[FFmpeg-cvslog] swscale/utils: reindent
ffmpeg | branch: master | Limin Wang | Sat Jun 13
07:29:43 2020 +0800| [8efecc9063fd89184a51381074e5a6e6564e0608] | committer:
Limin Wang
swscale/utils: reindent
Reviewed-by: Michael Niedermayer
Signed-off-by: Limin Wang
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8efecc9063fd89184a51381074e5a6e6564e0608
---
libswscale/utils.c | 71 +++---
1 file changed, 36 insertions(+), 35 deletions(-)
diff --git a/libswscale/utils.c b/libswscale/utils.c
index ff99e79e0a..6e218ba067 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -1575,41 +1575,42 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
if (CONFIG_SWSCALE_ALPHA && isALPHA(srcFormat) && !isALPHA(dstFormat)) {
enum AVPixelFormat tmpFormat = alphaless_fmt(srcFormat);
-if (tmpFormat != AV_PIX_FMT_NONE && c->alphablend !=
SWS_ALPHA_BLEND_NONE)
-if (!unscaled ||
-dstFormat != tmpFormat ||
-usesHFilter || usesVFilter ||
-c->srcRange != c->dstRange
-) {
-c->cascaded_mainindex = 1;
-ret = av_image_alloc(c->cascaded_tmp, c->cascaded_tmpStride,
-srcW, srcH, tmpFormat, 64);
-if (ret < 0)
-return ret;
-
-c->cascaded_context[0] = sws_alloc_set_opts(srcW, srcH, srcFormat,
-srcW, srcH, tmpFormat,
-flags, c->param);
-if (!c->cascaded_context[0])
-return -1;
-c->cascaded_context[0]->alphablend = c->alphablend;
-ret = sws_init_context(c->cascaded_context[0], NULL , NULL);
-if (ret < 0)
-return ret;
-
-c->cascaded_context[1] = sws_alloc_set_opts(srcW, srcH, tmpFormat,
-dstW, dstH, dstFormat,
-flags, c->param);
-if (!c->cascaded_context[1])
-return -1;
-
-c->cascaded_context[1]->srcRange = c->srcRange;
-c->cascaded_context[1]->dstRange = c->dstRange;
-ret = sws_init_context(c->cascaded_context[1], srcFilter ,
dstFilter);
-if (ret < 0)
-return ret;
-
-return 0;
+if (tmpFormat != AV_PIX_FMT_NONE && c->alphablend !=
SWS_ALPHA_BLEND_NONE) {
+if (!unscaled ||
+dstFormat != tmpFormat ||
+usesHFilter || usesVFilter ||
+c->srcRange != c->dstRange
+) {
+c->cascaded_mainindex = 1;
+ret = av_image_alloc(c->cascaded_tmp, c->cascaded_tmpStride,
+ srcW, srcH, tmpFormat, 64);
+if (ret < 0)
+return ret;
+
+c->cascaded_context[0] = sws_alloc_set_opts(srcW, srcH,
srcFormat,
+srcW, srcH,
tmpFormat,
+flags, c->param);
+if (!c->cascaded_context[0])
+return -1;
+c->cascaded_context[0]->alphablend = c->alphablend;
+ret = sws_init_context(c->cascaded_context[0], NULL , NULL);
+if (ret < 0)
+return ret;
+
+c->cascaded_context[1] = sws_alloc_set_opts(srcW, srcH,
tmpFormat,
+dstW, dstH,
dstFormat,
+flags, c->param);
+if (!c->cascaded_context[1])
+return -1;
+
+c->cascaded_context[1]->srcRange = c->srcRange;
+c->cascaded_context[1]->dstRange = c->dstRange;
+ret = sws_init_context(c->cascaded_context[1], srcFilter ,
dstFilter);
+if (ret < 0)
+return ret;
+
+return 0;
+}
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale/utils: return better error code from initFilter()
ffmpeg | branch: master | Limin Wang | Sat Jun 13
13:52:20 2020 +0800| [67a07dc778107b7001cc1edd1693d72701c0d593] | committer:
Limin Wang
swscale/utils: return better error code from initFilter()
Reviewed-by: Michael Niedermayer
Signed-off-by: Limin Wang
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67a07dc778107b7001cc1edd1693d72701c0d593
---
libswscale/utils.c | 27 ++-
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/libswscale/utils.c b/libswscale/utils.c
index 6e218ba067..dcd1dbaa76 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -612,7 +612,7 @@ static av_cold int initFilter(int16_t **outFilter, int32_t
**filterPos,
av_assert0(filterSize > 0);
filter = av_malloc_array(dstW, filterSize * sizeof(*filter));
if (!filter)
-goto fail;
+goto nomem;
if (filterSize >= MAX_FILTER_SIZE * 16 /
((flags & SWS_ACCURATE_RND) ? APCK_SIZE : 16)) {
ret = RETCODE_USE_CASCADE;
@@ -1491,7 +1491,7 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
srcW, srcH, tmpFmt,
flags, NULL, NULL, c->param);
if (!c->cascaded_context[0]) {
-return -1;
+return AVERROR(ENOMEM);
}
c->cascaded_context[1] = sws_getContext(srcW, srcH, tmpFmt,
@@ -1499,7 +1499,7 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
flags, srcFilter, dstFilter,
c->param);
if (!c->cascaded_context[1])
-return -1;
+return AVERROR(ENOMEM);
c2 = c->cascaded_context[1];
c2->is_internal_gamma = 1;
@@ -1512,10 +1512,10 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
// to properly create the gamma convert FilterDescriptor
// we have to re-initialize it
ff_free_filters(c2);
-if (ff_init_filters(c2) < 0) {
+if ((ret = ff_init_filters(c2)) < 0) {
sws_freeContext(c2);
c->cascaded_context[1] = NULL;
-return -1;
+return ret;
}
c->cascaded_context[2] = NULL;
@@ -1529,7 +1529,7 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
dstW, dstH, dstFormat,
flags, NULL, NULL, c->param);
if (!c->cascaded_context[2])
-return -1;
+return AVERROR(ENOMEM);
}
return 0;
}
@@ -1548,13 +1548,13 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
srcW, srcH, tmpFormat,
flags, srcFilter, NULL,
c->param);
if (!c->cascaded_context[0])
-return -1;
+return AVERROR(ENOMEM);
c->cascaded_context[1] = sws_getContext(srcW, srcH, tmpFormat,
dstW, dstH, dstFormat,
flags, NULL, dstFilter,
c->param);
if (!c->cascaded_context[1])
-return -1;
+return AVERROR(ENOMEM);
return 0;
}
}
@@ -1591,7 +1591,7 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
srcW, srcH,
tmpFormat,
flags, c->param);
if (!c->cascaded_context[0])
-return -1;
+return AVERROR(EINVAL);
c->cascaded_context[0]->alphablend = c->alphablend;
ret = sws_init_context(c->cascaded_context[0], NULL , NULL);
if (ret < 0)
@@ -1601,7 +1601,7 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
dstW, dstH,
dstFormat,
flags, c->param);
if (!c->cascaded_context[1])
-return -1;
+return AVERROR(EINVAL);
c->cascaded_context[1]->srcRange = c->srcRange;
c->cascaded_context[1]->dstRange = c->dstRange;
@@ -1678,6 +1678,7 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
if ( mprotect(c->lumMmxextFilterCode,
c->lumMmxextFilterCodeSize, PROT_EXEC | PROT_READ) == -1
|| mprotect(c->chrMmxextFilterCode,
c->chrMmxextFilterCodeSize, PROT_EXEC | PROT_READ) == -1) {
av_log(c, AV_LOG_ERROR, "mprotect failed, cannot use fast
bilinear scaler\n");
+ret = AVERROR(EINVAL);
goto fail;
}
#en
[FFmpeg-cvslog] avcodec/smvjpegdec: remove uninitialized ret
ffmpeg | branch: master | Limin Wang | Sat Jun 13
07:50:22 2020 +0800| [01be03a4a0a81464aac1741bd393c09aaa8cc0e5] | committer:
Limin Wang
avcodec/smvjpegdec: remove uninitialized ret
Signed-off-by: Limin Wang
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01be03a4a0a81464aac1741bd393c09aaa8cc0e5
---
libavcodec/smvjpegdec.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavcodec/smvjpegdec.c b/libavcodec/smvjpegdec.c
index 209f3ff334..973a9117f2 100644
--- a/libavcodec/smvjpegdec.c
+++ b/libavcodec/smvjpegdec.c
@@ -79,13 +79,12 @@ static av_cold int smvjpeg_decode_end(AVCodecContext *avctx)
{
SMVJpegDecodeContext *s = avctx->priv_data;
MJpegDecodeContext *jpg = &s->jpg;
-int ret;
jpg->picture_ptr = NULL;
av_frame_free(&s->picture[0]);
av_frame_free(&s->picture[1]);
avcodec_free_context(&s->avctx);
-return ret;
+return 0;
}
static av_cold int smvjpeg_decode_init(AVCodecContext *avctx)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpegvideo: remove extra space
ffmpeg | branch: master | Limin Wang | Sat Jun 13
07:47:13 2020 +0800| [9bb46cf100be0229eca869a424c6af74306f337f] | committer:
Limin Wang
avcodec/mpegvideo: remove extra space
Reviewed-by: Michael Niedermayer
Signed-off-by: Limin Wang
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9bb46cf100be0229eca869a424c6af74306f337f
---
libavcodec/mpegvideo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mpegvideo.c b/libavcodec/mpegvideo.c
index 52a0ec371b..c28d1adef7 100644
--- a/libavcodec/mpegvideo.c
+++ b/libavcodec/mpegvideo.c
@@ -1112,7 +1112,7 @@ void ff_mpv_common_end(MpegEncContext *s)
int i;
if (!s)
-return ;
+return;
if (s->slice_context_count > 1) {
for (i = 0; i < s->slice_context_count; i++) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] swscale: make yuv2interleavedX more asm-friendly
ffmpeg | branch: master | Nelson Gomez | Sat Apr
25 19:37:01 2020 -0700| [7c39c3c1a6f35a6b47970417b1e273141eadb856] | committer:
Josh de Kock
swscale: make yuv2interleavedX more asm-friendly
Extracting information from SwsContext in assembly is difficult, and
rearranging SwsContext just for asm access didn't look good. These
functions only need a couple of fields from it anyway, so just make
them parameters in their own right.
Signed-off-by: Nelson Gomez
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7c39c3c1a6f35a6b47970417b1e273141eadb856
---
libswscale/output.c | 12 +---
libswscale/swscale_internal.h | 5 +++--
libswscale/vscale.c | 2 +-
3 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 257b07abbc..8903cf79b2 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -180,7 +180,7 @@ yuv2planeX_16_c_template(const int16_t *filter, int
filterSize,
}
}
-static void yuv2p016cX_c(SwsContext *c, const int16_t *chrFilter, int
chrFilterSize,
+static void yuv2p016cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither, const int16_t *chrFilter, int chrFilterSize,
const int16_t **chrUSrc, const int16_t **chrVSrc,
uint8_t *dest8, int chrDstW)
{
@@ -188,7 +188,7 @@ static void yuv2p016cX_c(SwsContext *c, const int16_t
*chrFilter, int chrFilterS
const int32_t **uSrc = (const int32_t **)chrUSrc;
const int32_t **vSrc = (const int32_t **)chrVSrc;
int shift = 15;
-int big_endian = c->dstFormat == AV_PIX_FMT_P016BE;
+int big_endian = dstFormat == AV_PIX_FMT_P016BE;
int i, j;
for (i = 0; i < chrDstW; i++) {
@@ -402,12 +402,10 @@ static void yuv2plane1_8_c(const int16_t *src, uint8_t
*dest, int dstW,
}
}
-static void yuv2nv12cX_c(SwsContext *c, const int16_t *chrFilter, int
chrFilterSize,
+static void yuv2nv12cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither, const int16_t *chrFilter, int chrFilterSize,
const int16_t **chrUSrc, const int16_t **chrVSrc,
uint8_t *dest, int chrDstW)
{
-enum AVPixelFormat dstFormat = c->dstFormat;
-const uint8_t *chrDither = c->chrDither8;
int i;
if (dstFormat == AV_PIX_FMT_NV12 ||
@@ -477,13 +475,13 @@ static void yuv2p010lX_c(const int16_t *filter, int
filterSize,
}
}
-static void yuv2p010cX_c(SwsContext *c, const int16_t *chrFilter, int
chrFilterSize,
+static void yuv2p010cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither, const int16_t *chrFilter, int chrFilterSize,
const int16_t **chrUSrc, const int16_t **chrVSrc,
uint8_t *dest8, int chrDstW)
{
uint16_t *dest = (uint16_t*)dest8;
int shift = 17;
-int big_endian = c->dstFormat == AV_PIX_FMT_P010BE;
+int big_endian = dstFormat == AV_PIX_FMT_P010BE;
int i, j;
for (i = 0; i < chrDstW; i++) {
diff --git a/libswscale/swscale_internal.h b/libswscale/swscale_internal.h
index ee46092ff6..b37d650967 100644
--- a/libswscale/swscale_internal.h
+++ b/libswscale/swscale_internal.h
@@ -119,7 +119,8 @@ typedef void (*yuv2planarX_fn)(const int16_t *filter, int
filterSize,
* Write one line of horizontally scaled chroma to interleaved output
* with multi-point vertical scaling between input pixels.
