[FFmpeg-cvslog] avcodec/vmdaudio: Fix channels count bug
ffmpeg | branch: master | Michael Niedermayer | Mon Mar 21 20:30:29 2022 +0100| [31b22defcd8c6f0c95ef3be1ea819adf536ad8cb] | committer: Michael Niedermayer avcodec/vmdaudio: Fix channels count bug Fixes: division by zero Fixes: 45811/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-6412592581574656 Fixes: 45979/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VMDAUDIO_fuzzer-5362043060879360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=31b22defcd8c6f0c95ef3be1ea819adf536ad8cb --- libavcodec/vmdaudio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vmdaudio.c b/libavcodec/vmdaudio.c index 045a2da410..875930061a 100644 --- a/libavcodec/vmdaudio.c +++ b/libavcodec/vmdaudio.c @@ -85,7 +85,7 @@ static av_cold int vmdaudio_decode_init(AVCodecContext *avctx) } av_channel_layout_uninit(&avctx->ch_layout); -av_channel_layout_default(&avctx->ch_layout, channels == 1); +av_channel_layout_default(&avctx->ch_layout, channels); if (avctx->bits_per_coded_sample == 16) avctx->sample_fmt = AV_SAMPLE_FMT_S16; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] MAINTAINERS: add Niklas Haas for vf_libplacebo.c
ffmpeg | branch: master | Niklas Haas | Mon Mar 28 20:33:12 2022 +0200| [7fbf1dd47ec7d811ca500eddc9ac82351525b0c5] | committer: James Almer MAINTAINERS: add Niklas Haas for vf_libplacebo.c So I can merge my own changes to this filter after they pass peer review, as well as keeping it in sync with upstream API changes / new features. Signed-off-by: Niklas Haas Signed-off-by: James Almer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7fbf1dd47ec7d811ca500eddc9ac82351525b0c5 --- MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 931cf4bd2c..76e1332ad8 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -354,6 +354,7 @@ Filters: vf_il.c Paul B Mahol vf_(t)interlace Thomas Mundt (CC ) vf_lenscorrection.c Daniel Oberhoff + vf_libplacebo.c Niklas Haas vf_mergeplanes.c Paul B Mahol vf_mestimate.cDavinder Singh vf_minterpolate.c Davinder Singh @@ -620,6 +621,7 @@ Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE Lynne FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464 Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB Nicolas George24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93 +Niklas Haas (haasn) 1DDB 8076 B14D 5B48 32FC 99D9 EB52 DA9C 02BA 6FB4 Nikolay Aleksandrov 8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1 Panagiotis Issaris6571 13A3 33D9 3726 F728 AA98 F643 B12E ECF3 E029 Peter RossA907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cfhd: Avoid signed integer overflow in coeff
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Mon Jan 17 14:16:39 2022 +0100| [f1ae88029830e64d348a7ae86a5f12babe0afcb4] |
committer: Michael Niedermayer
avcodec/cfhd: Avoid signed integer overflow in coeff
Fixes: signed integer overflow: 15244032 * 256 cannot be represented in type
'int'
Fixes:
43504/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_fuzzer-4865014842916864
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit cd6ac013a00373126bf3d313743d39b5edd5428a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1ae88029830e64d348a7ae86a5f12babe0afcb4
---
libavcodec/cfhd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 008a6360b6..ac7826250f 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -838,7 +838,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data,
int *got_frame,
const uint16_t q = s->quantisation;
for (i = 0; i < run; i++) {
-*coeff_data |= coeff * 256;
+*coeff_data |= coeff * 256U;
*coeff_data++ *= q;
}
} else {
@@ -869,7 +869,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data,
int *got_frame,
const uint16_t q = s->quantisation;
for (i = 0; i < run; i++) {
-*coeff_data |= coeff * 256;
+*coeff_data |= coeff * 256U;
*coeff_data++ *= q;
}
} else {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Check size before subtraction
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Mon Jan 17 14:26:05 2022 +0100| [ea98cb2465c3b52fa468b8baf3f5b92d550f3d2c] |
committer: Michael Niedermayer
avformat/mov: Check size before subtraction
Fixes: signed integer overflow: -9223372036854775808 - 8 cannot be represented
in type 'long'
Fixes:
43542/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5237670148702208
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit d8d9d506a3de976b647bcbb8f76c7b8d30eff576)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ea98cb2465c3b52fa468b8baf3f5b92d550f3d2c
---
libavformat/mov.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index e401cd39b5..063cc2bae2 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -7329,6 +7329,8 @@ static int mov_read_default(MOVContext *c, AVIOContext
*pb, MOVAtom atom)
if (a.size == 0) {
a.size = atom.size - total_size + 8;
}
+if (a.size < 0)
+break;
a.size -= 8;
if (a.size < 0)
break;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/utils: keep chapter monotonicity on chapter updates
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Tue Feb 1 18:28:16 2022 +0100| [fc858472235f620ca01ea557516e920099c10233] |
committer: Michael Niedermayer
avformat/utils: keep chapter monotonicity on chapter updates
Updating a chapter with the same id does not break monotonicity
Fixes: Timeout
Fixes:
43727/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4960623367159808
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 948c26209979cef9d052531fcf9f1281cd8e0213)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc858472235f620ca01ea557516e920099c10233
---
libavformat/utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index e643821fc9..940703e87d 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -895,10 +895,11 @@ AVChapter *avpriv_new_chapter(AVFormatContext *s, int64_t
id, AVRational time_ba
if (!s->nb_chapters) {
si->chapter_ids_monotonic = 1;
} else if (!si->chapter_ids_monotonic || s->chapters[s->nb_chapters-1]->id
>= id) {
-si->chapter_ids_monotonic = 0;
for (unsigned i = 0; i < s->nb_chapters; i++)
if (s->chapters[i]->id == id)
chapter = s->chapters[i];
+if (!chapter)
+si->chapter_ids_monotonic = 0;
}
if (!chapter) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Fri Feb 4 00:44:32 2022 +0100| [ba92c416afdcc1f293c79ce1f57c3ff93dbe1e37] |
committer: Michael Niedermayer
avformat/utils: Fix invalid NULL pointer operation in ff_parse_key_value()
