[FFmpeg-cvslog] lavc/utils: Make second parameter to apply_param_change() const.
ffmpeg | branch: master | Carl Eugen Hoyos | Fri Feb 24
02:18:23 2017 +0100| [560f5188c6243d99d8012961a0008f953e9d918e] | committer:
Carl Eugen Hoyos
lavc/utils: Make second parameter to apply_param_change() const.
Fixes a compilation warning:
passing argument 2 of ‘apply_param_change’ discards ‘const’ qualifier from
pointer target type
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=560f5188c6243d99d8012961a0008f953e9d918e
---
libavcodec/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index f4085bf..1156e43 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -2092,7 +2092,7 @@ static int64_t guess_correct_pts(AVCodecContext *ctx,
return pts;
}
-static int apply_param_change(AVCodecContext *avctx, AVPacket *avpkt)
+static int apply_param_change(AVCodecContext *avctx, const AVPacket *avpkt)
{
int size = 0, ret;
const uint8_t *data;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/aic: unbreak decoding of files with slice_width != 16
ffmpeg | branch: master | Paul B Mahol | Fri Feb 24 11:29:42
2017 +0100| [fa3e49568dc856a66825985878b15eda21e67ab6] | committer: Paul B Mahol
avcodec/aic: unbreak decoding of files with slice_width != 16
Signed-off-by: Paul B Mahol
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa3e49568dc856a66825985878b15eda21e67ab6
---
libavcodec/aic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/aic.c b/libavcodec/aic.c
index 4faa574..67d78c5 100644
--- a/libavcodec/aic.c
+++ b/libavcodec/aic.c
@@ -449,7 +449,7 @@ static av_cold int aic_decode_init(AVCodecContext *avctx)
ctx->num_x_slices = (ctx->mb_width + 15) >> 4;
ctx->slice_width = 16;
-for (i = 1; i < 32; i++) {
+for (i = 1; i < ctx->mb_width; i++) {
if (!(ctx->mb_width % i) && (ctx->mb_width / i <= 32)) {
ctx->slice_width = ctx->mb_width / i;
ctx->num_x_slices = i;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/scpr: make sure that component value is <= 0x1F for 16 bpc
ffmpeg | branch: master | Paul B Mahol | Fri Feb 24 12:01:30
2017 +0100| [178cd50c47aa5b7db03f7ce7a3f2934857dbd35b] | committer: Paul B Mahol
avcodec/scpr: make sure that component value is <= 0x1F for 16 bpc
Signed-off-by: Paul B Mahol
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=178cd50c47aa5b7db03f7ce7a3f2934857dbd35b
---
libavcodec/scpr.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c
index d81..0802dd4 100644
--- a/libavcodec/scpr.c
+++ b/libavcodec/scpr.c
@@ -58,6 +58,7 @@ typedef struct SCPRContext {
unsignednbx, nby;
unsignednbcount;
unsigned *blocks;
+unsignedcbits;
int cxshift;
} SCPRContext;
@@ -241,7 +242,7 @@ static int decode_unit(SCPRContext *s, PixelModel *pixel,
unsigned step, unsigne
}
pixel->total_freq = totfr;
-*rval = c;
+*rval = c & s->cbits;
return 0;
}
@@ -789,6 +790,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
}
s->cxshift = avctx->bits_per_coded_sample == 16 ? 0 : 2;
+s->cbits = avctx->bits_per_coded_sample == 16 ? 0x1F : 0xFF;
s->nbx = (avctx->width + 15) / 16;
s->nby = (avctx->height + 15) / 16;
s->nbcount = s->nbx * s->nby;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/rv34: Simplify and factor get_slice_offset() code
ffmpeg | branch: master | Michael Niedermayer | Fri
Feb 24 12:46:28 2017 +0100| [8696f25c2ec24daa570f26feadbd3df911e4] |
committer: Michael Niedermayer
avcodec/rv34: Simplify and factor get_slice_offset() code
This also fixes several integer overflows by checking each value before
use.
