[FFmpeg-cvslog] lavc/pthread_frame: always transfer stashed hwaccel state

2022-09-25 Thread Anton Khirnov 
ffmpeg | branch: release/5.0 | Anton Khirnov  | Mon Sep 19 
14:50:30 2022 +0200| [fe741cd0afbbfe54f636c5dce9b452edc022f8f9] | committer: 
Anton Khirnov

lavc/pthread_frame: always transfer stashed hwaccel state

Fixes assertion failures after avcodec_flush_buffers(), where
stashed hwaccel state is present, but prev_thread is NULL.

Found-by: Wang Bin 
(cherry picked from commit c504fb869264fbd8fba6e81c186b2f2848b62e26)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe741cd0afbbfe54f636c5dce9b452edc022f8f9
---

 libavcodec/pthread_frame.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
index e40dcedfdd..1dba176084 100644
--- a/libavcodec/pthread_frame.c
+++ b/libavcodec/pthread_frame.c
@@ -452,14 +452,14 @@ static int submit_packet(PerThreadContext *p, 
AVCodecContext *user_avctx,
 pthread_mutex_unlock(&p->mutex);
 return err;
 }
-
-/* transfer hwaccel state stashed from previous thread, if any */
-av_assert0(!p->avctx->hwaccel);
-FFSWAP(const AVHWAccel*, p->avctx->hwaccel, 
fctx->stash_hwaccel);
-FFSWAP(void*,p->avctx->hwaccel_context, 
fctx->stash_hwaccel_context);
-FFSWAP(void*,p->avctx->internal->hwaccel_priv_data, 
fctx->stash_hwaccel_priv);
 }
 
+/* transfer the stashed hwaccel state, if any */
+av_assert0(!p->avctx->hwaccel);
+FFSWAP(const AVHWAccel*, p->avctx->hwaccel, 
fctx->stash_hwaccel);
+FFSWAP(void*,p->avctx->hwaccel_context, 
fctx->stash_hwaccel_context);
+FFSWAP(void*,p->avctx->internal->hwaccel_priv_data, 
fctx->stash_hwaccel_priv);
+
 av_packet_unref(p->avpkt);
 ret = av_packet_ref(p->avpkt, avpkt);
 if (ret < 0) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] lavc/videotoolbox: do not pass AVCodecContext to decoder output callback

2022-09-25 Thread Anton Khirnov 
ffmpeg | branch: release/5.0 | Anton Khirnov  | Thu Sep 15 
14:53:36 2022 +0200| [ddf3bedfb8160883fd9fdfd4082050d904f51755] | committer: 
Anton Khirnov

lavc/videotoolbox: do not pass AVCodecContext to decoder output callback

The opaque parameter for the callback is set in videotoolbox_start(),
called when the hwaccel is initialized. When frame threading is used,
avctx will be the context corresponding to the frame thread currently
doing the decoding. Using this same codec context in all subsequent
invocations of the decoder callback (even those triggered by a different
frame thread) is unsafe, and broken after
cc867f2c09d2b69cee8a0eccd62aff002cbbfe11, since each frame thread now
cleans up its hwaccel state after decoding each frame.

Fix this by passing hwaccel_priv_data as the opaque parameter, which
exists in a single instance forwarded between all frame threads.

The only other use of AVCodecContext in the decoder output callback is
as a logging context. For this purpose, store a logging context in
hwaccel_priv_data.

(cherry picked from commit d7f4ad88a0df3c1339e142957bf2c40cd056b8ce)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ddf3bedfb8160883fd9fdfd4082050d904f51755
---

 libavcodec/videotoolbox.c | 10 ++
 libavcodec/vt_internal.h  |  2 ++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/libavcodec/videotoolbox.c b/libavcodec/videotoolbox.c
index 51d4eacfd8..9f6176ea18 100644
--- a/libavcodec/videotoolbox.c
+++ b/libavcodec/videotoolbox.c
@@ -680,8 +680,7 @@ static void videotoolbox_decoder_callback(void *opaque,
   CMTime pts,
   CMTime duration)
 {
-AVCodecContext *avctx = opaque;
-VTContext *vtctx = avctx->internal->hwaccel_priv_data;
+VTContext *vtctx = opaque;
 
 if (vtctx->frame) {
 CVPixelBufferRelease(vtctx->frame);
@@ -689,7 +688,8 @@ static void videotoolbox_decoder_callback(void *opaque,
 }
 
 if (!image_buffer) {
-av_log(avctx, AV_LOG_DEBUG, "vt decoder cb: output image buffer is 
null\n");
+av_log(vtctx->logctx,  AV_LOG_DEBUG,
+   "vt decoder cb: output image buffer is null: %i\n", status);
 return;
 }
 
@@ -939,7 +939,7 @@ static int videotoolbox_start(AVCodecContext *avctx)
  
videotoolbox->cv_pix_fmt_type);
 
 decoder_cb.decompressionOutputCallback = videotoolbox_decoder_callback;
-decoder_cb.decompressionOutputRefCon   = avctx;
+decoder_cb.decompressionOutputRefCon   = 
avctx->internal->hwaccel_priv_data;
 
 status = VTDecompressionSessionCreate(NULL,  // 
allocator
   videotoolbox->cm_fmt_desc, // 
videoFormatDescription
@@ -1169,6 +1169,8 @@ int ff_videotoolbox_common_init(AVCodecContext *avctx)
 AVHWFramesContext *hw_frames;
 int err;
 
