ffmpeg.git
13 days agoUpdate for 4.2.1 release/4.2 n4.2.1
Michael Niedermayer [Fri, 6 Sep 2019 21:23:41 +0000 (23:23 +0200)]
Update for 4.2.1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 days agoavcodec/qdm2: Check frame size
Michael Niedermayer [Thu, 29 Aug 2019 19:26:43 +0000 (21:26 +0200)]
avcodec/qdm2: Check frame size

Fixes: index 2304 out of bounds for type 'float [2304]'
Fixes: 16332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5679142481166336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12b909ba319d32ed100d9b26021aa9b6976424d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 days agoavformat/vividas: check for tiny blocks using alignment
Michael Niedermayer [Sat, 31 Aug 2019 21:20:01 +0000 (23:20 +0200)]
avformat/vividas: check for tiny blocks using alignment

Ask for a sample for these
Fixes: out of array access
Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d4e22d71ca75223ee61f7d2535fdc6e9991026)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 days agoavcodec/vc1_pred: Fix refdist in scaleforopp()
Michael Niedermayer [Sat, 31 Aug 2019 20:12:38 +0000 (22:12 +0200)]
avcodec/vc1_pred: Fix refdist in scaleforopp()

Fixes: out of array access
Fixes: 16601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5656105392275456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 413e0f2516eef678011cffd1ec6f0d92aa8bb96a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 days agoavcodec/vorbisdec: fix FASTDIV usage for vr_type == 2
Michael Niedermayer [Fri, 6 Sep 2019 10:06:30 +0000 (12:06 +0200)]
avcodec/vorbisdec: fix FASTDIV usage for vr_type == 2

This reverts a hunk from f1ca40ee00402102046fc7e59606651930436b0e

Fixes: out of array read
Fixes: 16924/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5157893162139648

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 722fd4696583cc984700eaec4745922ae177b2da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 days agoavcodec/iff: Check for overlap in cmap_read_palette()
Michael Niedermayer [Wed, 21 Aug 2019 21:22:39 +0000 (23:22 +0200)]
avcodec/iff: Check for overlap in cmap_read_palette()

Fixes: undefined memcpy() use
Fixes: 16302/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5678750575886336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dfa5d1a3667fa38e07373becc2401175b31d8228)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 days agoavcodec/apedec: Fix 32bit int overflow in do_apply_filter()
Michael Niedermayer [Mon, 2 Sep 2019 20:44:50 +0000 (22:44 +0200)]
avcodec/apedec: Fix 32bit int overflow in do_apply_filter()

Fixes: signed integer overflow: 2147480546 + 4096 cannot be represented in type 'int'
Fixes: 16280/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5123442566758400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9d3ddef519e88c40c05be8cb94cd9e71c0957ec7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
13 days agolavf/rawenc: Only accept the appropriate stream type for raw muxers.
Carl Eugen Hoyos [Sun, 30 Jun 2019 22:37:08 +0000 (00:37 +0200)]
lavf/rawenc: Only accept the appropriate stream type for raw muxers.

This does not affect the rawvideo muxer.

Fixes ticket #7979.

(cherry picked from commit aef24efb0c1e65097ab77a4bf9264189bdf3ace3)

2 weeks agoavformat/matroskadec: use av_fast_realloc to reallocate ebml list arrays
James Almer [Tue, 3 Sep 2019 21:45:04 +0000 (18:45 -0300)]
avformat/matroskadec: use av_fast_realloc to reallocate ebml list arrays

Speeds up the process considerably.

Fixes ticket #8109.

Suggested-by: nevcairiel
Suggested-by: cehoyos
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3b3150c45f1ebb3635e55e76b63439d8d62de85f)

2 weeks agoavformat/matroskadec: use proper types for some EbmlSyntax fields
James Almer [Tue, 3 Sep 2019 21:52:51 +0000 (18:52 -0300)]
avformat/matroskadec: use proper types for some EbmlSyntax fields

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit f34aabfbaeaef79f9660b76490840fe155a19232)

2 weeks agoavcodec/ralf: fix undefined shift in extend_code()
Michael Niedermayer [Sat, 17 Aug 2019 17:25:01 +0000 (19:25 +0200)]
avcodec/ralf: fix undefined shift in extend_code()

Fixes: left shift of negative value -3
Fixes: 16147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5658392722407424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4778407ab3b545c40def7e95a8f9dd4ae92a4e8e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/ralf: fix undefined shift
Michael Niedermayer [Sat, 17 Aug 2019 17:18:31 +0000 (19:18 +0200)]
avcodec/ralf: fix undefined shift

Fixes: left shift of negative value -2
Fixes: 16145/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5146671058518016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ee886988e75b3c22cabc2ca0fadcf8e4f787640)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/bgmc: Check input space in ff_bgmc_decode_init()
Michael Niedermayer [Sun, 1 Sep 2019 20:31:45 +0000 (22:31 +0200)]
avcodec/bgmc: Check input space in ff_bgmc_decode_init()

Fixes: Infinite loop
Fixes: 16608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5636229827133440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b54031a6e93d1abc7fb2d0263e0f6c4b639e423f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vp3: Check for end of input in 2 places of vp4_unpack_macroblocks()
Michael Niedermayer [Sun, 1 Sep 2019 15:37:47 +0000 (17:37 +0200)]
avcodec/vp3: Check for end of input in 2 places of vp4_unpack_macroblocks()