Fixes: 662/clusterfuzz-testcase-4898131432964096
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8696f25c2ec24daa570f26feadbd3df911e4
---
libavcodec/rv34.c | 42 +++---
1 file changed, 19 insertions(+), 23 deletions(-)
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c
index b5802d4..be49804 100644
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c
@@ -1591,10 +1591,13 @@ int ff_rv34_decode_update_thread_context(AVCodecContext
*dst, const AVCodecConte
return ff_mpeg_update_thread_context(dst, src);
}
-static int get_slice_offset(AVCodecContext *avctx, const uint8_t *buf, int n)
+static int get_slice_offset(AVCodecContext *avctx, const uint8_t *buf, int n,
int slice_count, int buf_size)
{
-if(avctx->slice_count) return avctx->slice_offset[n];
-else return AV_RL32(buf + n*8 - 4) == 1 ? AV_RL32(buf +
n*8) : AV_RB32(buf + n*8);
+if (n < slice_count) {
+if(avctx->slice_count) return avctx->slice_offset[n];
+else return AV_RL32(buf + n*8 - 4) == 1 ?
AV_RL32(buf + n*8) : AV_RB32(buf + n*8);
+} else
+return buf_size;
}
static int finish_frame(AVCodecContext *avctx, AVFrame *pict)
@@ -1652,6 +1655,7 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
const uint8_t *slices_hdr = NULL;
int last = 0;
int faulty_b = 0;
+int offset;
/* no supplementary picture */
if (buf_size == 0) {
@@ -1674,13 +1678,13 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
}else
slice_count = avctx->slice_count;
+offset = get_slice_offset(avctx, slices_hdr, 0, slice_count, buf_size);
//parse first slice header to check whether this frame can be decoded
-if(get_slice_offset(avctx, slices_hdr, 0) < 0 ||
- get_slice_offset(avctx, slices_hdr, 0) > buf_size){
+if(offset < 0 || offset > buf_size){
av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
return AVERROR_INVALIDDATA;
}
-init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, 0),
(buf_size-get_slice_offset(avctx, slices_hdr, 0))*8);
+init_get_bits(&s->gb, buf+offset, (buf_size-offset)*8);
if(r->parse_slice_header(r, &r->s.gb, &si) < 0 || si.start){
av_log(avctx, AV_LOG_ERROR, "First slice header is incorrect\n");
return AVERROR_INVALIDDATA;
@@ -1783,40 +1787,32 @@ int ff_rv34_decode_frame(AVCodecContext *avctx,
return AVERROR_INVALIDDATA;
for(i = 0; i < slice_count; i++){
-int offset = get_slice_offset(avctx, slices_hdr, i);
+int offset = get_slice_offset(avctx, slices_hdr, i , slice_count,
buf_size);
+int offset1 = get_slice_offset(avctx, slices_hdr, i+1, slice_count,
buf_size);
int size;
-if(i+1 == slice_count)
-size = buf_size - offset;
-else
-size = get_slice_offset(avctx, slices_hdr, i+1) - offset;
-if(offset < 0 || offset > buf_size){
+if(offset < 0 || offset > offset1 || offset1 > buf_size){
av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
break;
}
+size = offset1 - offset;
r->si.end = s->mb_width * s->mb_height;
s->mb_num_left = r->s.mb_x + r->s.mb_y*r->s.mb_width - r->si.start;
if(i+1 < slice_count){
-if (get_slice_offset(avctx, slices_hdr, i+1) < 0 ||
-get_slice_offset(avctx, slices_hdr, i+1) > buf_size) {
+int offset2 = get_slice_offset(avctx, slices_hdr, i+2,
slice_count, buf_size);
+if (offset2 < offset1 || offset2 > buf_size) {
av_log(avctx, AV_LOG_ERROR, "Slice offset is invalid\n");
break;
}
-init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr,
i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8);
+init_get_bits(&s->gb, buf+offset1, (buf_size-offset1)*8);
if(r->parse_slice_header(r, &r->s.gb, &si) < 0){
-if(i+2 < slice_count)
-size = get_slice_offset(avctx, slices_hdr, i+2) - offset;
-else
-size = buf_size - offset;
+size = offset2 - offset;
}else
