ffmpeg.git
2 months agoavcodec/truemotion2: Fix 2 integer overflows in tm2_update_block()
Michael Niedermayer [Fri, 19 Apr 2019 23:05:44 +0000 (01:05 +0200)]
avcodec/truemotion2: Fix 2 integer overflows in tm2_update_block()

Fixes: signed integer overflow: -2147483648 + -1 cannot be represented in type 'int'
Fixes: 14107/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5694078680825856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4a1b8d409639b2394589efe20ad55410cce391c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/gdv: Check input palette size before rescale()
Michael Niedermayer [Thu, 25 Apr 2019 17:18:08 +0000 (19:18 +0200)]
avcodec/gdv: Check input palette size before rescale()

Fixes: Timeout (22sec -> 11sec)
Fixes: 13576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5681024577568768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f857753f56f86046d454969e33ba85b3bac99be2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/jpeg2000: Check stepsize before using it
Michael Niedermayer [Mon, 15 Apr 2019 22:41:54 +0000 (00:41 +0200)]
avcodec/jpeg2000: Check stepsize before using it

Fixes: value 1.87633e+10 is outside the range of representable values of type 'int'
Fixes: Undefined behavior
Fixes: 14246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5758393601490944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 06ef186fa1b7329c6fe6723372a72464c998059b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/aacdec_fixed: Fix undefined shift in noise_scale()
Michael Niedermayer [Fri, 29 Mar 2019 07:58:49 +0000 (08:58 +0100)]
avcodec/aacdec_fixed: Fix undefined shift in noise_scale()

Fixes: 13655/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5120559430500352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8ea211ab79d646f6d0af0945971ee55f36bfcbc9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavutil/avstring: Fix bug and undefined behavior in av_strncasecmp()
Michael Niedermayer [Mon, 15 Apr 2019 22:09:38 +0000 (00:09 +0200)]
avutil/avstring: Fix bug and undefined behavior in av_strncasecmp()

The function in case of n=0 would read more bytes than 0.
The end pointer could be beyond the allocated space, which
is undefined.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f0e9a863466bfcbd75ee15d4d8a6aad2a5126a4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/mov: Skip stsd adjustment without chunks
Michael Niedermayer [Tue, 16 Apr 2019 20:15:14 +0000 (22:15 +0200)]
avformat/mov: Skip stsd adjustment without chunks

Fixes: Assertion failure
Fixes: clusterfuzz-testcase-minimized-media_pipeline_integration_fuzzer-5683096400822272

Found-by: Clusterfuzz
Reported-by: Dan Sanders <sandersd@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18a567c369d74af5ef651b07c4c5615f5598616b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/aadec: Check for scanf() failure
Michael Niedermayer [Tue, 16 Apr 2019 21:56:43 +0000 (23:56 +0200)]
avformat/aadec: Check for scanf() failure

Fixes: use of uninitialized variables
Fixes: blank.aa

Found-by: Chamal De Silva <chamal.desilva@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed188f6dcdf0935c939ed813cf8745d50742014b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside
Michael Niedermayer [Sat, 20 Apr 2019 16:11:42 +0000 (18:11 +0200)]
avcodec/ccaption_dec: Add a blank like at the end to avoid rollup reading from outside

Fixes: index 20 out of bounds for type 'const char *[4][128]'
Fixes: 14367/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CCAPTION_fuzzer-5718819672162304

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f17e8e90bb1fe5e4db18cc6dde9522417108c7bd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()
Michael Niedermayer [Thu, 11 Apr 2019 22:09:57 +0000 (00:09 +0200)]
avcodec/ivi: Move buffer/block end check to caller of ivi_dc_transform()

Fixes: assertion failure
Fixes: 14078/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO5_fuzzer-5760571284127744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 110dce96331529a13cc815d3c852aed9d37f83d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/diracdec: Use 64bit in intermediate of global motion vector field generation
Michael Niedermayer [Sun, 7 Apr 2019 14:44:53 +0000 (16:44 +0200)]
avcodec/diracdec: Use 64bit in intermediate of global motion vector field generation

It seems the specification does not limit the value to 32bit

Fixes: signed integer overflow: -109611143 * 24 cannot be represented in type 'int'
Fixes: 13477/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5648337460527104

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 837820f385af699f9bee5e2ba3169dda15e5894d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/truemotion2: Fix integer overflow in tm2_decode_blocks()
Michael Niedermayer [Tue, 26 Mar 2019 23:39:56 +0000 (00:39 +0100)]
avcodec/truemotion2: Fix integer overflow in tm2_decode_blocks()

