ffmpeg.git
18 months agoChangelog: update n3.4.2
Michael Niedermayer [Sun, 11 Feb 2018 21:30:54 +0000 (22:30 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs()
Michael Niedermayer [Sun, 11 Feb 2018 02:38:54 +0000 (03:38 +0100)]
avcodec/vp3: Error out on invalid num_coeffs in unpack_vlcs()

This fixes a hypothetical integer overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f2318aee8ca8df1c84092f7d6691a2d0df02c474)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/mpeg4videodec: Ignore multiple VOL headers
Michael Niedermayer [Fri, 9 Feb 2018 21:24:58 +0000 (22:24 +0100)]
avcodec/mpeg4videodec: Ignore multiple VOL headers

Fixes: Ticket7005

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 63a4bdbf3b732504e54cc2b9ec0886e6242a90bc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/vp3: Check eob_run
Michael Niedermayer [Fri, 9 Feb 2018 03:17:16 +0000 (04:17 +0100)]
avcodec/vp3: Check eob_run

Fixes: out of array access
Fixes: 5919/clusterfuzz-testcase-minimized-5859311382167552
Fixes: special case for theora (untested due to lack of sample)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 570023eab3e2962b4ad8345a157c1e18ca1a6eca)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/pafvideo: Check allocated frame size
Michael Niedermayer [Sun, 4 Feb 2018 01:14:49 +0000 (02:14 +0100)]
avcodec/pafvideo: Check allocated frame size

Fixes: OOM
Fixes: 5549/clusterfuzz-testcase-minimized-5390553567985664

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66acb630286cf1bf03bfbdab6c7c784ff20bde61)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/scpr: Fix reading a pixel before the first
Michael Niedermayer [Sat, 3 Feb 2018 17:49:07 +0000 (18:49 +0100)]
avcodec/scpr: Fix reading a pixel before the first

Fixes: 5540/clusterfuzz-testcase-minimized-6122458273808384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0fb33a82890753233225c61863fff1fcc9d970d4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/mpeg2dec: Fix field selection for skipped macroblocks
Nekopanda [Sat, 10 Feb 2018 09:36:32 +0000 (18:36 +0900)]
avcodec/mpeg2dec: Fix field selection for skipped macroblocks

For B field pictures, the spec says,

> The prediction shall be made from the field of the same parity as the field being predicted.

I did it.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8b154cb3e90a3e599cadf477d815a9854b7bb4e1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/huffyuvdec: Check input buffer size
Michael Niedermayer [Wed, 31 Jan 2018 18:20:10 +0000 (19:20 +0100)]
avcodec/huffyuvdec: Check input buffer size

Fixes: Timeout
Fixes: 5487/clusterfuzz-testcase-4696837035393024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 08c220d26cff51ca2f6896b65aebfa3accc67290)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/utvideodec: Fix bytes left check in decode_frame()
Michael Niedermayer [Fri, 2 Feb 2018 20:44:57 +0000 (21:44 +0100)]
avcodec/utvideodec: Fix bytes left check in decode_frame()

Fixes: out of array read
Fixes: poc-2017.avi

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 118e1b0b3370dd1c0da442901b486689efd1654b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/wavpack: Fix integer overflow in FFABS
Michael Niedermayer [Wed, 31 Jan 2018 01:50:18 +0000 (02:50 +0100)]
avcodec/wavpack: Fix integer overflow in FFABS

Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself
Fixes: 5396/clusterfuzz-testcase-minimized-6558555529281536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e50bd61e4ff97bd7fc6cbd7ec4ca514e17a70c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/aacsbr_fixed: Fix overflows in rounding in sbr_hf_assemble()
Michael Niedermayer [Wed, 31 Jan 2018 17:13:07 +0000 (18:13 +0100)]
avcodec/aacsbr_fixed: Fix overflows in rounding in sbr_hf_assemble()

Fixes: runtime error: signed integer overflow: 2052929346 + 204817098 cannot be represented in type 'int'
Fixes: 5275/clusterfuzz-testcase-minimized-5367635958038528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b1bef755f617af9685b592d866b3eb7f3c4b02b1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/exr: Fix memleaks in decode_header()
Michael Niedermayer [Wed, 31 Jan 2018 16:50:21 +0000 (17:50 +0100)]
avcodec/exr: Fix memleaks in decode_header()

Fixes: 4793/clusterfuzz-testcase-minimized-5707366629638144

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0a2560a9775be7c5df09c85c9908b05e711a54a3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoChangelog: update for the previous four commits
James Almer [Wed, 31 Jan 2018 01:13:05 +0000 (22:13 -0300)]
Changelog: update for the previous four commits

Signed-off-by: James Almer <jamrial@gmail.com>
18 months agoavcodec/mediacodecdec: use ff_hevc_ps_uninit()
James Almer [Sat, 20 Jan 2018 19:55:17 +0000 (16:55 -0300)]
avcodec/mediacodecdec: use ff_hevc_ps_uninit()

Fixes memleaks.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 782e066e3e3d8015d6d64c47cda0925c10aebe08)

18 months agoavcodec/hevc_parser: use ff_hevc_uninit_parameter_sets()
James Almer [Sat, 20 Jan 2018 19:55:00 +0000 (16:55 -0300)]
avcodec/hevc_parser: use ff_hevc_uninit_parameter_sets()

