ffmpeg.git
7 months agoavcodec/fic: Check that there is input left in fic_decode_block()
Michael Niedermayer [Tue, 22 Jan 2019 23:30:53 +0000 (00:30 +0100)]
avcodec/fic: Check that there is input left in fic_decode_block()

Fixes: Timeout
Fixes: 12450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5661984622641152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db1c4acd02af4de5dfbea6012c296470679aa7a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/tiff: Check for 12bit gray fax
Michael Niedermayer [Sat, 12 Jan 2019 18:37:18 +0000 (19:37 +0100)]
avcodec/tiff: Check for 12bit gray fax

Fixes: Assertion failure
Fixes: 11898/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5759794191794176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec28a85107cccece4dce17c0ccb633defe2d6e98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()
Michael Niedermayer [Tue, 25 Dec 2018 22:15:20 +0000 (23:15 +0100)]
avutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()

This is strongly based on code by Marton Balint, and depends on the previous commit

Fixes: Timeout
Fixes: 11502/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920
Before: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in 11209 ms
After:  Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in  4104 ms

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f64c0dffa13e6263de3fdff0058ab2fdb03ac1d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavutil/mem: Optimize fill32() by unrolling and using 64bit
Michael Niedermayer [Thu, 17 Jan 2019 21:35:10 +0000 (22:35 +0100)]
avutil/mem: Optimize fill32() by unrolling and using 64bit

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12b1338be376a3e5fb606d9fe41b58dc4a9e62c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoconfigure: bump year
James Almer [Tue, 1 Jan 2019 18:26:31 +0000 (15:26 -0300)]
configure: bump year

Happy new year!

(cherry picked from commit 3209d7b3930bab554bf7d97d8041d9d0b88423a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/diracdec: Check component quant
Michael Niedermayer [Wed, 14 Nov 2018 08:42:44 +0000 (09:42 +0100)]
avcodec/diracdec: Check component quant

Fixes: Timeout
Fixes: 10708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5730140957442048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28c96c2ce2781c2cd147a9f3c299e18ce1dc7ff8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/tests/rangecoder: initialize array to avoid valgrind warning
Michael Niedermayer [Fri, 4 Jan 2019 01:46:29 +0000 (02:46 +0100)]
avcodec/tests/rangecoder: initialize array to avoid valgrind warning

Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c15972f0af7679b466dd4a10a54ab2f04f9372c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/h264_slice: Fix integer overflow in implicit_weight_table()
Michael Niedermayer [Fri, 4 Jan 2019 19:00:38 +0000 (20:00 +0100)]
avcodec/h264_slice: Fix integer overflow in implicit_weight_table()

Fixes: signed integer overflow: 2 * 2132811760 cannot be represented in type 'int'
Fixes: 11156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6237685933408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77e56d74f972537aecd5bc2c5c4111e1d6ad0963)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/exr: set layer_match in all branches
Michael Niedermayer [Tue, 25 Dec 2018 20:30:54 +0000 (21:30 +0100)]
avcodec/exr: set layer_match in all branches

Otherwise it is left to the value from the previous iteration

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 433d2ae4353f3c513a45780845d9d8ca252cd4dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/exr: Check for duplicate channel index
Michael Niedermayer [Tue, 25 Dec 2018 17:41:58 +0000 (18:41 +0100)]
avcodec/exr: Check for duplicate channel index

Fixes: Out of memory
Fixes: 11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f9728feaf90eb7493f8872356f54150efafb59cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/4xm: Fix returned error codes
Michael Niedermayer [Mon, 31 Dec 2018 17:11:44 +0000 (18:11 +0100)]
avcodec/4xm: Fix returned error codes

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07607a1db879d0d96e2c91e1354bc4e425937d3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/v4l2_m2m: fix cant typo
Michael Niedermayer [Fri, 28 Dec 2018 21:22:53 +0000 (22:22 +0100)]
avcodec/v4l2_m2m: fix cant typo

Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 062bf5639359e183e016bcb795ac10735f83e863)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mjpegbdec: Fix some misplaced {} and spaces
Michael Niedermayer [Fri, 28 Dec 2018 21:22:56 +0000 (22:22 +0100)]
avcodec/mjpegbdec: Fix some misplaced {} and spaces

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11a8d2ccab1fe165eef4578c048d38731dbe1d6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/wvdec: detect and error out on WavPack DSD files
David Bryant [Wed, 21 Nov 2018 05:00:47 +0000 (21:00 -0800)]
avformat/wvdec: detect and error out on WavPack DSD files

Not currently supported.

(cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa
gxw [Mon, 24 Dec 2018 06:07:44 +0000 (14:07 +0800)]
avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa

The AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64, but the value is still 32
in function ff_hevc_sao_edge_filter_8_msa. So, use AV_INPUT_BUFFER_PADDING_SIZE directly.
Also, use MAX_PB_SIZE directly instead of 64. Fate tests passed.

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f652c7a45c60427db0a89fae665e63b546af6ebb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/fic: Fail on invalid slice size/off
Michael Niedermayer [Sun, 16 Dec 2018 20:43:07 +0000 (21:43 +0100)]
avcodec/fic: Fail on invalid slice size/off

Fixes: Timeout
Fixes: 11486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5677133863583744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 30a7a81cdc2ee2eac6d3271439c43f11b7327b3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agopostproc/postprocess_template: remove FF_REG_sp from clobber list
Michael Niedermayer [Thu, 20 Dec 2018 21:40:06 +0000 (22:40 +0100)]
postproc/postprocess_template: remove FF_REG_sp from clobber list

Future gcc may no longer support this

Tested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1cbeb87db4bfc6e281e4254a6c7fdd3854fc9b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agopostproc/postprocess_template: Avoid using %4 for the threshold compare
Michael Niedermayer [Thu, 20 Dec 2018 21:40:05 +0000 (22:40 +0100)]
postproc/postprocess_template: Avoid using %4 for the threshold compare

This avoids problems if %4 is the stack pointer
the constraints do not allow %4 to be the stack pointer but gcc 9 may
no longer support specifying such constraints

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4325527e1c4fd2da119e81933172065ee1274eda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rpza: Check that there is enough data for all the blocks
Michael Niedermayer [Sun, 16 Dec 2018 18:13:27 +0000 (19:13 +0100)]
avcodec/rpza: Check that there is enough data for all the blocks

Fixes: Timeout
Fixes: 11547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RPZA_fuzzer-5678435842654208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e63517e00a1a8375c7fb3b8c4c64c9a7c3da713e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rpza: Move frame allocation to a later point
Michael Niedermayer [Sun, 16 Dec 2018 18:04:56 +0000 (19:04 +0100)]
avcodec/rpza: Move frame allocation to a later point

This will allow performing some fast checks before the slow allocation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a708aa99cb0e8d76e52117b1fd89d221f0055e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID
Michael Niedermayer [Fri, 7 Dec 2018 20:52:30 +0000 (21:52 +0100)]
avcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68e011e4103b9cb5ac2d152d73ca8393065a33fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/mpegts: Fix side data type for stream id
Michael Niedermayer [Fri, 7 Dec 2018 20:51:48 +0000 (21:51 +0100)]
avformat/mpegts: Fix side data type for stream id

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agotests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb
Michael Niedermayer [Thu, 6 Dec 2018 20:51:22 +0000 (21:51 +0100)]
tests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb

Fixes: test failure on powerpc

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8f762c300e29d80ece363edc08e137b371d909f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
Michael Niedermayer [Tue, 18 Dec 2018 13:27:48 +0000 (14:27 +0100)]
avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea30ac1e408246382796f61d645d1e087aed390a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agolavf/id3v2: fail read_apic on EOF reading mimetype
chcunningham [Fri, 14 Dec 2018 21:44:07 +0000 (13:44 -0800)]
lavf/id3v2: fail read_apic on EOF reading mimetype

avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/nutenc: Document trailer index assert better
Michael Niedermayer [Fri, 14 Dec 2018 20:52:09 +0000 (21:52 +0100)]
avformat/nutenc: Document trailer index assert better

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agolavf/mov: ensure only one tkhd per trak
chcunningham [Thu, 13 Dec 2018 21:58:40 +0000 (13:58 -0800)]
lavf/mov: ensure only one tkhd per trak

Chromium fuzzing produced a whacky file with extra tkhds. This caused
an AVStream that was already in use to be corrupted by assigning it a
new id, which blows up later in mov_read_trun because the
MOVFragmentStreamInfo.index_entry now points OOB.

Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable...
Michael Niedermayer [Tue, 4 Dec 2018 15:29:40 +0000 (16:29 +0100)]
avcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable-optimizations

The affected functions could also be changed into macros, this is the
smaller change to fix it though. And avoids (probably) less readable macros
The extra code should be optimized out when optimizations are done as all values
are known at build after inlining.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c64a6bcd280c64997e6c4799bc89c0a9393bbf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/msvideo1: Check for too small dimensions
Michael Niedermayer [Sat, 1 Dec 2018 21:16:19 +0000 (22:16 +0100)]
avcodec/msvideo1: Check for too small dimensions

Such low resolution would result in empty output as a minimum of 4x4 is needed
We could also check for multiple of 4 dimensions but that is not needed

Fixes: Timeout
Fixes: 11191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSVIDEO1_fuzzer-5739529588178944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 953bd58861ad933e614510140b05a61e3d1375be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size
Michael Niedermayer [Tue, 27 Nov 2018 22:37:03 +0000 (23:37 +0100)]
avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size

Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.