Fixes: pointer index expression with base 0x overflowed to
0x
Fixes:
44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5670607746891776
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 59328aabd2c789ae053e18a62a20a7addfd4d069)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba92c416afdcc1f293c79ce1f57c3ff93dbe1e37
---
libavformat/utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/utils.c b/libavformat/utils.c
index 940703e87d..cee86ae87b 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -1244,7 +1244,7 @@ void ff_parse_key_value(const char *str,
ff_parse_key_val_cb callback_get_buf,
key_len = ptr - key;
callback_get_buf(context, key, key_len, &dest, &dest_len);
-dest_end = dest + dest_len - 1;
+dest_end = dest ? dest + dest_len - 1 : NULL;
if (*ptr == '\"') {
ptr++;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Fix infinite loop with bz decompression
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Thu Feb 3 22:46:55 2022 +0100| [7a9ea4399d3c617b02d2db00a032fdb1950a0733] |
committer: Michael Niedermayer
avformat/matroskadec: Fix infinite loop with bz decompression
The same check is added to zlib too, it seems not needed there though
Fixes: Infinite loop
Fixes:
43932/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6175167573786624
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9c3d2cbb510674226b0c8fa6b146bf891f83786c)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a9ea4399d3c617b02d2db00a032fdb1950a0733
---
libavformat/matroskadec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 78e5a4a203..cb0254cc42 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -1708,7 +1708,7 @@ static int matroska_decode_buffer(uint8_t **buf, int
*buf_size,
case MATROSKA_TRACK_ENCODING_COMP_ZLIB:
{
z_stream zstream = { 0 };
-if (inflateInit(&zstream) != Z_OK)
+if (!pkt_size || inflateInit(&zstream) != Z_OK)
return -1;
zstream.next_in = data;
zstream.avail_in = isize;
@@ -1741,7 +1741,7 @@ static int matroska_decode_buffer(uint8_t **buf, int
*buf_size,
case MATROSKA_TRACK_ENCODING_COMP_BZLIB:
{
bz_stream bzstream = { 0 };
-if (BZ2_bzDecompressInit(&bzstream, 0, 0) != BZ_OK)
+if (!pkt_size || BZ2_bzDecompressInit(&bzstream, 0, 0) != BZ_OK)
return -1;
bzstream.next_in = data;
bzstream.avail_in = isize;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check desc_bytes
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Sat Feb 5 20:37:22 2022 +0100| [0a5feebc5743a647712f5eac332782ca025dcc64] |
committer: Michael Niedermayer
avformat/matroskadec: Check desc_bytes
Fixes: Division by 0
Fixes:
44035/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-4826721386364928
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 5038933977d06d1048b41d71e0ada4d1ac536ddc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0a5feebc5743a647712f5eac332782ca025dcc64
---
libavformat/matroskadec.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index cb0254cc42..c70c05c55f 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -4178,12 +4178,16 @@ static int64_t
webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t
do {
int64_t desc_bytes = desc_end.end_offset -
desc_beg.start_offset;
int64_t desc_ns = desc_end.end_time_ns -
desc_beg.start_time_ns;
-double desc_sec = desc_ns / nano_seconds_per_second;
-double calc_bits_per_second = (desc_bytes * 8) / desc_sec;
+double desc_sec, calc_bits_per_second, percent,
mod_bits_per_second;
+if (desc_bytes <= 0)
+return -1;
+
+desc_sec = desc_ns / nano_seconds_per_second;
+calc_bits_per_second = (desc_bytes * 8) / desc_sec;
// Drop the bps by the percentage of bytes buffered.
-double percent = (desc_bytes - prebuffer_bytes) / desc_bytes;
-double mod_bits_per_second = calc_bits_per_second * percent;
+percent = (desc_bytes - prebuffer_bytes) / desc_bytes;
+mod_bits_per_second = calc_bits_per_second * percent;
if (prebuffer < desc_sec) {
double search_sec =
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Use unsigned for iv computation
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Tue Feb 8 00:30:59 2022 +0100| [0ea439dab7355c6b7cbc15ef36290106ce01066d] |
committer: Michael Niedermayer
avformat/hls: Use unsigned for iv computation
Fixes: signed integer overflow: 9223372036854775748 + 60 cannot be represented
in type 'long'
Fixes:
44417/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5802443881971712
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit bf33a384995ac21aa41422c6246ebdc5d9632452)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ea439dab7355c6b7cbc15ef36290106ce01066d
---
libavformat/hls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 8c526f748f..caa4182952 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -914,7 +914,7 @@ static int parse_playlist(HLSContext *c, const char *url,
if (has_iv) {
memcpy(seg->iv, iv, sizeof(iv));
} else {
-int64_t seq = pls->start_seq_no + pls->n_segments;
+uint64_t seq = pls->start_seq_no +
(uint64_t)pls->n_segments;
memset(seg->iv, 0, sizeof(seg->iv));
AV_WB64(seg->iv + 8, seq);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sat Feb 5 20:41:08 2022 +0100| [0dabd7f60366f32c7ac65917639b80316e25d080] | committer: Michael Niedermayer avcodec/jpeglsdec: Increase range for N in ls_get_code_runterm() by using unsigned Fixes: left shift of 32768 by 16 places cannot be represented in type 'int' Fixes: Timeout Fixes: 44219/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4679455379947520 Fixes: 44088/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SMVJPEG_fuzzer-4885976600674304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 6ee283d7d001cfcfec94a023e172bca731e96514) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0dabd7f60366f32c7ac65917639b80316e25d080 --- libavcodec/jpeglsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 32c0d2eb3f..03fa5a7bc9 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -191,7 +191,7 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, if (RItype) temp += state->N[Q] >> 1; -for (k = 0; (state->N[Q] << k) < temp; k++) +for (k = 0; ((unsigned)state->N[Q] << k) < temp; k++) ; #ifdef JLS_BROKEN ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Tue Feb 8 21:38:50 2022 +0100| [2e901b130415014b765024903f5268c62cf73f95] |
committer: Michael Niedermayer
avcodec/motion_est: Fix xy indexing on range violation in ff_get_best_fcode()