Fixes: signed integer overflow: 255 + 2147483634 cannot be represented in type 'int'
Fixes: 13472/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5712444142387200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ad0533e914a2618aea1dc77748037bd8459f61d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agomovsub_bsf: Fix mov2textsub regression
Andreas Rheinhardt [Sun, 23 Jun 2019 04:46:12 +0000 (06:46 +0200)]
movsub_bsf: Fix mov2textsub regression

The mov flavour of timed text uses the first two bytes of the packet as
a length field. And up until 11bef2fe said length field has been read
correctly in the mov2textsub bsf. But since then the next two bytes are
read as if they were the length field. This is fixed in this commit.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 800f618a340d122754e7bdb82c22463cb9bd17b0)

3 months agolavc/libaomenc: Add a maximum constraint of 64 encoder threads.
Jun Zhao [Tue, 27 Nov 2018 09:18:26 +0000 (17:18 +0800)]
lavc/libaomenc: Add a maximum constraint of 64 encoder threads.

fixed the error in Intel(R) Xeon(R) Gold 6152 CPU like:
[libaom-av1 @ 0x469f340] Failed to initialize encoder: Invalid parameter
[libaom-av1 @ 0x469f340]   Additional information: g_threads out of range [..MAX_NUM_THREADS]

Signed-off-by: Jun Zhao <mypopydev@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b87063c06dde35ef6b56f51df7642661a3b115da)

4 months agoavformat/aacdec: fix demuxing of small frames
James Almer [Thu, 25 Apr 2019 22:04:01 +0000 (19:04 -0300)]
avformat/aacdec: fix demuxing of small frames

10 bytes (id3v2 header amount of bytes) were being read before any checks
were made on the bitstream. The result was that we were overreading into
the next frame if the current one was 8 or 9 bytes long.

Fixes tickets #7271 and #7869.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d88193c2196cf5342424aaa7a44b046c71c2527a)

4 months agoavcodec/cuviddec: improve progressive frame detection
Sergey Svechnikov [Mon, 22 Apr 2019 17:26:24 +0000 (22:26 +0500)]
avcodec/cuviddec: improve progressive frame detection

There are 2 types of problems when using adaptive deinterlace with cuvid:

1. Sometimes, in the middle of transcoding, cuvid outputs frames with visible horizontal lines (as though weave deinterlace method was chosen);
2. Occasionally, on scene changes, cuvid outputs a wrong frame, which should have been shown several seconds before (as if the frame was assigned some wrong PTS value).

The reason is that sometimes CUVIDPARSERDISPINFO has property progressive_frame equal to 1 with interlaced videos.
In order to fix the problem we should check if the video is interlaced or progressive in the beginning of a video sequence (cuvid_handle_video_sequence).
And then we just use this information instead of the property progressive_frame in CUVIDPARSERDISPINFO (which is unreliable).

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
5 months agoavformat/matroskaenc: fix leak on error
Tristan Matthews [Thu, 4 Apr 2019 16:56:26 +0000 (12:56 -0400)]
avformat/matroskaenc: fix leak on error

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1ec777dcdd03b43d3d694c3b4532dccea0b419f0)

5 months agoavformat/av1: Initialize padding in ff_isom_write_av1c
Jeremy Dorfman [Mon, 8 Apr 2019 12:14:27 +0000 (08:14 -0400)]
avformat/av1: Initialize padding in ff_isom_write_av1c

Otherwise, AV1 encodes with FFmpeg trigger use-of-uninitialized-value
warnings under MemorySanitizer, and the output buffer potentially
changes from run to run.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit bb5efd1727eeecc9be8f1402810c7ab72344eed3)

5 months agoavcodec/cbs_av1: fix parsing spatial_id
James Almer [Mon, 25 Mar 2019 04:08:30 +0000 (01:08 -0300)]
avcodec/cbs_av1: fix parsing spatial_id

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 461303f94ab64e0cbd502cddb6e79473f8f525a1)

5 months agoChangelog: update n4.1.3
Michael Niedermayer [Mon, 1 Apr 2019 08:33:02 +0000 (10:33 +0200)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/rscc: Check that the to be uncompressed input is large enough
Michael Niedermayer [Sun, 31 Mar 2019 15:31:17 +0000 (17:31 +0200)]
avcodec/rscc: Check that the to be uncompressed input is large enough

Fixes: Out of array access
Fixes: 13984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RSCC_fuzzer-5734128093233152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a0ec1511e7040845a0d1ce99fe2f30a0972b6d2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/movenc: free eac3 private data only when closing the stream
James Almer [Fri, 29 Mar 2019 01:36:25 +0000 (22:36 -0300)]
avformat/movenc: free eac3 private data only when closing the stream

This makes sure the data is available when writing the moov atom during the
second pass triggered by the faststart movflag.

