ffmpeg.git
2 weeks agoavcodec/h263dec: fix hwaccel decoding release/4.0
Stefan Schoenefeld [Fri, 2 Aug 2019 09:18:10 +0000 (09:18 +0000)]
avcodec/h263dec: fix hwaccel decoding

Recently we encountered an issue when decoding a h.263 file:

FFmpeg will freeze when decoding h.263 video with NVDEC. Turns out this is not directly related to NVDEC but is a problem that shows with several other HW decoders like VDPAU, though the exact kind of error is different (either error messages or freezing[1]). The root cause is that ff_thread_finish_setup() is called twice per frame from ff_h263_decode_frame(). This is not supported by ff_thread_finish_setup() and specifically checked for and warned against in the functions code. The issue is also specific to hw accelerated decoding only as the second call to ff_thread_finish_setup() is only issued when hw acceleration is on. The fix is simple: add a check that the first call is only send when hw acceleration is off, and the second call only when hw acceleration is on (see attached patch). This works fine as far as I was able to test with vdpau and nvdec/nvcuvid hw decoding. The patch also adds NVDEC to the hw config list if available.

I also noticed a secondary issue when browsing through the code which is that, according to documentation, ff_thread_finish_setup() should only be called if the codec implements update_thread_context(), which h263dec does not. The patch does not address this and I'm not sure any action needs to be taken here at all.

[1] This is depending on whether or not the hw decoder sets the  HWACCEL_CAPS_ASYNC_SAFE flag

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
4 weeks agoavutil/mem: Fix invalid use of av_alloc_size
Mark Harris [Sat, 24 Nov 2018 21:02:02 +0000 (13:02 -0800)]
avutil/mem: Fix invalid use of av_alloc_size

The alloc_size attribute is valid only on functions that return a
pointer.  GCC 9 (not yet released) warns about invalid usage:

./libavutil/mem.h:342:1: warning: 'alloc_size' attribute ignored on a function returning int' [-Wattributes]
  342 | av_alloc_size(2, 3) int av_reallocp_array(void *ptr, size_t nmemb, size_t size);
      | ^~~~~~~~~~~~~

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4361293fcf59edb56879c36edcd25f0a91e0edf8)

4 weeks agoavformat/aacdec: resync to the next adts frame on invalid data instead of aborting
James Almer [Sun, 21 Jul 2019 00:47:55 +0000 (21:47 -0300)]
avformat/aacdec: resync to the next adts frame on invalid data instead of aborting

Should fix ticket #6634

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 881e1f5a6227a6fbaf67083d4d4b6caf58ff9892)

4 weeks agoavformat/aacdec: factorize the adts frame resync code
James Almer [Sat, 20 Jul 2019 13:13:08 +0000 (10:13 -0300)]
avformat/aacdec: factorize the adts frame resync code

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit a38eab8b7501440f872ff1af8a0c5482b7b3e532)

8 weeks agomovsub_bsf: Fix mov2textsub regression
Andreas Rheinhardt [Sun, 23 Jun 2019 04:46:12 +0000 (06:46 +0200)]
movsub_bsf: Fix mov2textsub regression

The mov flavour of timed text uses the first two bytes of the packet as
a length field. And up until 11bef2fe said length field has been read
correctly in the mov2textsub bsf. But since then the next two bytes are
read as if they were the length field. This is fixed in this commit.

Reviewed-by: Philip Langdale <philipl@overt.org>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 800f618a340d122754e7bdb82c22463cb9bd17b0)

3 months agoavformat/aacdec: fix demuxing of small frames
James Almer [Thu, 25 Apr 2019 22:04:01 +0000 (19:04 -0300)]
avformat/aacdec: fix demuxing of small frames

10 bytes (id3v2 header amount of bytes) were being read before any checks
were made on the bitstream. The result was that we were overreading into
the next frame if the current one was 8 or 9 bytes long.

Fixes tickets #7271 and #7869.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d88193c2196cf5342424aaa7a44b046c71c2527a)

3 months agoavcodec/cuviddec: improve progressive frame detection
Sergey Svechnikov [Mon, 22 Apr 2019 17:26:24 +0000 (22:26 +0500)]
avcodec/cuviddec: improve progressive frame detection

There are 2 types of problems when using adaptive deinterlace with cuvid:

1. Sometimes, in the middle of transcoding, cuvid outputs frames with visible horizontal lines (as though weave deinterlace method was chosen);
2. Occasionally, on scene changes, cuvid outputs a wrong frame, which should have been shown several seconds before (as if the frame was assigned some wrong PTS value).