Fixes: Timeout (82sec -> 1sec)
Fixes: 16411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-5166958151991296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit daf92cc074c5e2ddd567016ac8b142cbd0add43c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()
Michael Niedermayer [Thu, 15 Aug 2019 21:22:50 +0000 (23:22 +0200)]
avcodec/truemotion2: Fix multiple integer overflows in tm2_null_res_block()

Fixes: signed integer overflow: 1795032576 + 598344192 cannot be represented in type 'int'
Fixes: 16196/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5636723419119616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cc78783ce5e8837d4f4ca43eedf2d299651e65ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vc1_block: Check the return code from vc1_decode_p_block()
Michael Niedermayer [Thu, 15 Aug 2019 18:15:20 +0000 (20:15 +0200)]
avcodec/vc1_block: Check the return code from vc1_decode_p_block()

Fixes: left shift of negative value -1
Fixes: 16424/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3_fuzzer-5656579055026176
Fixes: 16358/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5714436358144000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe536b6d9984d40f800a24a84032b99ebc9f680e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vc1dec: Require res_sprite for wmv3images
Michael Niedermayer [Thu, 15 Aug 2019 18:04:35 +0000 (20:04 +0200)]
avcodec/vc1dec: Require res_sprite for wmv3images

non res_sprite leads to decoder delay which leads to assertion failure
Fixes: Assertion failure
Fixes: 16402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5704510034411520
Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: 16425/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5692858838810624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9c6b4004928ef41563b0e913666f8da27fdb2399)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vc1_block: Check for double escapes
Michael Niedermayer [Thu, 15 Aug 2019 16:47:54 +0000 (18:47 +0200)]
avcodec/vc1_block: Check for double escapes

Fixes: out of array read
Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6962fd586e1a9a98828866dcfb4114af30c8c756)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vorbisdec: Check get_vlc2() failure
Michael Niedermayer [Sun, 7 Jul 2019 23:18:05 +0000 (01:18 +0200)]
avcodec/vorbisdec: Check get_vlc2() failure

Fixes: out of array read
Fixes: 16510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5754510382727168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07b948fe60789064d7c784d47b8fe798a9a4d2b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/tta: Fix integer overflow in prediction
Michael Niedermayer [Sun, 11 Aug 2019 18:56:44 +0000 (20:56 +0200)]
avcodec/tta: Fix integer overflow in prediction

Fixes: signed integer overflow: -395281576 + -1827578048 cannot be represented in type 'int'
Fixes: 16038/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5646109705240576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7e9aecc9f358901426c134978e764ee7beac4944)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vb: Check input packet size to be large enough to contain flags
Michael Niedermayer [Sun, 11 Aug 2019 22:21:49 +0000 (00:21 +0200)]
avcodec/vb: Check input packet size to be large enough to contain flags

Fixes: Timeout (->9sec)
Fixes: 16292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-5747063496638464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dea2591d4fbc989ca82bc8a8ad7d16aacdc89af1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/cavsdec: Limit the number of access units per packet to 2
Michael Niedermayer [Sat, 10 Aug 2019 15:34:37 +0000 (17:34 +0200)]
avcodec/cavsdec: Limit the number of access units per packet to 2

Fixes: Timeout (122sec -> 13ms)
Fixes: 15978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5148925004087296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 37bc8e3249c88b733bcc0d8c74cdf668292e4d63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/atrac9dec: Check block_align
Michael Niedermayer [Sun, 18 Aug 2019 23:03:59 +0000 (01:03 +0200)]
avcodec/atrac9dec: Check block_align

Fixes: Infinite loop
Fixes: 16260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5676365617037312
Fixes: 16260/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5768093879500800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit dead949a1fbf019647f5c8ea797d1c7be6615639)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/alac: Check for bps of 0
Michael Niedermayer [Thu, 8 Aug 2019 23:23:49 +0000 (01:23 +0200)]
avcodec/alac: Check for bps of 0

Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 15764/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5102101203517440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8f49176e845fee8e4e0aaf06411636b46d1ae3ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/alac: Fix multiple integer overflows in lpc_prediction()
Michael Niedermayer [Thu, 8 Aug 2019 17:48:19 +0000 (19:48 +0200)]
avcodec/alac: Fix multiple integer overflows in lpc_prediction()

Fixes: signed integer overflow: 2088795537 + 2147254401 cannot be represented in type 'int'
Fixes: signed integer overflow: -1500363496 + -1295351808 cannot be represented in type 'int'
Fixes: signed integer overflow: -79560 * 32640 cannot be represented in type 'int'
Fixes: signed integer overflow: 2088910005 + 2088796058 cannot be represented in type 'int'
Fixes: signed integer overflow: -117258064 - 2088725225 cannot be represented in type 'int'
Fixes: signed integer overflow: 2088725225 - -117258064 cannot be represented in type 'int'
Fixes: 15739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-5630664122040320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ae3d6a337ad25527bcd3172e3885e45fadf9908c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/rl2: set dimensions
Michael Niedermayer [Mon, 22 Jul 2019 21:24:35 +0000 (23:24 +0200)]
avcodec/rl2: set dimensions

The dimensions are always 320x200 they are hardcoded in the demuxer.
Hardcode them instead in the decoder.