Fixes: Timeout
Fixes: 11168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5733782032744448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6f4341522c3eafb046c47b115d79ce684a899fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
Michael Niedermayer [Thu, 29 Nov 2018 01:32:10 +0000 (02:32 +0100)]
avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size

Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.

Fixes: Timeout
Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 09ec182864d41c990bc18f620eabb77444aeff57)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/truemotion2rt: Fix rounding in input size check
Michael Niedermayer [Sat, 17 Nov 2018 08:24:30 +0000 (09:24 +0100)]
avcodec/truemotion2rt: Fix rounding in input size check

Fixes: Timeout
Fixes: 11332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5678456612847616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f22a4ebc97817fd0968f5ea8295c9a59a6292e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/truemotion2: fix integer overflows in tm2_low_chroma()
Michael Niedermayer [Fri, 16 Nov 2018 23:38:53 +0000 (00:38 +0100)]
avcodec/truemotion2: fix integer overflows in tm2_low_chroma()

Fixes: 11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ae39d795613f3c6925c59852b625029b747fe42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/pngdec: Check compression method
Michael Niedermayer [Fri, 9 Nov 2018 02:12:45 +0000 (03:12 +0100)]
avcodec/pngdec: Check compression method

method 0 (inflate/deflate) is the only specified in the specification and the only supported

Fixes: Timeout
Fixes: 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f99674ddddcc33f4c37def0a206e31ad7c4c1af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agofftools/ffmpeg: Repair reinit_filter feature
Michael Niedermayer [Tue, 13 Nov 2018 19:29:40 +0000 (20:29 +0100)]
fftools/ffmpeg: Repair reinit_filter feature

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35040048793bc5d19942277fe17d1235e915a7d8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/shorten: Fix integer overflow with offset
Michael Niedermayer [Fri, 9 Nov 2018 18:59:27 +0000 (19:59 +0100)]
avcodec/shorten: Fix integer overflow with offset

Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int'
Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f888771cd1ce8d68d4b18a1009650c1f260aaf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/cavsdec: Propagate error codes inside decode_mb_i()
Michael Niedermayer [Sun, 4 Nov 2018 19:00:16 +0000 (20:00 +0100)]
avcodec/cavsdec: Propagate error codes inside decode_mb_i()

Fixes: Timeout
Fixes: 10702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5669940938407936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1cee0565692c541f589aefd7f375d37f55b9d94)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu...
Michael Niedermayer [Sun, 28 Oct 2018 20:08:39 +0000 (21:08 +0100)]
avcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu case

Fixes: Timeout
Fixes: 10966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADU_fuzzer-5348695024336896
Fixes: 10969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5691669402877952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df91af140c5543cfbbed187f696e79b554d2c135)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/hevcdec: decode at most one slice reporting being the first in the picture
James Almer [Mon, 18 Mar 2019 20:25:58 +0000 (17:25 -0300)]
avcodec/hevcdec: decode at most one slice reporting being the first in the picture

Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.

Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 70c8c8a818f39bc262565ec29fae2baffb3e1660)

9 months agoavfilter/af_silenceremove: fix possible crash if supplied duration is negative
Paul B Mahol [Mon, 27 Nov 2017 15:32:54 +0000 (16:32 +0100)]
avfilter/af_silenceremove: fix possible crash if supplied duration is negative

Signed-off-by: Paul B Mahol <onemda@gmail.com>
Fixes ticket #7697.
(cherry picked from commit 2d1594a8d6a754a426cb53184dccf9cf8c8a94b0)

12 months agoUpdate for 3.4.5 n3.4.5
Michael Niedermayer [Thu, 1 Nov 2018 14:40:09 +0000 (15:40 +0100)]
Update for 3.4.5

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavutil/integer: Fix integer overflow in av_mul_i()
Michael Niedermayer [Tue, 23 Oct 2018 23:44:12 +0000 (01:44 +0200)]
avutil/integer: Fix integer overflow in av_mul_i()

Found-by: fate
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3cc3cb663bf3061e40356392d2f7638de6a479fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/msrle: Check that the input is large enough to contain a end of picture code
Michael Niedermayer [Sun, 21 Oct 2018 12:40:14 +0000 (14:40 +0200)]
avcodec/msrle: Check that the input is large enough to contain a end of picture code