This codepath seems untested, no testcases change
Found-by:
Signed-off-by: Michael Niedermayer
(cherry picked from commit 634312a70f4d5afd40058c52b4d8eade1da07a70)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e901b130415014b765024903f5268c62cf73f95
---
libavcodec/motion_est.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c
index 5b0958733c..1f8b9c1b7c 100644
--- a/libavcodec/motion_est.c
+++ b/libavcodec/motion_est.c
@@ -1614,7 +1614,7 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t
(*mv_table)[2], int type)
for(y=0; ymb_height; y++){
int x;
int xy= y*s->mb_stride;
-for(x=0; xmb_width; x++){
+for(x=0; xmb_width; x++, xy++){
if(s->mb_type[xy] & type){
int mx= mv_table[xy][0];
int my= mv_table[xy][1];
@@ -1631,7 +1631,6 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t
(*mv_table)[2], int type)
score[j]-= 170;
}
}
-xy++;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/motion_est: fix indention of ff_get_best_fcode()
ffmpeg | branch: release/5.0 | Michael Niedermayer | Wed Feb 9 10:31:34 2022 +0100| [e086aeb79215ac80aeb067fe87ecb1a57b031eb6] | committer: Michael Niedermayer avcodec/motion_est: fix indention of ff_get_best_fcode() Signed-off-by: Michael Niedermayer (cherry picked from commit ce43e1c581b4ed539ab366cc3df458779e8a44b8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e086aeb79215ac80aeb067fe87ecb1a57b031eb6 --- libavcodec/motion_est.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/motion_est.c b/libavcodec/motion_est.c index 1f8b9c1b7c..b79e22c422 100644 --- a/libavcodec/motion_est.c +++ b/libavcodec/motion_est.c @@ -1622,9 +1622,9 @@ int ff_get_best_fcode(MpegEncContext * s, int16_t (*mv_table)[2], int type) fcode_tab[my + MAX_MV]); int j; -if(mx >= range || mx < -range || - my >= range || my < -range) -continue; +if (mx >= range || mx < -range || +my >= range || my < -range) +continue; for(j=0; jpict_type==AV_PICTURE_TYPE_B || s->current_picture.mc_mb_var[xy] < s->current_picture.mb_var[xy]) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sat Feb 12 22:02:13 2022 +0100| [473ea811db52d573c0c7734f470ee2277715dc12] | committer: Michael Niedermayer avcodec/jpeglsdec: Check get_ur_golomb_jpegls() for error Fixes: Timeout Fixes: Invalid shift Fixes: 44548/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-556487680891289 Fixes: 44569/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-6302543246917632 Fixes: 44570/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-4550196556595200 Fixes: 44592/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5651610385121280 Fixes: 44571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5094698987945984 Fixes: 44607/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5341352013987840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 151f83584eeb1912c8bdcd0c1ab1296e8664a0de) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=473ea811db52d573c0c7734f470ee2277715dc12 --- libavcodec/jpeglsdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c index 03fa5a7bc9..a595708955 100644 --- a/libavcodec/jpeglsdec.c +++ b/libavcodec/jpeglsdec.c @@ -200,6 +200,8 @@ static inline int ls_get_code_runterm(GetBitContext *gb, JLSState *state, #endif ret = get_ur_golomb_jpegls(gb, k, state->limit - limit_add - 1, state->qbpp); +if (ret < 0) +return -0x1; /* decode mapped error */ map = 0; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeglsdec: Fix if( code style
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Tue Feb 15 21:01:06 2022 +0100| [025bf57f77ed3751a425faa3e4728762926958b0] |
committer: Michael Niedermayer
avcodec/jpeglsdec: Fix if( code style
Signed-off-by: Michael Niedermayer
(cherry picked from commit f306b8e80ab04cfd8f6cd577a4484cb791d6e765)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=025bf57f77ed3751a425faa3e4728762926958b0
---
libavcodec/jpeglsdec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index a595708955..bae8ea89fa 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -67,7 +67,7 @@ int ff_jpegls_decode_lse(MJpegDecodeContext *s)
s->t3 = get_bits(&s->gb, 16);
s->reset = get_bits(&s->gb, 16);
-if(s->avctx->debug & FF_DEBUG_PICT_INFO) {
+if (s->avctx->debug & FF_DEBUG_PICT_INFO) {
av_log(s->avctx, AV_LOG_DEBUG, "Coding parameters maxval:%d T1:%d
T2:%d T3:%d reset:%d\n",
s->maxval, s->t1, s->t2, s->t3, s->reset);
}
@@ -96,7 +96,7 @@ int ff_jpegls_decode_lse(MJpegDecodeContext *s)
else
maxtab = 65530/wt - 1;
-if(s->avctx->debug & FF_DEBUG_PICT_INFO) {
+if (s->avctx->debug & FF_DEBUG_PICT_INFO) {
av_log(s->avctx, AV_LOG_DEBUG, "LSE palette %d tid:%d wt:%d
maxtab:%d\n", id, tid, wt, maxtab);
}
if (maxtab >= 256) {
@@ -216,7 +216,7 @@ static inline int ls_get_code_runterm(GetBitContext *gb,
JLSState *state,
ret = ret >> 1;
}
-if(FFABS(ret) > 0x)
+if (FFABS(ret) > 0x)
return -0x1;
/* update state */
state->A[Q] += FFABS(ret) - RItype;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Corner case encryption error cleanup in mov_read_senc()
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Wed Feb 9 22:01:03 2022 +0100| [096a936567f17eb510ae32d9d76498373b3a2339] |
committer: Michael Niedermayer
avformat/mov: Corner case encryption error cleanup in mov_read_senc()
Fixes: memleak
Fixes:
42341/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4566632823914496
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8ee0e4abcb8af36cae4eb24d4d6229461c1e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=096a936567f17eb510ae32d9d76498373b3a2339
---
libavformat/mov.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 063cc2bae2..4aa77a318e 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -6105,6 +6105,8 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
}
if (pb->eof_reached) {
av_log(c->fc, AV_LOG_ERROR, "Hit EOF while reading senc\n");
+if (ret >= 0)
+
av_encryption_info_free(encryption_index->encrypted_samples[i]);
ret = AVERROR_INVALIDDATA;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check duration