The reason is that sometimes CUVIDPARSERDISPINFO has property progressive_frame equal to 1 with interlaced videos.
In order to fix the problem we should check if the video is interlaced or progressive in the beginning of a video sequence (cuvid_handle_video_sequence).
And then we just use this information instead of the property progressive_frame in CUVIDPARSERDISPINFO (which is unreliable).

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
4 months agoChangelog: update n4.0.4
Michael Niedermayer [Wed, 27 Mar 2019 08:33:52 +0000 (09:33 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 months agoavcodec/hevcdec: Avoid only partly skiping duplicate first slices
Michael Niedermayer [Sat, 23 Mar 2019 19:55:08 +0000 (20:55 +0100)]
avcodec/hevcdec: Avoid only partly skiping duplicate first slices

Fixes: NULL pointer dereference and out of array access
Fixes: 13871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5746167087890432
Fixes: 13845/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5650370728034304

This also fixes the return code for explode mode

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 54655623a82632e7624714d7b2a3e039dc5faa7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 months agolavc/bmp: Avoid a heap buffer overwrite for 1bpp input.
Carl Eugen Hoyos [Tue, 26 Mar 2019 12:32:11 +0000 (13:32 +0100)]
lavc/bmp: Avoid a heap buffer overwrite for 1bpp input.

Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon
of the Information Security Lab, Yonsei University.

(cherry picked from commit 1e34014010dba9325fc5430934b51a61a5007c63)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 months agoavcodec/mpegpicture: Check size of edge_emu_buffer
Michael Niedermayer [Sun, 17 Mar 2019 14:18:20 +0000 (15:18 +0100)]
avcodec/mpegpicture: Check size of edge_emu_buffer

Fixes: OOM
Fixes: 13710/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5633152942342144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 635067b75fce06928431ce9b9fcaee0c9b6b7280)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 months agoavformat/mov: Fix potential integer overflow in entry check in mov_read_trun()
Michael Niedermayer [Sun, 17 Mar 2019 10:14:26 +0000 (11:14 +0100)]
avformat/mov: Fix potential integer overflow in entry check in mov_read_trun()

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ff13a92a6f8413402f5b3cacedda7c10d350b487)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4 months agoavcodec/truemotion2: Fix integer overflow in tm2_null_res_block()
Michael Niedermayer [Sat, 16 Mar 2019 01:30:57 +0000 (02:30 +0100)]
avcodec/truemotion2: Fix integer overflow in tm2_null_res_block()

Fixes: signed integer overflow: 1111638592 - -2122219136 cannot be represented in type 'int'
Fixes: 13441/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5732769815068672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1223696c725a8ea7e80498e6ccfab37eea179b76)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoUpdate for 4.0.4
Michael Niedermayer [Thu, 21 Mar 2019 15:52:50 +0000 (16:52 +0100)]
Update for 4.0.4

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/dfa: Check the chunk header is not truncated
Michael Niedermayer [Sun, 10 Mar 2019 22:45:19 +0000 (23:45 +0100)]
avcodec/dfa: Check the chunk header is not truncated

Fixes: Timeout (11sec -> 3sec)
Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/clearvideo: Check remaining data in P frames
Michael Niedermayer [Fri, 8 Mar 2019 00:42:06 +0000 (01:42 +0100)]
avcodec/clearvideo: Check remaining data in P frames

Fixes: Timeout (19sec -> 419msec)
Fixes: 13411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5733153811988480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 41f93f941155f9f9dbb2d5e7f5d20b2238150836)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/dvbsubdec: Check object position
Michael Niedermayer [Tue, 5 Mar 2019 19:14:05 +0000 (20:14 +0100)]
avcodec/dvbsubdec: Check object position

Reference: ETSI EN 300 743 V1.2.1  7.2.2 Region composition segment

Fixes: Timeout
Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8c5ae451184e879fc8ff1333c6f26f9542c8ebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/cdgraphics: Use ff_set_dimensions()
Michael Niedermayer [Tue, 5 Mar 2019 11:51:22 +0000 (12:51 +0100)]
avcodec/cdgraphics: Use ff_set_dimensions()

Fixes: Timeout (17 sec -> 65 milli sec)
Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a9f0e239c1c6f5c96cc90ba673087f86ca1eabc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/gdv: Check fps
Michael Niedermayer [Mon, 4 Mar 2019 23:48:18 +0000 (00:48 +0100)]
avformat/gdv: Check fps