r->si.end = si.start;
}
-if (size < 0 || size > buf_size - offset) {
-av_log(avctx, AV_LOG_ERROR, "Slice size is invalid\n");
-break;
-}
+av_assert0 (size >= 0 && size <= buf_size - offset);
last = rv3
[FFmpeg-cvslog] tools/target_dec_fuzzer: Fix misaligned read
ffmpeg | branch: master | Michael Niedermayer | Fri
Feb 24 13:23:37 2017 +0100| [c87ea47481d35b0219e2e22d60f2a431286f725d] |
committer: Michael Niedermayer
tools/target_dec_fuzzer: Fix misaligned read
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c87ea47481d35b0219e2e22d60f2a431286f725d
---
tools/target_dec_fuzzer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 8761d96..cb3bc50 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -46,6 +46,7 @@
*/
#include "libavutil/avassert.h"
+#include "libavutil/intreadwrite.h"
#include "libavcodec/avcodec.h"
#include "libavformat/avformat.h"
@@ -165,7 +166,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t
size) {
while (data < end && it < maxiteration) {
// Search for the TAG
while (data + sizeof(fuzz_tag) < end) {
-if (data[0] == (fuzz_tag & 0xFF) && *(const uint64_t *)(data) ==
fuzz_tag)
+if (data[0] == (fuzz_tag & 0xFF) && AV_RN64(data) == fuzz_tag)
break;
data++;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int'
ffmpeg | branch: master | Michael Niedermayer | Fri Feb 24 13:11:43 2017 +0100| [2b8b7921c55a93049a86cfeb2fda9423d16f8ebe] | committer: Michael Niedermayer avcodec/vp3dsp: Fix multiple signed integer overflow: 46341 * 47523 cannot be represented in type 'int' Fixes: 664/clusterfuzz-testcase-4917047475568640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b8b7921c55a93049a86cfeb2fda9423d16f8ebe --- libavcodec/vp3dsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vp3dsp.c b/libavcodec/vp3dsp.c index 814c78e..4b6c838 100644 --- a/libavcodec/vp3dsp.c +++ b/libavcodec/vp3dsp.c @@ -41,7 +41,7 @@ #define xC6S2 25080 #define xC7S1 12785 -#define M(a, b) (((a) * (b)) >> 16) +#define M(a, b) ((int)((SUINT)(a) * (b)) >> 16) static av_always_inline void idct(uint8_t *dst, int stride, int16_t *input, int type) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/scpr: improve motion vectors checking for out of buffer write
ffmpeg | branch: master | Paul B Mahol | Fri Feb 24 15:27:19
2017 +0100| [0a28c505063f0fdbfa24c28dc1e67704e10127b5] | committer: Paul B Mahol
avcodec/scpr: improve motion vectors checking for out of buffer write
Signed-off-by: Paul B Mahol
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0a28c505063f0fdbfa24c28dc1e67704e10127b5
---
libavcodec/scpr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c
index 0802dd4..75e8ffa 100644
--- a/libavcodec/scpr.c
+++ b/libavcodec/scpr.c
@@ -509,8 +509,8 @@ static int decompress_p(AVCodecContext *avctx,
by + mvy + sy1 >= avctx->height || bx + mvx + sx1 >=
avctx->width)
return AVERROR_INVALIDDATA;
-for (i = 0; i < sy2 - sy1 && (by + sy1 + i) < avctx->height;
i++) {
-for (j = 0; j < sx2 - sx1 && (bx + sx1 + j) <
avctx->width; j++) {
+for (i = 0; i < sy2 - sy1 && (by + sy1 + i) < avctx->height &&
(by + mvy + sy1 + i) < avctx->height; i++) {
+for (j = 0; j < sx2 - sx1 && (bx + sx1 + j) < avctx->width
&& (bx + mvx + sx1 + j) < avctx->width; j++) {
dst[(by + i + sy1) * linesize + bx + sx1 + j] =
prev[(by + mvy + sy1 + i) * plinesize + bx + sx1 + mvx + j];
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/fmvc: initialize opcode to 0
ffmpeg | branch: master | Paul B Mahol | Fri Feb 24 15:50:16
2017 +0100| [c583e701bd527eb9635bd8f1d22b06696b3e2b3d] | committer: Paul B Mahol
avcodec/fmvc: initialize opcode to 0
It shouldn't really matter but it doesn't hurt.
