ffmpeg.git
6 weeks agoconfigure: cuda_llvm: fix include path for MSYS2 n4.2
Ricardo Constantino [Mon, 5 Aug 2019 19:47:03 +0000 (20:47 +0100)]
configure: cuda_llvm: fix include path for MSYS2

MSYS2 converts paths to MinGW-based applications from unix to
pseudo-windows paths on execution time.
Since there was no space between '-include' and the path, MSYS2 doesn't
detect the path properly.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
6 weeks agoavformat/dashenc: fix writing the AV1 codec string in mp4 mode
James Almer [Tue, 30 Jul 2019 16:21:46 +0000 (13:21 -0300)]
avformat/dashenc: fix writing the AV1 codec string in mp4 mode

From https://aomediacodec.github.io/av1-isobmff/#codecsparam, the parameters
sample entry 4CC, profile, level, tier, and bitDepth are all mandatory fields.
All the other fields are optional, mutually inclusive (all or none).

Fixes ticket #8049

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 1cf2f040e34bbfedde60ff3d91b2f7b770aca85b)

6 weeks agoavformat/dashenc: update stream extradata from packet side data
James Almer [Tue, 30 Jul 2019 18:08:36 +0000 (15:08 -0300)]
avformat/dashenc: update stream extradata from packet side data

codecpar->extradata is not going to change between packets. New extradata
is instead propagated using packet side data.

Use ff_alloc_extradata() as well.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit ce6a98e8306105b07bd7653f4f10c23fd75914ee)

6 weeks agoavformat/av1: combine high_bitdepth and twelve_bit into a single bitdepth value
James Almer [Tue, 30 Jul 2019 14:55:26 +0000 (11:55 -0300)]
avformat/av1: combine high_bitdepth and twelve_bit into a single bitdepth value

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 9a44ec94100a647df6920c65cccdd605a2e6865b)

6 weeks agoavformat/av1: rename some AV1SequenceParameters fields
James Almer [Tue, 30 Jul 2019 14:48:38 +0000 (11:48 -0300)]
avformat/av1: rename some AV1SequenceParameters fields

Cosmetic change.

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0d597a69bad6e98d088f4c17989abd6a6a34084d)

6 weeks agoavformat/av1: split off sequence header parsing from the av1C writing function
James Almer [Tue, 30 Jul 2019 15:08:44 +0000 (12:08 -0300)]
avformat/av1: split off sequence header parsing from the av1C writing function

It will be used by the dash muxer

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 68e48e5d97c102ea02c86e2922f3b8b42ffad07d)

6 weeks agoavformat/av1: add color config values to AV1SequenceParameters
James Almer [Tue, 30 Jul 2019 14:43:02 +0000 (11:43 -0300)]
avformat/av1: add color config values to AV1SequenceParameters

Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit 0c7cfd2c1919e5caaa138559d8f05e79447181aa)

6 weeks agolibavcodec/iff: Use unsigned to avoid undefined behaviour
Andreas Rheinhardt [Fri, 2 Aug 2019 20:29:16 +0000 (22:29 +0200)]
libavcodec/iff: Use unsigned to avoid undefined behaviour

The initialization of the uint32_t plane32_lut matrix uses left shifts
of the form 1 << plane; plane can be as big as 31 which means that this
is undefined behaviour as 1 will be simply an int. So make it unsigned
to avoid this.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f12e662a3d3f489eec887b5f2ab20a550caed9cf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/alsdec: Check for block_length <= 0 in read_var_block_data()
Michael Niedermayer [Fri, 26 Jul 2019 13:26:08 +0000 (15:26 +0200)]
avcodec/alsdec: Check for block_length <= 0 in read_var_block_data()

Fixes: left shift of negative value -1
Fixes: 15719/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5685731105701888

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit be4fb282f9fb00d9c267dcc477745e2e468e758f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vqavideo: Set video size
Michael Niedermayer [Thu, 25 Jul 2019 22:35:32 +0000 (00:35 +0200)]
avcodec/vqavideo: Set video size

Fixes: out of array access
Fixes: 15919/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VQA_fuzzer-5657368257363968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 02f909dc24b1f05cfbba75077c7707b905e63cd2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/sanm: Check extradata_size before allocations
Michael Niedermayer [Mon, 15 Jul 2019 21:26:05 +0000 (23:26 +0200)]
avcodec/sanm: Check extradata_size before allocations

Fixes: Leaks
Fixes: 15349/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5102530557640704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 172a43ce36e671fdab63afe1c06876bba91445b3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/mss1: check for overread and forward errors
Michael Niedermayer [Fri, 2 Aug 2019 22:29:48 +0000 (00:29 +0200)]
avcodec/mss1: check for overread and forward errors

Fixes: Timeout (106sec -> 14ms)
Fixes: 15576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS1_fuzzer-5688080461201408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 43015afd7ce9055f1fa2d7648c3fcd9b7cfd7721)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/loco: Check for end of input in pixel decode
Michael Niedermayer [Fri, 2 Aug 2019 20:14:22 +0000 (22:14 +0200)]
avcodec/loco: Check for end of input in pixel decode