*
- * @param c SWS scaling context
+ * @param dstFormat destination pixel format
+ * @param chrDither ordered dither array of type uint8_t and size 8
* @param chrFilter vertical chroma scaling coefficients, 12 bits [0,4096]
* @param chrUSrc scaled chroma (U) source data, 15 bits for 8-10-bit
* output, 19 bits for 16-bit output (in int32_t)
@@ -130,7 +131,7 @@ typedef void (*yuv2planarX_fn)(const int16_t *filter, int
filterSize,
* output, this is in uint16_t
* @param dstW width of chroma planes
*/
-typedef void (*yuv2interleavedX_fn)(struct SwsContext *c,
+typedef void (*yuv2interleavedX_fn)(enum AVPixelFormat dstFormat, const
uint8_t *chrDither,
const int16_t *chrFilter,
int chrFilterSize,
const int16_t **chrUSrc,
diff --git a/libswscale/vscale.c b/libswscale/vscale.c
index 9ed227e908..500217239c 100644
--- a/libswscale/vscale.c
+++ b/libswscale/vscale.c
@@ -92,7 +92,7 @@ static int chr_planar_vscale(SwsContext *c,
SwsFilterDescriptor *desc, int slice
uint16_t *filter = inst->filter[0] + (inst->isMMX ? 0 : chrSliceY *
inst->filter_size);
if (c->yuv2nv12cX) {
-inst->pfn.yuv2interleavedX(c, filter, inst->filter_size, (const
int16_t**)src1, (const int16_t**)src2, dst1[0], dstW);
+inst->pfn.yuv2interleavedX(c->dstFormat, c->chrDither8, filter,
inst->filter_size, (const int16_t**)src1, (const int16_t*
[FFmpeg-cvslog] swscale/x86/output: add AVX2 version of yuv2nv12cX
ffmpeg | branch: master | Nelson Gomez | Sat Apr 25 19:37:02 2020 -0700| [bc01337db4d196b2c3597bfd1c4431edb8779159] | committer: Josh de Kock swscale/x86/output: add AVX2 version of yuv2nv12cX 256 bits is just wide enough to fit all the operands needed to vectorize the software implementation, but AVX2 is needed to for a couple of instructions like cross-lane permutation. Output is bit-for-bit identical to C. Signed-off-by: Nelson Gomez > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bc01337db4d196b2c3597bfd1c4431edb8779159 --- libswscale/x86/output.asm | 126 +- libswscale/x86/swscale.c | 28 +++ 2 files changed, 153 insertions(+), 1 deletion(-) diff --git a/libswscale/x86/output.asm b/libswscale/x86/output.asm index db3e9934f8..7f82665e1b 100644 --- a/libswscale/x86/output.asm +++ b/libswscale/x86/output.asm @@ -2,6 +2,7 @@ ;* x86-optimized vertical line scaling functions ;* Copyright (c) 2011 Ronald S. Bultje ;*Kieran Kunhya +;* (c) 2020 Nelson Gomez ;* ;* This file is part of FFmpeg. ;* @@ -22,7 +23,7 @@ %include "libavutil/x86/x86util.asm" -SECTION_RODATA +SECTION_RODATA 32 minshort: times 8 dw 0x8000 yuv2yuvX_16_start: times 4 dd 0x4000 - 0x4000 @@ -34,9 +35,20 @@ pd_4: times 4 dd 4 pd_4min0x4:times 4 dd 4 - (0x4) pw_16: times 8 dw 16 pw_32: times 8 dw 32 +pd_255:times 8 dd 255 pw_512:times 8 dw 512 pw_1024: times 8 dw 1024 +yuv2nv12_shuffle_mask: times 2 db 0, 4, 8, 12, \ + -1, -1, -1, -1, \ + -1, -1, -1, -1, \ + -1, -1, -1, -1 +yuv2nv21_shuffle_mask: times 2 db 4, 0, 12, 8, \ + -1, -1, -1, -1, \ + -1, -1, -1, -1, \ + -1, -1, -1, -1 +yuv2nv12_permute_mask: dd 0, 4, 1, 2, 3, 5, 6, 7 + SECTION .text ;- @@ -423,3 +435,115 @@ yuv2plane1_fn 9, 5, 3 yuv2plane1_fn 10, 5, 3 yuv2plane1_fn 16, 5, 3 %endif + +%undef movsx + +;- +; AVX2 yuv2nv12cX implementation +; +; void ff_yuv2nv12cX_avx2(enum AVPixelFormat format, const uint8_t *dither, +; const int16_t *filter, int filterSize, +; const int16_t **u, const int16_t **v, +; uint8_t *dst, int dstWidth) +; +; void ff_yuv2nv21cX_avx2(enum AVPixelFormat format, const uint8_t *dither, +; const int16_t *filter, int filterSize, +; const int16_t **u, const int16_t **v, +; uint8_t *dst, int dstWidth) +;- + +%if ARCH_X86_64 +%macro yuv2nv12cX_fn 1 +cglobal %1cX, 8, 11, 13, tmp1, dither, filter, filterSize, u, v, dst, dstWidth + +mov tmp1q, qword [ditherq] +movq xm0, tmp1q +ror tmp1q, 24 +movq xm1, tmp1q + +pmovzxbd m0, xm0 +pslld m0, m0, 12; ditherLo +pmovzxbd m1, xm1 +pslld m1, m1, 12; ditherHi + +pxor m9, m9 ; uint8_min dwords +mova m10, [pd_255] ; uint8_max dwords +mova m11, [%1_shuffle_mask] ; shuffle_mask +mova m12, [yuv2nv12_permute_mask] ; permute mask + +DEFINE_ARGS tmp1, tmp2, filter, filterSize, u, v, dst, dstWidth + +xor r8q, r8q + +nv12_outer_%1: +mova m2, m0 ; resultLo +mova m3, m1 ; resultHi +xor r9q, r9q + +nv12_inner_%1: +movsx r10d, word [filterq + (2 * r9q)] +movd xm4, r10d +vpbroadcastd m4, xm4; filter + +mov tmp1q, [uq + (gprsize * r9q)] +mova xm7, oword [tmp1q + 2 * r8q] + +mov tmp2q, [vq + (gprsize * r9q)] +mova xm8, oword [tmp2q + 2 * r8q] + +punpcklwd xm5, xm7, xm8 +pmovsxwd m5, xm5; multiplicandsLo +punpckhwd xm6, xm7, xm8 +pmovsxwd m6, xm6; multiplicandsHi + +pmulld m7, m5, m4 ; mulResultLo +pmulld m8, m6, m4 ; mulResultHi +paddd m2, m2, m7; resultLo += mulResultLo +paddd m3, m3, m8; resultHi += mulResultHi + +inc r9d +cmp r9d, filterSized +jl nv12_inner_%1 +; end of inner loop + +psrad m2, m2, 19 +psrad m3, m3, 19 + +; Vectorized av_clip_uint8 +pmaxsd m2, m2, m9 +pmaxsd m3, m3, m9 +pminsd m2, m2, m10 +pminsd m3, m3, m10 + +; At this point we have clamped uint8s arranged in this order: +; m2: u1 0 0 0 v1 0 0 0 [...] +; m3: u5 0 0 0 v5 0 0 0 [...] +; +
[FFmpeg-cvslog] swscale: cosmetic fixes
ffmpeg | branch: master | Nelson Gomez | Sat Apr
25 19:37:03 2020 -0700| [360be03b8ad878aba5f8ffa69e106c201d8cae8a] | committer:
Josh de Kock
swscale: cosmetic fixes
Signed-off-by: Nelson Gomez
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=360be03b8ad878aba5f8ffa69e106c201d8cae8a
---
libswscale/output.c | 13 -
libswscale/swscale_internal.h | 3 ++-
2 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/libswscale/output.c b/libswscale/output.c
index 8903cf79b2..4ef436e7e4 100644
--- a/libswscale/output.c
+++ b/libswscale/output.c
@@ -180,7 +180,8 @@ yuv2planeX_16_c_template(const int16_t *filter, int
filterSize,
}
}
-static void yuv2p016cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither, const int16_t *chrFilter, int chrFilterSize,
+static void yuv2p016cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither,
+ const int16_t *chrFilter, int chrFilterSize,
const int16_t **chrUSrc, const int16_t **chrVSrc,
uint8_t *dest8, int chrDstW)
{
@@ -402,9 +403,10 @@ static void yuv2plane1_8_c(const int16_t *src, uint8_t
*dest, int dstW,
}
}
-static void yuv2nv12cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither, const int16_t *chrFilter, int chrFilterSize,
-const int16_t **chrUSrc, const int16_t **chrVSrc,
-uint8_t *dest, int chrDstW)
+static void yuv2nv12cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither,
+ const int16_t *chrFilter, int chrFilterSize,
+ const int16_t **chrUSrc, const int16_t **chrVSrc,
+ uint8_t *dest, int chrDstW)
{
int i;
@@ -475,7 +477,8 @@ static void yuv2p010lX_c(const int16_t *filter, int
filterSize,
}
}
-static void yuv2p010cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither, const int16_t *chrFilter, int chrFilterSize,
+static void yuv2p010cX_c(enum AVPixelFormat dstFormat, const uint8_t
*chrDither,
+ const int16_t *chrFilter, int chrFilterSize,
const int16_t **chrUSrc, const int16_t **chrVSrc,
uint8_t *dest8, int chrDstW)
{
diff --git a/libswscale/swscale_internal.h b/libswscale/swscale_internal.h
index b37d650967..1a1b6f0dee 100644
--- a/libswscale/swscale_internal.h
+++ b/libswscale/swscale_internal.h
@@ -131,7 +131,8 @@ typedef void (*yuv2planarX_fn)(const int16_t *filter, int
filterSize,
* output, this is in uint16_t
* @param dstW width of chroma planes
*/
-typedef void (*yuv2interleavedX_fn)(enum AVPixelFormat dstFormat, const
uint8_t *chrDither,
+typedef void (*yuv2interleavedX_fn)(enum AVPixelFormat dstFormat,
+const uint8_t *chrDither,
const int16_t *chrFilter,
int chrFilterSize,
const int16_t **chrUSrc,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
ffmpeg | branch: master | Michael Niedermayer | Sat
Jun 13 11:56:01 2020 +0200| [e53235f06c229a23d3241b47e32647019161fb7c] |
committer: Michael Niedermayer
avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes
for studio profile
Fixes: out of array access
Fixes:
23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e53235f06c229a23d3241b47e32647019161fb7c
---
libavcodec/mpeg4videodec.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index 45934779a9..58ee62641c 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -3134,6 +3134,7 @@ static int decode_studio_vol_header(Mpeg4DecContext *ctx,
GetBitContext *gb)
MpegEncContext *s = &ctx->m;
int width, height;
int bits_per_raw_sample;
+int rgb, chroma_format;
// random_accessible_vol and video_object_type_indication have
already
// been read by the caller decode_vol_header()
@@ -3141,28 +3142,36 @@ static int decode_studio_vol_header(Mpeg4DecContext
*ctx, GetBitContext *gb)
ctx->shape = get_bits(gb, 2); /* video_object_layer_shape */
skip_bits(gb, 4); /* video_object_layer_shape_extension */
skip_bits1(gb); /* progressive_sequence */
+if (ctx->shape != RECT_SHAPE) {
+avpriv_request_sample(s->avctx, "MPEG-4 Studio profile non
rectangular shape");
+return AVERROR_PATCHWELCOME;
+}
if (ctx->shape != BIN_ONLY_SHAPE) {
-ctx->rgb = get_bits1(gb); /* rgb_components */
-s->chroma_format = get_bits(gb, 2); /* chroma_format */
-if (!s->chroma_format) {
+rgb = get_bits1(gb); /* rgb_components */
+chroma_format = get_bits(gb, 2); /* chroma_format */
+if (!chroma_format || chroma_format == CHROMA_420 || (rgb &&
chroma_format == CHROMA_422)) {
av_log(s->avctx, AV_LOG_ERROR, "illegal chroma format\n");
return AVERROR_INVALIDDATA;
}
bits_per_raw_sample = get_bits(gb, 4); /* bit_depth */
if (bits_per_raw_sample == 10) {
-if (ctx->rgb) {
+if (rgb) {
s->avctx->pix_fmt = AV_PIX_FMT_GBRP10;
}
else {
-s->avctx->pix_fmt = s->chroma_format == CHROMA_422 ?
AV_PIX_FMT_YUV422P10 : AV_PIX_FMT_YUV444P10;
+s->avctx->pix_fmt = chroma_format == CHROMA_422 ?
AV_PIX_FMT_YUV422P10 : AV_PIX_FMT_YUV444P10;
}
}
else {
avpriv_request_sample(s->avctx, "MPEG-4 Studio profile
bit-depth %u", bits_per_raw_sample);
return AVERROR_PATCHWELCOME;
}
+if (rgb != ctx->rgb || s->chroma_format != chroma_format)
+s->context_reinit = 1;
s->avctx->bits_per_raw_sample = bits_per_raw_sample;
+ctx->rgb = rgb;
+s->chroma_format = chroma_format;
}
if (ctx->shape == RECT_SHAPE) {
check_marker(s->avctx, gb, "before video_object_layer_width");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/iff: Fix off by x error
ffmpeg | branch: master | Michael Niedermayer | Sat
Jun 13 10:48:14 2020 +0200| [51225dee0a6266780d26d43bd6802bbcf736327e] |
committer: Michael Niedermayer
avcodec/iff: Fix off by x error
Fixes: out of array access
Fixes:
23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=51225dee0a6266780d26d43bd6802bbcf736327e
---
libavcodec/iff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index 66879cbf5d..79f6215c77 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -723,7 +723,7 @@ static void decode_deep_rle32(uint8_t *dst, const uint8_t
*src, int src_size, in
if (opcode >= 0) {
int size = opcode + 1;
for (i = 0; i < size; i++) {
-int length = FFMIN(size - i, width);
+int length = FFMIN(size - i, width - x);
if (src_end - src < length * 4)
return;
memcpy(dst + y*linesize + x * 4, src, length * 4);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Cleanup after ape_read_header() failure
ffmpeg | branch: master | Michael Niedermayer | Sat
Jun 13 11:13:21 2020 +0200| [9b5fc789fb52af8769ec66e634ea362a67cb5d06] |
committer: Michael Niedermayer
avformat/ape: Cleanup after ape_read_header() failure
Fixes: memleaks
Fixes:
23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b5fc789fb52af8769ec66e634ea362a67cb5d06
---
libavformat/ape.c | 26 +++---
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index ed6752a415..39a584aa98 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -83,6 +83,8 @@ typedef struct APEContext {
uint8_t *bittable;
} APEContext;
+static int ape_read_close(AVFormatContext * s);
+
static int ape_probe(const AVProbeData * p)
{
int version = AV_RL16(p->buf+4);
@@ -281,14 +283,18 @@ static int ape_read_header(AVFormatContext * s)
if (ape->seektablelength > 0) {
ape->seektable = av_mallocz(ape->seektablelength);
-if (!ape->seektable)
-return AVERROR(ENOMEM);
+if (!ape->seektable) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
for (i = 0; i < ape->seektablelength / sizeof(uint32_t) &&
!pb->eof_reached; i++)
ape->seektable[i] = avio_rl32(pb);
if (ape->fileversion < 3810) {
ape->bittable = av_mallocz(ape->totalframes);
-if (!ape->bittable)
-return AVERROR(ENOMEM);
+if (!ape->bittable) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
for (i = 0; i < ape->totalframes && !pb->eof_reached; i++)
ape->bittable[i] = avio_r8(pb);
}
@@ -341,8 +347,10 @@ static int ape_read_header(AVFormatContext * s)
/* now we are ready: build format streams */
st = avformat_new_stream(s, NULL);
-if (!st)
-return AVERROR(ENOMEM);
+if (!st) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
total_blocks = (ape->totalframes == 0) ? 0 : ((ape->totalframes - 1) *
ape->blocksperframe) + ape->finalframeblocks;
@@ -359,7 +367,7 @@ static int ape_read_header(AVFormatContext * s)
avpriv_set_pts_info(st, 64, 1, ape->samplerate);
if ((ret = ff_alloc_extradata(st->codecpar, APE_EXTRADATA_SIZE)) < 0)
-return ret;
+goto fail;
AV_WL16(st->codecpar->extradata + 0, ape->fileversion);
AV_WL16(st->codecpar->extradata + 2, ape->compressiontype);
AV_WL16(st->codecpar->extradata + 4, ape->formatflags);
@@ -378,6 +386,10 @@ static int ape_read_header(AVFormatContext * s)
}
return 0;
+fail:
+ape_read_close(s);
+
+return ret;
}
static int ape_read_packet(AVFormatContext * s, AVPacket * pkt)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/pixlet: Fix log(0) check
ffmpeg | branch: master | Michael Niedermayer | Sat
Jun 13 11:21:52 2020 +0200| [bd0f81526d3f4c23ecd0a399829103be2445c011] |
committer: Michael Niedermayer
avcodec/pixlet: Fix log(0) check
Fixes: passing zero to clz(), which is not a valid argument
Fixes:
23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd0f81526d3f4c23ecd0a399829103be2445c011
---
libavcodec/pixlet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/pixlet.c b/libavcodec/pixlet.c
index 7b068b1ce5..78f571cd5f 100644
--- a/libavcodec/pixlet.c
+++ b/libavcodec/pixlet.c
@@ -221,7 +221,7 @@ static int read_high_coeffs(AVCodecContext *avctx, uint8_t
*src, int16_t *dst,
length = 25 - nbits;
while (i < size) {
-if (state >> 8 != -3)
+if (((state >> 8) + 3) & 0xFFF)
value = ff_clz((state >> 8) + 3) ^ 0x1F;
else
value = -1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/oggdec: Disable mid stream codec changes
ffmpeg | branch: master | Michael Niedermayer | Sat Jun 13 12:36:49 2020 +0200| [70277f12328fb052c2c758fa7f4eb36b9ea89638] | committer: Michael Niedermayer avformat/oggdec: Disable mid stream codec changes Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768 Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Lynne on IRC Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=70277f12328fb052c2c758fa7f4eb36b9ea89638 --- libavformat/oggdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 9eb45499c6..a456c3df60 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -226,9 +226,10 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial, char *magic, return AVERROR_INVALIDDATA; } -/* We only have a single stream anyway, so if there's a new stream with - * a different codec just replace it */ os = &ogg->streams[0]; +if (os->codec != codec) +return AVERROR(EINVAL); + os->serial = serial; os->codec = codec; os->serial = serial; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/sonic: Fix several integer state overflows
ffmpeg | branch: master | Michael Niedermayer | Sun
May 10 21:09:45 2020 +0200| [61d9bf514de0acf256aa554e0c431e7c91e42a5c] |
committer: Michael Niedermayer
avcodec/sonic: Fix several integer state overflows
Fixes: signed integer overflow: -234 * -14797801 cannot be represented in type
'int'
Fixes:
20492/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776
Fixes:
22275/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5695924975435776
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=61d9bf514de0acf256aa554e0c431e7c91e42a5c
---
libavcodec/sonic.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c
index b82c44344c..ea6ef10c9e 100644
--- a/libavcodec/sonic.c
+++ b/libavcodec/sonic.c
@@ -458,8 +458,8 @@ static void predictor_init_state(int *k, int *state, int
order)
for (j = 0, p = i+1; p < order; j++,p++)
{
-int tmp = x + shift_down(k[j] * state[p], LATTICE_SHIFT);
-state[p] += shift_down(k[j]*x, LATTICE_SHIFT);
+int tmp = x + shift_down(k[j] * (unsigned)state[p], LATTICE_SHIFT);
+state[p] += shift_down(k[j]* (unsigned)x, LATTICE_SHIFT);
x = tmp;
}
}
@@ -467,7 +467,7 @@ static void predictor_init_state(int *k, int *state, int
order)
static int predictor_calc_error(int *k, int *state, int order, int error)
{
-int i, x = error - shift_down(k[order-1] * state[order-1], LATTICE_SHIFT);
+int i, x = error - shift_down(k[order-1] * (unsigned)state[order-1],
LATTICE_SHIFT);
#if 1
int *k_ptr = &(k[order-2]),
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeg2000dec: Fix/check for multiple integer overflows
ffmpeg | branch: master | Michael Niedermayer | Thu
Jun 11 22:45:27 2020 +0200| [c579ceffbe30d048c7448c5e9238fc52094de630] |
committer: Michael Niedermayer
avcodec/jpeg2000dec: Fix/check for multiple integer overflows
Fixes: shift exponent 35 is too large for 32-bit type 'int'
Fixes:
22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c579ceffbe30d048c7448c5e9238fc52094de630
---
libavcodec/jpeg2000dec.c | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index b7766459c4..ab36009a2d 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -612,12 +612,19 @@ static int get_rgn(Jpeg2000DecoderContext *s, int n)
// Currently compno cannot be greater than 4.
