[FFmpeg-cvslog] tools/target_dem_fuzzer: Use file extensions listed in input formats
ffmpeg | branch: master | Michael Niedermayer | Mon
Jun 8 11:26:45 2020 +0200| [d3747f44315e2c6a07fcb85c973b863dd1a6614a] |
committer: Michael Niedermayer
tools/target_dem_fuzzer: Use file extensions listed in input formats
This should make it easier for the fuzzer to fuzz formats being detected only by
file extension and thus increase coverage
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d3747f44315e2c6a07fcb85c973b863dd1a6614a
---
tools/target_dem_fuzzer.c | 27 ++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/tools/target_dem_fuzzer.c b/tools/target_dem_fuzzer.c
index cc097da0d7..b8356c5aa1 100644
--- a/tools/target_dem_fuzzer.c
+++ b/tools/target_dem_fuzzer.c
@@ -18,6 +18,7 @@
#include "config.h"
#include "libavutil/avassert.h"
+#include "libavutil/avstring.h"
#include "libavcodec/avcodec.h"
#include "libavcodec/bytestream.h"
@@ -110,14 +111,38 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t
size) {
error("Failed avformat_alloc_context()");
if (size > 2048) {
+int flags;
+char extension[64];
+
GetByteContext gbc;
memcpy (filename, data + size - 1024, 1024);
bytestream2_init(&gbc, data + size - 2048, 1024);
size -= 2048;
io_buffer_size = bytestream2_get_le32(&gbc) & 0xFFF;
-seekable = bytestream2_get_byte(&gbc) & 1;
+flags = bytestream2_get_byte(&gbc);
+seekable = flags & 1;
filesize = bytestream2_get_le64(&gbc) & 0x7FFF;
+
+if ((flags & 2) && strlen(filename) < sizeof(filename) / 2) {
+AVInputFormat *avif = NULL;
+int avif_count = 0;
+while ((avif = av_iformat_next(avif))) {
+if (avif->extensions)
+avif_count ++;
+}
+avif_count = bytestream2_get_le32(&gbc) % avif_count;
+
+while ((avif = av_iformat_next(avif))) {
+if (avif->extensions)
+if (!avif_count--)
+break;
+}
+av_strlcpy(extension, avif->extensions, sizeof(extension));
+if (strchr(extension, ','))
+*strchr(extension, ',') = 0;
+av_strlcatf(filename, sizeof(filename), ".%s", extension);
+}
}
io_buffer = av_malloc(io_buffer_size);
if (!io_buffer)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg12dec: remove outdated comments
ffmpeg | branch: master | Michael Niedermayer | Sat Jun 6 19:42:07 2020 +0200| [48de8f5816aa54dc584aeb2dbbf63a0e880279e2] | committer: Michael Niedermayer avcodec/mpeg12dec: remove outdated comments Found-by: Kieran Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48de8f5816aa54dc584aeb2dbbf63a0e880279e2 --- libavcodec/mpeg12dec.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index 54e122cd9d..99e56532a5 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -221,7 +221,6 @@ end: } /** - * Note: this function can read out of range and crash for corrupt streams. * Changing this would eat up any speed benefits it has. * Do not use "fast" flag if you need the code to be robust. */ @@ -397,7 +396,6 @@ end: } /** - * Note: this function can read out of range and crash for corrupt streams. * Changing this would eat up any speed benefits it has. * Do not use "fast" flag if you need the code to be robust. */ @@ -559,7 +557,6 @@ static inline int mpeg2_decode_block_intra(MpegEncContext *s, } /** - * Note: this function can read out of range and crash for corrupt streams. * Changing this would eat up any speed benefits it has. * Do not use "fast" flag if you need the code to be robust. */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/movtextdec: Fix shift overflows in mov_text_init()
ffmpeg | branch: master | Michael Niedermayer | Fri
Jun 5 18:22:51 2020 +0200| [d7a2311a2c5be1e861c3df618d295e7eced8e84b] |
committer: Michael Niedermayer
avcodec/movtextdec: Fix shift overflows in mov_text_init()
Fixes: left shift of 243 by 24 places cannot be represented in type 'int'
Fixes:
22716/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5704263425851392
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7a2311a2c5be1e861c3df618d295e7eced8e84b
---
libavcodec/movtextdec.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 4b4da5e0d9..4a21dbf36d 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -492,10 +492,10 @@ static int mov_text_init(AVCodecContext *avctx) {
return ff_ass_subtitle_header_full(avctx,
m->frame_width, m->frame_height,
m->d.font, m->d.fontsize,
-(255 - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
-(255 - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
-(255 - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
-(255 - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
+(255U - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
+(255U - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
+(255U - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
+(255U - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
m->d.bold, m->d.italic, m->d.underline,
ASS_DEFAULT_BORDERSTYLE, m->d.alignment);
} else
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/snowdec: Avoid integer overflow with huge qlog
ffmpeg | branch: master | Michael Niedermayer | Sat