Fixes: Timeout (100sec -> 5sec)
Fixes: 15509/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5724297261219840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8305a4509af2908d88bb623deb816fdaa8056c83)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/dirac_parser: Fix overflow in dts
Michael Niedermayer [Thu, 11 Jul 2019 21:23:07 +0000 (23:23 +0200)]
avcodec/dirac_parser: Fix overflow in dts

Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Fixes: 15568/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-5634719611355136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 549fcba8fc83330763ccd3cc67233037c96bc6d9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/ralf: Fix undefined pointer in decode_channel()
Michael Niedermayer [Sun, 4 Aug 2019 15:25:55 +0000 (17:25 +0200)]
avcodec/ralf: Fix undefined pointer in decode_channel()

Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 3c06ba171697b665ef4b2b47fe0008199b3eff86)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/ralf: Fix integer overflow in apply_lpc()
Michael Niedermayer [Sun, 4 Aug 2019 15:20:45 +0000 (17:20 +0200)]
avcodec/ralf: Fix integer overflow in apply_lpc()

Fixes: signed integer overflow: 1603085316 + 1238786562 cannot be represented in type 'int'
Fixes: 16203/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RALF_fuzzer-5086088934195200

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ccca484324e04dff4cb81d0f9018ae828e6b5c89)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vorbisdec: Implement vr->classifications = 1
Michael Niedermayer [Sun, 4 Aug 2019 15:10:18 +0000 (17:10 +0200)]
avcodec/vorbisdec: Implement vr->classifications = 1

It appears no valid file uses this, so this is not testable with
a valid file.

Fixes: assertion failure
Fixes: 16187/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5638880618872832

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5a5f12e3b3f2177ede5839ff4141228666b8436f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide
Michael Niedermayer [Sun, 4 Aug 2019 10:28:55 +0000 (12:28 +0200)]
avcodec/vorbisdec: Check parameters in vorbis_floor0_decode() before divide

Fixes: division by zero
Fixes: 16183/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5688966782648320

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit aecc9b96d613f54d772e9475738bb54e0e1f182e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/realtextdec: Check for duplicate extradata in realtext_read_header()
Michael Niedermayer [Sun, 4 Aug 2019 10:21:51 +0000 (12:21 +0200)]
avformat/realtextdec: Check for duplicate extradata in realtext_read_header()

Fixes: memleak
Fixes: 16140/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5684008052064256

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 652ea23cb34bc59b38c0088865600e2b86079815)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: Fix memleak of AVIOContext in track_header()
Michael Niedermayer [Sun, 4 Aug 2019 10:13:21 +0000 (12:13 +0200)]
avformat/vividas: Fix memleak of AVIOContext in track_header()

Fixes: memleak
Fixes: 16127/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5649290914955264

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 76133d7c8bfe19833e1973849eabe6a78913e4aa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/cbs_av1_syntax_template: Check ref_frame_idx before use
Michael Niedermayer [Sun, 4 Aug 2019 07:51:26 +0000 (09:51 +0200)]
avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use

Fixes: index -1 out of bounds for type 'AV1ReferenceFrameState [8]'
Fixes: 16079/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5758807440883712

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
See: [FFmpeg-devel] [PATCH 05/13] avcodec/cbs_av1_syntax_template: Check ref_frame_idx before use
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8174e5c77d8a94b57b6b1bcbb90728cf8b08ab6b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/apedec: Fix 2 signed overflows
Michael Niedermayer [Sun, 4 Aug 2019 07:46:34 +0000 (09:46 +0200)]
avcodec/apedec: Fix 2 signed overflows

Fixes: left shift of 1073741824 by 1 places cannot be represented in type 'int'
Fixes: signed integer overflow: 2049431315 + 262759074 cannot be represented in type 'int'
Fixes: 16012/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5719016003338240

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 392c028cd23d128f33d93b2159eed5de42f72b4d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/mss3: Check for the rac stream being invalid in rac_normalize()
Michael Niedermayer [Sun, 4 Aug 2019 07:33:45 +0000 (09:33 +0200)]
avcodec/mss3: Check for the rac stream being invalid in rac_normalize()

Fixes: out of array read
Fixes: 15982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSA1_fuzzer-5630676251967488

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 99a172f3f4d0bef024c6293f575caaaddce0b267)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vc1_block: Check get_vlc2() return before use
Michael Niedermayer [Sun, 4 Aug 2019 06:32:58 +0000 (08:32 +0200)]
avcodec/vc1_block: Check get_vlc2() return before use

Fixes: index -1 out of bounds for type 'const uint8_t [185][2]'
Fixes: 15720/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS2_fuzzer-5666071933091840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2cb1f797350875ec45cb20d59dc0684fcbac20fc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/apedec: Do not partially clear data array
Michael Niedermayer [Sun, 4 Aug 2019 06:26:40 +0000 (08:26 +0200)]
avcodec/apedec: Do not partially clear data array

Fixes: Assertion failure and memleak
Fixes: 15709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5182435093905408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e4b522c9146b9c14579ae7381fb1043b7423578)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/atrac9dec: Check grad_range[1] more tightly
Michael Niedermayer [Sat, 3 Aug 2019 22:45:20 +0000 (00:45 +0200)]
avcodec/atrac9dec: Check grad_range[1] more tightly

Alternatively the array could be made bigger but the extra values
would not be read without other changes.