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 2159d4bbc3e69d04242e87bac13ebea8b942d94d)

18 months agoavcodec/hevcdec: use ff_hevc_uninit_parameter_sets()
James Almer [Sat, 20 Jan 2018 19:54:51 +0000 (16:54 -0300)]
avcodec/hevcdec: use ff_hevc_uninit_parameter_sets()

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1f0cf1b2f4ef6304c343d53508193ac4b5d9c1d2)

18 months agoavcodec/hevc_ps: add a function to uninitialize parameter set buffers
James Almer [Sat, 20 Jan 2018 19:54:15 +0000 (16:54 -0300)]
avcodec/hevc_ps: add a function to uninitialize parameter set buffers

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9462b2b8205397ea5972b2365c2e8db6872ef3e9)

18 months agoUpdate for 3.4.2
Michael Niedermayer [Wed, 31 Jan 2018 00:09:12 +0000 (01:09 +0100)]
Update for 3.4.2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/dirac_dwt: Fix several integer overflows
Michael Niedermayer [Thu, 25 Jan 2018 22:14:37 +0000 (23:14 +0100)]
avcodec/dirac_dwt: Fix several integer overflows

Fixes: runtime error: signed integer overflow: -2146071175 + -268479557 cannot be represented in type 'int'
Fixes: 5237/clusterfuzz-testcase-minimized-4569895275593728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fe1e6c06d03432c3e9208f019533c1d701f485d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/indeo5: Do not leave frame_type set to an invalid value
Michael Niedermayer [Thu, 25 Jan 2018 23:24:49 +0000 (00:24 +0100)]
avcodec/indeo5: Do not leave frame_type set to an invalid value

Fixes: null pointer dereference
Fixes: 5264/clusterfuzz-testcase-minimized-4621956621008896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ff9f178519b68d4d1d606eb5451ad81da948efc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevc_ps: Check log2_sao_offset_scale_*
Michael Niedermayer [Wed, 24 Jan 2018 02:15:23 +0000 (03:15 +0100)]
avcodec/hevc_ps: Check log2_sao_offset_scale_*

Fixes: 4868/clusterfuzz-testcase-minimized-6236542906400768
Fixes: runtime error: shift exponent 126 is too large for 32-bit type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a75a75c62efc645ec28444e4675c325b8f2bb1a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/mpeg4videodec: Avoid possibly aliasing violating casts
Michael Niedermayer [Sun, 28 Jan 2018 01:29:02 +0000 (02:29 +0100)]
avcodec/mpeg4videodec: Avoid possibly aliasing violating casts

Found-by: kierank
Reviewed-by: Kieran Kunhya <kieran618@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d4967c04e040b3b2f937cad88599af825147ec94)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/get_bits: Document the return code of get_vlc2()
Michael Niedermayer [Sun, 28 Jan 2018 01:29:01 +0000 (02:29 +0100)]
avcodec/get_bits: Document the return code of get_vlc2()

Found-by: kierank
Reviewed-by: Kieran Kunhya <kieran618@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4a94ff4ccd4f2329c599e37cabe4152dae60359e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/mpeg4videodec: Check mb_num also against 0
Michael Niedermayer [Sun, 28 Jan 2018 01:29:00 +0000 (02:29 +0100)]
avcodec/mpeg4videodec: Check mb_num also against 0

The spec implies that 0 is invalid in addition to the existing checks

Found-by: <kierank>
Reviewed-by: Kieran Kunhya <kieran618@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 05f4703a168a336363750e32bcfdd6f303fbdbc3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavfilter/vf_transpose: Fix used plane count.
Michael Niedermayer [Wed, 24 Jan 2018 18:38:05 +0000 (19:38 +0100)]
avfilter/vf_transpose: Fix used plane count.

Fixes out of array access
Fixes: poc.mp4

Found-by: GwanYeong Kim <gy741.kim@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c6939f65a116b1ffed345d29d8621ee4ffb32235)
(cherry picked from commit 3f621455d62e46745453568d915badd5b1e5bcd5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in coeff_abs_level_rem...
Michael Niedermayer [Mon, 15 Jan 2018 22:46:44 +0000 (23:46 +0100)]
avcodec/hevc_cabac: Check prefix so as to avoid invalid shifts in coeff_abs_level_remaining_decode()

I suspect that this can be limited tighter, but i failed to find anything
in the spec that would confirm that.

Fixes: 4833/clusterfuzz-testcase-minimized-5302840101699584
Fixes: runtime error: left shift of 134217730 by 4 places cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a026a3efaeb9c2026668dccbbda339a21ab3206b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/mjpegdec: Fix integer overflow in DC dequantization
Michael Niedermayer [Wed, 24 Jan 2018 02:28:49 +0000 (03:28 +0100)]
avcodec/mjpegdec: Fix integer overflow in DC dequantization

Fixes: runtime error: signed integer overflow: -65535 * 65312 cannot be represented in type 'int'
Fixes: 4900/clusterfuzz-testcase-minimized-5769019744321536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1bfc1aa004950c5ad527d823a08b8a19eef34eb0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/dxtory: Fix bits left checks
Michael Niedermayer [Mon, 22 Jan 2018 13:02:59 +0000 (14:02 +0100)]
avcodec/dxtory: Fix bits left checks