// However, future implementation should support compno up to 65536
if (compno < s->ncomponents) {
-if (s->curtileno == -1)
-s->roi_shift[compno] = bytestream2_get_byte(&s->g);
-else {
+int v;
+if (s->curtileno == -1) {
+v = bytestream2_get_byte(&s->g);
+if (v > 30)
+return AVERROR_PATCHWELCOME;
+s->roi_shift[compno] = v;
+} else {
if (s->tile[s->curtileno].tp_idx != 0)
return AVERROR_INVALIDDATA; // marker occurs only in first
tile part of tile
-s->tile[s->curtileno].comp[compno].roi_shift =
bytestream2_get_byte(&s->g);
+v = bytestream2_get_byte(&s->g);
+if (v > 30)
+return AVERROR_PATCHWELCOME;
+s->tile[s->curtileno].comp[compno].roi_shift = v;
}
return 0;
}
@@ -1669,8 +1676,8 @@ static int decode_cblk(Jpeg2000DecoderContext *s,
Jpeg2000CodingStyle *codsty,
ff_mqc_initdec(&t1->mqc, cblk->data, 0, 1);
while (passno--) {
-if (bpno < 0) {
-av_log(s->avctx, AV_LOG_ERROR, "bpno became negative\n");
+if (bpno < 0 || bpno > 29) {
+av_log(s->avctx, AV_LOG_ERROR, "bpno became invalid\n");
return AVERROR_INVALIDDATA;
}
switch(pass_t) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
ffmpeg | branch: master | Michael Niedermayer | Thu
Jun 11 22:22:57 2020 +0200| [e361785ee05cc75d3caacf2f254160b0336f5358] |
committer: Michael Niedermayer
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type
'int'
Fixes:
22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e361785ee05cc75d3caacf2f254160b0336f5358
---
libavcodec/mpeg4videodec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index 58ee62641c..14fb79261d 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -610,7 +610,7 @@ static inline int get_amv(Mpeg4DecContext *ctx, int n)
dy -= 1 << (shift + a + 1);
else
dx -= 1 << (shift + a + 1);
-mb_v = s->sprite_offset[0][n] + dx * s->mb_x * 16 + dy * s->mb_y * 16;
+mb_v = s->sprite_offset[0][n] + dx * s->mb_x * 16U + dy * s->mb_y *
16U;
sum = 0;
for (y = 0; y < 16; y++) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/sonic: Fix several integer overflows
ffmpeg | branch: master | Michael Niedermayer | Thu
Feb 20 19:56:39 2020 +0100| [75d520e33704447f1b29ac47fd9e40994a6bc659] |
committer: Michael Niedermayer
avcodec/sonic: Fix several integer overflows
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented
in type 'int'
Fixes:
20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=75d520e33704447f1b29ac47fd9e40994a6bc659
---
libavcodec/sonic.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c
index c975774b04..b82c44344c 100644
--- a/libavcodec/sonic.c
+++ b/libavcodec/sonic.c
@@ -140,7 +140,8 @@ static inline av_flatten int get_symbol(RangeCoder *c,
uint8_t *state, int is_si
if(get_rac(c, state+0))
return 0;
else{
-int i, e, a;
+int i, e;
+unsigned a;
e= 0;
while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10
e++;
@@ -474,7 +475,7 @@ static int predictor_calc_error(int *k, int *state, int
order, int error)
for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--)
{
int k_value = *k_ptr, state_value = *state_ptr;
-x -= shift_down(k_value * state_value, LATTICE_SHIFT);
+x -= shift_down(k_value * (unsigned)state_value, LATTICE_SHIFT);
state_ptr[1] = state_value + shift_down(k_value * (unsigned)x,
LATTICE_SHIFT);
}
#else
@@ -1044,7 +1045,7 @@ static int sonic_decode_frame(AVCodecContext *avctx,
x += s->channels;
}
-s->int_samples[x] = predictor_calc_error(s->predictor_k,
s->predictor_state[ch], s->num_taps, s->coded_samples[ch][i] * quant);
+s->int_samples[x] = predictor_calc_error(s->predictor_k,
s->predictor_state[ch], s->num_taps, s->coded_samples[ch][i] * (unsigned)quant);
x += s->channels;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
ffmpeg | branch: master | Michael Niedermayer | Sun
Jun 7 19:24:10 2020 +0200| [c0dfe134beefde4070d43910518b1f4a58f01794] |
committer: Michael Niedermayer
avcodec/lossless_audiodsp: Fix undefined overflows in
scalarproduct_and_madd_int16_c()
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in
type 'int'
Fixes:
22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-595839681920
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c0dfe134beefde4070d43910518b1f4a58f01794
---
libavcodec/lossless_audiodsp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/lossless_audiodsp.c b/libavcodec/lossless_audiodsp.c
index 3a9f9b20bb..378165924d 100644
--- a/libavcodec/lossless_audiodsp.c
+++ b/libavcodec/lossless_audiodsp.c
@@ -27,7 +27,7 @@ static int32_t scalarproduct_and_madd_int16_c(int16_t *v1,
const int16_t *v2,
const int16_t *v3,
int order, int mul)
{
-int res = 0;
+unsigned res = 0;
do {
res += *v1 * *v2++;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/utils: Print analyze duration and probesize when printing a suggestion to increase them
ffmpeg | branch: master | Michael Niedermayer | Mon
Jun 8 11:07:27 2020 +0200| [04ddace9e880172a5206e931fd12ce98662e1f6d] |
committer: Michael Niedermayer
avformat/utils: Print analyze duration and probesize when printing a suggestion
to increase them
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04ddace9e880172a5206e931fd12ce98662e1f6d
---
libavformat/utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 667249362c..45a4179552 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -4132,8 +4132,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
avcodec_string(buf, sizeof(buf), st->internal->avctx, 0);
av_log(ic, AV_LOG_WARNING,
"Could not find codec parameters for stream %d (%s): %s\n"
- "Consider increasing the value for the 'analyzeduration'
and 'probesize' options\n",
- i, buf, errmsg);
+ "Consider increasing the value for the 'analyzeduration'
(%"PRId64") and 'probesize' (%"PRId64") options\n",
+ i, buf, errmsg, ic->max_analyze_duration, ic->probesize);
} else {
ret = 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffwavesynth: Avoid undefined operation on ts overflow
ffmpeg | branch: master | Michael Niedermayer | Sat
Jun 13 21:47:03 2020 +0200| [584d334afd59714ed04637a9227a4f1368c26166] |
committer: Michael Niedermayer
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
Alternatively these conditions could be treated as errors
Fixes:
23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented
in type 'int64_t' (aka 'long')
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=584d334afd59714ed04637a9227a4f1368c26166
---
libavcodec/ffwavesynth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c
index a446aa2fdf..8d3ac81aef 100644
--- a/libavcodec/ffwavesynth.c
+++ b/libavcodec/ffwavesynth.c
@@ -444,7 +444,7 @@ static int wavesynth_decode(AVCodecContext *avc, void
*rframe, int *rgot_frame,
if (r < 0)
return r;
pcm = (int16_t *)frame->data[0];
-for (s = 0; s < duration; s++, ts++) {
+for (s = 0; s < duration; s++, ts+=(uint64_t)1) {
memset(channels, 0, avc->channels * sizeof(*channels));
if (ts >= ws->next_ts)
wavesynth_enter_intervals(ws, ts);
@@ -452,7 +452,7 @@ static int wavesynth_decode(AVCodecContext *avc, void
*rframe, int *rgot_frame,
for (c = 0; c < avc->channels; c++)
*(pcm++) = channels[c] >> 16;
}
-ws->cur_ts += duration;
+ws->cur_ts += (uint64_t)duration;
*rgot_frame = 1;
return packet->size;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mv30: check mode_size vs. input space
ffmpeg | branch: master | Michael Niedermayer | Sat Jun 13 16:03:14 2020 +0200| [75e2ac4f0752649a0b9486e6825ef68341ee974d] | committer: Michael Niedermayer avcodec/mv30: check mode_size vs. input space Fixes: Timeout (longer than my patience vs 1sec) Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=75e2ac4f0752649a0b9486e6825ef68341ee974d --- libavcodec/mv30.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mv30.c b/libavcodec/mv30.c index 013a5753fe..76b9170eaf 100644 --- a/libavcodec/mv30.c +++ b/libavcodec/mv30.c @@ -410,6 +410,9 @@ static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame int ret; mgb = *gb; +if (get_bits_left(gb) < s->mode_size * 8) +return AVERROR_INVALIDDATA; + skip_bits_long(gb, s->mode_size * 8); linesize[0] = frame->linesize[0]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/libzvbi-teletextdec: fix txt_default_region limits
ffmpeg | branch: master | Marton Balint | Tue Jun 9 01:31:00
2020 +0200| [16d29c1be80eda9ab5e2fb92b9cd300a88e5d449] | committer: Marton
Balint
avcodec/libzvbi-teletextdec: fix txt_default_region limits
Max region ID is 87. Also the region affects not only the G0 charset but G2 and
the national subset as well.
Signed-off-by: Marton Balint
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=16d29c1be80eda9ab5e2fb92b9cd300a88e5d449
---
doc/decoders.texi| 2 +-
libavcodec/libzvbi-teletextdec.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/decoders.texi b/doc/decoders.texi
index 0c5a39bc9c..9005714e3c 100644
--- a/doc/decoders.texi
+++ b/doc/decoders.texi
@@ -317,7 +317,7 @@ list are dropped. You may use the special @code{*} string
to match all pages,
or @code{subtitle} to match all subtitle pages.
Default value is *.
