ffmpeg.git
5 months agoChangelog: update n4.1.2
Michael Niedermayer [Thu, 21 Mar 2019 08:02:44 +0000 (09:02 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/dfa: Check the chunk header is not truncated
Michael Niedermayer [Sun, 10 Mar 2019 22:45:19 +0000 (23:45 +0100)]
avcodec/dfa: Check the chunk header is not truncated

Fixes: Timeout (11sec -> 3sec)
Fixes: 13218/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DFA_fuzzer-5661074316066816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f20760fadbc77483b9ff4b400b53ebb38ee33793)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/clearvideo: Check remaining data in P frames
Michael Niedermayer [Fri, 8 Mar 2019 00:42:06 +0000 (01:42 +0100)]
avcodec/clearvideo: Check remaining data in P frames

Fixes: Timeout (19sec -> 419msec)
Fixes: 13411/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5733153811988480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 41f93f941155f9f9dbb2d5e7f5d20b2238150836)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/hevcdec: decode at most one slice reporting being the first in the picture
James Almer [Mon, 18 Mar 2019 20:25:58 +0000 (17:25 -0300)]
avcodec/hevcdec: decode at most one slice reporting being the first in the picture

Fixes deadlocks when decoding packets containing more than one of the aforementioned
slices when using frame threads.

Tested-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 70c8c8a818f39bc262565ec29fae2baffb3e1660)

5 months agoUpdate for 4.1.2
Michael Niedermayer [Thu, 14 Mar 2019 16:31:54 +0000 (17:31 +0100)]
Update for 4.1.2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/dvbsubdec: Check object position
Michael Niedermayer [Tue, 5 Mar 2019 19:14:05 +0000 (20:14 +0100)]
avcodec/dvbsubdec: Check object position

Reference: ETSI EN 300 743 V1.2.1  7.2.2 Region composition segment

Fixes: Timeout
Fixes: 13325/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5143979392237568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a8c5ae451184e879fc8ff1333c6f26f9542c8ebf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/cdgraphics: Use ff_set_dimensions()
Michael Niedermayer [Tue, 5 Mar 2019 11:51:22 +0000 (12:51 +0100)]
avcodec/cdgraphics: Use ff_set_dimensions()

Fixes: Timeout (17 sec -> 65 milli sec)
Fixes: 13264/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5711167941509120

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a9f0e239c1c6f5c96cc90ba673087f86ca1eabc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/gdv: Check fps
Michael Niedermayer [Mon, 4 Mar 2019 23:48:18 +0000 (00:48 +0100)]
avformat/gdv: Check fps

Fixes: Division by 0
Fixes: ffmpeg_zero_division.bin

Found-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38381400fca45d1ae6e7604335b507b7dc70a903)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoconfigure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking
Guo, Yejun [Mon, 4 Mar 2019 22:09:18 +0000 (06:09 +0800)]
configure: use vpx_codec_vp8_dx/cx for libvpx-vp8 checking

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit d9b2668766e3e924d4ebb3c6531b449874e13666)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoconfigure: add missing pthreads extralibs dependency for libvpx-vp9
Guo, Yejun [Mon, 4 Mar 2019 22:09:11 +0000 (06:09 +0800)]
configure: add missing pthreads extralibs dependency for libvpx-vp9

Signed-off-by: Guo, Yejun <yejun.guo@intel.com>
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 402bf262375dfecd0e90d7acc67c238abe952fc3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()
Michael Niedermayer [Sun, 10 Mar 2019 00:40:59 +0000 (01:40 +0100)]
avcodec/mpeg4videodec: Check idx in mpeg4_decode_studio_block()

Fixes: Out of array access
Fixes: 13500/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5769760178962432

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d227ed5d598340e719eff7156b1aa0a4469e9a6a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/dxv: Correct integer overflow in get_opcodes()
Michael Niedermayer [Sat, 2 Mar 2019 23:47:47 +0000 (00:47 +0100)]
avcodec/dxv: Correct integer overflow in get_opcodes()

Fixes: 13099/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-5665598896340992
Fixes: signed integer overflow: 2147483647 + 7 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e0b5d3a20e107860a34e90139b860d6b8219a1d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/scpr: Fix use of uninitialized variable
Michael Niedermayer [Wed, 27 Feb 2019 23:12:14 +0000 (00:12 +0100)]
avcodec/scpr: Fix use of uninitialized variable

Fixes: Undefined shift
Fixes: 12911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5677102915911680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 53248acfb3b23007c89ae822d7bcae451272d5a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes
Michael Niedermayer [Sat, 23 Feb 2019 23:44:40 +0000 (00:44 +0100)]
avcodec/qpeg: Limit copy in qpeg_decode_intra() to the available bytes