ffmpeg | branch: release/5.0 | Michael Niedermayer | Mon Feb 14 20:01:35 2022 +0100| [f514336829d1daa7bbcf734f2befdaae79389cb5] | committer: Michael Niedermayer avformat/matroskadec: Check duration Fixes: -nan is outside the range of representable values of type 'long' Fixes: 44614/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6216204841254912 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Andreas Rheinhardt Signed-off-by: Michael Niedermayer (cherry picked from commit 36680078ca3302496d9b0b8a8d7168ce9eabb2bc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f514336829d1daa7bbcf734f2befdaae79389cb5 --- libavformat/matroskadec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index c70c05c55f..89e6ab470c 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -3027,6 +3027,8 @@ static int matroska_read_header(AVFormatContext *s) if (!matroska->time_scale) matroska->time_scale = 100; +if (isnan(matroska->duration)) +matroska->duration = 0; if (matroska->duration) matroska->ctx->duration = matroska->duration * matroska->time_scale * 1000 / AV_TIME_BASE; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/argo_asf: Fix order of operations in error check in argo_asf_write_trailer()
ffmpeg | branch: release/5.0 | Michael Niedermayer | Mon Feb 14 20:24:07 2022 +0100| [6bd882f98a1865bba25c44e9ecb49909043dc32b] | committer: Michael Niedermayer avformat/argo_asf: Fix order of operations in error check in argo_asf_write_trailer() Signed-off-by: Michael Niedermayer (cherry picked from commit c8c12fb5d69107f94c5a0be14d0f3646861c60d1) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bd882f98a1865bba25c44e9ecb49909043dc32b --- libavformat/argo_asf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/argo_asf.c b/libavformat/argo_asf.c index 2b3569ebc3..d26844d1e2 100644 --- a/libavformat/argo_asf.c +++ b/libavformat/argo_asf.c @@ -423,7 +423,7 @@ static int argo_asf_write_trailer(AVFormatContext *s) ArgoASFMuxContext *ctx = s->priv_data; int64_t ret; -if ((ret = avio_seek(s->pb, ASF_FILE_HEADER_SIZE, SEEK_SET) < 0)) +if ((ret = avio_seek(s->pb, ASF_FILE_HEADER_SIZE, SEEK_SET)) < 0) return ret; avio_wl32(s->pb, (uint32_t)ctx->nb_blocks); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/movtextdec: add () to CMP() macro to avoid unexpected behavior
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Mon Feb 14 20:20:47 2022 +0100| [405c75998d5dc2a700362ec1163133c67cf361c5] |
committer: Michael Niedermayer
avcodec/movtextdec: add () to CMP() macro to avoid unexpected behavior
Reviewed-by: Andreas Rheinhardt
Signed-off-by: Michael Niedermayer
(cherry picked from commit c182c706589de2b513331c61a8597fa863d4e97f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=405c75998d5dc2a700362ec1163133c67cf361c5
---
libavcodec/movtextdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/movtextdec.c b/libavcodec/movtextdec.c
index 825632ca9b..dc30fdc698 100644
--- a/libavcodec/movtextdec.c
+++ b/libavcodec/movtextdec.c
@@ -263,7 +263,7 @@ static int decode_hclr(const uint8_t *tsmb, MovTextContext
*m, uint64_t size)
static int styles_equivalent(const StyleBox *a, const StyleBox *b)
{
-#define CMP(field) a->field == b->field
+#define CMP(field) ((a)->field == (b)->field)
return CMP(bold) && CMP(italic) && CMP(underline) && CMP(color) &&
CMP(alpha) && CMP(fontsize) && CMP(font_id);
#undef CMP
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/argo_cvg:: Fix order of operations in error check in argo_cvg_write_trailer()
ffmpeg | branch: release/5.0 | Michael Niedermayer | Mon Feb 14 20:24:07 2022 +0100| [5c4fdf111e88be8fd5dfcfe7a3f91e8afd68925d] | committer: Michael Niedermayer avformat/argo_cvg:: Fix order of operations in error check in argo_cvg_write_trailer() Signed-off-by: Michael Niedermayer (cherry picked from commit 70a1024290b7a6a6d544a16dc80daea9bfce0b13) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c4fdf111e88be8fd5dfcfe7a3f91e8afd68925d --- libavformat/argo_cvg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/argo_cvg.c b/libavformat/argo_cvg.c index e1854b4493..c5da32536d 100644 --- a/libavformat/argo_cvg.c +++ b/libavformat/argo_cvg.c @@ -350,7 +350,7 @@ static int argo_cvg_write_trailer(AVFormatContext *s) */ avio_wl32(s->pb, ctx->checksum); -if ((ret = avio_seek(s->pb, 0, SEEK_SET) < 0)) +if ((ret = avio_seek(s->pb, 0, SEEK_SET)) < 0) return ret; avio_wl32(s->pb, (uint32_t)ctx->size); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mov: Disallow empty sidx
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Wed Mar 2 13:01:53 2022 +0100| [f87f1005582dee59b51eda461cb7fa8b3098de1a] |
committer: Michael Niedermayer
avformat/mov: Disallow empty sidx
It appears this is not allowed "Each Segment Index box documents how a
(sub)segment is divided into one or more subsegments
(which may themselves be further subdivided using Segment Index boxes)."
Fixes: Null pointer dereference
Fixes: Ticket9517
Reviewed-by: Paul B Mahol
Signed-off-by: Michael Niedermayer
(cherry picked from commit 4419433d77278cb742944c4514be5f72a04103c0)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f87f1005582dee59b51eda461cb7fa8b3098de1a
---
libavformat/mov.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 4aa77a318e..6fb09df7e1 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -5118,6 +5118,8 @@ static int mov_read_sidx(MOVContext *c, AVIOContext *pb,
MOVAtom atom)
avio_rb16(pb); // reserved
item_count = avio_rb16(pb);
+if (item_count == 0)
+return AVERROR_INVALIDDATA;
for (i = 0; i < item_count; i++) {
int index;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/avidec: Check height
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sun Feb 27 21:44:29 2022 +0100| [432cbff7bbd0f480ab47b49b3ddb5a749fb84c53] | committer: Michael Niedermayer avformat/avidec: Check height Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: Ticket8486 Signed-off-by: Michael Niedermayer (cherry picked from commit ec8ff659f57786c4cb089b07dfeab7e5cbab8d52) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=432cbff7bbd0f480ab47b49b3ddb5a749fb84c53 --- libavformat/avidec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/avidec.c b/libavformat/avidec.c index 86f857b1e3..8584b4a882 100644 --- a/libavformat/avidec.c +++ b/libavformat/avidec.c @@ -862,6 +862,8 @@ static int avi_read_header(AVFormatContext *s) memcpy(st->codecpar->extradata + st->codecpar->extradata_size - 9, "BottomUp", 9); } +if (st->codecpar->height == INT_MIN) +return AVERROR_INVALIDDATA; st->codecpar->height = FFABS(st->codecpar->height); //avio_skip(pb, size - 5 * 4); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rmdec: Better duplicate tags check
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Thu Feb 24 00:26:08 2022 +0100| [32778e5a5e640d00b5f565107a230f56312423f3] |
