[FFmpeg-cvslog] avcodec/exr: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 11:27:28
2022 +0200| [cea1e1f261b8d185df7effceedc135cbb6be4681] | committer: Paul B Mahol
avcodec/exr: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cea1e1f261b8d185df7effceedc135cbb6be4681
---
libavcodec/exr.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index f10754d6ae..6a0af96ce4 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -2121,6 +2121,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame
*picture,
ff_set_sar(s->avctx, av_d2q(av_int2float(s->sar), 255));
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
s->desc = av_pix_fmt_desc_get(avctx->pix_fmt);
if (!s->desc)
return AVERROR_INVALIDDATA;
@@ -2351,5 +2354,6 @@ const FFCodec ff_exr_decoder = {
FF_CODEC_DECODE_CB(decode_frame),
.p.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS |
AV_CODEC_CAP_SLICE_THREADS,
+.caps_internal= FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
.p.priv_class = &exr_class,
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/xwddec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 11:33:45
2022 +0200| [1e079525d5ae692bc0470bc5f6bcc04b11fc8b1d] | committer: Paul B Mahol
avcodec/xwddec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1e079525d5ae692bc0470bc5f6bcc04b11fc8b1d
---
libavcodec/xwddec.c | 20 +++-
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/libavcodec/xwddec.c b/libavcodec/xwddec.c
index cee230a363..6c5bc44a02 100644
--- a/libavcodec/xwddec.c
+++ b/libavcodec/xwddec.c
@@ -32,8 +32,6 @@
static int xwd_decode_frame(AVCodecContext *avctx, AVFrame *p,
int *got_frame, AVPacket *avpkt)
{
-const uint8_t *buf = avpkt->data;
-int i, ret, buf_size = avpkt->size;
uint32_t version, header_size, vclass, ncolors;
uint32_t xoffset, be, bpp, lsize, rsize;
uint32_t pixformat, pixdepth, bunit, bitorder, bpad;
@@ -41,11 +39,12 @@ static int xwd_decode_frame(AVCodecContext *avctx, AVFrame
*p,
uint8_t *ptr;
int width, height;
GetByteContext gb;
+int ret;
-if (buf_size < XWD_HEADER_SIZE)
+if (avpkt->size < XWD_HEADER_SIZE)
return AVERROR_INVALIDDATA;
-bytestream2_init(&gb, buf, buf_size);
+bytestream2_init(&gb, avpkt->data, avpkt->size);
header_size = bytestream2_get_be32u(&gb);
version = bytestream2_get_be32u(&gb);
@@ -54,7 +53,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, AVFrame *p,
return AVERROR_INVALIDDATA;
}
-if (buf_size < header_size || header_size < XWD_HEADER_SIZE) {
+if (avpkt->size < header_size || header_size < XWD_HEADER_SIZE) {
av_log(avctx, AV_LOG_ERROR, "invalid header size\n");
return AVERROR_INVALIDDATA;
}
@@ -211,6 +210,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, AVFrame
*p,
return AVERROR_PATCHWELCOME;
}
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
if ((ret = ff_get_buffer(avctx, p, 0)) < 0)
return ret;
@@ -221,8 +223,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, AVFrame
*p,
uint32_t *dst = (uint32_t *)p->data[1];
uint8_t red, green, blue;
-for (i = 0; i < ncolors; i++) {
-
+for (int i = 0; i < ncolors; i++) {
bytestream2_skipu(&gb, 4); // skip colormap entry number
red= bytestream2_get_byteu(&gb);
bytestream2_skipu(&gb, 1);
@@ -236,7 +237,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, AVFrame
*p,
}
ptr = p->data[0];
-for (i = 0; i < avctx->height; i++) {
+for (int i = 0; i < avctx->height; i++) {
bytestream2_get_bufferu(&gb, ptr, rsize);
bytestream2_skipu(&gb, lsize - rsize);
ptr += p->linesize[0];
@@ -244,7 +245,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, AVFrame
*p,
*got_frame = 1;
-return buf_size;
+return avpkt->size;
}
const FFCodec ff_xwd_decoder = {
@@ -253,5 +254,6 @@ const FFCodec ff_xwd_decoder = {
.p.type = AVMEDIA_TYPE_VIDEO,
.p.id = AV_CODEC_ID_XWD,
.p.capabilities = AV_CODEC_CAP_DR1,
+.caps_internal = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
FF_CODEC_DECODE_CB(xwd_decode_frame),
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/hdrdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 11:40:07
2022 +0200| [eb9045455d7f4d5696320c92ae378c8221d26f79] | committer: Paul B Mahol
avcodec/hdrdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb9045455d7f4d5696320c92ae378c8221d26f79
---
libavcodec/hdrdec.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libavcodec/hdrdec.c b/libavcodec/hdrdec.c
index 7727826e2a..21d3e7f693 100644
--- a/libavcodec/hdrdec.c
+++ b/libavcodec/hdrdec.c
@@ -88,14 +88,13 @@ static int decompress(uint8_t *scanline, int w,
GetByteContext *gb, const uint8_
static int hdr_decode_frame(AVCodecContext *avctx, AVFrame *p,
int *got_frame, AVPacket *avpkt)
{
-const uint8_t *buf = avpkt->data;
-int ret, buf_size = avpkt->size;
int width = 0, height = 0;
GetByteContext gb;
uint8_t line[512];
float sar;
+int ret;
-bytestream2_init(&gb, buf, buf_size);
+bytestream2_init(&gb, avpkt->data, avpkt->size);
hdr_get_line(&gb, line, sizeof(line));
if (memcmp("#?RADIANCE\n", line, 11))
return AVERROR_INVALIDDATA;
@@ -129,6 +128,10 @@ static int hdr_decode_frame(AVCodecContext *avctx, AVFrame
*p,
return ret;
avctx->pix_fmt = AV_PIX_FMT_GBRPF32;
+
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
if ((ret = ff_thread_get_buffer(avctx, p, 0)) < 0)
return ret;
@@ -206,7 +209,7 @@ convert:
*got_frame = 1;
-return buf_size;
+return avpkt->size;
}
const FFCodec ff_hdr_decoder = {
@@ -215,5 +218,6 @@ const FFCodec ff_hdr_decoder = {
.p.type = AVMEDIA_TYPE_VIDEO,
.p.id = AV_CODEC_ID_RADIANCE_HDR,
.p.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS,
+.caps_internal = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
FF_CODEC_DECODE_CB(hdr_decode_frame),
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qoidec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 11:17:08
2022 +0200| [3c16f9eb0d2eea9c64d011bca6c52f520d66ec09] | committer: Paul B Mahol
avcodec/qoidec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c16f9eb0d2eea9c64d011bca6c52f520d66ec09
---
libavcodec/qoidec.c | 13 -
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/libavcodec/qoidec.c b/libavcodec/qoidec.c
index d218d649de..9414d2fbe9 100644
--- a/libavcodec/qoidec.c
+++ b/libavcodec/qoidec.c
@@ -28,19 +28,18 @@
static int qoi_decode_frame(AVCodecContext *avctx, AVFrame *p,
int *got_frame, AVPacket *avpkt)
{
-const uint8_t *buf = avpkt->data;
-int ret, buf_size = avpkt->size;
int width, height, channels, space, run = 0;
uint8_t index[64][4] = { 0 };
uint8_t px[4] = { 0, 0, 0, 255 };
GetByteContext gb;
uint8_t *dst;
uint64_t len;
+int ret;
-if (buf_size < 20)
+if (avpkt->size < 20)
return AVERROR_INVALIDDATA;
-bytestream2_init(&gb, buf, buf_size);
+bytestream2_init(&gb, avpkt->data, avpkt->size);
bytestream2_skip(&gb, 4);
width = bytestream2_get_be32(&gb);
height = bytestream2_get_be32(&gb);
@@ -61,6 +60,9 @@ static int qoi_decode_frame(AVCodecContext *avctx, AVFrame *p,
default: return AVERROR_INVALIDDATA;
}
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
if ((ret = ff_thread_get_buffer(avctx, p, 0)) < 0)
return ret;
@@ -109,7 +111,7 @@ static int qoi_decode_frame(AVCodecContext *avctx, AVFrame
*p,
*got_frame = 1;
-return buf_size;
+return avpkt->size;
}
const FFCodec ff_qoi_decoder = {
@@ -118,5 +120,6 @@ const FFCodec ff_qoi_decoder = {
.p.type = AVMEDIA_TYPE_VIDEO,
.p.id = AV_CODEC_ID_QOI,
.p.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS,
+.caps_internal = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
FF_CODEC_DECODE_CB(qoi_decode_frame),
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/xbmdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 11:42:40
2022 +0200| [08f6b1e5b3bc0c3d133cefb4e856ba83d7a93678] | committer: Paul B Mahol
avcodec/xbmdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=08f6b1e5b3bc0c3d133cefb4e856ba83d7a93678
---
libavcodec/xbmdec.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/xbmdec.c b/libavcodec/xbmdec.c
index 6a31215329..a0cc1cb8c6 100644
--- a/libavcodec/xbmdec.c
+++ b/libavcodec/xbmdec.c
@@ -82,6 +82,9 @@ static int xbm_decode_frame(AVCodecContext *avctx, AVFrame *p,
if ((ret = ff_set_dimensions(avctx, width, height)) < 0)
return ret;
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
if ((ret = ff_get_buffer(avctx, p, 0)) < 0)
return ret;
@@ -141,5 +144,6 @@ const FFCodec ff_xbm_decoder = {
.p.type = AVMEDIA_TYPE_VIDEO,
.p.id = AV_CODEC_ID_XBM,
.p.capabilities = AV_CODEC_CAP_DR1,
+.caps_internal = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
FF_CODEC_DECODE_CB(xbm_decode_frame),
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/xpmdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 11:54:43
2022 +0200| [3e49c1e07a945b88545381c373dfaf1c1b7c64c3] | committer: Paul B Mahol
avcodec/xpmdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e49c1e07a945b88545381c373dfaf1c1b7c64c3
---
libavcodec/xpmdec.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/xpmdec.c b/libavcodec/xpmdec.c
index d0e5d696e7..ff1f51dd32 100644
--- a/libavcodec/xpmdec.c
+++ b/libavcodec/xpmdec.c
@@ -360,6 +360,9 @@ static int xpm_decode_frame(AVCodecContext *avctx, AVFrame
*p,
if (end - ptr < 1)
return AVERROR_INVALIDDATA;
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
if ((ret = ff_get_buffer(avctx, p, 0)) < 0)
return ret;
@@ -443,5 +446,6 @@ const FFCodec ff_xpm_decoder = {
.p.capabilities = AV_CODEC_CAP_DR1,
.priv_data_size = sizeof(XPMDecContext),
.close = xpm_decode_close,
+.caps_internal = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
FF_CODEC_DECODE_CB(xpm_decode_frame),
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cri: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 12:06:31
2022 +0200| [a44a540ed16e8cac4612df27c470325740bf5a1d] | committer: Paul B Mahol
avcodec/cri: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a44a540ed16e8cac4612df27c470325740bf5a1d
---
libavcodec/cri.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavcodec/cri.c b/libavcodec/cri.c
index ec5c88f897..5761152c2d 100644
--- a/libavcodec/cri.c
+++ b/libavcodec/cri.c
@@ -317,6 +317,9 @@ skip:
if (!s->data || !s->data_size)
return AVERROR_INVALIDDATA;
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
if ((ret = ff_thread_get_buffer(avctx, p, 0)) < 0)
return ret;
@@ -432,6 +435,7 @@ const FFCodec ff_cri_decoder = {
FF_CODEC_DECODE_CB(cri_decode_frame),
.close = cri_decode_close,
.p.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS,
-.caps_internal = FF_CODEC_CAP_INIT_CLEANUP,
+.caps_internal = FF_CODEC_CAP_INIT_CLEANUP |
+ FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
CODEC_LONG_NAME("Cintel RAW"),
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/photocd: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 12:11:45
2022 +0200| [a54da0831ca347e99f5e8f2050b4f102e3b177d8] | committer: Paul B Mahol
avcodec/photocd: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a54da0831ca347e99f5e8f2050b4f102e3b177d8
---
libavcodec/photocd.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/photocd.c b/libavcodec/photocd.c
index f0e1ef7796..3030a80e0d 100644
--- a/libavcodec/photocd.c
+++ b/libavcodec/photocd.c
@@ -325,6 +325,9 @@ static int photocd_decode_frame(AVCodecContext *avctx,
AVFrame *p,
if (ret < 0)
return ret;
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
if ((ret = ff_thread_get_buffer(avctx, p, 0)) < 0)
return ret;
@@ -466,5 +469,6 @@ const FFCodec ff_photocd_decoder = {
.close = photocd_decode_close,
FF_CODEC_DECODE_CB(photocd_decode_frame),
.p.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS,
+.caps_internal = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
CODEC_LONG_NAME("Kodak Photo CD"),
};
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mjpegbdec: Don't create unnecessary AVFrame reference
ffmpeg | branch: master | Andreas Rheinhardt |
Thu Apr 14 17:57:39 2022 +0200| [2f9fa7e3e9e85c736e6ba87192ec8f32bdf069a7] |
committer: Paul B Mahol
avcodec/mjpegbdec: Don't create unnecessary AVFrame reference
MJPEG-B is an intra-codec, so it makes no sense to keep the reference.
