[FFmpeg-devel] [PATCH 1/4] avcodec/dts2pts_bsf: Check ctx for NULL before ff_cbs_flush()

[FFmpeg-devel] [PATCH 1/4] avcodec/dts2pts_bsf: Check ctx for NULL before ff_cbs_flush()

[Michael Niedermayer]

Fixes: null pointer dereference
Fixes: 52155/clusterfuzz-testcase-minimized-ffmpeg_BSF_DTS2PTS_fuzzer-5760107527143424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/dts2pts_bsf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/dts2pts_bsf.c b/libavcodec/dts2pts_bsf.c
index bf20b1ec8a..8142562d2c 100644
--- a/libavcodec/dts2pts_bsf.c
+++ b/libavcodec/dts2pts_bsf.c
@@ -505,7 +505,8 @@ static void dts2pts_flush(AVBSFContext *ctx)
     s->root = NULL;
 
     ff_cbs_fragment_reset(&s->au);
-    ff_cbs_flush(s->cbc);
+    if (s->cbc)
+        ff_cbs_flush(s->cbc);
 }
 
 static void dts2pts_close(AVBSFContext *ctx)
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/4] avcodec/bonk: decode multiple passes in intlist_read() at once

[Michael Niedermayer]

This makes the worst case much faster

Fixes: Timeout
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bonk.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index 409694f710..471e09fe14 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -159,6 +159,7 @@ static int intlist_read(BonkContext *s, int *buf, int entries, int base_2_part)
     int n_zeros = 0, step = 256, dominant = 0;
     int pos = 0, level = 0;
     BitCount *bits = s->bits;
+    int passes = 1;
 
     memset(buf, 0, entries * sizeof(*buf));
     if (base_2_part) {
@@ -222,21 +223,25 @@ static int intlist_read(BonkContext *s, int *buf, int entries, int base_2_part)
     x = 0;
     n_zeros = 0;
     for (i = 0; n_zeros < entries; i++) {
+        if (x >= max_x)
+            return AVERROR_INVALIDDATA;
+
         if (pos >= entries) {
             pos = 0;
-            level += 1 << low_bits;
+            level += passes << low_bits;
+            passes = 1;
+            if (bits[x].bit && bits[x].count > entries - n_zeros)
+                passes =  bits[x].count / (entries - n_zeros);
         }
 
-        if (x >= max_x)
-            return AVERROR_INVALIDDATA;
-
         if (buf[pos] >= level) {
             if (bits[x].bit)
-                buf[pos] += 1 << low_bits;
+                buf[pos] += passes << low_bits;
             else
                 n_zeros++;
 
-            bits[x].count--;
+            av_assert1(bits[x].count >= passes);
+            bits[x].count -= passes;
             x += bits[x].count == 0;
         }
 
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/4] avcodec/bonk: Check unquant for overflow

[Michael Niedermayer]

Fixes: signed integer overflow: -2889074 * 2048 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bonk.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index 471e09fe14..1695229dbd 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -363,12 +363,17 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame *frame,
             return ret;
 
         for (int i = 0; i < samples_per_packet; i++) {
+            int64_t t64;
             for (int j = 0; j < s->down_sampling - 1; j++) {
                 sample[0] = predictor_calc_error(s->k, state, s->n_taps, 0);
                 sample++;
             }
 
-            sample[0] = predictor_calc_error(s->k, state, s->n_taps, s->input_samples[i] * quant);
+            t64 = s->input_samples[i] * (int64_t)quant;
+            if ((int32_t)t64 != t64)
+                return AVERROR_INVALIDDATA;
+
+            sample[0] = predictor_calc_error(s->k, state, s->n_taps, t64);
             sample++;
         }
 
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/4] avcodec/bonk: Check for undefined overflow in predictor_calc_error()

[Michael Niedermayer]

Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in type 'int'
Fixes: 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bonk.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
index 1695229dbd..40963aa7c6 100644
--- a/libavcodec/bonk.c
+++ b/libavcodec/bonk.c
@@ -278,10 +278,13 @@ static int predictor_calc_error(int *k, int *state, int order, int error)
         *state_ptr = &(state[order-2]);
 
     for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
-        int k_value = *k_ptr, state_value = *state_ptr;
+        int64_t k_value = *k_ptr, state_value = *state_ptr;
 
         x -= shift_down(k_value * state_value, LATTICE_SHIFT);
-        state_ptr[1] = state_value + shift_down(k_value * x, LATTICE_SHIFT);
+        k_value *= x;
+        if ((int32_t)k_value != k_value)
+            return AVERROR_INVALIDDATA;
+        state_ptr[1] = state_value + shift_down(k_value, LATTICE_SHIFT);
     }
 
     // don't drift too far, to avoid overflows
@@ -366,6 +369,8 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame *frame,
             int64_t t64;
             for (int j = 0; j < s->down_sampling - 1; j++) {
                 sample[0] = predictor_calc_error(s->k, state, s->n_taps, 0);
+                if (sample[0] == AVERROR_INVALIDDATA)
+                    return sample[0];
                 sample++;
             }
 
@@ -374,6 +379,8 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame *frame,
                 return AVERROR_INVALIDDATA;
 
             sample[0] = predictor_calc_error(s->k, state, s->n_taps, t64);
+            if (sample[0] == AVERROR_INVALIDDATA)
+                return sample[0];
             sample++;
         }
 
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/4] avcodec/bonk: Check for undefined overflow in predictor_calc_error()

[Paul B Mahol]

On 11/5/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in
> type 'int'
> Fixes:
> 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/bonk.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
> index 1695229dbd..40963aa7c6 100644
> --- a/libavcodec/bonk.c
> +++ b/libavcodec/bonk.c
> @@ -278,10 +278,13 @@ static int predictor_calc_error(int *k, int *state,
> int order, int error)
>          *state_ptr = &(state[order-2]);
>
>      for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
> -        int k_value = *k_ptr, state_value = *state_ptr;
> +        int64_t k_value = *k_ptr, state_value = *state_ptr;
>
>          x -= shift_down(k_value * state_value, LATTICE_SHIFT);
> -        state_ptr[1] = state_value + shift_down(k_value * x,
> LATTICE_SHIFT);
> +        k_value *= x;
> +        if ((int32_t)k_value != k_value)
> +            return AVERROR_INVALIDDATA;
> +        state_ptr[1] = state_value + shift_down(k_value, LATTICE_SHIFT);
>      }
>
>      // don't drift too far, to avoid overflows
> @@ -366,6 +369,8 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame
> *frame,
>              int64_t t64;
>              for (int j = 0; j < s->down_sampling - 1; j++) {
>                  sample[0] = predictor_calc_error(s->k, state, s->n_taps,
> 0);
> +                if (sample[0] == AVERROR_INVALIDDATA)
> +                    return sample[0];
>                  sample++;
>              }
>
> @@ -374,6 +379,8 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame
> *frame,
>                  return AVERROR_INVALIDDATA;
>
>              sample[0] = predictor_calc_error(s->k, state, s->n_taps, t64);
> +            if (sample[0] == AVERROR_INVALIDDATA)
> +                return sample[0];
>              sample++;
>          }
>
> --
> 2.17.1
>


NAK,

slowing things down by using int64_t

> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/4] avcodec/bonk: Check unquant for overflow

[Paul B Mahol]

On 11/5/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> Fixes: signed integer overflow: -2889074 * 2048 cannot be represented in
> type 'int'
> Fixes:
> 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/bonk.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
> index 471e09fe14..1695229dbd 100644
> --- a/libavcodec/bonk.c
> +++ b/libavcodec/bonk.c
> @@ -363,12 +363,17 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame
> *frame,
>              return ret;
>
>          for (int i = 0; i < samples_per_packet; i++) {
> +            int64_t t64;
>              for (int j = 0; j < s->down_sampling - 1; j++) {
>                  sample[0] = predictor_calc_error(s->k, state, s->n_taps,
> 0);
>                  sample++;
>              }
>
> -            sample[0] = predictor_calc_error(s->k, state, s->n_taps,
> s->input_samples[i] * quant);
> +            t64 = s->input_samples[i] * (int64_t)quant;
> +            if ((int32_t)t64 != t64)
> +                return AVERROR_INVALIDDATA;
> +
> +            sample[0] = predictor_calc_error(s->k, state, s->n_taps, t64);
>              sample++;
>          }
>

NAK, using int64_t and thus slowing things down.

> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/4] avcodec/bonk: Check unquant for overflow

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 2559 bytes --]

On Sun, Nov 06, 2022 at 09:51:57AM +0100, Paul B Mahol wrote:
> On 11/5/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > Fixes: signed integer overflow: -2889074 * 2048 cannot be represented in
> > type 'int'
> > Fixes:
> > 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/bonk.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
> > index 471e09fe14..1695229dbd 100644
> > --- a/libavcodec/bonk.c
> > +++ b/libavcodec/bonk.c
> > @@ -363,12 +363,17 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame
> > *frame,
> >              return ret;
> >
> >          for (int i = 0; i < samples_per_packet; i++) {
> > +            int64_t t64;
> >              for (int j = 0; j < s->down_sampling - 1; j++) {
> >                  sample[0] = predictor_calc_error(s->k, state, s->n_taps,
> > 0);
> >                  sample++;
> >              }
> >
> > -            sample[0] = predictor_calc_error(s->k, state, s->n_taps,
> > s->input_samples[i] * quant);
> > +            t64 = s->input_samples[i] * (int64_t)quant;
> > +            if ((int32_t)t64 != t64)
> > +                return AVERROR_INVALIDDATA;
> > +
> > +            sample[0] = predictor_calc_error(s->k, state, s->n_taps, t64);
> >              sample++;
> >          }
> >
> 
> NAK, using int64_t and thus slowing things down.

this code has little speed relevance, a single interation of this loop
takes over 1300 cpu cycles already

and it is faster, why, no clue, i guess it maybe reshuffles some
speed relevant bits

int
13145422 decicycles in QUA,    8192 runs,      0 skips
13175400 decicycles in QUA,    8192 runs,      0 skips
13260076 decicycles in QUA,    8192 runs,      0 skips

int64
13049729 decicycles in QUA,    8192 runs,      0 skips
13049418 decicycles in QUA,    8192 runs,      0 skips
13038855 decicycles in QUA,    8192 runs,      0 skips 



[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Old school: Use the lowest level language in which you can solve the problem
            conveniently.
New school: Use the highest level language in which the latest supercomputer
            can solve the problem without the user falling asleep waiting.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/4] avcodec/bonk: Check for undefined overflow in predictor_calc_error()

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 2766 bytes --]