Fixes: Division by 0
Fixes: ffmpeg_zero_division.bin

Found-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38381400fca45d1ae6e7604335b507b7dc70a903)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoconfigure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking
Guo, Yejun [Mon, 4 Mar 2019 22:09:18 +0000 (06:09 +0800)]
configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d9b2668766e3e924d4ebb3c6531b449874e13666)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoconfigure: add missing pthreads extralibs dependency for libvpx-vp9
Guo, Yejun [Mon, 4 Mar 2019 22:09:11 +0000 (06:09 +0800)]
configure: add missing pthreads extralibs dependency for libvpx-vp9

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 402bf262375dfecd0e90d7acc67c238abe952fc3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()
Michael Niedermayer [Sun, 10 Mar 2019 00:40:59 +0000 (01:40 +0100)]
avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()

Fixes: Out of array access
Fixes: 13500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5769760178962432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d227ed5d598340e719eff7156b1aa0a4469e9a6a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/dxv: Correct integer overflow in get_opcodes()
Michael Niedermayer [Sat, 2 Mar 2019 23:47:47 +0000 (00:47 +0100)]
avcodec/dxv: Correct integer overflow in get_opcodes()

Fixes: 13099/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5665598896340992
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e0b5d3a20e107860a34e90139b860d6b8219a1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/scpr: Fix use of uninitialized variable
Michael Niedermayer [Wed, 27 Feb 2019 23:12:14 +0000 (00:12 +0100)]
avcodec/scpr: Fix use of uninitialized variable

Fixes: Undefined shift
Fixes: 12911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5677102915911680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53248acfb3b23007c89ae822d7bcae451272d5a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
Michael Niedermayer [Sat, 23 Feb 2019 23:44:40 +0000 (00:44 +0100)]
avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes

Fixes: Timeout (27 sec -> 39 milli sec)
Fixes: 13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b819472995f55e827d6bb70dcdd86d963f65ae31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/aic: Check remaining bits in aic_decode_coeffs()
Michael Niedermayer [Mon, 25 Feb 2019 12:26:25 +0000 (13:26 +0100)]
avcodec/aic: Check remaining bits in aic_decode_coeffs()

Fixes: Timeout (78 seconds -> 2 seconds)
Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 951bb7632fe6e3bb1a9c3b47610705871e471f34)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/gdv: Check for truncated tags in decompress_5()
Michael Niedermayer [Mon, 25 Feb 2019 00:26:30 +0000 (01:26 +0100)]
avcodec/gdv: Check for truncated tags in decompress_5()

Testcase: 13169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5666354038833152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5cf42f65b60d226d1223d2100cb1d90402189275)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/bethsoftvideo: Check block_type
Michael Niedermayer [Sun, 24 Feb 2019 22:39:44 +0000 (23:39 +0100)]
avcodec/bethsoftvideo: Check block_type

Fixes: Timeout (17 seconds -> 1 second)
Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8ecadec0582a1521b5d0d253376966138e6ca78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
Michael Niedermayer [Mon, 18 Feb 2019 23:05:51 +0000 (00:05 +0100)]
avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()

Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int'
Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4801eea0d465cd54670e7c19322705544e3e7524)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/error_resilience: Use a symmetric check for skipping MV estimation
Michael Niedermayer [Tue, 19 Feb 2019 17:41:42 +0000 (18:41 +0100)]
avcodec/error_resilience: Use a symmetric check for skipping MV estimation

This speeds up the testcase by a factor of 4

Fixes: Timeout
Fixes: 13100/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5767533905313792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4289cb253e29e4d62dc46759eb1a45d8f6d82df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mlpdec: Insuffient typo
Michael Niedermayer [Sat, 23 Feb 2019 21:00:39 +0000 (22:00 +0100)]
avcodec/mlpdec: Insuffient typo

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc32e08941ea2795a3096e7a4013843e9ebf5fe3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/zmbv: obtain frame later
Michael Niedermayer [Thu, 21 Feb 2019 16:25:14 +0000 (17:25 +0100)]
avcodec/zmbv: obtain frame later

The frame is not needed that early so obtaining it later avoids
the costly operation in case other checks fail.