Fixes: Out of array access
Fixes: 15658/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5738260074070016

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Lynne <dev@lynne.ee>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 208225bd782207aaf2b380522f96fd4fe4dc3441)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agocompat/cuda: Change inclusion guards
Andreas Rheinhardt [Mon, 5 Aug 2019 01:09:41 +0000 (03:09 +0200)]
compat/cuda: Change inclusion guards

cuda_runtime.h as well as dynlink_loader.h used nonstandard inclusion
guards with an AV_ prefix, although these files are not in an libav*/
path. So change the inclusion guards and adapt the ref file of the
source fate test accordingly.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
6 weeks agoavcodec/hnm4video: Forward errors of decode_interframe_v4()
Michael Niedermayer [Fri, 2 Aug 2019 21:54:49 +0000 (23:54 +0200)]
avcodec/hnm4video: Forward errors of decode_interframe_v4()

Fixes: Timeout (108sec -> 160ms)
Fixes: 15570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HNM4_VIDEO_fuzzer-5085482213441536

Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9af8ce754b705c36ad4d2b6fd0f73f87ca4381c4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: Check that value from ffio_read_varlen() does not overflow
Michael Niedermayer [Sat, 20 Jul 2019 20:41:08 +0000 (22:41 +0200)]
avformat/vividas: Check that value from ffio_read_varlen() does not overflow

Fixes: signed integer overflow: -1241665686 + -1340629419 cannot be represented in type 'int'
Fixes: 15922/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5692826442006528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 07357cd93355d553dde698933a8176dd48b98344)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: forward errors from track_header()
Michael Niedermayer [Sat, 20 Jul 2019 20:36:10 +0000 (22:36 +0200)]
avformat/vividas: forward errors from track_header()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8bac648359b78cd4aa02b5fc91c24a32cc3bddfa)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/clearvideo: fix invalid shift in tile size check
Michael Niedermayer [Sat, 13 Jul 2019 18:16:19 +0000 (20:16 +0200)]
avcodec/clearvideo: fix invalid shift in tile size check

Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15631/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CLEARVIDEO_fuzzer-5690110605000704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5dc94924d0fbdedba4356c21ec7de0347b8e4757)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: Check buffer size before allocation
Michael Niedermayer [Sat, 13 Jul 2019 17:57:21 +0000 (19:57 +0200)]
avformat/vividas: Check buffer size before allocation

Fixes: out of array access
Fixes: 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit c3ef24d9baf63f8c8794dfb2ef7192a64b586526)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/vividas: Check if extradata was read successfully
Michael Niedermayer [Sat, 13 Jul 2019 18:08:03 +0000 (20:08 +0200)]
avformat/vividas: Check if extradata was read successfully

Fixes: OOM
Fixes: 15575/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5654666781655040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8e41675e18682ee14a64acf6139d72d22ce669b6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vp3: Check for end of input in vp4_unpack_vlcs()
Michael Niedermayer [Fri, 2 Aug 2019 19:23:18 +0000 (21:23 +0200)]
avcodec/vp3: Check for end of input in vp4_unpack_vlcs()

Fixes: Timeout (too long -> 1sec)
Fixes: 15232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP3_fuzzer-5769583086010368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 58c7f419ce757c3c741d6071e0dafcba7d875567)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vp3: Check that theora is theora
Michael Niedermayer [Sun, 21 Jul 2019 22:41:06 +0000 (00:41 +0200)]
avcodec/vp3: Check that theora is theora

Theora is forced to be non zero if it is zero and a sample
is asked for, as suggested by reimar

Fixes: Timeout (2min -> 600ms)
Fixes: 15366/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-5737849938247680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b4bf7226aff28e9ca379c5a3dedf745a2d316739)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vc1_pred: Fix invalid shift in scaleforsame()
Michael Niedermayer [Wed, 10 Jul 2019 21:27:19 +0000 (23:27 +0200)]
avcodec/vc1_pred: Fix invalid shift in scaleforsame()

Fixes: left shift of negative value -1
Fixes: 15531/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5759556258365440

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6dfda35dd29d2e2a86554d2c05d957a09ab79b0c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()
Michael Niedermayer [Thu, 4 Jul 2019 21:13:13 +0000 (23:13 +0200)]
avcodec/vc1_block: Fix integer overflow in ff_vc1_pred_dc()

Fixes: signed integer overflow: 32796 * 65536 cannot be represented in type 'int'
Fixes: 15430/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5735424087031808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f31ed8f3b00ec7afe87092798bf0b397f6e19ed5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/truemotion2: Fix several integer overflows in tm2_motion_block()
Michael Niedermayer [Mon, 8 Jul 2019 21:00:09 +0000 (23:00 +0200)]
avcodec/truemotion2: Fix several integer overflows in tm2_motion_block()

Fixes: 15524/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5173148372172800
Fixes: signed integer overflow: 13701388 - -2134868270 cannot be represented in type 'int'