Signed-off-by: Paul B Mahol
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c583e701bd527eb9635bd8f1d22b06696b3e2b3d
---
libavcodec/fmvc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c
index c5e5b3d..9c452da 100644
--- a/libavcodec/fmvc.c
+++ b/libavcodec/fmvc.c
@@ -53,7 +53,7 @@ typedef struct FMVCContext {
static int decode_type2(GetByteContext *gb, PutByteContext *pb)
{
-unsigned repeat = 0, first = 1, opcode;
+unsigned repeat = 0, first = 1, opcode = 0;
int i, len, pos;
while (bytestream2_get_bytes_left(gb) > 0) {
@@ -288,7 +288,7 @@ static int decode_type2(GetByteContext *gb, PutByteContext
*pb)
static int decode_type1(GetByteContext *gb, PutByteContext *pb)
{
-unsigned opcode, len;
+unsigned opcode = 0, len;
int high = 0;
int i, pos;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/scpr: remove 4 dead store
ffmpeg | branch: master | Paul B Mahol | Fri Feb 24 19:49:39 2017 +0100| [e01c32f260fa66fc80d286527a02cce7ca940c00] | committer: Paul B Mahol avcodec/scpr: remove 4 dead store Signed-off-by: Paul B Mahol > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e01c32f260fa66fc80d286527a02cce7ca940c00 --- libavcodec/scpr.c | 4 1 file changed, 4 deletions(-) diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c index 75e8ffa..f3809f1 100644 --- a/libavcodec/scpr.c +++ b/libavcodec/scpr.c @@ -321,8 +321,6 @@ static int decompress_i(AVCodecContext *avctx, uint32_t *dst, int linesize) if (ret < 0) return ret; -cx1 = (cx << 6) & 0xFC0; -cx = b >> cxshift; clr = (b << 16) + (g << 8) + r; } if (ptype > 5) @@ -537,8 +535,6 @@ static int decompress_p(AVCodecContext *avctx, if (ret < 0) return ret; -cx1 = (cx << 6) & 0xFC0; -cx = b >> cxshift; clr = (b << 16) + (g << 8) + r; } if (ptype > 5) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] opus_pvq: prevent division by 0
ffmpeg | branch: master | Rostislav Pehlivanov | Fri Feb
24 19:13:44 2017 +| [70259737cbad1136d942fa0cca5d55be1ca37e0a] | committer:
Rostislav Pehlivanov
opus_pvq: prevent division by 0
res was 0 and divided K which made it infinity which caused K to
overflow.
Signed-off-by: Rostislav Pehlivanov
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=70259737cbad1136d942fa0cca5d55be1ca37e0a
---
libavcodec/opus_pvq.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/opus_pvq.c b/libavcodec/opus_pvq.c
index 706e239..ce93c47 100644
--- a/libavcodec/opus_pvq.c
+++ b/libavcodec/opus_pvq.c
@@ -397,7 +397,7 @@ static void celt_pvq_search(float *X, int *y, int K, int N)
for (i = 0; i < N; i++)
res += FFABS(X[i]);
-res = K/res;
+res = K/(res + FLT_EPSILON);
for (i = 0; i < N; i++) {
y[i] = lrintf(res*X[i]);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/mpegaudiodec_template: Correct return code on id3 tag discarding
ffmpeg | branch: master | Michael Niedermayer | Fri
Feb 24 19:04:12 2017 +0100| [5d81616be332cca99304d0b747c2c8e2d719f349] |
committer: Michael Niedermayer
avcodec/mpegaudiodec_template: Correct return code on id3 tag discarding
Fixes: 665/clusterfuzz-testcase-4863789881098240
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5d81616be332cca99304d0b747c2c8e2d719f349
---
libavcodec/mpegaudiodec_template.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mpegaudiodec_template.c
b/libavcodec/mpegaudiodec_template.c
index 33f2a14..a389318 100644
--- a/libavcodec/mpegaudiodec_template.c
+++ b/libavcodec/mpegaudiodec_template.c
@@ -1665,7 +1665,7 @@ static int decode_frame(AVCodecContext * avctx, void
*data, int *got_frame_ptr,
header = AV_RB32(buf);
if (header>>8 == AV_RB32("TAG")>>8) {
av_log(avctx, AV_LOG_DEBUG, "discarding ID3 tag\n");
-return buf_size;
+return buf_size + skipped;
}
ret = avpriv_mpegaudio_decode_header((MPADecodeHeader *)s, header);
if (ret < 0) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/vp56: Fix sign typo
ffmpeg | branch: master | Michael Niedermayer | Fri
Feb 24 21:05:33 2017 +0100| [513a3494396d0a20233273b3cadcb5ee86485d5c] |
committer: Michael Niedermayer
avcodec/vp56: Fix sign typo
Fixes: 664/clusterfuzz-testcase-4917047475568640
The change to fate is due to a truncated last frames which is now detected as
damaged.
