion vector residual
Michael Niedermayer [Mon, 20 Aug 2018 18:15:19 +0000 (20:15 +0200)]
avcodec/snowdec: Fix integer overflow with motion vector residual

Fixes: signed integer overflow: -19818 + -2147483648 cannot be represented in type 'int'
Fixes: 9545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4928769537081344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit acba153a148782c08f9fd17f0c05b93468f3cbd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/mpeg4videodec: Fix slice end detection in mpeg4_decode_studio_mb()
Michael Niedermayer [Sun, 19 Aug 2018 08:15:53 +0000 (10:15 +0200)]
avcodec/mpeg4videodec: Fix slice end detection in mpeg4_decode_studio_mb()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 168d8d56bfb0c69684637f3d04889db647de6238)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/nsvdec: Do not parse multiple NSVf
Michael Niedermayer [Thu, 16 Aug 2018 10:23:20 +0000 (12:23 +0200)]
avformat/nsvdec: Do not parse multiple NSVf

The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421

Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78d4b6bd43fc266a2ee926f0555c8782246f9445)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/dashdec: Fix strlen(rep_id_val) with it being NULL
Michael Niedermayer [Sat, 18 Aug 2018 00:19:51 +0000 (02:19 +0200)]
avformat/dashdec: Fix strlen(rep_id_val) with it being NULL

Fixes: dash-crash-da39a3ee5e6b4b0d3255bfef95601890afd80709.xml

Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Steven Liu <lq@chinaffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 46753bfdd0182f721499939a1118c0406c8a3674)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/mlvdec: read_string() received unsigned size, make the argument unsigned
Michael Niedermayer [Thu, 16 Aug 2018 13:36:28 +0000 (15:36 +0200)]
avformat/mlvdec: read_string() received unsigned size, make the argument unsigned

Fixes: infinite loop
Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04

Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e71cb2c8edcf3dad657c15a6fb8572862f2afb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/rmdec: Fix EOF check in the stream loop in ivr_read_header()
Michael Niedermayer [Thu, 16 Aug 2018 13:36:29 +0000 (15:36 +0200)]
avformat/rmdec: Fix EOF check in the stream loop in ivr_read_header()

Fixes: long running loop
Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6

Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2eec1762d372663c35aaf3d6ee419bafb185057)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/scpr: Check for min > max in decompress_p()
Michael Niedermayer [Sat, 4 Aug 2018 21:45:52 +0000 (23:45 +0200)]
avcodec/scpr: Check for min > max in decompress_p()

Fixes: Timeout
Fixes: 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3378194ce8e9a126a7cc6ed57bedde1221790469)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()
Michael Niedermayer [Sun, 12 Aug 2018 21:06:55 +0000 (23:06 +0200)]
avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()

Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b604e96a51a1fca92bbabfe4f7ac53f0470ee41)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/shorten: Fix integer overflow in residual/LPC combination
Michael Niedermayer [Sun, 12 Aug 2018 20:55:59 +0000 (22:55 +0200)]
avcodec/shorten: Fix integer overflow in residual/LPC combination

Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int'
Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db7e9082e1a1479c6a8844f7adf77eae03cc2aa7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/shorten: Check verbatim length
Michael Niedermayer [Sun, 12 Aug 2018 20:43:33 +0000 (22:43 +0200)]
avcodec/shorten: Check verbatim length

Fixes: Timeout
Fixes: 9252/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5780720709533696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7007dabec08f2f9f81661e71ef482dde394e17a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/mpegaudio_parser: Initialize poutbuf*
Michael Niedermayer [Sun, 5 Aug 2018 12:51:36 +0000 (14:51 +0200)]
avcodec/mpegaudio_parser: Initialize poutbuf*

Possibly fixes: null pointer dereference
Possibly fixes: 9352/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5146068961460224
Fixes: Heap-use-after-free
Fixes: 9453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5137954375729152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f4c3b0b8e5435d13fd3b64c91969b31c3c018dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c()
Michael Niedermayer [Sat, 28 Jul 2018 08:59:09 +0000 (10:59 +0200)]
avcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c()

Fixes: signed integer overflow: -1813244069 + -1407981383 cannot be represented in type 'int'
Fixes: 8823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5643295618236416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47db5763e21c5e3b0ddde2430d15938f8d88480d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavformat/flvenc: Check audio packet size
Michael Niedermayer [Sat, 28 Jul 2018 13:03:50 +0000 (15:03 +0200)]
avformat/flvenc: Check audio packet size

Fixes: Assertion failure
Fixes: assert_flvenc.c:941_1.swf

Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agolavc/svq3: Fix regression decoding some files.
Nikolas Bowe [Tue, 31 Jul 2018 00:22:02 +0000 (17:22 -0700)]
lavc/svq3: Fix regression decoding some files.

Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d.
These files exhibit lots of artifacts and logs show "Media key encryption is not implemented".
However they decode without artifacts before 6d6faa2a2d.
The attatched patch allows these files to successfully decode, but also reject media key files.