It is unused lateron anyway.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f9fa7e3e9e85c736e6ba87192ec8f32bdf069a7
---
libavcodec/mjpegbdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/mjpegbdec.c b/libavcodec/mjpegbdec.c
index dfc55d6cf8..98c64b44ca 100644
--- a/libavcodec/mjpegbdec.c
+++ b/libavcodec/mjpegbdec.c
@@ -142,8 +142,8 @@ read_header:
return buf_size;
}
-if ((ret = av_frame_ref(rframe, s->picture_ptr)) < 0)
-return ret;
+av_frame_move_ref(rframe, s->picture_ptr);
+s->got_picture = 0;
*got_frame = 1;
if (!s->lossless && avctx->debug & FF_DEBUG_QP) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc: mention new audio formats
ffmpeg | branch: master | Paul B Mahol | Sat Sep 24 14:00:09 2022 +0200| [257eea3db44bb4862b0fa56e12f5627cb3f8fed4] | committer: Paul B Mahol doc: mention new audio formats > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=257eea3db44bb4862b0fa56e12f5627cb3f8fed4 --- doc/general_contents.texi | 5 + 1 file changed, 5 insertions(+) diff --git a/doc/general_contents.texi b/doc/general_contents.texi index a632b23f6f..b005cb6c3e 100644 --- a/doc/general_contents.texi +++ b/doc/general_contents.texi @@ -584,8 +584,10 @@ library: @item raw AC-3 @tab X @tab X @item raw AMR-NB@tab @tab X @item raw AMR-WB@tab @tab X +@item raw APAC @tab @tab X @item raw aptX @tab X @tab X @item raw aptX HD @tab X @tab X +@item raw Bonk @tab @tab X @item raw Chinese AVS video @tab X @tab X @item raw DFPWM @tab X @tab X @item raw Dirac @tab X @tab X @@ -1207,6 +1209,7 @@ following image formats are supported: @item ATRAC9 @tab @tab X @item Bink Audio @tab @tab X @tab Used in Bink and Smacker files in many games. +@item Bonk audio @tab @tab X @item CELT @tab @tab E @tab decoding supported through external library libcelt @item codec2 @tab E @tab E @@ -1245,6 +1248,7 @@ following image formats are supported: @item Enhanced AC-3 @tab X @tab X @item EVRC (Enhanced Variable Rate Codec) @tab @tab X @item FLAC (Free Lossless Audio Codec) @tab X @tab IX +@item FTR Voice @tab @tab X @item G.723.1@tab X @tab X @item G.729 @tab @tab X @item GSM@tab E @tab X @@ -1258,6 +1262,7 @@ following image formats are supported: @item Interplay ACM@tab @tab X @item MACE (Macintosh Audio Compression/Expansion) 3:1 @tab @tab X @item MACE (Macintosh Audio Compression/Expansion) 6:1 @tab @tab X +@item Marian's A-pac audio @tab @tab X @item MI-SC4 (Micronas SC-4 Audio) @tab @tab X @item MLP (Meridian Lossless Packing) @tab X @tab X @tab Used in DVD-Audio discs. ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec: add FTR audio decoder and parser
ffmpeg | branch: master | Paul B Mahol | Tue Aug 30 17:14:46
2022 +0200| [a166b8a19bb34afc2c6727f20f551fce9a53d6fe] | committer: Paul B Mahol
avcodec: add FTR audio decoder and parser
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a166b8a19bb34afc2c6727f20f551fce9a53d6fe
---
libavcodec/Makefile | 2 +
libavcodec/allcodecs.c | 1 +
libavcodec/codec_desc.c | 7 ++
libavcodec/codec_id.h | 1 +
libavcodec/ftr.c| 208
libavcodec/ftr_parser.c | 107 +
libavcodec/parsers.c| 1 +
libavcodec/utils.c | 1 +
libavcodec/version.h| 2 +-
libavformat/avidec.c| 1 +
libavformat/riff.c | 3 +
11 files changed, 333 insertions(+), 1 deletion(-)
diff --git a/libavcodec/Makefile b/libavcodec/Makefile
index b9aa6efaac..14434dc06c 100644
--- a/libavcodec/Makefile
+++ b/libavcodec/Makefile
@@ -361,6 +361,7 @@ OBJS-$(CONFIG_FMVC_DECODER)+= fmvc.o
OBJS-$(CONFIG_FOURXM_DECODER) += 4xm.o
OBJS-$(CONFIG_FRAPS_DECODER) += fraps.o
OBJS-$(CONFIG_FRWU_DECODER)+= frwu.o
+OBJS-$(CONFIG_FTR_DECODER) += ftr.o
OBJS-$(CONFIG_G2M_DECODER) += g2meet.o elsdec.o mjpegdec_common.o
OBJS-$(CONFIG_G723_1_DECODER) += g723_1dec.o g723_1.o \
acelp_vectors.o celp_filters.o
celp_math.o
@@ -1133,6 +1134,7 @@ OBJS-$(CONFIG_DVBSUB_PARSER) += dvbsub_parser.o
OBJS-$(CONFIG_DVD_NAV_PARSER) += dvd_nav_parser.o
OBJS-$(CONFIG_DVDSUB_PARSER) += dvdsub_parser.o
OBJS-$(CONFIG_FLAC_PARSER) += flac_parser.o flacdata.o flac.o
+OBJS-$(CONFIG_FTR_PARSER) += ftr_parser.o
OBJS-$(CONFIG_G723_1_PARSER) += g723_1_parser.o
OBJS-$(CONFIG_G729_PARSER) += g729_parser.o
OBJS-$(CONFIG_GIF_PARSER) += gif_parser.o
diff --git a/libavcodec/allcodecs.c b/libavcodec/allcodecs.c
index fc88e25fda..3454823a05 100644
--- a/libavcodec/allcodecs.c
+++ b/libavcodec/allcodecs.c
@@ -468,6 +468,7 @@ extern const FFCodec ff_fastaudio_decoder;
extern const FFCodec ff_ffwavesynth_decoder;
extern const FFCodec ff_flac_encoder;
extern const FFCodec ff_flac_decoder;
+extern const FFCodec ff_ftr_decoder;
extern const FFCodec ff_g723_1_encoder;
extern const FFCodec ff_g723_1_decoder;
extern const FFCodec ff_g729_decoder;
diff --git a/libavcodec/codec_desc.c b/libavcodec/codec_desc.c
index e8e1529401..ee47489b75 100644
--- a/libavcodec/codec_desc.c
+++ b/libavcodec/codec_desc.c
@@ -3311,6 +3311,13 @@ static const AVCodecDescriptor codec_descriptors[] = {
.long_name = NULL_IF_CONFIG_SMALL("Marian's A-pac audio"),
.props = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSLESS,
},
+{
+.id= AV_CODEC_ID_FTR,
+.type = AVMEDIA_TYPE_AUDIO,
+.name = "ftr",
+.long_name = NULL_IF_CONFIG_SMALL("FTR Voice"),
+.props = AV_CODEC_PROP_INTRA_ONLY | AV_CODEC_PROP_LOSSY,
+},
/* subtitle codecs */
{
diff --git a/libavcodec/codec_id.h b/libavcodec/codec_id.h
index 9c01ea9750..a0a720f9ff 100644
--- a/libavcodec/codec_id.h
+++ b/libavcodec/codec_id.h
@@ -530,6 +530,7 @@ enum AVCodecID {
AV_CODEC_ID_BONK,
AV_CODEC_ID_MISC4,
AV_CODEC_ID_APAC,
+AV_CODEC_ID_FTR,
/* subtitle codecs */
AV_CODEC_ID_FIRST_SUBTITLE = 0x17000, ///< A dummy ID pointing at
the start of subtitle codecs.
diff --git a/libavcodec/ftr.c b/libavcodec/ftr.c
new file mode 100644
index 00..277b9be5b8
--- /dev/null
+++ b/libavcodec/ftr.c
@@ -0,0 +1,208 @@
+/*
+ * This file is part of FFmpeg.
+ *
+ * FFmpeg is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * FFmpeg is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with FFmpeg; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "adts_header.h"
+#include "avcodec.h"
+#include "codec_internal.h"
+#include "get_bits.h"
+#include "decode.h"
+
+typedef struct FTRContext {
+AVCodecContext *aac_avctx[64]; // wrapper context for AAC
+int nb_context;
+AVPacket *packet;
+AVFrame *frame;
+} FTRContext;
+
+static av_cold int ftr_init(AVCodecContext *avctx)
+{
+FTRContext *s = avctx->priv_data;
+const AVCodec *codec;
+int ret;
+
+if (avctx->ch_layout.nb_channels > 64 ||
+avctx->ch_layout.nb_channels <= 0)
+retur
[FFmpeg-cvslog] avcodec/opusdec: stop setting deprecated swr options
ffmpeg | branch: master | James Almer | Fri Sep 23 16:43:00
2022 -0300| [1b47190c94317d0d1bb5c60a43005ed78b4808a2] | committer: James Almer
avcodec/opusdec: stop setting deprecated swr options
Signed-off-by: James Almer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b47190c94317d0d1bb5c60a43005ed78b4808a2
---
libavcodec/opusdec.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
index c04aa598b8..d255486d06 100644
--- a/libavcodec/opusdec.c
+++ b/libavcodec/opusdec.c
@@ -640,7 +640,7 @@ static av_cold int opus_decode_init(AVCodecContext *avctx)
for (i = 0; i < c->nb_streams; i++) {
OpusStreamContext *s = &c->streams[i];
-uint64_t layout;
+AVChannelLayout layout;
s->output_channels = (i < c->nb_stereo_streams) ? 2 : 1;
@@ -658,11 +658,12 @@ static av_cold int opus_decode_init(AVCodecContext *avctx)
if (!s->swr)
return AVERROR(ENOMEM);
-layout = (s->output_channels == 1) ? AV_CH_LAYOUT_MONO :
AV_CH_LAYOUT_STEREO;
+layout = (s->output_channels == 1) ?
(AVChannelLayout)AV_CHANNEL_LAYOUT_MONO :
+
(AVChannelLayout)AV_CHANNEL_LAYOUT_STEREO;
av_opt_set_int(s->swr, "in_sample_fmt", avctx->sample_fmt, 0);
av_opt_set_int(s->swr, "out_sample_fmt", avctx->sample_fmt, 0);
-av_opt_set_int(s->swr, "in_channel_layout", layout, 0);
-av_opt_set_int(s->swr, "out_channel_layout", layout, 0);
+av_opt_set_chlayout(s->swr, "in_chlayout", &layout,0);
+av_opt_set_chlayout(s->swr, "out_chlayout", &layout,0);
av_opt_set_int(s->swr, "out_sample_rate",avctx->sample_rate, 0);
av_opt_set_int(s->swr, "filter_size",16, 0);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafenc: derive Opus frame size from the relevant stream parameters
ffmpeg | branch: master | James Almer | Wed Sep 21 00:01:40
2022 -0300| [aa79d13f51aa820c7e5f07784a2512434e68bc46] | committer: James Almer
avformat/cafenc: derive Opus frame size from the relevant stream parameters
Use the stream duration as last resort, as an off-by-one result of the
"st->duration / (caf->packets - 1)" calculation can break playback on some
devices.
Also, don't write the sample_rate value propagated by encoders like libopus.
The sample rate of the audio fed to it is irrelevant after being encoded.
Fixes ticket #9930.