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9a353ea8766206bd302f3f12ca1d226237542908)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/apedec: make left/right unsigned to avoid undefined behavior
Michael Niedermayer [Tue, 2 Jul 2019 10:13:19 +0000 (12:13 +0200)]
avcodec/apedec: make left/right unsigned to avoid undefined behavior

Fixes: signed integer overflow: 755176387 + 1515360583 cannot be represented in type 'int'
Fixes: 15506/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5706859232624640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit bf778af1493b0814696307432763246fb53c75e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800()
Michael Niedermayer [Sun, 16 Jun 2019 09:39:15 +0000 (11:39 +0200)]
avcodec/apedec: Fix multiple integer overflows and undefined behaviorin filter_3800()

Fixes: left shift of negative value -4
Fixes: signed integer overflow: -15091694 * 167 cannot be represented in type 'int'
Fixes: signed integer overflow: 1898547155 + 453967445 cannot be represented in type 'int'
Fixes: 15258/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5759095564402688
Fixes: signed integer overflow: 962196438 * 31 cannot be represented in type 'int'
Fixes: 15364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718799845687296

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 267eb2ab7f87696e1a156ca9a5ff1b1628d170c1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavformat/mpc: deallocate frames array on errors
Michael Niedermayer [Wed, 24 Jul 2019 21:11:50 +0000 (23:11 +0200)]
avformat/mpc: deallocate frames array on errors

Fixes: memleak on error path
Fixes: 15984/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5679918412726272

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit da5039415c2bd625085d15e6c92e0b64eefddcbf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/eatqi: Check for minimum frame size
Michael Niedermayer [Sun, 28 Jul 2019 20:29:57 +0000 (22:29 +0200)]
avcodec/eatqi: Check for minimum frame size

The minimum header is 8 bytes, the smallest bitstream that is passed to
the MB decode code is 4 bytes

Fixes: Timeout (35sec -> 18sec)
Fixes: 15800/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATQI_fuzzer-5684154517159936

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 5ffb8e879389fb0642654e3233cfeca1f9841e52)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/eatgv: Check remaining size after the keyframe header
Michael Niedermayer [Sun, 28 Jul 2019 19:09:14 +0000 (21:09 +0200)]
avcodec/eatgv: Check remaining size after the keyframe header

The minimal size which unpack() will not fail on is 5 bytes
Fixes: Timeout (14sec -> 77ms) (testcase 15508)
Fixes: 15508/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5700053513011200
Fixes: 15996/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EATGV_fuzzer-5751353223151616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 009ec8dc3345353b1cd2316423918533fcb89552)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/assdec: undefined use of memcpy()
Michael Niedermayer [Wed, 24 Jul 2019 20:55:15 +0000 (22:55 +0200)]
avcodec/assdec: undefined use of memcpy()

Fixes: null pointer passed as argument 2, which is declared to never be null
Fixes: 16008/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SSA_fuzzer-5650582821404672 (this is a separate issue found in this testcase)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 47b6ca0b022a413e392707464f2423795aa89bfb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/brenderpix: Check input size before allocating image
Michael Niedermayer [Fri, 26 Jul 2019 12:16:16 +0000 (14:16 +0200)]
avcodec/brenderpix: Check input size before allocating image

An incomplete image is not supported prior to this and will
not produce any output. This commit moves the failure before
time consuming operations.

Fixes: Timeout (81sec -> 76ms)
Fixes: 15723/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BRENDER_PIX_fuzzer-5147265653538816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 38b6c48c4300343f4703019a90a332773e64e11b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agolafv/wavdec: Fail bext parsing on incomplete reads
Matt Wolenetz [Thu, 25 Jul 2019 22:54:49 +0000 (15:54 -0700)]
lafv/wavdec: Fail bext parsing on incomplete reads

avio_read can successfully return even when less than the requested
amount of input was read. wavdec's bext parsing mistakenly assumed a
successful avio_read always read the full amount that was requested.
The result could be dictionary tags populated with partially
uninitialized values.

This change also fixes a broken assertion in wav_parse_bext_string that
was off-by-one, though no known current usage of that method hits that
broken case.

Chromium bug: 987270

Signed-off-by: Matt Wolenetz <wolenetz@chromium.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 052d41377a02f480f8e7135c0f7d418e9a405215)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agoavcodec/utils: fix leak of subtitle_header on error path
Michael Niedermayer [Thu, 4 Jul 2019 21:39:23 +0000 (23:39 +0200)]
avcodec/utils: fix leak of subtitle_header on error path

Fixes: memleak
Fixes: 15528/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_STL_fuzzer-5735993371525120
Fixes: 15792/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SAMI_fuzzer-5737754232619008
Fixes: 16008/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SSA_fuzzer-5650582821404672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 923d5c489fd4ffd0b9dbfdc6c14f594bd134ab47)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
6 weeks agobuild: add support for building CUDA files with clang
Rodger Combs [Tue, 30 Jul 2019 07:51:42 +0000 (02:51 -0500)]
build: add support for building CUDA files with clang

This avoids using the CUDA SDK at all; instead, we provide a minimal
reimplementation of the basic functionality that lavfi actually uses.
It generates very similar code to what NVCC produces.