Fixes: Timeout (14sec -> 4sec)
Fixes: 13140/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-5738330308739072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 177b40890c6de8c6896e0a1d4a631ea1ca89c044)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/jvdec: Check available input space before decode8x8()
Michael Niedermayer [Thu, 21 Feb 2019 00:09:43 +0000 (01:09 +0100)]
avcodec/jvdec: Check available input space before decode8x8()

Fixes: Timeout (78 sec -> 15 millisec)
Fixes: 13147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5727107827630080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61523683c5a9bda9aaa7ae24764a3df0401a9877)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/h264_direct: Fix overflow in POC comparission
Michael Niedermayer [Wed, 13 Feb 2019 23:05:34 +0000 (00:05 +0100)]
avcodec/h264_direct: Fix overflow in POC comparission

Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int'
Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ccf296e74725bc8bdfbfe500d0482daa200b6f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/webmdashenc: Check id in adaption_sets
Michael Niedermayer [Wed, 13 Feb 2019 09:15:04 +0000 (10:15 +0100)]
avformat/webmdashenc: Check id in adaption_sets

Fixes: out of array access

Found-by: Wenxiang Qian
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b687b549aa0fb115861b1343208de8c2630803bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/http: Fix Out-of-Bounds access in process_line()
Wenxiang Qian [Wed, 13 Feb 2019 07:54:08 +0000 (08:54 +0100)]
avformat/http: Fix Out-of-Bounds access in process_line()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85f91ed760a517c0d5fcf692d40a5a9d7efa9476)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
Wenxiang Qian [Wed, 13 Feb 2019 07:47:20 +0000 (08:47 +0100)]
avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop...
Kevin Backhouse via RT [Wed, 6 Feb 2019 12:56:01 +0000 (12:56 +0000)]
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces

Fixes: [Semmle Security Reports #19439]
Fixes: dos_sscanf2.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 894995c41e0795c7a44f81adc4838dedc3932e65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop...
Kevin Backhouse via RT [Wed, 6 Feb 2019 11:29:22 +0000 (11:29 +0000)]
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for tag scaning

Fixes: [Semmle Security Reports #19438]
Fixes: dos_sscanf1.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f00c97bc3475c477f3c468cf2d924d5761d0982)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/matroskadec: Do not leak queued packets on sync errors
Michael Niedermayer [Wed, 6 Feb 2019 14:29:38 +0000 (15:29 +0100)]
avformat/matroskadec: Do not leak queued packets on sync errors

Fixes: memleak
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280

Reported-by: Chris Cunningham <chcunningham@google.com>
Tested-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpeg4videodec: Clear interlaced_dct for studio profile
Michael Niedermayer [Fri, 15 Feb 2019 00:57:09 +0000 (01:57 +0100)]
avcodec/mpeg4videodec: Clear interlaced_dct for studio profile

Fixes: Out of array access
Fixes: 13090/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5408668986638336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f686d023b95219db933394a7704ad9aa5f01cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference...
Michael Niedermayer [Tue, 12 Feb 2019 22:28:35 +0000 (23:28 +0100)]
avformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference stream

Fixes: NULL pointer dereference
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088

Reported-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
Michael Niedermayer [Sun, 3 Feb 2019 14:13:03 +0000 (15:13 +0100)]
avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()

Fixes: 1377/clusterfuzz-testcase-minimized-5487049807233024
Fixes: assertion failure in sbr_sum_square_c()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4cde7e62dbaa63eda173e8d24a97d273890f282c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mov: validate chunk_count vs stsc_data
chcunningham [Thu, 7 Feb 2019 22:58:17 +0000 (14:58 -0800)]
avformat/mov: validate chunk_count vs stsc_data

Bad content may contain stsc boxes with a first_chunk index that
exceeds stco.entries (chunk_count). This ammends the existing check to
include cases where chunk_count == 0. It also patches up the case
when stsc refers to unknown chunks, but stts has no samples (so we
can simply ignore stsc).

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mov.c: require tfhd to begin parsing trun
chcunningham [Thu, 7 Feb 2019 00:12:51 +0000 (16:12 -0800)]
avformat/mov.c: require tfhd to begin parsing trun

Detecting missing tfhd avoids re-using tfhd track info from the previous
moof. For files with multiple tracks, this may make a mess of the
avindex and fragindex, which can later trigger av_assert0 in
mov_read_trun().