Tested on the files in #6094 and http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5aeb3b008080d8d4a38f245d557dbc9bd6c36dcf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/mlp_parser: Check if synccode is within buffer
Michael Niedermayer [Sun, 29 Jul 2018 11:16:37 +0000 (13:16 +0200)]
avcodec/mlp_parser: Check if synccode is within buffer

Fixes: undefined shift
Fixes: 9216/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEHD_fuzzer-6281404575907840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51ac3f43b8bf3b7f2af555af319cd240bb8b4ebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()
Michael Niedermayer [Sun, 29 Jul 2018 10:40:48 +0000 (12:40 +0200)]
avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()

Fixes: Timeout
Fixes: 9213/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-5649753332252672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7dd836a3f9771e0e44df1b27e67d6866d91e06d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/diracdec: Check bytes count in else branch in decode_lowdelay() too
Michael Niedermayer [Sun, 22 Jul 2018 19:42:16 +0000 (21:42 +0200)]
avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() too

Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int'
Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bed125b7108481574f36fdd6ee699b27354602e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/diracdec: Check slice numbers for overflows in relation to picture dimensions
Michael Niedermayer [Sun, 22 Jul 2018 19:26:24 +0000 (21:26 +0200)]
avcodec/diracdec: Check slice numbers for overflows in relation to picture dimensions

Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int'
Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f457c0ad7f73e31e99761f2ad3738cf3b3c24ca0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream...
Michael Niedermayer [Sun, 22 Jul 2018 18:45:39 +0000 (20:45 +0200)]
avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream and we also have a -1 special case

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 462d1be6dec5ff4768be8c202f359cbf037db3c6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/dirac_dwt_template: Fix several integer overflows in horizontal_compose_daub97i()
Michael Niedermayer [Sun, 22 Jul 2018 17:11:04 +0000 (19:11 +0200)]
avcodec/dirac_dwt_template: Fix several integer overflows in horizontal_compose_daub97i()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6047609228623872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69cac9e130dc8c9d2a5b8012011df372974adf35)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavcodec/diracdec: Prevent integer overflow in intermediate in global_mv()
Michael Niedermayer [Sun, 22 Jul 2018 16:58:34 +0000 (18:58 +0200)]
avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()

Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int'
Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51290406461ed40b70e0e05b389a461a283f3367)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoswresample/swresample: Fix input channel count in resample_first computation
Michael Niedermayer [Tue, 24 Jul 2018 20:44:12 +0000 (22:44 +0200)]
swresample/swresample: Fix input channel count in resample_first computation

Found-by: Marcin Gorzel <gorzel@google.com>
Reviewed-by: Marcin Gorzel <gorzel@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bce4da85e8110b66040a5fb07ffc724ab4e09a86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
14 months agoavutil/pixfmt: Document chroma plane size for odd resolutions
Michael Niedermayer [Wed, 18 Jul 2018 20:22:35 +0000 (22:22 +0200)]
avutil/pixfmt: Document chroma plane size for odd resolutions

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be0b77e6e83b61c2da338201b5ddfae1c9acedc5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 months agolavf/libsmbclient: return AVERROR_EOF for EOF.
Nicolas George [Thu, 30 Aug 2018 12:42:00 +0000 (14:42 +0200)]
lavf/libsmbclient: return AVERROR_EOF for EOF.

Fix trac ticket #7387.

15 months agolavc/videotoolboxenc: Fix compilation on osx 10.10.5 Yosemite
Thilo Borgmann [Thu, 9 Aug 2018 10:47:35 +0000 (12:47 +0200)]
lavc/videotoolboxenc: Fix compilation on osx 10.10.5 Yosemite

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 72d9b8f4c53ce3de48ba43ddeeccc62f6932b376)

16 months agoavcodec/mediacodecdec: fix SEGV on modern nvidia decoders
Aman Gupta [Tue, 31 Jul 2018 21:33:08 +0000 (14:33 -0700)]
avcodec/mediacodecdec: fix SEGV on modern nvidia decoders

This code came originally from gstreamer, where it was added in [1]
as a work-around for the Tegra 3. (The alignment was changed in [2]
as a response to [3], from 32-bit to 16-bit).

gstreamer only used this workaround in the case where the decoder
didn't return a slice-height property, but when the code was copied
into avcodec the conditional got lost. This commit restores the guard
and prefers the slice-height from the decoder when it is available.

This fixes segfaults decoding 1920x1080 h264 and mpeg2 videos on the
NVidia SHIELD after upgrading to Android Oreo.