+vtctx->logctx = avctx;
+
 // Old API - do nothing.
 if (avctx->hwaccel_context)
 return 0;
diff --git a/libavcodec/vt_internal.h b/libavcodec/vt_internal.h
index 54a11fd1b5..9502d7c7dc 100644
--- a/libavcodec/vt_internal.h
+++ b/libavcodec/vt_internal.h
@@ -45,6 +45,8 @@ typedef struct VTContext {
 // Current H264 parameters (used to trigger decoder restart on SPS 
changes).
 uint8_t sps[3];
 boolreconfig_needed;
+
+void *logctx;
 } VTContext;
 
 int ff_videotoolbox_alloc_frame(AVCodecContext *avctx, AVFrame *frame);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] lavc/pthread_frame: always transfer stashed hwaccel state

2022-09-25 Thread Anton Khirnov 
ffmpeg | branch: release/4.4 | Anton Khirnov  | Mon Sep 19 
14:50:30 2022 +0200| [e24d23acccd74c98025c9e202963d515c4e1f8b7] | committer: 
Anton Khirnov

lavc/pthread_frame: always transfer stashed hwaccel state

Fixes assertion failures after avcodec_flush_buffers(), where
stashed hwaccel state is present, but prev_thread is NULL.

Found-by: Wang Bin 
(cherry picked from commit c504fb869264fbd8fba6e81c186b2f2848b62e26)
Signed-off-by: Anton Khirnov 
(cherry picked from commit fe741cd0afbbfe54f636c5dce9b452edc022f8f9)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e24d23acccd74c98025c9e202963d515c4e1f8b7
---

 libavcodec/pthread_frame.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
index 6da5cae55c..6f48d2c208 100644
--- a/libavcodec/pthread_frame.c
+++ b/libavcodec/pthread_frame.c
@@ -454,14 +454,14 @@ static int submit_packet(PerThreadContext *p, 
AVCodecContext *user_avctx,
 pthread_mutex_unlock(&p->mutex);
 return err;
 }
-
-/* transfer hwaccel state stashed from previous thread, if any */
-av_assert0(!p->avctx->hwaccel);
-FFSWAP(const AVHWAccel*, p->avctx->hwaccel, 
fctx->stash_hwaccel);
-FFSWAP(void*,p->avctx->hwaccel_context, 
fctx->stash_hwaccel_context);
-FFSWAP(void*,p->avctx->internal->hwaccel_priv_data, 
fctx->stash_hwaccel_priv);
 }
 
+/* transfer the stashed hwaccel state, if any */
+av_assert0(!p->avctx->hwaccel);
+FFSWAP(const AVHWAccel*, p->avctx->hwaccel, 
fctx->stash_hwaccel);
+FFSWAP(void*,p->avctx->hwaccel_context, 
fctx->stash_hwaccel_context);
+FFSWAP(void*,p->avctx->internal->hwaccel_priv_data, 
fctx->stash_hwaccel_priv);
+
 av_packet_unref(p->avpkt);
 ret = av_packet_ref(p->avpkt, avpkt);
 if (ret < 0) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] lavc/videotoolbox: do not pass AVCodecContext to decoder output callback

2022-09-25 Thread Anton Khirnov 
ffmpeg | branch: release/4.4 | Anton Khirnov  | Thu Sep 15 
14:53:36 2022 +0200| [768d4c2e2ad17fb275f8e6f9e1ecdab0c16e979e] | committer: 
Anton Khirnov

lavc/videotoolbox: do not pass AVCodecContext to decoder output callback

The opaque parameter for the callback is set in videotoolbox_start(),
called when the hwaccel is initialized. When frame threading is used,
avctx will be the context corresponding to the frame thread currently
doing the decoding. Using this same codec context in all subsequent
invocations of the decoder callback (even those triggered by a different
frame thread) is unsafe, and broken after
cc867f2c09d2b69cee8a0eccd62aff002cbbfe11, since each frame thread now
cleans up its hwaccel state after decoding each frame.

Fix this by passing hwaccel_priv_data as the opaque parameter, which
exists in a single instance forwarded between all frame threads.

The only other use of AVCodecContext in the decoder output callback is
as a logging context. For this purpose, store a logging context in
hwaccel_priv_data.

(cherry picked from commit d7f4ad88a0df3c1339e142957bf2c40cd056b8ce)
Signed-off-by: Anton Khirnov 
(cherry picked from commit ddf3bedfb8160883fd9fdfd4082050d904f51755)
Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=768d4c2e2ad17fb275f8e6f9e1ecdab0c16e979e
---

 libavcodec/videotoolbox.c | 10 ++
 libavcodec/vt_internal.h  |  2 ++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/libavcodec/videotoolbox.c b/libavcodec/videotoolbox.c
index 49e726a75f..2357401412 100644
--- a/libavcodec/videotoolbox.c
+++ b/libavcodec/videotoolbox.c
@@ -608,8 +608,7 @@ static void videotoolbox_decoder_callback(void *opaque,
   CMTime pts,
   CMTime duration)
 {
-AVCodecContext *avctx = opaque;
-VTContext *vtctx = avctx->internal->hwaccel_priv_data;
+VTContext *vtctx = opaque;
 
 if (vtctx->frame) {
 CVPixelBufferRelease(vtctx->frame);
@@ -617,7 +616,8 @@ static void videotoolbox_decoder_callback(void *opaque,
 }
 
 if (!image_buffer) {
-av_log(avctx, AV_LOG_DEBUG, "vt decoder cb: output image buffer is 
null\n");
+av_log(vtctx->logctx,  AV_LOG_DEBUG,
+   "vt decoder cb: output image buffer is null: %i\n", status);
 return;
 }
 
@@ -828,7 +828,7 @@ static int videotoolbox_start(AVCodecContext *avctx)
  
videotoolbox->cv_pix_fmt_type);
 
 decoder_cb.decompressionOutputCallback = videotoolbox_decoder_callback;
-decoder_cb.decompressionOutputRefCon   = avctx;
+decoder_cb.decompressionOutputRefCon   = 
avctx->internal->hwaccel_priv_data;
 
 status = VTDecompressionSessionCreate(NULL,  // 
allocator
   videotoolbox->cm_fmt_desc, // 
videoFormatDescription
@@ -1040,6 +1040,8 @@ static int videotoolbox_common_init(AVCodecContext *avctx)
 AVHWFramesContext *hw_frames;
 int err;
 