Fixes: Timeout (27 sec -> 39 milli sec)
Fixes: 13151/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QPEG_fuzzer-5717536023248896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b819472995f55e827d6bb70dcdd86d963f65ae31)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/aic: Check remaining bits in aic_decode_coeffs()
Michael Niedermayer [Mon, 25 Feb 2019 12:26:25 +0000 (13:26 +0100)]
avcodec/aic: Check remaining bits in aic_decode_coeffs()

Fixes: Timeout (78 seconds -> 2 seconds)
Fixes: 13186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-5639516533030912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 951bb7632fe6e3bb1a9c3b47610705871e471f34)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/gdv: Check for truncated tags in decompress_5()
Michael Niedermayer [Mon, 25 Feb 2019 00:26:30 +0000 (01:26 +0100)]
avcodec/gdv: Check for truncated tags in decompress_5()

Testcase: 13169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5666354038833152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5cf42f65b60d226d1223d2100cb1d90402189275)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/bethsoftvideo: Check block_type
Michael Niedermayer [Sun, 24 Feb 2019 22:39:44 +0000 (23:39 +0100)]
avcodec/bethsoftvideo: Check block_type

Fixes: Timeout (17 seconds -> 1 second)
Fixes: 13184/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BETHSOFTVID_fuzzer-5711446296494080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b8ecadec0582a1521b5d0d253376966138e6ca78)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()
Michael Niedermayer [Mon, 18 Feb 2019 23:05:51 +0000 (00:05 +0100)]
avcodec/jpeg2000dwt: Fix integer overflow in dwt_decode97_int()

Fixes: runtime error: signed integer overflow: 2147483598 + 128 cannot be represented in type 'int'
Fixes: 12926/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5705100733972480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4801eea0d465cd54670e7c19322705544e3e7524)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/error_resilience: Use a symmetric check for skipping MV estimation
Michael Niedermayer [Tue, 19 Feb 2019 17:41:42 +0000 (18:41 +0100)]
avcodec/error_resilience: Use a symmetric check for skipping MV estimation

This speeds up the testcase by a factor of 4

Fixes: Timeout
Fixes: 13100/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5767533905313792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e4289cb253e29e4d62dc46759eb1a45d8f6d82df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mlpdec: Insuffient typo
Michael Niedermayer [Sat, 23 Feb 2019 21:00:39 +0000 (22:00 +0100)]
avcodec/mlpdec: Insuffient typo

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fc32e08941ea2795a3096e7a4013843e9ebf5fe3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/zmbv: obtain frame later
Michael Niedermayer [Thu, 21 Feb 2019 16:25:14 +0000 (17:25 +0100)]
avcodec/zmbv: obtain frame later

The frame is not needed that early so obtaining it later avoids
the costly operation in case other checks fail.

Fixes: Timeout (14sec -> 4sec)
Fixes: 13140/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ZMBV_fuzzer-5738330308739072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 177b40890c6de8c6896e0a1d4a631ea1ca89c044)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/jvdec: Check available input space before decode8x8()
Michael Niedermayer [Thu, 21 Feb 2019 00:09:43 +0000 (01:09 +0100)]
avcodec/jvdec: Check available input space before decode8x8()

Fixes: Timeout (78 sec -> 15 millisec)
Fixes: 13147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JV_fuzzer-5727107827630080

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 61523683c5a9bda9aaa7ae24764a3df0401a9877)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/h264_direct: Fix overflow in POC comparission
Michael Niedermayer [Wed, 13 Feb 2019 23:05:34 +0000 (00:05 +0100)]
avcodec/h264_direct: Fix overflow in POC comparission

Fixes: runtime error: signed integer overflow: 2147421862 - -33624063 cannot be represented in type 'int'
Fixes: 12885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5733516975800320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ccf296e74725bc8bdfbfe500d0482daa200b6f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/webmdashenc: Check id in adaption_sets
Michael Niedermayer [Wed, 13 Feb 2019 09:15:04 +0000 (10:15 +0100)]
avformat/webmdashenc: Check id in adaption_sets

Fixes: out of array access

Found-by: Wenxiang Qian
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b687b549aa0fb115861b1343208de8c2630803bf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/http: Fix Out-of-Bounds access in process_line()
Wenxiang Qian [Wed, 13 Feb 2019 07:54:08 +0000 (08:54 +0100)]
avformat/http: Fix Out-of-Bounds access in process_line()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 85f91ed760a517c0d5fcf692d40a5a9d7efa9476)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393
Wenxiang Qian [Wed, 13 Feb 2019 07:47:20 +0000 (08:47 +0100)]
avformat/ftp: Fix Out-of-Bounds Access and Information Leak in ftp.c:393

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a142ffdcaec06fcbf7d4b00dbb0e5ddfb9e3344d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop...
Kevin Backhouse via RT [Wed, 6 Feb 2019 12:56:01 +0000 (12:56 +0000)]
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces

Fixes: [Semmle Security Reports #19439]
Fixes: dos_sscanf2.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 894995c41e0795c7a44f81adc4838dedc3932e65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop...
Kevin Backhouse via RT [Wed, 6 Feb 2019 11:29:22 +0000 (11:29 +0000)]
avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for tag scaning

Fixes: [Semmle Security Reports #19438]
Fixes: dos_sscanf1.mkv

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f00c97bc3475c477f3c468cf2d924d5761d0982)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/matroskadec: Do not leak queued packets on sync errors
Michael Niedermayer [Wed, 6 Feb 2019 14:29:38 +0000 (15:29 +0100)]
avformat/matroskadec: Do not leak queued packets on sync errors

Fixes: memleak
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5649187601121280

Reported-by: Chris Cunningham <chcunningham@google.com>
Tested-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d1afa7284c3feba4debfebf1b9cf8ad67640e34a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/mpeg4videodec: Clear interlaced_dct for studio profile
Michael Niedermayer [Fri, 15 Feb 2019 00:57:09 +0000 (01:57 +0100)]
avcodec/mpeg4videodec: Clear interlaced_dct for studio profile

Fixes: Out of array access
Fixes: 13090/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5408668986638336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f686d023b95219db933394a7704ad9aa5f01cbb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference...
Michael Niedermayer [Tue, 12 Feb 2019 22:28:35 +0000 (23:28 +0100)]
avformat/mov: Do not use reference stream in mov_read_sidx() if there is no reference stream

Fixes: NULL pointer dereference
Fixes: clusterfuzz-testcase-minimized-audio_decoder_fuzzer-5634316373721088

Reported-by: Chris Cunningham <chcunningham@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b0d8b7cb8e86367178ef0c35dcae359d820c3b27)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()
Michael Niedermayer [Sun, 3 Feb 2019 14:13:03 +0000 (15:13 +0100)]
avcodec/sbrdsp_fixed.c: remove input value limit for sbr_sum_square_c()

Fixes: 1377/clusterfuzz-testcase-minimized-5487049807233024
Fixes: assertion failure in sbr_sum_square_c()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4cde7e62dbaa63eda173e8d24a97d273890f282c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months agoavcodec/prores_ks: Fix luma quantization if q >= MAX_STORED_Q
Alex Mogurenko [Fri, 28 Dec 2018 20:30:08 +0000 (22:30 +0200)]
avcodec/prores_ks: Fix luma quantization if q >= MAX_STORED_Q

The problem occurs in slice quant estimation and slice encoding:

If the slice quant is larger than  MAX_STORED_Q we don't use pre-calculated
quant matrices, but generate a new one, but both qmat and qmat_chroma both
point to the same table, so the luma table ends up having chroma table
values.

Add custom_chroma_q the same way as custom_q.

Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
(cherry picked from commit e4788ae31b2e9af45d11f4bf4498c075dcc25a6c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mov: fix hang while seek on a kind of fragmented mp4
Charles Liu [Sun, 3 Feb 2019 15:09:06 +0000 (23:09 +0800)]
avformat/mov: fix hang while seek on a kind of fragmented mp4

Binary searching would hang if the fragment items do NOT have timestamp for the
specified stream.

For example, a fmp4 consists of separated 'moof' boxes for each track, and
separated 'sidx' for each segment, but no 'mfra' box.  Then every fragment item
only have the timestamp for one of its tracks.

Example:
ffmpeg -f lavfi -i testsrc -f lavfi -i sine -movflags dash+frag_keyframe+skip_trailer+separate_moof -t 1 out.mp4
ffmpeg -ss 0.5 -i out.mp4 -f null none

Also fixes the hang in ticket #7572, but not the reason for having
AV_NOPTS_VALUE timestamps there.

Signed-off-by: Charles Liu <liuchh83@gmail.com>
Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit aa25198f1b925a464bdfa83a98476f08d26c9209)

6 months agoavformat/async: fix assertion condition when draining buffer
Marton Balint [Sun, 27 Jan 2019 18:48:12 +0000 (19:48 +0100)]
avformat/async: fix assertion condition when draining buffer

Fixes some random assertion failures with

ffprobe -show_packets async:samples/ffmpeg-bugs/trac/ticket6132/Samsung_HDR_-_Chasing_the_Light.ts > /dev/null

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit 4b46d1ee463f6bb2d2be967d418d275a44fe2a9c)

6 months agoavcodec/cbs_av1: don't call cbs_av1_read_trailing_bits() when no bits remain in the OBU
James Almer [Sun, 10 Feb 2019 20:41:38 +0000 (17:41 -0300)]
avcodec/cbs_av1: don't call cbs_av1_read_trailing_bits() when no bits remain in the OBU

Reviewed-by: jkqxz
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 3e8b8b6b509c8c37defd3a8c32883fa54bc00de8)

6 months agoChangelog: update n4.1.1
Michael Niedermayer [Sat, 9 Feb 2019 17:20:02 +0000 (18:20 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mov: validate chunk_count vs stsc_data
chcunningham [Thu, 7 Feb 2019 22:58:17 +0000 (14:58 -0800)]
avformat/mov: validate chunk_count vs stsc_data

Bad content may contain stsc boxes with a first_chunk index that
exceeds stco.entries (chunk_count). This ammends the existing check to
include cases where chunk_count == 0. It also patches up the case
when stsc refers to unknown chunks, but stts has no samples (so we
can simply ignore stsc).