[1] https://github.com/GStreamer/gst-plugins-bad/commit/a870e6a5c30dd85240fe75c7409cc1cf1b86541d
[2] https://github.com/GStreamer/gst-plugins-bad/commit/21ff3ae0b0127bd82951d278ca24f2d54133b7cd
[3] https://bugzilla.gnome.org/show_bug.cgi?id=748867

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 476fd6ba3a7d74ed8be9af10cb9f4d4b3fdaf3e1)

16 months agoavcodec/bitstream_filters: check the input argument of av_bsf_get_by_name() for NULL
James Almer [Sat, 28 Jul 2018 03:51:57 +0000 (00:51 -0300)]
avcodec/bitstream_filters: check the input argument of av_bsf_get_by_name() for NULL

Fixes crashes like "ffmpeg -h bsf" caused by passing NULL to strcmp()

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3258cc6507a2012d54889ce5f8efbde7e81d927d)

16 months agoavformat/librtmp: fix returning EOF from Read/Write
Timo Rothenpieler [Wed, 25 Jul 2018 22:37:35 +0000 (00:37 +0200)]
avformat/librtmp: fix returning EOF from Read/Write

Ticket #7052

16 months agoavcodec/videotoolboxenc: fix undefined behavior with rc_max_rate=0
Thomas Guillem [Wed, 4 Jul 2018 07:05:22 +0000 (09:05 +0200)]
avcodec/videotoolboxenc: fix undefined behavior with rc_max_rate=0

On macOS, a zero rc_max_rate cause an error from
VTSessionSetProperty(kVTCompressionPropertyKey_DataRateLimits).

on iOS (depending on device/version), a zero rc_max_rate cause invalid
arguments from the vtenc_output_callback after few frames and then a crash
within the VideoToolbox library.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 93e157f40f415119ea0f94b35596965e9870f863)

16 months agoUpdate for 4.0.2 n4.0.2
Michael Niedermayer [Wed, 18 Jul 2018 12:04:51 +0000 (14:04 +0200)]
Update for 4.0.2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/dvdsub_parser: Allocate input padding
Michael Niedermayer [Fri, 13 Jul 2018 16:56:10 +0000 (18:56 +0200)]
avcodec/dvdsub_parser: Allocate input padding

Fixes: out of array read
Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd86b5cfe278af79d6b147e122d9a72c270a9fde)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/dvdsub_parser: Init output buf/size
Michael Niedermayer [Fri, 13 Jul 2018 16:54:48 +0000 (18:54 +0200)]
avcodec/dvdsub_parser: Init output buf/size

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e6c8437761661441d836876934314cb2b8fafe7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/dirac_dwt_template: Fix signedness regression in interleave()
Michael Niedermayer [Fri, 13 Jul 2018 16:33:08 +0000 (18:33 +0200)]
avcodec/dirac_dwt_template: Fix signedness regression in interleave()

Found-by: <jdarnley>
Tested-by: James Darnley <james.darnley@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 181435a4de6e38e0a15ddaf16de9a157ef41cb18)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mov: Simplify last element computation in mov_estimate_video_delay()
Michael Niedermayer [Wed, 11 Jul 2018 00:17:57 +0000 (02:17 +0200)]
avformat/mov: Simplify last element computation in mov_estimate_video_delay()

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b0644f7f72a9ae64c7285d26ec720441c25d4cf5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mov: Break out of inner loop early in mov_estimate_video_delay()
Michael Niedermayer [Wed, 11 Jul 2018 00:17:58 +0000 (02:17 +0200)]
avformat/mov: Break out of inner loop early in mov_estimate_video_delay()

0.266 <- 0.299 sec (this is time ffmpeg so containing alot other things)

Sample for benchmark was: ffmpeg -f rawvideo -pix_fmt yuv420p -s 32x32 -i /dev/zero -t 24:00:00.00 out.mp4

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aba13dc13e5233545bdd06f514e0addbb0155c69)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mov: Eliminate variable buf_size from mov_estimate_video_delay()
Michael Niedermayer [Wed, 11 Jul 2018 00:17:56 +0000 (02:17 +0200)]
avformat/mov: Eliminate variable buf_size from mov_estimate_video_delay()

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ce4034308a3726395a2c1b18a3dff3554e0b619)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mov: remove modulo operations from mov_estimate_video_delay()
Michael Niedermayer [Wed, 11 Jul 2018 00:17:55 +0000 (02:17 +0200)]
avformat/mov: remove modulo operations from mov_estimate_video_delay()

0.324 <-0.491 sec

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c995e01b1e01ac11cf2545b3ce86569a482ff434)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/movenc: Write version 2 of audio atom if channels is not known
Michael Niedermayer [Sat, 7 Jul 2018 22:16:42 +0000 (00:16 +0200)]
avformat/movenc: Write version 2 of audio atom if channels is not known

The version 1 needs the channel count and would divide by 0
Fixes: division by 0
Fixes: fpe_movenc.c_1108_1.ogg
Fixes: fpe_movenc.c_1108_2.ogg
Fixes: fpe_movenc.c_1108_3.wav

Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoswresample/arm: rename labels to fix xcode build error
Rahul Chaudhry [Fri, 27 Apr 2018 20:49:52 +0000 (13:49 -0700)]
swresample/arm: rename labels to fix xcode build error