Fixes: Timeout (16sec -> 400ms)
Fixes: 15574/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RL2_fuzzer-5158614072819712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 965e766e4892cfc45c97cca88895248a7735e7d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/aacdec: Add FF_CODEC_CAP_INIT_CLEANUP
Michael Niedermayer [Thu, 22 Aug 2019 21:43:48 +0000 (23:43 +0200)]
avcodec/aacdec: Add FF_CODEC_CAP_INIT_CLEANUP

Fixes: memleaks
Fixes: 16289/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-5200695692623872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48b86dd8a6bf50a7d8ab0343a1535bc4b0b5b196)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/idcinvideo: Add 320x240 default maximum resolution
Michael Niedermayer [Thu, 22 Aug 2019 17:13:56 +0000 (19:13 +0200)]
avcodec/idcinvideo: Add 320x240 default maximum resolution

Fixes: Timeout (128sec -> 2ms)
Fixes: 16568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IDCIN_fuzzer-5675004095627264

See: [FFmpeg-devel] [PATCH 4/4] tools/target_dec_fuzzer: Adjust max_pixels for IDCIN

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9fcf881e69e34a2acfa2bb7052ca200cab16740)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavformat/realtextdec: free queue on error
Michael Niedermayer [Wed, 21 Aug 2019 18:37:17 +0000 (20:37 +0200)]
avformat/realtextdec: free queue on error

Fixes: memleak
Fixes: 16277/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5696629440512000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 493438fafc5c43b7b7c62bf0c21b7cc884034ce9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vp5/6/8: use vpX_rac_is_end()
Michael Niedermayer [Tue, 20 Aug 2019 09:51:48 +0000 (11:51 +0200)]
avcodec/vp5/6/8: use vpX_rac_is_end()

Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab56e62e8f7e02760cfc883956511cab32393315)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavformat/vividas: Check av_xiphlacing() return value before use
Michael Niedermayer [Wed, 21 Aug 2019 21:05:21 +0000 (23:05 +0200)]
avformat/vividas: Check av_xiphlacing() return value before use

Fixes: out of array access
Fixes: 16277/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5696629440512000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5937f0550304e39be64ce41cc936634f1db54e5d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/alsdec: Fix integer overflow in decode_var_block_data()
Michael Niedermayer [Sun, 18 Aug 2019 23:30:53 +0000 (01:30 +0200)]
avcodec/alsdec: Fix integer overflow in decode_var_block_data()

Fixes: signed integer overflow: 1927975249 - -514719744 cannot be represented in type 'int'
Fixes: 16413/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5651206856245248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 661a9b274b0181b2e36ff21fd13840f35992bea6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/alsdec: Limit maximum channels to 512
Michael Niedermayer [Tue, 20 Aug 2019 14:52:07 +0000 (16:52 +0200)]
avcodec/alsdec: Limit maximum channels to 512

There seems to be no limit in the specification and upto 64k could be stored
512 is choosen as limit as thats the maximum in a conformance sample

An alternative to this patch would be a max_channels variable

Fixes: OOM
Fixes: 16200/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5764788793114624

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Suggested-by: Thilo Borgmann <thilo.borgmann@mail.de>
Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f51e4d026cc762ff2d47d6107658dbff42ba5ea8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/anm: Check input size for a frame with just a stop code
Michael Niedermayer [Thu, 15 Aug 2019 19:00:54 +0000 (21:00 +0200)]
avcodec/anm: Check input size for a frame with just a stop code

Fixes: Timeout (11sec -> 6sec)
Fixes: 16344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANM_fuzzer-5673032000995328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1965161ef6d2aac8d3b034570c3da69dabca9e71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/flicvideo: Optimize and Simplify FLI_COPY in flic_decode_frame_24BPP() by...
Michael Niedermayer [Mon, 12 Aug 2019 19:17:05 +0000 (21:17 +0200)]
avcodec/flicvideo: Optimize and Simplify FLI_COPY in flic_decode_frame_24BPP() by using bytestream2_get_buffer()

Fixes: Timeout (31sec  -> 22sec)
Fixes: 16217/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5658084189405184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e301736862f18a449c317a47d0d60d3484e41667)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/loco: Check left column value
Michael Niedermayer [Mon, 12 Aug 2019 19:17:04 +0000 (21:17 +0200)]
avcodec/loco: Check left column value

Fixes: Timeout (42sec -> 379 ms)
Fixes: 16323/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5679178099195904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c812db814ebd603106220854e343558ec1115e57)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/ffwavesynth: Fixes invalid shift with pink noise seeking
Michael Niedermayer [Sat, 10 Aug 2019 21:09:45 +0000 (23:09 +0200)]
avcodec/ffwavesynth: Fixes invalid shift with pink noise seeking

Fixes: left shift of negative value -961533698048
Fixes: 16242/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5738550670131200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cdea0206efeca83a0a9b57d0764b177b2e11ab7c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/ffwavesynth: Fix integer overflow for some corner case values
Michael Niedermayer [Sat, 10 Aug 2019 21:09:44 +0000 (23:09 +0200)]
avcodec/ffwavesynth: Fix integer overflow for some corner case values

Fixes: left shift of negative value -14671840
Fixes: 16000/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5145977817661440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c4a88fb546b64179aff12c169239285932e570ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/indeo2: Check remaining input more often
Michael Niedermayer [Wed, 31 Jul 2019 22:50:21 +0000 (00:50 +0200)]
avcodec/indeo2: Check remaining input more often