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1c15449ca9a5bfa387868ac55628397273da761f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/mov.c: require tfhd to begin parsing trun
chcunningham [Thu, 7 Feb 2019 00:12:51 +0000 (16:12 -0800)]
avformat/mov.c: require tfhd to begin parsing trun

Detecting missing tfhd avoids re-using tfhd track info from the previous
moof. For files with multiple tracks, this may make a mess of the
avindex and fragindex, which can later trigger av_assert0 in
mov_read_trun().

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3ea87e5d9ea075d5b3c0f4f8c6c48e514b454cbe)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoChangelog: update
Michael Niedermayer [Sun, 3 Feb 2019 23:51:42 +0000 (00:51 +0100)]
Changelog: update

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/pgssubdec: Check for duplicate display segments
Michael Niedermayer [Tue, 29 Jan 2019 00:06:01 +0000 (01:06 +0100)]
avcodec/pgssubdec: Check for duplicate display segments

In such a duplication the previous gets overwritten and leaks

Fixes: memleak
Fixes: 12510/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PGSSUB_fuzzer-5694439226343424

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e35c3d887b3e374c6a091342206a42da48785d70)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/rtsp: Check number of streams in sdp_parse_line()
Michael Niedermayer [Fri, 25 Jan 2019 20:30:04 +0000 (21:30 +0100)]
avformat/rtsp: Check number of streams in sdp_parse_line()

Fixes: OOM

Found-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 497c9b0cce559d43607bbbd679fe42f1d7e9040e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()
Michael Niedermayer [Sun, 27 Jan 2019 23:53:22 +0000 (00:53 +0100)]
avformat/rtsp: Clear reply in every iteration in ff_rtsp_connect()

Fixes: Infinite loop

Found-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Michael Hanselmann <public@hansmi.ch>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0b50f27635f684ec0526e9975c9979f35bbf486b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/rasc: Move ff_get_buffer() after frame checks
Michael Niedermayer [Tue, 22 Jan 2019 23:19:14 +0000 (00:19 +0100)]
avcodec/rasc: Move ff_get_buffer() after frame checks

If the frame1/2 checks fail this avoids doing the allocation of a new frame

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9f4af97aff899571663342fbe68df8caee30097f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/rasc: Check uncompressed dlta size
Michael Niedermayer [Tue, 22 Jan 2019 23:16:02 +0000 (00:16 +0100)]
avcodec/rasc: Check uncompressed dlta size

We assume that if the compressed size is bigger than if each byte is encoded in a single raw packet
that the data is invalid.

Fixes: Out of memory
Fixes: 12208/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5648916473708544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f4079d5174c20eddbc99eef6ebe98d411f8014c5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/fic: Check that there is input left in fic_decode_block()
Michael Niedermayer [Tue, 22 Jan 2019 23:30:53 +0000 (00:30 +0100)]
avcodec/fic: Check that there is input left in fic_decode_block()

Fixes: Timeout
Fixes: 12450/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5661984622641152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit db1c4acd02af4de5dfbea6012c296470679aa7a6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/ilbcdec: Fix undefined integer overflow lsf2poly()
Michael Niedermayer [Mon, 14 Jan 2019 23:09:30 +0000 (00:09 +0100)]
avcodec/ilbcdec: Fix undefined integer overflow lsf2poly()

The addition is moved up into the context where the variable is unsigned avoiding
the undefined behavior

Fixes: runtime error: signed integer overflow: 2147481972 + 4096 cannot be represented in type 'int'
Fixes: 12444/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5755706244857856

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4523cc5e75c8ecfba8975d16e96c29f9bf70973f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 months agoavcodec/ilbcdec: Fix integer overflow in construct_vector()
Michael Niedermayer [Mon, 14 Jan 2019 23:02:25 +0000 (00:02 +0100)]
avcodec/ilbcdec: Fix integer overflow in construct_vector()

webrtc contains explicit code to ignore the undefined behavior (RTC_NO_SANITIZE / OverflowingAddS32S32ToS32())

Probably fixes: Integer overflow (unreproducable here)
Probably fixes: 12215/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5767142427852800

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c95d0fb23917c35886f3b62daa05af20d2700a1e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoUpdate for 4.1.1
Michael Niedermayer [Mon, 21 Jan 2019 07:34:57 +0000 (08:34 +0100)]
Update for 4.1.1

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/prosumer: Error out if decompress() stops reading data
Michael Niedermayer [Sat, 12 Jan 2019 21:36:00 +0000 (22:36 +0100)]
avcodec/prosumer: Error out if decompress() stops reading data

if 0 is encountered in the LUT then decompress() will continue to output 0 bytes but never read more data.
Without a specification it is impossible to say if this is invalid or a feature.
None of the valid prosumer files tested cause a 0 to be read, so it is likely
not a intended feature.