committer: Michael Niedermayer
avformat/rmdec: Better duplicate tags check
Fixes: memleaks
Fixes:
44810/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5619494647627776
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 15a646e5018078a0954918f510f819a5599f0445)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=32778e5a5e640d00b5f565107a230f56312423f3
---
libavformat/rmdec.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 3a3f6aaf09..b0a38bee83 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -127,10 +127,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s,
AVIOContext *pb,
uint32_t version;
int ret;
-// Duplicate tags
-if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)
-return AVERROR_INVALIDDATA;
-
/* ra type header */
version = avio_rb16(pb); /* version */
if (version == 3) {
@@ -330,6 +326,11 @@ int ff_rm_read_mdpr_codecdata(AVFormatContext *s,
AVIOContext *pb,
if (codec_data_size == 0)
return 0;
+// Duplicate tags
+if ( st->codecpar->codec_type != AVMEDIA_TYPE_UNKNOWN
+&& st->codecpar->codec_type != AVMEDIA_TYPE_DATA)
+return AVERROR_INVALIDDATA;
+
avpriv_set_pts_info(st, 64, 1, 1000);
codec_pos = avio_tell(pb);
v = avio_rb32(pb);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/g729_parser: Check channels
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sun Feb 27 14:43:04 2022 +0100| [95322e07673885ebcbb8fd54f30a9b8f17d5be6a] | committer: Michael Niedermayer avcodec/g729_parser: Check channels Fixes: signed integer overflow: 10 * 808464428 cannot be represented in type 'int' Fixes: assertion failure Fixes: ticket9651 Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 757da974b21833529cc41bdcc9684c29660cdfa8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=95322e07673885ebcbb8fd54f30a9b8f17d5be6a --- libavcodec/g729_parser.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/g729_parser.c b/libavcodec/g729_parser.c index 8c06ce4ee6..4dcdeab651 100644 --- a/libavcodec/g729_parser.c +++ b/libavcodec/g729_parser.c @@ -48,6 +48,9 @@ static int g729_parse(AVCodecParserContext *s1, AVCodecContext *avctx, s->block_size = (avctx->bit_rate < 8000) ? G729D_6K4_BLOCK_SIZE : G729_8K_BLOCK_SIZE; if (avctx->codec_id == AV_CODEC_ID_ACELP_KELVIN) s->block_size++; +// channels > 2 is invalid, we pass the packet on unchanged +if (avctx->channels > 2) +s->block_size = 0; s->block_size *= avctx->channels; s->duration = avctx->frame_size; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/speexdec: Use correct doxygen comments
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Tue Feb 15 22:35:32 2022 +0100| [637bda4cdde2864dfc4b888f9654609c0ab6b1ed] |
committer: Michael Niedermayer
avcodec/speexdec: Use correct doxygen comments
Signed-off-by: Michael Niedermayer
(cherry picked from commit 487679cc50481c29277fb52601b00b6d2e3178fe)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=637bda4cdde2864dfc4b888f9654609c0ab6b1ed
---
libavcodec/speexdec.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
index dcbdf5e010..7c61c9b0e0 100644
--- a/libavcodec/speexdec.c
+++ b/libavcodec/speexdec.c
@@ -164,7 +164,7 @@ typedef struct SpeexSubmode {
} SpeexSubmode;
typedef struct SpeexMode {
-int modeID; /** ID of the mode */
+int modeID; /**< ID of the mode */
int (*decode)(AVCodecContext *avctx, void *dec, GetBitContext *gb, float
*out);
int frame_size; /**< Size of frames used for decoding */
int subframe_size; /**< Size of sub-frames used for decoding */
@@ -176,8 +176,8 @@ typedef struct SpeexMode {
typedef struct DecoderState {
const SpeexMode *mode;
-int modeID; /** ID of the decoder mode */
-int first; /** Is first frame */
+int modeID; /**< ID of the decoder mode */
+int first; /**< Is first frame */
int full_frame_size; /**< Length of full-band frames */
int is_wideband; /**< If wideband is present */
int count_lost; /**< Was the last frame lost? */
@@ -186,12 +186,12 @@ typedef struct DecoderState {
int nb_subframes; /**< Number of high-band sub-frames */
int lpc_size; /**< Order of high-band LPC analysis */
float last_ol_gain; /**< Open-loop gain for previous frame */
-float *innov_save; /** If non-NULL, innovation is copied here */
+float *innov_save; /**< If non-NULL, innovation is copied here */
/* This is used in packet loss concealment */
int last_pitch; /**< Pitch of last correctly decoded frame */
float last_pitch_gain; /**< Pitch gain of last correctly decoded frame */
-uint32_t seed; /** Seed used for random number generation */
+uint32_t seed; /**< Seed used for random number generation */
int encode_submode;
const SpeexSubmode *const *submodes; /**< Sub-mode data */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/argo: Check packet size
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sun Feb 27 00:59:25 2022 +0100| [849a20343dbf68ed5c9902bd53231b8a338b10e6] | committer: Michael Niedermayer avcodec/argo: Check packet size Fixes: Timeout Fixes: 45052/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ARGO_fuzzer-6033489206575104 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 1bed27acefaab1b4c1813b8adc6468ca952a43f3) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=849a20343dbf68ed5c9902bd53231b8a338b10e6 --- libavcodec/argo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/argo.c b/libavcodec/argo.c index 66f3d96480..58cc9984bc 100644 --- a/libavcodec/argo.c +++ b/libavcodec/argo.c @@ -607,6 +607,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, uint32_t chunk; int ret; +if (avpkt->size < 4) +return AVERROR_INVALIDDATA; + bytestream2_init(gb, avpkt->data, avpkt->size); if ((ret = ff_reget_buffer(avctx, frame, 0)) < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/speexdec: Align some comments
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Tue Feb 15 22:40:52 2022 +0100| [ee16bb81de209fc390cf4ef17cf1c27331ce912e] |
committer: Michael Niedermayer
avcodec/speexdec: Align some comments
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6530c240c86adb92a499470002da10742d1a1e6a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee16bb81de209fc390cf4ef17cf1c27331ce912e
---
libavcodec/speexdec.c | 40
1 file changed, 20 insertions(+), 20 deletions(-)
diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
index 7c61c9b0e0..ee95417deb 100644
--- a/libavcodec/speexdec.c
+++ b/libavcodec/speexdec.c