The header contains no implementation code derived from the SDK.
The function and type declarations are derived from the SDK only to the
extent required to build a compatible implementation. This is generally
accepted to qualify as fair use.

Because this option does not require the proprietary SDK, it does not require
the "--enable-nonfree" flag in configure.

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
6 weeks agoavcodec/h263dec: enable nvdec hwaccel
Stefan Schoenefeld [Fri, 2 Aug 2019 09:18:10 +0000 (09:18 +0000)]
avcodec/h263dec: enable nvdec hwaccel

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
6 weeks agoavcodec/h263dec: fix hwaccel decoding
Stefan Schoenefeld [Fri, 2 Aug 2019 09:18:10 +0000 (09:18 +0000)]
avcodec/h263dec: fix hwaccel decoding

Recently we encountered an issue when decoding a h.263 file:

FFmpeg will freeze when decoding h.263 video with NVDEC. Turns out this is not directly related to NVDEC but is a problem that shows with several other HW decoders like VDPAU, though the exact kind of error is different (either error messages or freezing[1]). The root cause is that ff_thread_finish_setup() is called twice per frame from ff_h263_decode_frame(). This is not supported by ff_thread_finish_setup() and specifically checked for and warned against in the functions code. The issue is also specific to hw accelerated decoding only as the second call to ff_thread_finish_setup() is only issued when hw acceleration is on. The fix is simple: add a check that the first call is only send when hw acceleration is off, and the second call only when hw acceleration is on (see attached patch). This works fine as far as I was able to test with vdpau and nvdec/nvcuvid hw decoding. The patch also adds NVDEC to the hw config list if available.

I also noticed a secondary issue when browsing through the code which is that, according to documentation, ff_thread_finish_setup() should only be called if the codec implements update_thread_context(), which h263dec does not. The patch does not address this and I'm not sure any action needs to be taken here at all.

[1] This is depending on whether or not the hw decoder sets the  HWACCEL_CAPS_ASYNC_SAFE flag

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
7 weeks agolavfi/vf_thumbnail_cuda: fix operator precedence bug
Rodger Combs [Tue, 30 Jul 2019 07:51:43 +0000 (02:51 -0500)]
lavfi/vf_thumbnail_cuda: fix operator precedence bug

Discovered via a warning when building with clang

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
8 weeks agoavcodec/mediacodec_wrapper: remove unused local variables in ff_AMediaCodec_getCodecN...
Matthieu Bouron [Fri, 26 Apr 2019 08:32:31 +0000 (10:32 +0200)]
avcodec/mediacodec_wrapper: remove unused local variables in ff_AMediaCodec_getCodecNameByType()

(cherry picked from commit 817235b195f55746893629bd8e6fa3501ea7b38e)

8 weeks agoavcodec/mediacodec_wrapper: fix a potential local reference leak in ff_AMediaCodec_ge...
Matthieu Bouron [Thu, 25 Apr 2019 15:12:32 +0000 (17:12 +0200)]
avcodec/mediacodec_wrapper: fix a potential local reference leak in ff_AMediaCodec_getCodecNameByType()

(cherry picked from commit 3f232d713db3cb665c265387c7009904c2e85e58)

8 weeks agoavcodec/mediacodec_wrapper: fix a local reference leak in ff_AMediaCodec_getName()
Matthieu Bouron [Thu, 25 Apr 2019 15:40:55 +0000 (17:40 +0200)]
avcodec/mediacodec_wrapper: fix a local reference leak in ff_AMediaCodec_getName()

(cherry picked from commit 9cb8875c165e6377a3eebdce9743c5579f131248)

8 weeks agoavcodec/mediacodec_wrapper: add missing "avcodec.h" include
Matthieu Bouron [Mon, 29 Apr 2019 09:24:37 +0000 (11:24 +0200)]
avcodec/mediacodec_wrapper: add missing "avcodec.h" include

(cherry picked from commit 6251ad89a77566254b934fbf95159d66e29328a8)

8 weeks agoavformat/mxfenc: fix index byte count in partition header
Baptiste Coudurier [Thu, 18 Jul 2019 17:35:00 +0000 (10:35 -0700)]
avformat/mxfenc: fix index byte count in partition header

(cherry picked from commit 9e24b98b15cbec1e0212d909ad29c746e1d1738b)

2 months agoUpdate for version 4.2
Michael Niedermayer [Sun, 21 Jul 2019 16:47:16 +0000 (18:47 +0200)]
Update for version 4.2

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoRELEASE_NOTES: Based on the version from 4.1
Michael Niedermayer [Fri, 2 Nov 2018 00:36:21 +0000 (01:36 +0100)]
RELEASE_NOTES: Based on the version from 4.1

Name suggested by Reto Kromer and Bodecs Bela

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoBump minor versions to separate 4.2 from master
Michael Niedermayer [Sun, 21 Jul 2019 16:31:20 +0000 (18:31 +0200)]
Bump minor versions to separate 4.2 from master

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoChangelog: Add 4.2 cut marker
Michael Niedermayer [Sun, 21 Jul 2019 16:25:21 +0000 (18:25 +0200)]
Changelog: Add 4.2 cut marker