Fixes: Timeout (95sec -> 30ms)
Fixes: 14765/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO2_fuzzer-5692455527120896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 52939a2c5772ec00101d293695d0a96dcccf99d9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/diracdec: Check that slices are fewer than pixels
Michael Niedermayer [Wed, 31 Jul 2019 23:49:47 +0000 (01:49 +0200)]
avcodec/diracdec: Check that slices are fewer than pixels

Fixes: Timeout (197sec ->144ms)
Fixes: 15034/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5733549405110272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fbbc8ba67f19d55380b1bc8b5f057328c266d747)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vp56: Consider the alpha start as end of the prior header
Michael Niedermayer [Tue, 6 Aug 2019 21:30:02 +0000 (23:30 +0200)]
avcodec/vp56: Consider the alpha start as end of the prior header

Fixes: Timeout (23sec -> 71ms)
Fixes: 15661/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6A_fuzzer-6257865947348992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db78bc1297ebaa51cfe5c80775808ec11ed7512b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/4xm: Check for end of input in decode_p_block()
Michael Niedermayer [Mon, 12 Aug 2019 00:17:18 +0000 (02:17 +0200)]
avcodec/4xm: Check for end of input in decode_p_block()

Fixes: Timeout (81sec -> 0.2sec)
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8f92eb05e063e6c4d6e36521020620d4e6e1c21d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/hevcdec: Check delta_luma_weight_l0/1
Michael Niedermayer [Mon, 12 Aug 2019 00:17:15 +0000 (02:17 +0200)]
avcodec/hevcdec: Check delta_luma_weight_l0/1

Fixes: signed integer overflow: 1 + 2147483647 cannot be represented in type 'int'
Fixes: 16041/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5685680656613376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 021f29506b493376d62cdb5b9cb66a6b85e5361f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/hnm4video: Optimize postprocess_current_frame()
Michael Niedermayer [Fri, 2 Aug 2019 23:49:55 +0000 (01:49 +0200)]
avcodec/hnm4video: Optimize postprocess_current_frame()

Improves: Timeout (220sec -> 108sec)
Improves: 15570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HNM4_VIDEO_fuzzer-5085482213441536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd460f4da04c05d6ba93ccbbe294e948768f0937)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/hevc_refs: Optimize 16bit generate_missing_ref()
Michael Niedermayer [Tue, 6 Aug 2019 16:05:02 +0000 (18:05 +0200)]
avcodec/hevc_refs: Optimize 16bit generate_missing_ref()

Fixes: Timeout (86sec -> 8sec) [these numbers assume also "[FFmpeg-devel] [PATCH 2/5] [RFC] avcodec/hevcdec: Check for overread in hls_decode_entry()"]
Fixes: 15702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657764929470464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da8936969fe695a042282d5686e12227745d299a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/scpr: Use av_memcpy_backptr() in type 17 and 33
Michael Niedermayer [Mon, 29 Jul 2019 22:52:18 +0000 (00:52 +0200)]
avcodec/scpr: Use av_memcpy_backptr() in type 17 and 33

This makes the changed code-path faster.

Change not tested except with the fuzzer testcase as I found no other testcase.

Improves: Timeout (136sec -> 74sec)
Improves: 16040/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5705876062601216

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit 950a21e83c742714d6afbecd3e3fd1887e80fa40)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/tiff: Enforce increasing offsets
Michael Niedermayer [Thu, 8 Aug 2019 23:23:46 +0000 (01:23 +0200)]
avcodec/tiff: Enforce increasing offsets

This may break some valid tiff files, it appears the specification does not require
the offsets to be increasing. They increase in the 2 test files i have though except
the last offset which is 0 (an end marker) and for which a special case is added to
avoid asking for a sample for that end marker.

See: [FFmpeg-devel] [PATCH 2/2] avcodec/tiff: Detect infinite retry loop
for an alternative implementation

Fixes: Timeout (Infinite -> Finite)
Fixes: 15706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5114674904825856

This variant was requested by paul on IRC
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1fedba3c350a9eb22a1748c9056206d63d4d2dd9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/dds: Use ff_set_dimensions()
Michael Niedermayer [Sat, 10 Aug 2019 21:09:49 +0000 (23:09 +0200)]
avcodec/dds: Use ff_set_dimensions()

Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in type 'int'
Fixes: 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cd1e939cf26e7a53f28cbbda22d27535981b9db)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavformat/vividas: Fix another infinite loop
Michael Niedermayer [Sat, 10 Aug 2019 21:09:47 +0000 (23:09 +0200)]
avformat/vividas: Fix another infinite loop

Not found by the fuzzer

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1d72b5d2d5225dde0662a1f2083a27f86a8fdb98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavformat/vividas: Fix infinite loop in header parser
Michael Niedermayer [Sat, 10 Aug 2019 21:09:46 +0000 (23:09 +0200)]
avformat/vividas: Fix infinite loop in header parser

Fixes: Timeout (Infinite -> Finite)
Fixes: 16010/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5638616102993920

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 52b564ef13237bfbb31a4103d29828dba9d14984)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/mpc8: Fix 32bit mask/enum
Michael Niedermayer [Sat, 10 Aug 2019 21:09:42 +0000 (23:09 +0200)]
avcodec/mpc8: Fix 32bit mask/enum

Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15817/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPC8_fuzzer-5636626409062400

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e8bb949ade4078ca318a9b3475cb7a6cfc7e4639)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()
Michael Niedermayer [Fri, 26 Jul 2019 13:37:30 +0000 (15:37 +0200)]
avcodec/alsdec: Fix integer overflows of raw_samples in decode_var_block_data()

