[FFmpeg-cvslog] avcodec/cbs_h2645: Remove unnecessary (h264|hevc)_sei.h inclusions
ffmpeg | branch: master | Andreas Rheinhardt | Wed Jun 29 11:31:05 2022 +0200| [55c605f72cd22dab9fd12957332cfd81d3214045] | committer: Andreas Rheinhardt avcodec/cbs_h2645: Remove unnecessary (h264|hevc)_sei.h inclusions They are unnecessary since the SEI enum has been moved to sei.h. Signed-off-by: Andreas Rheinhardt > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=55c605f72cd22dab9fd12957332cfd81d3214045 --- libavcodec/cbs_h2645.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c index 10b3bcc70b..12e38c80b5 100644 --- a/libavcodec/cbs_h2645.c +++ b/libavcodec/cbs_h2645.c @@ -25,10 +25,8 @@ #include "cbs_h264.h" #include "cbs_h265.h" #include "h264.h" -#include "h264_sei.h" #include "h2645_parse.h" #include "hevc.h" -#include "hevc_sei.h" static int cbs_read_ue_golomb(CodedBitstreamContext *ctx, GetBitContext *gbc, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avutil/channel_layout: av_channel_layout_describe_bprint: Check for buffer end
ffmpeg | branch: master | Michael Niedermayer | Thu
Jun 30 00:00:32 2022 +0200| [8154cb7c2ff2afcb1a0842de8c215b7714c814d0] |
committer: Michael Niedermayer
avutil/channel_layout: av_channel_layout_describe_bprint: Check for buffer end
Fixes: Timeout printing a billion channels
Fixes:
48099/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-6754782204788736
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8154cb7c2ff2afcb1a0842de8c215b7714c814d0
---
libavutil/channel_layout.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavutil/channel_layout.c b/libavutil/channel_layout.c
index 21b70173b7..1887987789 100644
--- a/libavutil/channel_layout.c
+++ b/libavutil/channel_layout.c
@@ -757,6 +757,10 @@ int av_channel_layout_describe_bprint(const
AVChannelLayout *channel_layout,
if (channel_layout->order == AV_CHANNEL_ORDER_CUSTOM &&
channel_layout->u.map[i].name[0])
av_bprintf(bp, "@%s", channel_layout->u.map[i].name);
+
+if (!av_bprint_is_complete(bp))
+return AVERROR(ENOMEM);
+
}
if (channel_layout->nb_channels) {
av_bprintf(bp, ")");
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: cleanup size handling for extreem cases
ffmpeg | branch: master | Michael Niedermayer | Wed
Mar 23 14:30:42 2022 +0100| [c6f1e48b86471b1cc91c468e78a065075ed409bd] |
committer: Michael Niedermayer
avformat/aiffdec: cleanup size handling for extreem cases
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c6f1e48b86471b1cc91c468e78a065075ed409bd
---
libavformat/aiffdec.c | 29 -
1 file changed, 12 insertions(+), 17 deletions(-)
diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index d2dc46e251..0487d3f029 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -54,9 +54,9 @@ static enum AVCodecID aiff_codec_get_id(int bps)
}
/* returns the size of the found tag */
-static int get_tag(AVIOContext *pb, uint32_t * tag)
+static int64_t get_tag(AVIOContext *pb, uint32_t * tag)
{
-int size;
+int64_t size;
if (avio_feof(pb))
return AVERROR(EIO);
@@ -64,16 +64,16 @@ static int get_tag(AVIOContext *pb, uint32_t * tag)
*tag = avio_rl32(pb);
size = avio_rb32(pb);
-if (size < 0)
-size = 0x7fff;
-
return size;
}
/* Metadata string read */
-static void get_meta(AVFormatContext *s, const char *key, int size)
+static void get_meta(AVFormatContext *s, const char *key, int64_t size)
{
-uint8_t *str = av_malloc(size+1U);
+uint8_t *str = NULL;
+
+if (size < SIZE_MAX)
+str = av_malloc(size+1);
if (str) {
int res = avio_read(s->pb, str, size);
@@ -90,7 +90,7 @@ static void get_meta(AVFormatContext *s, const char *key, int
size)
}
/* Returns the number of sound data frames or negative on error */
-static int get_aiff_header(AVFormatContext *s, int size,
+static int get_aiff_header(AVFormatContext *s, int64_t size,
unsigned version)
{
AVIOContext *pb= s->pb;
@@ -102,9 +102,6 @@ static int get_aiff_header(AVFormatContext *s, int size,
unsigned int num_frames;
int channels;
-if (size == INT_MAX)
-return AVERROR_INVALIDDATA;
-
if (size & 1)
size++;
par->codec_type = AVMEDIA_TYPE_AUDIO;
@@ -216,7 +213,8 @@ static int aiff_probe(const AVProbeData *p)
/* aiff input */
static int aiff_read_header(AVFormatContext *s)
{
-int ret, size, filesize;
+int ret;
+int64_t filesize, size;
int64_t offset = 0, position;
uint32_t tag;
unsigned version = AIFF_C_VERSION1;
@@ -227,7 +225,7 @@ static int aiff_read_header(AVFormatContext *s)
/* check FORM header */
filesize = get_tag(pb, &tag);
-if (filesize < 0 || tag != MKTAG('F', 'O', 'R', 'M'))
+if (filesize < 4 || tag != MKTAG('F', 'O', 'R', 'M'))
return AVERROR_INVALIDDATA;
/* AIFF data type */
@@ -254,10 +252,7 @@ static int aiff_read_header(AVFormatContext *s)
if (size < 0)
return size;
-if (size >= 0x7fff - 8)
-filesize = 0;
-else
-filesize -= size + 8;
+filesize -= size + 8;
switch (tag) {
case MKTAG('C', 'O', 'M', 'M'): /* Common chunk */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/alacdsp: Make intermediates unsigned
ffmpeg | branch: master | Michael Niedermayer | Thu
Apr 28 23:34:53 2022 +0200| [8709f4c10a216cb3e11564bc392841e832f8e3b1] |
committer: Michael Niedermayer
avcodec/alacdsp: Make intermediates unsigned
Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented
in type 'int'
Fixes:
46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8709f4c10a216cb3e11564bc392841e832f8e3b1
---
libavcodec/alacdsp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/alacdsp.c b/libavcodec/alacdsp.c
index f24c8112dc..b033a27970 100644
--- a/libavcodec/alacdsp.c
+++ b/libavcodec/alacdsp.c
@@ -29,12 +29,12 @@ static void decorrelate_stereo(int32_t *buffer[2], int
nb_samples,
int i;
for (i = 0; i < nb_samples; i++) {
-int32_t a, b;
+uint32_t a, b;
a = buffer[0][i];
b = buffer[1][i];
-a -= (int)(b * (unsigned)decorr_left_weight) >> decorr_shift;
+a -= (int)(b * decorr_left_weight) >> decorr_shift;
b += a;
buffer[0][i] = b;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