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agodoc/APIchanges: Fill in missing Fields, add 4.2 cut marker
Michael Niedermayer [Sun, 21 Jul 2019 16:24:06 +0000 (18:24 +0200)]
doc/APIchanges: Fill in missing Fields, add 4.2 cut marker

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/utils: Check close before calling it
Michael Niedermayer [Sat, 20 Jul 2019 22:08:55 +0000 (00:08 +0200)]
avcodec/utils: Check close before calling it

Fixes: NULL pointer dereference
Fixes: 15733/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IDF_fuzzer-5658616977162240

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agotools/target_dec_fuzzer: Free parser in case of avcodec_open2() failure
Michael Niedermayer [Sun, 7 Jul 2019 20:50:42 +0000 (22:50 +0200)]
tools/target_dec_fuzzer: Free parser in case of avcodec_open2() failure

Fixes: memleak
Fixes: part of 15529/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVPX_VP8_fuzzer-5140143700180992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vorbisdec: Check vlc for floor0 dec vector offset
Michael Niedermayer [Sun, 7 Jul 2019 21:23:53 +0000 (23:23 +0200)]
avcodec/vorbisdec: Check vlc for floor0 dec vector offset

Fixes: out of array access
Fixes: 15649/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5729191309344768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/vorbisdec: amplitude bits can be more than 25 bits
Michael Niedermayer [Sun, 7 Jul 2019 21:16:12 +0000 (23:16 +0200)]
avcodec/vorbisdec: amplitude bits can be more than 25 bits

Fixes: assertion failure, invalid shift
Fixes: 15583/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VORBIS_fuzzer-5640157484548096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavutil/softfloat_ieee754: Fix odd bit position for exponent and sign in av_bits2sf_ie...
Michael Niedermayer [Sun, 7 Jul 2019 12:47:58 +0000 (14:47 +0200)]
avutil/softfloat_ieee754: Fix odd bit position for exponent and sign in av_bits2sf_ieee754()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: fix undefined shift in multiply()
Michael Niedermayer [Sat, 6 Jul 2019 22:03:51 +0000 (00:03 +0200)]
avcodec/alsdec: fix undefined shift in multiply()

Fixes: left shift of negative value -6
Fixes: 15564/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5701655938465792

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/alsdec: Fix 2 integer overflows
Michael Niedermayer [Sat, 6 Jul 2019 21:20:30 +0000 (23:20 +0200)]
avcodec/alsdec: Fix 2 integer overflows

Fixes: signed integer overflow: 1270564968 + 904828220 cannot be represented in type 'int'
Fixes: 15402/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5755426823471104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: Fix various integer overflows
Michael Niedermayer [Sun, 16 Jun 2019 09:32:10 +0000 (11:32 +0200)]
avcodec/apedec: Fix various integer overflows

Fixes: signed integer overflow: -538976267 * 31 cannot be represented in type 'int'
Fixes: left shift of 65312 by 16 places cannot be represented in type 'int'
Fixes: 15255/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5718831688843264
Fixes: 15547/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5691384901664768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/apedec: Fix multiple integer overflows in predictor_update_filter()
Michael Niedermayer [Sun, 16 Jun 2019 08:54:13 +0000 (10:54 +0200)]
avcodec/apedec: Fix multiple integer overflows in predictor_update_filter()

Fixes: signed integer overflow: -829262115 + -1410750414 cannot be represented in type 'int'
Fixes: 15251/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5651742252859392

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/flicvideo: Make line_packets int
Michael Niedermayer [Fri, 21 Jun 2019 21:01:04 +0000 (23:01 +0200)]
avcodec/flicvideo: Make line_packets int

Fixes: signed integer overflow: -32768 * 196032 cannot be represented in type 'int'
Fixes: 15300/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5733319519502336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agolavf/avio: remove ffio_open2_wrapper function
Jun Zhao [Sat, 13 Jul 2019 02:45:18 +0000 (10:45 +0800)]
lavf/avio: remove ffio_open2_wrapper function

Remove the function ffio_open2_wrapper, it's not being used anymore.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2 months agolavfi/showinfo: support regions of interest sidedata
Jun Zhao [Sat, 9 Mar 2019 07:55:38 +0000 (15:55 +0800)]
lavfi/showinfo: support regions of interest sidedata

support regions of interest sidedata

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
2 months agoavformat/aacdec: resync to the next adts frame on invalid data instead of aborting
James Almer [Sun, 21 Jul 2019 00:47:55 +0000 (21:47 -0300)]
avformat/aacdec: resync to the next adts frame on invalid data instead of aborting

Should fix ticket #6634

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavformat/aacdec: factorize the adts frame resync code
James Almer [Sat, 20 Jul 2019 13:13:08 +0000 (10:13 -0300)]
avformat/aacdec: factorize the adts frame resync code

Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavcodec/dvbsubdec: Use ff_set_dimensions()
Michael Niedermayer [Fri, 19 Jul 2019 22:07:59 +0000 (00:07 +0200)]
avcodec/dvbsubdec: Use ff_set_dimensions()

Fixes: signed integer overflow: 65313 * 65313 cannot be represented in type 'int'
Fixes: 15740/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DVBSUB_fuzzer-5641749164195840