Signed-off-by: James Almer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aa79d13f51aa820c7e5f07784a2512434e68bc46
---
libavformat/cafenc.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/libavformat/cafenc.c b/libavformat/cafenc.c
index fedb430b17..b90811d46f 100644
--- a/libavformat/cafenc.c
+++ b/libavformat/cafenc.c
@@ -53,7 +53,11 @@ static uint32_t codec_flags(enum AVCodecID codec_id) {
}
}
-static uint32_t samples_per_packet(enum AVCodecID codec_id, int channels, int
block_align) {
+static uint32_t samples_per_packet(const AVCodecParameters *par) {
+enum AVCodecID codec_id = par->codec_id;
+int channels = par->ch_layout.nb_channels, block_align = par->block_align;
+int frame_size = par->frame_size, sample_rate = par->sample_rate;
+
switch (codec_id) {
case AV_CODEC_ID_PCM_S8:
case AV_CODEC_ID_PCM_S16LE:
@@ -83,6 +87,8 @@ static uint32_t samples_per_packet(enum AVCodecID codec_id,
int channels, int bl
return 320;
case AV_CODEC_ID_MP1:
return 384;
+case AV_CODEC_ID_OPUS:
+return frame_size * 48000 / sample_rate;
case AV_CODEC_ID_MP2:
case AV_CODEC_ID_MP3:
return 1152;
@@ -110,7 +116,7 @@ static int caf_write_header(AVFormatContext *s)
AVDictionaryEntry *t = NULL;
unsigned int codec_tag = ff_codec_get_tag(ff_codec_caf_tags,
par->codec_id);
int64_t chunk_size = 0;
-int frame_size = par->frame_size;
+int frame_size = par->frame_size, sample_rate = par->sample_rate;
if (s->nb_streams != 1) {
av_log(s, AV_LOG_ERROR, "CAF files have exactly one stream\n");
@@ -139,7 +145,10 @@ static int caf_write_header(AVFormatContext *s)
}
if (par->codec_id != AV_CODEC_ID_MP3 || frame_size != 576)
-frame_size = samples_per_packet(par->codec_id,
par->ch_layout.nb_channels, par->block_align);
+frame_size = samples_per_packet(par);
+
+if (par->codec_id == AV_CODEC_ID_OPUS)
+sample_rate = 48000;
ffio_wfourcc(pb, "caff"); //< mFileType
avio_wb16(pb, 1); //< mFileVersion
@@ -147,7 +156,7 @@ static int caf_write_header(AVFormatContext *s)
ffio_wfourcc(pb, "desc"); //< Audio Description
chunk
avio_wb64(pb, 32);//< mChunkSize
-avio_wb64(pb, av_double2int(par->sample_rate)); //< mSampleRate
+avio_wb64(pb, av_double2int(sample_rate));//< mSampleRate
avio_wl32(pb, codec_tag); //< mFormatID
avio_wb32(pb, codec_flags(par->codec_id));//< mFormatFlags
avio_wb32(pb, par->block_align); //< mBytesPerPacket
@@ -248,7 +257,7 @@ static int caf_write_trailer(AVFormatContext *s)
avio_seek(pb, caf->data, SEEK_SET);
avio_wb64(pb, file_size - caf->data - 8);
if (!par->block_align) {
-int packet_size = samples_per_packet(par->codec_id,
par->ch_layout.nb_channels, par->block_align);
+int packet_size = samples_per_packet(par);
if (!packet_size) {
packet_size = st->duration / (caf->packets - 1);
avio_seek(pb, FRAME_SIZE_OFFSET, SEEK_SET);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafenc: derive Opus frame size from the relevant stream parameters
ffmpeg | branch: release/5.1 | James Almer | Wed Sep 21
00:01:40 2022 -0300| [746a21063065535d6b758a46e86df411bce69d9f] | committer:
James Almer
avformat/cafenc: derive Opus frame size from the relevant stream parameters
Use the stream duration as last resort, as an off-by-one result of the
"st->duration / (caf->packets - 1)" calculation can break playback on some
devices.
Also, don't write the sample_rate value propagated by encoders like libopus.
The sample rate of the audio fed to it is irrelevant after being encoded.
Fixes ticket #9930.
Signed-off-by: James Almer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=746a21063065535d6b758a46e86df411bce69d9f
---
libavformat/cafenc.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/libavformat/cafenc.c b/libavformat/cafenc.c
index fedb430b17..b90811d46f 100644
--- a/libavformat/cafenc.c
+++ b/libavformat/cafenc.c
@@ -53,7 +53,11 @@ static uint32_t codec_flags(enum AVCodecID codec_id) {
}
}
-static uint32_t samples_per_packet(enum AVCodecID codec_id, int channels, int
block_align) {
+static uint32_t samples_per_packet(const AVCodecParameters *par) {
+enum AVCodecID codec_id = par->codec_id;
+int channels = par->ch_layout.nb_channels, block_align = par->block_align;
+int frame_size = par->frame_size, sample_rate = par->sample_rate;
+
switch (codec_id) {
case AV_CODEC_ID_PCM_S8:
case AV_CODEC_ID_PCM_S16LE:
@@ -83,6 +87,8 @@ static uint32_t samples_per_packet(enum AVCodecID codec_id,
int channels, int bl
return 320;
case AV_CODEC_ID_MP1:
return 384;
+case AV_CODEC_ID_OPUS:
+return frame_size * 48000 / sample_rate;
case AV_CODEC_ID_MP2:
case AV_CODEC_ID_MP3:
return 1152;
@@ -110,7 +116,7 @@ static int caf_write_header(AVFormatContext *s)
AVDictionaryEntry *t = NULL;
unsigned int codec_tag = ff_codec_get_tag(ff_codec_caf_tags,
par->codec_id);
int64_t chunk_size = 0;
-int frame_size = par->frame_size;
+int frame_size = par->frame_size, sample_rate = par->sample_rate;
if (s->nb_streams != 1) {
av_log(s, AV_LOG_ERROR, "CAF files have exactly one stream\n");
@@ -139,7 +145,10 @@ static int caf_write_header(AVFormatContext *s)
}
if (par->codec_id != AV_CODEC_ID_MP3 || frame_size != 576)
-frame_size = samples_per_packet(par->codec_id,
par->ch_layout.nb_channels, par->block_align);
+frame_size = samples_per_packet(par);
+
+if (par->codec_id == AV_CODEC_ID_OPUS)
+sample_rate = 48000;
ffio_wfourcc(pb, "caff"); //< mFileType
avio_wb16(pb, 1); //< mFileVersion
@@ -147,7 +156,7 @@ static int caf_write_header(AVFormatContext *s)
ffio_wfourcc(pb, "desc"); //< Audio Description
chunk
avio_wb64(pb, 32);//< mChunkSize
-avio_wb64(pb, av_double2int(par->sample_rate)); //< mSampleRate
+avio_wb64(pb, av_double2int(sample_rate));//< mSampleRate
avio_wl32(pb, codec_tag); //< mFormatID
avio_wb32(pb, codec_flags(par->codec_id));//< mFormatFlags
avio_wb32(pb, par->block_align); //< mBytesPerPacket
@@ -248,7 +257,7 @@ static int caf_write_trailer(AVFormatContext *s)
avio_seek(pb, caf->data, SEEK_SET);
avio_wb64(pb, file_size - caf->data - 8);
if (!par->block_align) {
-int packet_size = samples_per_packet(par->codec_id,
par->ch_layout.nb_channels, par->block_align);
+int packet_size = samples_per_packet(par);
if (!packet_size) {
packet_size = st->duration / (caf->packets - 1);
avio_seek(pb, FRAME_SIZE_OFFSET, SEEK_SET);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafenc: derive Opus frame size from the relevant stream parameters
ffmpeg | branch: release/5.0 | James Almer | Wed Sep 21
00:01:40 2022 -0300| [57e15b2e07d0194d710e0de2a28ac70bdcf8aaeb] | committer:
James Almer
avformat/cafenc: derive Opus frame size from the relevant stream parameters
Use the stream duration as last resort, as an off-by-one result of the
"st->duration / (caf->packets - 1)" calculation can break playback on some
devices.
Also, don't write the sample_rate value propagated by encoders like libopus.
The sample rate of the audio fed to it is irrelevant after being encoded.
Fixes ticket #9930.
Signed-off-by: James Almer
(cherry picked from commit aa79d13f51aa820c7e5f07784a2512434e68bc46)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=57e15b2e07d0194d710e0de2a28ac70bdcf8aaeb
---
libavformat/cafenc.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/libavformat/cafenc.c b/libavformat/cafenc.c
index 412b3230e3..ff2ebbbd95 100644
--- a/libavformat/cafenc.c
+++ b/libavformat/cafenc.c
@@ -52,7 +52,11 @@ static uint32_t codec_flags(enum AVCodecID codec_id) {
}
}
-static uint32_t samples_per_packet(enum AVCodecID codec_id, int channels, int
block_align) {
+static uint32_t samples_per_packet(const AVCodecParameters *par) {
+enum AVCodecID codec_id = par->codec_id;
+int channels = par->channels, block_align = par->block_align;
+int frame_size = par->frame_size, sample_rate = par->sample_rate;
+
switch (codec_id) {
case AV_CODEC_ID_PCM_S8:
case AV_CODEC_ID_PCM_S16LE:
@@ -82,6 +86,8 @@ static uint32_t samples_per_packet(enum AVCodecID codec_id,
int channels, int bl
return 320;
case AV_CODEC_ID_MP1:
return 384;
+case AV_CODEC_ID_OPUS:
+return frame_size * 48000 / sample_rate;
case AV_CODEC_ID_MP2:
case AV_CODEC_ID_MP3:
return 1152;
@@ -109,7 +115,7 @@ static int caf_write_header(AVFormatContext *s)
AVDictionaryEntry *t = NULL;
unsigned int codec_tag = ff_codec_get_tag(ff_codec_caf_tags,
par->codec_id);
int64_t chunk_size = 0;
-int frame_size = par->frame_size;
+int frame_size = par->frame_size, sample_rate = par->sample_rate;
if (s->nb_streams != 1) {
av_log(s, AV_LOG_ERROR, "CAF files have exactly one stream\n");
@@ -138,7 +144,10 @@ static int caf_write_header(AVFormatContext *s)
}
if (par->codec_id != AV_CODEC_ID_MP3 || frame_size != 576)
-frame_size = samples_per_packet(par->codec_id, par->channels,
par->block_align);
+frame_size = samples_per_packet(par);
+
+if (par->codec_id == AV_CODEC_ID_OPUS)
+sample_rate = 48000;
ffio_wfourcc(pb, "caff"); //< mFileType
avio_wb16(pb, 1); //< mFileVersion
@@ -146,7 +155,7 @@ static int caf_write_header(AVFormatContext *s)
ffio_wfourcc(pb, "desc"); //< Audio Description
chunk
avio_wb64(pb, 32);//< mChunkSize
-avio_wb64(pb, av_double2int(par->sample_rate)); //< mSampleRate
+avio_wb64(pb, av_double2int(sample_rate));//< mSampleRate
avio_wl32(pb, codec_tag); //< mFormatID
avio_wb32(pb, codec_flags(par->codec_id));//< mFormatFlags
avio_wb32(pb, par->block_align); //< mBytesPerPacket
@@ -247,7 +256,7 @@ static int caf_write_trailer(AVFormatContext *s)
avio_seek(pb, caf->data, SEEK_SET);
avio_wb64(pb, file_size - caf->data - 8);
if (!par->block_align) {
-int packet_size = samples_per_packet(par->codec_id, par->channels,
par->block_align);
+int packet_size = samples_per_packet(par);
if (!packet_size) {
packet_size = st->duration / (caf->packets - 1);
avio_seek(pb, FRAME_SIZE_OFFSET, SEEK_SET);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/apm: Use 64bit for bit_rate computation
ffmpeg | branch: master | Michael Niedermayer | Sat Sep 17 21:24:49 2022 +0200| [5b23cab5c769d6611a3fe111546d65809046a4d8] | committer: Michael Niedermayer avformat/apm: Use 64bit for bit_rate computation Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b23cab5c769d6611a3fe111546d65809046a4d8 --- libavformat/apm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/apm.c b/libavformat/apm.c index baf7d2f941..a3ddc08e83 100644 --- a/libavformat/apm.c +++ b/libavformat/apm.c @@ -148,7 +148,7 @@ static int apm_read_header(AVFormatContext *s) par->codec_id = AV_CODEC_ID_ADPCM_IMA_APM; par->format= AV_SAMPLE_FMT_S16; par->bit_rate = par->ch_layout.nb_channels * - par->sample_rate * + (int64_t)par->sample_rate * par->bits_per_coded_sample; if ((ret = avio_read(s->pb, buf, APM_FILE_EXTRADATA_SIZE)) < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: master | Michael Niedermayer | Sat
Sep 17 21:19:53 2022 +0200| [d0349c9929e2891c90011a83152624d5cf18e628] |
committer: Michael Niedermayer
avformat/ape: Check frames size
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented
in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0349c9929e2891c90011a83152624d5cf18e628
---
libavformat/ape.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index f904fde178..92e9ac7cb1 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s)
ape->frames[i].pos -= ape->frames[i].skip;
ape->frames[i].size += ape->frames[i].skip;
}
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
}
if (ape->fileversion < 3810) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafdec: Check that nb_frasmes fits within 64bit
ffmpeg | branch: master | Michael Niedermayer | Sat
Sep 17 21:48:43 2022 +0200| [d4bb4e375975dc0d31d5309106cf6ee0ed75140f] |
committer: Michael Niedermayer
avformat/cafdec: Check that nb_frasmes fits within 64bit
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented
in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4bb4e375975dc0d31d5309106cf6ee0ed75140f
---
libavformat/cafdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index d5b8c38c25..e0a9031cb8 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -387,7 +387,7 @@ static int read_header(AVFormatContext *s)
found_data:
if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) {
-if (caf->data_size > 0)
+if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet <
INT64_MAX / caf->frames_per_packet)
st->nb_frames = (caf->data_size / caf->bytes_per_packet) *
caf->frames_per_packet;
} else if (ffstream(st)->nb_index_entries && st->duration > 0) {
if (st->codecpar->sample_rate && caf->data_size / st->duration >
INT64_MAX / st->codecpar->sample_rate / 8) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dhav: Use 64bit seek_back
ffmpeg | branch: master | Michael Niedermayer | Sat
Sep 17 21:54:31 2022 +0200| [10453f5192869b63b071aee3962ae2c712f9bfd3] |
committer: Michael Niedermayer
avformat/dhav: Use 64bit seek_back
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an
unsigned type to negate this value to itself
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=10453f5192869b63b071aee3962ae2c712f9bfd3