Fixes ticket #7780

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 27c94c57dc84da8125225fda7d241be57d19b391)

5 months agoUpdate for 4.1.3
Michael Niedermayer [Sun, 31 Mar 2019 21:31:47 +0000 (23:31 +0200)]
Update for 4.1.3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/hevcdec: Avoid only partly skiping duplicate first slices
Michael Niedermayer [Sat, 23 Mar 2019 19:55:08 +0000 (20:55 +0100)]
avcodec/hevcdec: Avoid only partly skiping duplicate first slices

Fixes: NULL pointer dereference and out of array access
Fixes: 13871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5746167087890432
Fixes: 13845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5650370728034304

This also fixes the return code for explode mode

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 54655623a82632e7624714d7b2a3e039dc5faa7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavc/bmp: Avoid a heap buffer overwrite for 1bpp input.
Carl Eugen Hoyos [Tue, 26 Mar 2019 12:32:11 +0000 (13:32 +0100)]
lavc/bmp: Avoid a heap buffer overwrite for 1bpp input.

Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon
of the Information Security Lab, Yonsei University.

(cherry picked from commit 1e34014010dba9325fc5430934b51a61a5007c63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpegpicture: Check size of edge_emu_buffer
Michael Niedermayer [Sun, 17 Mar 2019 14:18:20 +0000 (15:18 +0100)]
avcodec/mpegpicture: Check size of edge_emu_buffer

Fixes: OOM
Fixes: 13710/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5633152942342144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 635067b75fce06928431ce9b9fcaee0c9b6b7280)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mov: Fix potential integer overflow in entry check in mov_read_trun()
Michael Niedermayer [Sun, 17 Mar 2019 10:14:26 +0000 (11:14 +0100)]
avformat/mov: Fix potential integer overflow in entry check in mov_read_trun()

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ff13a92a6f8413402f5b3cacedda7c10d350b487)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/truemotion2: Fix integer overflow in tm2_null_res_block()
Michael Niedermayer [Sat, 16 Mar 2019 01:30:57 +0000 (02:30 +0100)]
avcodec/truemotion2: Fix integer overflow in tm2_null_res_block()

Fixes: signed integer overflow: 1111638592 - -2122219136 cannot be represented in type 'int'
Fixes: 13441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5732769815068672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1223696c725a8ea7e80498e6ccfab37eea179b76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/cbs_av1: fix range of values for Mastering Display Color Volume Metadata...
James Almer [Thu, 21 Mar 2019 18:37:26 +0000 (15:37 -0300)]
avcodec/cbs_av1: fix range of values for Mastering Display Color Volume Metadata OBUs

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 40490b3a63368bdc2403bf7415b214e6dc0a9a3a)

5 months agoavcodec/av1_parser: don't abort parsing the first frame if extradata parsing fails
James Almer [Sun, 24 Mar 2019 21:22:32 +0000 (18:22 -0300)]
avcodec/av1_parser: don't abort parsing the first frame if extradata parsing fails

The first frame contains the sequence header, which is needed to parse every
following frame.

This fixes parsing streams with broken extradata but correct packet data.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 699d0c2a30d5b2a10b6a0f459a35d665dc22b2f1)

6 months agoChangelog: update n4.1.2
Michael Niedermayer [Thu, 21 Mar 2019 08:02:44 +0000 (09:02 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/dfa: Check the chunk header is not truncated
Michael Niedermayer [Sun, 10 Mar 2019 22:45:19 +0000 (23:45 +0100)]
avcodec/dfa: Check the chunk header is not truncated

Fixes: Timeout (11sec -> 3sec)
Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/clearvideo: Check remaining data in P frames
Michael Niedermayer [Fri, 8 Mar 2019 00:42:06 +0000 (01:42 +0100)]
avcodec/clearvideo: Check remaining data in P frames

Fixes: Timeout (19sec -> 419msec)
Fixes: 13411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5733153811988480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 41f93f941155f9f9dbb2d5e7f5d20b2238150836)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/hevcdec: decode at most one slice reporting being the first in the picture
James Almer [Mon, 18 Mar 2019 20:25:58 +0000 (17:25 -0300)]
avcodec/hevcdec: decode at most one slice reporting being the first in the picture

Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.

Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 70c8c8a818f39bc262565ec29fae2baffb3e1660)

6 months agoUpdate for 4.1.2
Michael Niedermayer [Thu, 14 Mar 2019 16:31:54 +0000 (17:31 +0100)]
Update for 4.1.2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/dvbsubdec: Check object position
Michael Niedermayer [Tue, 5 Mar 2019 19:14:05 +0000 (20:14 +0100)]
avcodec/dvbsubdec: Check object position

Reference: ETSI EN 300 743 V1.2.1  7.2.2 Region composition segment

Fixes: Timeout
Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8c5ae451184e879fc8ff1333c6f26f9542c8ebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/cdgraphics: Use ff_set_dimensions()
Michael Niedermayer [Tue, 5 Mar 2019 11:51:22 +0000 (12:51 +0100)]
avcodec/cdgraphics: Use ff_set_dimensions()

Fixes: Timeout (17 sec -> 65 milli sec)
Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a9f0e239c1c6f5c96cc90ba673087f86ca1eabc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/gdv: Check fps
Michael Niedermayer [Mon, 4 Mar 2019 23:48:18 +0000 (00:48 +0100)]
avformat/gdv: Check fps

Fixes: Division by 0
Fixes: ffmpeg_zero_division.bin

Found-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38381400fca45d1ae6e7604335b507b7dc70a903)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoconfigure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking
Guo, Yejun [Mon, 4 Mar 2019 22:09:18 +0000 (06:09 +0800)]
configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d9b2668766e3e924d4ebb3c6531b449874e13666)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoconfigure: add missing pthreads extralibs dependency for libvpx-vp9
Guo, Yejun [Mon, 4 Mar 2019 22:09:11 +0000 (06:09 +0800)]
configure: add missing pthreads extralibs dependency for libvpx-vp9

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 402bf262375dfecd0e90d7acc67c238abe952fc3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()
Michael Niedermayer [Sun, 10 Mar 2019 00:40:59 +0000 (01:40 +0100)]
avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()

Fixes: Out of array access
Fixes: 13500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5769760178962432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d227ed5d598340e719eff7156b1aa0a4469e9a6a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/dxv: Correct integer overflow in get_opcodes()
Michael Niedermayer [Sat, 2 Mar 2019 23:47:47 +0000 (00:47 +0100)]
avcodec/dxv: Correct integer overflow in get_opcodes()

Fixes: 13099/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5665598896340992
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e0b5d3a20e107860a34e90139b860d6b8219a1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/scpr: Fix use of uninitialized variable
Michael Niedermayer [Wed, 27 Feb 2019 23:12:14 +0000 (00:12 +0100)]
avcodec/scpr: Fix use of uninitialized variable

Fixes: Undefined shift
Fixes: 12911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5677102915911680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53248acfb3b23007c89ae822d7bcae451272d5a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
Michael Niedermayer [Sat, 23 Feb 2019 23:44:40 +0000 (00:44 +0100)]
avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes

Fixes: Timeout (27 sec -> 39 milli sec)
Fixes: 13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b819472995f55e827d6bb70dcdd86d963f65ae31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/aic: Check remaining bits in aic_decode_coeffs()
Michael Niedermayer [Mon, 25 Feb 2019 12:26:25 +0000 (13:26 +0100)]
avcodec/aic: Check remaining bits in aic_decode_coeffs()

Fixes: Timeout (78 seconds -> 2 seconds)
Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 951bb7632fe6e3bb1a9c3b47610705871e471f34)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/gdv: Check for truncated tags in decompress_5()
Michael Niedermayer [Mon, 25 Feb 2019 00:26:30 +0000 (01:26 +0100)]
avcodec/gdv: Check for truncated tags in decompress_5()

Testcase: 13169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5666354038833152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5cf42f65b60d226d1223d2100cb1d90402189275)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/bethsoftvideo: Check block_type
Michael Niedermayer [Sun, 24 Feb 2019 22:39:44 +0000 (23:39 +0100)]
avcodec/bethsoftvideo: Check block_type

Fixes: Timeout (17 seconds -> 1 second)
Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8ecadec0582a1521b5d0d253376966138e6ca78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
Michael Niedermayer [Mon, 18 Feb 2019 23:05:51 +0000 (00:05 +0100)]
avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()

Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int'
Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4801eea0d465cd54670e7c19322705544e3e7524)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/error_resilience: Use a symmetric check for skipping MV estimation
Michael Niedermayer [Tue, 19 Feb 2019 17:41:42 +0000 (18:41 +0100)]
avcodec/error_resilience: Use a symmetric check for skipping MV estimation

This speeds up the testcase by a factor of 4

Fixes: Timeout
Fixes: 13100/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5767533905313792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4289cb253e29e4d62dc46759eb1a45d8f6d82df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/mlpdec: Insuffient typo
Michael Niedermayer [Sat, 23 Feb 2019 21:00:39 +0000 (22:00 +0100)]
avcodec/mlpdec: Insuffient typo

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc32e08941ea2795a3096e7a4013843e9ebf5fe3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/zmbv: obtain frame later
Michael Niedermayer [Thu, 21 Feb 2019 16:25:14 +0000 (17:25 +0100)]
avcodec/zmbv: obtain frame later

The frame is not needed that early so obtaining it later avoids
the costly operation in case other checks fail.