@item txt_default_region
-Set default G0 character set used for decoding, a value between 0 and 80 (see
+Set default character set used for decoding, a value between 0 and 87 (see
ETS 300 706, Section 15, Table 32). Default value is -1, which does not
override the libzvbi default. This option is needed for some legacy level 1.0
transmissions which cannot signal the proper charset.
diff --git a/libavcodec/libzvbi-teletextdec.c b/libavcodec/libzvbi-teletextdec.c
index 8031b02286..0cc389a28e 100644
--- a/libavcodec/libzvbi-teletextdec.c
+++ b/libavcodec/libzvbi-teletextdec.c
@@ -797,7 +797,7 @@ static void teletext_flush(AVCodecContext *avctx)
#define SD AV_OPT_FLAG_SUBTITLE_PARAM | AV_OPT_FLAG_DECODING_PARAM
static const AVOption options[] = {
{"txt_page","page numbers to decode, subtitle for subtitles, * for
all", OFFSET(pgno), AV_OPT_TYPE_STRING, {.str = "*"}, 0, 0,SD},
-{"txt_default_region", "default G0 character set used for decoding",
OFFSET(default_region), AV_OPT_TYPE_INT,{.i64 = -1}, -1, 80, SD},
+{"txt_default_region", "default G0 character set used for decoding",
OFFSET(default_region), AV_OPT_TYPE_INT,{.i64 = -1}, -1, 87, SD},
{"txt_chop_top","discards the top teletext line",
OFFSET(chop_top), AV_OPT_TYPE_INT,{.i64 = 1},0, 1,SD},
{"txt_format", "format of the subtitles (bitmap or text or ass)",
OFFSET(format_id), AV_OPT_TYPE_INT,{.i64 = 0},0, 2,SD,
"txt_format"},
{"bitmap", NULL,
0, AV_OPT_TYPE_CONST, {.i64 = 0},0, 0,SD,
"txt_format"},
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: free duplicated utf16 strings
ffmpeg | branch: master | Michael Niedermayer | Sun Jun 14 19:45:05 2020 +0200| [0aa2768cb275bda9e9e1331ed95adc7cd686eafe] | committer: Michael Niedermayer avformat/mxfdec: free duplicated utf16 strings Fixes: memleak Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744 Suggested-by: Marton Balint Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0aa2768cb275bda9e9e1331ed95adc7cd686eafe --- libavformat/mxfdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index a60bdfeade..90546d42b3 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -867,6 +867,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i return AVERROR(EINVAL); buf_size = size + size / 2 + 1; +av_free(*str); *str = av_malloc(buf_size); if (!*str) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/4xm: Check that a video stream was created before returning packets for it
ffmpeg | branch: master | Michael Niedermayer | Sun
Jun 14 19:51:23 2020 +0200| [c517c3f4741b6897ea952d1fba199c93c5217cfe] |
committer: Michael Niedermayer
avformat/4xm: Check that a video stream was created before returning packets
for it
Fixes: assertion failure
Fixes:
23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c517c3f4741b6897ea952d1fba199c93c5217cfe
---
libavformat/4xm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/4xm.c b/libavformat/4xm.c
index 5f0504b13e..6a227a0b0d 100644
--- a/libavformat/4xm.c
+++ b/libavformat/4xm.c
@@ -218,6 +218,7 @@ static int fourxm_read_header(AVFormatContext *s)
fourxm->track_count = 0;
fourxm->tracks = NULL;
fourxm->fps = (AVRational){1,1};
+fourxm->video_stream_index = -1;
/* skip the first 3 32-bit numbers */
avio_skip(pb, 12);
@@ -326,6 +327,8 @@ static int fourxm_read_packet(AVFormatContext *s,
* and size */
if (size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - 8)
return AVERROR_INVALIDDATA;
+if (fourxm->video_stream_index < 0)
+return AVERROR_INVALIDDATA;
if ((ret = av_new_packet(pkt, size + 8)) < 0)
return ret;
pkt->stream_index = fourxm->video_stream_index;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/url: check return value of strchr
ffmpeg | branch: release/4.3 | Steven Liu | Thu May 28
10:41:25 2020 +0800| [cfec756a6d63163ef7982c53b11e9f9bdb0555b0] | committer:
Marton Balint
avformat/url: check return value of strchr
fix ticket: 8687
workflow should return if there have no value of strchr
Signed-off-by: Steven Liu
(cherry picked from commit 029ff31af6801dd2bca1b543575e17eaaa6b0772)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cfec756a6d63163ef7982c53b11e9f9bdb0555b0
---
libavformat/url.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/url.c b/libavformat/url.c
index 6956f6dc10..20463a6674 100644
--- a/libavformat/url.c
+++ b/libavformat/url.c
@@ -90,6 +90,8 @@ static void trim_double_dot_url(char *buf, const char *rel,
int size)
if (p && (sep = strstr(p, "://"))) {
sep += 3;
root = strchr(sep, '/');
+if (!root)
+return;
}
/* set new current position if the root node is changed */
@@ -150,6 +152,7 @@ void ff_make_absolute_url(char *buf, int size, const char
*base,
}
/* If rel actually is an absolute url, just copy it */
if (!base || strstr(rel, "://") || rel[0] == '/') {
+memset(buf, 0, size);
trim_double_dot_url(buf, rel, size);
return;
}
@@ -177,6 +180,8 @@ void ff_make_absolute_url(char *buf, int size, const char
*base,
if (sep) {
sep += 3;
root = strchr(sep, '/');
+if (!root)
+return;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/libzvbi-teletextdec: fix txt_default_region limits
ffmpeg | branch: release/4.3 | Marton Balint | Tue Jun 9
01:31:00 2020 +0200| [cdf88b5a0cb072b8a0319c466046fe410fe8341a] | committer:
Marton Balint
avcodec/libzvbi-teletextdec: fix txt_default_region limits
Max region ID is 87. Also the region affects not only the G0 charset but G2 and
the national subset as well.
Signed-off-by: Marton Balint
(cherry picked from commit 16d29c1be80eda9ab5e2fb92b9cd300a88e5d449)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cdf88b5a0cb072b8a0319c466046fe410fe8341a
---
doc/decoders.texi| 2 +-
libavcodec/libzvbi-teletextdec.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/decoders.texi b/doc/decoders.texi
index 0c5a39bc9c..9005714e3c 100644
--- a/doc/decoders.texi
+++ b/doc/decoders.texi
@@ -317,7 +317,7 @@ list are dropped. You may use the special @code{*} string
to match all pages,
or @code{subtitle} to match all subtitle pages.
Default value is *.
@item txt_default_region
-Set default G0 character set used for decoding, a value between 0 and 80 (see
+Set default character set used for decoding, a value between 0 and 87 (see
ETS 300 706, Section 15, Table 32). Default value is -1, which does not
override the libzvbi default. This option is needed for some legacy level 1.0
transmissions which cannot signal the proper charset.
diff --git a/libavcodec/libzvbi-teletextdec.c b/libavcodec/libzvbi-teletextdec.c
index 8031b02286..0cc389a28e 100644
--- a/libavcodec/libzvbi-teletextdec.c
+++ b/libavcodec/libzvbi-teletextdec.c
@@ -797,7 +797,7 @@ static void teletext_flush(AVCodecContext *avctx)
#define SD AV_OPT_FLAG_SUBTITLE_PARAM | AV_OPT_FLAG_DECODING_PARAM
static const AVOption options[] = {
{"txt_page","page numbers to decode, subtitle for subtitles, * for
all", OFFSET(pgno), AV_OPT_TYPE_STRING, {.str = "*"}, 0, 0,SD},
-{"txt_default_region", "default G0 character set used for decoding",
OFFSET(default_region), AV_OPT_TYPE_INT,{.i64 = -1}, -1, 80, SD},
+{"txt_default_region", "default G0 character set used for decoding",
OFFSET(default_region), AV_OPT_TYPE_INT,{.i64 = -1}, -1, 87, SD},
{"txt_chop_top","discards the top teletext line",
OFFSET(chop_top), AV_OPT_TYPE_INT,{.i64 = 1},0, 1,SD},
{"txt_format", "format of the subtitles (bitmap or text or ass)",
OFFSET(format_id), AV_OPT_TYPE_INT,{.i64 = 0},0, 2,SD,
"txt_format"},
{"bitmap", NULL,
0, AV_OPT_TYPE_CONST, {.i64 = 0},0, 0,SD,
"txt_format"},
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: check output string is usable of ff_make_absolute_url
ffmpeg | branch: release/4.3 | Steven Liu | Thu May 28
10:41:26 2020 +0800| [0c37321362a1d359f555cbc65ebcc9770628311e] | committer:
Marton Balint
avformat/hls: check output string is usable of ff_make_absolute_url
fix ticket: 8688
should goto failed workflow if cannot get usable string by ff_make_absolute_url
Signed-off-by: Steven Liu
(cherry picked from commit ea1940c6e2ead234f6e563c095bb67d352e3328f)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0c37321362a1d359f555cbc65ebcc9770628311e
---
libavformat/hls.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 3e35d157ad..3ca6b90b19 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -311,6 +311,8 @@ static struct playlist *new_playlist(HLSContext *c, const
char *url,
return NULL;
reset_packet(&pls->pkt);
ff_make_absolute_url(pls->url, sizeof(pls->url), base, url);
+if (!pls->url[0])
+return NULL;
pls->seek_timestamp = AV_NOPTS_VALUE;
pls->is_id3_timestamped = -1;
@@ -416,6 +418,10 @@ static struct segment *new_init_section(struct playlist
*pls,
ptr = info->uri;
} else {
ff_make_absolute_url(tmp_str, sizeof(tmp_str), url_base, info->uri);
+if (!tmp_str[0]) {
+av_free(sec);
+return NULL;
+}
}
sec->url = av_strdup(ptr);
if (!sec->url) {
@@ -841,6 +847,11 @@ static int parse_playlist(HLSContext *c, const char *url,
if (key_type != KEY_NONE) {
ff_make_absolute_url(tmp_str, sizeof(tmp_str), url, key);
+if (!tmp_str[0]) {
+av_free(cur_init_section);
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
cur_init_section->key = av_strdup(tmp_str);
if (!cur_init_section->key) {
av_free(cur_init_section);
@@ -895,6 +906,11 @@ static int parse_playlist(HLSContext *c, const char *url,
if (key_type != KEY_NONE) {
ff_make_absolute_url(tmp_str, sizeof(tmp_str), url, key);
+if (!tmp_str[0]) {
+ret = AVERROR_INVALIDDATA;
+av_free(seg);
+goto fail;
+}
seg->key = av_strdup(tmp_str);
if (!seg->key) {
av_free(seg);
@@ -906,6 +922,13 @@ static int parse_playlist(HLSContext *c, const char *url,
}
ff_make_absolute_url(tmp_str, sizeof(tmp_str), url, line);
+if (!tmp_str[0]) {
+ret = AVERROR_INVALIDDATA;
+if (seg->key)
+av_free(seg->key);
+av_free(seg);
+goto fail;
+}
seg->url = av_strdup(tmp_str);
if (!seg->url) {
av_free(seg->key);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavf/prompeg: prompeg_write() must report data all was written
ffmpeg | branch: release/4.3 | David Holroyd | Tue
Jun 9 21:37:10 2020 +0800| [3a390eadd279564b5b2d5d05c8d061d48c312da0] |
committer: Marton Balint
lavf/prompeg: prompeg_write() must report data all was written
Previously, prompeg_write() would only report to caller that bytes we
written when a FEC packet was actually created. Not all RTP packets are
expected to generate a FEC packet however, so this behavior was causing
avio to retry writing the RTP packet, eventually forcing the FEC state
machine to send a FEC packet erroneously (and so breaking out of the
retry loop).
This was resulting in incorrect FEC data being generated, and far too
many FEC packets to be sent (~100% FEC overhead).
fix #7863
Signed-off-by: David Holroyd
(cherry picked from commit ffc1208266c2890a1b0e2391e0a536fe9698e69c)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3a390eadd279564b5b2d5d05c8d061d48c312da0
---
libavformat/prompeg.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libavformat/prompeg.c b/libavformat/prompeg.c
index 7b2e5e8344..59faa824bb 100644
--- a/libavformat/prompeg.c
+++ b/libavformat/prompeg.c
@@ -387,7 +387,7 @@ static int prompeg_write(URLContext *h, const uint8_t *buf,
int size) {
PrompegFec *fec_tmp;
uint8_t *bitstring = NULL;
int col_idx, col_out_idx, row_idx;
-int ret, written = 0;
+int ret = 0;
if (s->init && ((ret = prompeg_init(h, buf, size)) < 0))
goto end;
@@ -403,7 +403,6 @@ static int prompeg_write(URLContext *h, const uint8_t *buf,
int size) {
if (!s->first || s->packet_idx > 0) {
if ((ret = prompeg_write_fec(h, s->fec_row, PROMPEG_FEC_ROW)) < 0)
goto end;
-written += ret;
}
memcpy(s->fec_row->bitstring, bitstring, s->bitstring_size);
s->fec_row->sn = AV_RB16(buf + 2);
@@ -434,7 +433,6 @@ static int prompeg_write(URLContext *h, const uint8_t *buf,
int size) {
col_out_idx = s->packet_idx / s->d;
if ((ret = prompeg_write_fec(h, s->fec_col[col_out_idx],
PROMPEG_FEC_COL)) < 0)
goto end;
-written += ret;
}
if (++s->packet_idx >= s->packet_idx_max) {
@@ -443,7 +441,7 @@ static int prompeg_write(URLContext *h, const uint8_t *buf,
int size) {
s->first = 0;
}
-ret = written;
+ret = size;
end:
av_free(bitstring);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: check segment duration value of EXTINF
ffmpeg | branch: release/4.3 | Steven Liu | Fri May 29
11:39:05 2020 +0800| [e929799065413381b049f0707386796beeafb4a4] | committer:
Marton Balint
avformat/hls: check segment duration value of EXTINF
fix ticket: 8673
set the default EXTINF duration to 1ms if duration is smaller than 1ms
Signed-off-by: Steven Liu
(cherry picked from commit 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e929799065413381b049f0707386796beeafb4a4
---
libavformat/hls.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 3ca6b90b19..17b3dd545d 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -894,8 +894,6 @@ static int parse_playlist(HLSContext *c, const char *url,
ret = AVERROR(ENOMEM);
goto fail;
}
-seg->duration = duration;
-seg->key_type = key_type;
if (has_iv) {
memcpy(seg->iv, iv, sizeof(iv));
} else {
@@ -937,6 +935,13 @@ static int parse_playlist(HLSContext *c, const char *url,
goto fail;
}
+if (duration < 0.001 * AV_TIME_BASE) {
+av_log(c->ctx, AV_LOG_WARNING, "Cannot get correct #EXTINF
value of segment %s,"
+" set to default value to 1ms.\n",
seg->url);
+duration = 0.001 * AV_TIME_BASE;
+}
+seg->duration = duration;
+seg->key_type = key_type;
dynarray_add(&pls->segments, &pls->n_segments, seg);
is_segment = 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_h2645: abort when written inferred values don't match
ffmpeg | branch: master | James Almer | Thu Jun 11 13:06:10
2020 -0300| [ef13fafe229a86480305fbb05e83208102ea962f] | committer: James Almer
avcodec/cbs_h2645: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.
Prevents writing invalid bitstreams.
Reviewed-by: Michael Niedermayer
Signed-off-by: James Almer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef13fafe229a86480305fbb05e83208102ea962f
---
libavcodec/cbs_h2645.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index b432921ecc..64fe2c1b9b 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -408,10 +408,11 @@ static int cbs_h2645_read_more_rbsp_data(GetBitContext
*gbc)
#define infer(name, value) do { \
if (current->name != (value)) { \
-av_log(ctx->log_ctx, AV_LOG_WARNING, "Warning: " \
+av_log(ctx->log_ctx, AV_LOG_ERROR, \
"%s does not match inferred value: " \
"%"PRId64", but should be %"PRId64".\n", \
#name, (int64_t)current->name, (int64_t)(value)); \
+return AVERROR_INVALIDDATA; \
} \
} while (0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_av1: abort when written inferred values don't match
ffmpeg | branch: master | James Almer | Thu Jun 11 13:06:17
2020 -0300| [318a1a383dc0312ad5b4afec0ddf0d8d231f5c79] | committer: James Almer
avcodec/cbs_av1: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.
Prevents writing invalid bitstreams.
Reviewed-by: Michael Niedermayer
Signed-off-by: James Almer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=318a1a383dc0312ad5b4afec0ddf0d8d231f5c79
---
libavcodec/cbs_av1.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
index fc228086c2..29b316e011 100644
--- a/libavcodec/cbs_av1.c
+++ b/libavcodec/cbs_av1.c
@@ -711,10 +711,11 @@ static size_t
cbs_av1_get_payload_bytes_left(GetBitContext *gbc)
#define infer(name, value) do { \
if (current->name != (value)) { \
-av_log(ctx->log_ctx, AV_LOG_WARNING, "Warning: " \
+av_log(ctx->log_ctx, AV_LOG_ERROR, \
"%s does not match inferred value: " \
"%"PRId64", but should be %"PRId64".\n", \
#name, (int64_t)current->name, (int64_t)(value)); \
+return AVERROR_INVALIDDATA; \
} \
} while (0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_av1: abort when written inferred values don't match
ffmpeg | branch: release/4.3 | James Almer | Thu Jun 11
13:06:17 2020 -0300| [dba8e32e444e72c273bdc04a57dfb4c5a67388e7] | committer:
James Almer
avcodec/cbs_av1: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.