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e84212b78e00df17799e01be1e153a073eb8f689)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/movenc: Check input sample count
Michael Niedermayer [Fri, 6 Jul 2018 20:23:25 +0000 (22:23 +0200)]
avformat/movenc: Check input sample count

Fixes: division by 0
Fixes: fpe_movenc.c_199_1.wav
Fixes: fpe_movenc.c_199_2.wav
Fixes: fpe_movenc.c_199_3.wav
Fixes: fpe_movenc.c_199_4.wav
Fixes: fpe_movenc.c_199_5.wav
Fixes: fpe_movenc.c_199_6.wav
Fixes: fpe_movenc.c_199_7.wav

Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mjpegdec: Check for odd progressive RGB
Michael Niedermayer [Fri, 6 Jul 2018 14:28:14 +0000 (16:28 +0200)]
avcodec/mjpegdec: Check for odd progressive RGB

Fixes: out of array access
Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/vp8_parser: Do not leave data/size uninitialized
Michael Niedermayer [Fri, 6 Jul 2018 10:01:46 +0000 (12:01 +0200)]
avcodec/vp8_parser: Do not leave data/size uninitialized

This is identical to what the VP9 parser does

Fixes: 9215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5768227253649408
Fixes: out of memory access

This may also fix oss fuzz issue 9212

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 284dde24dab30225ed3e233b0e5908d67d7e13e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mms: Add missing chunksize check
Michael Niedermayer [Tue, 3 Jul 2018 18:33:04 +0000 (20:33 +0200)]
avformat/mms: Add missing chunksize check

Fixes: out of array read
Fixes: mms-crash-01b6c5d85f9d9f40f4e879896103e9f5b222816a

Found-by: Paul Ch <paulcher@icloud.com>
1st hunk by Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cced03dd667a5df6df8fd40d8de0bff477ee02e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/pva: Check for EOF before retrying in read_part_of_packet()
Michael Niedermayer [Tue, 3 Jul 2018 20:14:42 +0000 (22:14 +0200)]
avformat/pva: Check for EOF before retrying in read_part_of_packet()

Fixes: Infinite loop
Fixes: pva-4b1835dbc2027bf3c567005dcc78e85199240d06

Found-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata()
Michael Niedermayer [Tue, 3 Jul 2018 19:37:46 +0000 (21:37 +0200)]
avformat/rmdec: Do not pass mime type in rm_read_multi() to ff_rm_read_mdpr_codecdata()

Fixes: use after free()
Fixes: rmdec-crash-ffe85b4cab1597d1cfea6955705e53f1f5c8a362

Found-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a7e032a277452366771951e29fd0bf2bd5c029f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/asfdec_o: Check size_bmp more fully
Michael Niedermayer [Tue, 3 Jul 2018 19:01:23 +0000 (21:01 +0200)]
avformat/asfdec_o: Check size_bmp more fully

Fixes: integer overflow and out of array access
Fixes: asfo-crash-46080c4341572a7137a162331af77f6ded45cbd7

Found-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/mxfdec: Fix av_log context
Michael Niedermayer [Tue, 3 Jul 2018 18:38:06 +0000 (20:38 +0200)]
avformat/mxfdec: Fix av_log context

Fixes: out of array access
Fixes: mxf-crash-1c2e59bf07a34675bfb3ada5e1ec22fa9f38f923

Found-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videodec: Check for bitstream end in read_quant_matrix_ext()
Michael Niedermayer [Tue, 3 Jul 2018 20:48:32 +0000 (22:48 +0200)]
avcodec/mpeg4videodec: Check for bitstream end in read_quant_matrix_ext()

Fixes: out of array read
Fixes: asff-crash-0e53d0dc491dfdd507530b66562812fbd4c36678

Found-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/indeo4: Check for end of bitstream in decode_mb_info()
Michael Niedermayer [Sun, 1 Jul 2018 23:26:44 +0000 (01:26 +0200)]
avcodec/indeo4: Check for end of bitstream in decode_mb_info()

Fixes: Timeout
Fixes: 8776/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5361788798369792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 267ba2aa96354c5b6a1ea89b2943fbd7a4893862)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/ac3dec: Check channel_map index
Michael Niedermayer [Wed, 27 Jun 2018 13:56:18 +0000 (15:56 +0200)]
avcodec/ac3dec: Check channel_map index

Fixes: out of array read
Fixes: 8924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EAC3_fuzzer-5851861780267008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 00f98d23b1462afb97116b947334db3754516207)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videodec: Remove use of FF_PROFILE_MPEG4_SIMPLE_STUDIO as indicator...
Michael Niedermayer [Mon, 2 Jul 2018 22:27:04 +0000 (00:27 +0200)]
avcodec/mpeg4videodec: Remove use of FF_PROFILE_MPEG4_SIMPLE_STUDIO as indicator of studio profile

The profile field is changed by code inside and outside the decoder,
its not a reliable indicator of the internal codec state.
Maintaining it consistency with studio_profile is messy.
Its easier to just avoid it and use only studio_profile