+vtctx->logctx = avctx;
+
 // Old API - do nothing.
 if (avctx->hwaccel_context)
 return 0;
diff --git a/libavcodec/vt_internal.h b/libavcodec/vt_internal.h
index fb64735b8c..08d9c77090 100644
--- a/libavcodec/vt_internal.h
+++ b/libavcodec/vt_internal.h
@@ -42,6 +42,8 @@ typedef struct VTContext {
 // Current H264 parameters (used to trigger decoder restart on SPS 
changes).
 uint8_t sps[3];
 boolreconfig_needed;
+
+void *logctx;
 } VTContext;
 
 int ff_videotoolbox_alloc_frame(AVCodecContext *avctx, AVFrame *frame);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] Tag n5.1.2 : FFmpeg 5.1.2 release

2022-09-25 Thread git 
[ffmpeg] [branch: refs/tags/n5.1.2]
Tag:1326fe9d4c85cca1ee774b072ef4fa337694f2e7
> http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=1326fe9d4c85cca1ee774b072ef4fa337694f2e7

Tagger: Michael Niedermayer 
Date:   Sun Sep 25 00:12:45 2022 +0200

FFmpeg 5.1.2 release
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] [ffmpeg-web] branch master updated. 0c8cf93 web/download: Add FFmpeg 5.1.2

2022-09-25 Thread ffmpeg-git 
The branch, master has been updated
   via  0c8cf93b557dc54ca9bd8b0c3fd82c22cc676b56 (commit)
  from  02eac909118ae1f36d9b84425cd3b4d204365c62 (commit)


- Log -
commit 0c8cf93b557dc54ca9bd8b0c3fd82c22cc676b56
Author: Michael Niedermayer 
AuthorDate: Sun Sep 25 12:37:21 2022 +0200
Commit: Michael Niedermayer 
CommitDate: Sun Sep 25 12:37:21 2022 +0200

web/download: Add FFmpeg 5.1.2

diff --git a/src/download b/src/download
index ff874ef..3ea700b 100644
--- a/src/download
+++ b/src/download
@@ -304,10 +304,10 @@ gpg: Good signature from "FFmpeg release signing key 
Changelog
+  https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n5.1.2";>Changelog
   https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/5.1:/RELEASE_NOTES";>Release
 Notes
  


---

Summary of changes:
 src/download | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)


hooks/post-receive
-- 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/h264_redundant_pps_bsf: Don't remove PPS

2022-09-25 Thread Andreas Rheinhardt 
ffmpeg | branch: master | Andreas Rheinhardt  | 
Tue Sep 20 14:20:07 2022 +0200| [7ae1c0dd3ef8038f541716eb283380fd196041ad] | 
committer: Andreas Rheinhardt

avcodec/h264_redundant_pps_bsf: Don't remove PPS

There is no check for whether these supposedly redundant PPS
are actually redundant. One could check via memcmp which would
work in practice* (because all content buffers are initially
zero-allocated), but this is not portable as compilers may
trash padding inside structures as they wish.

In case the PPS is not really redundant the output is garbage.
This happens with several files from the FATE-suite. E.g.
h264-conformance/CVCANLMA2_Sony_C.jsv doesn't decode correctly
any more, whereas h264-conformance/CABA3_TOSHIBA_E.264 even
fails in ff_cbs_write_packet(), because the inferred value
of num_ref_idx_l0_active_minus1 mismatches with the value set
in the slice (this happens when num_ref_idx_l0_default_active_minus1
changes in the PPS; the value in the slice header is inferred from
the original PPS's num_ref_idx_l0_default_active_minus1).

*: Unless slice_group_id is used, i.e. unless slice_group_map_type
is six.

Signed-off-by: Andreas Rheinhardt 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ae1c0dd3ef8038f541716eb283380fd196041ad
---

 doc/bitstream_filters.texi  |  3 ---
 libavcodec/h264_redundant_pps_bsf.c | 11 ---
 2 files changed, 14 deletions(-)

diff --git a/doc/bitstream_filters.texi b/doc/bitstream_filters.texi
index 50c95f035d..c63c20370f 100644
--- a/doc/bitstream_filters.texi
+++ b/doc/bitstream_filters.texi
@@ -382,9 +382,6 @@ This applies a specific fixup to some Blu-ray streams which 
contain
 redundant PPSs modifying irrelevant parameters of the stream which
 confuse other transformations which require correct extradata.
 
-A new single global PPS is created, and all of the redundant PPSs
-within the stream are removed.
-
 @section hevc_metadata
 
 Modify metadata embedded in an HEVC stream.
diff --git a/libavcodec/h264_redundant_pps_bsf.c 
b/libavcodec/h264_redundant_pps_bsf.c
index f8bab1f109..df9a88a705 100644
--- a/libavcodec/h264_redundant_pps_bsf.c
+++ b/libavcodec/h264_redundant_pps_bsf.c
@@ -80,26 +80,15 @@ static int h264_redundant_pps_update_fragment(AVBSFContext 
*bsf,
   CodedBitstreamFragment *au)
 {
 H264RedundantPPSContext *ctx = bsf->priv_data;
-int au_has_sps;
 int err, i;
 
-au_has_sps = 0;
 for (i = 0; i < au->nb_units; i++) {
 CodedBitstreamUnit *nal = &au->units[i];
 