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/pgssubdec: Check for duplicate display segments
Michael Niedermayer [Tue, 29 Jan 2019 00:06:01 +0000 (01:06 +0100)]
avcodec/pgssubdec: Check for duplicate display segments

In such a duplication the previous gets overwritten and leaks

Fixes: memleak
Fixes: 12510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5694439226343424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e35c3d887b3e374c6a091342206a42da48785d70)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/rtsp: Check number of streams in sdp_parse_line()
Michael Niedermayer [Fri, 25 Jan 2019 20:30:04 +0000 (21:30 +0100)]
avformat/rtsp: Check number of streams in sdp_parse_line()

Fixes: OOM

Found-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()
Michael Niedermayer [Sun, 27 Jan 2019 23:53:22 +0000 (00:53 +0100)]
avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()

Fixes: Infinite loop

Found-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/fic: Check that there is input left in fic_decode_block()
Michael Niedermayer [Tue, 22 Jan 2019 23:30:53 +0000 (00:30 +0100)]
avcodec/fic: Check that there is input left in fic_decode_block()

Fixes: Timeout
Fixes: 12450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5661984622641152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db1c4acd02af4de5dfbea6012c296470679aa7a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/tiff: Check for 12bit gray fax
Michael Niedermayer [Sat, 12 Jan 2019 18:37:18 +0000 (19:37 +0100)]
avcodec/tiff: Check for 12bit gray fax

Fixes: Assertion failure
Fixes: 11898/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5759794191794176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec28a85107cccece4dce17c0ccb633defe2d6e98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()
Michael Niedermayer [Tue, 25 Dec 2018 22:15:20 +0000 (23:15 +0100)]
avutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()

This is strongly based on code by Marton Balint, and depends on the previous commit

Fixes: Timeout
Fixes: 11502/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920
Before: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in 11209 ms
After:  Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in  4104 ms

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f64c0dffa13e6263de3fdff0058ab2fdb03ac1d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavutil/mem: Optimize fill32() by unrolling and using 64bit
Michael Niedermayer [Thu, 17 Jan 2019 21:35:10 +0000 (22:35 +0100)]
avutil/mem: Optimize fill32() by unrolling and using 64bit

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12b1338be376a3e5fb606d9fe41b58dc4a9e62c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoconfigure: bump year
James Almer [Tue, 1 Jan 2019 18:26:31 +0000 (15:26 -0300)]
configure: bump year

Happy new year!

(cherry picked from commit 3209d7b3930bab554bf7d97d8041d9d0b88423a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/diracdec: Check component quant
Michael Niedermayer [Wed, 14 Nov 2018 08:42:44 +0000 (09:42 +0100)]
avcodec/diracdec: Check component quant

Fixes: Timeout
Fixes: 10708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5730140957442048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28c96c2ce2781c2cd147a9f3c299e18ce1dc7ff8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/tests/rangecoder: initialize array to avoid valgrind warning
Michael Niedermayer [Fri, 4 Jan 2019 01:46:29 +0000 (02:46 +0100)]
avcodec/tests/rangecoder: initialize array to avoid valgrind warning

Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c15972f0af7679b466dd4a10a54ab2f04f9372c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/h264_slice: Fix integer overflow in implicit_weight_table()
Michael Niedermayer [Fri, 4 Jan 2019 19:00:38 +0000 (20:00 +0100)]
avcodec/h264_slice: Fix integer overflow in implicit_weight_table()

Fixes: signed integer overflow: 2 * 2132811760 cannot be represented in type 'int'
Fixes: 11156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6237685933408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77e56d74f972537aecd5bc2c5c4111e1d6ad0963)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/exr: set layer_match in all branches
Michael Niedermayer [Tue, 25 Dec 2018 20:30:54 +0000 (21:30 +0100)]
avcodec/exr: set layer_match in all branches

Otherwise it is left to the value from the previous iteration

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 433d2ae4353f3c513a45780845d9d8ca252cd4dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/exr: Check for duplicate channel index
Michael Niedermayer [Tue, 25 Dec 2018 17:41:58 +0000 (18:41 +0100)]
avcodec/exr: Check for duplicate channel index

Fixes: Out of memory
Fixes: 11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f9728feaf90eb7493f8872356f54150efafb59cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/4xm: Fix returned error codes
Michael Niedermayer [Mon, 31 Dec 2018 17:11:44 +0000 (18:11 +0100)]
avcodec/4xm: Fix returned error codes

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07607a1db879d0d96e2c91e1354bc4e425937d3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/libopenmpt: Fix successfull typo
Michael Niedermayer [Fri, 28 Dec 2018 21:22:52 +0000 (22:22 +0100)]
avformat/libopenmpt: Fix successfull typo

Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 571af98a5959d72c65a6753eb8e82cde407f4cd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/v4l2_m2m: fix cant typo
Michael Niedermayer [Fri, 28 Dec 2018 21:22:53 +0000 (22:22 +0100)]
avcodec/v4l2_m2m: fix cant typo

Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 062bf5639359e183e016bcb795ac10735f83e863)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mjpegbdec: Fix some misplaced {} and spaces
Michael Niedermayer [Fri, 28 Dec 2018 21:22:56 +0000 (22:22 +0100)]
avcodec/mjpegbdec: Fix some misplaced {} and spaces

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11a8d2ccab1fe165eef4578c048d38731dbe1d6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/wvdec: detect and error out on WavPack DSD files
David Bryant [Wed, 21 Nov 2018 05:00:47 +0000 (21:00 -0800)]
avformat/wvdec: detect and error out on WavPack DSD files

Not currently supported.

(cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa
gxw [Mon, 24 Dec 2018 06:07:44 +0000 (14:07 +0800)]
avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa

The AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64, but the value is still 32
in function ff_hevc_sao_edge_filter_8_msa. So, use AV_INPUT_BUFFER_PADDING_SIZE directly.
Also, use MAX_PB_SIZE directly instead of 64. Fate tests passed.

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f652c7a45c60427db0a89fae665e63b546af6ebb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/fic: Fail on invalid slice size/off
Michael Niedermayer [Sun, 16 Dec 2018 20:43:07 +0000 (21:43 +0100)]
avcodec/fic: Fail on invalid slice size/off

Fixes: Timeout
Fixes: 11486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5677133863583744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 30a7a81cdc2ee2eac6d3271439c43f11b7327b3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agopostproc/postprocess_template: remove FF_REG_sp from clobber list
Michael Niedermayer [Thu, 20 Dec 2018 21:40:06 +0000 (22:40 +0100)]
postproc/postprocess_template: remove FF_REG_sp from clobber list

Future gcc may no longer support this

Tested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1cbeb87db4bfc6e281e4254a6c7fdd3854fc9b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agopostproc/postprocess_template: Avoid using %4 for the threshold compare
Michael Niedermayer [Thu, 20 Dec 2018 21:40:05 +0000 (22:40 +0100)]
postproc/postprocess_template: Avoid using %4 for the threshold compare

This avoids problems if %4 is the stack pointer
the constraints do not allow %4 to be the stack pointer but gcc 9 may
no longer support specifying such constraints

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4325527e1c4fd2da119e81933172065ee1274eda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/rpza: Check that there is enough data for all the blocks
Michael Niedermayer [Sun, 16 Dec 2018 18:13:27 +0000 (19:13 +0100)]
avcodec/rpza: Check that there is enough data for all the blocks

Fixes: Timeout
Fixes: 11547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RPZA_fuzzer-5678435842654208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e63517e00a1a8375c7fb3b8c4c64c9a7c3da713e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/rpza: Move frame allocation to a later point
Michael Niedermayer [Sun, 16 Dec 2018 18:04:56 +0000 (19:04 +0100)]
avcodec/rpza: Move frame allocation to a later point

This will allow performing some fast checks before the slow allocation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a708aa99cb0e8d76e52117b1fd89d221f0055e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID
Michael Niedermayer [Fri, 7 Dec 2018 20:52:30 +0000 (21:52 +0100)]
avcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68e011e4103b9cb5ac2d152d73ca8393065a33fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mpegts: Fix side data type for stream id
Michael Niedermayer [Fri, 7 Dec 2018 20:51:48 +0000 (21:51 +0100)]
avformat/mpegts: Fix side data type for stream id

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agotests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb
Michael Niedermayer [Thu, 6 Dec 2018 20:51:22 +0000 (21:51 +0100)]
tests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb

Fixes: test failure on powerpc

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8f762c300e29d80ece363edc08e137b371d909f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
Michael Niedermayer [Tue, 18 Dec 2018 13:27:48 +0000 (14:27 +0100)]
avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea30ac1e408246382796f61d645d1e087aed390a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavf/id3v2: fail read_apic on EOF reading mimetype
chcunningham [Fri, 14 Dec 2018 21:44:07 +0000 (13:44 -0800)]
lavf/id3v2: fail read_apic on EOF reading mimetype

avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/nutenc: Document trailer index assert better
Michael Niedermayer [Fri, 14 Dec 2018 20:52:09 +0000 (21:52 +0100)]
avformat/nutenc: Document trailer index assert better

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agolavf/mov: ensure only one tkhd per trak
chcunningham [Thu, 13 Dec 2018 21:58:40 +0000 (13:58 -0800)]
lavf/mov: ensure only one tkhd per trak

Chromium fuzzing produced a whacky file with extra tkhds. This caused
an AVStream that was already in use to be corrupted by assigning it a
new id, which blows up later in mov_read_trun because the
MOVFragmentStreamInfo.index_entry now points OOB.

Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/clearvideo: Check remaining input bits in P macro block loop
Michael Niedermayer [Thu, 6 Dec 2018 00:19:37 +0000 (01:19 +0100)]
avcodec/clearvideo: Check remaining input bits in P macro block loop

Fixes: Timeout
Fixes: 11083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5657180351496192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7aaab127bebb33003105a620736d6cae8c45a6e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/dxv: Check that there is enough data to decompress
Michael Niedermayer [Sat, 1 Dec 2018 20:41:01 +0000 (21:41 +0100)]
avcodec/dxv: Check that there is enough data to decompress

Fixes: Timeout
Fixes: 10979/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-6178582203203584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bc3811c0d6b34e43a55a7541722761f548628d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable...
Michael Niedermayer [Tue, 4 Dec 2018 15:29:40 +0000 (16:29 +0100)]
avcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable-optimizations

The affected functions could also be changed into macros, this is the
smaller change to fix it though. And avoids (probably) less readable macros
The extra code should be optimized out when optimizations are done as all values
are known at build after inlining.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c64a6bcd280c64997e6c4799bc89c0a9393bbf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/msvideo1: Check for too small dimensions
Michael Niedermayer [Sat, 1 Dec 2018 21:16:19 +0000 (22:16 +0100)]
avcodec/msvideo1: Check for too small dimensions

Such low resolution would result in empty output as a minimum of 4x4 is needed
We could also check for multiple of 4 dimensions but that is not needed

Fixes: Timeout
Fixes: 11191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSVIDEO1_fuzzer-5739529588178944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 953bd58861ad933e614510140b05a61e3d1375be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size
Michael Niedermayer [Tue, 27 Nov 2018 22:37:03 +0000 (23:37 +0100)]
avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size

Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.

Fixes: Timeout
Fixes: 11168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5733782032744448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6f4341522c3eafb046c47b115d79ce684a899fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
Michael Niedermayer [Thu, 29 Nov 2018 01:32:10 +0000 (02:32 +0100)]
avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size

Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.

Fixes: Timeout
Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 09ec182864d41c990bc18f620eabb77444aeff57)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/truemotion2rt: Fix rounding in input size check
Michael Niedermayer [Sat, 17 Nov 2018 08:24:30 +0000 (09:24 +0100)]
avcodec/truemotion2rt: Fix rounding in input size check

Fixes: Timeout
Fixes: 11332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5678456612847616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f22a4ebc97817fd0968f5ea8295c9a59a6292e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/truemotion2: fix integer overflows in tm2_low_chroma()
Michael Niedermayer [Fri, 16 Nov 2018 23:38:53 +0000 (00:38 +0100)]
avcodec/truemotion2: fix integer overflows in tm2_low_chroma()

Fixes: 11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ae39d795613f3c6925c59852b625029b747fe42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/pngdec: Check compression method
Michael Niedermayer [Fri, 9 Nov 2018 02:12:45 +0000 (03:12 +0100)]
avcodec/pngdec: Check compression method

method 0 (inflate/deflate) is the only specified in the specification and the only supported

Fixes: Timeout
Fixes: 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f99674ddddcc33f4c37def0a206e31ad7c4c1af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agofftools/ffmpeg: Repair reinit_filter feature
Michael Niedermayer [Tue, 13 Nov 2018 19:29:40 +0000 (20:29 +0100)]
fftools/ffmpeg: Repair reinit_filter feature

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35040048793bc5d19942277fe17d1235e915a7d8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/shorten: Fix integer overflow with offset
Michael Niedermayer [Fri, 9 Nov 2018 18:59:27 +0000 (19:59 +0100)]
avcodec/shorten: Fix integer overflow with offset

Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int'
Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f888771cd1ce8d68d4b18a1009650c1f260aaf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoh264_redundant_pps: Fix logging context
Andreas Rheinhardt [Fri, 9 Nov 2018 05:31:38 +0000 (06:31 +0100)]
h264_redundant_pps: Fix logging context

The first element of H264RedundantPPSContext is not a pointer to an
AVClass as required.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6dafcb6fdb6271d35220b889833561705c2b366f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/cavsdec: Propagate error codes inside decode_mb_i()
Michael Niedermayer [Sun, 4 Nov 2018 19:00:16 +0000 (20:00 +0100)]
avcodec/cavsdec: Propagate error codes inside decode_mb_i()