@@ -166,37 +166,37 @@ typedef struct SpeexSubmode {
typedef struct SpeexMode {
int modeID; /**< ID of the mode */
int (*decode)(AVCodecContext *avctx, void *dec, GetBitContext *gb, float
*out);
-int frame_size; /**< Size of frames used for decoding */
-int subframe_size; /**< Size of sub-frames used for decoding */
-int lpc_size; /**< Order of LPC filter */
-float folding_gain; /**< Folding gain */
+int frame_size; /**< Size of frames used for decoding */
+int subframe_size; /**< Size of sub-frames used for decoding */
+int lpc_size; /**< Order of LPC filter */
+float folding_gain; /**< Folding gain */
const SpeexSubmode *submodes[NB_SUBMODES]; /**< Sub-mode data for the mode
*/
-int default_submode; /**< Default sub-mode to use when decoding */
+int default_submode;/**< Default sub-mode to use when decoding */
} SpeexMode;
typedef struct DecoderState {
const SpeexMode *mode;
int modeID; /**< ID of the decoder mode */
int first; /**< Is first frame */
-int full_frame_size; /**< Length of full-band frames */
-int is_wideband; /**< If wideband is present */
-int count_lost; /**< Was the last frame lost? */
-int frame_size; /**< Length of high-band frames */
-int subframe_size; /**< Length of high-band sub-frames */
-int nb_subframes; /**< Number of high-band sub-frames */
-int lpc_size; /**< Order of high-band LPC analysis */
-float last_ol_gain; /**< Open-loop gain for previous frame */
+int full_frame_size;/**< Length of full-band frames */
+int is_wideband;/**< If wideband is present */
+int count_lost; /**< Was the last frame lost? */
+int frame_size; /**< Length of high-band frames */
+int subframe_size; /**< Length of high-band sub-frames */
+int nb_subframes; /**< Number of high-band sub-frames */
+int lpc_size; /**< Order of high-band LPC analysis */
+float last_ol_gain; /**< Open-loop gain for previous frame */
float *innov_save; /**< If non-NULL, innovation is copied here */
/* This is used in packet loss concealment */
-int last_pitch; /**< Pitch of last correctly decoded frame */
-float last_pitch_gain; /**< Pitch gain of last correctly decoded frame */
+int last_pitch; /**< Pitch of last correctly decoded frame */
+float last_pitch_gain; /**< Pitch gain of last correctly decoded frame */
uint32_t seed; /**< Seed used for random number generation */
int encode_submode;
const SpeexSubmode *const *submodes; /**< Sub-mode data */
-int submodeID; /**< Activated sub-mode */
-int lpc_enh_enabled; /**< 1 when LPC enhancer is on, 0 otherwise */
+int submodeID; /**< Activated sub-mode */
+int lpc_enh_enabled;/**< 1 when LPC enhancer is on, 0 otherwise */
/* Vocoder data */
float voc_m1;
@@ -205,10 +205,10 @@ typedef struct DecoderState {
int voc_offset;
int dtx_enabled;
-int highpass_enabled; /**< Is the input filter enabled */
+int highpass_enabled; /**< Is the input filter enabled */
-float *exc; /**< Start of excitation frame */
-float mem_hp[2]; /**< High-pass filter memory */
+float *exc; /**< Start of excitation frame */
+float mem_hp[2];/**< High-pass filter memory */
float exc_buf[NB_DEC_BUFFER]; /**< Excitation buffer */
float old_qlsp[NB_ORDER]; /**< Quantized LSPs for previous frame */
float interp_qlpc[NB_ORDER]; /**< Interpolated quantized LPCs */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Use rounded down duration in get_cue_desc() check
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Thu Mar 10 23:24:49 2022 +0100| [49f8f8ba20389dbf8b6a8119a697006b15f7cf62] |
committer: Michael Niedermayer
avformat/matroskadec: Use rounded down duration in get_cue_desc() check
Floating point is evil, it would be better if duration was not a double
Fixes: Infinite loop
Fixes:
45123/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6725052291219456
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit bd3a03db9aef72ee36a7cc964171e9f52967f4bc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=49f8f8ba20389dbf8b6a8119a697006b15f7cf62
---
libavformat/matroskadec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 89e6ab470c..2a2474be7a 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -3974,7 +3974,8 @@ static CueDesc get_cue_desc(AVFormatContext *s, int64_t
ts, int64_t cues_start)
CueDesc cue_desc;
int i;
-if (ts >= matroska->duration * matroska->time_scale) return (CueDesc) {-1,
-1, -1, -1};
+if (ts >= (int64_t)(matroska->duration * matroska->time_scale))
+return (CueDesc) {-1, -1, -1, -1};
for (i = 1; i < nb_index_entries; i++) {
if (index_entries[i - 1].timestamp * matroska->time_scale <= ts &&
index_entries[i].timestamp * matroska->time_scale > ts) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mjpegbdec: Set buf_size
ffmpeg | branch: release/5.0 | Michael Niedermayer | Fri Mar 11 20:25:48 2022 +0100| [780de33f322f8152f830ccadf125a382facc7a43] | committer: Michael Niedermayer avcodec/mjpegbdec: Set buf_size Fixes: Timeout Fixes: 45170/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEGB_fuzzer-5874820431085568 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=780de33f322f8152f830ccadf125a382facc7a43 --- libavcodec/mjpegbdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c index 218be41192..c3d3125142 100644 --- a/libavcodec/mjpegbdec.c +++ b/libavcodec/mjpegbdec.c @@ -57,6 +57,7 @@ static int mjpegb_decode_frame(AVCodecContext *avctx, buf_end = buf + buf_size; s->got_picture = 0; s->adobe_transform = -1; +s->buf_size = buf_size; read_header: /* reset on every SOI */ ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/libuavs3d: Check ff_set_dimensions() for failure
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Thu Feb 10 00:06:12 2022 +0100| [debfbad67ad56672e6da86a339a3a2212512e65a] |
committer: Michael Niedermayer
avcodec/libuavs3d: Check ff_set_dimensions() for failure
Untested, no testcase
Signed-off-by: Michael Niedermayer
(cherry picked from commit e88b99afdffce269e7a6a588948c4e00b86536f6)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=debfbad67ad56672e6da86a339a3a2212512e65a
---
libavcodec/libuavs3d.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/libuavs3d.c b/libavcodec/libuavs3d.c
index 0b5c6268a4..d8d09cacbc 100644
--- a/libavcodec/libuavs3d.c
+++ b/libavcodec/libuavs3d.c
@@ -208,7 +208,9 @@ static int libuavs3d_decode_frame(AVCodecContext *avctx,
void *data, int *got_fr
}
avctx->has_b_frames = !seqh->low_delay;
avctx->pix_fmt = seqh->bit_depth_internal == 8 ?