---
libavformat/dhav.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index 9d26efe8fc..4e720f2a26 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -242,7 +242,7 @@ static int64_t get_duration(AVFormatContext *s)
avio_seek(s->pb, avio_size(s->pb) - 8, SEEK_SET);
while (avio_tell(s->pb) > 12 && max_interations--) {
if (avio_rl32(s->pb) == MKTAG('d','h','a','v')) {
-int seek_back = avio_rl32(s->pb);
+int64_t seek_back = avio_rl32(s->pb);
avio_seek(s->pb, -seek_back, SEEK_CUR);
read_chunk(s);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/asfdec_o: Limit packet offset
ffmpeg | branch: master | Michael Niedermayer | Sat
Sep 17 21:30:55 2022 +0200| [736e9e69d5dbbe1d81885dfef59917eb915d2f96] |
committer: Michael Niedermayer
avformat/asfdec_o: Limit packet offset
avoids overflows with it
Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be
represented in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=736e9e69d5dbbe1d81885dfef59917eb915d2f96
---
libavformat/asfdec_o.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index 48b7d17322..e837ca62e7 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -1242,6 +1242,8 @@ static int asf_read_packet_header(AVFormatContext *s)
unsigned char error_flags, len_flags, pay_flags;
asf->packet_offset = avio_tell(pb);
+if (asf->packet_offset > INT64_MAX/2)
+asf->packet_offset = 0;
error_flags = avio_r8(pb); // read Error Correction Flags
if (error_flags & ASF_PACKET_FLAG_ERROR_CORRECTION_PRESENT) {
if (!(error_flags & ASF_ERROR_CORRECTION_LENGTH_TYPE)) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/genh: Check nb_channels for IMA ADPCM
ffmpeg | branch: master | Michael Niedermayer | Sat Sep 17 22:46:35 2022 +0200| [0345a885455dea52fcc570b97f5dc5c75372a39c] | committer: Michael Niedermayer avformat/genh: Check nb_channels for IMA ADPCM The check could be made more strict Fixes: signed integer overflow: 36 * 538976288 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-6539389873815552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0345a885455dea52fcc570b97f5dc5c75372a39c --- libavformat/genh.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/genh.c b/libavformat/genh.c index a25d4d625a..1f707b 100644 --- a/libavformat/genh.c +++ b/libavformat/genh.c @@ -78,6 +78,8 @@ static int genh_read_header(AVFormatContext *s) case 0: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_PSX;break; case 1: case 11: st->codecpar->bits_per_coded_sample = 4; + if (st->codecpar->ch_layout.nb_channels > INT_MAX / 36) +return AVERROR_INVALIDDATA; st->codecpar->block_align = 36 * st->codecpar->ch_layout.nb_channels; st->codecpar->codec_id = AV_CODEC_ID_ADPCM_IMA_WAV;break; case 2: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_DTK;break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dxa: avoid bpc overflows
ffmpeg | branch: master | Michael Niedermayer | Sat
Sep 17 22:40:47 2022 +0200| [93db0f0740cacd64ae07b5e8606b70021e48d364] |
committer: Michael Niedermayer
avformat/dxa: avoid bpc overflows
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93db0f0740cacd64ae07b5e8606b70021e48d364
---
libavformat/dxa.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavformat/dxa.c b/libavformat/dxa.c
index 16fbb08156..474b85270a 100644
--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -118,9 +118,12 @@ static int dxa_read_header(AVFormatContext *s)
if(tag == MKTAG('d', 'a', 't', 'a')) break;
avio_skip(pb, fsize);
}
-c->bpc = (fsize + c->frames - 1) / c->frames;
-if(ast->codecpar->block_align)
+c->bpc = (fsize + (int64_t)c->frames - 1) / c->frames;
+if(ast->codecpar->block_align) {
+if (c->bpc > INT_MAX - ast->codecpar->block_align + 1)
+return AVERROR_INVALIDDATA;
c->bpc = ((c->bpc + ast->codecpar->block_align - 1) /
ast->codecpar->block_align) * ast->codecpar->block_align;
+}
c->bytes_left = fsize;
c->wavpos = avio_tell(pb);
avio_seek(pb, c->vidpos, SEEK_SET);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/jacosubdec: Fix overflow in get_shift()
ffmpeg | branch: master | Michael Niedermayer | Sat
Sep 17 22:55:24 2022 +0200| [b1a68127bbcd3d638363fa0249982c494e87c9e2] |
committer: Michael Niedermayer
avformat/jacosubdec: Fix overflow in get_shift()
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328
Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type
'int'
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1a68127bbcd3d638363fa0249982c494e87c9e2
---
libavformat/jacosubdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/jacosubdec.c b/libavformat/jacosubdec.c
index 0ee4820f62..61b1316dc9 100644
--- a/libavformat/jacosubdec.c
+++ b/libavformat/jacosubdec.c
@@ -144,7 +144,7 @@ static int get_shift(int timeres, const char *buf)
ret = 0;
switch (n) {
case 4:
-ret = sign * (((int64_t)a*3600 + b*60 + c) * timeres + d);
+ret = sign * (((int64_t)a*3600 + (int64_t)b*60 + c) * timeres + d);
break;
case 3:
ret = sign * (( (int64_t)a*60 + b) * timeres + c);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/sbgdec: clamp end_ts
ffmpeg | branch: master | Michael Niedermayer | Sun Sep 18 16:29:37 2022 +0200| [981f5e46afa3673dfa43eb2bf5017680d5df25dd] | committer: Michael Niedermayer avformat/sbgdec: clamp end_ts Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=981f5e46afa3673dfa43eb2bf5017680d5df25dd --- libavformat/sbgdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index 8a6d679056..4cd12347e7 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1478,7 +1478,7 @@ static int sbg_read_packet(AVFormatContext *avf, AVPacket *packet) int ret; ts = ffstream(avf->streams[0])->cur_dts; -end_ts = ts + avf->streams[0]->codecpar->frame_size; +end_ts = av_sat_add64(ts, avf->streams[0]->codecpar->frame_size); if (avf->streams[0]->duration != AV_NOPTS_VALUE) end_ts = FFMIN(avf->streams[0]->start_time + avf->streams[0]->duration, end_ts); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/nutdec: Check fields
ffmpeg | branch: master | Michael Niedermayer | Sun
Sep 18 14:47:25 2022 +0200| [2c146406eac06f3d3cd3d981c29e7affd834cb4d] |
committer: Michael Niedermayer
avformat/nutdec: Check fields
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c146406eac06f3d3cd3d981c29e7affd834cb4d
---
libavformat/nutdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 8cc56615ad..24dedc4758 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -245,6 +245,11 @@ static int decode_main_header(NUTContext *nut)
for (i = 0; i < 256;) {
int tmp_flags = ffio_read_varlen(bc);
int tmp_fields = ffio_read_varlen(bc);
+if (tmp_fields < 0) {
+av_log(s, AV_LOG_ERROR, "fields %d is invalid\n", tmp_fields);
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
if (tmp_fields > 0)
tmp_pts = get_s(bc);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/flvdec: Use 64bit for sum_flv_tag_size
ffmpeg | branch: master | Michael Niedermayer | Sun
Sep 18 13:38:21 2022 +0200| [7124f10c1d521096042ba3c9c519828147f78c46] |
committer: Michael Niedermayer
avformat/flvdec: Use 64bit for sum_flv_tag_size
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in
type 'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7124f10c1d521096042ba3c9c519828147f78c46
---
libavformat/flvdec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 7f9d795044..d83edff727 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -66,7 +66,7 @@ typedef struct FLVContext {
uint8_t resync_buffer[2*RESYNC_BUFFER_SIZE];
int broken_sizes;
-int sum_flv_tag_size;
+int64_t sum_flv_tag_size;
int last_keyframe_stream_index;
int keyframe_count;
@@ -1032,7 +1032,7 @@ retry:
type = (avio_r8(s->pb) & 0x1F);
orig_size =
size = avio_rb24(s->pb);
-flv->sum_flv_tag_size += size + 11;
+flv->sum_flv_tag_size += size + 11LL;
dts = avio_rb24(s->pb);
dts |= (unsigned)avio_r8(s->pb) << 24;
av_log(s, AV_LOG_TRACE, "type:%d, size:%d, last:%d, dts:%"PRId64"
pos:%"PRId64"\n", type, size, last, dts, avio_tell(s->pb));
@@ -1332,7 +1332,7 @@ leave:
!avio_feof(s->pb) &&
(last != orig_size || !last) && last != flv->sum_flv_tag_size &&
!flv->broken_sizes) {
-av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %d\n", last,
orig_size + 11, flv->sum_flv_tag_size);
+av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %"PRId64"\n", last,
orig_size + 11, flv->sum_flv_tag_size);
avio_seek(s->pb, pos + 1, SEEK_SET);
ret = resync(s);
av_packet_unref(pkt);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/sbgdec: Check ts_int in genrate_intervals
ffmpeg | branch: master | Michael Niedermayer | Sun Sep 18 16:35:41 2022 +0200| [5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed] | committer: Michael Niedermayer avformat/sbgdec: Check ts_int in genrate_intervals There is probably a better place to check for this, but better here than nowhere Fixes: signed integer overflow: -9223372036824775808 - 864 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed --- libavformat/sbgdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index 4cd12347e7..5edb9664cc 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1317,6 +1317,8 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate, /* Pseudo event before the first one */ ev0 = s->events[s->nb_events - 1]; +if (av_sat_sub64(ev0.ts_int, period) != (uint64_t)ev0.ts_int - period) +return AVERROR_INVALIDDATA; ev0.ts_int -= period; ev0.ts_trans -= period; ev0.ts_next -= period; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rmdec: check tag_size
ffmpeg | branch: master | Michael Niedermayer | Sun
Sep 18 15:06:25 2022 +0200| [2cb7ee8a36bddd3425897135db514ca62fec6e44] |
committer: Michael Niedermayer
avformat/rmdec: check tag_size
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2cb7ee8a36bddd3425897135db514ca62fec6e44
---
libavformat/rmdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 881d7002ad..0f1534b582 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -563,6 +563,8 @@ static int rm_read_header(AVFormatContext *s)
}
tag_size = avio_rb32(pb);
+if (tag_size < 0)
+return AVERROR_INVALIDDATA;
avio_skip(pb, tag_size - 8);
for(;;) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation
ffmpeg | branch: master | Michael Niedermayer | Sun Sep 18 16:42:21 2022 +0200| [aa8eb1bed075931b0ce0a8bc9a8ff5882830044c] | committer: Michael Niedermayer avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aa8eb1bed075931b0ce0a8bc9a8ff5882830044c --- libavformat/sdsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/sdsdec.c b/libavformat/sdsdec.c index f98096dca9..d296500bec 100644 --- a/libavformat/sdsdec.c +++ b/libavformat/sdsdec.c @@ -112,7 +112,7 @@ static int sds_read_header(AVFormatContext *ctx) st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->ch_layout.nb_channels = 1; st->codecpar->sample_rate = sample_period ? 10 / sample_period : 16000; -st->duration = (avio_size(pb) - 21) / (127) * s->size / 4; +st->duration = av_rescale((avio_size(pb) - 21) / 127, s->size, 4); avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/spdifdec: Use 64bit to compute bit rate
ffmpeg | branch: master | Michael Niedermayer | Sun Sep 18 18:12:11 2022 +0200| [4075f0cec1830a7ac081b1a23bd3f5c4e266fe26] | committer: Michael Niedermayer avformat/spdifdec: Use 64bit to compute bit rate Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4075f0cec1830a7ac081b1a23bd3f5c4e266fe26 --- libavformat/spdifdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/spdifdec.c b/libavformat/spdifdec.c index 2af75ca9db..672133581a 100644 --- a/libavformat/spdifdec.c +++ b/libavformat/spdifdec.c @@ -226,7 +226,7 @@ int ff_spdif_read_packet(AVFormatContext *s, AVPacket *pkt) if (!s->bit_rate && s->streams[0]->codecpar->sample_rate) /* stream bitrate matches 16-bit stereo PCM bitrate for currently supported codecs */ -s->bit_rate = 2 * 16 * s->streams[0]->codecpar->sample_rate; +s->bit_rate = 2 * 16LL * s->streams[0]->codecpar->sample_rate; return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/matroskadec: Error out if a timestamp is beyond duration
ffmpeg | branch: master | Michael Niedermayer | Sun
Sep 18 18:35:19 2022 +0200| [aa441ac105328965bb3b7a7a19571fc6446e544b] |
committer: Michael Niedermayer
avformat/matroskadec: Error out if a timestamp is beyond duration
Maybe timestamp / duration validity should be checked earlier
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6586894739177472
Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented
in type 'long'
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aa441ac105328965bb3b7a7a19571fc6446e544b
---
libavformat/matroskadec.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 16a3e93611..8b079e1110 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -4009,7 +4009,8 @@ typedef struct {
/* This function searches all the Cues and returns the CueDesc corresponding to
* the timestamp ts. Returned CueDesc will be such that start_time_ns <= ts <
- * end_time_ns. All 4 fields will be set to -1 if ts >= file's duration.