-if (nal->type == H264_NAL_SPS)
-au_has_sps = 1;
 if (nal->type == H264_NAL_PPS) {
 err = h264_redundant_pps_fixup_pps(ctx, nal);
 if (err < 0)
 return err;
-if (!au_has_sps) {
-av_log(bsf, AV_LOG_VERBOSE, "Deleting redundant PPS "
-   "at %"PRId64".\n", pkt->pts);
-ff_cbs_delete_unit(au, i);
-i--;
-continue;
-}
 }
 if (nal->type == H264_NAL_SLICE ||
 nal->type == H264_NAL_IDR_SLICE) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/cbs: Only write extradata if there is something to write

2022-09-25 Thread Andreas Rheinhardt 
ffmpeg | branch: master | Andreas Rheinhardt  | 
Tue Sep 20 14:37:38 2022 +0200| [a7e54196cc94a71c44dd0bd4b91641740a7caf20] | 
committer: Andreas Rheinhardt

avcodec/cbs: Only write extradata if there is something to write

It is e.g. legal for an ISOBMFF avcc to contain zero parameter sets.
In this case the annex B that we produce would be empty and therefore
useless. This happens e.g. with mov/frag_overlap.mp4 from the
FATE-suite.

Signed-off-by: Andreas Rheinhardt 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7e54196cc94a71c44dd0bd4b91641740a7caf20
---

 libavcodec/cbs.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/cbs.c b/libavcodec/cbs.c
index 07ae658a4c..8d6e3c3442 100644
--- a/libavcodec/cbs.c
+++ b/libavcodec/cbs.c
@@ -438,6 +438,10 @@ int ff_cbs_write_extradata(CodedBitstreamContext *ctx,
 return err;
 
 av_freep(&par->extradata);
+par->extradata_size = 0;
+
+if (!frag->data_size)
+return 0;
 
 par->extradata = av_malloc(frag->data_size +
AV_INPUT_BUFFER_PADDING_SIZE);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] fate/cbs: Add tests for h264_redundant_pps BSF

2022-09-25 Thread Andreas Rheinhardt 
ffmpeg | branch: master | Andreas Rheinhardt  | 
Tue Sep 20 17:51:01 2022 +0200| [54b29e1656979a6879221c0d2d0b50cc91e43bdc] | 
committer: Andreas Rheinhardt

fate/cbs: Add tests for h264_redundant_pps BSF

This also tests writing slice data in the unaligned mode
(some of these files use CAVLC) as well as updating
side data as well as parsing ISOBMFF avcc extradata.

Signed-off-by: Andreas Rheinhardt 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=54b29e1656979a6879221c0d2d0b50cc91e43bdc
---

 tests/fate/cbs.mak   |  43 +++-
 tests/ref/fate/h264_redundant_pps-annexb | 307 +++
 tests/ref/fate/h264_redundant_pps-mov| 115 ++
 tests/ref/fate/h264_redundant_pps-side_data  |  21 ++
 tests/ref/fate/h264_redundant_pps-side_data2 |  11 +
 5 files changed, 494 insertions(+), 3 deletions(-)

diff --git a/tests/fate/cbs.mak b/tests/fate/cbs.mak
index 18efa96a61..a93e58ea9f 100644
--- a/tests/fate/cbs.mak
+++ b/tests/fate/cbs.mak
@@ -1,4 +1,4 @@
-# Read/write tests: this uses the codec metadata filter - with no
+# Read/write tests: By default, this uses the codec metadata filters - with no
 # arguments, it decomposes the stream fully and then recomposes it
 # without making any changes.
 
@@ -66,8 +66,45 @@ $(foreach N,$(FATE_CBS_H264_CONFORMANCE_SAMPLES),$(eval 
$(call FATE_CBS_TEST,h26
 $(foreach N,$(FATE_CBS_H264_SAMPLES),$(eval $(call 
FATE_CBS_TEST,h264,$(basename $(N)),h264,h264/$(N),h264)))
 
 FATE_CBS_H264-$(call FATE_CBS_DEPS, H264, H264, H264, H264, H264) = 
$(FATE_CBS_h264)
-FATE_SAMPLES_AVCONV += $(FATE_CBS_H264-yes)
-fate-cbs-h264: $(FATE_CBS_H264-yes)
+
+
+FATE_H264_REDUNDANT_PPS-$(call REMUX, H264, MOV_DEMUXER H264_REDUNDANT_PPS_BSF 
  \
+  H264_DECODER H264_PARSER 
RAWVIDEO_ENCODER) \
+  += fate-h264_redundant_pps-mov
+fate-h264_redundant_pps-mov: CMD = transcode \
+mov $(TARGET_SAMPLES)/mov/frag_overlap.mp4 h264 \
+"-map 0:v -c copy -bsf h264_redundant_pps"
+
+# This file has changing pic_init_qp_minus26.
+FATE_H264_REDUNDANT_PPS-$(call REMUX, H264, H264_PARSER H264_REDUNDANT_PPS_BSF 
\
+  H264_DECODER RAWVIDEO_ENCODER) \
+  += fate-h264_redundant_pps-annexb
+fate-h264_redundant_pps-annexb: CMD = transcode \
+h264 $(TARGET_SAMPLES)/h264-conformance/CABA3_TOSHIBA_E.264 \
+h264 "-map 0:v -c copy -bsf h264_redundant_pps"
+
+# These two tests test that new extradata in packet side data is properly
+# modified by h264_redundant_pps. nut is used as destination container
+# because it can store extradata updates (in its experimental mode);
+# setting -syncpoints none is a hack to use nut version 4.
+FATE_H264_REDUNDANT_PPS-$(call REMUX, NUT, MOV_DEMUXER H264_REDUNDANT_PPS_BSF 
H264_DECODER) \
++= fate-h264_redundant_pps-side_data
+fate-h264_redundant_pps-side_data: CMD = transcode \
+mov $(TARGET_SAMPLES)/h264/thezerotheorem-cut.mp4 nut \
+"-map 0:v -c copy -bsf h264_redundant_pps -syncpoints none -strict 
experimental" "-c copy"
+
+FATE_H264_REDUNDANT_PPS-$(call REMUX, NUT, MOV_DEMUXER H264_REDUNDANT_PPS_BSF \
+  H264_DECODER SCALE_FILTER 
RAWVIDEO_ENCODER) \
+  += fate-h264_redundant_pps-side_data2
+fate-h264_redundant_pps-side_data2: CMD = transcode \
+mov $(TARGET_SAMPLES)/h264/extradata-reload-multi-stsd.mov nut \
+"-map 0:v -c copy -bsf h264_redundant_pps -syncpoints none -strict 
experimental"
+
+fate-h264_redundant_pps: $(FATE_H264_REDUNDANT_PPS-yes)
+
+
+FATE_SAMPLES_FFMPEG += $(FATE_CBS_H264-yes) $(FATE_H264_REDUNDANT_PPS-yes)
+fate-cbs-h264: $(FATE_CBS_H264-yes) $(FATE_H264_REDUNDANT_PPS-yes)
 