Prevents writing invalid bitstreams.
Reviewed-by: Michael Niedermayer
Signed-off-by: James Almer
(cherry picked from commit 318a1a383dc0312ad5b4afec0ddf0d8d231f5c79)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dba8e32e444e72c273bdc04a57dfb4c5a67388e7
---
libavcodec/cbs_av1.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
index fc228086c2..29b316e011 100644
--- a/libavcodec/cbs_av1.c
+++ b/libavcodec/cbs_av1.c
@@ -711,10 +711,11 @@ static size_t
cbs_av1_get_payload_bytes_left(GetBitContext *gbc)
#define infer(name, value) do { \
if (current->name != (value)) { \
-av_log(ctx->log_ctx, AV_LOG_WARNING, "Warning: " \
+av_log(ctx->log_ctx, AV_LOG_ERROR, \
"%s does not match inferred value: " \
"%"PRId64", but should be %"PRId64".\n", \
#name, (int64_t)current->name, (int64_t)(value)); \
+return AVERROR_INVALIDDATA; \
} \
} while (0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs_h2645: abort when written inferred values don't match
ffmpeg | branch: release/4.3 | James Almer | Thu Jun 11
13:06:10 2020 -0300| [e6ab99f324b4b2bbb76afc9cd5463ce653ace72e] | committer:
James Almer
avcodec/cbs_h2645: abort when written inferred values don't match
If this happens, it's a sign of parsing issues earlier in the process, or
misuse by the calling module.
Prevents writing invalid bitstreams.
Reviewed-by: Michael Niedermayer
Signed-off-by: James Almer
(cherry picked from commit ef13fafe229a86480305fbb05e83208102ea962f)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e6ab99f324b4b2bbb76afc9cd5463ce653ace72e
---
libavcodec/cbs_h2645.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index b432921ecc..64fe2c1b9b 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -408,10 +408,11 @@ static int cbs_h2645_read_more_rbsp_data(GetBitContext
*gbc)
#define infer(name, value) do { \
if (current->name != (value)) { \
-av_log(ctx->log_ctx, AV_LOG_WARNING, "Warning: " \
+av_log(ctx->log_ctx, AV_LOG_ERROR, \
"%s does not match inferred value: " \
"%"PRId64", but should be %"PRId64".\n", \
#name, (int64_t)current->name, (int64_t)(value)); \
+return AVERROR_INVALIDDATA; \
} \
} while (0)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/pixlet: Fix log(0) check
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Jun 13 11:21:52 2020 +0200| [335ddf2fe9bd4f67358c7ccf13c415cd7df7d955] |
committer: Michael Niedermayer
avcodec/pixlet: Fix log(0) check
Fixes: passing zero to clz(), which is not a valid argument
Fixes:
23337/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5179131989065728
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit bd0f81526d3f4c23ecd0a399829103be2445c011)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=335ddf2fe9bd4f67358c7ccf13c415cd7df7d955
---
libavcodec/pixlet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/pixlet.c b/libavcodec/pixlet.c
index 7b068b1ce5..78f571cd5f 100644
--- a/libavcodec/pixlet.c
+++ b/libavcodec/pixlet.c
@@ -221,7 +221,7 @@ static int read_high_coeffs(AVCodecContext *avctx, uint8_t
*src, int16_t *dst,
length = 25 - nbits;
while (i < size) {
-if (state >> 8 != -3)
+if (((state >> 8) + 3) & 0xFFF)
value = ff_clz((state >> 8) + 3) ^ 0x1F;
else
value = -1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
ffmpeg | branch: release/4.3 | Dale Curtis | Thu May
14 14:38:07 2020 -0700| [8dee726b1a5c82c5e6578a606b299c6fdc74c142] | committer:
Michael Niedermayer
avformat/mov: Check if DTS is AV_NOPTS_VALUE in mov_find_next_sample().
Signed-off-by: Dale Curtis
Signed-off-by: Michael Niedermayer
(cherry picked from commit bf446711bc8b7f316771870b8d4dc4dd65f5d94b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8dee726b1a5c82c5e6578a606b299c6fdc74c142
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index e11c9f4457..2fc27d2aec 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -7776,7 +7776,7 @@ static AVIndexEntry *mov_find_next_sample(AVFormatContext
*s, AVStream **st)
av_log(s, AV_LOG_TRACE, "stream %d, sample %d, dts %"PRId64"\n",
i, msc->current_sample, dts);
if (!sample || (!(s->pb->seekable & AVIO_SEEKABLE_NORMAL) &&
current_sample->pos < sample->pos) ||
((s->pb->seekable & AVIO_SEEKABLE_NORMAL) &&
- ((msc->pb != s->pb && dts < best_dts) || (msc->pb == s->pb &&
+ ((msc->pb != s->pb && dts < best_dts) || (msc->pb == s->pb &&
dts != AV_NOPTS_VALUE &&
((FFABS(best_dts - dts) <= AV_TIME_BASE &&
current_sample->pos < sample->pos) ||
(FFABS(best_dts - dts) > AV_TIME_BASE && dts <
best_dts)) {
sample = current_sample;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/thp: Check fps
ffmpeg | branch: release/4.3 | Michael Niedermayer | Mon Jun 8 09:28:55 2020 +0200| [838e17ffec4b1cc930cd89228e88ee8db1b52dcb] | committer: Michael Niedermayer avformat/thp: Check fps Fixes: division by zero Fixes: 23162/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-4856420817436672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0e15b01b4e463d12128db2c15de7741637548347) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=838e17ffec4b1cc930cd89228e88ee8db1b52dcb --- libavformat/thp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/thp.c b/libavformat/thp.c index 4abff1313a..bcc3febaa1 100644 --- a/libavformat/thp.c +++ b/libavformat/thp.c @@ -75,6 +75,8 @@ static int thp_read_header(AVFormatContext *s) avio_rb32(pb); /* Max samples. */ thp->fps = av_d2q(av_int2float(avio_rb32(pb)), INT_MAX); +if (thp->fps.den <= 0 || thp->fps.num < 0) +return AVERROR_INVALIDDATA; thp->framecnt= avio_rb32(pb); thp->first_framesz = avio_rb32(pb); pb->maxsize = avio_rb32(pb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/oggdec: Disable mid stream codec changes
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sat Jun 13 12:36:49 2020 +0200| [6011484167bf4a0548dedd0da573c4933cd335be] | committer: Michael Niedermayer avformat/oggdec: Disable mid stream codec changes Fixes: 22082/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5688619118624768 Fixes: crash from V-codecs/Theora/theora_testsuite_broken/multi2.ogg Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Suggested-by: Lynne on IRC Signed-off-by: Michael Niedermayer (cherry picked from commit 70277f12328fb052c2c758fa7f4eb36b9ea89638) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6011484167bf4a0548dedd0da573c4933cd335be --- libavformat/oggdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c index 9eb45499c6..a456c3df60 100644 --- a/libavformat/oggdec.c +++ b/libavformat/oggdec.c @@ -226,9 +226,10 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial, char *magic, return AVERROR_INVALIDDATA; } -/* We only have a single stream anyway, so if there's a new stream with - * a different codec just replace it */ os = &ogg->streams[0]; +if (os->codec != codec) +return AVERROR(EINVAL); + os->serial = serial; os->codec = codec; os->serial = serial; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes for studio profile
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Jun 13 11:56:01 2020 +0200| [c37218944327857e62e831840e1e8d50b481f230] |
committer: Michael Niedermayer
avcodec/mpeg4videodec: avoid invalid values and reinitialize in format changes
for studio profile
Fixes: out of array access
Fixes:
23327/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5134822992510976
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit e53235f06c229a23d3241b47e32647019161fb7c)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c37218944327857e62e831840e1e8d50b481f230
---
libavcodec/mpeg4videodec.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index 7e52bbef1b..f5021208c3 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -3134,6 +3134,7 @@ static int decode_studio_vol_header(Mpeg4DecContext *ctx,
GetBitContext *gb)
MpegEncContext *s = &ctx->m;
int width, height;
int bits_per_raw_sample;
+int rgb, chroma_format;
// random_accessible_vol and video_object_type_indication have
already
// been read by the caller decode_vol_header()
@@ -3141,28 +3142,36 @@ static int decode_studio_vol_header(Mpeg4DecContext
*ctx, GetBitContext *gb)
ctx->shape = get_bits(gb, 2); /* video_object_layer_shape */
skip_bits(gb, 4); /* video_object_layer_shape_extension */
skip_bits1(gb); /* progressive_sequence */
+if (ctx->shape != RECT_SHAPE) {
+avpriv_request_sample(s->avctx, "MPEG-4 Studio profile non
rectangular shape");
+return AVERROR_PATCHWELCOME;
+}
if (ctx->shape != BIN_ONLY_SHAPE) {
-ctx->rgb = get_bits1(gb); /* rgb_components */
-s->chroma_format = get_bits(gb, 2); /* chroma_format */
-if (!s->chroma_format) {
+rgb = get_bits1(gb); /* rgb_components */
+chroma_format = get_bits(gb, 2); /* chroma_format */
+if (!chroma_format || chroma_format == CHROMA_420 || (rgb &&
chroma_format == CHROMA_422)) {
av_log(s->avctx, AV_LOG_ERROR, "illegal chroma format\n");
return AVERROR_INVALIDDATA;
}
bits_per_raw_sample = get_bits(gb, 4); /* bit_depth */
if (bits_per_raw_sample == 10) {
-if (ctx->rgb) {
+if (rgb) {
s->avctx->pix_fmt = AV_PIX_FMT_GBRP10;
}
else {
-s->avctx->pix_fmt = s->chroma_format == CHROMA_422 ?
AV_PIX_FMT_YUV422P10 : AV_PIX_FMT_YUV444P10;
+s->avctx->pix_fmt = chroma_format == CHROMA_422 ?
AV_PIX_FMT_YUV422P10 : AV_PIX_FMT_YUV444P10;
}
}
else {
avpriv_request_sample(s->avctx, "MPEG-4 Studio profile
bit-depth %u", bits_per_raw_sample);
return AVERROR_PATCHWELCOME;
}
+if (rgb != ctx->rgb || s->chroma_format != chroma_format)
+s->context_reinit = 1;
s->avctx->bits_per_raw_sample = bits_per_raw_sample;
+ctx->rgb = rgb;
+s->chroma_format = chroma_format;
}
if (ctx->shape == RECT_SHAPE) {
check_marker(s->avctx, gb, "before video_object_layer_width");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/wmalosslessdec: Check block_align maximum
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Jun 9 22:11:23 2020 +0200| [28460ece95feffa4531f79f3a23d701ee4b5ec0e] |
committer: Michael Niedermayer
avcodec/wmalosslessdec: Check block_align maximum
Fixes: Assertion failure
Fixes:
22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-595839681920
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 314d10f7a60f1786c85da30a569be61e2b906fef)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28460ece95feffa4531f79f3a23d701ee4b5ec0e
---
libavcodec/wmalosslessdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
index cfdd9e9a85..62d5fadf5d 100644
--- a/libavcodec/wmalosslessdec.c
+++ b/libavcodec/wmalosslessdec.c
@@ -184,7 +184,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
unsigned int channel_mask;
int i, log2_max_num_subframes;
-if (avctx->block_align <= 0) {
+if (avctx->block_align <= 0 || avctx->block_align > (1<<21)) {
av_log(avctx, AV_LOG_ERROR, "block_align is not set or invalid\n");
return AVERROR(EINVAL);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mv30: check mode_size vs. input space
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sat Jun 13 16:03:14 2020 +0200| [95b9ac040ef7ada89f6885c8e6c1a77c9018954e] | committer: Michael Niedermayer avcodec/mv30: check mode_size vs. input space Fixes: Timeout (longer than my patience vs 1sec) Fixes: 22984/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MV30_fuzzer-5630021988515840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 75e2ac4f0752649a0b9486e6825ef68341ee974d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95b9ac040ef7ada89f6885c8e6c1a77c9018954e --- libavcodec/mv30.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mv30.c b/libavcodec/mv30.c index 013a5753fe..76b9170eaf 100644 --- a/libavcodec/mv30.c +++ b/libavcodec/mv30.c @@ -410,6 +410,9 @@ static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame int ret; mgb = *gb; +if (get_bits_left(gb) < s->mode_size * 8) +return AVERROR_INVALIDDATA; + skip_bits_long(gb, s->mode_size * 8); linesize[0] = frame->linesize[0]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/movtextdec: Fix shift overflows in mov_text_init()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Fri Jun 5 18:22:51 2020 +0200| [611fc7244a1a93b4d0fd652d13a09c52f2dc19f3] |
committer: Michael Niedermayer
avcodec/movtextdec: Fix shift overflows in mov_text_init()
Fixes: left shift of 243 by 24 places cannot be represented in type 'int'
Fixes:
22716/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOVTEXT_fuzzer-5704263425851392
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit d7a2311a2c5be1e861c3df618d295e7eced8e84b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=611fc7244a1a93b4d0fd652d13a09c52f2dc19f3
---
libavcodec/movtextdec.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 4b4da5e0d9..4a21dbf36d 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -492,10 +492,10 @@ static int mov_text_init(AVCodecContext *avctx) {
return ff_ass_subtitle_header_full(avctx,
m->frame_width, m->frame_height,
m->d.font, m->d.fontsize,
-(255 - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
-(255 - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
-(255 - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
-(255 - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
+(255U - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
+(255U - m->d.alpha) << 24 | RGB_TO_BGR(m->d.color),
+(255U - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
+(255U - m->d.back_alpha) << 24 |
RGB_TO_BGR(m->d.back_color),
m->d.bold, m->d.italic, m->d.underline,
ASS_DEFAULT_BORDERSTYLE, m->d.alignment);
} else
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/lossless_audiodsp: Fix undefined overflows in scalarproduct_and_madd_int16_c()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Jun 7 19:24:10 2020 +0200| [e149b24c63859a4d45aafb56abb70f334655] |
committer: Michael Niedermayer
avcodec/lossless_audiodsp: Fix undefined overflows in
scalarproduct_and_madd_int16_c()
Fixes: signed integer overflow: 2142077091 + 6881070 cannot be represented in
type 'int'
Fixes:
22737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMALOSSLESS_fuzzer-595839681920
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit c0dfe134beefde4070d43910518b1f4a58f01794)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e149b24c63859a4d45aafb56abb70f334655
---
libavcodec/lossless_audiodsp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/lossless_audiodsp.c b/libavcodec/lossless_audiodsp.c
index 3a9f9b20bb..378165924d 100644
--- a/libavcodec/lossless_audiodsp.c
+++ b/libavcodec/lossless_audiodsp.c
@@ -27,7 +27,7 @@ static int32_t scalarproduct_and_madd_int16_c(int16_t *v1,
const int16_t *v2,
const int16_t *v3,
int order, int mul)
{
-int res = 0;
+unsigned res = 0;
do {
res += *v1 * *v2++;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeg2000dec: Fix/check for multiple integer overflows
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Jun 11 22:45:27 2020 +0200| [fa0a71ac41b0627de11d0a5faa05743d91c820c3] |
committer: Michael Niedermayer
avcodec/jpeg2000dec: Fix/check for multiple integer overflows
Fixes: shift exponent 35 is too large for 32-bit type 'int'
Fixes:
22857/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5202709358837760
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit c579ceffbe30d048c7448c5e9238fc52094de630)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa0a71ac41b0627de11d0a5faa05743d91c820c3
---
libavcodec/jpeg2000dec.c | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index b7766459c4..ab36009a2d 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -612,12 +612,19 @@ static int get_rgn(Jpeg2000DecoderContext *s, int n)
// Currently compno cannot be greater than 4.