+ * end_time_ns. All 4 fields will be set to -1 if ts >= file's duration or
+ * if an error occurred.
*/
static CueDesc get_cue_desc(AVFormatContext *s, int64_t ts, int64_t
cues_start) {
MatroskaDemuxContext *matroska = s->priv_data;
@@ -4028,6 +4029,8 @@ static CueDesc get_cue_desc(AVFormatContext *s, int64_t
ts, int64_t cues_start)
}
}
--i;
+if (index_entries[i].timestamp > matroska->duration)
+return (CueDesc) {-1, -1, -1, -1};
cue_desc.start_time_ns = index_entries[i].timestamp * matroska->time_scale;
cue_desc.start_offset = index_entries[i].pos - matroska->segment_start;
if (i != nb_index_entries - 1) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dstdec: Check for overflow in build_filter()
ffmpeg | branch: master | Michael Niedermayer | Sat
Sep 10 23:49:28 2022 +0200| [8008940da5aa43895fd4574114309c3324249eab] |
committer: Michael Niedermayer
avcodec/dstdec: Check for overflow in build_filter()
Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in
type 'int'
Fixes:
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8008940da5aa43895fd4574114309c3324249eab
---
libavcodec/dstdec.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
index 6bdd6c885c..4b1762db33 100644
--- a/libavcodec/dstdec.c
+++ b/libavcodec/dstdec.c
@@ -215,7 +215,7 @@ static uint8_t prob_dst_x_bit(int c)
return (ff_reverse[c & 127] >> 1) + 1;
}
-static void build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table
*fsets)
+static int build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table
*fsets)
{
int i, j, k, l;
@@ -226,14 +226,17 @@ static void build_filter(int16_t
table[DST_MAX_ELEMENTS][16][256], const Table *
int total = av_clip(length - j * 8, 0, 8);
for (k = 0; k < 256; k++) {
-int v = 0;
+int64_t v = 0;
for (l = 0; l < total; l++)
v += (((k >> l) & 1) * 2 - 1) * fsets->coeff[i][j * 8 + l];
+if ((int16_t)v != v)
+return AVERROR_INVALIDDATA;
table[i][j][k] = v;
}
}
}
+return 0;
}
static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
@@ -328,7 +331,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame
*frame,
return AVERROR_INVALIDDATA;
ac_init(ac, gb);
-build_filter(s->filter, &s->fsets);
+ret = build_filter(s->filter, &s->fsets);
+if (ret < 0)
+return ret;
memset(s->status, 0xAA, sizeof(s->status));
memset(dsd, 0, frame->nb_samples * 4 * channels);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/xwma: Use av_rescale() for duration computation
ffmpeg | branch: master | Michael Niedermayer | Sun Sep 18 16:45:30 2022 +0200| [2c789f753c3657be9041307f9c03749f5ba5a6bb] | committer: Michael Niedermayer avformat/xwma: Use av_rescale() for duration computation Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c789f753c3657be9041307f9c03749f5ba5a6bb --- libavformat/xwma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/xwma.c b/libavformat/xwma.c index c16ff1be63..12689f37fd 100644 --- a/libavformat/xwma.c +++ b/libavformat/xwma.c @@ -278,7 +278,7 @@ static int xwma_read_header(AVFormatContext *s) * the total duration using the average bits per sample and the * total data length. */ -st->duration = (size<<3) * st->codecpar->sample_rate / st->codecpar->bit_rate; +st->duration = av_rescale((size<<3), st->codecpar->sample_rate, st->codecpar->bit_rate); } fail: ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rpl: Use 64bit for duration computation
ffmpeg | branch: master | Michael Niedermayer | Sun
Sep 18 16:49:26 2022 +0200| [529f64b2eb98e0c3ae4944abd5d01fa7c1def047] |
committer: Michael Niedermayer
avformat/rpl: Use 64bit for duration computation
Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=529f64b2eb98e0c3ae4944abd5d01fa7c1def047
---
libavformat/rpl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index d025589bfc..3ef6fda386 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -279,7 +279,7 @@ static int rpl_read_header(AVFormatContext *s)
error |= read_line(pb, line, sizeof(line)); // size of "helpful" sprite
if (vst) {
error |= read_line(pb, line, sizeof(line)); // offset to key frame
list
-vst->duration = number_of_chunks * rpl->frames_per_chunk;
+vst->duration = number_of_chunks * (int64_t)rpl->frames_per_chunk;
}
// Read the index
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/parser: Remove declaration of inexistent function
ffmpeg | branch: master | Andreas Rheinhardt |
Fri Sep 23 21:57:29 2022 +0200| [7cd252ee41ddc693fa140c5b5eb472b6d6f27f9e] |
committer: Andreas Rheinhardt
avcodec/parser: Remove declaration of inexistent function
Forgotten in e5af9203098a889f36b759652615046254d45102.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7cd252ee41ddc693fa140c5b5eb472b6d6f27f9e
---
libavcodec/parser.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/libavcodec/parser.h b/libavcodec/parser.h
index ef35547e9b..2cee5ae4ff 100644
--- a/libavcodec/parser.h
+++ b/libavcodec/parser.h
@@ -45,8 +45,6 @@ typedef struct ParseContext{
* AVERROR(ENOMEM) if there was a memory allocation error
*/
int ff_combine_frame(ParseContext *pc, int next, const uint8_t **buf, int
*buf_size);
-int ff_mpeg4video_split(AVCodecContext *avctx, const uint8_t *buf,
-int buf_size);
void ff_parse_close(AVCodecParserContext *s);
/**
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/bink: disallow odd positioned scaled blocks
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Mon Jun 13 02:01:20 2022 +0200| [344c1134a93ef81d485b7b8b9c8fd5a1aae803e2] |
committer: Michael Niedermayer
avcodec/bink: disallow odd positioned scaled blocks
Fixes: out of array access
Fixes:
47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov
Signed-off-by: Michael Niedermayer
(cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=344c1134a93ef81d485b7b8b9c8fd5a1aae803e2
---
libavcodec/bink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index ae2c65f19f..3ba3068e0b 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -1088,7 +1088,7 @@ static int bink_decode_plane(BinkContext *c, AVFrame
*frame, GetBitContext *gb,
for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
blk = get_value(c, BINK_SRC_BLOCK_TYPES);
// 16x16 block type on odd line means part of the already decoded
block, so skip it
-if ((by & 1) && blk == SCALED_BLOCK) {
+if (((by & 1) || (bx & 1)) && blk == SCALED_BLOCK) {
bx++;
dst += 8;
prev += 8;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_showinfo: remove backspaces
ffmpeg | branch: release/5.1 | Michael Niedermayer | Thu Jul 21 20:15:06 2022 +0200| [82207ef2661bb4451082edde6ca3d2480a725906] | committer: Michael Niedermayer avfilter/vf_showinfo: remove backspaces They mess with storing editing and comparing the results Signed-off-by: Michael Niedermayer (cherry picked from commit 31581ae7ee6d007f2f2dcd16de5df991ba7aa1b6) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=82207ef2661bb4451082edde6ca3d2480a725906 --- libavfilter/vf_showinfo.c | 11 +++ 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libavfilter/vf_showinfo.c b/libavfilter/vf_showinfo.c index 6efcafce28..68fbe8cc85 100644 --- a/libavfilter/vf_showinfo.c +++ b/libavfilter/vf_showinfo.c @@ -730,12 +730,15 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *frame) av_log(ctx, AV_LOG_INFO, " %08"PRIX32, plane_checksum[plane]); av_log(ctx, AV_LOG_INFO, "] mean:["); for (plane = 0; plane < 4 && frame->data[plane] && frame->linesize[plane]; plane++) -av_log(ctx, AV_LOG_INFO, "%"PRId64" ", (sum[plane] + pixelcount[plane]/2) / pixelcount[plane]); -av_log(ctx, AV_LOG_INFO, "\b] stdev:["); +av_log(ctx, AV_LOG_INFO, "%s%"PRId64, + plane ? " ":"", + (sum[plane] + pixelcount[plane]/2) / pixelcount[plane]); +av_log(ctx, AV_LOG_INFO, "] stdev:["); for (plane = 0; plane < 4 && frame->data[plane] && frame->linesize[plane]; plane++) -av_log(ctx, AV_LOG_INFO, "%3.1f ", +av_log(ctx, AV_LOG_INFO, "%s%3.1f", + plane ? " ":"", sqrt((sum2[plane] - sum[plane]*(double)sum[plane]/pixelcount[plane])/pixelcount[plane])); -av_log(ctx, AV_LOG_INFO, "\b]"); +av_log(ctx, AV_LOG_INFO, "]"); } av_log(ctx, AV_LOG_INFO, "\n"); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/speedhq: Check width
ffmpeg | branch: release/5.1 | Michael Niedermayer | Thu Aug 18 23:41:57 2022 +0200| [58c5976ca0829c94402a83b2940237bf7a7c067b] | committer: Michael Niedermayer avcodec/speedhq: Check width Fixes: out of array access Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400 Alternatively the buffer size can be increased Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58c5976ca0829c94402a83b2940237bf7a7c067b --- libavcodec/speedhq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/speedhq.c b/libavcodec/speedhq.c index 4cfd4ce73d..e158061bcf 100644 --- a/libavcodec/speedhq.c +++ b/libavcodec/speedhq.c @@ -499,7 +499,7 @@ static int speedhq_decode_frame(AVCodecContext *avctx, AVFrame *frame, uint32_t second_field_offset; int ret; -if (buf_size < 4 || avctx->width < 8) +if (buf_size < 4 || avctx->width < 8 || avctx->width % 8 != 0) return AVERROR_INVALIDDATA; quality = buf[0]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/fmvc: Move frame allocation to a later stage
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Fri Jun 10 23:09:09 2022 +0200| [b877696f163237346719038928b3a82a7e4999e9] |
committer: Michael Niedermayer
avcodec/fmvc: Move frame allocation to a later stage
This way more things are checked before allocation
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9783749c66bf6ca2ce7a6db4c74957fe77cbe803)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b877696f163237346719038928b3a82a7e4999e9
---
libavcodec/fmvc.c | 21 +++--
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c
index 4abf6d7048..912ad8fc82 100644
--- a/libavcodec/fmvc.c
+++ b/libavcodec/fmvc.c
@@ -401,20 +401,17 @@ static int decode_frame(AVCodecContext *avctx, AVFrame
*frame,
GetByteContext *gb = &s->gb;
PutByteContext *pb = &s->pb;
int ret, y, x;
+int key_frame;
if (avpkt->size < 8)
return AVERROR_INVALIDDATA;
-if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
-return ret;
-
bytestream2_init(gb, avpkt->data, avpkt->size);
bytestream2_skip(gb, 2);
-frame->key_frame = !!bytestream2_get_le16(gb);
-frame->pict_type = frame->key_frame ? AV_PICTURE_TYPE_I :
AV_PICTURE_TYPE_P;
+key_frame = !!bytestream2_get_le16(gb);
-if (frame->key_frame) {
+if (key_frame) {
const uint8_t *src;
unsigned type, size;
uint8_t *dst;
@@ -434,6 +431,12 @@ static int decode_frame(AVCodecContext *avctx, AVFrame
*frame,
return AVERROR_PATCHWELCOME;
}
+if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+return ret;
+
+frame->key_frame = 1;
+frame->pict_type = AV_PICTURE_TYPE_I;
+
src = s->buffer;
dst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
for (y = 0; y < avctx->height; y++) {
@@ -514,6 +517,12 @@ static int decode_frame(AVCodecContext *avctx, AVFrame
*frame,
dst = &rect[block_h * s->stride];
}
+if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+return ret;
+
+frame->key_frame = 0;
+frame->pict_type = AV_PICTURE_TYPE_P;
+
ssrc = s->buffer;
ddst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
for (y = 0; y < avctx->height; y++) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/exr: Check preview psize
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 10 23:54:17 2022 +0200| [4e07d4a1eec9e9bda901ba0ade8e08603a1e5046] |
committer: Michael Niedermayer
avcodec/exr: Check preview psize
Fixes: signed integer overflow: 17121181824 * 538976288 cannot be represented
in type 'long long'
Fixes:
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5915330316206080
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ac26712e35f5ebc726d1be14bb4a420949e66604)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4e07d4a1eec9e9bda901ba0ade8e08603a1e5046
---
libavcodec/exr.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index c25bae8cd4..91a567cd41 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1951,9 +1951,12 @@ static int decode_header(EXRContext *s, AVFrame *frame)