Fixes: Timeout (14sec -> 4sec)
Fixes: 13140/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-5738330308739072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 177b40890c6de8c6896e0a1d4a631ea1ca89c044)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/jvdec: Check available input space before decode8x8()
Michael Niedermayer [Thu, 21 Feb 2019 00:09:43 +0000 (01:09 +0100)]
avcodec/jvdec: Check available input space before decode8x8()

Fixes: Timeout (78 sec -> 15 millisec)
Fixes: 13147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5727107827630080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61523683c5a9bda9aaa7ae24764a3df0401a9877)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/h264_direct: Fix overflow in POC comparission
Michael Niedermayer [Wed, 13 Feb 2019 23:05:34 +0000 (00:05 +0100)]
avcodec/h264_direct: Fix overflow in POC comparission

Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int'
Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ccf296e74725bc8bdfbfe500d0482daa200b6f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/webmdashenc: Check id in adaption_sets
Michael Niedermayer [Wed, 13 Feb 2019 09:15:04 +0000 (10:15 +0100)]
avformat/webmdashenc: Check id in adaption_sets

Fixes: out of array access

Found-by: Wenxiang Qian
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b687b549aa0fb115861b1343208de8c2630803bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/http: Fix Out-of-Bounds access in process_line()
Wenxiang Qian [Wed, 13 Feb 2019 07:54:08 +0000 (08:54 +0100)]
avformat/http: Fix Out-of-Bounds access in process_line()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85f91ed760a517c0d5fcf692d40a5a9d7efa9476)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
Wenxiang Qian [Wed, 13 Feb 2019 07:47:20 +0000 (08:47 +0100)]
avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop...
Kevin Backhouse via RT [Wed, 6 Feb 2019 12:56:01 +0000 (12:56 +0000)]
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces

Fixes: [Semmle Security Reports #19439]
Fixes: dos_sscanf2.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 894995c41e0795c7a44f81adc4838dedc3932e65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop...
Kevin Backhouse via RT [Wed, 6 Feb 2019 11:29:22 +0000 (11:29 +0000)]
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for tag scaning

Fixes: [Semmle Security Reports #19438]
Fixes: dos_sscanf1.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f00c97bc3475c477f3c468cf2d924d5761d0982)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/matroskadec: Do not leak queued packets on sync errors
Michael Niedermayer [Wed, 6 Feb 2019 14:29:38 +0000 (15:29 +0100)]
avformat/matroskadec: Do not leak queued packets on sync errors

Fixes: memleak
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280

Reported-by: Chris Cunningham <chcunningham@google.com>
Tested-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/mpeg4videodec: Clear interlaced_dct for studio profile
Michael Niedermayer [Fri, 15 Feb 2019 00:57:09 +0000 (01:57 +0100)]
avcodec/mpeg4videodec: Clear interlaced_dct for studio profile

Fixes: Out of array access
Fixes: 13090/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5408668986638336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f686d023b95219db933394a7704ad9aa5f01cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference...
Michael Niedermayer [Tue, 12 Feb 2019 22:28:35 +0000 (23:28 +0100)]
avformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference stream

Fixes: NULL pointer dereference
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088

Reported-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
Michael Niedermayer [Sun, 3 Feb 2019 14:13:03 +0000 (15:13 +0100)]
avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()

Fixes: 1377/clusterfuzz-testcase-minimized-5487049807233024
Fixes: assertion failure in sbr_sum_square_c()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4cde7e62dbaa63eda173e8d24a97d273890f282c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/prores_ks: Fix luma quantization if q >= MAX_STORED_Q
Alex Mogurenko [Fri, 28 Dec 2018 20:30:08 +0000 (22:30 +0200)]
avcodec/prores_ks: Fix luma quantization if q >= MAX_STORED_Q

The problem occurs in slice quant estimation and slice encoding:

If the slice quant is larger than  MAX_STORED_Q we don't use pre-calculated
quant matrices, but generate a new one, but both qmat and qmat_chroma both
point to the same table, so the luma table ends up having chroma table
values.

Add custom_chroma_q the same way as custom_q.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
(cherry picked from commit e4788ae31b2e9af45d11f4bf4498c075dcc25a6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/mov: fix hang while seek on a kind of fragmented mp4
Charles Liu [Sun, 3 Feb 2019 15:09:06 +0000 (23:09 +0800)]
avformat/mov: fix hang while seek on a kind of fragmented mp4

Binary searching would hang if the fragment items do NOT have timestamp for the
specified stream.