 # H.265 read/write
 
diff --git a/tests/ref/fate/h264_redundant_pps-annexb 
b/tests/ref/fate/h264_redundant_pps-annexb
new file mode 100644
index 00..11d79f8b1f
--- /dev/null
+++ b/tests/ref/fate/h264_redundant_pps-annexb
@@ -0,0 +1,307 @@
+ce0890bd80342f8a3f6703f83b1c4959 
*tests/data/fate/h264_redundant_pps-annexb.h264
+163967 tests/data/fate/h264_redundant_pps-annexb.h264
+#tb 0: 1/25
+#media_type 0: video
+#codec_id 0: rawvideo
+#dimensions 0: 176x144
+#sar 0: 0/1
+0,  0,  0,1,38016, 0x72723ce4
+0,  1,  1,1,38016, 0x347219d7
+0,  2,  2,1,38016, 0x813ff182
+0,  3,  3,1,38016, 0x4e69d41a
+0,  4,  4,1,38016, 0x5e56acb6
+0,  5,  5,1,38016, 0xe72197e5
+0,  6,  6,1,38016, 0xd035807a
+0,  7,  7,1,38016, 0x9ee57559
+0,  8,  8,1,38016, 0xd0f56f28
+0,  9,  9,1,38016, 0xa5097788
+0, 10, 10,1,38016, 0xf108978d
+0, 11,

[FFmpeg-cvslog] avformat/nutdec: Don't shrink packet size manually

2022-09-25 Thread Andreas Rheinhardt 
ffmpeg | branch: master | Andreas Rheinhardt  | 
Tue Sep 20 17:23:55 2022 +0200| [843fe314ea30a3b7ccaa165031663292d14a9e02] | 
committer: Andreas Rheinhardt

avformat/nutdec: Don't shrink packet size manually

It is unnecessary because an av_shrink_packet() a few lines below
will set the size; furthermore, it is actually harmful, because
av_shrink_packet() does nothing in case the size already matches,
so that the packet's padding is not correctly zeroed.

Signed-off-by: Andreas Rheinhardt 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=843fe314ea30a3b7ccaa165031663292d14a9e02
---

 libavformat/nutdec.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 24dedc4758..afa27b827c 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -1132,7 +1132,6 @@ static int decode_frame(NUTContext *nut, AVPacket *pkt, 
int frame_code)
 }
 sm_size = avio_tell(bc) - pkt->pos;
 size  -= sm_size;
-pkt->size -= sm_size;
 }
 
 ret = avio_read(bc, pkt->data + nut->header_len[header_idx], size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/libjxlenc: avoid hard failure with unspecified primaries

2022-09-25 Thread Leo Izen 
ffmpeg | branch: release/5.1 | Leo Izen  | Fri Jul 15 
13:27:10 2022 -0400| [05d6157aab34bc49f23284645a8f34ece870f44d] | committer: 
James Almer

avcodec/libjxlenc: avoid hard failure with unspecified primaries

This patch prevents the libjxl encoder wrapper from failing to
encode images when the input video has untagged primaries. It will
instead assume BT.709/sRGB primaries and print a warning.

Signed-off-by: Leo Izen 
(cherry picked from commit 940169b8aab406a8b1ccee4a9705a1e06b76d035)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05d6157aab34bc49f23284645a8f34ece870f44d
---

 libavcodec/libjxlenc.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavcodec/libjxlenc.c b/libavcodec/libjxlenc.c
index 6a948cc3ae..9d98a112e1 100644
--- a/libavcodec/libjxlenc.c
+++ b/libavcodec/libjxlenc.c
@@ -190,7 +190,7 @@ static av_cold int libjxl_encode_init(AVCodecContext *avctx)
  * Populate a JxlColorEncoding with the given enum AVColorPrimaries.
  * @return < 0 upon failure, >= 0 upon success
  */
-static int libjxl_populate_primaries(JxlColorEncoding *jxl_color, enum 
AVColorPrimaries prm)
+static int libjxl_populate_primaries(void *avctx, JxlColorEncoding *jxl_color, 
enum AVColorPrimaries prm)
 {
 const AVColorPrimariesDesc *desc;
 
@@ -211,6 +211,11 @@ static int libjxl_populate_primaries(JxlColorEncoding 
*jxl_color, enum AVColorPr
 jxl_color->primaries = JXL_PRIMARIES_P3;
 jxl_color->white_point = JXL_WHITE_POINT_D65;
 return 0;
+case AVCOL_PRI_UNSPECIFIED:
+av_log(avctx, AV_LOG_WARNING, "Unknown primaries, assuming 
BT.709/sRGB. Colors may be wrong.\n");
+jxl_color->primaries = JXL_PRIMARIES_SRGB;
+jxl_color->white_point = JXL_WHITE_POINT_D65;
+return 0;
 }
 
 desc = av_csp_primaries_desc_from_id(prm);
@@ -340,7 +345,7 @@ static int libjxl_encode_frame(AVCodecContext *avctx, 
AVPacket *pkt, const AVFra
 else
 jxl_color.color_space = JXL_COLOR_SPACE_RGB;
 
