[FFmpeg-cvslog] lavfi/dnn: Extract TaskItem and InferenceItem from OpenVino Backend
ffmpeg | branch: master | Shubhanshu Saxena | Sat
Jun 5 23:56:02 2021 +0530| [f5ab8905fddee7a772998058e8cf18f93649fc5a] |
committer: Guo Yejun
lavfi/dnn: Extract TaskItem and InferenceItem from OpenVino Backend
Extract TaskItem and InferenceItem from OpenVino backend and convert
ov_model to void in TaskItem.
Signed-off-by: Shubhanshu Saxena
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5ab8905fddee7a772998058e8cf18f93649fc5a
---
libavfilter/dnn/dnn_backend_common.h | 19 +++
libavfilter/dnn/dnn_backend_openvino.c | 58 --
2 files changed, 40 insertions(+), 37 deletions(-)
diff --git a/libavfilter/dnn/dnn_backend_common.h
b/libavfilter/dnn/dnn_backend_common.h
index cd9c0f5339..0c043e51f0 100644
--- a/libavfilter/dnn/dnn_backend_common.h
+++ b/libavfilter/dnn/dnn_backend_common.h
@@ -26,6 +26,25 @@
#include "../dnn_interface.h"
+// one task for one function call from dnn interface
+typedef struct TaskItem {
+void *model; // model for the backend
+AVFrame *in_frame;
+AVFrame *out_frame;
+const char *input_name;
+const char *output_name;
+int async;
+int do_ioproc;
+uint32_t inference_todo;
+uint32_t inference_done;
+} TaskItem;
+
+// one task might have multiple inferences
+typedef struct InferenceItem {
+TaskItem *task;
+uint32_t bbox_index;
+} InferenceItem;
+
int ff_check_exec_params(void *ctx, DNNBackendType backend, DNNFunctionType
func_type, DNNExecBaseParams *exec_params);
#endif
diff --git a/libavfilter/dnn/dnn_backend_openvino.c
b/libavfilter/dnn/dnn_backend_openvino.c
index 58c4ec9c9b..a84370d689 100644
--- a/libavfilter/dnn/dnn_backend_openvino.c
+++ b/libavfilter/dnn/dnn_backend_openvino.c
@@ -59,25 +59,6 @@ typedef struct OVModel{
Queue *inference_queue; // holds InferenceItem
} OVModel;
-// one task for one function call from dnn interface
-typedef struct TaskItem {
-OVModel *ov_model;
-const char *input_name;
-AVFrame *in_frame;
-const char *output_name;
-AVFrame *out_frame;
-int do_ioproc;
-int async;
-uint32_t inference_todo;
-uint32_t inference_done;
-} TaskItem;
-
-// one task might have multiple inferences
-typedef struct InferenceItem {
-TaskItem *task;
-uint32_t bbox_index;
-} InferenceItem;
-
// one request for one call to openvino
typedef struct RequestItem {
ie_infer_request_t *infer_request;
@@ -184,7 +165,7 @@ static DNNReturnType fill_model_input_ov(OVModel *ov_model,
RequestItem *request
request->inferences[i] = inference;
request->inference_count = i + 1;
task = inference->task;
-switch (task->ov_model->model->func_type) {
+switch (ov_model->model->func_type) {
case DFT_PROCESS_FRAME:
if (task->do_ioproc) {
if (ov_model->model->frame_pre_proc != NULL) {
@@ -220,11 +201,12 @@ static void infer_completion_callback(void *args)
RequestItem *request = args;
InferenceItem *inference = request->inferences[0];
TaskItem *task = inference->task;
-SafeQueue *requestq = task->ov_model->request_queue;
+OVModel *ov_model = task->model;
+SafeQueue *requestq = ov_model->request_queue;
ie_blob_t *output_blob = NULL;
ie_blob_buffer_t blob_buffer;
DNNData output;
-OVContext *ctx = &task->ov_model->ctx;
+OVContext *ctx = &ov_model->ctx;
status = ie_infer_request_get_blob(request->infer_request,
task->output_name, &output_blob);
if (status != OK) {
@@ -233,9 +215,9 @@ static void infer_completion_callback(void *args)
char *all_output_names = NULL;
size_t model_output_count = 0;
av_log(ctx, AV_LOG_ERROR, "Failed to get model output data\n");
-status = ie_network_get_outputs_number(task->ov_model->network,
&model_output_count);
+status = ie_network_get_outputs_number(ov_model->network,
&model_output_count);
for (size_t i = 0; i < model_output_count; i++) {
-status = ie_network_get_output_name(task->ov_model->network, i,
&model_output_name);
+status = ie_network_get_output_name(ov_model->network, i,
&model_output_name);
APPEND_STRING(all_output_names, model_output_name)
}
av_log(ctx, AV_LOG_ERROR,
@@ -271,11 +253,11 @@ static void infer_completion_callback(void *args)
task = request->inferences[i]->task;
task->inference_done++;
-switch (task->ov_model->model->func_type) {
+switch (ov_model->model->func_type) {
case DFT_PROCESS_FRAME:
if (task->do_ioproc) {
-if (task->ov_model->model->frame_post_proc != NULL) {
-task->ov_model->model->frame_post_proc(task->out_frame,
&output, task->ov_model->model->filter_ctx);
+if (ov_model->model->frame_post_proc != NULL) {
+ov_model->model->frame_post_proc(task->out_frame, &output,
ov_model->model->fi
[FFmpeg-cvslog] lavfi/dnn: Add nb_output to TaskItem
ffmpeg | branch: master | Shubhanshu Saxena | Sat
Jun 5 23:56:04 2021 +0530| [9675ebbb91891c826eeef065fd8a87d732f73ed0] |
committer: Guo Yejun
lavfi/dnn: Add nb_output to TaskItem
Add nb_output property to TaskItem for use in TensorFlow backend
and Native backend.