"preview", 16)) >= 0) {
uint32_t pw = bytestream2_get_le32(gb);
uint32_t ph = bytestream2_get_le32(gb);
-int64_t psize = 4LL * pw * ph;
+uint64_t psize = pw * ph;
+if (psize > INT64_MAX / 4)
+return AVERROR_INVALIDDATA;
+psize *= 4;
-if (psize >= bytestream2_get_bytes_left(gb))
+if ((int64_t)psize >= bytestream2_get_bytes_left(gb))
return AVERROR_INVALIDDATA;
bytestream2_skip(gb, psize);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: Fix integer overflow in filter_3800()
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sun Sep 11 00:30:42 2022 +0200| [c15b355eb5a653b150fc58a01bca49ecd4116bfd] | committer: Michael Niedermayer avcodec/apedec: Fix integer overflow in filter_3800() Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c15b355eb5a653b150fc58a01bca49ecd4116bfd --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index a7c38bce1b..24877c5598 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -934,7 +934,7 @@ static av_always_inline int filter_3800(APEPredictor *p, p->coeffsB[filter][0] += (((d3 >> 29) & 4) - 2) * sign; p->coeffsB[filter][1] -= (((d4 >> 30) & 2) - 1) * sign; -p->filterB[filter] = p->lastA[filter] + (predictionB >> shift); +p->filterB[filter] = p->lastA[filter] + (unsigned)(predictionB >> shift); p->filterA[filter] = p->filterB[filter] + (unsigned)((int)(p->filterA[filter] * 31U) >> 5); return p->filterA[filter]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavformat/hls: Free keys
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Fri Sep 9 00:32:23 2022 +0200| [47e510aa0c09bd02536c8359deadee8aa36e9794] |
committer: Michael Niedermayer
libavformat/hls: Free keys
Fixes: memleak
Fixes:
50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=47e510aa0c09bd02536c8359deadee8aa36e9794
---
libavformat/hls.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 3dc7bd3930..e622425e80 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -250,6 +250,7 @@ static void free_init_section_list(struct playlist *pls)
{
int i;
for (i = 0; i < pls->n_init_sections; i++) {
+av_freep(&pls->init_sections[i]->key);
av_freep(&pls->init_sections[i]->url);
av_freep(&pls->init_sections[i]);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mobiclip: Check quantizer for overflow
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 10 23:58:36 2022 +0200| [03c168869e5e643ecab2e26b82e849197c87f056] |
committer: Michael Niedermayer
avcodec/mobiclip: Check quantizer for overflow
Fixes: signed integer overflow: 127 + 2147483536 cannot be represented in type
'int'
Fixes:
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6014034970804224
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 677e27a9afa7305a918336699b377fd5b42cc299)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=03c168869e5e643ecab2e26b82e849197c87f056
---
libavcodec/mobiclip.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/mobiclip.c b/libavcodec/mobiclip.c
index dcf788c630..a1e5dca13e 100644
--- a/libavcodec/mobiclip.c
+++ b/libavcodec/mobiclip.c
@@ -330,7 +330,7 @@ static av_cold int mobiclip_init(AVCodecContext *avctx)
return 0;
}
-static int setup_qtables(AVCodecContext *avctx, int quantizer)
+static int setup_qtables(AVCodecContext *avctx, int64_t quantizer)
{
MobiClipContext *s = avctx->priv_data;
int qx, qy;
@@ -1256,7 +1256,7 @@ static int mobiclip_decode(AVCodecContext *avctx, AVFrame
*rframe,
frame->key_frame = 0;
s->dct_tab_idx = 0;
-ret = setup_qtables(avctx, s->quantizer + get_se_golomb(gb));
+ret = setup_qtables(avctx, s->quantizer + (int64_t)get_se_golomb(gb));
if (ret < 0)
return ret;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/tiff: Fix loop detection
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Mon Sep 12 19:55:09 2022 +0200| [8f483d42e04d11d6e1d3d159ca975bb29fb6c719] |
committer: Michael Niedermayer
avcodec/tiff: Fix loop detection
Fixes regression with tickets/4364/L1004220.DNG
Reviewed-by: Paul B Mahol
Signed-off-by: Michael Niedermayer
(cherry picked from commit 43a4854510a3d596e114d899177a5b3b323ca9fb)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8f483d42e04d11d6e1d3d159ca975bb29fb6c719
---
libavcodec/tiff.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 2d40626ccc..e7a2576b0b 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1750,7 +1750,7 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *p,
int *got_frame, AVPacket *avpkt)
{
TiffContext *const s = avctx->priv_data;
-unsigned off, last_off;
+unsigned off, last_off = 0;
int le, ret, plane, planes;
int i, j, entries, stride;
unsigned soff, ssize;
@@ -1815,7 +1815,6 @@ again:
/** whether we should process this multi-page IFD's next page */
retry_for_page = s->get_page && s->cur_page + 1 < s->get_page; //
get_page is 1-indexed
-last_off = off;
if (retry_for_page) {
// set offset to the next IFD
off = ff_tget_long(&s->gb, le);
@@ -1833,6 +1832,7 @@ again:
avpriv_request_sample(s->avctx, "non increasing IFD offset");
return AVERROR_INVALIDDATA;
}
+last_off = off;
if (off >= UINT_MAX - 14 || avpkt->size < off + 14) {
av_log(avctx, AV_LOG_ERROR, "IFD offset is greater than image
size\n");
return AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/tta: Check 24bit scaling for overflow
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sun Sep 11 00:11:20 2022 +0200| [5a944b3a986899736b8a0c280fb2f482ec998537] |
committer: Michael Niedermayer
avcodec/tta: Check 24bit scaling for overflow
Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type
'int'
Fixes:
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3993345f915bccceee315f44d412445346990e14)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5a944b3a986899736b8a0c280fb2f482ec998537
---
libavcodec/tta.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index 74be140d51..0fc639b11c 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -377,8 +377,15 @@ static int tta_decode_frame(AVCodecContext *avctx, AVFrame
*frame,
case 3: {
// shift samples for 24-bit sample format
int32_t *samples = (int32_t *)frame->data[0];
-for (i = 0; i < framelen * s->channels; i++)
-*samples++ *= 256;
+int overflow = 0;
+
+for (i = 0; i < framelen * s->channels; i++) {
+int scaled = *samples * 256U;
+overflow += (scaled >> 8 != *samples);
+*samples++ = scaled;
+}
+if (overflow)
+av_log(avctx, AV_LOG_WARNING, "%d overflows occurred on 24bit
upscale\n", overflow);
// reset decode buffer
s->decode_buffer = NULL;
break;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: only probe max run in
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Wed Sep 21 18:23:30 2022 +0200| [a3d59e33d91402325f70b55f4a9c185a3d01e5a6] |
committer: Michael Niedermayer
avformat/mxfdec: only probe max run in
Suggested-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit 1182bbb2c3226260ed672920251e3410bde8c6c9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a3d59e33d91402325f70b55f4a9c185a3d01e5a6
---
libavformat/mxfdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index c2535f8e9f..4a31490868 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -4052,7 +4052,7 @@ static int mxf_read_close(AVFormatContext *s)
static int mxf_probe(const AVProbeData *p) {
const uint8_t *bufp = p->buf;
-const uint8_t *end = p->buf + p->buf_size;
+const uint8_t *end = p->buf + FFMIN(p->buf_size, RUN_IN_MAX + 1 +
sizeof(mxf_header_partition_pack_key));
if (p->buf_size < sizeof(mxf_header_partition_pack_key))
return 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mxfdec: Check run_in is within 65536
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sun Sep 18 14:28:03 2022 +0200| [89c2911a3cae1e35967c3a442c0e3106fe6b2004] |
committer: Michael Niedermayer
avformat/mxfdec: Check run_in is within 65536
Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be
represented in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7786097825d9e3f02b4574c1924c28818eb83340)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89c2911a3cae1e35967c3a442c0e3106fe6b2004
---
libavformat/mxfdec.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 400941c348..c2535f8e9f 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -64,6 +64,7 @@
#include "mxf.h"
#define MXF_MAX_CHUNK_SIZE (32 << 20)
+#define RUN_IN_MAX (65535+1) // S377m-2004 section 5.5 and S377-1-2009
section 6.5, the +1 is to be slightly more tolerant
typedef enum {
Header,
@@ -3632,6 +3633,7 @@ static int mxf_read_header(AVFormatContext *s)
KLVPacket klv;
int64_t essence_offset = 0;
int ret;
+int64_t run_in;
mxf->last_forward_tell = INT64_MAX;
@@ -3641,7 +3643,10 @@ static int mxf_read_header(AVFormatContext *s)
}
avio_seek(s->pb, -14, SEEK_CUR);
mxf->fc = s;
-mxf->run_in = avio_tell(s->pb);
+run_in = avio_tell(s->pb);
+if (run_in < 0 || run_in > RUN_IN_MAX)
+return AVERROR_INVALIDDATA;
+mxf->run_in = run_in;
mxf_read_random_index_pack(s);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: Check block_duration
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sat Sep 17 16:32:08 2022 +0200| [4143d0a33a8f5eb16e36367975cea3dc3f8ca8fc] | committer: Michael Niedermayer avformat/aiffdec: Check block_duration Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4143d0a33a8f5eb16e36367975cea3dc3f8ca8fc --- libavformat/aiffdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 0487d3f029..318e3ad742 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -372,6 +372,8 @@ got_sound: av_log(s, AV_LOG_ERROR, "could not find COMM tag or invalid block_align value\n"); return AVERROR_INVALIDDATA; } +if (aiff->block_duration < 0) +return AVERROR_INVALIDDATA; /* Now positioned, get the sound data start and end */ avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/mjpegdec: Check for unsupported bayer case
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sun Sep 18 23:42:02 2022 +0200| [04a2dd80549450a90bc6d92d5d8821d05766b496] |
committer: Michael Niedermayer
avcodec/mjpegdec: Check for unsupported bayer case
Fixes: out of array access
Fixes:
51462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-662559341582745
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit dd81cc22b3dd5bd6badf012b4fe4c19e062650f4)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04a2dd80549450a90bc6d92d5d8821d05766b496
---
libavcodec/mjpegdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 869aee425e..f5ad32568b 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1212,6 +1212,8 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s,
int nb_components, int p
ptr[3*mb_x + 2] = buffer[mb_x][2] + ptr[3*mb_x + 1];
}
} else if (s->bayer) {
+if (s->bits <= 8)
+return AVERROR_PATCHWELCOME;
if (nb_components == 1) {
/* Leave decoding to the TIFF/DNG decoder (see comment in
ff_mjpeg_decode_sof) */
for (mb_x = 0; mb_x < width; mb_x++)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/icodec: Check nb_pal
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sat Sep 17 23:15:56 2022 +0200| [c9bb4e3bcce44acbd4d9055130f0e7bee44246da] | committer: Michael Niedermayer avformat/icodec: Check nb_pal Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c9bb4e3bcce44acbd4d9055130f0e7bee44246da --- libavformat/icodec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index 290f658d0c..85dab3bca0 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -196,6 +196,9 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) AV_WL32(buf + 32, image->nb_pal); } +if (image->nb_pal > INT_MAX / 4 - 14 - 40) +return AVERROR_INVALIDDATA; + AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4); AV_WL32(buf + 8, AV_RL32(buf + 8) / 2); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: Use 64bit for block_duration use