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=513a3494396d0a20233273b3cadcb5ee86485d5c
---
libavcodec/vp5.c | 2 +-
libavcodec/vp6.c | 2 +-
tests/ref/fate/vp5 | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/vp5.c b/libavcodec/vp5.c
index aba177c..54db620 100644
--- a/libavcodec/vp5.c
+++ b/libavcodec/vp5.c
@@ -180,7 +180,7 @@ static int vp5_parse_coeff(VP56Context *s)
int b, i, cg, idx, ctx, ctx_last;
int pt = 0;/* plane type (0 for Y, 1 for U or V) */
-if (c->end >= c->buffer && c->bits >= 0) {
+if (c->end <= c->buffer && c->bits >= 0) {
av_log(s->avctx, AV_LOG_ERROR, "End of AC stream reached in
vp5_parse_coeff\n");
return AVERROR_INVALIDDATA;
}
diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c
index 7f0a9b7..662126c 100644
--- a/libavcodec/vp6.c
+++ b/libavcodec/vp6.c
@@ -450,7 +450,7 @@ static int vp6_parse_coeff(VP56Context *s)
int b, i, cg, idx, ctx;
int pt = 0;/* plane type (0 for Y, 1 for U or V) */
-if (c->end >= c->buffer && c->bits >= 0) {
+if (c->end <= c->buffer && c->bits >= 0) {
av_log(s->avctx, AV_LOG_ERROR, "End of AC stream reached in
vp6_parse_coeff\n");
return AVERROR_INVALIDDATA;
}
diff --git a/tests/ref/fate/vp5 b/tests/ref/fate/vp5
index 2116fb9..da510fc 100644
--- a/tests/ref/fate/vp5
+++ b/tests/ref/fate/vp5
@@ -249,4 +249,4 @@
0,243,243,1, 233472, 0x6f530ac6
0,244,244,1, 233472, 0x94f7466c
0,245,245,1, 233472, 0xa8c1d365
-0,246,246,1, 233472, 0xedcff050
+0,246,246,1, 233472, 0x8843293b
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be represented in type 'int'
ffmpeg | branch: master | Michael Niedermayer | Sat
Feb 25 01:43:16 2017 +0100| [310d2af319d9113263f75e94f5a1b211c05260b5] |
committer: Michael Niedermayer
avcodec/pngdec: Fix runtime error: left shift of 152 by 24 places cannot be
represented in type 'int'
Fixes: 666/clusterfuzz-testcase-6581447227867136
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=310d2af319d9113263f75e94f5a1b211c05260b5
---
libavcodec/pngdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index c2ea4d2..a4eb6cc 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -796,7 +796,7 @@ static int decode_trns_chunk(AVCodecContext *avctx,
PNGDecContext *s,
return AVERROR_INVALIDDATA;
for (i = 0; i < length; i++) {
-v = bytestream2_get_byte(&s->gb);
+unsigned v = bytestream2_get_byte(&s->gb);
s->palette[i] = (s->palette[i] & 0x00ff) | (v << 24);
}
} else if (s->color_type == PNG_COLOR_TYPE_GRAY || s->color_type ==
PNG_COLOR_TYPE_RGB) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1
ffmpeg | branch: master | Michael Niedermayer | Sat
Feb 25 02:19:43 2017 +0100| [6bd79ba59f46a8b3133f28faae53b75540469803] |
committer: Michael Niedermayer
avcodec/amrwbdec: Fix 2 runtime errors: left shift of negative value -1
Fixes: 669/clusterfuzz-testcase-4847965409640448
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bd79ba59f46a8b3133f28faae53b75540469803
---
libavcodec/amrwbdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/amrwbdec.c b/libavcodec/amrwbdec.c
index 7d0c135..999bfb9 100644
--- a/libavcodec/amrwbdec.c
+++ b/libavcodec/amrwbdec.c