// However, future implementation should support compno up to 65536
if (compno < s->ncomponents) {
-if (s->curtileno == -1)
-s->roi_shift[compno] = bytestream2_get_byte(&s->g);
-else {
+int v;
+if (s->curtileno == -1) {
+v = bytestream2_get_byte(&s->g);
+if (v > 30)
+return AVERROR_PATCHWELCOME;
+s->roi_shift[compno] = v;
+} else {
if (s->tile[s->curtileno].tp_idx != 0)
return AVERROR_INVALIDDATA; // marker occurs only in first
tile part of tile
-s->tile[s->curtileno].comp[compno].roi_shift =
bytestream2_get_byte(&s->g);
+v = bytestream2_get_byte(&s->g);
+if (v > 30)
+return AVERROR_PATCHWELCOME;
+s->tile[s->curtileno].comp[compno].roi_shift = v;
}
return 0;
}
@@ -1669,8 +1676,8 @@ static int decode_cblk(Jpeg2000DecoderContext *s,
Jpeg2000CodingStyle *codsty,
ff_mqc_initdec(&t1->mqc, cblk->data, 0, 1);
while (passno--) {
-if (bpno < 0) {
-av_log(s->avctx, AV_LOG_ERROR, "bpno became negative\n");
+if (bpno < 0 || bpno > 29) {
+av_log(s->avctx, AV_LOG_ERROR, "bpno became invalid\n");
return AVERROR_INVALIDDATA;
}
switch(pass_t) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg12dec: remove outdated comments
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sat Jun 6 19:42:07 2020 +0200| [e625d40b93373e0bb8d52ba265774b4caefc8323] | committer: Michael Niedermayer avcodec/mpeg12dec: remove outdated comments Found-by: Kieran Signed-off-by: Michael Niedermayer (cherry picked from commit 48de8f5816aa54dc584aeb2dbbf63a0e880279e2) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e625d40b93373e0bb8d52ba265774b4caefc8323 --- libavcodec/mpeg12dec.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index 54e122cd9d..99e56532a5 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -221,7 +221,6 @@ end: } /** - * Note: this function can read out of range and crash for corrupt streams. * Changing this would eat up any speed benefits it has. * Do not use "fast" flag if you need the code to be robust. */ @@ -397,7 +396,6 @@ end: } /** - * Note: this function can read out of range and crash for corrupt streams. * Changing this would eat up any speed benefits it has. * Do not use "fast" flag if you need the code to be robust. */ @@ -559,7 +557,6 @@ static inline int mpeg2_decode_block_intra(MpegEncContext *s, } /** - * Note: this function can read out of range and crash for corrupt streams. * Changing this would eat up any speed benefits it has. * Do not use "fast" flag if you need the code to be robust. */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Cleanup after ape_read_header() failure
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Jun 13 11:13:21 2020 +0200| [6514919306f2da851226c7cfa94f39424c55fdd9] |
committer: Michael Niedermayer
avformat/ape: Cleanup after ape_read_header() failure
Fixes: memleaks
Fixes:
23306/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5635436931448832
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9b5fc789fb52af8769ec66e634ea362a67cb5d06)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6514919306f2da851226c7cfa94f39424c55fdd9
---
libavformat/ape.c | 26 +++---
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index ed6752a415..39a584aa98 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -83,6 +83,8 @@ typedef struct APEContext {
uint8_t *bittable;
} APEContext;
+static int ape_read_close(AVFormatContext * s);
+
static int ape_probe(const AVProbeData * p)
{
int version = AV_RL16(p->buf+4);
@@ -281,14 +283,18 @@ static int ape_read_header(AVFormatContext * s)
if (ape->seektablelength > 0) {
ape->seektable = av_mallocz(ape->seektablelength);
-if (!ape->seektable)
-return AVERROR(ENOMEM);
+if (!ape->seektable) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
for (i = 0; i < ape->seektablelength / sizeof(uint32_t) &&
!pb->eof_reached; i++)
ape->seektable[i] = avio_rl32(pb);
if (ape->fileversion < 3810) {
ape->bittable = av_mallocz(ape->totalframes);
-if (!ape->bittable)
-return AVERROR(ENOMEM);
+if (!ape->bittable) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
for (i = 0; i < ape->totalframes && !pb->eof_reached; i++)
ape->bittable[i] = avio_r8(pb);
}
@@ -341,8 +347,10 @@ static int ape_read_header(AVFormatContext * s)
/* now we are ready: build format streams */
st = avformat_new_stream(s, NULL);
-if (!st)
-return AVERROR(ENOMEM);
+if (!st) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
total_blocks = (ape->totalframes == 0) ? 0 : ((ape->totalframes - 1) *
ape->blocksperframe) + ape->finalframeblocks;
@@ -359,7 +367,7 @@ static int ape_read_header(AVFormatContext * s)
avpriv_set_pts_info(st, 64, 1, ape->samplerate);
if ((ret = ff_alloc_extradata(st->codecpar, APE_EXTRADATA_SIZE)) < 0)
-return ret;
+goto fail;
AV_WL16(st->codecpar->extradata + 0, ape->fileversion);
AV_WL16(st->codecpar->extradata + 2, ape->compressiontype);
AV_WL16(st->codecpar->extradata + 4, ape->formatflags);
@@ -378,6 +386,10 @@ static int ape_read_header(AVFormatContext * s)
}
return 0;
+fail:
+ape_read_close(s);
+
+return ret;
}
static int ape_read_packet(AVFormatContext * s, AVPacket * pkt)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/sonic: Fix several integer overflows
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Feb 20 19:56:39 2020 +0100| [2ce670fc489b319afb0d80d47e9875bf9a829d3a] |
committer: Michael Niedermayer
avcodec/sonic: Fix several integer overflows
Fixes: signed integer overflow: 2129689466 + 2129689466 cannot be represented
in type 'int'
Fixes:
20715/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-5155263109922816
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 75d520e33704447f1b29ac47fd9e40994a6bc659)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ce670fc489b319afb0d80d47e9875bf9a829d3a
---
libavcodec/sonic.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c
index c975774b04..b82c44344c 100644
--- a/libavcodec/sonic.c
+++ b/libavcodec/sonic.c
@@ -140,7 +140,8 @@ static inline av_flatten int get_symbol(RangeCoder *c,
uint8_t *state, int is_si
if(get_rac(c, state+0))
return 0;
else{
-int i, e, a;
+int i, e;
+unsigned a;
e= 0;
while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10
e++;
@@ -474,7 +475,7 @@ static int predictor_calc_error(int *k, int *state, int
order, int error)
for (i = order-2; i >= 0; i--, k_ptr--, state_ptr--)
{
int k_value = *k_ptr, state_value = *state_ptr;
-x -= shift_down(k_value * state_value, LATTICE_SHIFT);
+x -= shift_down(k_value * (unsigned)state_value, LATTICE_SHIFT);
state_ptr[1] = state_value + shift_down(k_value * (unsigned)x,
LATTICE_SHIFT);
}
#else
@@ -1044,7 +1045,7 @@ static int sonic_decode_frame(AVCodecContext *avctx,
x += s->channels;
}
-s->int_samples[x] = predictor_calc_error(s->predictor_k,
s->predictor_state[ch], s->num_taps, s->coded_samples[ch][i] * quant);
+s->int_samples[x] = predictor_calc_error(s->predictor_k,
s->predictor_state[ch], s->num_taps, s->coded_samples[ch][i] * (unsigned)quant);
x += s->channels;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Fri Apr 10 22:05:07 2020 +0200| [e468d9248c3eec2f55cc452ae5d5931823f42cd2] |
committer: Michael Niedermayer
avcodec/cbs: Allocate more CodedBitstreamUnit at once in cbs_insert_unit()
Fixes: Timeout (85sec -> 0.5sec)
Fixes:
20791/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_SPLIT_fuzzer-5659537719951360
Fixes:
21214/clusterfuzz-testcase-minimized-ffmpeg_BSF_MPEG2_METADATA_fuzzer-5165560875974656
Fixes:
21247/clusterfuzz-testcase-minimized-ffmpeg_BSF_H264_METADATA_fuzzer-5715175257931776
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 49ba60fed04d7011c36bae378445ba93ccf983c2)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e468d9248c3eec2f55cc452ae5d5931823f42cd2
---
libavcodec/cbs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/cbs.c b/libavcodec/cbs.c
index 0bd5e1ac5d..42cb9711fa 100644
--- a/libavcodec/cbs.c
+++ b/libavcodec/cbs.c
@@ -693,11 +693,11 @@ static int cbs_insert_unit(CodedBitstreamContext *ctx,
memmove(units + position + 1, units + position,
(frag->nb_units - position) * sizeof(*units));
} else {
-units = av_malloc_array(frag->nb_units + 1, sizeof(*units));
+units = av_malloc_array(frag->nb_units*2 + 1, sizeof(*units));
if (!units)
return AVERROR(ENOMEM);
-++frag->nb_units_allocated;
+frag->nb_units_allocated = 2*frag->nb_units_allocated + 1;
if (position > 0)
memcpy(units, frag->units, position * sizeof(*units));
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mpl2dec: Fix integer overflow with duration
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Mon Jun 8 09:47:41 2020 +0200| [d078f39a51520185bbb1e4683d709141562d9929] |
committer: Michael Niedermayer
avformat/mpl2dec: Fix integer overflow with duration
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented
in type 'long'
Fixes:
23167/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6425051741290496
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9a42a67c5ca198a3879b7f3663cc44ccbcaf0bd3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d078f39a51520185bbb1e4683d709141562d9929
---
libavformat/mpl2dec.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/libavformat/mpl2dec.c b/libavformat/mpl2dec.c
index 4ae18390f0..ddee638c31 100644
--- a/libavformat/mpl2dec.c
+++ b/libavformat/mpl2dec.c
@@ -55,7 +55,7 @@ static int mpl2_probe(const AVProbeData *p)
return AVPROBE_SCORE_MAX;
}
-static int read_ts(char **line, int64_t *pts_start, int *duration)
+static int read_ts(char **line, int64_t *pts_start, int64_t *duration)
{
char c;
int len;
@@ -69,7 +69,10 @@ static int read_ts(char **line, int64_t *pts_start, int
*duration)
}
if (sscanf(*line, "[%"SCNd64"][%"SCNd64"]%c%n",
pts_start, &end, &c, &len) >= 3) {
-*duration = end - *pts_start;
+if (end < *pts_start || end - (uint64_t)*pts_start > INT64_MAX) {
+*duration = -1;
+} else
+*duration = end - *pts_start;
*line += len - 1;
return 0;
}
@@ -97,7 +100,7 @@ static int mpl2_read_header(AVFormatContext *s)
const int64_t pos = avio_tell(s->pb);
int len = ff_get_line(s->pb, line, sizeof(line));
int64_t pts_start;
-int duration;
+int64_t duration;
if (!len)
break;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/iff: Fix off by x error
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Jun 13 10:48:14 2020 +0200| [0e51c7b64a35478250c21efae14d68c50aea666c] |
committer: Michael Niedermayer
avcodec/iff: Fix off by x error
Fixes: out of array access
Fixes:
23245/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5723121327013888.fuzz
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 51225dee0a6266780d26d43bd6802bbcf736327e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0e51c7b64a35478250c21efae14d68c50aea666c
---
libavcodec/iff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index 66879cbf5d..79f6215c77 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -723,7 +723,7 @@ static void decode_deep_rle32(uint8_t *dst, const uint8_t
*src, int src_size, in
if (opcode >= 0) {
int size = opcode + 1;
for (i = 0; i < size; i++) {
-int length = FFMIN(size - i, width);
+int length = FFMIN(size - i, width - x);
if (src_end - src < length * 4)
return;
memcpy(dst + y*linesize + x * 4, src, length * 4);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/loco: Fix signed integer overflow in loco_get_rice()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Tue Jun 9 22:14:59 2020 +0200| [63d14168a50169aac480cb983ef7819317c2fb5c] |
committer: Michael Niedermayer
avcodec/loco: Fix signed integer overflow in loco_get_rice()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type
'int'
Fixes:
22975/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5658160970072064
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit aa88cdfd90f5da0683cd6556c75a5ba5740a1c27)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63d14168a50169aac480cb983ef7819317c2fb5c
---
libavcodec/loco.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/loco.c b/libavcodec/loco.c
index e891d83ece..d0cedf577d 100644
--- a/libavcodec/loco.c
+++ b/libavcodec/loco.c
@@ -82,7 +82,7 @@ static inline void loco_update_rice_param(RICEContext *r, int
val)
static inline int loco_get_rice(RICEContext *r)
{
-int v;
+unsigned v;
if (r->run > 0) { /* we have zero run */
r->run--;
loco_update_rice_param(r, 0);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/snowdec: Avoid integer overflow with huge qlog
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Jun 6 17:45:39 2020 +0200| [bb788dec83231ce2f35bcc6b11c04a39d18c0c7a] |
committer: Michael Niedermayer
avcodec/snowdec: Avoid integer overflow with huge qlog
Fixes: integer overflow
Fixes:
22285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5682428762128384
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 38fbf33c7255b503453052c32ab5ae4fb151b29e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bb788dec83231ce2f35bcc6b11c04a39d18c0c7a
---
libavcodec/snowdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/snowdec.c b/libavcodec/snowdec.c
index 519e377a11..88664dc472 100644
--- a/libavcodec/snowdec.c
+++ b/libavcodec/snowdec.c
@@ -117,7 +117,7 @@ static av_always_inline void
predict_slice_buffered(SnowContext *s, slice_buffer
static inline void decode_subband_slice_buffered(SnowContext *s, SubBand *b,
slice_buffer * sb, int start_y, int h, int save_state[1]){