Fixes: Timeout
Fixes: 4863/clusterfuzz-testcase-6347354178322432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e1a167c5564085385488b4f579e9efb987d4bfa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() down
Michael Niedermayer [Mon, 15 Jan 2018 22:42:57 +0000 (23:42 +0100)]
avcodec/hevc_cabac: Move prefix check in coeff_abs_level_remaining_decode() down

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 94d4237a7a294ce80e1e577b38e9c93e8882aff9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK()
Michael Niedermayer [Sat, 20 Jan 2018 03:10:50 +0000 (04:10 +0100)]
avcodec/truemotion2: Fix integer overflow in TM2_RECALC_BLOCK()

Fixes: signed integer overflow: 1477974040 - -1877995504 cannot be represented in type 'int'
Fixes: 4861/clusterfuzz-testcase-minimized-4570316383715328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 56a53340ed4cc55898e49c07081311ebb2816630)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/snowdec: Fix integer overflow before htaps check
Michael Niedermayer [Mon, 15 Jan 2018 02:03:36 +0000 (03:03 +0100)]
avcodec/snowdec: Fix integer overflow before htaps check

Fixes: runtime error: signed integer overflow: -1094995529 * 2 cannot be represented in type 'int'
Fixes: 4828/clusterfuzz-testcase-minimized-5100849937252352

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2eecf3cf8eeae67697934df326e98df2149881e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/ulti: Check number of blocks at init
Michael Niedermayer [Mon, 15 Jan 2018 18:03:48 +0000 (19:03 +0100)]
avcodec/ulti: Check number of blocks at init

Fixes: Timeout
Fixes: 4832/clusterfuzz-testcase-4699096590843904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 725353525e73bbe5b6b4d01528252675f2417a02)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/wavpack: Fix integer overflows in wv_unpack_stereo / mono
Michael Niedermayer [Sat, 13 Jan 2018 23:39:41 +0000 (00:39 +0100)]
avcodec/wavpack: Fix integer overflows in wv_unpack_stereo / mono

Fixes: runtime error: signed integer overflow: 2146276249 + 1487583 cannot be represented in type 'int'
Fixes: 4823/clusterfuzz-testcase-minimized-4551896611160064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 83e34ae3c2b36e7b20169a8866e3f49294db1f5a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/jpeg2000: Check sum of sizes of band->prec before allocating
Michael Niedermayer [Sat, 13 Jan 2018 23:39:40 +0000 (00:39 +0100)]
avcodec/jpeg2000: Check sum of sizes of band->prec before allocating

Fixes: OOM
Fixes: 4810/clusterfuzz-testcase-minimized-6034253235093504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6887e412434776eb260ad3904f565be491dd5726)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/ac3dec_fixed: Fix integer overflow in scale_coefs()
Michael Niedermayer [Sat, 13 Jan 2018 23:39:39 +0000 (00:39 +0100)]
avcodec/ac3dec_fixed: Fix integer overflow in scale_coefs()

Fixes: runtime error: signed integer overflow: 2147483520 + 128 cannot be represented in type 'int'
Fixes: 4800/clusterfuzz-testcase-minimized-6110372403609600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a1f38c75893c852cf19dcf3e4553549ba1e70950)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavformat/lrcdec: Fix memory leak in lrc_read_header()
Nikolas Bowe [Fri, 19 Jan 2018 21:17:07 +0000 (13:17 -0800)]
avformat/lrcdec: Fix memory leak in lrc_read_header()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ef5994e09d07ace62a672fcdc84761231288edad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tr...
Nikolas Bowe [Thu, 18 Jan 2018 23:21:56 +0000 (15:21 -0800)]
avformat/matroskadec: Fix float-cast-overflow undefined behavior in matroska_parse_tracks()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e07649e618caedc07eaf2f4d09253de7f77d14f0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agolavfi/deinterlace_vaapi: fix can't show full option information.
Jun Zhao [Tue, 16 Jan 2018 14:44:02 +0000 (22:44 +0800)]
lavfi/deinterlace_vaapi: fix can't show full option information.

use ffmpeg -h filter=deinterlace_vaapi can't get full help information,
the root cause is not setting the flags fileld in options.

Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 383804edd812410219a097e2bf3efac8a8b4562a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoconfigure: bump year
Carl Eugen Hoyos [Mon, 1 Jan 2018 17:05:55 +0000 (18:05 +0100)]
configure: bump year

Happy new year!

(cherry picked from commit bddf31ba7570325dd2c8d033eae3d0dd74127f96)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/utils: Avoid hardcoding duplicated types in sizeof()
Michael Niedermayer [Sat, 3 Jun 2017 23:53:58 +0000 (01:53 +0200)]
avcodec/utils: Avoid hardcoding duplicated types in sizeof()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 860d991fcd715233b5b9eb1f6c7bf0aadefb6061)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in one
Michael Niedermayer [Thu, 11 Jan 2018 21:47:10 +0000 (22:47 +0100)]
avcodec/arm/sbrdsp_neon: Use a free register instead of putting 2 things in one

Fixes high pitched shriek
Fixes: 25420848_1478428308873746_4255813235963330560_n.mp4

Reported-by: Dale Curtis <dalecurtis@google.com>
Reviewed-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7dbbb75ee32f87108ca9e15f5551dbbe69fe2641)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/h264addpx_template: Fixes integer overflows
Michael Niedermayer [Sun, 7 Jan 2018 02:48:43 +0000 (03:48 +0100)]
avcodec/h264addpx_template: Fixes integer overflows