@@ -292,7 +292,7 @@ static void decode_pitch_lag_low(int *lag_int, int
*lag_frac, int pitch_index,
if (subframe == 0 || (subframe == 2 && mode != MODE_6k60)) {
if (pitch_index < 116) {
*lag_int = (pitch_index + 69) >> 1;
-*lag_frac = (pitch_index - (*lag_int << 1) + 68) << 1;
+*lag_frac = (pitch_index - (*lag_int << 1) + 68) * 2;
} else {
*lag_int = pitch_index - 24;
*lag_frac = 0;
@@ -302,7 +302,7 @@ static void decode_pitch_lag_low(int *lag_int, int
*lag_frac, int pitch_index,
AMRWB_P_DELAY_MIN, AMRWB_P_DELAY_MAX - 15);
} else {
*lag_int = (pitch_index + 1) >> 1;
-*lag_frac = (pitch_index - (*lag_int << 1)) << 1;
+*lag_frac = (pitch_index - (*lag_int << 1)) * 2;
*lag_int += *base_lag_int;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] avformat/hlsenc: fix hls_flags temp_file bug
ffmpeg | branch: master | Steven Liu | Sat Feb 25
10:59:05 2017 +0800| [f73ef3748e837d220771d1186f4f5abb8f551123] | committer:
Steven Liu
avformat/hlsenc: fix hls_flags temp_file bug
refer to ticket id: #6170
rename file from temp to origin name after complete current segment
Reviewed-by: Aman Gupta
Signed-off-by: Steven Liu
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f73ef3748e837d220771d1186f4f5abb8f551123
---
libavformat/hlsenc.c | 55 ++--
1 file changed, 27 insertions(+), 28 deletions(-)
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 86a3b05..0238705 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -691,6 +691,17 @@ static void write_m3u8_head_block(HLSContext *hls,
AVIOContext *out, int version
av_log(hls, AV_LOG_VERBOSE, "EXT-X-MEDIA-SEQUENCE:%"PRId64"\n", sequence);
}
+static void hls_rename_temp_file(AVFormatContext *s, AVFormatContext *oc)
+{
+size_t len = strlen(oc->filename);
+char final_filename[sizeof(oc->filename)];
+
+av_strlcpy(final_filename, oc->filename, len);
+final_filename[len-4] = '\0';
+ff_rename(oc->filename, final_filename, s);
+oc->filename[len-4] = '\0';
+}
+
static int hls_window(AVFormatContext *s, int last)
{
HLSContext *hls = s->priv_data;
@@ -833,15 +844,6 @@ static int hls_start(AVFormatContext *s)
char *filename, iv_string[KEYSIZE*2 + 1];
int err = 0;
-if ((c->flags & HLS_TEMP_FILE) && oc->filename[0] != 0) {
-size_t len = strlen(oc->filename);
-char final_filename[sizeof(oc->filename)];
-av_strlcpy(final_filename, oc->filename, len);
-final_filename[len-4] = '\0';
-ff_rename(oc->filename, final_filename, s);
-oc->filename[len-4] = '\0';
-}
-
if (c->flags & HLS_SINGLE_FILE) {
av_strlcpy(oc->filename, c->basename,
sizeof(oc->filename));
@@ -1325,6 +1327,17 @@ static int hls_write_packet(AVFormatContext *s, AVPacket
*pkt)
new_start_pos = avio_tell(hls->avf->pb);
hls->size = new_start_pos - hls->start_pos;
+
+if ((hls->flags & HLS_TEMP_FILE) && oc->filename[0]) {
+if (!(hls->flags & HLS_SINGLE_FILE) || (hls->max_seg_size <= 0))
+if (hls->avf->oformat->priv_class && hls->avf->priv_data)
+av_opt_set(hls->avf->priv_data, "mpegts_flags",
"resend_headers", 0);
+ff_format_io_close(s, &oc->pb);
+if (hls->vtt_avf)
+ff_format_io_close(s, &hls->vtt_avf->pb);
+hls_rename_temp_file(s, oc);
+}
+
ret = hls_append_segment(s, hls, hls->duration, hls->start_pos,
hls->size);