Signed-off-by: Shubhanshu Saxena
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9675ebbb91891c826eeef065fd8a87d732f73ed0
---
libavfilter/dnn/dnn_backend_common.h | 1 +
libavfilter/dnn/dnn_backend_openvino.c | 3 +++
2 files changed, 4 insertions(+)
diff --git a/libavfilter/dnn/dnn_backend_common.h
b/libavfilter/dnn/dnn_backend_common.h
index f76a05026d..704cf921f1 100644
--- a/libavfilter/dnn/dnn_backend_common.h
+++ b/libavfilter/dnn/dnn_backend_common.h
@@ -35,6 +35,7 @@ typedef struct TaskItem {
const char **output_names;
int async;
int do_ioproc;
+uint32_t nb_output;
uint32_t inference_todo;
uint32_t inference_done;
} TaskItem;
diff --git a/libavfilter/dnn/dnn_backend_openvino.c
b/libavfilter/dnn/dnn_backend_openvino.c
index 0f3b235820..c2487c35be 100644
--- a/libavfilter/dnn/dnn_backend_openvino.c
+++ b/libavfilter/dnn/dnn_backend_openvino.c
@@ -678,6 +678,7 @@ static DNNReturnType get_output_ov(void *model, const char
*input_name, int inpu
task.in_frame = in_frame;
task.output_names = &output_name;
task.out_frame = out_frame;
+task.nb_output = 1;
task.model = ov_model;
if (extract_inference_from_task(ov_model->model->func_type, &task,
ov_model->inference_queue, NULL) != DNN_SUCCESS) {
@@ -798,6 +799,7 @@ DNNReturnType ff_dnn_execute_model_ov(const DNNModel
*model, DNNExecBaseParams *
task.in_frame = exec_params->in_frame;
task.output_names = &exec_params->output_names[0];
task.out_frame = exec_params->out_frame ? exec_params->out_frame :
exec_params->in_frame;
+task.nb_output = exec_params->nb_output;
task.model = ov_model;
if (extract_inference_from_task(ov_model->model->func_type, &task,
ov_model->inference_queue, exec_params) != DNN_SUCCESS) {
@@ -845,6 +847,7 @@ DNNReturnType ff_dnn_execute_model_async_ov(const DNNModel
*model, DNNExecBasePa
task->in_frame = exec_params->in_frame;
task->output_names = &exec_params->output_names[0];
task->out_frame = exec_params->out_frame ? exec_params->out_frame :
exec_params->in_frame;
+task->nb_output = exec_params->nb_output;
task->model = ov_model;
if (ff_queue_push_back(ov_model->task_queue, task) < 0) {
av_freep(&task);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavfi/dnn: Convert output_name to char** in TaskItem
ffmpeg | branch: master | Shubhanshu Saxena | Sat
Jun 5 23:56:03 2021 +0530| [446b4f77c106add0f6db4c0ffad1642d0920d6aa] |
committer: Guo Yejun
lavfi/dnn: Convert output_name to char** in TaskItem
Convert output_name to char **output_names in TaskItem and use it as
a pointer to array of output names in the DNN backend.