-ret = libjxl_populate_primaries(&jxl_color,
+ret = libjxl_populate_primaries(avctx, &jxl_color,
 frame->color_primaries && frame->color_primaries != 
AVCOL_PRI_UNSPECIFIED
 ? frame->color_primaries : avctx->color_primaries);
 if (ret < 0)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avutil: add RGBA single-float precision packed formats

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Wed Sep 14 14:13:06 
2022 +0200| [7bb0afc245d093b065b849461a5e0361050df512] | committer: Paul B Mahol

avutil: add RGBA single-float precision packed formats

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7bb0afc245d093b065b849461a5e0361050df512
---

 libavutil/pixdesc.c  | 28 
 libavutil/pixfmt.h   |  3 +++
 tests/ref/fate/imgutils  |  2 ++
 tests/ref/fate/sws-pixdesc-query | 11 +++
 4 files changed, 44 insertions(+)

diff --git a/libavutil/pixdesc.c b/libavutil/pixdesc.c
index 248d5f29cd..bfba414167 100644
--- a/libavutil/pixdesc.c
+++ b/libavutil/pixdesc.c
@@ -2661,6 +2661,34 @@ static const AVPixFmtDescriptor 
av_pix_fmt_descriptors[AV_PIX_FMT_NB] = {
 },
 .flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_FLOAT,
 },
+[AV_PIX_FMT_RGBAF32BE] = {
+.name = "rgbaf32be",
+.nb_components = 4,
+.log2_chroma_w = 0,
+.log2_chroma_h = 0,
+.comp = {
+{ 0, 16,  0, 0, 32 },  /* R */
+{ 0, 16,  4, 0, 32 },  /* G */
+{ 0, 16,  8, 0, 32 },  /* B */
+{ 0, 16, 12, 0, 32 },  /* A */
+},
+.flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB |
+ AV_PIX_FMT_FLAG_FLOAT | AV_PIX_FMT_FLAG_ALPHA,
+},
+[AV_PIX_FMT_RGBAF32LE] = {
+.name = "rgbaf32le",
+.nb_components = 4,
+.log2_chroma_w = 0,
+.log2_chroma_h = 0,
+.comp = {
+{ 0, 16,  0, 0, 32 },  /* R */
+{ 0, 16,  4, 0, 32 },  /* G */
+{ 0, 16,  8, 0, 32 },  /* B */
+{ 0, 16, 12, 0, 32 },  /* A */
+},
+.flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_FLOAT |
+ AV_PIX_FMT_FLAG_ALPHA,
+},
 };
 
 static const char * const color_range_names[] = {
diff --git a/libavutil/pixfmt.h b/libavutil/pixfmt.h
index 3c34d73e2c..f8b3c0514f 100644
--- a/libavutil/pixfmt.h
+++ b/libavutil/pixfmt.h
@@ -389,6 +389,9 @@ enum AVPixelFormat {
 AV_PIX_FMT_RGBF32BE,///< IEEE-754 single precision packed RGB 
32:32:32, 96bpp, RGBRGB..., big-endian
 AV_PIX_FMT_RGBF32LE,///< IEEE-754 single precision packed RGB 
32:32:32, 96bpp, RGBRGB..., little-endian
 
+AV_PIX_FMT_RGBAF32BE,   ///< IEEE-754 single precision packed RGBA 
32:32:32:32, 128bpp, RGBARGBA..., big-endian
+AV_PIX_FMT_RGBAF32LE,   ///< IEEE-754 single precision packed RGBA 
32:32:32:32, 128bpp, RGBARGBA..., little-endian
+
 AV_PIX_FMT_NB ///< number of pixel formats, DO NOT USE THIS if you 
want to link with shared libav* because the number of formats might differ 
between versions
 };
 
diff --git a/tests/ref/fate/imgutils b/tests/ref/fate/imgutils
index 8ad5615ed8..e79ec7e4b3 100644
--- a/tests/ref/fate/imgutils
+++ b/tests/ref/fate/imgutils
@@ -260,3 +260,5 @@ xv36be  planes: 1, linesizes: 512   0   0   0, 
plane_sizes: 24576 0
 xv36le  planes: 1, linesizes: 512   0   0   0, plane_sizes: 24576 
0 0 0, plane_offsets: 0 0 0, total_size: 24576
 rgbf32beplanes: 1, linesizes: 768   0   0   0, plane_sizes: 36864 
0 0 0, plane_offsets: 0 0 0, total_size: 36864
 rgbf32leplanes: 1, linesizes: 768   0   0   0, plane_sizes: 36864 
0 0 0, plane_offsets: 0 0 0, total_size: 36864
+rgbaf32be   planes: 1, linesizes: 1024   0   0   0, plane_sizes: 49152 
0 0 0, plane_offsets: 0 0 0, total_size: 49152
+rgbaf32le   planes: 1, linesizes: 1024   0   0   0, plane_sizes: 49152 
0 0 0, plane_offsets: 0 0 0, total_size: 49152
diff --git a/tests/ref/fate/sws-pixdesc-query b/tests/ref/fate/sws-pixdesc-query
index e850d52d12..14156a383c 100644
--- a/tests/ref/fate/sws-pixdesc-query
+++ b/tests/ref/fate/sws-pixdesc-query
@@ -169,6 +169,7 @@ isBE:
   rgb565be
   rgba64be
   rgbaf16be
+  rgbaf32be
   rgbf32be
   x2bgr10be
   x2rgb10be
@@ -510,6 +511,8 @@ isRGB:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbaf32be
+  rgbaf32le
   rgbf32be
   rgbf32le
   x2bgr10be
@@ -664,6 +667,8 @@ AnyRGB:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbaf32be
+  rgbaf32le
   rgbf32be
   rgbf32le
   x2bgr10be
@@ -694,6 +699,8 @@ ALPHA:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbaf32be
+  rgbaf32le
   vuya
   ya16be
   ya16le
@@ -780,6 +787,8 @@ Packed:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbaf32be
+  rgbaf32le
   rgbf32be
   rgbf32le
   uyvy422
@@ -972,6 +981,8 @@ PackedRGB:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbaf32be
+  rgbaf32le
   rgbf32be
   rgbf32le
   x2bgr10be