For example, a fmp4 consists of separated 'moof' boxes for each track, and
separated 'sidx' for each segment, but no 'mfra' box.  Then every fragment item
only have the timestamp for one of its tracks.

Example:
ffmpeg -f lavfi -i testsrc -f lavfi -i sine -movflags dash+frag_keyframe+skip_trailer+separate_moof -t 1 out.mp4
ffmpeg -ss 0.5 -i out.mp4 -f null none

Also fixes the hang in ticket #7572, but not the reason for having
AV_NOPTS_VALUE timestamps there.

Signed-off-by: Charles Liu <liuchh83@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit aa25198f1b925a464bdfa83a98476f08d26c9209)

7 months agoavformat/async: fix assertion condition when draining buffer
Marton Balint [Sun, 27 Jan 2019 18:48:12 +0000 (19:48 +0100)]
avformat/async: fix assertion condition when draining buffer

Fixes some random assertion failures with

ffprobe -show_packets async:samples/ffmpeg-bugs/trac/ticket6132/Samsung_HDR_-_Chasing_the_Light.ts > /dev/null

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 4b46d1ee463f6bb2d2be967d418d275a44fe2a9c)

7 months agoavcodec/cbs_av1: don't call cbs_av1_read_trailing_bits() when no bits remain in the OBU
James Almer [Sun, 10 Feb 2019 20:41:38 +0000 (17:41 -0300)]
avcodec/cbs_av1: don't call cbs_av1_read_trailing_bits() when no bits remain in the OBU

Reviewed-by: jkqxz
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3e8b8b6b509c8c37defd3a8c32883fa54bc00de8)

7 months agoChangelog: update n4.1.1
Michael Niedermayer [Sat, 9 Feb 2019 17:20:02 +0000 (18:20 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/mov: validate chunk_count vs stsc_data
chcunningham [Thu, 7 Feb 2019 22:58:17 +0000 (14:58 -0800)]
avformat/mov: validate chunk_count vs stsc_data

Bad content may contain stsc boxes with a first_chunk index that
exceeds stco.entries (chunk_count). This ammends the existing check to
include cases where chunk_count == 0. It also patches up the case
when stsc refers to unknown chunks, but stts has no samples (so we
can simply ignore stsc).

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/mov.c: require tfhd to begin parsing trun
chcunningham [Thu, 7 Feb 2019 00:12:51 +0000 (16:12 -0800)]
avformat/mov.c: require tfhd to begin parsing trun

Detecting missing tfhd avoids re-using tfhd track info from the previous
moof. For files with multiple tracks, this may make a mess of the
avindex and fragindex, which can later trigger av_assert0 in
mov_read_trun().

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoChangelog: update
Michael Niedermayer [Sun, 3 Feb 2019 23:51:42 +0000 (00:51 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/pgssubdec: Check for duplicate display segments
Michael Niedermayer [Tue, 29 Jan 2019 00:06:01 +0000 (01:06 +0100)]
avcodec/pgssubdec: Check for duplicate display segments

In such a duplication the previous gets overwritten and leaks

Fixes: memleak
Fixes: 12510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5694439226343424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e35c3d887b3e374c6a091342206a42da48785d70)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/rtsp: Check number of streams in sdp_parse_line()
Michael Niedermayer [Fri, 25 Jan 2019 20:30:04 +0000 (21:30 +0100)]
avformat/rtsp: Check number of streams in sdp_parse_line()

Fixes: OOM

Found-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()
Michael Niedermayer [Sun, 27 Jan 2019 23:53:22 +0000 (00:53 +0100)]
avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()

Fixes: Infinite loop

Found-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rasc: Move ff_get_buffer() after frame checks
Michael Niedermayer [Tue, 22 Jan 2019 23:19:14 +0000 (00:19 +0100)]
avcodec/rasc: Move ff_get_buffer() after frame checks

If the frame1/2 checks fail this avoids doing the allocation of a new frame

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f4af97aff899571663342fbe68df8caee30097f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rasc: Check uncompressed dlta size
Michael Niedermayer [Tue, 22 Jan 2019 23:16:02 +0000 (00:16 +0100)]
avcodec/rasc: Check uncompressed dlta size

We assume that if the compressed size is bigger than if each byte is encoded in a single raw packet
that the data is invalid.