Signed-off-by: Shubhanshu Saxena
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=446b4f77c106add0f6db4c0ffad1642d0920d6aa
---
libavfilter/dnn/dnn_backend_common.h | 2 +-
libavfilter/dnn/dnn_backend_openvino.c | 10 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/libavfilter/dnn/dnn_backend_common.h
b/libavfilter/dnn/dnn_backend_common.h
index 0c043e51f0..f76a05026d 100644
--- a/libavfilter/dnn/dnn_backend_common.h
+++ b/libavfilter/dnn/dnn_backend_common.h
@@ -32,7 +32,7 @@ typedef struct TaskItem {
AVFrame *in_frame;
AVFrame *out_frame;
const char *input_name;
-const char *output_name;
+const char **output_names;
int async;
int do_ioproc;
uint32_t inference_todo;
diff --git a/libavfilter/dnn/dnn_backend_openvino.c
b/libavfilter/dnn/dnn_backend_openvino.c
index a84370d689..0f3b235820 100644
--- a/libavfilter/dnn/dnn_backend_openvino.c
+++ b/libavfilter/dnn/dnn_backend_openvino.c
@@ -208,7 +208,7 @@ static void infer_completion_callback(void *args)
DNNData output;
OVContext *ctx = &ov_model->ctx;
-status = ie_infer_request_get_blob(request->infer_request,
task->output_name, &output_blob);
+status = ie_infer_request_get_blob(request->infer_request,
task->output_names[0], &output_blob);
if (status != OK) {
//incorrect output name
char *model_output_name = NULL;
@@ -222,7 +222,7 @@ static void infer_completion_callback(void *args)
}
av_log(ctx, AV_LOG_ERROR,
"output \"%s\" may not correct, all output(s) are: \"%s\"\n",
- task->output_name, all_output_names);
+ task->output_names[0], all_output_names);
return;
}
@@ -676,7 +676,7 @@ static DNNReturnType get_output_ov(void *model, const char
*input_name, int inpu
task.async = 0;
task.input_name = input_name;
task.in_frame = in_frame;
-task.output_name = output_name;
+task.output_names = &output_name;
task.out_frame = out_frame;
task.model = ov_model;
@@ -796,7 +796,7 @@ DNNReturnType ff_dnn_execute_model_ov(const DNNModel
*model, DNNExecBaseParams *
task.async = 0;
task.input_name = exec_params->input_name;
task.in_frame = exec_params->in_frame;
-task.output_name = exec_params->output_names[0];
+task.output_names = &exec_params->output_names[0];
task.out_frame = exec_params->out_frame ? exec_params->out_frame :
exec_params->in_frame;
task.model = ov_model;
@@ -843,7 +843,7 @@ DNNReturnType ff_dnn_execute_model_async_ov(const DNNModel
*model, DNNExecBasePa
task->async = 1;
task->input_name = exec_params->input_name;
task->in_frame = exec_params->in_frame;
-task->output_name = exec_params->output_names[0];
+task->output_names = &exec_params->output_names[0];
task->out_frame = exec_params->out_frame ? exec_params->out_frame :
exec_params->in_frame;
task->model = ov_model;
if (ff_queue_push_back(ov_model->task_queue, task) < 0) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavfi/dnn: Use uint8_t for async and do_ioproc in TaskItems
ffmpeg | branch: master | Shubhanshu Saxena | Sat
Jun 5 23:56:05 2021 +0530| [6b961f74096aff114d32480670943ce4d6d66826] |
committer: Guo Yejun
lavfi/dnn: Use uint8_t for async and do_ioproc in TaskItems
These properties have values either 0 or 1, so using uint8_t
is a better option as compared to int.
Signed-off-by: Shubhanshu Saxena
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6b961f74096aff114d32480670943ce4d6d66826
---
libavfilter/dnn/dnn_backend_common.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavfilter/dnn/dnn_backend_common.h
b/libavfilter/dnn/dnn_backend_common.h
index 704cf921f1..d962312c16 100644
--- a/libavfilter/dnn/dnn_backend_common.h
+++ b/libavfilter/dnn/dnn_backend_common.h
@@ -33,8 +33,8 @@ typedef struct TaskItem {
AVFrame *out_frame;
const char *input_name;
const char **output_names;
-int async;
-int do_ioproc;
+uint8_t async;
+uint8_t do_ioproc;
uint32_t nb_output;
uint32_t inference_todo;
uint32_t inference_done;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavfi/dnn: Fill Task using Common Function
ffmpeg | branch: master | Shubhanshu Saxena | Sat
Jun 5 23:56:06 2021 +0530| [55092358189b98682d133c7b05bfcbb7ab6c750f] |
committer: Guo Yejun
lavfi/dnn: Fill Task using Common Function
This commit adds a common function for filling the TaskItems
in all three backends.