Fixes: assertion failure
Fixes: ffmpeg_crash_9.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bd27a9364ca274ca97f1df6d984e88a0700fb235)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/shorten: Fix undefined addition in shorten_decode_frame()
Michael Niedermayer [Mon, 2 Jul 2018 17:11:46 +0000 (19:11 +0200)]
avcodec/shorten: Fix undefined addition in shorten_decode_frame()

Fixes: signed integer overflow: 1139785606 + 1454196085 cannot be represented in type 'int'
Fixes: 8937/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6202943597445120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3b10bb8772c76177cc47b8d15a6970f19dd11039)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/shorten: Fix undefined integer overflow
Michael Niedermayer [Mon, 2 Jul 2018 17:08:54 +0000 (19:08 +0200)]
avcodec/shorten: Fix undefined integer overflow

Fixes: signed integer overflow: 8454144 * 256 cannot be represented in type 'int'
Fixes: 8788/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5728205041303552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70832333bba3b915040f415548518e136b44280e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()
Michael Niedermayer [Mon, 2 Jul 2018 16:57:05 +0000 (18:57 +0200)]
avcodec/jpeg2000dec: Fixes invalid shifts in jpeg2000_decode_packets_po_iteration()

Fixes: shift exponent 47 is too large for 32-bit type 'int'
Fixes: 9163/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5661750182543360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 652d7c6348f96181fa69f8e2afb7b27a14c0a88a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/jpeg2000dec: Check that there are enough bytes for all tiles
Michael Niedermayer [Mon, 2 Jul 2018 16:40:08 +0000 (18:40 +0200)]
avcodec/jpeg2000dec: Check that there are enough bytes for all tiles

Fixes: OOM
Fixes: 8781/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5810709081358336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0898a3d9909960324e27d3a7a4f48c4effbb654a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/movenc: Use mov->fc consistently for av_log()
Michael Niedermayer [Wed, 27 Jun 2018 21:41:52 +0000 (23:41 +0200)]
avformat/movenc: Use mov->fc consistently for av_log()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 872ea3dfe565098570ad213a6f1eb00a805aec5d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mpeg4videodec: Check read profile before setting it
Michael Niedermayer [Wed, 27 Jun 2018 17:37:09 +0000 (19:37 +0200)]
avcodec/mpeg4videodec: Check read profile before setting it

Fixes: null pointer dereference
Fixes: ffmpeg_crash_7.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2aa9047486dbff12d9e040f917e5f799ed2fd78b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample
Michael Niedermayer [Wed, 27 Jun 2018 15:27:50 +0000 (17:27 +0200)]
avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample

Fixes: out of array read
Fixes: ffmpeg_crash_8.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95556e27e2c1d56d9e18f5db34d6f756f3011148)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/ac3_parser: Check init_get_bits8() for failure
Michael Niedermayer [Wed, 27 Jun 2018 14:59:13 +0000 (16:59 +0200)]
avcodec/ac3_parser: Check init_get_bits8() for failure

Fixes: null pointer dereference
Fixes: ffmpeg_crash_6.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 00e8181bd97c834fe60751b0c511d4bb97875f78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have...
Michael Niedermayer [Wed, 27 Jun 2018 14:51:51 +0000 (16:51 +0200)]
avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id

Fixes: out of array access
Fixes: ffmpeg_bof_1.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/dpx: Check elements in 12bps planar path
Michael Niedermayer [Wed, 27 Jun 2018 14:12:39 +0000 (16:12 +0200)]
avcodec/dpx: Check elements in 12bps planar path

Fixes: null pointer dereference
Fixes: 8946/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5078915222601728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 75a2db552423295b509546f3b0f8b2b46d3424b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/escape124: Fix spelling errors in comment
Michael Niedermayer [Wed, 27 Jun 2018 11:00:28 +0000 (13:00 +0200)]
avcodec/escape124: Fix spelling errors in comment

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f59c4e43915ed0528e2789f27ddb1635b59779df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/ra144: Fix integer overflow in ff_eval_refl()
Michael Niedermayer [Thu, 21 Jun 2018 21:08:32 +0000 (23:08 +0200)]
avcodec/ra144: Fix integer overflow in ff_eval_refl()

Fixes: signed integer overflow: -4096 * -524288 cannot be represented in type 'int'
Fixes: 8650/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5734816036159488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b31189881a4cf54b0057ecf3eab917ad56eecfea)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/cscd: Check output buffer size for lzo.
Michael Niedermayer [Thu, 21 Jun 2018 23:18:20 +0000 (01:18 +0200)]
avcodec/cscd: Check output buffer size for lzo.