const int w= b->width;
int y;
-const int qlog= av_clip(s->qlog + b->qlog, 0, QROOT*16);
+const int qlog= av_clip(s->qlog + (int64_t)b->qlog, 0, QROOT*16);
int qmul= ff_qexp[qlog&(QROOT-1)]<<(qlog>>QSHIFT);
int qadd= (s->qbias*qmul)>>QBIAS_SHIFT;
int new_index = 0;
@@ -224,7 +224,7 @@ static int decode_q_branch(SnowContext *s, int level, int
x, int y){
static void dequantize_slice_buffered(SnowContext *s, slice_buffer * sb,
SubBand *b, IDWTELEM *src, int stride, int start_y, int end_y){
const int w= b->width;
-const int qlog= av_clip(s->qlog + b->qlog, 0, QROOT*16);
+const int qlog= av_clip(s->qlog + (int64_t)b->qlog, 0, QROOT*16);
const int qmul= ff_qexp[qlog&(QROOT-1)]<<(qlog>>QSHIFT);
const int qadd= (s->qbias*qmul)>>QBIAS_SHIFT;
int x,y;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Thu Jun 11 22:22:57 2020 +0200| [f8239323498c1695ec83174bc72239717e1d0c9d] |
committer: Michael Niedermayer
avcodec/mpeg4videodec: Fix 2 integer overflows in get_amv()
Fixes: signed integer overflow: -144876608 * 16 cannot be represented in type
'int'
Fixes:
22782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-6039584977977344
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit e361785ee05cc75d3caacf2f254160b0336f5358)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f8239323498c1695ec83174bc72239717e1d0c9d
---
libavcodec/mpeg4videodec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index f5021208c3..610e365c36 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -610,7 +610,7 @@ static inline int get_amv(Mpeg4DecContext *ctx, int n)
dy -= 1 << (shift + a + 1);
else
dx -= 1 << (shift + a + 1);
-mb_v = s->sprite_offset[0][n] + dx * s->mb_x * 16 + dy * s->mb_y * 16;
+mb_v = s->sprite_offset[0][n] + dx * s->mb_x * 16U + dy * s->mb_y *
16U;
sum = 0;
for (y = 0; y < 16; y++) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffwavesynth: Avoid undefined operation on ts overflow
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sat Jun 13 21:47:03 2020 +0200| [a3e0c9f8f086d37a646d7cc5a7aa8f23bd5b0024] |
committer: Michael Niedermayer
avcodec/ffwavesynth: Avoid undefined operation on ts overflow
Alternatively these conditions could be treated as errors
Fixes:
23147/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFWAVESYNTH_fuzzer-5639254549200896
Fixes: signed integer overflow: 9223372036854775807 + 1 cannot be represented
in type 'int64_t' (aka 'long')
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 584d334afd59714ed04637a9227a4f1368c26166)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3e0c9f8f086d37a646d7cc5a7aa8f23bd5b0024
---
libavcodec/ffwavesynth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/ffwavesynth.c b/libavcodec/ffwavesynth.c
index a446aa2fdf..8d3ac81aef 100644
--- a/libavcodec/ffwavesynth.c
+++ b/libavcodec/ffwavesynth.c
@@ -444,7 +444,7 @@ static int wavesynth_decode(AVCodecContext *avc, void
*rframe, int *rgot_frame,
if (r < 0)
return r;
pcm = (int16_t *)frame->data[0];
-for (s = 0; s < duration; s++, ts++) {
+for (s = 0; s < duration; s++, ts+=(uint64_t)1) {
memset(channels, 0, avc->channels * sizeof(*channels));
if (ts >= ws->next_ts)
wavesynth_enter_intervals(ws, ts);
@@ -452,7 +452,7 @@ static int wavesynth_decode(AVCodecContext *avc, void
*rframe, int *rgot_frame,
for (c = 0; c < avc->channels; c++)
*(pcm++) = channels[c] >> 16;
}
-ws->cur_ts += duration;
+ws->cur_ts += (uint64_t)duration;
*rgot_frame = 1;
return packet->size;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] RELEASE_NOTES: Based on the version from 4.1
ffmpeg | branch: release/4.3 | Michael Niedermayer | Fri Nov 2 01:36:21 2018 +0100| [cc948a1c8c86847cc4dac848b1aff2a68aef0843] | committer: Michael Niedermayer RELEASE_NOTES: Based on the version from 4.1 Name suggested by Kieran O Leary and Reto Kromer Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc948a1c8c86847cc4dac848b1aff2a68aef0843 --- RELEASE_NOTES | 15 +++ 1 file changed, 15 insertions(+) diff --git a/RELEASE_NOTES b/RELEASE_NOTES new file mode 100644 index 00..2511706d5d --- /dev/null +++ b/RELEASE_NOTES @@ -0,0 +1,15 @@ + + ┌┐ + │ RELEASE NOTES for FFmpeg 4.3 "4:3" │ + └┘ + + The FFmpeg Project proudly presents FFmpeg 4.3 "4:3", about 10 + months after the release of FFmpeg 4.2. + + A complete Changelog is available at the root of the project, and the + complete Git history on https://git.ffmpeg.org/gitweb/ffmpeg.git + + We hope you will like this release as much as we enjoyed working on it, and + as usual, if you have any questions about it, or any FFmpeg related topic, + feel free to join us on the #ffmpeg IRC channel (on irc.freenode.net) or ask + on the mailing-lists. ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: free duplicated utf16 strings
ffmpeg | branch: release/4.3 | Michael Niedermayer | Sun Jun 14 19:45:05 2020 +0200| [5c1e458b3454f947c32b6ba35015d715f111e1a5] | committer: Michael Niedermayer avformat/mxfdec: free duplicated utf16 strings Fixes: memleak Fixes: 23415/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5124814510751744 Suggested-by: Marton Balint Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0aa2768cb275bda9e9e1331ed95adc7cd686eafe) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c1e458b3454f947c32b6ba35015d715f111e1a5 --- libavformat/mxfdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index a60bdfeade..90546d42b3 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -867,6 +867,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i return AVERROR(EINVAL); buf_size = size + size / 2 + 1; +av_free(*str); *str = av_malloc(buf_size); if (!*str) return AVERROR(ENOMEM); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/4xm: Check that a video stream was created before returning packets for it
ffmpeg | branch: release/4.3 | Michael Niedermayer |
Sun Jun 14 19:51:23 2020 +0200| [8bdc64d45ff769e0a71c1c2f94e4160004090242] |
committer: Michael Niedermayer
avformat/4xm: Check that a video stream was created before returning packets
for it
Fixes: assertion failure
Fixes:
23434/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5227750851084288.fuzz
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit c517c3f4741b6897ea952d1fba199c93c5217cfe)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8bdc64d45ff769e0a71c1c2f94e4160004090242
---
libavformat/4xm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/4xm.c b/libavformat/4xm.c
index 5f0504b13e..6a227a0b0d 100644
--- a/libavformat/4xm.c
+++ b/libavformat/4xm.c
@@ -218,6 +218,7 @@ static int fourxm_read_header(AVFormatContext *s)
fourxm->track_count = 0;
fourxm->tracks = NULL;
fourxm->fps = (AVRational){1,1};
+fourxm->video_stream_index = -1;
/* skip the first 3 32-bit numbers */
avio_skip(pb, 12);
@@ -326,6 +327,8 @@ static int fourxm_read_packet(AVFormatContext *s,
* and size */
if (size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE - 8)
return AVERROR_INVALIDDATA;
+if (fourxm->video_stream_index < 0)
+return AVERROR_INVALIDDATA;
if ((ret = av_new_packet(pkt, size + 8)) < 0)
return ret;
pkt->stream_index = fourxm->video_stream_index;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h264: create user data unregistered SEI side data for H.264
ffmpeg | branch: master | Limin Wang | Thu Jun 11
12:50:46 2020 +0800| [4b3b217e3074687f2b55a1dfb3e6942c9f261908] | committer:
Limin Wang
avcodec/h264: create user data unregistered SEI side data for H.264
Signed-off-by: Limin Wang
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4b3b217e3074687f2b55a1dfb3e6942c9f261908
---
libavcodec/h264_sei.c | 19 -
libavcodec/h264_sei.h | 2 +
libavcodec/h264_slice.c | 14
tests/ref/fate/mov-zombie | 195 ++
4 files changed, 162 insertions(+), 68 deletions(-)
diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
index 870dd90717..7b8e6bd7ba 100644
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -52,6 +52,10 @@ void ff_h264_sei_uninit(H264SEIContext *h)
h->afd.present = 0;
av_buffer_unref(&h->a53_caption.buf_ref);
+for (int i = 0; i < h->unregistered.nb_buf_ref; i++)
+av_buffer_unref(&h->unregistered.buf_ref[i]);
+h->unregistered.nb_buf_ref = 0;
+av_freep(&h->unregistered.buf_ref);
}
int ff_h264_sei_process_picture_timing(H264SEIPictureTiming *h, const SPS *sps,
@@ -260,25 +264,34 @@ static int
decode_unregistered_user_data(H264SEIUnregistered *h, GetBitContext *
{
uint8_t *user_data;
int e, build, i;
+AVBufferRef *buf_ref, **tmp;
if (size < 16 || size >= INT_MAX - 1)
return AVERROR_INVALIDDATA;
-user_data = av_malloc(size + 1);
-if (!user_data)
+tmp = av_realloc_array(h->buf_ref, h->nb_buf_ref + 1, sizeof(*h->buf_ref));
+if (!tmp)
return AVERROR(ENOMEM);
+h->buf_ref = tmp;
+
+buf_ref = av_buffer_alloc(size + 1);
+if (!buf_ref)
+return AVERROR(ENOMEM);
+user_data = buf_ref->data;
for (i = 0; i < size; i++)
user_data[i] = get_bits(gb, 8);
user_data[i] = 0;
+buf_ref->size = size;
+h->buf_ref[h->nb_buf_ref++] = buf_ref;
+
e = sscanf(user_data + 16, "x264 - core %d", &build);
if (e == 1 && build > 0)
h->x264_build = build;
if (e == 1 && build == 1 && !strncmp(user_data+16, "x264 - core ", 16))
h->x264_build = 67;
-av_free(user_data);
return 0;
}
diff --git a/libavcodec/h264_sei.h b/libavcodec/h264_sei.h
index f07a5055c3..4fdcf4ed3f 100644
--- a/libavcodec/h264_sei.h
+++ b/libavcodec/h264_sei.h
@@ -126,6 +126,8 @@ typedef struct H264SEIA53Caption {
typedef struct H264SEIUnregistered {
int x264_build;
+AVBufferRef **buf_ref;
+int nb_buf_ref;
} H264SEIUnregistered;
typedef struct H264SEIRecoveryPoint {
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index 713953778a..47f39173cb 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1289,6 +1289,20 @@ static int h264_export_frame_props(H264Context *h)
h->avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
}
+for (int i = 0; i < h->sei.unregistered.nb_buf_ref; i++) {
+H264SEIUnregistered *unreg = &h->sei.unregistered;
+
+if (unreg->buf_ref[i]) {
+AVFrameSideData *sd = av_frame_new_side_data_from_buf(cur->f,
+AV_FRAME_DATA_SEI_UNREGISTERED,
+unreg->buf_ref[i]);
+if (!sd)
+av_buffer_unref(&unreg->buf_ref[i]);
+unreg->buf_ref[i] = NULL;
+}
+}
+h->sei.unregistered.nb_buf_ref = 0;
+
if (h->sei.picture_timing.timecode_cnt > 0) {
uint32_t tc = 0;
uint32_t *tc_sd;
diff --git a/tests/ref/fate/mov-zombie b/tests/ref/fate/mov-zombie
index 445f921284..1a6625bc8f 100644
--- a/tests/ref/fate/mov-zombie
+++ b/tests/ref/fate/mov-zombie
@@ -1,133 +1,198 @@
packet|codec_type=video|stream_index=0|pts=0|pts_time=0.00|dts=-3004|dts_time=-0.033378|duration=3003|duration_time=0.033367|convergence_duration=N/A|convergence_duration_time=N/A|size=4133|pos=11309|flags=K_
packet|codec_type=video|stream_index=0|pts=5440|pts_time=0.060444|dts=-567|dts_time=-0.006300|duration=3003|duration_time=0.033367|convergence_duration=N/A|convergence_duration_time=N/A|size=1077|pos=15442|flags=__
-frame|media_type=video|stream_index=0|key_frame=1|pkt_pts=0|pkt_pts_time=0.00|pkt_dts=-567|pkt_dts_time=-0.006300|best_effort_timestamp=0|best_effort_timestamp_time=0.00|pkt_duration=3003|pkt_duration_time=0.033367|pkt_pos=11309|pkt_size=4133|width=160|height=240|pix_fmt=yuv420p|sample_aspect_ratio=2:1|pict_type=I|coded_picture_number=0|display_picture_number=0|interlaced_frame=0|top_field_first=0|repeat_pict=0|color_range=tv|color_space=smpte170m|color_primaries=smpte170m|color_transfer=bt709|chroma_location=topleft
+frame|media_type=video|stream_index=0|key_frame=1|pkt_pts=0|pkt_pts_time=0.00|pkt_dts=-567|pkt_dts_time=-0.006300|best_effort_timestamp=0|best_effort_timestamp_time=0.00|pkt_duration=3003|pkt_duration_time=0.033367|pkt_pos=11309|pkt_size=4133|width=160|height=240|pix_fmt=yuv420p|sample_aspect_ratio=2:1|pi
[FFmpeg-cvslog] avcodec/hevc_sei: add support for user data unregistered SEI message
ffmpeg | branch: master | Limin Wang | Thu Jun 11
10:25:47 2020 +0800| [ed6dbbfc16e0121de5562c097535285d3136a6c5] | committer:
Limin Wang
avcodec/hevc_sei: add support for user data unregistered SEI message
Signed-off-by: Limin Wang
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed6dbbfc16e0121de5562c097535285d3136a6c5
---
libavcodec/hevc_sei.c | 33 +
libavcodec/hevc_sei.h | 6 ++
libavcodec/hevcdec.c| 14 ++
tests/ref/fate/hevc-monochrome-crop | 3 +++
4 files changed, 56 insertions(+)
diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c
index 60570690cf..173689198c 100644
--- a/libavcodec/hevc_sei.c
+++ b/libavcodec/hevc_sei.c
@@ -213,6 +213,32 @@ static int
decode_registered_user_data_closed_caption(HEVCSEIA53Caption *s, GetB
return 0;
}
+static int decode_nal_sei_user_data_unregistered(HEVCSEIUnregistered *s,
GetBitContext *gb,
+ int size)
+{
+AVBufferRef *buf_ref, **tmp;
+
+if (size < 16 || size >= INT_MAX - 1)
+ return AVERROR_INVALIDDATA;
+
+tmp = av_realloc_array(s->buf_ref, s->nb_buf_ref + 1, sizeof(*s->buf_ref));
+if (!tmp)
+return AVERROR(ENOMEM);
+s->buf_ref = tmp;
+
+buf_ref = av_buffer_alloc(size + 1);
+if (!buf_ref)
+return AVERROR(ENOMEM);
+
+for (int i = 0; i < size; i++)
+buf_ref->data[i] = get_bits(gb, 8);
+buf_ref->data[size] = 0;
+buf_ref->size = size;
+s->buf_ref[s->nb_buf_ref++] = buf_ref;
+
+return 0;
+}
+
static int decode_nal_sei_user_data_registered_itu_t_t35(HEVCSEI *s,
GetBitContext *gb,