This also makes the code consistent with the existing similar MUL64()
in decode_var_block_data()

Fixes: signed integer overflow: -7277630735906765035 + -3272193951413647896 cannot be represented in type 'long'
Fixes: 16015/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5666552818434048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fad3ec89b7a664b93b5e29bdb0db0cab0272a0c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()
Michael Niedermayer [Fri, 26 Jul 2019 12:33:14 +0000 (14:33 +0200)]
avcodec/alsdec: Fix integer overflow of raw_samples in decode_blocks()

Fixes: signed integer overflow: 2147483424 - -1772303236 cannot be represented in type 'int'
Fixes: 15708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5067890362941440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce652324062a2c72f92e40699797630ef7f1ec5a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/alsdec: fix mantisse shift
Michael Niedermayer [Fri, 26 Jul 2019 15:07:01 +0000 (17:07 +0200)]
avcodec/alsdec: fix mantisse shift

Fixes: shift exponent -1 is negative
Fixes: 16039/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5656825657032704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 02346292a334a51f6da802146b782bdb01ae9b4e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/pngdec: consider chunk size in minimal size check
Michael Niedermayer [Sun, 21 Jul 2019 22:03:15 +0000 (00:03 +0200)]
avcodec/pngdec: consider chunk size in minimal size check

assuming each block contains an empty chunk there has to be at least 8 bytes extra.

Fixes: 15327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5676669303521280
Fixes: Timeout (11->5sec)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70432eac0b511105a5d6654cb794bc5f3e983ee0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vc1_block: Fix invalid shifts in vc1_decode_i_blocks()
Michael Niedermayer [Sat, 22 Jun 2019 12:21:43 +0000 (14:21 +0200)]
avcodec/vc1_block: Fix invalid shifts in vc1_decode_i_blocks()

Fixes: left shift of negative value -9
Fixes: 15299/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5660922678345728
Fixes: 15557/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5673351911047168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9415e815a996d287850a3572ce2c1d663b9f657)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/vc1_block: fix invalid shift in vc1_decode_p_mb()
Michael Niedermayer [Sat, 22 Jun 2019 10:35:24 +0000 (12:35 +0200)]
avcodec/vc1_block: fix invalid shift in vc1_decode_p_mb()

Fixes: left shift of negative value -5
Fixes: 15294/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-5733921754447872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b153ba1c2e03d3148766a3ebf0e9c485197f30de)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavcodec/aacdec_template: fix integer overflow in imdct_and_windowing()
Michael Niedermayer [Tue, 9 Jul 2019 22:04:02 +0000 (00:04 +0200)]
avcodec/aacdec_template: fix integer overflow in imdct_and_windowing()

Fixes: signed integer overflow: 2147483645 + 4 cannot be represented in type 'int'
Fixes: 15418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5685269069561856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da93e2b14218c4ab0fda60e21882a4633aac5748)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 weeks agoavformat/mpegts: Check if ready on SCTE reception
Anthony Delannoy [Tue, 3 Sep 2019 15:54:24 +0000 (17:54 +0200)]
avformat/mpegts: Check if ready on SCTE reception

On some DVB stream SCTE-35 data packet are available before the end of
MpegTSContext initialization. We have to check if it is the case to
avoid a SEGFAULT.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 39f129593756e3e270ed3881ca076627f30e1eb7)

2 weeks agoavcodec/omx: fix xFramerate calculation
Aman Gupta [Thu, 29 Aug 2019 23:00:50 +0000 (16:00 -0700)]
avcodec/omx: fix xFramerate calculation

Integer overflow in the Q16 framerate calculation was sending
invalid values to the OMX encoder.

On the RPI4, this manifested as bitrate controls being ignored
on video streams with 60000/1001 framerates. Video streams with
30000/1001 framerates were not affected.

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit b022d9ba288ad3de321e0835b0aedfd91c2c3064)

2 weeks agoavformat/avidec: add support for recognizing HEVC fourcc when demuxing
Marton Balint [Fri, 23 Aug 2019 23:39:33 +0000 (01:39 +0200)]
avformat/avidec: add support for recognizing HEVC fourcc when demuxing

Some security cams generate this, as well as some versions of VirtualDub and
VLC so support for _reading_ such files is justified.

Fixes ticket #7110.

See also this discussion: https://patchwork.ffmpeg.org/patch/8744/

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 2e31774b409d77f046f166fb3ff630a9ef91def7)

2 weeks agoavformat/mpegts: fix teletext PTS when selecting teletext streams only
Marton Balint [Fri, 23 Aug 2019 22:27:41 +0000 (00:27 +0200)]
avformat/mpegts: fix teletext PTS when selecting teletext streams only

After a1b4f120c031e6697bac9fd8c725d9c37ee36d13 the teletext PTS values were set
to AV_NOPTS_VALUE if the stream of the PCR pid was discarded.

What actually matters is that if we parse the PCR of the PCR PID or not, so
let's use the cached discard value of the actual PCR PID instead of the stream
discard value, which may be different.