Fixes: signed integer overflow: 512 + 2147483491 cannot be represented in type 'int'
Fixes: 4780/clusterfuzz-testcase-minimized-4709066174627840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6945aeee419a8417b8019c7c92227e12e45b7ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0
Michael Niedermayer [Sun, 7 Jan 2018 19:58:49 +0000 (20:58 +0100)]
avcodec/dirac_dwt: Fix overflows in COMPOSE_HAARiH0/COMPOSE_HAARiL0

Fixes: 4830/clusterfuzz-testcase-minimized-5255392054476800
Fixes: signed integer overflow: 2147483646 - -7 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0e62a2373475f58c72c0faf5568be00b26909585)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/diracdec: Fix integer overflow with quant
Michael Niedermayer [Sun, 7 Jan 2018 19:43:24 +0000 (20:43 +0100)]
avcodec/diracdec: Fix integer overflow with quant

Fixes: signed integer overflow: 2 + 2147483646 cannot be represented in type 'int'
Fixes: 4792/clusterfuzz-testcase-minimized-6322450775146496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eaa93175895568ef6c2542b13104874907d9c4ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/opus_parser: Check payload_len in parse_opus_ts_header()
Michael Niedermayer [Fri, 5 Jan 2018 21:12:07 +0000 (22:12 +0100)]
avcodec/opus_parser: Check payload_len in parse_opus_ts_header()

Fixes: clusterfuzz-testcase-minimized-6134545979277312
Fixes: crbug 797469

Reported-by: Matt Wolenetz <wolenetz@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1bcd7fefcb3c1ec47978fdc64a9e8dfb9512ae62)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/jpeg2000dsp: Fix integer overflows in ict_int()
Michael Niedermayer [Sun, 7 Jan 2018 03:12:57 +0000 (04:12 +0100)]
avcodec/jpeg2000dsp: Fix integer overflows in ict_int()

Fixes: signed integer overflow: 46802 * -71230 cannot be represented in type 'int'
Fixes: 4756/clusterfuzz-testcase-minimized-4812495563784192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b3192c64b5bdcb0474cda437d2d5f9421d68811e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/h264_slice: Do not attempt to render into frames already output
Michael Niedermayer [Wed, 3 Jan 2018 22:42:01 +0000 (23:42 +0100)]
avcodec/h264_slice: Do not attempt to render into frames already output

Fixes: null pointer dereference
Fixes: 4698/clusterfuzz-testcase-minimized-5096956322906112

This testcase does not reproduce the issue before 03b82b3ab9883cef017e513c7d0b3b986b3b3e7b

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 476665d4de989dba48ec1195215ccc8db54538f4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/dnxhddec: Check dc vlc
Michael Niedermayer [Wed, 3 Jan 2018 22:42:00 +0000 (23:42 +0100)]
avcodec/dnxhddec: Check dc vlc

Fixes: signed integer overflow: 1024 + 2147483640 cannot be represented in type 'int'
Fixes: 4671/clusterfuzz-testcase-minimized-6027464343027712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b2be76c0a472b729756ed7a91225c209d0dd1d2e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/exr: Check buf_size more completely
Michael Niedermayer [Fri, 29 Dec 2017 02:00:19 +0000 (03:00 +0100)]
avcodec/exr: Check buf_size more completely

Fixes: Out of heap array read
Fixes: 4683/clusterfuzz-testcase-minimized-6152313673613312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 903be5e4f66268273dc6e3c42a7fdeaab32066ef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/flacdec: Fix overflow in multiplication in decode_subframe_fixed()
Michael Niedermayer [Tue, 26 Dec 2017 22:24:44 +0000 (23:24 +0100)]
avcodec/flacdec: Fix overflow in multiplication in decode_subframe_fixed()

Fixes: signed integer overflow: 2 * 1629495328 cannot be represented in type 'int'
Fixes: 4716/clusterfuzz-testcase-minimized-5835915940331520

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3d23f7a0969bf76ad6dcdc2c4a5cd3ae884745a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevcdsp_template: Fix Invalid shifts in put_hevc_qpel_bi_w_h() and put_hevc_q...
Michael Niedermayer [Tue, 26 Dec 2017 22:24:45 +0000 (23:24 +0100)]
avcodec/hevcdsp_template: Fix Invalid shifts in put_hevc_qpel_bi_w_h() and put_hevc_qpel_bi_w_w()

Fixes: left shift of negative value -1
Fixes: 4690/clusterfuzz-testcase-minimized-6117482428366848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d135f3c514ac1723256c8e0f5cdd466fe98a2578)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/flacdec: avoid undefined shift
Michael Niedermayer [Tue, 26 Dec 2017 22:24:43 +0000 (23:24 +0100)]
avcodec/flacdec: avoid undefined shift

Fixes: shift exponent 32 is too large for 32-bit type 'unsigned int'
Fixes: 4688/clusterfuzz-testcase-minimized-6572210748653568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 560daf88913b0de59a4d845bcd19254b406388dd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevcdsp_template.c: Fix undefined shift in FUNC(dequant)
Michael Niedermayer [Fri, 22 Dec 2017 02:12:03 +0000 (03:12 +0100)]
avcodec/hevcdsp_template.c: Fix undefined shift in FUNC(dequant)