Fixes: Timeout
Fixes: 11266/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PROSUMER_fuzzer-5681827423977472

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 62f8d27ef1995354d6529ea0d9428501d7f914b4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/tiff: Check for 12bit gray fax
Michael Niedermayer [Sat, 12 Jan 2019 18:37:18 +0000 (19:37 +0100)]
avcodec/tiff: Check for 12bit gray fax

Fixes: Assertion failure
Fixes: 11898/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5759794191794176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ec28a85107cccece4dce17c0ccb633defe2d6e98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()
Michael Niedermayer [Tue, 25 Dec 2018 22:15:20 +0000 (23:15 +0100)]
avutil/imgutils: Optimize memset_bytes() by using av_memcpy_backptr()

This is strongly based on code by Marton Balint, and depends on the previous commit

Fixes: Timeout
Fixes: 11502/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920
Before: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in 11209 ms
After:  Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WCMV_fuzzer-5664893810769920 in  4104 ms

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f64c0dffa13e6263de3fdff0058ab2fdb03ac1d6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavutil/mem: Optimize fill32() by unrolling and using 64bit
Michael Niedermayer [Thu, 17 Jan 2019 21:35:10 +0000 (22:35 +0100)]
avutil/mem: Optimize fill32() by unrolling and using 64bit

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 12b1338be376a3e5fb606d9fe41b58dc4a9e62c7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoconfigure: bump year
James Almer [Tue, 1 Jan 2019 18:26:31 +0000 (15:26 -0300)]
configure: bump year

Happy new year!

(cherry picked from commit 3209d7b3930bab554bf7d97d8041d9d0b88423a8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/tests/rangecoder: initialize array to avoid valgrind warning
Michael Niedermayer [Fri, 4 Jan 2019 01:46:29 +0000 (02:46 +0100)]
avcodec/tests/rangecoder: initialize array to avoid valgrind warning

Found-by: jamrial
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c15972f0af7679b466dd4a10a54ab2f04f9372c8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/gdv: Optimize and factorize scaling loops
Michael Niedermayer [Fri, 4 Jan 2019 18:51:04 +0000 (19:51 +0100)]
avcodec/gdv: Optimize and factorize scaling loops

Fixes: Timeout
Fixes: 11067/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5686623711264768

Before change: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5686623711264768 in 34386 ms
After  change: Executed clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_GDV_fuzzer-5686623711264768 in 24327 ms

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6e23736aefa83859fdb6faae4fd14c169f1a41ab)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/h264_slice: Fix integer overflow in implicit_weight_table()
Michael Niedermayer [Fri, 4 Jan 2019 19:00:38 +0000 (20:00 +0100)]
avcodec/h264_slice: Fix integer overflow in implicit_weight_table()

Fixes: signed integer overflow: 2 * 2132811760 cannot be represented in type 'int'
Fixes: 11156/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6237685933408256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 77e56d74f972537aecd5bc2c5c4111e1d6ad0963)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/exr: set layer_match in all branches
Michael Niedermayer [Tue, 25 Dec 2018 20:30:54 +0000 (21:30 +0100)]
avcodec/exr: set layer_match in all branches

Otherwise it is left to the value from the previous iteration

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 433d2ae4353f3c513a45780845d9d8ca252cd4dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/exr: Check for duplicate channel index
Michael Niedermayer [Tue, 25 Dec 2018 17:41:58 +0000 (18:41 +0100)]
avcodec/exr: Check for duplicate channel index

Fixes: Out of memory
Fixes: 11582/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5730204559867904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f9728feaf90eb7493f8872356f54150efafb59cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavfilter/vf_tonemap_opencl: Make static tables const
Michael Niedermayer [Mon, 31 Dec 2018 19:54:12 +0000 (20:54 +0100)]
avfilter/vf_tonemap_opencl: Make static tables const

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47c3a10b16f2721c7afa333869aafa8c007fb419)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agodoc/indevs: fix upto typo
Michael Niedermayer [Mon, 31 Dec 2018 19:45:17 +0000 (20:45 +0100)]
doc/indevs: fix upto typo

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b33de557470471fe5d3a07fb441ec3f548f1d50a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/4xm: Fix returned error codes
Michael Niedermayer [Mon, 31 Dec 2018 17:11:44 +0000 (18:11 +0100)]
avcodec/4xm: Fix returned error codes

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07607a1db879d0d96e2c91e1354bc4e425937d3a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/libopenmpt: Fix successfull typo
Michael Niedermayer [Fri, 28 Dec 2018 21:22:52 +0000 (22:22 +0100)]
avformat/libopenmpt: Fix successfull typo

Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 571af98a5959d72c65a6753eb8e82cde407f4cd0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/v4l2_m2m: fix cant typo
Michael Niedermayer [Fri, 28 Dec 2018 21:22:53 +0000 (22:22 +0100)]
avcodec/v4l2_m2m: fix cant typo

Reviewed-by: Lou Logan <lou@lrcd.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 062bf5639359e183e016bcb795ac10735f83e863)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mjpegbdec: Fix some misplaced {} and spaces
Michael Niedermayer [Fri, 28 Dec 2018 21:22:56 +0000 (22:22 +0100)]
avcodec/mjpegbdec: Fix some misplaced {} and spaces

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 11a8d2ccab1fe165eef4578c048d38731dbe1d6f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/wvdec: detect and error out on WavPack DSD files
David Bryant [Wed, 21 Nov 2018 05:00:47 +0000 (21:00 -0800)]
avformat/wvdec: detect and error out on WavPack DSD files

Not currently supported.

(cherry picked from commit db109373d87b1fa5fe9f3d027d1bb752f725b74a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa
gxw [Mon, 24 Dec 2018 06:07:44 +0000 (14:07 +0800)]
avcodec/mips: Fix failed case: hevc-conformance-AMP_A_Samsung_* when enable msa

The AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64, but the value is still 32
in function ff_hevc_sao_edge_filter_8_msa. So, use AV_INPUT_BUFFER_PADDING_SIZE directly.
Also, use MAX_PB_SIZE directly instead of 64. Fate tests passed.

Reviewed-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f652c7a45c60427db0a89fae665e63b546af6ebb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/fic: Fail on invalid slice size/off
Michael Niedermayer [Sun, 16 Dec 2018 20:43:07 +0000 (21:43 +0100)]
avcodec/fic: Fail on invalid slice size/off

Fixes: Timeout
Fixes: 11486/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-5677133863583744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 30a7a81cdc2ee2eac6d3271439c43f11b7327b3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/ilbcdec: fix integer overflow in energy
Michael Niedermayer [Sun, 9 Dec 2018 01:26:18 +0000 (02:26 +0100)]
avcodec/ilbcdec: fix integer overflow in energy

webrtc uses a int32_t like the existing code in ilbcdec

Fixes: signed integer overflow: 2080245063 + 257939661 cannot be represented in type 'int'
Fixes: 11037/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-5682976612941824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fbf409cd91aca2b4738c6b5bc963ae6041f26701)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agopostproc/postprocess_template: remove FF_REG_sp from clobber list
Michael Niedermayer [Thu, 20 Dec 2018 21:40:06 +0000 (22:40 +0100)]
postproc/postprocess_template: remove FF_REG_sp from clobber list

Future gcc may no longer support this

Tested-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c1cbeb87db4bfc6e281e4254a6c7fdd3854fc9b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agopostproc/postprocess_template: Avoid using %4 for the threshold compare
Michael Niedermayer [Thu, 20 Dec 2018 21:40:05 +0000 (22:40 +0100)]
postproc/postprocess_template: Avoid using %4 for the threshold compare

This avoids problems if %4 is the stack pointer
the constraints do not allow %4 to be the stack pointer but gcc 9 may
no longer support specifying such constraints

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4325527e1c4fd2da119e81933172065ee1274eda)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agolibavformat/mov: Fix NULL-dereference read for some encrypted content.
Jacob Trimble [Thu, 20 Dec 2018 00:00:22 +0000 (16:00 -0800)]
libavformat/mov: Fix NULL-dereference read for some encrypted content.

When reading frames, we need to use the fragment for the correct
stream.  Sometimes the "current" fragment is not the same as the one
the frame is for.

Found by Chromium's ClusterFuzz:
https://crbug.com/906392 and https://crbug.com/915524

Signed-off-by: Jacob Trimble <modmaker@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 555f332e7adbd492ca74fa7329c492819b52e2ed)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rpza: Check that there is enough data for all the blocks
Michael Niedermayer [Sun, 16 Dec 2018 18:13:27 +0000 (19:13 +0100)]
avcodec/rpza: Check that there is enough data for all the blocks

Fixes: Timeout
Fixes: 11547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RPZA_fuzzer-5678435842654208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit e63517e00a1a8375c7fb3b8c4c64c9a7c3da713e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rpza: Move frame allocation to a later point
Michael Niedermayer [Sun, 16 Dec 2018 18:04:56 +0000 (19:04 +0100)]
avcodec/rpza: Move frame allocation to a later point

This will allow performing some fast checks before the slow allocation

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8a708aa99cb0e8d76e52117b1fd89d221f0055e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID
Michael Niedermayer [Fri, 7 Dec 2018 20:52:30 +0000 (21:52 +0100)]
avcodec/avcodec: Document the data type for AV_PKT_DATA_MPEGTS_STREAM_ID