Signed-off-by: Shubhanshu Saxena
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55092358189b98682d133c7b05bfcbb7ab6c750f
---
libavfilter/dnn/dnn_backend_common.c | 20
libavfilter/dnn/dnn_backend_common.h | 15 +++
libavfilter/dnn/dnn_backend_openvino.c | 23 +++
3 files changed, 42 insertions(+), 16 deletions(-)
diff --git a/libavfilter/dnn/dnn_backend_common.c
b/libavfilter/dnn/dnn_backend_common.c
index a522ab5650..4d9d3f79b1 100644
--- a/libavfilter/dnn/dnn_backend_common.c
+++ b/libavfilter/dnn/dnn_backend_common.c
@@ -49,3 +49,23 @@ int ff_check_exec_params(void *ctx, DNNBackendType backend,
DNNFunctionType func
return 0;
}
+
+DNNReturnType ff_dnn_fill_task(TaskItem *task, DNNExecBaseParams *exec_params,
void *backend_model, int async, int do_ioproc) {
+if (task == NULL || exec_params == NULL || backend_model == NULL)
+return DNN_ERROR;
+if (do_ioproc != 0 && do_ioproc != 1)
+return DNN_ERROR;
+if (async != 0 && async != 1)
+return DNN_ERROR;
+
+task->do_ioproc = do_ioproc;
+task->async = async;
+task->input_name = exec_params->input_name;
+task->in_frame = exec_params->in_frame;
+task->out_frame = exec_params->out_frame;
+task->model = backend_model;
+task->nb_output = exec_params->nb_output;
+task->output_names = exec_params->output_names;
+
+return DNN_SUCCESS;
+}
diff --git a/libavfilter/dnn/dnn_backend_common.h
b/libavfilter/dnn/dnn_backend_common.h
index d962312c16..df59615f40 100644
--- a/libavfilter/dnn/dnn_backend_common.h
+++ b/libavfilter/dnn/dnn_backend_common.h
@@ -48,4 +48,19 @@ typedef struct InferenceItem {
int ff_check_exec_params(void *ctx, DNNBackendType backend, DNNFunctionType
func_type, DNNExecBaseParams *exec_params);
+/**
+ * Fill the Task for Backend Execution. It should be called after
+ * checking execution parameters using ff_check_exec_params.
+ *
+ * @param task pointer to the allocated task
+ * @param exec_param pointer to execution parameters
+ * @param backend_model void pointer to the backend model
+ * @param async flag for async execution. Must be 0 or 1
+ * @param do_ioproc flag for IO processing. Must be 0 or 1
+ *
+ * @retval DNN_SUCCESS if successful
+ * @retval DNN_ERROR if flags are invalid or any parameter is NULL
+ */
+DNNReturnType ff_dnn_fill_task(TaskItem *task, DNNExecBaseParams *exec_params,
void *backend_model, int async, int do_ioproc);
+
#endif
diff --git a/libavfilter/dnn/dnn_backend_openvino.c
b/libavfilter/dnn/dnn_backend_openvino.c
index c2487c35be..709a772a4d 100644
--- a/libavfilter/dnn/dnn_backend_openvino.c
+++ b/libavfilter/dnn/dnn_backend_openvino.c
@@ -793,14 +793,9 @@ DNNReturnType ff_dnn_execute_model_ov(const DNNModel
*model, DNNExecBaseParams *
}
}
-task.do_ioproc = 1;
-task.async = 0;
-task.input_name = exec_params->input_name;
-task.in_frame = exec_params->in_frame;
-task.output_names = &exec_params->output_names[0];
-task.out_frame = exec_params->out_frame ? exec_params->out_frame :
exec_params->in_frame;
-task.nb_output = exec_params->nb_output;
-task.model = ov_model;
+if (ff_dnn_fill_task(&task, exec_params, ov_model, 0, 1) != DNN_SUCCESS) {
+return DNN_ERROR;
+}
if (extract_inference_from_task(ov_model->model->func_type, &task,
ov_model->inference_queue, exec_params) != DNN_SUCCESS) {
av_log(ctx, AV_LOG_ERROR, "unable to extract inference from task.\n");
@@ -841,14 +836,10 @@ DNNReturnType ff_dnn_execute_model_async_ov(const
DNNModel *model, DNNExecBasePa
return DNN_ERROR;
}
-task->do_ioproc = 1;
-task->async = 1;
-task->input_name = exec_params->input_name;
-task->in_frame = exec_params->in_frame;
-task->output_names = &exec_params->output_names[0];
-task->out_frame = exec_params->out_frame ? exec_params->out_frame :
exec_params->in_frame;
-task->nb_output = exec_params->nb_output;
-task->model = ov_model;
+if (ff_dnn_fill_task(task, exec_params, ov_model, 1, 1) != DNN_SUCCESS) {
