[FFmpeg-cvslog] avcodec/cfhd: add back alpha processing removed in 9cefb9e7ec
ffmpeg | branch: master | Paul B Mahol | Fri Jun 28 19:39:55
2019 +0200| [2edb2627597d99fcad7f6932e7c45f6169250db5] | committer: Paul B Mahol
avcodec/cfhd: add back alpha processing removed in 9cefb9e7ec
Fixes #7886.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2edb2627597d99fcad7f6932e7c45f6169250db5
---
libavcodec/cfhd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 846d334b9b..49a5a2c30a 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -884,6 +884,8 @@ static int cfhd_decode(AVCodecContext *avctx, void *data,
int *got_frame,
high = s->plane[plane].l_h[7];
for (i = 0; i < lowpass_height * 2; i++) {
horiz_filter_clip(dst, low, high, lowpass_width, s->bpc);
+if (avctx->pix_fmt == AV_PIX_FMT_GBRAP12 && act_plane == 3)
+process_alpha(dst, lowpass_width * 2);
low += lowpass_width;
high += lowpass_width;
dst += pic->linesize[act_plane] / 2;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/atrac9dec: Check that the reused block has succeeded initilization
ffmpeg | branch: master | Michael Niedermayer | Sun
Jun 16 20:56:20 2019 +0200| [ac9af7e9a5befa8a554bacbcc59ab2f11203d85e] |
committer: Michael Niedermayer
avcodec/atrac9dec: Check that the reused block has succeeded initilization
Fixes: global-buffer-overflow
Fixes:
15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac9af7e9a5befa8a554bacbcc59ab2f11203d85e
---
libavcodec/atrac9dec.c | 8
1 file changed, 8 insertions(+)
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index 894c70c7fc..08fe483e39 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -71,6 +71,8 @@ typedef struct ATRAC9BlockData {
int cpe_base_channel;
int is_signs[30];
+int reuseable;
+
} ATRAC9BlockData;
typedef struct ATRAC9Context {
@@ -668,6 +670,7 @@ static int atrac9_decode_block(ATRAC9Context *s,
GetBitContext *gb,
if (!reuse_params) {
int stereo_band, ext_band;
const int min_band_count = s->samplerate_idx > 7 ? 1 : 3;
+b->reuseable = 0;
b->band_count = get_bits(gb, 4) + min_band_count;
b->q_unit_cnt = at9_tab_band_q_unit_map[b->band_count];
@@ -699,6 +702,11 @@ static int atrac9_decode_block(ATRAC9Context *s,
GetBitContext *gb,
}
b->band_ext_q_unit = at9_tab_band_q_unit_map[ext_band];
}
+b->reuseable = 1;
+}
+if (!b->reuseable) {
+av_log(s->avctx, AV_LOG_ERROR, "invalid block reused!\n");
+return AVERROR_INVALIDDATA;
}
/* Calculate bit alloc gradient */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/atrac9dec: Check q_unit_cnt in parse_band_ext()
ffmpeg | branch: master | Michael Niedermayer | Sun
Jun 16 21:01:50 2019 +0200| [fb4a4557d15bce601e2462207648741600fa273f] |
committer: Michael Niedermayer
avcodec/atrac9dec: Check q_unit_cnt in parse_band_ext()
Fixes: global-buffer-overflow
Fixes:
15247/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ATRAC9_fuzzer-5671602181636096
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fb4a4557d15bce601e2462207648741600fa273f
---
libavcodec/atrac9dec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/atrac9dec.c b/libavcodec/atrac9dec.c
index 08fe483e39..4d490daeb0 100644
--- a/libavcodec/atrac9dec.c
+++ b/libavcodec/atrac9dec.c
@@ -202,6 +202,8 @@ static inline int parse_band_ext(ATRAC9Context *s,
ATRAC9BlockData *b,
int ext_band = 0;
if (b->has_band_ext) {
+if (b->q_unit_cnt < 13)
+return AVERROR_INVALIDDATA;
ext_band = at9_tab_band_ext_group[b->q_unit_cnt - 13][2];
if (stereo) {