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 68e011e4103b9cb5ac2d152d73ca8393065a33fb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/mpegts: Fix side data type for stream id
Michael Niedermayer [Fri, 7 Dec 2018 20:51:48 +0000 (21:51 +0100)]
avformat/mpegts: Fix side data type for stream id

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ab1319d82f0c77308792fa2d88cbfc73c3e47cb7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agotests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb
Michael Niedermayer [Thu, 6 Dec 2018 20:51:22 +0000 (21:51 +0100)]
tests/fate/filter-video: increase fuzz for fate-filter-refcmp-psnr-rgb

Fixes: test failure on powerpc

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f8f762c300e29d80ece363edc08e137b371d909f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()
Michael Niedermayer [Tue, 18 Dec 2018 13:27:48 +0000 (14:27 +0100)]
avcodec/mjpegdec: Fix indention of ljpeg_decode_yuv_scan()

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ea30ac1e408246382796f61d645d1e087aed390a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agolavf/id3v2: fail read_apic on EOF reading mimetype
chcunningham [Fri, 14 Dec 2018 21:44:07 +0000 (13:44 -0800)]
lavf/id3v2: fail read_apic on EOF reading mimetype

avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rasc: Check that the number of moves is less than or equal the number of...
Michael Niedermayer [Fri, 14 Dec 2018 23:10:17 +0000 (00:10 +0100)]
avcodec/rasc: Check that the number of moves is less than or equal the number of pixels

Fixes: OOM
Fixes: 10307/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5393974559244288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 092cb17983b2660b4e050a05c739060f8e03d27a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavformat/nutenc: Document trailer index assert better
Michael Niedermayer [Fri, 14 Dec 2018 20:52:09 +0000 (21:52 +0100)]
avformat/nutenc: Document trailer index assert better

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3a95b73abc868995b08ca2b4d8bbf2cda43184f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agolavf/mov: ensure only one tkhd per trak
chcunningham [Thu, 13 Dec 2018 21:58:40 +0000 (13:58 -0800)]
lavf/mov: ensure only one tkhd per trak

Chromium fuzzing produced a whacky file with extra tkhds. This caused
an AVStream that was already in use to be corrupted by assigning it a
new id, which blows up later in mov_read_trun because the
MOVFragmentStreamInfo.index_entry now points OOB.

Reviewed-by: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c9f7b6f7a9fdffa0ab8f3aa84a1f701cf5b3a6e9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/clearvideo: Check remaining input bits in P macro block loop
Michael Niedermayer [Thu, 6 Dec 2018 00:19:37 +0000 (01:19 +0100)]
avcodec/clearvideo: Check remaining input bits in P macro block loop

Fixes: Timeout
Fixes: 11083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5657180351496192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7aaab127bebb33003105a620736d6cae8c45a6e5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/rasc: Check input space before reading chunk
Michael Niedermayer [Wed, 5 Dec 2018 01:18:51 +0000 (02:18 +0100)]
avcodec/rasc: Check input space before reading chunk

Fixes: Timeout
Fixes: 11118/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RASC_fuzzer-5652564066959360

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 52ba824c65817c1db6aad41c470dde7162252036)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/dxv: Check that there is enough data to decompress
Michael Niedermayer [Sat, 1 Dec 2018 20:41:01 +0000 (21:41 +0100)]
avcodec/dxv: Check that there is enough data to decompress

Fixes: Timeout
Fixes: 10979/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_fuzzer-6178582203203584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2bc3811c0d6b34e43a55a7541722761f548628d0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable...
Michael Niedermayer [Tue, 4 Dec 2018 15:29:40 +0000 (16:29 +0100)]
avcodec/ppc/hevcdsp: Fix build failures with powerpc-linux-gnu-gcc-4.8 with --disable-optimizations

The affected functions could also be changed into macros, this is the
smaller change to fix it though. And avoids (probably) less readable macros
The extra code should be optimized out when optimizations are done as all values
are known at build after inlining.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2c64a6bcd280c64997e6c4799bc89c0a9393bbf3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/msvideo1: Check for too small dimensions
Michael Niedermayer [Sat, 1 Dec 2018 21:16:19 +0000 (22:16 +0100)]
avcodec/msvideo1: Check for too small dimensions

Such low resolution would result in empty output as a minimum of 4x4 is needed
We could also check for multiple of 4 dimensions but that is not needed

Fixes: Timeout
Fixes: 11191/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSVIDEO1_fuzzer-5739529588178944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 953bd58861ad933e614510140b05a61e3d1375be)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size
Michael Niedermayer [Tue, 27 Nov 2018 22:37:03 +0000 (23:37 +0100)]
avcodec/wmv2dec: Skip I frame if its smaller than 1/8 of the minimal size

Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.