Fixes: Timeout
Fixes: 10702/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CAVS_fuzzer-5669940938407936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1cee0565692c541f589aefd7f375d37f55b9d94)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpeg4videodec: Clear partitioned frame in decode_studio_vop_header()
Michael Niedermayer [Sun, 4 Nov 2018 18:02:55 +0000 (19:02 +0100)]
avcodec/mpeg4videodec: Clear partitioned frame in decode_studio_vop_header()

partitioned_frame is also set/cleared in decode_vop_header()

Fixes: out of array read
Fixes: 9789/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5638681627983872

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 074187d599a2ece2bdf77bd08b4b797c5800eda6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu...
Michael Niedermayer [Sun, 28 Oct 2018 20:08:39 +0000 (21:08 +0100)]
avcodec/mpegaudio_parser: Consume more than 0 bytes in case of the unsupported mp3adu case

Fixes: Timeout
Fixes: 10966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADU_fuzzer-5348695024336896
Fixes: 10969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP3ADUFLOAT_fuzzer-5691669402877952

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df91af140c5543cfbbed187f696e79b554d2c135)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/hevcdec: decode at most one slice reporting being the first in the picture
James Almer [Mon, 18 Mar 2019 20:25:58 +0000 (17:25 -0300)]
avcodec/hevcdec: decode at most one slice reporting being the first in the picture

Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.

Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 70c8c8a818f39bc262565ec29fae2baffb3e1660)

8 months agoavformat/dsfdec: fix calculation of size of data chunk
Paul B Mahol [Sun, 22 Apr 2018 11:14:26 +0000 (13:14 +0200)]
avformat/dsfdec: fix calculation of size of data chunk

Ignore extra 12 bytes that belong to tag and size.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
8 months agoavformat/dsfdec: properly handle padded last packet
Paul B Mahol [Sun, 22 Apr 2018 09:52:32 +0000 (11:52 +0200)]
avformat/dsfdec: properly handle padded last packet

Fixes #5489.

Signed-off-by: Paul B Mahol <onemda@gmail.com>
9 months agoavcodec/hevcdec: fix non-ref frame judgement
Mark Wu [Tue, 23 Oct 2018 04:49:08 +0000 (12:49 +0800)]
avcodec/hevcdec: fix non-ref frame judgement

After inspecting the source code of x265, mpv and ffmpeg, I've found that
ffmpeg mistakenly regards EVC_NAL_BLA_N_LP and HEVC_NAL_IDR_N_LP as non-
reference frames, which are acutally reference frames according to the
specification in x265, and drops them.

This patch should address the problem. I have tested it with mpv.

Signed-off-by: Mark Wu <wfwf1997@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 10bc4c3a7df7bb26303067b97311b7eeedfd453e)

9 months agoavcodec/libaomenc: remove AVOption related to frame partitions
James Almer [Wed, 12 Sep 2018 14:44:56 +0000 (11:44 -0300)]
avcodec/libaomenc: remove AVOption related to frame partitions

Support for it was apparently never in the codebase, and the enum
value was recently removed from the public headers [1]

[1] https://aomedia.googlesource.com/aom/+/df4ffb73140fe31bebdabd17c1a7b53721e74838

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit b69ea742ab23ad74b2ae2772764743642212a139)

9 months agoChangelog: update n4.0.3
Michael Niedermayer [Fri, 2 Nov 2018 23:51:11 +0000 (00:51 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 months agoavutil/integer: Fix integer overflow in av_mul_i()
Michael Niedermayer [Tue, 23 Oct 2018 23:44:12 +0000 (01:44 +0200)]
avutil/integer: Fix integer overflow in av_mul_i()

Found-by: fate
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3cc3cb663bf3061e40356392d2f7638de6a479fe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 months agoavcodec/msrle: Check that the input is large enough to contain a end of picture code
Michael Niedermayer [Sun, 21 Oct 2018 12:40:14 +0000 (14:40 +0200)]
avcodec/msrle: Check that the input is large enough to contain a end of picture code

Fixes: Timeout
Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 203ccb8746997777ce66beadd53b4631d217b9cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
9 months agoavformat/ftp: return AVERROR_EOF for EOF
Marton Balint [Thu, 1 Nov 2018 19:48:55 +0000 (20:48 +0100)]
avformat/ftp: return AVERROR_EOF for EOF

Without this FTP just hangs on eof...

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 6a034adf7516fde8733064ed7ba5c77554298047)