Fixes: Timeout
Fixes: 8665/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CSCD_fuzzer-5768442610188288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit 78167b498f53c36c31105a2bf11e90b03637598f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/escape124: Check buf_size against num_superblocks
Michael Niedermayer [Sun, 24 Jun 2018 17:23:02 +0000 (19:23 +0200)]
avcodec/escape124: Check buf_size against num_superblocks

Fixes: Timeout
Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6677c98626489edfdb4b49b4f66ca91867768a9f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/h264_parser: Reduce needed history for parsing mb index
Michael Niedermayer [Fri, 22 Jun 2018 19:45:59 +0000 (21:45 +0200)]
avcodec/h264_parser: Reduce needed history for parsing mb index

This fixes a bug/regression with very small packets
Fixes: output_file

Regression since: 0782fb6bcb32fe3ab956a99af4cc472ff81da0c2

Reported-by: Thierry Foucu <tfoucu@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d25c945247979a88fac6bb3b7a26370262b96ef1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/magicyuv: Check bits left in flags&1 branch
Michael Niedermayer [Sat, 23 Jun 2018 21:37:10 +0000 (23:37 +0200)]
avcodec/magicyuv: Check bits left in flags&1 branch

Fixes: Timeout
Fixes: 8690/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-6542020913922048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7719b8ccc790b6e1325af0afe2b65e2334a7173c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()
Michael Niedermayer [Thu, 21 Jun 2018 20:48:54 +0000 (22:48 +0200)]
avcodec/mjpegdec: Check for end of bitstream in ljpeg_decode_rgb_scan()

Fixes: Timeout
Fixes: 8648/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5108395525799936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 540e8c2d641bf90fc28e47e170f8c0b1962197e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoffmpeg: fix -stream_loop with multiple inputs
Marton Balint [Wed, 27 Jun 2018 20:27:01 +0000 (22:27 +0200)]
ffmpeg: fix -stream_loop with multiple inputs

The input thread needs to be properly cleaned up and re-initalized before we
can start reading again in threaded mode. (Threaded input reading is used when
there is mode than one input file).

Fixes ticket #6121 and #7043.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit da36bcbeb78c78e493d18d3cd3ac92ea401e7031)

17 months agoffmpeg: factorize input thread creation and destruction
Marton Balint [Wed, 27 Jun 2018 19:55:38 +0000 (21:55 +0200)]
ffmpeg: factorize input thread creation and destruction

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit b181cd359b872283d5fcaf7c553bbad88517c78b)

17 months agoavformat/mpegts: parse large PMTs with multiple tables
Aman Gupta [Mon, 11 Jun 2018 07:43:31 +0000 (00:43 -0700)]
avformat/mpegts: parse large PMTs with multiple tables

In 9152c1e4955, the mpegts parser was taught how to parse
PMT sections which contained multiple tables. That commit
fixed parsing of PMT packets from some cable providers,
which included a special SCTE table (0xc0) before the
standard program map table (0x2).

Sometimes, however, the combined 0xc0 and 0x2 tables are
larger than a single TS packet (188 bytes). The mpegts parser
already attempts to parse sections which span multiple packets,
but still assumed that the split section only contained one
table.

This patch fixes parsing of such a sample[1].

Before:

    Input #0, mpegts, from 'combined-pmt-tids-split.ts':
      Duration: 00:00:01.26, start: 39188.931756, bitrate: 597 kb/s
      Program 1
      No Program
        Stream #0:0[0xeff]: Audio: ac3, 48000 Hz, mono, fltp, 64 kb/s
        Stream #0:1[0xefd]: Audio: mp3, 0 channels, fltp
        Stream #0:2[0xefe]: Unknown: none

After:

    Input #0, mpegts, from 'combined-pmt-tids-split.ts':
      Duration: 00:00:01.27, start: 39188.931756, bitrate: 589 kb/s
      Program 1
        Stream #0:0[0xefd]: Video: h264 ([27][0][0][0] / 0x001B), none, 59.94 fps, 59.94 tbr, 90k tbn, 180k tbc
        Stream #0:1[0xefe](eng): Audio: ac3 ([129][0][0][0] / 0x0081), 48000 Hz, stereo, fltp, 384 kb/s
        Stream #0:2[0xeff](spa): Audio: ac3 ([129][0][0][0] / 0x0081), 48000 Hz, mono, fltp, 64 kb/s
        Stream #0:3[0xf00]: Data: scte_35
        Stream #0:4[0xf01]: Unknown: none (ETV1 / 0x31565445)
        Stream #0:5[0xf02]: Unknown: none (ETV1 / 0x31565445)
        Stream #0:6[0xf03]: Unknown: none ([192][0][0][0] / 0x00C0)

With the patch, the PMT is parsed correctly so the streams are
created in the correct order, are associated with "Program 1",
and their codecs are set correctly.

[1] https://s3.amazonaws.com/tmm1/combined-pmt-tids-split.ts

Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd86c5dbcca5e79c979a6a04da25155ccf17f843)

17 months agoRevert "avcodec/mediacodecdec: wait on first frame after input buffers are full"
Aman Gupta [Mon, 18 Jun 2018 18:53:27 +0000 (11:53 -0700)]
Revert "avcodec/mediacodecdec: wait on first frame after input buffers are full"

@xyz reported a regression on his Sony Xperia Z3 Tablet Compact where
playback would intermittently fail to start, essentially deadlocking in
the decoder. Bisecting narrowed down the issue to this commit, which was
meant as an optimization but is not necessary.