On Sun, Nov 06, 2022 at 09:50:47AM +0100, Paul B Mahol wrote:
> On 11/5/22, Michael Niedermayer <michael@niedermayer.cc> wrote:
> > Fixes: signed integer overflow: 22 * -2107998208 cannot be represented in
> > type 'int'
> > Fixes:
> > 51363/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BONK_fuzzer-5660734784143360
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/bonk.c | 11 +++++++++--
> >  1 file changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/bonk.c b/libavcodec/bonk.c
> > index 1695229dbd..40963aa7c6 100644
> > --- a/libavcodec/bonk.c
> > +++ b/libavcodec/bonk.c
> > @@ -278,10 +278,13 @@ static int predictor_calc_error(int *k, int *state,
> > int order, int error)
> >          *state_ptr = &(state[order-2]);
> >
> >      for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--) {
> > -        int k_value = *k_ptr, state_value = *state_ptr;
> > +        int64_t k_value = *k_ptr, state_value = *state_ptr;
> >
> >          x -= shift_down(k_value * state_value, LATTICE_SHIFT);
> > -        state_ptr[1] = state_value + shift_down(k_value * x,
> > LATTICE_SHIFT);
> > +        k_value *= x;
> > +        if ((int32_t)k_value != k_value)
> > +            return AVERROR_INVALIDDATA;
> > +        state_ptr[1] = state_value + shift_down(k_value, LATTICE_SHIFT);
> >      }
> >
> >      // don't drift too far, to avoid overflows
> > @@ -366,6 +369,8 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame
> > *frame,
> >              int64_t t64;
> >              for (int j = 0; j < s->down_sampling - 1; j++) {
> >                  sample[0] = predictor_calc_error(s->k, state, s->n_taps,
> > 0);
> > +                if (sample[0] == AVERROR_INVALIDDATA)
> > +                    return sample[0];
> >                  sample++;
> >              }
> >
> > @@ -374,6 +379,8 @@ static int bonk_decode(AVCodecContext *avctx, AVFrame
> > *frame,
> >                  return AVERROR_INVALIDDATA;
> >
> >              sample[0] = predictor_calc_error(s->k, state, s->n_taps, t64);
> > +            if (sample[0] == AVERROR_INVALIDDATA)
> > +                return sample[0];
> >              sample++;
> >          }
> >
> > --
> > 2.17.1
> >
> 
> 
> NAK,
> 
> slowing things down by using int64_t

ill post some other solution, it seems slower indeed, i was hoping
gcc would produce smarter code

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Elect your leaders based on what they did after the last election, not
based on what they say before an election.


[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/4] avcodec/dts2pts_bsf: Check ctx for NULL before ff_cbs_flush()

[James Almer]

On 11/5/2022 5:16 PM, Michael Niedermayer wrote:
> Fixes: null pointer dereference
> Fixes: 52155/clusterfuzz-testcase-minimized-ffmpeg_BSF_DTS2PTS_fuzzer-5760107527143424
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavcodec/dts2pts_bsf.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/dts2pts_bsf.c b/libavcodec/dts2pts_bsf.c
> index bf20b1ec8a..8142562d2c 100644
> --- a/libavcodec/dts2pts_bsf.c
> +++ b/libavcodec/dts2pts_bsf.c
> @@ -505,7 +505,8 @@ static void dts2pts_flush(AVBSFContext *ctx)
>       s->root = NULL;
>   
>       ff_cbs_fragment_reset(&s->au);
> -    ff_cbs_flush(s->cbc);
> +    if (s->cbc)
> +        ff_cbs_flush(s->cbc);
>   }
>   
>   static void dts2pts_close(AVBSFContext *ctx)

Should be ok.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/4] avcodec/dts2pts_bsf: Check ctx for NULL before ff_cbs_flush()

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1367 bytes --]

On Sun, Nov 06, 2022 at 07:38:42PM -0300, James Almer wrote:
> On 11/5/2022 5:16 PM, Michael Niedermayer wrote:
> > Fixes: null pointer dereference
> > Fixes: 52155/clusterfuzz-testcase-minimized-ffmpeg_BSF_DTS2PTS_fuzzer-5760107527143424
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >   libavcodec/dts2pts_bsf.c | 3 ++-
> >   1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/libavcodec/dts2pts_bsf.c b/libavcodec/dts2pts_bsf.c
> > index bf20b1ec8a..8142562d2c 100644
> > --- a/libavcodec/dts2pts_bsf.c
> > +++ b/libavcodec/dts2pts_bsf.c
> > @@ -505,7 +505,8 @@ static void dts2pts_flush(AVBSFContext *ctx)
> >       s->root = NULL;
> >       ff_cbs_fragment_reset(&s->au);
> > -    ff_cbs_flush(s->cbc);
> > +    if (s->cbc)
> > +        ff_cbs_flush(s->cbc);
> >   }
> >   static void dts2pts_close(AVBSFContext *ctx)
> 
> Should be ok.

will apply

thx

[...] 
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Frequently ignored answer#1 FFmpeg bugs should be sent to our bugtracker. User
questions about the command line tools should be sent to the ffmpeg-user ML.
And questions about how to use libav* should be sent to the libav-user ML.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".