+return DNN_ERROR;
+}
+
if (ff_queue_push_back(ov_model->task_queue, task) < 0) {
av_freep(&task);
av_log(ctx, AV_LOG_ERROR, "unable to push back task_queue.\n");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 3654fb7 web/security: Add more CVE# for 4.3 and 4.4
The branch, master has been updated via 3654fb726cc93f0974ded1b66ff2338ad0d55b83 (commit) from 8ccd75e40f7366d17a2bc6787cc4e86c79a242ab (commit) - Log - commit 3654fb726cc93f0974ded1b66ff2338ad0d55b83 Author: Michael Niedermayer AuthorDate: Sat Jun 12 16:43:05 2021 +0200 Commit: Michael Niedermayer CommitDate: Sat Jun 12 16:49:23 2021 +0200 web/security: Add more CVE# for 4.3 and 4.4 The existence of these CVE numbers have been reported to us by Tony Tascioglu Signed-off-by: Michael Niedermayer diff --git a/src/security b/src/security index b5033c0..935823b 100644 --- a/src/security +++ b/src/security @@ -7,11 +7,16 @@ Fixes following vulnerabilities: -CVE-2020-14212, 0b3bd001ac1745d9d008a2d195817df57d7d1d14 CVE-2020-13904, 9dfb19baeb86a8bb02c53a441682c6e9a6e104cc CVE-2020-13904, b5e39880fb7269b1b3577cee288e06aa3dc1dfa2 -CVE-2020-35965, b0a8b40294ea212c1938348ff112ef1b9bf16bb3 +CVE-2020-14212, 0b3bd001ac1745d9d008a2d195817df57d7d1d14 +CVE-2020-20450, 5400e4a50c61e53e1bc50b3e77201649bbe9c510, ticket/7993 +CVE-2020-21041, 5d9f44da460f781a1604d537d0555b78e29438ba, ticket/7989 +CVE-2020-22038, 7c32e9cf93b712f8463573a59ed4e98fd10fa013, ticket/8285 +CVE-2020-22042, 426c16d61a9b5056a157a1a2a057a4e4d13eef84, ticket/8267 +CVE-2020-24020, 584f396132aa19d21bb1e38ad9a5d428869290cb, ticket/8718 CVE-2020-35965, 3e5959b3457f7f1856d997261e6ac672bba49e8b +CVE-2020-35965, b0a8b40294ea212c1938348ff112ef1b9bf16bb3 FFmpeg 4.3 @@ -30,11 +35,35 @@ CVE-2020-14212, dd273d359e45ab69398ac0dc41206d5f1a9371bf / 0b3bd001ac1745d9d008a Fixes following vulnerabilities: -CVE-2019-13312, def04022f4a7058f99e669bfd978d431d79aec18 +CVE-2019-13312, def04022f4a7058f99e669bfd978d431d79aec18, CVE-2020-20445, CVE-2020-20446 CVE-2019-13390, aef24efb0c1e65097ab77a4bf9264189bdf3ace3 CVE-2019-15942, af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71 CVE-2019-17542, 02f909dc24b1f05cfbba75077c7707b905e63cd2 CVE-2020-12284, 1812352d767ccf5431aa440123e2e260a4db2726 +CVE-2020-20448, 55279d699fa64d8eb1185d8db04ab4ed92e8dea2 +CVE-2020-20448, 8802e329c8317ca5ceb929df48a23eb0f9e852b2, ticket/7990 +CVE-2020-20451, 21265f42ecb265debe9fec1dbfd0cb7de5a8aefb, ticket/8094 +CVE-2020-22016, 58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145, ticket/8183 +CVE-2020-22017, d4d6b7b0355f3597cad3b8d12911790c73b5f96d, ticket/8309 +CVE-2020-22020, ce5274c1385d55892a692998923802023526b765, ticket/8239 +CVE-2020-22022, 07050d7bdc32d82e53ee5bb727f5882323d00dba, ticket/8264 +CVE-2020-22023, 0b567238741854b41f84f7457686b044eadfe29c, ticket/8244 +CVE-2020-22024, 723d69f99cd26db9687ed2d24d06afaff624daf3, ticket/8310 +CVE-2020-22026, 58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144, ticket/8317 +CVE-2020-22027, e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c, ticket/8242 +CVE-2020-22028, f069a9c2a65bc20c3462127623127df6dfd06c5b, ticket/8274 +CVE-2020-22029, a7fd1279703683ebb548ef7baa2f1519994496ae, ticket/8250 +CVE-2020-22030, e1b89c76f66343d1b495165664647317c66764bb, ticket/8276 +CVE-2020-22031, 0e68e8c93f9068596484ec8ba725586860e06fc8, ticket/8243 +CVE-2020-22032, de598f82f8c3f8000e1948548e8088148e2b1f44, ticket/8275 +CVE-2020-22034, 1331e001796c656a4a3c770a16121c15ec1db2ac, ticket/8236 +CVE-2020-22035, 0749082eb93ea02fa4b770da86597450cec84054, ticket/8262 +CVE-2020-22036, 8c3166e1c302c3ba80d9742ae46161c0fa8e2606, ticket/8261 +CVE-2020-22039, a581bb66ea5eb981e2e498ca301df7d1ef15a6a3, ticket/8302 +CVE-2020-22040, 1a0c584abc9709b1d11dbafef05d22e0937d7d19, ticket/8283 +CVE-2020-22041, 3488e0977c671568731afa12b811adce9d4d807f, ticket/8296 +CVE-2020-22043, b288a7eb3d963a175e177b6219c8271076ee8590, ticket/8284 +CVE-2020-22044, 1d479300cbe0522c233b7d51148aea2b29bd29ad, ticket/8295 FFmpeg 4.2 --- Summary of changes: src/security | 35 --- 1 file changed, 32 insertions(+), 3 deletions(-) hooks/post-receive -- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/flvdec: Check data before casting