Fixes: runtime error: left shift of negative value -180
Fixes: 4626/clusterfuzz-testcase-minimized-5647837887987712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0c9ab5ef9c1ee852c80c859c9e07efe8730b57ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0() and COMPOSE_DD137iL0()
Michael Niedermayer [Fri, 22 Dec 2017 02:06:14 +0000 (03:06 +0100)]
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0() and COMPOSE_DD137iL0()

Fixes: runtime error: signed integer overflow: 2147483646 + 33554433 cannot be represented in type 'int'
Fixes: 4563/clusterfuzz-testcase-minimized-5438979567517696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4d70fbeec8cbab072b3a9b9f760b8deaaef240f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevc_cabac: Fix integer overflow in ff_hevc_cu_qp_delta_abs()
Michael Niedermayer [Fri, 15 Dec 2017 17:17:13 +0000 (18:17 +0100)]
avcodec/hevc_cabac: Fix integer overflow in ff_hevc_cu_qp_delta_abs()

Fixes: signed integer overflow: 2147483647 + 1073741824 cannot be represented in type 'int'
Fixes: 4555/clusterfuzz-testcase-minimized-4505532481142784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ee143558d55b590774dba69cff5a16eda089a4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agotests/audiomatch: Add missing return code at the end of main()
Michael Niedermayer [Tue, 19 Dec 2017 20:05:40 +0000 (21:05 +0100)]
tests/audiomatch: Add missing return code at the end of main()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 65da5c56e661a839e017db4c51c73d6f3d8a8fcb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevc_sei: Fix integer overflows in decode_nal_sei_message()
Michael Niedermayer [Fri, 15 Dec 2017 16:50:12 +0000 (17:50 +0100)]
avcodec/hevc_sei: Fix integer overflows in decode_nal_sei_message()

Fixes: signed integer overflow: 2147483520 + 255 cannot be represented in type 'int'
Fixes: 4554/clusterfuzz-testcase-minimized-4843714515042304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 991ef6e5b9a6a9d95e274ff6bff52db1c82b3808)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/hevcdsp_template: Fix undefined shift in put_hevc_qpel_bi_w_hv()
Michael Niedermayer [Fri, 15 Dec 2017 12:06:30 +0000 (13:06 +0100)]
avcodec/hevcdsp_template: Fix undefined shift in put_hevc_qpel_bi_w_hv()

Fixes: runtime error: left shift of negative value -3
Fixes: 4524/clusterfuzz-testcase-minimized-6055590120914944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 439fbb9c8b2a90e97c44c7c57245e01ca84c865d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/h264_parse: Treat escaped and unescaped decoding error equal in decode_extrad...
Michael Niedermayer [Sat, 25 Nov 2017 21:21:16 +0000 (22:21 +0100)]
avcodec/h264_parse: Treat escaped and unescaped decoding error equal in decode_extradata_ps_mp4()

Fixes: lorex.mp4
Fixes: ticket6762

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4bb7d72bcfb56ae4fe56055927cf53cf484f5df4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/vp9: mark frame as finished on decode_tiles() failure
Michael Niedermayer [Thu, 14 Dec 2017 01:02:55 +0000 (02:02 +0100)]
avcodec/vp9: mark frame as finished on decode_tiles() failure

Fixes deadlock with framethreads
Fixes: Netflix_Aerial_1080p_60fps_8bit_420.y4m.vp9.noaltref.webm.ivf.s69372_r01-05_b6-.ivf
Fixes: Netflix_Aerial_1080p_60fps_10bit_420.y4m.vp9.noaltref.webm.ivf.s149104_r01-05_b6-.ivf
Fixes: ducks_take_off_444_720p50.y4m.vp9.webm.ivf.s107375_r01-05_b6-.ivf

Reported-by: James Zern <jzern@google.com>
Reviewed-by: James Zern <jzern@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5e03eea673a9da2253ed15152e46b1422b35d145)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agolibavfilter/af_dcshift.c: Fixed repeated spelling error
Kelly Ledford [Tue, 12 Dec 2017 19:31:23 +0000 (11:31 -0800)]
libavfilter/af_dcshift.c: Fixed repeated spelling error

'threshhold' should be 'threshold'

Signed-off-by: Kelly Ledford <kelly.ledford@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bc219082bb04b9a4725bfe7e78ce0950244e6e84)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavfilter/formats: fix wrong function name in error message
Jun Zhao [Mon, 4 Dec 2017 04:50:34 +0000 (12:50 +0800)]
avfilter/formats: fix wrong function name in error message

Use perdefined micro __FUNCTION__ rather than hard coding function name
to fix wrong function name in error message.