Fixes: Out of memory
Fixes: 12208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5648916473708544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4079d5174c20eddbc99eef6ebe98d411f8014c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/fic: Check that there is input left in fic_decode_block()
Michael Niedermayer [Tue, 22 Jan 2019 23:30:53 +0000 (00:30 +0100)]
avcodec/fic: Check that there is input left in fic_decode_block()

Fixes: Timeout
Fixes: 12450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5661984622641152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db1c4acd02af4de5dfbea6012c296470679aa7a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/ilbcdec: Fix undefined integer overflow lsf2poly()
Michael Niedermayer [Mon, 14 Jan 2019 23:09:30 +0000 (00:09 +0100)]
avcodec/ilbcdec: Fix undefined integer overflow lsf2poly()

The addition is moved up into the context where the variable is unsigned avoiding
the undefined behavior

Fixes: runtime error: signed integer overflow: 2147481972 + 4096 cannot be represented in type 'int'
Fixes: 12444/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5755706244857856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4523cc5e75c8ecfba8975d16e96c29f9bf70973f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/ilbcdec: Fix integer overflow in construct_vector()
Michael Niedermayer [Mon, 14 Jan 2019 23:02:25 +0000 (00:02 +0100)]
avcodec/ilbcdec: Fix integer overflow in construct_vector()

webrtc contains explicit code to ignore the undefined behavior (RTC_NO_SANITIZE / OverflowingAddS32S32ToS32())

Probably fixes: Integer overflow (unreproducable here)
Probably fixes: 12215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5767142427852800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c95d0fb23917c35886f3b62daa05af20d2700a1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoUpdate for 4.1.1
Michael Niedermayer [Mon, 21 Jan 2019 07:34:57 +0000 (08:34 +0100)]
Update for 4.1.1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/prosumer: Error out if decompress() stops reading data
Michael Niedermayer [Sat, 12 Jan 2019 21:36:00 +0000 (22:36 +0100)]
avcodec/prosumer: Error out if decompress() stops reading data

if 0 is encountered in the LUT then decompress() will continue to output 0 bytes but never read more data.
Without a specification it is impossible to say if this is invalid or a feature.
None of the valid prosumer files tested cause a 0 to be read, so it is likely
not a intended feature.

Fixes: Timeout
Fixes: 11266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PROSUMER_fuzzer-5681827423977472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62f8d27ef1995354d6529ea0d9428501d7f914b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/tiff: Check for 12bit gray fax
Michael Niedermayer [Sat, 12 Jan 2019 18:37:18 +0000 (19:37 +0100)]
avcodec/tiff: Check for 12bit gray fax

Fixes: Assertion failure
Fixes: 11898/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5759794191794176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec28a85107cccece4dce17c0ccb633defe2d6e98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()
Michael Niedermayer [Tue, 25 Dec 2018 22:15:20 +0000 (23:15 +0100)]
avutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()

This is strongly based on code by Marton Balint, and depends on the previous commit

Fixes: Timeout
Fixes: 11502/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920
Before: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in 11209 ms
After:  Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in  4104 ms

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f64c0dffa13e6263de3fdff0058ab2fdb03ac1d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavutil/mem: Optimize fill32() by unrolling and using 64bit
Michael Niedermayer [Thu, 17 Jan 2019 21:35:10 +0000 (22:35 +0100)]
avutil/mem: Optimize fill32() by unrolling and using 64bit

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12b1338be376a3e5fb606d9fe41b58dc4a9e62c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoconfigure: bump year
James Almer [Tue, 1 Jan 2019 18:26:31 +0000 (15:26 -0300)]
configure: bump year

Happy new year!

(cherry picked from commit 3209d7b3930bab554bf7d97d8041d9d0b88423a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/tests/rangecoder: initialize array to avoid valgrind warning
Michael Niedermayer [Fri, 4 Jan 2019 01:46:29 +0000 (02:46 +0100)]
avcodec/tests/rangecoder: initialize array to avoid valgrind warning

Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c15972f0af7679b466dd4a10a54ab2f04f9372c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/gdv: Optimize and factorize scaling loops
Michael Niedermayer [Fri, 4 Jan 2019 18:51:04 +0000 (19:51 +0100)]
avcodec/gdv: Optimize and factorize scaling loops

Fixes: Timeout
Fixes: 11067/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5686623711264768

Before change: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5686623711264768 in 34386 ms
After  change: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5686623711264768 in 24327 ms

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e23736aefa83859fdb6faae4fd14c169f1a41ab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/h264_slice: Fix integer overflow in implicit_weight_table()
Michael Niedermayer [Fri, 4 Jan 2019 19:00:38 +0000 (20:00 +0100)]
avcodec/h264_slice: Fix integer overflow in implicit_weight_table()

Fixes: signed integer overflow: 2 * 2132811760 cannot be represented in type 'int'
Fixes: 11156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6237685933408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77e56d74f972537aecd5bc2c5c4111e1d6ad0963)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/exr: set layer_match in all branches
Michael Niedermayer [Tue, 25 Dec 2018 20:30:54 +0000 (21:30 +0100)]
avcodec/exr: set layer_match in all branches