Jun 6 17:45:39 2020 +0200| [38fbf33c7255b503453052c32ab5ae4fb151b29e] |
committer: Michael Niedermayer
avcodec/snowdec: Avoid integer overflow with huge qlog
Fixes: integer overflow
Fixes:
22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=38fbf33c7255b503453052c32ab5ae4fb151b29e
---
libavcodec/snowdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c
index 519e377a11..88664dc472 100644
--- a/libavcodec/snowdec.c
+++ b/libavcodec/snowdec.c
@@ -117,7 +117,7 @@ static av_always_inline void
predict_slice_buffered(SnowContext *s, slice_buffer
static inline void decode_subband_slice_buffered(SnowContext *s, SubBand *b,
slice_buffer * sb, int start_y, int h, int save_state[1]){
const int w= b->width;
int y;
-const int qlog= av_clip(s->qlog + b->qlog, 0, QROOT*16);
+const int qlog= av_clip(s->qlog + (int64_t)b->qlog, 0, QROOT*16);
int qmul= ff_qexp[qlog&(QROOT-1)]<<(qlog>>QSHIFT);
int qadd= (s->qbias*qmul)>>QBIAS_SHIFT;
int new_index = 0;
@@ -224,7 +224,7 @@ static int decode_q_branch(SnowContext *s, int level, int
x, int y){
static void dequantize_slice_buffered(SnowContext *s, slice_buffer * sb,
SubBand *b, IDWTELEM *src, int stride, int start_y, int end_y){
const int w= b->width;
-const int qlog= av_clip(s->qlog + b->qlog, 0, QROOT*16);
+const int qlog= av_clip(s->qlog + (int64_t)b->qlog, 0, QROOT*16);
const int qmul= ff_qexp[qlog&(QROOT-1)]<<(qlog>>QSHIFT);
const int qadd= (s->qbias*qmul)>>QBIAS_SHIFT;
int x,y;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] tools/target_dec_fuzzer: Adjust threshold for lagarith
ffmpeg | branch: master | Michael Niedermayer | Sun
Jun 7 19:08:01 2020 +0200| [0b182ff66d425cdd96232abdbc097b59d94b58a1] |
committer: Michael Niedermayer
tools/target_dec_fuzzer: Adjust threshold for lagarith
Fixes: Timeout (3minute 49 sec -> 3sec)
Fixes:
22020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-5708544679870464
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b182ff66d425cdd96232abdbc097b59d94b58a1
---
tools/target_dec_fuzzer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 66ee99a91d..1ecafb9c0c 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -159,6 +159,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t
size) {
case AV_CODEC_ID_HNM4_VIDEO: maxpixels /= 128; break;
case AV_CODEC_ID_IFF_ILBM:maxpixels /= 128; break;
case AV_CODEC_ID_INDEO4: maxpixels /= 128; break;
+case AV_CODEC_ID_LAGARITH:maxpixels /= 1024; break;
case AV_CODEC_ID_LSCR:maxpixels /= 16;break;
case AV_CODEC_ID_MOTIONPIXELS:maxpixels /= 256; break;
case AV_CODEC_ID_MP4ALS: maxsamples /= 65536; break;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] pthread_frame: change the way delay is set
ffmpeg | branch: release/4.3 | Anton Khirnov | Thu Jun 4
12:01:51 2020 +0200| [569a9d3d70324cf77391820155846a5b9d429ad5] | committer:
James Almer
pthread_frame: change the way delay is set
It is a constant known at codec init, so set it in
ff_frame_thread_init(). Also, only set it for video, since the meaning
of this field is not well-defined for audio with frame threading.
Fixes availability of delay in callbacks invoked from the per-thread
contexts after 1f4cf92cfbd3accbae582ac63126ed5570ddfd37.
(cherry picked from commit 6943ab688d0c75dbab3222b5b80457ab72a0615f)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=569a9d3d70324cf77391820155846a5b9d429ad5
---
libavcodec/pthread_frame.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
index 64121f5a9a..601f170447 100644
--- a/libavcodec/pthread_frame.c
+++ b/libavcodec/pthread_frame.c
@@ -310,7 +310,6 @@ static int update_context_from_thread(AVCodecContext *dst,
AVCodecContext *src,
}
if (for_user) {
-dst->delay = src->thread_count - 1;
#if FF_API_CODED_FRAME
FF_DISABLE_DEPRECATION_WARNINGS
dst->coded_frame = src->coded_frame;
@@ -790,6 +789,9 @@ int ff_frame_thread_init(AVCodecContext *avctx)
fctx->async_lock = 1;
fctx->delaying = 1;
+if (codec->type == AVMEDIA_TYPE_VIDEO)
+avctx->delay = src->thread_count - 1;
+
for (i = 0; i < thread_count; i++) {
AVCodecContext *copy = av_malloc(sizeof(AVCodecContext));
PerThreadContext *p = &fctx->threads[i];
@@ -827,6 +829,8 @@ int ff_frame_thread_init(AVCodecContext *avctx)
copy->internal->thread_ctx = p;
copy->internal->last_pkt_props = &p->avpkt;
+copy->delay = avctx->delay;
+
if (codec->priv_data_size) {
copy->priv_data = av_mallocz(codec->priv_data_size);
if (!copy->priv_data) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] mailmap: add entry for myself
ffmpeg | branch: master | Steven Liu | Fri Jun 12 14:30:02 2020 +0800| [38737b3d4e03e2a089083e38cd1fd6f9b4c3ddfd] | committer: Steven Liu mailmap: add entry for myself > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=38737b3d4e03e2a089083e38cd1fd6f9b4c3ddfd --- .mailmap | 1 + 1 file changed, 1 insertion(+) diff --git a/.mailmap b/.mailmap index 50b8c04526..d1925bfab0 100644 --- a/.mailmap +++ b/.mailmap @@ -19,3 +19,4 @@ rcombs + ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