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sat Sep 17 16:32:09 2022 +0200| [14787c60eca221deae7c7a8e3403cddd77152350] | committer: Michael Niedermayer avformat/aiffdec: Use 64bit for block_duration use Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=14787c60eca221deae7c7a8e3403cddd77152350 --- libavformat/aiffdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 318e3ad742..80733e5801 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -428,7 +428,7 @@ static int aiff_read_packet(AVFormatContext *s, pkt->flags &= ~AV_PKT_FLAG_CORRUPT; /* Only one stream in an AIFF file */ pkt->stream_index = 0; -pkt->duration = (res / st->codecpar->block_align) * aiff->block_duration; +pkt->duration = (res / st->codecpar->block_align) * (int64_t) aiff->block_duration; return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 17 21:19:53 2022 +0200| [ca55032020b1b441a493c2f4e2b69ce17d2438d2] |
committer: Michael Niedermayer
avformat/ape: Check frames size
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented
in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca55032020b1b441a493c2f4e2b69ce17d2438d2
---
libavformat/ape.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index bf1254e7bd..d6c8ec23b0 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -298,6 +298,8 @@ static int ape_read_header(AVFormatContext * s)
ape->frames[i].pos -= ape->frames[i].skip;
ape->frames[i].size += ape->frames[i].skip;
}
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
}
if (ape->fileversion < 3810) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/apm: Use 64bit for bit_rate computation
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sat Sep 17 21:24:49 2022 +0200| [08047db178ecef92195127e44aa17e7977aec3db] | committer: Michael Niedermayer avformat/apm: Use 64bit for bit_rate computation Fixes: signed integer overflow: -1155522528 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APM_fuzzer-6580670570299392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 5b23cab5c769d6611a3fe111546d65809046a4d8) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=08047db178ecef92195127e44aa17e7977aec3db --- libavformat/apm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/apm.c b/libavformat/apm.c index baf7d2f941..a3ddc08e83 100644 --- a/libavformat/apm.c +++ b/libavformat/apm.c @@ -148,7 +148,7 @@ static int apm_read_header(AVFormatContext *s) par->codec_id = AV_CODEC_ID_ADPCM_IMA_APM; par->format= AV_SAMPLE_FMT_S16; par->bit_rate = par->ch_layout.nb_channels * - par->sample_rate * + (int64_t)par->sample_rate * par->bits_per_coded_sample; if ((ret = avio_read(s->pb, buf, APM_FILE_EXTRADATA_SIZE)) < 0) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/asfdec_o: Limit packet offset
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 17 21:30:55 2022 +0200| [01834eaec23930295c29de41f25cb112dd646f03] |
committer: Michael Niedermayer
avformat/asfdec_o: Limit packet offset
avoids overflows with it
Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be
represented in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01834eaec23930295c29de41f25cb112dd646f03
---
libavformat/asfdec_o.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index 48b7d17322..e837ca62e7 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -1242,6 +1242,8 @@ static int asf_read_packet_header(AVFormatContext *s)
unsigned char error_flags, len_flags, pay_flags;
asf->packet_offset = avio_tell(pb);
+if (asf->packet_offset > INT64_MAX/2)
+asf->packet_offset = 0;
error_flags = avio_r8(pb); // read Error Correction Flags
if (error_flags & ASF_PACKET_FLAG_ERROR_CORRECTION_PRESENT) {
if (!(error_flags & ASF_ERROR_CORRECTION_LENGTH_TYPE)) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafdec: Check that nb_frasmes fits within 64bit
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 17 21:48:43 2022 +0200| [ef0a5051262e8fc237601a3def4bbdc9aa4195ac] |
committer: Michael Niedermayer
avformat/cafdec: Check that nb_frasmes fits within 64bit
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented
in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ef0a5051262e8fc237601a3def4bbdc9aa4195ac
---
libavformat/cafdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index d5b8c38c25..e0a9031cb8 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -387,7 +387,7 @@ static int read_header(AVFormatContext *s)
found_data:
if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) {
-if (caf->data_size > 0)
+if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet <
INT64_MAX / caf->frames_per_packet)
st->nb_frames = (caf->data_size / caf->bytes_per_packet) *
caf->frames_per_packet;
} else if (ffstream(st)->nb_index_entries && st->duration > 0) {
if (st->codecpar->sample_rate && caf->data_size / st->duration >
INT64_MAX / st->codecpar->sample_rate / 8) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/jacosubdec: Fix overflow in get_shift()
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 17 22:55:24 2022 +0200| [740a71b58362e536f43b51ed3c66ae8339f2554d] |
committer: Michael Niedermayer
avformat/jacosubdec: Fix overflow in get_shift()
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328
Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type
'int'
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit b1a68127bbcd3d638363fa0249982c494e87c9e2)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=740a71b58362e536f43b51ed3c66ae8339f2554d
---
libavformat/jacosubdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/jacosubdec.c b/libavformat/jacosubdec.c
index 0ee4820f62..61b1316dc9 100644
--- a/libavformat/jacosubdec.c
+++ b/libavformat/jacosubdec.c
@@ -144,7 +144,7 @@ static int get_shift(int timeres, const char *buf)
ret = 0;
switch (n) {
case 4:
-ret = sign * (((int64_t)a*3600 + b*60 + c) * timeres + d);
+ret = sign * (((int64_t)a*3600 + (int64_t)b*60 + c) * timeres + d);
break;
case 3:
ret = sign * (( (int64_t)a*60 + b) * timeres + c);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dxa: avoid bpc overflows
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 17 22:40:47 2022 +0200| [c38fde3b9d4a3f1b1ff56bf1b5feb7a245f7192b] |
committer: Michael Niedermayer
avformat/dxa: avoid bpc overflows
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c38fde3b9d4a3f1b1ff56bf1b5feb7a245f7192b
---
libavformat/dxa.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavformat/dxa.c b/libavformat/dxa.c
index 16fbb08156..474b85270a 100644
--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -118,9 +118,12 @@ static int dxa_read_header(AVFormatContext *s)
if(tag == MKTAG('d', 'a', 't', 'a')) break;
avio_skip(pb, fsize);
}
-c->bpc = (fsize + c->frames - 1) / c->frames;
-if(ast->codecpar->block_align)
+c->bpc = (fsize + (int64_t)c->frames - 1) / c->frames;
+if(ast->codecpar->block_align) {
+if (c->bpc > INT_MAX - ast->codecpar->block_align + 1)
+return AVERROR_INVALIDDATA;
c->bpc = ((c->bpc + ast->codecpar->block_align - 1) /
ast->codecpar->block_align) * ast->codecpar->block_align;
+}
c->bytes_left = fsize;
c->wavpos = avio_tell(pb);
avio_seek(pb, c->vidpos, SEEK_SET);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/flvdec: Use 64bit for sum_flv_tag_size
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sun Sep 18 13:38:21 2022 +0200| [1c3c25491a8f84074da6d1d6ff42a14d5c11c654] |
committer: Michael Niedermayer
avformat/flvdec: Use 64bit for sum_flv_tag_size
Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in
type 'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 7124f10c1d521096042ba3c9c519828147f78c46)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1c3c25491a8f84074da6d1d6ff42a14d5c11c654
---
libavformat/flvdec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 8dba92661b..7242296f7f 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -65,7 +65,7 @@ typedef struct FLVContext {
uint8_t resync_buffer[2*RESYNC_BUFFER_SIZE];
int broken_sizes;
-int sum_flv_tag_size;
+int64_t sum_flv_tag_size;
int last_keyframe_stream_index;
int keyframe_count;
@@ -1030,7 +1030,7 @@ retry:
type = (avio_r8(s->pb) & 0x1F);
orig_size =
size = avio_rb24(s->pb);
-flv->sum_flv_tag_size += size + 11;
+flv->sum_flv_tag_size += size + 11LL;
dts = avio_rb24(s->pb);
dts |= (unsigned)avio_r8(s->pb) << 24;
av_log(s, AV_LOG_TRACE, "type:%d, size:%d, last:%d, dts:%"PRId64"
pos:%"PRId64"\n", type, size, last, dts, avio_tell(s->pb));
@@ -1330,7 +1330,7 @@ leave:
!avio_feof(s->pb) &&
(last != orig_size || !last) && last != flv->sum_flv_tag_size &&
!flv->broken_sizes) {
-av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %d\n", last,
orig_size + 11, flv->sum_flv_tag_size);
+av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %"PRId64"\n", last,
orig_size + 11, flv->sum_flv_tag_size);
avio_seek(s->pb, pos + 1, SEEK_SET);
ret = resync(s);
av_packet_unref(pkt);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/genh: Check nb_channels for IMA ADPCM
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sat Sep 17 22:46:35 2022 +0200| [4038dfc1d13728f4c7cb6bc9eb44a03279aec7f4] | committer: Michael Niedermayer avformat/genh: Check nb_channels for IMA ADPCM The check could be made more strict Fixes: signed integer overflow: 36 * 538976288 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-6539389873815552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0345a885455dea52fcc570b97f5dc5c75372a39c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4038dfc1d13728f4c7cb6bc9eb44a03279aec7f4 --- libavformat/genh.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/genh.c b/libavformat/genh.c index a25d4d625a..1f707b 100644 --- a/libavformat/genh.c +++ b/libavformat/genh.c @@ -78,6 +78,8 @@ static int genh_read_header(AVFormatContext *s) case 0: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_PSX;break; case 1: case 11: st->codecpar->bits_per_coded_sample = 4; + if (st->codecpar->ch_layout.nb_channels > INT_MAX / 36) +return AVERROR_INVALIDDATA; st->codecpar->block_align = 36 * st->codecpar->ch_layout.nb_channels; st->codecpar->codec_id = AV_CODEC_ID_ADPCM_IMA_WAV;break; case 2: st->codecpar->codec_id = AV_CODEC_ID_ADPCM_DTK;break; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dhav: Use 64bit seek_back
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 17 21:54:31 2022 +0200| [48acb06c7830a44a641e545b8eb079b47987ac62] |
committer: Michael Niedermayer
avformat/dhav: Use 64bit seek_back
Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an
unsigned type to negate this value to itself
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DHAV_fuzzer-6604736532447232
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 10453f5192869b63b071aee3962ae2c712f9bfd3)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48acb06c7830a44a641e545b8eb079b47987ac62
---
libavformat/dhav.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index 9d26efe8fc..4e720f2a26 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -242,7 +242,7 @@ static int64_t get_duration(AVFormatContext *s)
avio_seek(s->pb, avio_size(s->pb) - 8, SEEK_SET);
while (avio_tell(s->pb) > 12 && max_interations--) {
if (avio_rl32(s->pb) == MKTAG('d','h','a','v')) {
-int seek_back = avio_rl32(s->pb);
+int64_t seek_back = avio_rl32(s->pb);
avio_seek(s->pb, -seek_back, SEEK_CUR);
read_chunk(s);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/nutdec: Check fields
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sun Sep 18 14:47:25 2022 +0200| [de79299bf049fcb7453697ba8b2ca5c7316187f9] |
committer: Michael Niedermayer
avformat/nutdec: Check fields
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de79299bf049fcb7453697ba8b2ca5c7316187f9
---
libavformat/nutdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 8cc56615ad..24dedc4758 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -245,6 +245,11 @@ static int decode_main_header(NUTContext *nut)
for (i = 0; i < 256;) {
int tmp_flags = ffio_read_varlen(bc);
int tmp_fields = ffio_read_varlen(bc);
+if (tmp_fields < 0) {
+av_log(s, AV_LOG_ERROR, "fields %d is invalid\n", tmp_fields);
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