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avutil: add RGB single-precision float formats

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Wed Sep 14 14:09:02 
2022 +0200| [63bb6d6a9b64f78e0cfbbc008947c9e0bf2fc409] | committer: Paul B Mahol

avutil: add RGB single-precision float formats

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=63bb6d6a9b64f78e0cfbbc008947c9e0bf2fc409
---

 libavutil/pixdesc.c  | 25 +
 libavutil/pixfmt.h   |  3 +++
 tests/ref/fate/imgutils  |  2 ++
 tests/ref/fate/sws-pixdesc-query |  9 +
 4 files changed, 39 insertions(+)

diff --git a/libavutil/pixdesc.c b/libavutil/pixdesc.c
index b472a94f60..248d5f29cd 100644
--- a/libavutil/pixdesc.c
+++ b/libavutil/pixdesc.c
@@ -2636,6 +2636,31 @@ static const AVPixFmtDescriptor 
av_pix_fmt_descriptors[AV_PIX_FMT_NB] = {
 },
 .flags = AV_PIX_FMT_FLAG_BE,
 },
+[AV_PIX_FMT_RGBF32BE] = {
+.name = "rgbf32be",
+.nb_components = 3,
+.log2_chroma_w = 0,
+.log2_chroma_h = 0,
+.comp = {
+{ 0, 12, 0, 0, 32 },   /* R */
+{ 0, 12, 4, 0, 32 },   /* G */
+{ 0, 12, 8, 0, 32 },   /* B */
+},
+.flags = AV_PIX_FMT_FLAG_BE | AV_PIX_FMT_FLAG_RGB |
+ AV_PIX_FMT_FLAG_FLOAT,
+},
+[AV_PIX_FMT_RGBF32LE] = {
+.name = "rgbf32le",
+.nb_components = 3,
+.log2_chroma_w = 0,
+.log2_chroma_h = 0,
+.comp = {
+{ 0, 12, 0, 0, 32 },   /* R */
+{ 0, 12, 4, 0, 32 },   /* G */
+{ 0, 12, 8, 0, 32 },   /* B */
+},
+.flags = AV_PIX_FMT_FLAG_RGB | AV_PIX_FMT_FLAG_FLOAT,
+},
 };
 
 static const char * const color_range_names[] = {
diff --git a/libavutil/pixfmt.h b/libavutil/pixfmt.h
index a1c4c9fb75..3c34d73e2c 100644
--- a/libavutil/pixfmt.h
+++ b/libavutil/pixfmt.h
@@ -386,6 +386,9 @@ enum AVPixelFormat {
 AV_PIX_FMT_XV36BE,  ///< packed XVYU 4:4:4, 48bpp, data in the high 
bits, zeros in the low bits, big-endian, variant of Y412 where alpha channel is 
left undefined
 AV_PIX_FMT_XV36LE,  ///< packed XVYU 4:4:4, 48bpp, data in the high 
bits, zeros in the low bits, little-endian, variant of Y412 where alpha channel 
is left undefined
 
+AV_PIX_FMT_RGBF32BE,///< IEEE-754 single precision packed RGB 
32:32:32, 96bpp, RGBRGB..., big-endian
+AV_PIX_FMT_RGBF32LE,///< IEEE-754 single precision packed RGB 
32:32:32, 96bpp, RGBRGB..., little-endian
+
 AV_PIX_FMT_NB ///< number of pixel formats, DO NOT USE THIS if you 
want to link with shared libav* because the number of formats might differ 
between versions
 };
 
diff --git a/tests/ref/fate/imgutils b/tests/ref/fate/imgutils
index de73513e7c..8ad5615ed8 100644
--- a/tests/ref/fate/imgutils
+++ b/tests/ref/fate/imgutils
@@ -258,3 +258,5 @@ xv30be  planes: 1, linesizes: 256   0   0   0, 
plane_sizes: 12288 0
 xv30le  planes: 1, linesizes: 256   0   0   0, plane_sizes: 12288 
0 0 0, plane_offsets: 0 0 0, total_size: 12288
 xv36be  planes: 1, linesizes: 512   0   0   0, plane_sizes: 24576 
0 0 0, plane_offsets: 0 0 0, total_size: 24576
 xv36le  planes: 1, linesizes: 512   0   0   0, plane_sizes: 24576 
0 0 0, plane_offsets: 0 0 0, total_size: 24576
+rgbf32beplanes: 1, linesizes: 768   0   0   0, plane_sizes: 36864 
0 0 0, plane_offsets: 0 0 0, total_size: 36864
+rgbf32leplanes: 1, linesizes: 768   0   0   0, plane_sizes: 36864 
0 0 0, plane_offsets: 0 0 0, total_size: 36864
diff --git a/tests/ref/fate/sws-pixdesc-query b/tests/ref/fate/sws-pixdesc-query
index 20fc596ce9..e850d52d12 100644
--- a/tests/ref/fate/sws-pixdesc-query
+++ b/tests/ref/fate/sws-pixdesc-query
@@ -169,6 +169,7 @@ isBE:
   rgb565be
   rgba64be
   rgbaf16be
+  rgbf32be
   x2bgr10be
   x2rgb10be
   xv30be
@@ -509,6 +510,8 @@ isRGB:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbf32be
+  rgbf32le
   x2bgr10be
   x2bgr10le
   x2rgb10be
@@ -661,6 +664,8 @@ AnyRGB:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbf32be
+  rgbf32le
   x2bgr10be
   x2bgr10le
   x2rgb10be
@@ -775,6 +780,8 @@ Packed:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbf32be
+  rgbf32le
   uyvy422
   uyyvyy411
   vuya
@@ -965,6 +972,8 @@ PackedRGB:
   rgba64le
   rgbaf16be
   rgbaf16le
+  rgbf32be
+  rgbf32le
   x2bgr10be
   x2bgr10le
   x2rgb10be