Signed-off-by: Jun Zhao <jun.zhao@intel.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4280948702bc256e21c375790b889c735d233b0d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
18 months agoavcodec/nvenc: also clear data pointer after unregistering a resource
Timo Rothenpieler [Sun, 28 Jan 2018 12:05:09 +0000 (13:05 +0100)]
avcodec/nvenc: also clear data pointer after unregistering a resource

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
18 months agoavcodec/nvenc: add some more error case checks
Timo Rothenpieler [Sun, 28 Jan 2018 11:51:20 +0000 (12:51 +0100)]
avcodec/nvenc: add some more error case checks

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
18 months agoavcodec/nvenc: unregister input resource when unmapping
Timo Rothenpieler [Sun, 28 Jan 2018 11:39:03 +0000 (12:39 +0100)]
avcodec/nvenc: unregister input resource when unmapping

Currently the resource is only ever unregistered when the
registered_frames array is fully in use and an unmapped entry is re-used
and cleaned up.
I'm pretty sure the frame will have been cleaned up before that happens,
so I'm kinda surprised this never blew up.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
18 months agoavcodec/nvenc: refcount input frame mappings
Timo Rothenpieler [Fri, 26 Jan 2018 19:16:53 +0000 (20:16 +0100)]
avcodec/nvenc: refcount input frame mappings

If some logic like vsync in ffmpeg.c duplicates frames, it might pass
the same frame twice, which will result in a crash due it being
effectively mapped and unmapped twice.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
18 months agolavc/aarch64/sbrdsp_neon: fix build on old binutils
Rodger Combs [Fri, 26 Jan 2018 02:53:59 +0000 (20:53 -0600)]
lavc/aarch64/sbrdsp_neon: fix build on old binutils

(cherry picked from commit 77237504757b97c068796a4e9ef81b9653618616)

19 months agohwcontext_dxva2: initialize D3DDISPLAYMODEEX correctly
wm4 [Thu, 4 Jan 2018 14:52:46 +0000 (15:52 +0100)]
hwcontext_dxva2: initialize D3DDISPLAYMODEEX correctly

(cherry picked from commit 18fbfd7bf86effb49c0341b37b9c1d73940d688e)

19 months agolibavutil/hwcontext_dxva2: Add check for possible errors from GetAdapterDisplayModeEx
Humberto Ribeiro [Wed, 3 Jan 2018 23:22:15 +0000 (15:22 -0800)]
libavutil/hwcontext_dxva2: Add check for possible errors from GetAdapterDisplayModeEx

This prevents a possible crash in CreateDeviceEx when using faulty
response from GetAdapterDisplayModeEx and allows ffmpeg to fallback to
classic d3d9.

Signed-off-by: wm4 <nfxjfg@googlemail.com>
(cherry picked from commit 59b126f92225316e0cd77bb952d630553801dc85)

19 months agoavcodec/libx264: set supported pix_fmts at runtime rather than build time
James Almer [Tue, 26 Dec 2017 22:40:27 +0000 (19:40 -0300)]
avcodec/libx264: set supported pix_fmts at runtime rather than build time

This partially reverts a change in behavior introduced in 2a111c99a60fdf4fe5eea2b073901630190c6c93.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 7e60c74329353db28db00552028bc88cd2a52346)

19 months agoavcodec/libx264: fix compilation with x264 builds >= 153
James Almer [Mon, 25 Dec 2017 22:41:09 +0000 (19:41 -0300)]
avcodec/libx264: fix compilation with x264 builds >= 153

x264 now supports multibitdepth builds, with a slightly changed API to
request bitdepth during initialization.

Reviewed-by: Ricardo Constantino <wiiaboo@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 2a111c99a60fdf4fe5eea2b073901630190c6c93)

19 months agoavcodec/libx264: use the pixfmt descriptor to check for high bit depths
James Almer [Mon, 25 Dec 2017 22:40:42 +0000 (19:40 -0300)]
avcodec/libx264: use the pixfmt descriptor to check for high bit depths

The x264_bit_depth constant has been removed in newer x264 builds.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 89f704cabab446afc8ba6ecea76714a51b1df32b)

20 months agoChangelog: Update for the last 3 commits n3.4.1
Michael Niedermayer [Sun, 10 Dec 2017 20:20:05 +0000 (21:20 +0100)]
Changelog: Update for the last 3 commits

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/vp9_superframe_split_bsf: Fix integer overflow in frame_size/total_size checks
Michael Niedermayer [Wed, 6 Dec 2017 21:42:05 +0000 (22:42 +0100)]
avcodec/vp9_superframe_split_bsf: Fix integer overflow in frame_size/total_size checks

Fixes: signed integer overflow: -1698586465 + -551542752 cannot be represented in type 'int'
Fixes: 4490/clusterfuzz-testcase-minimized-5210014592532480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit eaff5fcb7cde8d1614755269773d471d3a3d1bfc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/amrwbdec: Fix division by 0 in voice_factor()
Michael Niedermayer [Thu, 7 Dec 2017 14:32:54 +0000 (15:32 +0100)]
avcodec/amrwbdec: Fix division by 0 in voice_factor()

The added value matches "Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Extended Adaptive Multi-Rate - Wideband (AMR-WB+) codec; Floating-point ANSI-C code (3GPP TS 26.304 version 14.0.0 Release 14)
Extended Adaptive Multi-Rate - Wideband (AMR-WB+) codec; Floating-point ANSI-C code"

Fixes: runtime error: division by zero
Fixes: 4415/clusterfuzz-testcase-minimized-4677752314658816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1d0817d56b66797118880358ea7d7a2acfdca429)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavformat/utils: Fix warning: ISO C90 forbids mixed declarations and code
Michael Niedermayer [Fri, 8 Dec 2017 09:59:05 +0000 (10:59 +0100)]
avformat/utils: Fix warning: ISO C90 forbids mixed declarations and code

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/decode: reset codec on receiving packet after EOF in compat_decode
James Cowgill [Thu, 9 Nov 2017 12:21:23 +0000 (12:21 +0000)]
avcodec/decode: reset codec on receiving packet after EOF in compat_decode

In commit 061a0c14bb57 ("decode: restructure the core decoding code"), the
deprecated avcodec_decode_* APIs were reworked so that they called into the
new avcodec_send_packet / avcodec_receive_frame API. This had the side effect
of prohibiting sending new packets containing data after a drain
packet, but in previous versions of FFmpeg this "worked" and some
applications relied on it.