Also fixes ticket #7567, which was caused by the fact that teletext PTS values
were not touched if the PCR pid was discarded even before
a1b4f120c031e6697bac9fd8c725d9c37ee36d13.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 765c56bfa9037060e36250090880b2961c88f27d)

3 weeks agoavcodec/h2645_parse: zero initialize the rbsp buffer
James Almer [Mon, 26 Aug 2019 03:54:20 +0000 (00:54 -0300)]
avcodec/h2645_parse: zero initialize the rbsp buffer

Fixes ticket #8093

Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71)

3 weeks agoavcodec/omx: Fix handling of fragmented buffers
Dave Stevenson [Thu, 17 Jan 2019 17:39:34 +0000 (17:39 +0000)]
avcodec/omx: Fix handling of fragmented buffers

See https://trac.ffmpeg.org/ticket/7687

If an encoded frame is returned split over two or more
IL buffers due to the size, then there is a race between
whether get_buffer will fail, return NULL, and a truncated
frame is passed on, or IL will return the remaining part
of the encoded frame.
If get_buffer returns NULL, part of the frame is left behind
in the codec, and will be collected on the next call. That
then leaves a frame stuck in the codec. Repeat enough times
and the codec FIFO is full, and the pipeline stalls.

A performance improvement in the Raspberry Pi firmware means
that the timing has changed, and now frequently drops into the
case where get_buffer returns NULL.

Add code such that should a buffer be received without
OMX_BUFFERFLAG_ENDOFFRAME that get_buffer is called with wait
set, so we wait for the remainder of the frame.
This code has been made conditional on the Pi build in case
other IL implementations don't handle ENDOFFRAME correctly.

Signed-off-by: Dave Stevenson <dave.stevenson@raspberrypi.org>
Signed-off-by: Aman Gupta <aman@tmm1.net>
Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit 3d857f219eb972fb345e784d17268e16b6dec6f0)

3 weeks agoavcodec/omx: ensure zerocopy mode can be disabled on rpi builds
Aman Gupta [Thu, 22 Aug 2019 18:02:45 +0000 (11:02 -0700)]
avcodec/omx: ensure zerocopy mode can be disabled on rpi builds

fixes https://trac.ffmpeg.org/ticket/6586

Signed-off-by: Aman Gupta <aman@tmm1.net>
(cherry picked from commit 23a3e1460a7a609651bfe75b7b4c428eaa8f3902)

4 weeks agoavformat/mxfdec: do not ignore bad size errors
Marton Balint [Sat, 17 Aug 2019 09:40:11 +0000 (11:40 +0200)]
avformat/mxfdec: do not ignore bad size errors

The return value was unintentionally lost after
00a2652df3bf25a27d174cc67ed508b5317cb115.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 6ee40dcb64c91cc9a4cb988408d8ed159dacdcfe)

4 weeks agoavformat/matroskadec: Fix seeking
Andreas Rheinhardt [Sat, 17 Aug 2019 00:27:51 +0000 (02:27 +0200)]
avformat/matroskadec: Fix seeking

matroska_reset_status (a function that is used during seeking (among
other things)) used an int for the return value of avio_seek which
returns an int64_t. Checking the return value then indicated an error
even though the seek was successfull for targets in the range of
2GB-4GB, 6GB-8GB, ... This error implied that the status hasn't been
reset and in particular, the old level was still considered to be in
force, so that ebml_parse returned errors because the newly parsed
elements were of course not contained in the previously active and still
wrongly considered active master element any more.

Addresses ticket #8084.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit c294f38c91f440880ffd28fda0eeb1154431ab7e)

5 weeks agoffplay: properly detect all window size changes
Marton Balint [Tue, 13 Aug 2019 21:05:44 +0000 (23:05 +0200)]
ffplay: properly detect all window size changes

SDL_WINDOWEVENT_SIZE_CHANGED should be used instead of SDL_WINDOWEVENT_RESIZED
because SDL_WINDOWEVENT_RESIZED is only emitted if the resize happened due to
an external event.

Fixes ticket #8072.

Additional references:
https://bugzilla.libsdl.org/show_bug.cgi?id=4760
https://wiki.libsdl.org/SDL_WindowEventID

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit a1c70148471c528104d64dffbc7af70e5d1ce33e)

6 weeks agoconfigure: cuda_llvm: fix include path for MSYS2 n4.2
Ricardo Constantino [Mon, 5 Aug 2019 19:47:03 +0000 (20:47 +0100)]
configure: cuda_llvm: fix include path for MSYS2

MSYS2 converts paths to MinGW-based applications from unix to
pseudo-windows paths on execution time.
Since there was no space between '-include' and the path, MSYS2 doesn't
detect the path properly.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
6 weeks agoavformat/dashenc: fix writing the AV1 codec string in mp4 mode
James Almer [Tue, 30 Jul 2019 16:21:46 +0000 (13:21 -0300)]
avformat/dashenc: fix writing the AV1 codec string in mp4 mode

From https://aomediacodec.github.io/av1-isobmff/#codecsparam, the parameters
sample entry 4CC, profile, level, tier, and bitDepth are all mandatory fields.
All the other fields are optional, mutually inclusive (all or none).

Fixes ticket #8049

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1cf2f040e34bbfedde60ff3d91b2f7b770aca85b)

6 weeks agoavformat/dashenc: update stream extradata from packet side data
James Almer [Tue, 30 Jul 2019 18:08:36 +0000 (15:08 -0300)]
avformat/dashenc: update stream extradata from packet side data

codecpar->extradata is not going to change between packets. New extradata
is instead propagated using packet side data.