ffmpeg | branch: master | Michael Niedermayer | Tue
Jun 8 18:09:55 2021 +0200| [1e24da5cfe1cec70e322b93578227465f325936e] |
committer: Michael Niedermayer
avformat/flvdec: Check data before casting
Fixes: -nan is outside the range of representable values of type 'long'
Fixes: signed integer overflow: 1000 * -9223372036854775808 cannot be
represented in type 'long'
Fixes:
34890/clusterfuzz-testcase-minimized-ffmpeg_dem_FLV_fuzzer-5334208657620992
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e24da5cfe1cec70e322b93578227465f325936e
---
libavformat/flvdec.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 6bd6c8c944..60d1a5c654 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -682,7 +682,11 @@ static int amf_parse_object(AVFormatContext *s, AVStream
*astream,
av_dict_set(&s->metadata, key, str_val, 0);
} else if (amf_type == AMF_DATA_TYPE_STRING) {
av_dict_set(&s->metadata, key, str_val, 0);
-} else if (amf_type == AMF_DATA_TYPE_DATE) {
+} else if ( amf_type == AMF_DATA_TYPE_DATE
+ && isfinite(date.milliseconds)
+ && date.milliseconds > INT64_MIN/1000
+ && date.milliseconds < INT64_MAX/1000
+ ) {
// timezone is ignored, since there is no easy way to offset the
UTC
// timestamp into the specified timezone
avpriv_dict_set_timestamp(&s->metadata, key, 1000 *
(int64_t)date.milliseconds);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Check for duplicate mdcv
ffmpeg | branch: master | Michael Niedermayer | Tue
Jun 8 18:14:21 2021 +0200| [f54d85cee64b98bca5d2bee703f2a266ea75dce7] |
committer: Michael Niedermayer
avformat/mov: Check for duplicate mdcv
Fixes: memleak
Fixes:
34932/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5456227658235904
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f54d85cee64b98bca5d2bee703f2a266ea75dce7
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 6c99a67ff5..47a8e41236 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5396,7 +5396,7 @@ static int mov_read_mdcv(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
sc = c->fc->streams[c->fc->nb_streams - 1]->priv_data;
-if (atom.size < 24) {
+if (atom.size < 24 || sc->mastering) {
av_log(c->fc, AV_LOG_ERROR, "Invalid Mastering Display Color Volume
box\n");
return AVERROR_INVALIDDATA;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
ffmpeg | branch: master | Michael Niedermayer | Tue
Jun 8 20:10:56 2021 +0200| [dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518] |
committer: Michael Niedermayer
avcodec/ttadata: Add sentinel at the end of ff_tta_shift_1
Fixes: out of array access
Fixes:
34933/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5629322560929792
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dbbcfbcc4e4f0e91f814f2e13ced7b6d99069518
---
libavcodec/ttadata.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/ttadata.c b/libavcodec/ttadata.c
index bf793a4cc8..aa9f418a7d 100644
--- a/libavcodec/ttadata.c
+++ b/libavcodec/ttadata.c
@@ -30,7 +30,8 @@ const uint32_t ff_tta_shift_1[] = {
0x0100, 0x0200, 0x0400, 0x0800,
0x1000, 0x2000, 0x4000, 0x8000,
0x8000, 0x8000, 0x8000, 0x8000,
-0x8000, 0x8000, 0x8000, 0x8000
+0x8000, 0x8000, 0x8000, 0x8000,
+0x
};
const uint32_t * const ff_tta_shift_16 = ff_tta_shift_1 + 4;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
ffmpeg | branch: master | Michael Niedermayer | Wed
Apr 28 16:50:13 2021 +0200| [3447979d08d701581a65f7275425cb1a59302319] |
committer: Michael Niedermayer