hls->start_pos = new_start_pos;
if (ret < 0) {
@@ -1336,21 +1349,14 @@ static int hls_write_packet(AVFormatContext *s,
AVPacket *pkt)
hls->duration = 0;
if (hls->flags & HLS_SINGLE_FILE) {
-if (hls->avf->oformat->priv_class && hls->avf->priv_data)
-av_opt_set(hls->avf->priv_data, "mpegts_flags",
"resend_headers", 0);
hls->number++;
} else if (hls->max_seg_size > 0) {
-if (hls->avf->oformat->priv_class && hls->avf->priv_data)
-av_opt_set(hls->avf->priv_data, "mpegts_flags",
"resend_headers", 0);
if (hls->start_pos >= hls->max_seg_size) {
hls->sequence++;
-ff_format_io_close(s, &oc->pb);
if ((hls->flags & (HLS_SECOND_LEVEL_SEGMENT_SIZE |
HLS_SECOND_LEVEL_SEGMENT_DURATION)) &&
strlen(hls->current_segment_final_filename_fmt)) {
ff_rename(old_filename, hls->avf->filename, hls);
}
-if (hls->vtt_avf)
-ff_format_io_close(s, &hls->vtt_avf->pb);
ret = hls_start(s);
hls->start_pos = 0;
/* When split segment by byte, the duration is short than
hls_time,
@@ -1359,13 +1365,10 @@ static int hls_write_packet(AVFormatContext *s,
AVPacket *pkt)
}
hls->number++;
} else {
-ff_format_io_close(s, &oc->pb);
if ((hls->flags & (HLS_SECOND_LEVEL_SEGMENT_SIZE |
HLS_SECOND_LEVEL_SEGMENT_DURATION)) &&
strlen(hls->current_segment_final_filename_fmt)) {
ff_rename(old_filename, hls->avf->filename, hls);
}
-if (hls->vtt_avf)
-ff_format_io_close(s, &hls->vtt_avf->pb);
ret = hls_start(s);
}
@@ -1402,6 +1405,11 @@ static int hls_write_trailer(struct AVFormatContext *s)
if (oc->pb) {
hls->size = avio_tell(hls->avf->pb) - hls->start_pos;
ff_format_io_close(s, &oc->pb);
+
+if ((hls->flags & HLS_TEMP_FILE) && oc->filename[0]) {
+hls_rename_temp_file(s, oc);
+}
+
/* after av_write_trailer, then duration + 1 duration per packet */
[FFmpeg-cvslog] avformat/hlsenc: don't use %s for strftime on msvc
ffmpeg | branch: master | Hendrik Leppkes | Sat Feb 25 11:23:50 2017 +0800| [3aef2fceff3205605aed19f8a81b56db56496631] | committer: Steven Liu avformat/hlsenc: don't use %s for strftime on msvc MSVC doesn't support the %s time format, and instead of returning an error the invalid parameter handler is invoked which (by default) terminates the process. Reviewed-by:Steven Liu Signed-off-by: Hendrik Leppkes > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3aef2fceff3205605aed19f8a81b56db56496631 --- libavformat/hlsenc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c index 0238705..9cf6211 100644 --- a/libavformat/hlsenc.c +++ b/libavformat/hlsenc.c @@ -1027,7 +1027,8 @@ static const char * get_default_pattern_localtime_fmt(void) struct tm *p, tmbuf; p = localtime_r(&t, &tmbuf); // no %s support when strftime returned error or left format string unchanged -return (!strftime(b, sizeof(b), "%s", p) || !strcmp(b, "%s")) ? "-%Y%m%d%H%M%S.ts" : "-%s.ts"; +// also no %s support on MSVC, which invokes the invalid parameter handler on unsupported format strings, instead of returning an error +return (HAVE_LIBC_MSVCRT || !strftime(b, sizeof(b), "%s", p) || !strcmp(b, "%s")) ? "-%Y%m%d%H%M%S.ts" : "-%s.ts"; } static int hls_write_header(AVFormatContext *s) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