if (tmp_fields > 0)
tmp_pts = get_s(bc);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rmdec: check tag_size
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sun Sep 18 15:06:25 2022 +0200| [77628600aa589c3a03af30d015e9b07b866db00d] |
committer: Michael Niedermayer
avformat/rmdec: check tag_size
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=77628600aa589c3a03af30d015e9b07b866db00d
---
libavformat/rmdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 881d7002ad..0f1534b582 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -563,6 +563,8 @@ static int rm_read_header(AVFormatContext *s)
}
tag_size = avio_rb32(pb);
+if (tag_size < 0)
+return AVERROR_INVALIDDATA;
avio_skip(pb, tag_size - 8);
for(;;) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/sbgdec: clamp end_ts
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sun Sep 18 16:29:37 2022 +0200| [3e2b970b00a469c9367a472c4f791c25e0e055eb] | committer: Michael Niedermayer avformat/sbgdec: clamp end_ts Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 981f5e46afa3673dfa43eb2bf5017680d5df25dd) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e2b970b00a469c9367a472c4f791c25e0e055eb --- libavformat/sbgdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index 8a6d679056..4cd12347e7 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1478,7 +1478,7 @@ static int sbg_read_packet(AVFormatContext *avf, AVPacket *packet) int ret; ts = ffstream(avf->streams[0])->cur_dts; -end_ts = ts + avf->streams[0]->codecpar->frame_size; +end_ts = av_sat_add64(ts, avf->streams[0]->codecpar->frame_size); if (avf->streams[0]->duration != AV_NOPTS_VALUE) end_ts = FFMIN(avf->streams[0]->start_time + avf->streams[0]->duration, end_ts); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/sbgdec: Check ts_int in genrate_intervals
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sun Sep 18 16:35:41 2022 +0200| [ad56da76348564ba4d1e862a348930517eea429b] | committer: Michael Niedermayer avformat/sbgdec: Check ts_int in genrate_intervals There is probably a better place to check for this, but better here than nowhere Fixes: signed integer overflow: -9223372036824775808 - 864 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad56da76348564ba4d1e862a348930517eea429b --- libavformat/sbgdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index 4cd12347e7..5edb9664cc 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1317,6 +1317,8 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate, /* Pseudo event before the first one */ ev0 = s->events[s->nb_events - 1]; +if (av_sat_sub64(ev0.ts_int, period) != (uint64_t)ev0.ts_int - period) +return AVERROR_INVALIDDATA; ev0.ts_int -= period; ev0.ts_trans -= period; ev0.ts_next -= period; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sun Sep 18 16:42:21 2022 +0200| [e443e2e210bfa4edd9c44ecb34094229c9e709ea] | committer: Michael Niedermayer avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e443e2e210bfa4edd9c44ecb34094229c9e709ea --- libavformat/sdsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/sdsdec.c b/libavformat/sdsdec.c index f98096dca9..d296500bec 100644 --- a/libavformat/sdsdec.c +++ b/libavformat/sdsdec.c @@ -112,7 +112,7 @@ static int sds_read_header(AVFormatContext *ctx) st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->ch_layout.nb_channels = 1; st->codecpar->sample_rate = sample_period ? 10 / sample_period : 16000; -st->duration = (avio_size(pb) - 21) / (127) * s->size / 4; +st->duration = av_rescale((avio_size(pb) - 21) / 127, s->size, 4); avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/xwma: Use av_rescale() for duration computation
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sun Sep 18 16:45:30 2022 +0200| [c54161e199c1bd437d1c2fefb2333a333ed5d5b3] | committer: Michael Niedermayer avformat/xwma: Use av_rescale() for duration computation Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 2c789f753c3657be9041307f9c03749f5ba5a6bb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c54161e199c1bd437d1c2fefb2333a333ed5d5b3 --- libavformat/xwma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/xwma.c b/libavformat/xwma.c index c16ff1be63..12689f37fd 100644 --- a/libavformat/xwma.c +++ b/libavformat/xwma.c @@ -278,7 +278,7 @@ static int xwma_read_header(AVFormatContext *s) * the total duration using the average bits per sample and the * total data length. */ -st->duration = (size<<3) * st->codecpar->sample_rate / st->codecpar->bit_rate; +st->duration = av_rescale((size<<3), st->codecpar->sample_rate, st->codecpar->bit_rate); } fail: ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rpl: Use 64bit for duration computation
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sun Sep 18 16:49:26 2022 +0200| [67648acb761a829acb13bf503816380eaa974f36] |
committer: Michael Niedermayer
avformat/rpl: Use 64bit for duration computation
Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 529f64b2eb98e0c3ae4944abd5d01fa7c1def047)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=67648acb761a829acb13bf503816380eaa974f36
---
libavformat/rpl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index d025589bfc..3ef6fda386 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -279,7 +279,7 @@ static int rpl_read_header(AVFormatContext *s)
error |= read_line(pb, line, sizeof(line)); // size of "helpful" sprite
if (vst) {
error |= read_line(pb, line, sizeof(line)); // offset to key frame
list
-vst->duration = number_of_chunks * rpl->frames_per_chunk;
+vst->duration = number_of_chunks * (int64_t)rpl->frames_per_chunk;
}
// Read the index
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/spdifdec: Use 64bit to compute bit rate
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sun Sep 18 18:12:11 2022 +0200| [9658d1da5903ff936aba63f986f30dd103a37399] | committer: Michael Niedermayer avformat/spdifdec: Use 64bit to compute bit rate Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 4075f0cec1830a7ac081b1a23bd3f5c4e266fe26) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9658d1da5903ff936aba63f986f30dd103a37399 --- libavformat/spdifdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/spdifdec.c b/libavformat/spdifdec.c index 2af75ca9db..672133581a 100644 --- a/libavformat/spdifdec.c +++ b/libavformat/spdifdec.c @@ -226,7 +226,7 @@ int ff_spdif_read_packet(AVFormatContext *s, AVPacket *pkt) if (!s->bit_rate && s->streams[0]->codecpar->sample_rate) /* stream bitrate matches 16-bit stereo PCM bitrate for currently supported codecs */ -s->bit_rate = 2 * 16 * s->streams[0]->codecpar->sample_rate; +s->bit_rate = 2 * 16LL * s->streams[0]->codecpar->sample_rate; return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dstdec: Check for overflow in build_filter()
ffmpeg | branch: release/5.1 | Michael Niedermayer |
Sat Sep 10 23:49:28 2022 +0200| [6bbe4d1f4f00b627c0c8cad9783eeff66854e936] |
committer: Michael Niedermayer
avcodec/dstdec: Check for overflow in build_filter()
Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in
type 'int'
Fixes:
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8008940da5aa43895fd4574114309c3324249eab)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bbe4d1f4f00b627c0c8cad9783eeff66854e936
---
libavcodec/dstdec.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
index 93642e34b9..ba6651b09f 100644
--- a/libavcodec/dstdec.c
+++ b/libavcodec/dstdec.c
@@ -216,7 +216,7 @@ static uint8_t prob_dst_x_bit(int c)
return (ff_reverse[c & 127] >> 1) + 1;
}
-static void build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table
*fsets)
+static int build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table
*fsets)
{
int i, j, k, l;
@@ -227,14 +227,17 @@ static void build_filter(int16_t
table[DST_MAX_ELEMENTS][16][256], const Table *
int total = av_clip(length - j * 8, 0, 8);
for (k = 0; k < 256; k++) {
-int v = 0;
+int64_t v = 0;
for (l = 0; l < total; l++)
v += (((k >> l) & 1) * 2 - 1) * fsets->coeff[i][j * 8 + l];
+if ((int16_t)v != v)
+return AVERROR_INVALIDDATA;
table[i][j][k] = v;
}
}
}
+return 0;
}
static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
@@ -329,7 +332,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame
*frame,
return AVERROR_INVALIDDATA;
ac_init(ac, gb);
-build_filter(s->filter, &s->fsets);
+ret = build_filter(s->filter, &s->fsets);
+if (ret < 0)
+return ret;
memset(s->status, 0xAA, sizeof(s->status));
memset(dsd, 0, frame->nb_samples * 4 * channels);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] Update for 5.1.2
ffmpeg | branch: release/5.1 | Michael Niedermayer | Sat Sep 24 22:59:48 2022 +0200| [eacfcbae690f914a4b1b4ad06999f138540cc3d8] | committer: Michael Niedermayer Update for 5.1.2 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eacfcbae690f914a4b1b4ad06999f138540cc3d8 --- Changelog| 46 ++ RELEASE | 2 +- doc/Doxyfile | 2 +- 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index 0b32c1e410..86f547c9bb 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,52 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 5.1.2: +- avcodec/dstdec: Check for overflow in build_filter() +- avformat/spdifdec: Use 64bit to compute bit rate +- avformat/rpl: Use 64bit for duration computation +- avformat/xwma: Use av_rescale() for duration computation +- avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation +- avformat/sbgdec: Check ts_int in genrate_intervals +- avformat/sbgdec: clamp end_ts +- avformat/rmdec: check tag_size +- avformat/nutdec: Check fields +- avformat/flvdec: Use 64bit for sum_flv_tag_size +- avformat/jacosubdec: Fix overflow in get_shift() +- avformat/genh: Check nb_channels for IMA ADPCM +- avformat/dxa: avoid bpc overflows +- avformat/dhav: Use 64bit seek_back +- avformat/cafdec: Check that nb_frasmes fits within 64bit +- avformat/asfdec_o: Limit packet offset +- avformat/apm: Use 64bit for bit_rate computation +- avformat/ape: Check frames size +- avformat/icodec: Check nb_pal +- avformat/aiffdec: Use 64bit for block_duration use +- avformat/aiffdec: Check block_duration +- avformat/mxfdec: only probe max run in +- avformat/mxfdec: Check run_in is within 65536 +- avcodec/mjpegdec: Check for unsupported bayer case +- avcodec/apedec: Fix integer overflow in filter_3800() +- avcodec/tta: Check 24bit scaling for overflow +- avcodec/mobiclip: Check quantizer for overflow +- avcodec/exr: Check preview psize +- avcodec/tiff: Fix loop detection +- libavformat/hls: Free keys +- avcodec/fmvc: Move frame allocation to a later stage +- avfilter/vf_showinfo: remove backspaces +- avcodec/speedhq: Check width +- avcodec/bink: disallow odd positioned scaled blocks +- avformat/cafenc: derive Opus frame size from the relevant stream parameters +- avformat/dashdec: Fix crash on invalid input/ENOMEM, fix leak +- lavc/videotoolbox: do not pass AVCodecContext to decoder output callback +- lavc/pthread_frame: always transfer stashed hwaccel state +- avcodec/arm/sbcenc: avoid callee preserved vfp registers +- avformat/riffdec: don't unconditionally overwrite WAVEFORMATEXTENSIBLE layout +- avfilter/vf_scale: overwrite the width and height expressions with the original values +- lavc/pthread_frame: avoid leaving stale hwaccel state in worker threads +- avutil/tests/.gitignore: Add channel_layout testtool + + version 5.1.1: - avformat/asfdec_o: limit recursion depth in asf_read_unknown() - avformat/mov: Check count sums in build_open_gop_key_points() diff --git a/RELEASE b/RELEASE index ac14c3dfaa..61fcc87350 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -5.1.1 +5.1.2 diff --git a/doc/Doxyfile b/doc/Doxyfile index 4314fcebe6..6c24f81ffc 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -38,7 +38,7 @@ PROJECT_NAME = FFmpeg # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 5.1.1 +PROJECT_NUMBER = 5.1.2 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