AV_PIX_FMT_YUV420P : AV_PIX_FMT_YUV420P10LE;
-ff_set_dimensions(avctx, seqh->horizontal_size,
seqh->vertical_size);
+ret = ff_set_dimensions(avctx, seqh->horizontal_size,
seqh->vertical_size);
+if (ret < 0)
+return ret;
h->got_seqhdr = 1;
if (seqh->colour_description) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior
ffmpeg | branch: release/5.0 | Michael Niedermayer | Tue Feb 8 00:43:56 2022 +0100| [af2913d46f47067f7ddae926433b842b738e7972] | committer: Michael Niedermayer avcodec/sonic: Use unsigned for predictor_k to avoid undefined behavior Fixes: signed integer overflow: -1094995529 * 24 cannot be represented in type 'int' Fixes: 44436/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SONIC_fuzzer-4874459459223552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 28008bf95ed9b2ab5945ae6658358ad7c7f1df35) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=af2913d46f47067f7ddae926433b842b738e7972 --- libavcodec/sonic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/sonic.c b/libavcodec/sonic.c index 63a613f77d..b4935e7ea2 100644 --- a/libavcodec/sonic.c +++ b/libavcodec/sonic.c @@ -1003,7 +1003,7 @@ static int sonic_decode_frame(AVCodecContext *avctx, // dequantize for (i = 0; i < s->num_taps; i++) -s->predictor_k[i] *= s->tap_quant[i]; +s->predictor_k[i] *= (unsigned) s->tap_quant[i]; if (s->lossless) quant = 1; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Check pre_ns
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sun Feb 13 15:20:02 2022 +0100| [ffe1ded4571493549f7ba5530afa792505418775] | committer: Michael Niedermayer avformat/matroskadec: Check pre_ns Fixes: division by 0 Fixes: 44615/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6681108677263360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 710e51677a6f3a5c2b37dc31a597957a22a5e531) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ffe1ded4571493549f7ba5530afa792505418775 --- libavformat/matroskadec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 2a2474be7a..4fd4bb94b4 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -4170,6 +4170,8 @@ static int64_t webm_dash_manifest_compute_bandwidth(AVFormatContext *s, int64_t // prebuffered. pre_bytes = desc_end.end_offset - desc_end.start_offset; pre_ns = desc_end.end_time_ns - desc_end.start_time_ns; +if (pre_ns <= 0) +return -1; pre_sec = pre_ns / nano_seconds_per_second; prebuffer_bytes += pre_bytes * ((temp_prebuffer_ns / nano_seconds_per_second) / pre_sec); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/pixlet: Avoid signed integer overflow in scaling in filterfn()
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Mon Oct 26 21:30:19 2020 +0100| [e35f91059163bc61b3841e78099d6340fbce8dcf] |
committer: Michael Niedermayer
avcodec/pixlet: Avoid signed integer overflow in scaling in filterfn()
Fixes: signed integer overflow: 11494 * 107374182400 cannot be represented
in type 'long'
Fixes:
26586/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PIXLET_fuzzer-5752633970917376
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 0c1f20c6c858b753effda274b58ef635d1924915)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e35f91059163bc61b3841e78099d6340fbce8dcf
---
libavcodec/pixlet.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/pixlet.c b/libavcodec/pixlet.c
index 5361bc42bf..83949a2ce3 100644
--- a/libavcodec/pixlet.c
+++ b/libavcodec/pixlet.c
@@ -405,7 +405,7 @@ static void filterfn(int16_t *dest, int16_t *tmp, unsigned
size, int64_t scale)
(int64_t) low [i - 1] * -INT64_C(325392907) +
(int64_t) high[i + 0] * INT64_C(1518500249) +
(int64_t) high[i - 1] * INT64_C(1518500249);
-dest[i * 2] = av_clip_int16(((value >> 32) * scale) >> 32);
+dest[i * 2] = av_clip_int16(((value >> 32) * (uint64_t)scale) >> 32);
}
for (i = 0; i < hsize; i++) {
@@ -416,7 +416,7 @@ static void filterfn(int16_t *dest, int16_t *tmp, unsigned
size, int64_t scale)
(int64_t) high[i + 1] * INT64_C(303700064) +
(int64_t) high[i + 0] * -INT64_C(3644400640) +
(int64_t) high[i - 1] * INT64_C(303700064);
-dest[i * 2 + 1] = av_clip_int16(((value >> 32) * scale) >> 32);
+dest[i * 2 + 1] = av_clip_int16(((value >> 32) * (uint64_t)scale) >>
32);
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/hls: Check target_duration
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Sun Mar 20 22:54:31 2022 +0100| [478bd4c73f33d7b598f4be8cfe8543cb4f520349] |
committer: Michael Niedermayer
avformat/hls: Check target_duration
Fixes: signed integer overflow: 77 * 100 cannot be represented
in type 'long long'
Fixes:
45545/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6438101247983616
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit a8fd3f7fab83e1beea1c441e1a2e538e7aa431a5)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=478bd4c73f33d7b598f4be8cfe8543cb4f520349
---
libavformat/hls.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index caa4182952..53be0f591c 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -817,10 +817,16 @@ static int parse_playlist(HLSContext *c, const char *url,
&info);
new_rendition(c, &info, url);
} else if (av_strstart(line, "#EXT-X-TARGETDURATION:", &ptr)) {
+int64_t t;
ret = ensure_playlist(c, &pls, url);
if (ret < 0)
goto fail;
-pls->target_duration = strtoll(ptr, NULL, 10) * AV_TIME_BASE;
+t = strtoll(ptr, NULL, 10);
+if (t < 0 || t >= INT64_MAX / AV_TIME_BASE) {
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
+pls->target_duration = t * AV_TIME_BASE;
} else if (av_strstart(line, "#EXT-X-MEDIA-SEQUENCE:", &ptr)) {
uint64_t seq_no;
ret = ensure_playlist(c, &pls, url);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check count in mxf_read_strong_ref_array()
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Sun Mar 13 00:34:52 2022 +0100| [8b13cfcc3c52315efac8e57592a5a62b23ecb174] |
committer: Michael Niedermayer
avformat/mxfdec: Check count in mxf_read_strong_ref_array()
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3015c556f316d4ab364ed55e8bc97cc0f2cc57a3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b13cfcc3c52315efac8e57592a5a62b23ecb174
---
libavformat/mxfdec.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index b85c10bf19..d7cdd22c8a 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -932,7 +932,13 @@ static int mxf_read_cryptographic_context(void *arg,
AVIOContext *pb, int tag, i
static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
{
-*count = avio_rb32(pb);
+unsigned c = avio_rb32(pb);
+
+//avio_read() used int
+if (c > INT_MAX / sizeof(UID))
+return AVERROR_PATCHWELCOME;
+*count = c;
+
av_free(*refs);
*refs = av_calloc(*count, sizeof(UID));
if (!*refs) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Sun Mar 13 00:36:55 2022 +0100| [d63e7c3b393021b791fb27385ecb8ad32450c56a] |
committer: Michael Niedermayer
avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()
Fixes:
42827/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-4900528511909888
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8d6f49cfc339825f3f3f8a910e4bb4c0f822db1f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d63e7c3b393021b791fb27385ecb8ad32450c56a
---