Fixes: Timeout
Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 203ccb8746997777ce66beadd53b4631d217b9cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/jpeg2000dec: Fix off by 1 error in JPEG2000_PGOD_CPRL handling
Michael Niedermayer [Sat, 20 Oct 2018 20:35:37 +0000 (22:35 +0200)]
avcodec/jpeg2000dec: Fix off by 1 error in JPEG2000_PGOD_CPRL handling

Fixes: assertion failure
Fixes: 10785/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5672160496975872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 305e523105f6f59e7572050f19edc9f4671c036c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/mpeg4videodec: Fix typo in sprite delta check
Michael Niedermayer [Wed, 17 Oct 2018 23:19:36 +0000 (01:19 +0200)]
avcodec/mpeg4videodec: Fix typo in sprite delta check

Fixes: Integer overflow
Fixes: 10890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5636062181851136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b737317a8813e671c00b8ac7023c47e48ffeb1c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/h264_cavlc: Check mb_skip_run
Michael Niedermayer [Thu, 4 Oct 2018 01:13:41 +0000 (03:13 +0200)]
avcodec/h264_cavlc: Check mb_skip_run

Fixes: 10300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6292205497483264
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f72b9904fefa79d799d0f6ecc8bd97ce52658725)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/ra144: Fix integer overflow in add_wav()
Michael Niedermayer [Wed, 10 Oct 2018 02:25:50 +0000 (04:25 +0200)]
avcodec/ra144: Fix integer overflow in add_wav()

Fixes: signed integer overflow: -2144033225 + -5208934 cannot be represented in type 'int'
Fixes: 10633/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-5679133791617024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c6282141cba20934d9801f31134872fabbd6ba3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavformat/utils: Never store negative values in last_IP_duration
Michael Niedermayer [Fri, 12 Oct 2018 18:55:25 +0000 (20:55 +0200)]
avformat/utils: Never store negative values in last_IP_duration

Fixes: integer overflow compute_pkt_fields()
Fixes: compute_pkt_usan

Reported-by: Thomas Guilbert <tguilbert@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 079d1a7175c4b881631a7e7f449c4c13b761cdeb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavformat/utils: Fix integer overflow in discontinuity check
Michael Niedermayer [Fri, 12 Oct 2018 01:00:32 +0000 (03:00 +0200)]
avformat/utils: Fix integer overflow in discontinuity check

Fixes: signed integer overflow: 7738135736989908991 - -7954308516317364223 cannot be represented in type 'long'
Fixes: find_stream_info_usan

Reported-by: Thomas Guilbert <tguilbert@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4e19cfcfa3944fe4cf97bea758f72f104dcaebad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/unary: Improve get_unary() docs
Michael Niedermayer [Sat, 22 Sep 2018 13:18:17 +0000 (15:18 +0200)]
avcodec/unary: Improve get_unary() docs

Found-by: kierank
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ad89e203bfedf25df00e2a6ed9196170d772f25b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/gdv: Replace divisions by shifts in rescale()
Michael Niedermayer [Sun, 5 Aug 2018 14:13:24 +0000 (16:13 +0200)]
avcodec/gdv: Replace divisions by shifts in rescale()

Divisions tend to be slower than shifts unless the compiler optimizes them out.
And some of these are in inner loops.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b90d8cc7466386a166dd72107457498aa5a7c43d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/dvdsubdec: Sanity check len in decode_rle()
Michael Niedermayer [Thu, 13 Sep 2018 01:33:50 +0000 (03:33 +0200)]
avcodec/dvdsubdec: Sanity check len in decode_rle()

Fixes: Timeout
Fixes: 9778/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5186007132536832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e7b023e1db9fb13175929c02a02846d03510ec91)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/mpeg4videodec: Fix undefined shift in get_amv()
Michael Niedermayer [Fri, 14 Sep 2018 22:20:38 +0000 (00:20 +0200)]
avcodec/mpeg4videodec: Fix undefined shift in get_amv()

Fixes: runtime error: shift exponent -1 is negative
Fixes: 9938/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5653783529914368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c88afa44c4823aba7b6f4a1b01fd6a4169643c57)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/zmbv: Check that the decompressed data size is correct
Michael Niedermayer [Mon, 17 Sep 2018 22:28:37 +0000 (00:28 +0200)]
avcodec/zmbv: Check that the decompressed data size is correct

This checks the value exactly for intra frames and checks it against a
minimum for inter frames as they can be variable.