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ffwavesynth: Check if there is enough extradata before allocation
Michael Niedermayer [Sun, 14 Jul 2019 22:35:49 +0000 (00:35 +0200)]
avcodec/ffwavesynth: Check if there is enough extradata before allocation

Fixes: OOM
Fixes: 15750/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5702090367696896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ffwavesynth: More correct cast in wavesynth_seek()
Michael Niedermayer [Sun, 14 Jul 2019 22:35:48 +0000 (00:35 +0200)]
avcodec/ffwavesynth: More correct cast in wavesynth_seek()

Fixes: signed integer overflow: 553590816 - -9223372036315799520 cannot be represented in type 'long'
Fixes: 15743/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5705835377852416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/ffwavesynth: Check sample rate before use
Michael Niedermayer [Sun, 14 Jul 2019 22:35:47 +0000 (00:35 +0200)]
avcodec/ffwavesynth: Check sample rate before use

Fixes: division by zero
Fixes: 15725/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5641231956180992

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Nicolas George <george@nsup.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/tak_parser: don't return error values
James Almer [Wed, 17 Jul 2019 22:22:00 +0000 (19:22 -0300)]
avcodec/tak_parser: don't return error values

The API does not allow it.

Also set poutbuf and poutbuf_size to NULL/0 on error.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
2 months agoavcodec/cbs_h265: add support for Alpha Channel Info SEI messages
James Almer [Fri, 21 Jun 2019 01:21:26 +0000 (22:21 -0300)]
avcodec/cbs_h265: add support for Alpha Channel Info SEI messages

As defined in sections F.14.2.8 and F.14.3.8

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: James Almer <jamrial@gmail.com>
2 months agocbs_h2645: Fix infinite loop in more_rbsp_data
Andreas Rheinhardt [Wed, 5 Jun 2019 02:18:54 +0000 (04:18 +0200)]
cbs_h2645: Fix infinite loop in more_rbsp_data

cbs_h2645_read_more_rbsp_data does not handle malformed input very well:
1. If there were <= 8 bits left in the bitreader, these bits were read
via show_bits. But show_bits requires the number of bits to be read to
be > 0 (internally it shifts by 32 - number of bits to be read which is
undefined behaviour if said number is zero; there is also an assert for
this, but it is only an av_assert2). Furthermore, in this case a shift
by -1 was performed which is of course undefined behaviour, too.
2. If there were > 0 and <= 8 bits left and all of them were zero
(this can only happen for defective input), it was reported that there
was further RBSP data.

This can lead to an infinite loop in H.265's cbs_h265_read_extension_data
corresponding to the [vsp]ps_extension_data_flag syntax elements. If the
relevant flag indicates the (potential) occurence of these syntax elements,
while all bits after this flag are zero, cbs_h2645_read_more_rbsp_data
always returns 1 on x86. Given that a checked bitstream reader is used,
we are also not "saved" by an overflow in the bitstream reader's index.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2 months agoavformat/mux: correct error msg for when BSF filtering fails
Gyan Doshi [Tue, 16 Jul 2019 12:36:42 +0000 (18:06 +0530)]
avformat/mux: correct error msg for when BSF filtering fails

2 months agoavcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv2
Michael Niedermayer [Sun, 7 Jul 2019 09:05:53 +0000 (11:05 +0200)]
avcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv2

Fixes: memleaks on error paths during init
Fixes: 15548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV2_fuzzer-6324019382452224

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv1
Michael Niedermayer [Sun, 7 Jul 2019 09:05:53 +0000 (11:05 +0200)]
avcodec/flashsv: add FF_CODEC_CAP_INIT_CLEANUP to flashsv1

Fixes: memleaks on error paths during init
Fixes: 15533/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLASHSV_fuzzer-5647977168764928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/utils: Check rfps_duration_sum for overflow
Michael Niedermayer [Thu, 4 Jul 2019 21:01:19 +0000 (23:01 +0200)]
avformat/utils: Check rfps_duration_sum for overflow

Fixes: signed integer overflow: 9151595917793558550 + 297519050751678697 cannot be represented in type 'long'
Fixes: 15496/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5722866475073536

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/agm: Fix overflow of signed shift
Michael Niedermayer [Sun, 30 Jun 2019 17:45:29 +0000 (19:45 +0200)]
avcodec/agm: Fix overflow of signed shift

Fixes: left shift of 1 by 31 places cannot be represented in type 'int'
Fixes: 15328/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5637545171353600

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/h264_refs: Also check reference in ff_h264_build_ref_list()
Michael Niedermayer [Sun, 30 Jun 2019 20:19:22 +0000 (22:19 +0200)]
avcodec/h264_refs: Also check reference in ff_h264_build_ref_list()

Fixes: out of array read
Fixes: 15409/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5758846959616000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/h264_cavlc: Fix integer overflows with motion vector residual addition
Michael Niedermayer [Wed, 26 Jun 2019 22:55:29 +0000 (00:55 +0200)]
avcodec/h264_cavlc: Fix integer overflows with motion vector residual addition

Fixes: signed integer overflow: 14 + 2147483647 cannot be represented in type 'int'
Fixes: 14794/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5677380695228416