libavformat/mxfdec.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index d7cdd22c8a..828fc0f9f1 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void *arg,
AVIOContext *pb, int tag, i
static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
{
+int64_t ret;
unsigned c = avio_rb32(pb);
//avio_read() used int
@@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID
**refs, int *count)
return AVERROR(ENOMEM);
}
avio_skip(pb, 4); /* useless size of objects, always 16 according to specs
*/
-avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID));
+ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID));
+if (ret != *count * sizeof(UID)) {
+*count = ret < 0 ? 0 : ret / sizeof(UID);
+return ret < 0 ? ret : AVERROR_INVALIDDATA;
+}
+
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Do not clear array in mxf_read_strong_ref_array() before writing
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Sun Mar 13 00:37:35 2022 +0100| [5c1ae6738a5eea49225bb304e16faa8bb5407523] |
committer: Michael Niedermayer
avformat/mxfdec: Do not clear array in mxf_read_strong_ref_array() before
writing
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7aebdb8bf1fc3e09263617a7f49101cba2d43804)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c1ae6738a5eea49225bb304e16faa8bb5407523
---
libavformat/mxfdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 828fc0f9f1..f8c1df796b 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -941,7 +941,7 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID
**refs, int *count)
*count = c;
av_free(*refs);
-*refs = av_calloc(*count, sizeof(UID));
+*refs = av_malloc_array(*count, sizeof(UID));
if (!*refs) {
*count = 0;
return AVERROR(ENOMEM);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafdec: Do not store empty keys in read_info_chunk()
ffmpeg | branch: release/5.0 | Michael Niedermayer | Sat Mar 19 23:36:22 2022 +0100| [518b7474b21be0b6505e120e96475c0464dfe034] | committer: Michael Niedermayer avformat/cafdec: Do not store empty keys in read_info_chunk() Fixes: Timeout Fixes: 45543/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5684953164152832 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 7ec28e1d4cef723485f50f7a08859752b79b570c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=518b7474b21be0b6505e120e96475c0464dfe034 --- libavformat/cafdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index 4b5b15b58d..d5668bfe1a 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -241,6 +241,8 @@ static void read_info_chunk(AVFormatContext *s, int64_t size) char value[1024]; avio_get_str(pb, INT_MAX, key, sizeof(key)); avio_get_str(pb, INT_MAX, value, sizeof(value)); +if (!*key) +continue; av_dict_set(&s->metadata, key, value, 0); } } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aqtitledec: Skip unrepresentable durations
ffmpeg | branch: release/5.0 | Michael Niedermayer |
Sun Mar 20 00:07:50 2022 +0100| [ba595e8d8325c9adfea1a583a19cc99a060f09a5] |
committer: Michael Niedermayer
avformat/aqtitledec: Skip unrepresentable durations
Fixes: signed integer overflow: -5 - 9223372036854775807 cannot be represented
in type 'long'
Fixes:
45665/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-475618463934054
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit c2d1597a8a6470045a8da241d4f65c81f26c3107)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ba595e8d8325c9adfea1a583a19cc99a060f09a5
---
libavformat/aqtitledec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/aqtitledec.c b/libavformat/aqtitledec.c
index a37c9bbeaf..6c14b23862 100644
--- a/libavformat/aqtitledec.c
+++ b/libavformat/aqtitledec.c
@@ -74,7 +74,8 @@ static int aqt_read_header(AVFormatContext *s)
new_event = 1;
pos = avio_tell(s->pb);
if (sub) {
-sub->duration = frame - sub->pts;
+if (frame >= sub->pts && (uint64_t)frame - sub->pts <
INT64_MAX)
+sub->duration = frame - sub->pts;
sub = NULL;
}
} else if (*line) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/av1: only set the private context pix_fmt field if get_pixel_format() succeeds
ffmpeg | branch: release/5.0 | James Almer | Tue Mar 22
15:35:19 2022 -0300| [fd4121a0aa1906f8cc653a0efc2c85c4a35235fe] | committer:
James Almer
avcodec/av1: only set the private context pix_fmt field if get_pixel_format()
succeeds
Otherwise get_pixel_format() will not be called when parsing a subsequent
Sequence
Header in non hwaccel enabled scenarios, allowing frame parsing when it
shouldn't.
This prevents the scenario seqhdr -> frame_hdr/redundant_frame_hdr -> seqhdr ->
redundant_frame_hdr from having the latter redundant frame header parsed as if
it
was a frame header by the decoder because the former was discarded.
Since CBS did not discard it, the latter redundant frame header is output with a
zeroed AV1RawFrameHeader struct, which can have undesired results, like division
by zero with fields normally guaranteed to be anything else.
Fixes: division by zero
Fixes:
43769/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AV1_fuzzer-5392562205097984
Fixes:
43950/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AV1_fuzzer-5769210217758720
Reviewed-by: Michael Niedermayer
Signed-off-by: James Almer
(cherry picked from commit 5670eddf8cd3907f9c0a9e626b5698d27c81c81b)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fd4121a0aa1906f8cc653a0efc2c85c4a35235fe
---
libavcodec/av1dec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index 09df2bf421..81f65ff2fb 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -499,9 +499,8 @@ static int get_pixel_format(AVCodecContext *avctx)
if (pix_fmt == AV_PIX_FMT_NONE)
return -1;
-s->pix_fmt = pix_fmt;
-switch (s->pix_fmt) {
+switch (pix_fmt) {
case AV_PIX_FMT_YUV420P:
#if CONFIG_AV1_DXVA2_HWACCEL
*fmtp++ = AV_PIX_FMT_DXVA2_VLD;
@@ -544,7 +543,7 @@ static int get_pixel_format(AVCodecContext *avctx)
break;
}
-*fmtp++ = s->pix_fmt;
+*fmtp++ = pix_fmt;
*fmtp = AV_PIX_FMT_NONE;
ret = ff_thread_get_format(avctx, pix_fmts);
@@ -562,6 +561,7 @@ static int get_pixel_format(AVCodecContext *avctx)
return AVERROR(ENOSYS);
}
+s->pix_fmt = pix_fmt;
avctx->pix_fmt = ret;
return 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/utils: add missing 22.2 layout entry
ffmpeg | branch: release/5.0 | James Almer | Fri Mar 25 09:26:45 2022 -0300| [8fd2dc3f2bf54fe0bb11daf01296328f868cd281] | committer: James Almer doc/utils: add missing 22.2 layout entry Signed-off-by: James Almer (cherry picked from commit 1e24fad8679aee7b6d746c97295856845cd9c6a6) > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8fd2dc3f2bf54fe0bb11daf01296328f868cd281 --- doc/utils.texi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/utils.texi b/doc/utils.texi index 44ce285d26..b1c25c192a 100644 --- a/doc/utils.texi +++ b/doc/utils.texi @@ -719,6 +719,8 @@ FL+FR+FC+BL+BR+BC+SL+SR FL+FR+FC+BL+BR+BC+SL+SR+WL+WR+TBL+TBR+TBC+TFC+TFL+TFR @item downmix DL+DR +@item 22.2 +FL+FR+FC+LFE+BL+BR+FLC+FRC+BC+SL+SR+TC+TFL+TFC+TFR+TBL+TBC+TBR+LFE2+TSL+TSR+BFC+BFL+BFR @end table A custom channel layout can be specified as a sequence of terms, separated by ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