This reverts commit a75bb5496ac6e7e194f1c6fd3b87f02a52e74adb.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 37c2cb6a68a4cbd746b0a56e38f28f7ee84e925f)

17 months agoavcodec/videotoolboxenc: fix invalid session on iOS
Thomas Guillem [Thu, 14 Jun 2018 15:48:07 +0000 (17:48 +0200)]
avcodec/videotoolboxenc: fix invalid session on iOS

Cf. comment. Restart the VT session when the APP goes from foreground to
background and vice versa.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 513e6a30fb013ca34812ccaaf3d090680ac868c5)

17 months agoavcodec/videotoolboxenc: split initialization
Thomas Guillem [Mon, 11 Jun 2018 14:21:18 +0000 (16:21 +0200)]
avcodec/videotoolboxenc: split initialization

Split vtenc_init() into vtenc_init() (VTEncContext initialization) and
vtenc_configure_encoder() (creates the vt session).

This commit will allow to restart the vt session while encoding.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 9e11d27c25bf9bbd53fa23e892946752096f378b)

17 months agoavcodec/videotoolboxenc: fix mutex/cond leak in error path
Thomas Guillem [Mon, 11 Jun 2018 14:21:17 +0000 (16:21 +0200)]
avcodec/videotoolboxenc: fix mutex/cond leak in error path

The leak could happen when the vtenc_create_encoder() function failed.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit ce2330bdf896458131fcd00f9284c31617adcf01)

17 months agoUpdate for 4.0.1 n4.0.1
Michael Niedermayer [Fri, 15 Jun 2018 22:18:40 +0000 (00:18 +0200)]
Update for 4.0.1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fi...
Michael Niedermayer [Thu, 14 Jun 2018 14:41:49 +0000 (16:41 +0200)]
avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()

Fixes: signed integer overflow: 1195517 * 2048 cannot be represented in type 'int'
Fixes: 8636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4695836326887424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8bd514d9343746566b123275f8b6d0e9c11ec2b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/dirac_dwt_template: Fix undefined behavior in interleave()
Michael Niedermayer [Thu, 14 Jun 2018 14:37:32 +0000 (16:37 +0200)]
avcodec/dirac_dwt_template: Fix undefined behavior in interleave()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8697/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5197148130902016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 575d8ca0260fabac29e5b3541154633569ce2b5d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavutil/common: Fix undefined behavior in av_clip_uintp2_c()
Michael Niedermayer [Thu, 14 Jun 2018 13:41:33 +0000 (15:41 +0200)]
avutil/common: Fix undefined behavior in av_clip_uintp2_c()

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 8521/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5639024952737792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aa41d322be71106ce147445f2b42bb763f1eff86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agofftools/ffmpeg: Fallback to duration if sample rate is unavailable
Michael Niedermayer [Tue, 1 May 2018 20:44:07 +0000 (22:44 +0200)]
fftools/ffmpeg: Fallback to duration if sample rate is unavailable

Regression since: af1761f7
Fixes: Division by 0
Fixes: ffmpeg_crash_1

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 16d8b13b3b26c19d7f8856e039fe6662d96b4ff3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/mov: Only set pkt->duration to non negative values
Michael Niedermayer [Wed, 16 May 2018 21:35:58 +0000 (23:35 +0200)]
avformat/mov: Only set pkt->duration to non negative values

Reviewed-by: Sasi Inguva <isasi@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8176799f31b23849382623f0f9001acc5edf7c76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous...
Michael Niedermayer [Sat, 9 Jun 2018 20:25:38 +0000 (22:25 +0200)]
avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous instance

Fixes: assertion failure
Fixes: ffmpeg_crash_5.avi

Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2fc108f60f98cd00813418a8754a46476b404a3c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/movenc: fix recognization of cover image streams
Timo Teräs [Mon, 4 Jun 2018 14:36:19 +0000 (17:36 +0300)]
avformat/movenc: fix recognization of cover image streams

For chapter images, the mov demux produces streams with disposition set
to attached_pic+timed_thumbnails. This patch fixes to properly recognize
streams that should be encoded as cover image (ones with only and only
attached_pic disposition set).

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2223811b015926fec68473a08016d40cea0989b2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavformat/movenc: properly handle cover image codecs
Timo Teräs [Thu, 31 May 2018 23:24:39 +0000 (02:24 +0300)]
avformat/movenc: properly handle cover image codecs

Find codec tag for attached images using appropriate list of
supported image formats.