int size)
{
@@ -300,6 +326,8 @@ static int decode_nal_sei_prefix(GetBitContext *gb, void
*logctx, HEVCSEI *s,
return decode_nal_sei_active_parameter_sets(s, gb, logctx);
case HEVC_SEI_TYPE_USER_DATA_REGISTERED_ITU_T_T35:
return decode_nal_sei_user_data_registered_itu_t_t35(s, gb, size);
+case HEVC_SEI_TYPE_USER_DATA_UNREGISTERED:
+return decode_nal_sei_user_data_unregistered(&s->unregistered, gb,
size);
case HEVC_SEI_TYPE_ALTERNATIVE_TRANSFER_CHARACTERISTICS:
return decode_nal_sei_alternative_transfer(&s->alternative_transfer,
gb);
default:
@@ -371,4 +399,9 @@ int ff_hevc_decode_nal_sei(GetBitContext *gb, void *logctx,
HEVCSEI *s,
void ff_hevc_reset_sei(HEVCSEI *s)
{
av_buffer_unref(&s->a53_caption.buf_ref);
+
+for (int i = 0; i < s->unregistered.nb_buf_ref; i++)
+av_buffer_unref(&s->unregistered.buf_ref[i]);
+s->unregistered.nb_buf_ref = 0;
+av_freep(&s->unregistered.buf_ref);
}
diff --git a/libavcodec/hevc_sei.h b/libavcodec/hevc_sei.h
index a44ccca7f8..3618d162df 100644
--- a/libavcodec/hevc_sei.h
+++ b/libavcodec/hevc_sei.h
@@ -91,6 +91,11 @@ typedef struct HEVCSEIA53Caption {
AVBufferRef *buf_ref;
} HEVCSEIA53Caption;
+typedef struct HEVCSEIUnregistered {
+AVBufferRef **buf_ref;
+int nb_buf_ref;
+} HEVCSEIUnregistered;
+
typedef struct HEVCSEIMasteringDisplay {
int present;
uint16_t display_primaries[3][2];
@@ -116,6 +121,7 @@ typedef struct HEVCSEI {
HEVCSEIDisplayOrientation display_orientation;
HEVCSEIPictureTiming picture_timing;
HEVCSEIA53Caption a53_caption;
+HEVCSEIUnregistered unregistered;
HEVCSEIMasteringDisplay mastering_display;
HEVCSEIContentLight content_light;
int active_seq_parameter_set_id;
diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index 0772608a30..c9e28f5826 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -2794,6 +2794,20 @@ static int set_side_data(HEVCContext *s)
s->avctx->properties |= FF_CODEC_PROPERTY_CLOSED_CAPTIONS;
}
+for (int i = 0; i < s->sei.unregistered.nb_buf_ref; i++) {
+HEVCSEIUnregistered *unreg = &s->sei.unregistered;
+
+if (unreg->buf_ref[i]) {
+AVFrameSideData *sd = av_frame_new_side_data_from_buf(out,
+AV_FRAME_DATA_SEI_UNREGISTERED,
+unreg->buf_ref[i]);
+if (!sd)
+av_buffer_unref(&unreg->buf_ref[i]);
+unreg->buf_ref[i] = NULL;
+}
+}
+s->sei.unregistered.nb_buf_ref = 0;
+
return 0;
}
diff --git a/tests/ref/fate/hevc-monochrome-crop
b/tests/ref/fate/hevc-monochrome-crop
index 4e45412acf..384404da66 100644
--- a/tests/ref/fate/hevc-monochrome-crop
+++ b/tests/ref/fate/hevc-monochrome-crop
@@ -1,6 +1,9 @@
[FRAME]
width=384
height=240
+[SIDE_DATA]
+side_data_type=H.26[45] User Data Unregistered SEI message
+[/SIDE_DATA]
[/FRAME]
[STREAM]
width=384
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_showinfo: display H.26[45] user data unregistered sei message
ffmpeg | branch: master | Limin Wang | Fri Jun 12
07:32:29 2020 +0800| [567d571b2015819abbb5de953ebb30bca69645a8] | committer:
Limin Wang
avfilter/vf_showinfo: display H.26[45] user data unregistered sei message
Signed-off-by: Limin Wang
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=567d571b2015819abbb5de953ebb30bca69645a8
---
libavfilter/vf_showinfo.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/libavfilter/vf_showinfo.c b/libavfilter/vf_showinfo.c
index 5d4aee4169..5315f8fb7c 100644
--- a/libavfilter/vf_showinfo.c
+++ b/libavfilter/vf_showinfo.c
@@ -190,6 +190,33 @@ static void dump_video_enc_params(AVFilterContext *ctx,
AVFrameSideData *sd)
av_log(ctx, AV_LOG_INFO, "%u blocks; ", par->nb_blocks);
}
+static void dump_sei_unregistered_metadata(AVFilterContext *ctx,
AVFrameSideData *sd)
+{
+const int uuid_size = 16;
+uint8_t *user_data = sd->data;
+int i;
+
+if (sd->size < uuid_size) {
+av_log(ctx, AV_LOG_ERROR, "invalid data(%d < UUID(%d-bytes))",
sd->size, uuid_size);
+return;
+}
+
+av_log(ctx, AV_LOG_INFO, "User Data Unregistered:\n");
+av_log(ctx, AV_LOG_INFO, "UUID=");
+for (i = 0; i < uuid_size; i++) {
+av_log(ctx, AV_LOG_INFO, "%02x", user_data[i]);
+if (i == 3 || i == 5 || i == 7 || i == 9)
+av_log(ctx, AV_LOG_INFO, "-");
+}
+av_log(ctx, AV_LOG_INFO, "\n");
+
+av_log(ctx, AV_LOG_INFO, "User Data=");
+for (; i < sd->size; i++) {
+av_log(ctx, AV_LOG_INFO, "%02x", user_data[i]);
+}
+av_log(ctx, AV_LOG_INFO, "\n");
+}
+
static void dump_color_property(AVFilterContext *ctx, AVFrame *frame)
{
const char *color_range_str = av_color_range_name(frame->color_range);
@@ -375,6 +402,9 @@ static int filter_frame(AVFilterLink *inlink, AVFrame
*frame)
case AV_FRAME_DATA_VIDEO_ENC_PARAMS:
dump_video_enc_params(ctx, sd);
break;
+case AV_FRAME_DATA_SEI_UNREGISTERED:
+dump_sei_unregistered_metadata(ctx, sd);
+break;
default:
av_log(ctx, AV_LOG_WARNING, "unknown side data type %d (%d bytes)",
sd->type, sd->size);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
ffmpeg | branch: master | Andreas Rheinhardt |
Wed May 27 19:09:14 2020 +0200| [ea1b71e82f5a1752d59d3bfb9704092a79eba6b5] |
committer: Andreas Rheinhardt
avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.
Also check directly whether there is enough data for the length field.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea1b71e82f5a1752d59d3bfb9704092a79eba6b5
---
libavcodec/hevc_mp4toannexb_bsf.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavcodec/hevc_mp4toannexb_bsf.c
b/libavcodec/hevc_mp4toannexb_bsf.c
index a880d9ba9a..ba1deb2848 100644
--- a/libavcodec/hevc_mp4toannexb_bsf.c
+++ b/libavcodec/hevc_mp4toannexb_bsf.c
@@ -142,10 +142,14 @@ static int hevc_mp4toannexb_filter(AVBSFContext *ctx,
AVPacket *out)
int nalu_type;
int is_irap, add_extradata, extra_size, prev_size;
+if (bytestream2_get_bytes_left(&gb) < s->length_size) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
for (i = 0; i < s->length_size; i++)
nalu_size = (nalu_size << 8) | bytestream2_get_byte(&gb);
-if (nalu_size < 2) {
+if (nalu_size < 2 || nalu_size > bytestream2_get_bytes_left(&gb)) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
ffmpeg | branch: release/4.3 | Andreas Rheinhardt
| Wed May 27 19:09:14 2020 +0200|
[82d70d8038aed96552a77fa583a82c08b0d12636] | committer: Andreas Rheinhardt
avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.
Also check directly whether there is enough data for the length field.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Rheinhardt
(cherry picked from commit ea1b71e82f5a1752d59d3bfb9704092a79eba6b5)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=82d70d8038aed96552a77fa583a82c08b0d12636
---
libavcodec/hevc_mp4toannexb_bsf.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavcodec/hevc_mp4toannexb_bsf.c
b/libavcodec/hevc_mp4toannexb_bsf.c
index a880d9ba9a..ba1deb2848 100644
--- a/libavcodec/hevc_mp4toannexb_bsf.c
+++ b/libavcodec/hevc_mp4toannexb_bsf.c
@@ -142,10 +142,14 @@ static int hevc_mp4toannexb_filter(AVBSFContext *ctx,
AVPacket *out)
int nalu_type;
int is_irap, add_extradata, extra_size, prev_size;
+if (bytestream2_get_bytes_left(&gb) < s->length_size) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
for (i = 0; i < s->length_size; i++)
nalu_size = (nalu_size << 8) | bytestream2_get_byte(&gb);
-if (nalu_size < 2) {
+if (nalu_size < 2 || nalu_size > bytestream2_get_bytes_left(&gb)) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/iirfilter: Fix memleak
ffmpeg | branch: master | Andreas Rheinhardt |
Mon Jun 15 03:33:13 2020 +0200| [3aa0be003e98006215f670e712851a443d3f3c5f] |
committer: Andreas Rheinhardt
avcodec/iirfilter: Fix memleak
Commit 17e88bf0df21906633a7d36d9f2aeeeb5b6d3267 created a memleak by
removing a call to ff_iir_filter_free_coeffsp on error; this has been
found by Coverity (ID 1464159). This commit fixes the memleak by
readding the call to ff_iir_filter_free_coeffsp.
Notice that this is not a simple revert, because several macros that
were used before 17e88bf0df21906633a7d36d9f2aeeeb5b6d3267 were replaced
in commit 44863b2c2d5a31d82aafa71cdbd180d6bfbed5b4 and completely removed
in 2658680df4fc606522e5f65899afb9a98b47d287.
Reviewed-by: Limin Wang
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3aa0be003e98006215f670e712851a443d3f3c5f
---
libavcodec/iirfilter.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/iirfilter.c b/libavcodec/iirfilter.c
index 9f76bce8b8..cd5bbc943a 100644
--- a/libavcodec/iirfilter.c
+++ b/libavcodec/iirfilter.c
@@ -174,7 +174,7 @@ av_cold struct FFIIRFilterCoeffs
*ff_iir_filter_init_coeffs(void *avc,
if (!(c = av_mallocz(sizeof(*c)))||
!(c->cx = av_malloc (sizeof(c->cx[0]) * ((order >> 1) + 1))) ||
!(c->cy = av_malloc (sizeof(c->cy[0]) * order)))
-return NULL;
+goto free;
c->order = order;
switch (filt_type) {
@@ -188,11 +188,13 @@ av_cold struct FFIIRFilterCoeffs
*ff_iir_filter_init_coeffs(void *avc,
break;
default:
av_log(avc, AV_LOG_ERROR, "filter type is not currently
implemented\n");
-return NULL;
+goto free;
}
if (!ret)
return c;
+free:
+ff_iir_filter_free_coeffsp(&c);
return NULL;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
ffmpeg | branch: release/4.2 | Andreas Rheinhardt
| Wed May 27 19:09:14 2020 +0200|
[07eb039e047b68227b08428314314ff7b1273efa] | committer: Andreas Rheinhardt
avcodec/hevc_mp4toannexb_bsf: Check NAL size against available input
The hevc_mp4toannexb bsf does not explicitly check whether a NAL unit
is so big that it extends beyond the end of the input packet; it does so
only implicitly by using the checked version of the bytestream2 API.
But this has downsides compared to real checks: It can lead to huge
allocations (up to 2GiB) even when the input packet is just a few bytes.
And furthermore it leads to uninitialized data being output.
So add a check to error out early if it happens.
Also check directly whether there is enough data for the length field.
Reviewed-by: Michael Niedermayer
Signed-off-by: Andreas Rheinhardt
(cherry picked from commit ea1b71e82f5a1752d59d3bfb9704092a79eba6b5)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07eb039e047b68227b08428314314ff7b1273efa
---
libavcodec/hevc_mp4toannexb_bsf.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavcodec/hevc_mp4toannexb_bsf.c
b/libavcodec/hevc_mp4toannexb_bsf.c
index 30f733d775..477d86d9fd 100644
--- a/libavcodec/hevc_mp4toannexb_bsf.c
+++ b/libavcodec/hevc_mp4toannexb_bsf.c
@@ -141,10 +141,14 @@ static int hevc_mp4toannexb_filter(AVBSFContext *ctx,
AVPacket *out)
int nalu_type;
int is_irap, add_extradata, extra_size, prev_size;
+if (bytestream2_get_bytes_left(&gb) < s->length_size) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
for (i = 0; i < s->length_size; i++)
nalu_size = (nalu_size << 8) | bytestream2_get_byte(&gb);
-if (nalu_size < 2) {
+if (nalu_size < 2 || nalu_size > bytestream2_get_bytes_left(&gb)) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hlsenc: Always treat numbers as decimal
ffmpeg | branch: master | Andreas Rheinhardt |
Mon Jun 15 05:09:07 2020 +0200| [19a876fd6973724521dd5e7cc8f8e4683b19eda4] |
committer: Andreas Rheinhardt
avformat/hlsenc: Always treat numbers as decimal
c801ab43c36e8c4f88121aa09af26c77bcbd671b caused a regression: The stream
number is now parsed with strtoll without a fixed basis; as a
consequence, the "010" in a variant stream mapping like "a:010" is now
treated as an octal number (i.e. as eight, not ten). This was not
intended and may break some scripts, so this commit restores the old
behaviour.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=19a876fd6973724521dd5e7cc8f8e4683b19eda4
---
libavformat/hlsenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 18256cbf91..71fa3db060 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -1993,7 +1993,7 @@ static int parse_variant_stream_mapstring(AVFormatContext
*s)
return AVERROR(EINVAL);
}
-num = strtoll(val, &end, 0);
+num = strtoll(val, &end, 10);
if (!av_isdigit(*val) || *end != '\0') {
av_log(s, AV_LOG_ERROR, "Invalid stream number: '%s'\n", val);
return AVERROR(EINVAL);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hlsenc: Always treat numbers as decimal
ffmpeg | branch: release/4.3 | Andreas Rheinhardt
| Mon Jun 15 05:09:07 2020 +0200|
[2c738c75218a1dcaec3ec6baa9b0d4b267820812] | committer: Andreas Rheinhardt
avformat/hlsenc: Always treat numbers as decimal
c801ab43c36e8c4f88121aa09af26c77bcbd671b caused a regression: The stream
number is now parsed with strtoll without a fixed basis; as a
consequence, the "010" in a variant stream mapping like "a:010" is now
treated as an octal number (i.e. as eight, not ten). This was not
intended and may break some scripts, so this commit restores the old
behaviour.
Signed-off-by: Andreas Rheinhardt
(cherry picked from commit 19a876fd6973724521dd5e7cc8f8e4683b19eda4)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c738c75218a1dcaec3ec6baa9b0d4b267820812
---
libavformat/hlsenc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
index 18256cbf91..71fa3db060 100644
--- a/libavformat/hlsenc.c
+++ b/libavformat/hlsenc.c
@@ -1993,7 +1993,7 @@ static int parse_variant_stream_mapstring(AVFormatContext
*s)
return AVERROR(EINVAL);
}
-num = strtoll(val, &end, 0);
+num = strtoll(val, &end, 10);
if (!av_isdigit(*val) || *end != '\0') {
av_log(s, AV_LOG_ERROR, "Invalid stream number: '%s'\n", val);
return AVERROR(EINVAL);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