Fixes: Timeout
Fixes: 11168/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5733782032744448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d6f4341522c3eafb046c47b115d79ce684a899fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size
Michael Niedermayer [Thu, 29 Nov 2018 01:32:10 +0000 (02:32 +0100)]
avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size

Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.

Fixes: Timeout
Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 09ec182864d41c990bc18f620eabb77444aeff57)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/truemotion2rt: Fix rounding in input size check
Michael Niedermayer [Sat, 17 Nov 2018 08:24:30 +0000 (09:24 +0100)]
avcodec/truemotion2rt: Fix rounding in input size check

Fixes: Timeout
Fixes: 11332/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2RT_fuzzer-5678456612847616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7f22a4ebc97817fd0968f5ea8295c9a59a6292e0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/diracdec: Check component quant
Michael Niedermayer [Wed, 14 Nov 2018 08:42:44 +0000 (09:42 +0100)]
avcodec/diracdec: Check component quant

Fixes: Timeout
Fixes: 10708/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5730140957442048

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 28c96c2ce2781c2cd147a9f3c299e18ce1dc7ff8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/tiff: Limit filtering to decoded data
Michael Niedermayer [Fri, 23 Nov 2018 01:33:04 +0000 (02:33 +0100)]
avcodec/tiff: Limit filtering to decoded data

Fixes: Timeout
Fixes: 11068/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5698456681709568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 90ac0e5f29ba4730cd92d3268938b3730823e52b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/truemotion2: fix integer overflows in tm2_low_chroma()
Michael Niedermayer [Fri, 16 Nov 2018 23:38:53 +0000 (00:38 +0100)]
avcodec/truemotion2: fix integer overflows in tm2_low_chroma()

Fixes: 11295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-4888953459572736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2ae39d795613f3c6925c59852b625029b747fe42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/pngdec: Check compression method
Michael Niedermayer [Fri, 9 Nov 2018 02:12:45 +0000 (03:12 +0100)]
avcodec/pngdec: Check compression method

method 0 (inflate/deflate) is the only specified in the specification and the only supported

Fixes: Timeout
Fixes: 10976/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-5729372588736512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1f99674ddddcc33f4c37def0a206e31ad7c4c1af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agofftools/ffmpeg: Repair reinit_filter feature
Michael Niedermayer [Tue, 13 Nov 2018 19:29:40 +0000 (20:29 +0100)]
fftools/ffmpeg: Repair reinit_filter feature

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 35040048793bc5d19942277fe17d1235e915a7d8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/shorten: Fix integer overflow with offset
Michael Niedermayer [Fri, 9 Nov 2018 18:59:27 +0000 (19:59 +0100)]
avcodec/shorten: Fix integer overflow with offset

Fixes: signed integer overflow: -1625810908 - 582229060 cannot be represented in type 'int'
Fixes: 10977/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5732602018267136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2f888771cd1ce8d68d4b18a1009650c1f260aaf2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavcodec/imm4: Use ff_set_dimensions()
Michael Niedermayer [Fri, 9 Nov 2018 22:07:23 +0000 (23:07 +0100)]
avcodec/imm4: Use ff_set_dimensions()

Fixes: Out of memory
Fixes: 10970/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IMM4_fuzzer-5698750043914240

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c305e134ce23b46a1164527ade3e1b7e2ecedf5f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoh264_redundant_pps: Fix logging context
Andreas Rheinhardt [Fri, 9 Nov 2018 05:31:38 +0000 (06:31 +0100)]
h264_redundant_pps: Fix logging context

The first element of H264RedundantPPSContext is not a pointer to an
AVClass as required.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6dafcb6fdb6271d35220b889833561705c2b366f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
7 months agoavfilter/af_asetnsamples: fix last frame props
Marton Balint [Tue, 25 Dec 2018 21:26:18 +0000 (22:26 +0100)]
avfilter/af_asetnsamples: fix last frame props

Frame properties were not copied, so e.g. PTS was not set for the last frame.

Regression since ef3babb2c70f564dc1634b3f29c6e35a2b2dc239.

Signed-off-by: Marton Balint <cus@passwd.hu>
(cherry picked from commit f9e947845f9ac5ccb84cf5e6f4121ec2e23b9946)

8 months agocbs_av1: Fix reading of overlong uvlc codes
Mark Thompson [Sun, 2 Dec 2018 20:49:24 +0000 (20:49 +0000)]
cbs_av1: Fix reading of overlong uvlc codes

The specification allows 2^32-1 to be encoded as any number of zeroes
greater than 31, followed by a one.  This previously failed because the
trace code would overflow the array containing the string representation
of the bits if there were more than 63 zeroes.  Fix that by splitting the
trace output into batches, and at the same time move it out of the default
path.

(While this seems likely to be a specification error, libaom does support
it so we probably should as well.)

From a test case by keval shah <skeval65@gmail.com>.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b97a4b658814b2de8b9f2a3bce491c002d34de31)