To restore some compatibility, reset the codec if we receive a new non-drain
packet using the old API after draining has completed. While this does
not give the same behaviour as the old API did, in the majority of cases
it works and it does not require changes to any other part of the decoding
code.

Fixes ticket #6775
Signed-off-by: James Cowgill <jcowgill@debian.org>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 02ba4b91b5616ecbebee5c9565e1be7af2a6b980)

20 months agoUpdate for 3.4.1
Michael Niedermayer [Fri, 8 Dec 2017 09:22:30 +0000 (10:22 +0100)]
Update for 3.4.1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/diracdsp: Fix integer overflow in PUT_SIGNED_RECT_CLAMPED()
Michael Niedermayer [Sat, 2 Dec 2017 20:53:22 +0000 (21:53 +0100)]
avcodec/diracdsp: Fix integer overflow in PUT_SIGNED_RECT_CLAMPED()

Fixes: runtime error: signed integer overflow: 2147483646 + 2048 cannot be represented in type 'int'
Fixes: 4479/clusterfuzz-testcase-minimized-6529894147162112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 610dd74502a58e8bb0f1d8fcbc7015f86b78d70e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/dirac_dwt: Fix integer overflows in COMPOSE_DAUB97*
Michael Niedermayer [Sat, 2 Dec 2017 20:48:04 +0000 (21:48 +0100)]
avcodec/dirac_dwt: Fix integer overflows in COMPOSE_DAUB97*

Fixes: 4478/clusterfuzz-testcase-minimized-4752113767809024
Fixes: runtime error: signed integer overflow: -2147483626 + -319489 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5e9a13a5a33bf7566591216e335f2529612100bb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/extract_extradata_bsf: Fix leak discovered via fuzzing
Nikolas Bowe [Tue, 5 Dec 2017 23:11:26 +0000 (15:11 -0800)]
avcodec/extract_extradata_bsf: Fix leak discovered via fuzzing

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a412a5c3cc216ae1d15e6b884bda7214b73a5b0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/vorbis: Fix another 1 << 31 > int32_t::max() with 1u.
Dale Curtis [Thu, 30 Nov 2017 20:20:36 +0000 (12:20 -0800)]
avcodec/vorbis: Fix another 1 << 31 > int32_t::max() with 1u.

Didn't notice this one when 9648cc6d was landed.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 95bacb521af8cd28f146f045437c9f75717a493a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/vorbis: 1 << 31 > int32_t::max(), so use 1u << 31 instead.
Dale Curtis [Wed, 22 Nov 2017 18:58:39 +0000 (10:58 -0800)]
avcodec/vorbis: 1 << 31 > int32_t::max(), so use 1u << 31 instead.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9648cc6d7fdbb0a260bed1e3e23300569cff9579)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavformat/utils: Prevent undefined shift with wrap_bits > 64.
Dale Curtis [Fri, 17 Nov 2017 21:35:56 +0000 (13:35 -0800)]
avformat/utils: Prevent undefined shift with wrap_bits > 64.

2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the
code to use a uint64_t (2ULL) and add an av_assert2() to
ensure wrap_bits <= 64.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 03fbc0daa7e37af024f8b017a28105c32bbe25ca)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/j2kenc: Fix out of array access in encode_cblk()
Michael Niedermayer [Thu, 30 Nov 2017 22:42:04 +0000 (23:42 +0100)]
avcodec/j2kenc: Fix out of array access in encode_cblk()

Fixes: 4427/clusterfuzz-testcase-minimized-5106919271301120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0674087004538599797688785f6ac82358abc23b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()
Michael Niedermayer [Thu, 30 Nov 2017 20:27:37 +0000 (21:27 +0100)]
avcodec/hevcdsp_template: Fix undefined shift in put_hevc_epel_bi_w_h()

Fixes: runtime error: left shift of negative value -127
Fixes: 4397/clusterfuzz-testcase-minimized-4779061080489984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0409d333115e623b5ccdbb364d64ca2a52fd8467)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agolavf/mov: fix huge alloc in mov_read_ctts
John Stebbins [Sun, 26 Nov 2017 15:32:30 +0000 (07:32 -0800)]
lavf/mov: fix huge alloc in mov_read_ctts

An invalid file may cause huge alloc.  Delay expansion of ctts entries
until the number of samples is known in mov_build_index.