Fixes: Timeout
Fixes: 10182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-6245951174344704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e33b28cc79d164fff22bfee750c9283587c00bc4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/zmbv: Update decomp_len in raw frames
Michael Niedermayer [Mon, 17 Sep 2018 19:33:59 +0000 (21:33 +0200)]
avcodec/zmbv: Update decomp_len in raw frames

decomp_len is used in raw frames, so it should not be left at the value from
whatever was decoded previously (which may be any other frame)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d201b83cda03fd9e866acafee82d7ce88260e66)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/shorten: Fix bitstream end check in read_header()
Michael Niedermayer [Sat, 15 Sep 2018 00:08:20 +0000 (02:08 +0200)]
avcodec/shorten: Fix bitstream end check in read_header()

Fixes: Timeout
Fixes: 9961/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5687856176562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28b80c2d52d82eb4f73af5f818dab60946bcf299)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/dvdsubdec: Avoid branch in decode_run_8bit()
Michael Niedermayer [Thu, 13 Sep 2018 02:24:49 +0000 (04:24 +0200)]
avcodec/dvdsubdec: Avoid branch in decode_run_8bit()

Speed improvment 35.5 sec -> 34.7sec

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 71bf0330505e2108935d05c5c018ec65eac4b946)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking()
Michael Niedermayer [Fri, 17 Aug 2018 00:06:27 +0000 (02:06 +0200)]
avcodec/h264_refs: Document last if() in ff_h264_execute_ref_pic_marking()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 697984b9db4d4d199680f43ac3eb662cd1d37eff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/ra144: Fix undefined integer overflow in add_wav()
Michael Niedermayer [Sun, 26 Aug 2018 00:26:24 +0000 (02:26 +0200)]
avcodec/ra144: Fix undefined integer overflow in add_wav()

Fixes: signed integer overflow: -26884 * 91439 cannot be represented in type 'int'
Fixes: 9687/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RA_144_fuzzer-4995588121690112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 93a203662f6ff1bb9fd2e966bf7df27e9bdb1916)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/indeo4: Check dimensions in decode_pic_hdr()
Michael Niedermayer [Sat, 25 Aug 2018 23:58:32 +0000 (01:58 +0200)]
avcodec/indeo4: Check dimensions in decode_pic_hdr()

Fixes: Timeout
Fixes: 9654/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-6289863463665664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7592e88bfe3d5bf9109a55acd025af9110618405)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavformat/mov: Error on too large stsd entry counts.
Dale Curtis [Thu, 30 Aug 2018 22:18:25 +0000 (15:18 -0700)]
avformat/mov: Error on too large stsd entry counts.

Entries are always at least 8 bytes per the parsing code, so if we
see an impossible entry count avoid massive allocations. This is
similar to an existing check in mov_read_stsc().

Since ff_mov_read_stsd_entries() does eof checks, an alternative
approach could be to clamp the entry count to atom.size / 8.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 320b631a99a9f759fd1d5460fd4e285d184b8186)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoexamples: Fix use of AV_CODEC_FLAG_GLOBAL_HEADER
Michael Bunk [Thu, 30 Aug 2018 06:56:19 +0000 (08:56 +0200)]
examples: Fix use of AV_CODEC_FLAG_GLOBAL_HEADER

AV_CODEC_FLAG_GLOBAL_HEADER should be set before calling avcodec_open2() to have any effect.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a82e4fb8c6f26e75506df6818fee1b61f940cbeb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/hq_hqa: Check remaining input bits in hqa_decode_mb()
Michael Niedermayer [Mon, 20 Aug 2018 20:53:32 +0000 (22:53 +0200)]
avcodec/hq_hqa: Check remaining input bits in hqa_decode_mb()

Fixes: Timeout
Fixes: 9634/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-6267852259590144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9222b972d6cbdaf6571cf7ae0a6513bffa5ff9f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/vb: Check for end of bytestream before reading blocktype
Michael Niedermayer [Mon, 20 Aug 2018 20:19:23 +0000 (22:19 +0200)]
avcodec/vb: Check for end of bytestream before reading blocktype

Fixes: Timeout
Fixes: 9601/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-4550228702134272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1cbac9ce20d32806febf64cbd9f830e1485695ca)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/snowdec: Fix integer overflow with motion vector residual
Michael Niedermayer [Mon, 20 Aug 2018 18:15:19 +0000 (20:15 +0200)]
avcodec/snowdec: Fix integer overflow with motion vector residual

Fixes: signed integer overflow: -19818 + -2147483648 cannot be represented in type 'int'
Fixes: 9545/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4928769537081344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit acba153a148782c08f9fd17f0c05b93468f3cbd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavformat/nsvdec: Do not parse multiple NSVf
Michael Niedermayer [Thu, 16 Aug 2018 10:23:20 +0000 (12:23 +0200)]
avformat/nsvdec: Do not parse multiple NSVf