b->channel[1].band_ext = get_bits(gb, 2);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil: add FF_DECODE_ERROR_DECODE_SLICES for AVFrame.decode_error_flags
ffmpeg | branch: master | Amir Pauker | Fri Jun 28
02:21:18 2019 -0700| [a30e44098ad4c57c1c78556ba85fe42f97fe2e8b] | committer:
Michael Niedermayer
avutil: add FF_DECODE_ERROR_DECODE_SLICES for AVFrame.decode_error_flags
Signed-off-by: Amir Pauker
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a30e44098ad4c57c1c78556ba85fe42f97fe2e8b
---
doc/APIchanges | 3 +++
libavutil/frame.h | 1 +
libavutil/version.h | 2 +-
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/doc/APIchanges b/doc/APIchanges
index 29a1936961..b5fadc2a48 100644
--- a/doc/APIchanges
+++ b/doc/APIchanges
@@ -15,6 +15,9 @@ libavutil: 2017-10-21
API changes, most recent first:
+2019-06-21 - XX - lavu 56.30.100 - frame.h
+ Add FF_DECODE_ERROR_DECODE_SLICES
+
2019-06-14 - XX - lavu 56.29.100 - frame.h
Add FF_DECODE_ERROR_CONCEALMENT_ACTIVE
diff --git a/libavutil/frame.h b/libavutil/frame.h
index 54e682e053..732b0775ff 100644
--- a/libavutil/frame.h
+++ b/libavutil/frame.h
@@ -564,6 +564,7 @@ typedef struct AVFrame {
#define FF_DECODE_ERROR_INVALID_BITSTREAM 1
#define FF_DECODE_ERROR_MISSING_REFERENCE 2
#define FF_DECODE_ERROR_CONCEALMENT_ACTIVE 4
+#define FF_DECODE_ERROR_DECODE_SLICES 8
/**
* number of audio channels, only used for audio.
diff --git a/libavutil/version.h b/libavutil/version.h
index dccbb38585..e16b93e877 100644
--- a/libavutil/version.h
+++ b/libavutil/version.h
@@ -79,7 +79,7 @@
*/
#define LIBAVUTIL_VERSION_MAJOR 56
-#define LIBAVUTIL_VERSION_MINOR 29
+#define LIBAVUTIL_VERSION_MINOR 30
#define LIBAVUTIL_VERSION_MICRO 100
#define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qdm2: Move fft_order check up
ffmpeg | branch: master | Michael Niedermayer | Mon
Jun 17 20:58:47 2019 +0200| [8d8b8c4ac6fb5b5d40bd131f2d2ea9d85b8759a6] |
committer: Michael Niedermayer
avcodec/qdm2: Move fft_order check up
This avoids undefined computations with unchecked values
Fixes: shift exponent -21 is negative
Fixes:
15262/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDM2_fuzzer-5651261753393152
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d8b8c4ac6fb5b5d40bd131f2d2ea9d85b8759a6
---
libavcodec/qdm2.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 88b6b19d11..1397218bdd 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1702,6 +1702,12 @@ static av_cold int qdm2_decode_init(AVCodecContext
*avctx)
s->fft_order = av_log2(s->fft_size) + 1;
+// Fail on unknown fft order
+if ((s->fft_order < 7) || (s->fft_order > 9)) {
+avpriv_request_sample(avctx, "Unknown FFT order %d", s->fft_order);
+return AVERROR_PATCHWELCOME;
+}
+
// something like max decodable tones
s->group_order = av_log2(s->group_size) + 1;
s->frame_size = s->group_size / 16; // 16 iterations per super block
@@ -1735,11 +1741,6 @@ static av_cold int qdm2_decode_init(AVCodecContext
*avctx)
else
s->coeff_per_sb_select = 2;
-// Fail on unknown fft order
-if ((s->fft_order < 7) || (s->fft_order > 9)) {
-avpriv_request_sample(avctx, "Unknown FFT order %d", s->fft_order);
-return AVERROR_PATCHWELCOME;
-}
if (s->fft_size != (1 << (s->fft_order - 1))) {
av_log(avctx, AV_LOG_ERROR, "FFT size %d not power of 2.\n",
s->fft_size);
return AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/libvorbisdec: Check extradata size
ffmpeg | branch: master | Michael Niedermayer | Mon