Otherwise it is left to the value from the previous iteration

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 433d2ae4353f3c513a45780845d9d8ca252cd4dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/exr: Check for duplicate channel index
Michael Niedermayer [Tue, 25 Dec 2018 17:41:58 +0000 (18:41 +0100)]
avcodec/exr: Check for duplicate channel index

Fixes: Out of memory
Fixes: 11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f9728feaf90eb7493f8872356f54150efafb59cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavfilter/vf_tonemap_opencl: Make static tables const
Michael Niedermayer [Mon, 31 Dec 2018 19:54:12 +0000 (20:54 +0100)]
avfilter/vf_tonemap_opencl: Make static tables const

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47c3a10b16f2721c7afa333869aafa8c007fb419)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agodoc/indevs: fix upto typo
Michael Niedermayer [Mon, 31 Dec 2018 19:45:17 +0000 (20:45 +0100)]
doc/indevs: fix upto typo

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b33de557470471fe5d3a07fb441ec3f548f1d50a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/4xm: Fix returned error codes
Michael Niedermayer [Mon, 31 Dec 2018 17:11:44 +0000 (18:11 +0100)]
avcodec/4xm: Fix returned error codes

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07607a1db879d0d96e2c91e1354bc4e425937d3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/libopenmpt: Fix successfull typo
Michael Niedermayer [Fri, 28 Dec 2018 21:22:52 +0000 (22:22 +0100)]
avformat/libopenmpt: Fix successfull typo

Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 571af98a5959d72c65a6753eb8e82cde407f4cd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/v4l2_m2m: fix cant typo
Michael Niedermayer [Fri, 28 Dec 2018 21:22:53 +0000 (22:22 +0100)]
avcodec/v4l2_m2m: fix cant typo

Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 062bf5639359e183e016bcb795ac10735f83e863)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mjpegbdec: Fix some misplaced {} and spaces
Michael Niedermayer [Fri, 28 Dec 2018 21:22:56 +0000 (22:22 +0100)]
avcodec/mjpegbdec: Fix some misplaced {} and spaces

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11a8d2ccab1fe165eef4578c048d38731dbe1d6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/wvdec: detect and error out on WavPack DSD files
David Bryant [Wed, 21 Nov 2018 05:00:47 +0000 (21:00 -0800)]
avformat/wvdec: detect and error out on WavPack DSD files

Not currently supported.

(cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa
gxw [Mon, 24 Dec 2018 06:07:44 +0000 (14:07 +0800)]
avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa

The AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64, but the value is still 32
in function ff_hevc_sao_edge_filter_8_msa. So, use AV_INPUT_BUFFER_PADDING_SIZE directly.
Also, use MAX_PB_SIZE directly instead of 64. Fate tests passed.

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f652c7a45c60427db0a89fae665e63b546af6ebb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/fic: Fail on invalid slice size/off
Michael Niedermayer [Sun, 16 Dec 2018 20:43:07 +0000 (21:43 +0100)]
avcodec/fic: Fail on invalid slice size/off

Fixes: Timeout
Fixes: 11486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5677133863583744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 30a7a81cdc2ee2eac6d3271439c43f11b7327b3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/ilbcdec: fix integer overflow in energy
Michael Niedermayer [Sun, 9 Dec 2018 01:26:18 +0000 (02:26 +0100)]
avcodec/ilbcdec: fix integer overflow in energy

webrtc uses a int32_t like the existing code in ilbcdec

Fixes: signed integer overflow: 2080245063 + 257939661 cannot be represented in type 'int'
Fixes: 11037/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5682976612941824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fbf409cd91aca2b4738c6b5bc963ae6041f26701)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agopostproc/postprocess_template: remove FF_REG_sp from clobber list
Michael Niedermayer [Thu, 20 Dec 2018 21:40:06 +0000 (22:40 +0100)]
postproc/postprocess_template: remove FF_REG_sp from clobber list

Future gcc may no longer support this

Tested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1cbeb87db4bfc6e281e4254a6c7fdd3854fc9b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agopostproc/postprocess_template: Avoid using %4 for the threshold compare
Michael Niedermayer [Thu, 20 Dec 2018 21:40:05 +0000 (22:40 +0100)]
postproc/postprocess_template: Avoid using %4 for the threshold compare

This avoids problems if %4 is the stack pointer
the constraints do not allow %4 to be the stack pointer but gcc 9 may
no longer support specifying such constraints

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4325527e1c4fd2da119e81933172065ee1274eda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>