The specification states "NSV files may contain a single file header. "
Fixes: out of array access
Fixes: nsv-asan-002f473f726a0dcbd3bd53e422c4fc40b3cf3421

Found-by: Paul Ch <paulcher@icloud.com>
Tested-by: Paul Ch <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78d4b6bd43fc266a2ee926f0555c8782246f9445)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavformat/mlvdec: read_string() received unsigned size, make the argument unsigned
Michael Niedermayer [Thu, 16 Aug 2018 13:36:28 +0000 (15:36 +0200)]
avformat/mlvdec: read_string() received unsigned size, make the argument unsigned

Fixes: infinite loop
Fixes: mlv-timeout-e3b8cab9835edecad6823baa057e029671329d04

Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1e71cb2c8edcf3dad657c15a6fb8572862f2afb9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavformat/rmdec: Fix EOF check in the stream loop in ivr_read_header()
Michael Niedermayer [Thu, 16 Aug 2018 13:36:29 +0000 (15:36 +0200)]
avformat/rmdec: Fix EOF check in the stream loop in ivr_read_header()

Fixes: long running loop
Fixes: ivr-timeout-42468cb797f52f025fb329394702f5d4d64322d6

Found-by: Paul Ch <paulcher@icloud.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c2eec1762d372663c35aaf3d6ee419bafb185057)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/scpr: Check for min > max in decompress_p()
Michael Niedermayer [Sat, 4 Aug 2018 21:45:52 +0000 (23:45 +0200)]
avcodec/scpr: Check for min > max in decompress_p()

Fixes: Timeout
Fixes: 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3378194ce8e9a126a7cc6ed57bedde1221790469)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()
Michael Niedermayer [Sun, 12 Aug 2018 21:06:55 +0000 (23:06 +0200)]
avcodec/shorten: Fix signed 32bit overflow in shift in shorten_decode_frame()

Fixes: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 9480/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-6647324284551168 -rss_limit_mb=2000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9b604e96a51a1fca92bbabfe4f7ac53f0470ee41)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/shorten: Fix integer overflow in residual/LPC combination
Michael Niedermayer [Sun, 12 Aug 2018 20:55:59 +0000 (22:55 +0200)]
avcodec/shorten: Fix integer overflow in residual/LPC combination

Fixes: signed integer overflow: -540538872 + -2012739576 cannot be represented in type 'int'
Fixes: 9255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5758630052757504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db7e9082e1a1479c6a8844f7adf77eae03cc2aa7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/shorten: Check verbatim length
Michael Niedermayer [Sun, 12 Aug 2018 20:43:33 +0000 (22:43 +0200)]
avcodec/shorten: Check verbatim length

Fixes: Timeout
Fixes: 9252/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5780720709533696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7007dabec08f2f9f81661e71ef482dde394e17a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/mpegaudio_parser: Initialize poutbuf*
Michael Niedermayer [Sun, 5 Aug 2018 12:51:36 +0000 (14:51 +0200)]
avcodec/mpegaudio_parser: Initialize poutbuf*

Possibly fixes: null pointer dereference
Possibly fixes: 9352/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5146068961460224
Fixes: Heap-use-after-free
Fixes: 9453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5137954375729152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f4c3b0b8e5435d13fd3b64c91969b31c3c018dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c()
Michael Niedermayer [Sat, 28 Jul 2018 08:59:09 +0000 (10:59 +0200)]
avcodec/aacpsdsp_template: Fix integer overflow in ps_stereo_interpolate_c()

Fixes: signed integer overflow: -1813244069 + -1407981383 cannot be represented in type 'int'
Fixes: 8823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5643295618236416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47db5763e21c5e3b0ddde2430d15938f8d88480d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavformat/flvenc: Check audio packet size
Michael Niedermayer [Sat, 28 Jul 2018 13:03:50 +0000 (15:03 +0200)]
avformat/flvenc: Check audio packet size

Fixes: Assertion failure
Fixes: assert_flvenc.c:941_1.swf

Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agolavc/svq3: Fix regression decoding some files.
Nikolas Bowe [Tue, 31 Jul 2018 00:22:02 +0000 (17:22 -0700)]
lavc/svq3: Fix regression decoding some files.

Fixes some SVQ3 encoded files which fail to decode correctly after 6d6faa2a2d.
These files exhibit lots of artifacts and logs show "Media key encryption is not implemented".
However they decode without artifacts before 6d6faa2a2d.
The attatched patch allows these files to successfully decode, but also reject media key files.