This fixes writing the cover image to m4v/m4a and other container
formats that do not allow these codecs as a track.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12205d2c896b7edbc929d4886e7bfda4b53538e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/h264_slice: Fix overflow in recovery_frame computation
Michael Niedermayer [Fri, 8 Jun 2018 17:07:22 +0000 (19:07 +0200)]
avcodec/h264_slice: Fix overflow in recovery_frame computation

Fixes: signed integer overflow: 15 + 2147483646 cannot be represented in type 'int'
Fixes: 8381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6225533137321984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c20ea8ee0f3f0b27aca0204c6dfaa4ac137e34e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
Michael Niedermayer [Sun, 10 Jun 2018 15:02:47 +0000 (17:02 +0200)]
avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b796c5ae9299c795cba0d16ce1d8eef05488953b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/h264_mc_template: Only prefetch motion if the list is used.
Michael Niedermayer [Fri, 8 Jun 2018 16:25:14 +0000 (18:25 +0200)]
avcodec/h264_mc_template: Only prefetch motion if the list is used.

Fixes: index 59 out of bounds for type 'H264Ref [48]'
Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b55591757244d8244a2be369c2b54c9ae79b02a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/xwddec: Use ff_set_dimensions()
Michael Niedermayer [Thu, 7 Jun 2018 22:42:31 +0000 (00:42 +0200)]
avcodec/xwddec: Use ff_set_dimensions()

Fixes: OOM
Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2852e4e00de4073ff7de82d41cb3368702686e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/wavpack: Fix overflow in adding tail
Michael Niedermayer [Thu, 7 Jun 2018 22:07:04 +0000 (00:07 +0200)]
avcodec/wavpack: Fix overflow in adding tail

Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int'
Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d13379fb79708f550460dd6d698023bf26f968d5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/shorten: Fix multiple integer overflows
Michael Niedermayer [Tue, 5 Jun 2018 11:19:35 +0000 (13:19 +0200)]
avcodec/shorten: Fix multiple integer overflows

Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int'
Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2abd36b3863188894fd21964c662b6c17268bfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/shorten: Fix undefined shift in fix_bitshift()
Michael Niedermayer [Tue, 5 Jun 2018 11:15:34 +0000 (13:15 +0200)]
avcodec/shorten: Fix undefined shift in fix_bitshift()

Fixes: left shift of negative value -9
Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 606c7148231404544005c0827b83c165dd6b39a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/shorten: Fix a negative left shift in shorten_decode_frame()
Michael Niedermayer [Tue, 5 Jun 2018 11:12:54 +0000 (13:12 +0200)]
avcodec/shorten: Fix a negative left shift in shorten_decode_frame()

Fixes: left shift of negative value -9057
Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a711efe922b2bf1d363bdf7f8357656c3e35021e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/shorten: Sanity check nmeans
Michael Niedermayer [Tue, 5 Jun 2018 11:03:48 +0000 (13:03 +0200)]
avcodec/shorten: Sanity check nmeans

Fixes: OOM
Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232

The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d91a0b503d7a886587281bc1ee42476aa5e89f85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
Michael Niedermayer [Tue, 5 Jun 2018 00:33:43 +0000 (02:33 +0200)]
avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 424a81df107b63a166894a4aee3d27702ae3f459)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
Michael Niedermayer [Tue, 5 Jun 2018 00:17:24 +0000 (02:17 +0200)]
avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()

Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int'
Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 936f4a2c2e14ec753e8835f2e820b4cd9aec9a56)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/truemotion2: Fix overflow in tm2_apply_deltas()
Michael Niedermayer [Tue, 5 Jun 2018 00:09:59 +0000 (02:09 +0200)]
avcodec/truemotion2: Fix overflow in tm2_apply_deltas()

Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int'
Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 79c6047c3668c639f717b3a7001a34dddba0ede2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
Michael Niedermayer [Sat, 2 Jun 2018 23:33:54 +0000 (01:33 +0200)]
avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c

Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int'
Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e7dda51150b73e5fbdccf4c2d3a72e356980fba3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/amrwbdec: Fix division by 0 in find_hb_gain()
Michael Niedermayer [Sat, 2 Jun 2018 22:48:06 +0000 (00:48 +0200)]
avcodec/amrwbdec: Fix division by 0 in find_hb_gain()

This restructures the code slightly toward D_UTIL_dec_synthesis()

Fixes: 7420/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMRWB_fuzzer-6577305112543232

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dce80a4b47efaba97707bda781a9ee57f5a26974)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/h263dec: Reinitialize idct context if it has not been setup for the active...
Michael Niedermayer [Mon, 28 May 2018 20:29:58 +0000 (22:29 +0200)]
avcodec/h263dec: Reinitialize idct context if it has not been setup for the active profile

The profile after reading headers can be different from when the context was initialized

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 44a2415a6d94f841f2026bb70b8b3c19ba68aa72)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
17 months agoavcodec/idctdsp: Clear idct/idct_add for studio profile
Michael Niedermayer [Mon, 28 May 2018 20:29:57 +0000 (22:29 +0200)]
avcodec/idctdsp: Clear idct/idct_add for studio profile

This does not leave them "as before" which may be a value from a previous profile

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8c50d0cccfe4c9f25a8494f76da55dcdc2275058)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>