avcodec/utils: do "calc from frame_bytes, channels, and block_align" in 64bit
Fixes: signed integer overflow: 104962766 * 32 cannot be represented in type
'int'
Fixes:
33614/clusterfuzz-testcase-minimized-ffmpeg_dem_RSD_fuzzer-6252129036664832
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3447979d08d701581a65f7275425cb1a59302319
---
libavcodec/utils.c | 26 +-
1 file changed, 17 insertions(+), 9 deletions(-)
diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index cc6796d8b6..342709353f 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -746,25 +746,33 @@ static int get_audio_frame_duration(enum AVCodecID id,
int sr, int ch, int ba,
if (ba > 0) {
/* calc from frame_bytes, channels, and block_align */
int blocks = frame_bytes / ba;
-int64_t tmp;
+int64_t tmp = 0;
switch (id) {
case AV_CODEC_ID_ADPCM_IMA_WAV:
if (bps < 2 || bps > 5)
return 0;
tmp = blocks * (1LL + (ba - 4 * ch) / (bps * ch) * 8);
-if (tmp != (int)tmp)
-return 0;
-return tmp;
+break;
case AV_CODEC_ID_ADPCM_IMA_DK3:
-return blocks * (((ba - 16) * 2 / 3 * 4) / ch);
+tmp = blocks * (((ba - 16LL) * 2 / 3 * 4) / ch);
+break;
case AV_CODEC_ID_ADPCM_IMA_DK4:
-return blocks * (1 + (ba - 4 * ch) * 2 / ch);
+tmp = blocks * (1 + (ba - 4LL * ch) * 2 / ch);
+break;
case AV_CODEC_ID_ADPCM_IMA_RAD:
-return blocks * ((ba - 4 * ch) * 2 / ch);
+tmp = blocks * ((ba - 4LL * ch) * 2 / ch);
+break;
case AV_CODEC_ID_ADPCM_MS:
-return blocks * (2 + (ba - 7 * ch) * 2LL / ch);
+tmp = blocks * (2 + (ba - 7LL * ch) * 2LL / ch);
+break;
case AV_CODEC_ID_ADPCM_MTAF:
-return blocks * (ba - 16) * 2 / ch;
+tmp = blocks * (ba - 16LL) * 2 / ch;
+break;
+}
+if (tmp) {
+if (tmp != (int)tmp)
+return 0;
+return tmp;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/faxcompr: Check if bits are available before reading in cmode == 9 || cmode == 10
ffmpeg | branch: master | Michael Niedermayer | Wed
Jun 9 21:20:04 2021 +0200| [7d8421e3d5bc1300687a65384baccbcb3874b7ac] |
committer: Michael Niedermayer
avcodec/faxcompr: Check if bits are available before reading in cmode == 9 ||
cmode == 10
Fixes: Timeout
Fixes:
34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d8421e3d5bc1300687a65384baccbcb3874b7ac
---
libavcodec/faxcompr.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c
index d44de2485d..45e0c482d7 100644
--- a/libavcodec/faxcompr.c
+++ b/libavcodec/faxcompr.c
@@ -304,7 +304,10 @@ static int decode_group3_2d_line(AVCodecContext *avctx,
GetBitContext *gb,
mode = !mode;
}
} else if (cmode == 9 || cmode == 10) {
-int xxx = get_bits(gb, 3);
+int xxx;
+if (get_bits_left(gb) < 3)
+return AVERROR_INVALIDDATA;
+xxx = get_bits(gb, 3);
if (cmode == 9 && xxx == 7) {
int ret;
int pix_left = width - offs;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/utils: check dts/duration to be representable before using them
ffmpeg | branch: master | Michael Niedermayer | Sun
Apr 18 22:39:30 2021 +0200| [bf4e7ec8257fd24a12327c7fa14e322028250be4] |
committer: Michael Niedermayer
avformat/utils: check dts/duration to be representable before using them
Fixes: signed integer overflow: 6854513951393103890 + 3427256975738527712
cannot be represented in type 'long'
Fixes:
32936/clusterfuzz-testcase-minimized-ffmpeg_dem_R3D_fuzzer-5236914752978944
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bf4e7ec8257fd24a12327c7fa14e322028250be4
---
libavformat/utils.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 5582d108d0..ac150406ff 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -1157,7 +1157,9 @@ static void update_initial_durations(AVFormatContext *s,
AVStream *st,
(pktl->pkt.dts == AV_NOPTS_VALUE ||
pktl->pkt.dts == st->internal->first_dts ||
pktl->pkt.dts == RELATIVE_TS_BASE) &&
-!pktl->pkt.duration) {
+!pktl->pkt.duration &&
+av_sat_add64(cur_dts, duration) == cur_dts + (uint64_t)duration
+) {