Jun 17 21:26:45 2019 +0200| [cf3c245566e8a8d45ed2ad9fdff9ef50327ba2d3] |
committer: Michael Niedermayer
avcodec/libvorbisdec: Check extradata size
Fixes: out of array read
Fixes:
15261/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LIBVORBIS_fuzzer-5764908467093504
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cf3c245566e8a8d45ed2ad9fdff9ef50327ba2d3
---
libavcodec/libvorbisdec.c | 8
1 file changed, 8 insertions(+)
diff --git a/libavcodec/libvorbisdec.c b/libavcodec/libvorbisdec.c
index ecf690a553..89cbbb41b6 100644
--- a/libavcodec/libvorbisdec.c
+++ b/libavcodec/libvorbisdec.c
@@ -49,8 +49,16 @@ static int oggvorbis_decode_init(AVCodecContext *avccontext)
{
vorbis_comment_init(&context->vc) ;
if(p[0] == 0 && p[1] == 30) {
+int sizesum = 0;
for(i = 0; i < 3; i++){
hsizes[i] = bytestream_get_be16((const uint8_t **)&p);
+sizesum += 2 + hsizes[i];
+if (sizesum > avccontext->extradata_size) {
+av_log(avccontext, AV_LOG_ERROR, "vorbis extradata too
small\n");
+ret = AVERROR_INVALIDDATA;
+goto error;
+}
+
headers[i] = p;
p += hsizes[i];
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/vqf: Check header_size
ffmpeg | branch: master | Michael Niedermayer | Tue
Jun 18 23:17:23 2019 +0200| [7c30ff38880570377168096417f714b21102b343] |
committer: Michael Niedermayer
avformat/vqf: Check header_size
Fixes:
15271/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5735262606327808
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type
'int'
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7c30ff38880570377168096417f714b21102b343
---
libavformat/vqf.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/vqf.c b/libavformat/vqf.c
index a58992318a..755849bac7 100644
--- a/libavformat/vqf.c
+++ b/libavformat/vqf.c
@@ -107,6 +107,9 @@ static int vqf_read_header(AVFormatContext *s)
header_size = avio_rb32(s->pb);
+if (header_size < 0)
+return AVERROR_INVALIDDATA;
+
st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
st->codecpar->codec_id = AV_CODEC_ID_TWINVQ;
st->start_time = 0;
@@ -120,7 +123,7 @@ static int vqf_read_header(AVFormatContext *s)
len = avio_rb32(s->pb);
-if ((unsigned) len > INT_MAX/2) {
+if ((unsigned) len > INT_MAX/2 || header_size < 8) {
av_log(s, AV_LOG_ERROR, "Malformed header\n");
return -1;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/m101: Fix off be 2 error
ffmpeg | branch: master | Michael Niedermayer | Mon
Jun 17 21:13:17 2019 +0200| [89b96900fa7c17d0770c9af26af7c3ae36ae0253] |
committer: Michael Niedermayer
avcodec/m101: Fix off be 2 error
Fixes: out of array read
Fixes:
15263/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_M101_fuzzer-5728999453491200
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89b96900fa7c17d0770c9af26af7c3ae36ae0253
---
libavcodec/m101.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/m101.c b/libavcodec/m101.c
index d2549668fd..70f1da4f45 100644
--- a/libavcodec/m101.c
+++ b/libavcodec/m101.c
@@ -61,7 +61,7 @@ static int m101_decode_frame(AVCodecContext *avctx, void
*data, int *got_frame,
stride = AV_RL32(avctx->extradata + 5*4);
if (avctx->pix_fmt == AV_PIX_FMT_YUV422P10)
-min_stride = (avctx->width + 15) / 16 * 20;
+min_stride = (avctx->width + 15) / 16 * 40;
if (stride < min_stride || avpkt->size < stride * (uint64_t)avctx->height)
{
av_log(avctx, AV_LOG_ERROR, "stride (%d) is invalid for packet sized
%d\n",
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