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/atrac9dec: Check conditions before apply_band_extension() to avoid out of...
Michael Niedermayer [Sat, 15 Jun 2019 19:34:18 +0000 (21:34 +0200)]
avcodec/atrac9dec: Check conditions before apply_band_extension() to avoid out of array read in initialization of unused variables

Fixes: global-buffer-overflow
Fixes: 15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agotools/target_dem_fuzzer: ignore avformat_find_stream_info() failure
Michael Niedermayer [Thu, 13 Jun 2019 11:00:47 +0000 (13:00 +0200)]
tools/target_dem_fuzzer: ignore avformat_find_stream_info() failure

Such a failure should not be fatal and its worth testing this path too

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavutil/mips: refactor msa load and store macros.
Shiyou Yin [Wed, 17 Jul 2019 09:35:00 +0000 (17:35 +0800)]
avutil/mips: refactor msa load and store macros.

Replace STnxm_UB and LDnxm_SH with new macros ST_{H/W/D}{1/2/4/8}.
The old macros are difficult to use because they don't follow the same parameter passing rules.
Changing details as following:
1. remove LD4x4_SH.
2. replace ST2x4_UB with ST_H4.
3. replace ST4x2_UB with ST_W2.
4. replace ST4x4_UB with ST_W4.
5. replace ST4x8_UB with ST_W8.
6. replace ST6x4_UB with ST_W2 and ST_H2.
7. replace ST8x1_UB with ST_D1.
8. replace ST8x2_UB with ST_D2.
9. replace ST8x4_UB with ST_D4.
10. replace ST8x8_UB with ST_D8.
11. replace ST12x4_UB with ST_D4 and ST_W4.

Examples of new macro: ST_H4(in, idx0, idx1, idx2, idx3, pdst, stride)
ST_H4 store four half-word elements in vector 'in' to pdst with stride.
About the macro name:
1) 'ST' means store operation.
2) 'H/W/D' means type of vector element is 'half-word/word/double-word'.
3) Number '1/2/4/8' means how many elements will be stored.
About the macro parameter:
1) 'in0, in1...' 128-bits vector.
2) 'idx0, idx1...' elements index.
3) 'pdst' destination pointer to store to
4) 'stride' stride of each store operation.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/ifv: Check for EOF in read_index()
Michael Niedermayer [Wed, 17 Jul 2019 23:00:11 +0000 (01:00 +0200)]
avformat/ifv: Check for EOF in read_index()

Fixes: Timeout
Fixes: 15567/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5758451487080448

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agomatroskadec: Remove redundant const
Andreas Rheinhardt [Thu, 18 Jul 2019 19:07:20 +0000 (21:07 +0200)]
matroskadec: Remove redundant const

The typedef used to define EbmlSyntax already includes a const qualifier
so that it is unnecessary to include another const qualifier in future
definitions and declarations. Given that MSVC warns about this, this
commit removes these redundant const qualifiers.

Suggested-by: Hendrik Leppkes <h.leppkes@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2 months agomatroskadec: Add sizes to forward declarations
Andreas Rheinhardt [Wed, 17 Jul 2019 03:29:40 +0000 (05:29 +0200)]
matroskadec: Add sizes to forward declarations

Unknown-length elements end when an element not allowed in them, but
allowed at a higher level is encountered. In order to check for this,
c1abd95a added a pointer to every syntax level's parent to each
EbmlSyntax. Given that the parent must of course also reference the
child in order to be able to enter said child level, one needs to use
forward declarations.
These forward declarations constitute tentative definitions and tentative
definitions with internal linkage (like our syntaxes) must not be an
incomplete type. Yet they were an incomplete type and while GCC and
Clang did not even warn about this (on default warning levels), it
broke compilation with MSVC. Therefore this commit adds the sizes.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2 months agoavcodec/dnxhd_parser: Fix parser when input does not have nicely sized packets
Michael Niedermayer [Sat, 6 Jul 2019 09:51:09 +0000 (11:51 +0200)]
avcodec/dnxhd_parser: Fix parser when input does not have nicely sized packets

Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavformat/rawdec: Make the raw packet size configurable
Michael Niedermayer [Sat, 6 Jul 2019 09:32:48 +0000 (11:32 +0200)]
avformat/rawdec: Make the raw packet size configurable

This allows testing parsers with a wider range of input packet sizes.
Which is important and usefull for regression testing, some of our
parsers in fact to not work if the packet size is changed from 1024

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/dnxhd_parser: Optimize insufficient buf size case
Michael Niedermayer [Sat, 6 Jul 2019 07:52:50 +0000 (09:52 +0200)]
avcodec/dnxhd_parser: Optimize insufficient buf size case

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/dnxhd_parser: remove unneeded code
Michael Niedermayer [Sat, 6 Jul 2019 07:51:46 +0000 (09:51 +0200)]
avcodec/dnxhd_parser: remove unneeded code

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2 months agoavcodec/parser: Check next index validity in ff_combine_frame()
Michael Niedermayer [Sat, 6 Jul 2019 07:21:52 +0000 (09:21 +0200)]
avcodec/parser: Check next index validity in ff_combine_frame()

Fixes: out of array access
Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>