Fixes: 23

Found-by: zhao dongzhuo, AD-lab of Venustech
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d015d3bf9fed59c65a3819a35fedbb8b7dde623)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/mlpdsp: Fix signed integer overflow, 2nd try
Michael Niedermayer [Mon, 20 Nov 2017 17:45:45 +0000 (18:45 +0100)]
avcodec/mlpdsp: Fix signed integer overflow, 2nd try

The outputted bits should match what is used in the lossless check

Fixes: runtime error: signed integer overflow: -538697856 * 256 cannot be represented in type 'int'
Fixes: 4326/clusterfuzz-testcase-minimized-5689449645080576

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 97c00edaa043043c29d985653e7e1687b56dfa23)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/h264idct_template: Fix integer overflow in ff_h264_idct8_add
Michael Niedermayer [Mon, 20 Nov 2017 02:08:20 +0000 (03:08 +0100)]
avcodec/h264idct_template: Fix integer overflow in ff_h264_idct8_add

Fixes: signed integer overflow: 452986184 - -2113885312 cannot be represented in type 'int'
Fixes: 4196/clusterfuzz-testcase-minimized-5580648594014208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9cc926da7d9920d17b76584e7212309ab5c02387)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/kgv1dec: Check that there is enough input for maximum RLE compression
Michael Niedermayer [Wed, 22 Nov 2017 19:14:54 +0000 (20:14 +0100)]
avcodec/kgv1dec: Check that there is enough input for maximum RLE compression

Fixes: Timeout
Fixes: 4271/clusterfuzz-testcase-4676667768307712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3aad94bf2b140cfba8ae69d018da05d4948ef37f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavformat/aacdec: Fix leak in adts_aac_read_packet()
Michael Niedermayer [Sat, 25 Nov 2017 18:22:51 +0000 (19:22 +0100)]
avformat/aacdec: Fix leak in adts_aac_read_packet()

Fixes: chromium-773637/clusterfuzz-testcase-minimized-6418078673141760

Found-by: ossfuzz/chromium
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2779d33ed99898675e0b3884fabe1ce6839f36d1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*
Michael Niedermayer [Sat, 25 Nov 2017 02:15:16 +0000 (03:15 +0100)]
avcodec/dirac_dwt: Fix integer overflow in COMPOSE_FIDELITYi*

Fixes: runtime error: signed integer overflow: -2143827186 - 7404944 cannot be represented in type 'int'
Fixes: 4354/clusterfuzz-testcase-minimized-4671122764201984

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2b6964f764382742bb052a1ee3b7167cac35332f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/sbrdsp_fixed: Fix integer overflow
Michael Niedermayer [Wed, 22 Nov 2017 19:18:40 +0000 (20:18 +0100)]
avcodec/sbrdsp_fixed: Fix integer overflow

Fixes: signed integer overflow: 2147483598 + 64 cannot be represented in type 'int'
Fixes: 4337/clusterfuzz-testcase-minimized-6192658616680448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12a511f2c265d6319b7fdc332a6aa8aca1535309)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/mpeg4videodec: Check also for negative versions in the validity check
Michael Niedermayer [Tue, 21 Nov 2017 02:15:53 +0000 (03:15 +0100)]
avcodec/mpeg4videodec: Check also for negative versions in the validity check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0e7865ce4152f8b04cda6a698bbee4fd4a94009d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoClose ogg stream upon error when using AV_EF_EXPLODE.
Dale Curtis [Mon, 20 Nov 2017 20:07:57 +0000 (12:07 -0800)]
Close ogg stream upon error when using AV_EF_EXPLODE.

Without this there can be multiple memory leaks for unrecognized
ogg streams.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bce8fc0754c4b31f574a4372c6d7996ed29f7c2a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoFix undefined shift on assumed 8-bit input.
Dale Curtis [Sat, 18 Nov 2017 00:05:30 +0000 (16:05 -0800)]
Fix undefined shift on assumed 8-bit input.

decode_user_data() attempts to create an integer |build|
value with 8 bits of spacing for 3 components. However
each component is an int32_t, so shifting each component
is undefined for values outside of the 8 bit range.

This patch simply clamps input to 8-bits per component
and prints out a warning that the values were clamped.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7010dd98b575d2e39fca947e609b85be7490b269)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoUse ff_thread_once for fixed, float table init.
Dale Curtis [Fri, 17 Nov 2017 22:51:09 +0000 (14:51 -0800)]
Use ff_thread_once for fixed, float table init.

These tables are static so they should only be initialized once
instead of on every call to ff_mpadsp_init().

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5eaaffaf64d1854493f0fe9ec822eed1b3cd9fe1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoFix leak of frame_duration_buffer in mov_fix_index().
Dale Curtis [Fri, 17 Nov 2017 22:53:25 +0000 (14:53 -0800)]
Fix leak of frame_duration_buffer in mov_fix_index().

Should be unconditionally freed at the end of mov_fix_index() in
case it hasn't been used during the fix up.

Signed-off-by: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Sasi Inguva <isasi-at-google.com@ffmpeg.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d073be2291e40129d107ca4573097d6d6d2dbf68)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavformat/mov: Propagate errors in mov_switch_root.
Jacob Trimble [Mon, 20 Nov 2017 20:05:02 +0000 (12:05 -0800)]
avformat/mov: Propagate errors in mov_switch_root.

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d9cf3bf16b94cd9db10dabad695c69c5cff4f58)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
20 months agoavcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()
Michael Niedermayer [Fri, 17 Nov 2017 21:01:29 +0000 (22:01 +0100)]
avcodec/hevcdsp_template: Fix invalid shift in put_hevc_epel_bi_w_v()

Fixes: runtime error: left shift of negative value -255
Fixes: 4037/clusterfuzz-testcase-minimized-5290998163832832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7d88586e4728e97349f98e07ff782bb168ab96c3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>