Use ff_alloc_extradata() as well.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit ce6a98e8306105b07bd7653f4f10c23fd75914ee)

6 weeks agoavformat/av1: combine high_bitdepth and twelve_bit into a single bitdepth value
James Almer [Tue, 30 Jul 2019 14:55:26 +0000 (11:55 -0300)]
avformat/av1: combine high_bitdepth and twelve_bit into a single bitdepth value

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9a44ec94100a647df6920c65cccdd605a2e6865b)

6 weeks agoavformat/av1: rename some AV1SequenceParameters fields
James Almer [Tue, 30 Jul 2019 14:48:38 +0000 (11:48 -0300)]
avformat/av1: rename some AV1SequenceParameters fields

Cosmetic change.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0d597a69bad6e98d088f4c17989abd6a6a34084d)

6 weeks agoavformat/av1: split off sequence header parsing from the av1C writing function
James Almer [Tue, 30 Jul 2019 15:08:44 +0000 (12:08 -0300)]
avformat/av1: split off sequence header parsing from the av1C writing function

It will be used by the dash muxer

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 68e48e5d97c102ea02c86e2922f3b8b42ffad07d)

6 weeks agoavformat/av1: add color config values to AV1SequenceParameters
James Almer [Tue, 30 Jul 2019 14:43:02 +0000 (11:43 -0300)]
avformat/av1: add color config values to AV1SequenceParameters

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0c7cfd2c1919e5caaa138559d8f05e79447181aa)

6 weeks agolibavcodec/iff: Use unsigned to avoid undefined behaviour
Andreas Rheinhardt [Fri, 2 Aug 2019 20:29:16 +0000 (22:29 +0200)]
libavcodec/iff: Use unsigned to avoid undefined behaviour

The initialization of the uint32_t plane32_lut matrix uses left shifts
of the form 1 << plane; plane can be as big as 31 which means that this
is undefined behaviour as 1 will be simply an int. So make it unsigned
to avoid this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f12e662a3d3f489eec887b5f2ab20a550caed9cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/alsdec: Check for block_length <= 0 in read_var_block_data()
Michael Niedermayer [Fri, 26 Jul 2019 13:26:08 +0000 (15:26 +0200)]
avcodec/alsdec: Check for block_length <= 0 in read_var_block_data()

Fixes: left shift of negative value -1
Fixes: 15719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5685731105701888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be4fb282f9fb00d9c267dcc477745e2e468e758f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vqavideo: Set video size
Michael Niedermayer [Thu, 25 Jul 2019 22:35:32 +0000 (00:35 +0200)]
avcodec/vqavideo: Set video size

Fixes: out of array access
Fixes: 15919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-5657368257363968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 02f909dc24b1f05cfbba75077c7707b905e63cd2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/sanm: Check extradata_size before allocations
Michael Niedermayer [Mon, 15 Jul 2019 21:26:05 +0000 (23:26 +0200)]
avcodec/sanm: Check extradata_size before allocations

Fixes: Leaks
Fixes: 15349/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5102530557640704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 172a43ce36e671fdab63afe1c06876bba91445b3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/mss1: check for overread and forward errors
Michael Niedermayer [Fri, 2 Aug 2019 22:29:48 +0000 (00:29 +0200)]
avcodec/mss1: check for overread and forward errors

Fixes: Timeout (106sec -> 14ms)
Fixes: 15576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS1_fuzzer-5688080461201408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 43015afd7ce9055f1fa2d7648c3fcd9b7cfd7721)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/loco: Check for end of input in pixel decode
Michael Niedermayer [Fri, 2 Aug 2019 20:14:22 +0000 (22:14 +0200)]
avcodec/loco: Check for end of input in pixel decode

Fixes: Timeout (100sec -> 5sec)
Fixes: 15509/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5724297261219840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8305a4509af2908d88bb623deb816fdaa8056c83)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/dirac_parser: Fix overflow in dts
Michael Niedermayer [Thu, 11 Jul 2019 21:23:07 +0000 (23:23 +0200)]
avcodec/dirac_parser: Fix overflow in dts

Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 549fcba8fc83330763ccd3cc67233037c96bc6d9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/ralf: Fix undefined pointer in decode_channel()
Michael Niedermayer [Sun, 4 Aug 2019 15:25:55 +0000 (17:25 +0200)]
avcodec/ralf: Fix undefined pointer in decode_channel()

Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c06ba171697b665ef4b2b47fe0008199b3eff86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/ralf: Fix integer overflow in apply_lpc()
Michael Niedermayer [Sun, 4 Aug 2019 15:20:45 +0000 (17:20 +0200)]
avcodec/ralf: Fix integer overflow in apply_lpc()

Fixes: signed integer overflow: 1603085316 + 1238786562 cannot be represented in type 'int'
Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ccca484324e04dff4cb81d0f9018ae828e6b5c89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vorbisdec: Implement vr->classifications = 1
Michael Niedermayer [Sun, 4 Aug 2019 15:10:18 +0000 (17:10 +0200)]
avcodec/vorbisdec: Implement vr->classifications = 1

It appears no valid file uses this, so this is not testable with
a valid file.