pktl->pkt.dts = cur_dts;
if (!st->internal->avctx->has_b_frames)
pktl->pkt.pts = cur_dts;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/faxcompr: Check available bits in decode_uncompressed()
ffmpeg | branch: master | Michael Niedermayer | Wed
Jun 9 21:25:58 2021 +0200| [ff56c139e07a4de2803b974b6595f6b71fbf53bd] |
committer: Michael Niedermayer
avcodec/faxcompr: Check available bits in decode_uncompressed()
Fixes: Timeout
Fixes:
34950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5686764151898112
Fixes:
34966/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4587409334468608
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff56c139e07a4de2803b974b6595f6b71fbf53bd
---
libavcodec/faxcompr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/faxcompr.c b/libavcodec/faxcompr.c
index 45e0c482d7..44c1f6f6b9 100644
--- a/libavcodec/faxcompr.c
+++ b/libavcodec/faxcompr.c
@@ -144,6 +144,8 @@ static int decode_uncompressed(AVCodecContext *avctx,
GetBitContext *gb,
return AVERROR_INVALIDDATA;
}
cwi = 10 - av_log2(cwi);
+if (get_bits_left(gb) < cwi + 1)
+return AVERROR_INVALIDDATA;
skip_bits(gb, cwi + 1);
if (cwi > 5) {
newmode = get_bits1(gb);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/utils: Avoid overflow in codec_info_duration computation for subtitles
ffmpeg | branch: master | Michael Niedermayer | Wed
Jun 9 21:10:32 2021 +0200| [ffe4851e2359e17c4406ab05e2e31fc7ef68de95] |
committer: Michael Niedermayer
avformat/utils: Avoid overflow in codec_info_duration computation for subtitles
Fixes: signed integer overflow: 9223126845747118112 - -2594073385365397472
cannot be represented in type 'long'
Fixes:
34936/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6739888002170880
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffe4851e2359e17c4406ab05e2e31fc7ef68de95
---
libavformat/utils.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index ac150406ff..0df14682a4 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -3843,7 +3843,9 @@ int avformat_find_stream_info(AVFormatContext *ic,
AVDictionary **options)
break;
}
if (pkt->duration) {
-if (avctx->codec_type == AVMEDIA_TYPE_SUBTITLE && pkt->pts !=
AV_NOPTS_VALUE && st->start_time != AV_NOPTS_VALUE && pkt->pts >=
st->start_time) {
+if (avctx->codec_type == AVMEDIA_TYPE_SUBTITLE && pkt->pts !=
AV_NOPTS_VALUE && st->start_time != AV_NOPTS_VALUE && pkt->pts >= st->start_time
+&& (uint64_t)pkt->pts - st->start_time < INT64_MAX
+) {
st->internal->info->codec_info_duration = FFMIN(pkt->pts -
st->start_time, st->internal->info->codec_info_duration + pkt->duration);
} else
st->internal->info->codec_info_duration += pkt->duration;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rpl: The associative law doesnt hold for signed integers in C
ffmpeg | branch: master | Michael Niedermayer | Thu Jun 10 20:35:43 2021 +0200| [480f11bdd713c15e4964093be7ef0adf5b619cc1] | committer: Michael Niedermayer avformat/rpl: The associative law doesnt hold for signed integers in C Add () to avoid undefined behavior Fixes: signed integer overflow: 9223372036854775790 + 57 cannot be represented in type 'long' Fixes: 34983/clusterfuzz-testcase-minimized-ffmpeg_dem_RPL_fuzzer-5765822923538432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=480f11bdd713c15e4964093be7ef0adf5b619cc1 --- libavformat/rpl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rpl.c b/libavformat/rpl.c index fac377b68e..296cb2c984 100644 --- a/libavformat/rpl.c +++ b/libavformat/rpl.c @@ -103,7 +103,7 @@ static AVRational read_fps(const char* line, int* error) // Truncate any numerator too large to fit into an int64_t if (num > (INT64_MAX - 9) / 10 || den > INT64_MAX / 10) break; -num = 10 * num + *line - '0'; +num = 10 * num + (*line - '0'); den *= 10; } if (!num) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