Tested on the files in #6094 and http://samples.mplayerhq.hu/V-codecs/SVQ3/Vertical400kbit.sorenson3.mov

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5aeb3b008080d8d4a38f245d557dbc9bd6c36dcf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()
Michael Niedermayer [Sun, 29 Jul 2018 10:40:48 +0000 (12:40 +0200)]
avcodec/qtrle: Check remaining bytestream in qtrle_decode_XYbpp()

Fixes: Timeout
Fixes: 9213/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-5649753332252672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7dd836a3f9771e0e44df1b27e67d6866d91e06d7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/diracdec: Check bytes count in else branch in decode_lowdelay() too
Michael Niedermayer [Sun, 22 Jul 2018 19:42:16 +0000 (21:42 +0200)]
avcodec/diracdec: Check bytes count in else branch in decode_lowdelay() too

Fixes: signed integer overflow: 8 * 340018243 cannot be represented in type 'int'
Fixes: 9441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5194665207791616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bed125b7108481574f36fdd6ee699b27354602e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/diracdec: Check slice numbers for overflows in relation to picture dimensions
Michael Niedermayer [Sun, 22 Jul 2018 19:26:24 +0000 (21:26 +0200)]
avcodec/diracdec: Check slice numbers for overflows in relation to picture dimensions

Fixes: signed integer overflow: 88 * 33685506 cannot be represented in type 'int'
Fixes: 9433/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5725943535501312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f457c0ad7f73e31e99761f2ad3738cf3b3c24ca0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream...
Michael Niedermayer [Sun, 22 Jul 2018 18:45:39 +0000 (20:45 +0200)]
avcodec/diracdec: Change frame_number to 64bit as its a 32bit from the bitstream and we also have a -1 special case

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 9291/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6324345860259840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 462d1be6dec5ff4768be8c202f359cbf037db3c6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/dirac_dwt_template: Fix several integer overflows in horizontal_compose_daub97i()
Michael Niedermayer [Sun, 22 Jul 2018 17:11:04 +0000 (19:11 +0200)]
avcodec/dirac_dwt_template: Fix several integer overflows in horizontal_compose_daub97i()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
Fixes: 8926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6047609228623872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 69cac9e130dc8c9d2a5b8012011df372974adf35)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/diracdec: Prevent integer overflow in intermediate in global_mv()
Michael Niedermayer [Sun, 22 Jul 2018 16:58:34 +0000 (18:58 +0200)]
avcodec/diracdec: Prevent integer overflow in intermediate in global_mv()

Fixes: signed integer overflow: -393471 * 5460 cannot be represented in type 'int'
Fixes: 8890/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-6299775379963904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 51290406461ed40b70e0e05b389a461a283f3367)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoswresample/swresample: Fix input channel count in resample_first computation
Michael Niedermayer [Tue, 24 Jul 2018 20:44:12 +0000 (22:44 +0200)]
swresample/swresample: Fix input channel count in resample_first computation

Found-by: Marcin Gorzel <gorzel@google.com>
Reviewed-by: Marcin Gorzel <gorzel@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bce4da85e8110b66040a5fb07ffc724ab4e09a86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavutil/pixfmt: Document chroma plane size for odd resolutions
Michael Niedermayer [Wed, 18 Jul 2018 20:22:35 +0000 (22:22 +0200)]
avutil/pixfmt: Document chroma plane size for odd resolutions

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be0b77e6e83b61c2da338201b5ddfae1c9acedc5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
12 months agoavcodec/cuviddec: properly take deinterlacing and display delay into account for...
Timo Rothenpieler [Sat, 13 Oct 2018 21:44:30 +0000 (23:44 +0200)]
avcodec/cuviddec: properly take deinterlacing and display delay into account for buffer_full check

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
14 months agoconfigure: add LIBDRM to extralibs_avutil
Giulio Benetti [Tue, 11 Sep 2018 20:29:32 +0000 (22:29 +0200)]
configure: add LIBDRM to extralibs_avutil

When static linking programs using ffmpeg libraries, if linking against
libavutil, -ldrm is listed before -lavutil. This leads to linking failure
due to undefined reference of drmGetVersion() and drmFreeVersion().
This is why when pkg-config create libavutil.pc doesn't append -ldrm
after -lavutil.

Create LIBDRM=-ldrm in case libdrm is enabled and add $LIBDRM to
extralibs_avutil.

Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: James Almer <jamrial@gmail.com>
15 months agoavcodec/bitstream_filters: check the input argument of av_bsf_get_by_name() for NULL
James Almer [Sat, 28 Jul 2018 03:51:57 +0000 (00:51 -0300)]
avcodec/bitstream_filters: check the input argument of av_bsf_get_by_name() for NULL

Fixes crashes like "ffmpeg -h bsf" caused by passing NULL to strcmp()

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3258cc6507a2012d54889ce5f8efbde7e81d927d)

15 months agoUpdate for 3.4.4 n3.4.4
Michael Niedermayer [Wed, 18 Jul 2018 13:07:41 +0000 (15:07 +0200)]
Update for 3.4.4

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 months agoavcodec/dvdsub_parser: Allocate input padding
Michael Niedermayer [Fri, 13 Jul 2018 16:56:10 +0000 (18:56 +0200)]
avcodec/dvdsub_parser: Allocate input padding

Fixes: out of array read
Fixes: 9350/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVDSUB_fuzzer-5746777750765568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit cd86b5cfe278af79d6b147e122d9a72c270a9fde)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 months agoavcodec/dvdsub_parser: Init output buf/size
Michael Niedermayer [Fri, 13 Jul 2018 16:54:48 +0000 (18:54 +0200)]
avcodec/dvdsub_parser: Init output buf/size

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9e6c8437761661441d836876934314cb2b8fafe7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 months agoavcodec/dirac_dwt_template: Fix signedness regression in interleave()
Michael Niedermayer [Fri, 13 Jul 2018 16:33:08 +0000 (18:33 +0200)]
avcodec/dirac_dwt_template: Fix signedness regression in interleave()

Found-by: <jdarnley>
Tested-by: James Darnley <james.darnley@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 181435a4de6e38e0a15ddaf16de9a157ef41cb18)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 months agoavformat/movenc: Write version 2 of audio atom if channels is not known
Michael Niedermayer [Sat, 7 Jul 2018 22:16:42 +0000 (00:16 +0200)]
avformat/movenc: Write version 2 of audio atom if channels is not known

The version 1 needs the channel count and would divide by 0
Fixes: division by 0
Fixes: fpe_movenc.c_1108_1.ogg
Fixes: fpe_movenc.c_1108_2.ogg
Fixes: fpe_movenc.c_1108_3.wav

Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 months agoswresample/arm: rename labels to fix xcode build error
Rahul Chaudhry [Fri, 27 Apr 2018 20:49:52 +0000 (13:49 -0700)]
swresample/arm: rename labels to fix xcode build error

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e84212b78e00df17799e01be1e153a073eb8f689)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
15 months agoavcodec/imgconvert: fix possible null pointer dereference
Simon Thelen [Tue, 3 Apr 2018 12:41:33 +0000 (14:41 +0200)]
avcodec/imgconvert: fix possible null pointer dereference

regression since 354b26a3945eadd4ed8fcd801dfefad2566241de

(cherry picked from commit 8c2c97403baf95d0facb53f03e468f023eb943e1)

16 months agoChangelog: update n3.4.3
Michael Niedermayer [Sun, 8 Jul 2018 09:37:06 +0000 (11:37 +0200)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/movenc: Check input sample count
Michael Niedermayer [Fri, 6 Jul 2018 20:23:25 +0000 (22:23 +0200)]
avformat/movenc: Check input sample count

Fixes: division by 0
Fixes: fpe_movenc.c_199_1.wav
Fixes: fpe_movenc.c_199_2.wav
Fixes: fpe_movenc.c_199_3.wav
Fixes: fpe_movenc.c_199_4.wav
Fixes: fpe_movenc.c_199_5.wav
Fixes: fpe_movenc.c_199_6.wav
Fixes: fpe_movenc.c_199_7.wav

Found-by: #CHEN HONGXU# <HCHEN017@e.ntu.edu.sg>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a2d21bc5f97aa0161db3ae731fc2732be6108b8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/mjpegdec: Check for odd progressive RGB
Michael Niedermayer [Fri, 6 Jul 2018 14:28:14 +0000 (16:28 +0200)]
avcodec/mjpegdec: Check for odd progressive RGB

Fixes: out of array access
Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoupdate for 3.4.3
Michael Niedermayer [Sat, 7 Jul 2018 16:20:18 +0000 (18:20 +0200)]
update for 3.4.3

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have...
Michael Niedermayer [Wed, 27 Jun 2018 14:51:51 +0000 (16:51 +0200)]
avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id

Fixes: out of array access
Fixes: ffmpeg_bof_1.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ed22dc22216f74c75ee7901f82649e1ff725ba50)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
16 months agoavcodec/vp8_parser: Do not leave data/size uninitialized
Michael Niedermayer [Fri, 6 Jul 2018 10:01:46 +0000 (12:01 +0200)]
avcodec/vp8_parser: Do not leave data/size uninitialized

This is identical to what the VP9 parser does

Fixes: 9215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5768227253649408
Fixes: out of memory access

This may also fix oss fuzz issue 9212

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 284dde24dab30225ed3e233b0e5908d67d7e13e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>