Fixes: assertion failure
Fixes: 16187/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5638880618872832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a5f12e3b3f2177ede5839ff4141228666b8436f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide
Michael Niedermayer [Sun, 4 Aug 2019 10:28:55 +0000 (12:28 +0200)]
avcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide

Fixes: division by zero
Fixes: 16183/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5688966782648320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aecc9b96d613f54d772e9475738bb54e0e1f182e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/realtextdec: Check for duplicate extradata in realtext_read_header()
Michael Niedermayer [Sun, 4 Aug 2019 10:21:51 +0000 (12:21 +0200)]
avformat/realtextdec: Check for duplicate extradata in realtext_read_header()

Fixes: memleak
Fixes: 16140/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5684008052064256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 652ea23cb34bc59b38c0088865600e2b86079815)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: Fix memleak of AVIOContext in track_header()
Michael Niedermayer [Sun, 4 Aug 2019 10:13:21 +0000 (12:13 +0200)]
avformat/vividas: Fix memleak of AVIOContext in track_header()

Fixes: memleak
Fixes: 16127/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5649290914955264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76133d7c8bfe19833e1973849eabe6a78913e4aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/cbs_av1_syntax_template: Check ref_frame_idx before use
Michael Niedermayer [Sun, 4 Aug 2019 07:51:26 +0000 (09:51 +0200)]
avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use

Fixes: index -1 out of bounds for type 'AV1ReferenceFrameState [8]'
Fixes: 16079/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5758807440883712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
See: [FFmpeg-devel] [PATCH 05/13] avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8174e5c77d8a94b57b6b1bcbb90728cf8b08ab6b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/apedec: Fix 2 signed overflows
Michael Niedermayer [Sun, 4 Aug 2019 07:46:34 +0000 (09:46 +0200)]
avcodec/apedec: Fix 2 signed overflows

Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int'
Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 392c028cd23d128f33d93b2159eed5de42f72b4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/mss3: Check for the rac stream being invalid in rac_normalize()
Michael Niedermayer [Sun, 4 Aug 2019 07:33:45 +0000 (09:33 +0200)]
avcodec/mss3: Check for the rac stream being invalid in rac_normalize()

Fixes: out of array read
Fixes: 15982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSA1_fuzzer-5630676251967488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 99a172f3f4d0bef024c6293f575caaaddce0b267)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vc1_block: Check get_vlc2() return before use
Michael Niedermayer [Sun, 4 Aug 2019 06:32:58 +0000 (08:32 +0200)]
avcodec/vc1_block: Check get_vlc2() return before use

Fixes: index -1 out of bounds for type 'const uint8_t [185][2]'
Fixes: 15720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5666071933091840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2cb1f797350875ec45cb20d59dc0684fcbac20fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/apedec: Do not partially clear data array
Michael Niedermayer [Sun, 4 Aug 2019 06:26:40 +0000 (08:26 +0200)]
avcodec/apedec: Do not partially clear data array

Fixes: Assertion failure and memleak
Fixes: 15709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5182435093905408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e4b522c9146b9c14579ae7381fb1043b7423578)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/atrac9dec: Check grad_range[1] more tightly
Michael Niedermayer [Sat, 3 Aug 2019 22:45:20 +0000 (00:45 +0200)]
avcodec/atrac9dec: Check grad_range[1] more tightly

Alternatively the array could be made bigger but the extra values
would not be read without other changes.

Fixes: Out of array access
Fixes: 15658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5738260074070016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 208225bd782207aaf2b380522f96fd4fe4dc3441)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agocompat/cuda: Change inclusion guards
Andreas Rheinhardt [Mon, 5 Aug 2019 01:09:41 +0000 (03:09 +0200)]
compat/cuda: Change inclusion guards

cuda_runtime.h as well as dynlink_loader.h used nonstandard inclusion
guards with an AV_ prefix, although these files are not in an libav*/
path. So change the inclusion guards and adapt the ref file of the
source fate test accordingly.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
6 weeks agoavcodec/hnm4video: Forward errors of decode_interframe_v4()
Michael Niedermayer [Fri, 2 Aug 2019 21:54:49 +0000 (23:54 +0200)]
avcodec/hnm4video: Forward errors of decode_interframe_v4()

Fixes: Timeout (108sec -> 160ms)
Fixes: 15570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HNM4_VIDEO_fuzzer-5085482213441536

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9af8ce754b705c36ad4d2b6fd0f73f87ca4381c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: Check that value from ffio_read_varlen() does not overflow
Michael Niedermayer [Sat, 20 Jul 2019 20:41:08 +0000 (22:41 +0200)]
avformat/vividas: Check that value from ffio_read_varlen() does not overflow

Fixes: signed integer overflow: -1241665686 + -1340629419 cannot be represented in type 'int'
Fixes: 15922/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5692826442006528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07357cd93355d553dde698933a8176dd48b98344)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: forward errors from track_header()
Michael Niedermayer [Sat, 20 Jul 2019 20:36:10 +0000 (22:36 +0200)]
avformat/vividas: forward errors from track_header()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8bac648359b78cd4aa02b5fc91c24a32cc3bddfa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/clearvideo: fix invalid shift in tile size check
Michael Niedermayer [Sat, 13 Jul 2019 18:16:19 +0000 (20:16 +0200)]
avcodec/clearvideo: fix invalid shift in tile size check

Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15631/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5690110605000704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5dc94924d0fbdedba4356c21ec7de0347b8e4757)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: Check buffer size before allocation
Michael Niedermayer [Sat, 13 Jul 2019 17:57:21 +0000 (19:57 +0200)]
avformat/vividas: Check buffer size before allocation

Fixes: out of array access
Fixes: 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c3ef24d9baf63f8c8794dfb2ef7192a64b586526)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>