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/vf_extractplanes: add support for packed rgb float formats

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Wed Sep 14 16:41:48 
2022 +0200| [9995a76f7c5b507c0304de6a926b32c70d5ea2aa] | committer: Paul B Mahol

avfilter/vf_extractplanes: add support for packed rgb float formats

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9995a76f7c5b507c0304de6a926b32c70d5ea2aa
---

 libavfilter/vf_extractplanes.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/libavfilter/vf_extractplanes.c b/libavfilter/vf_extractplanes.c
index 60b55578cf..3c794eaa28 100644
--- a/libavfilter/vf_extractplanes.c
+++ b/libavfilter/vf_extractplanes.c
@@ -124,6 +124,7 @@ AVFILTER_DEFINE_CLASS(extractplanes);
 
 #define FLOAT_FORMATS(suf) \
 AV_PIX_FMT_GRAYF32##suf,   \
+AV_PIX_FMT_RGBF32##suf, AV_PIX_FMT_RGBAF32##suf,   \
 AV_PIX_FMT_GBRPF32##suf, AV_PIX_FMT_GBRAPF32##suf  \
 
 static int query_formats(AVFilterContext *ctx)
@@ -283,6 +284,13 @@ static void extract_from_packed(uint8_t *dst, int 
dst_linesize,
 dst[x * 2] = src[x * step + comp * 2];
 dst[x * 2 + 1] = src[x * step + comp * 2 + 1];
 }
+case 4:
+for (x = 0; x < width; x++) {
+dst[x * 4] = src[x * step + comp * 4];
+dst[x * 4 + 1] = src[x * step + comp * 4 + 1];
+dst[x * 4 + 2] = src[x * step + comp * 4 + 2];
+dst[x * 4 + 3] = src[x * step + comp * 4 + 3];
+}
 break;
 }
 dst += dst_linesize;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/tiff: add packed/planar 32bit float support

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Wed Sep 14 13:58:21 
2022 +0200| [baf9099cf380fad2be4ae17379f6cb5762bb2c92] | committer: Paul B Mahol

avcodec/tiff: add packed/planar 32bit float support

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=baf9099cf380fad2be4ae17379f6cb5762bb2c92
---

 libavcodec/tiff.c | 36 
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 4da77a3a31..750c42ca51 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1026,14 +1026,14 @@ static int init_image(TiffContext *s, AVFrame *frame)
 int create_gray_palette = 0;
 
 // make sure there is no aliasing in the following switch
-if (s->bpp >= 100 || s->bppcount >= 10) {
+if (s->bpp > 128 || s->bppcount >= 10) {
 av_log(s->avctx, AV_LOG_ERROR,
"Unsupported image parameters: bpp=%d, bppcount=%d\n",
s->bpp, s->bppcount);
 return AVERROR_INVALIDDATA;
 }
 
-switch (s->planar * 1000 + s->bpp * 10 + s->bppcount + s->is_bayer * 
1) {
+switch (s->planar * 1 + s->bpp * 10 + s->bppcount + s->is_bayer * 
10) {
 case 11:
 if (!s->palette_is_set) {
 s->avctx->pix_fmt = AV_PIX_FMT_MONOBLACK;
@@ -1052,7 +1052,7 @@ static int init_image(TiffContext *s, AVFrame *frame)
 case 121:
 s->avctx->pix_fmt = AV_PIX_FMT_GRAY12;
 break;
-case 10081:
+case 100081:
 switch (AV_RL32(s->pattern)) {
 case 0x02010100:
 s->avctx->pix_fmt = AV_PIX_FMT_BAYER_RGGB8;
@@ -1072,10 +1072,10 @@ static int init_image(TiffContext *s, AVFrame *frame)
 return AVERROR_PATCHWELCOME;
 }
 break;
-case 10101:
-case 10121:
-case 10141:
-case 10161:
+case 100101:
+case 100121:
+case 100141:
+case 100161:
 switch (AV_RL32(s->pattern)) {
 case 0x02010100:
 s->avctx->pix_fmt = AV_PIX_FMT_BAYER_RGGB16;
@@ -1143,18 +1143,30 @@ static int init_image(TiffContext *s, AVFrame *frame)
 case 644:
 s->avctx->pix_fmt = s->le ? AV_PIX_FMT_RGBA64LE  : AV_PIX_FMT_RGBA64BE;
 break;
-case 1243:
+case 10243:
 s->avctx->pix_fmt = AV_PIX_FMT_GBRP;
 break;
-case 1324:
+case 10324:
 s->avctx->pix_fmt = AV_PIX_FMT_GBRAP;
 break;
-case 1483:
+case 10483:
 s->avctx->pix_fmt = s->le ? AV_PIX_FMT_GBRP16LE : AV_PIX_FMT_GBRP16BE;
 break;
-case 1644:
+case 10644:
 s->avctx->pix_fmt = s->le ? AV_PIX_FMT_GBRAP16LE : 
AV_PIX_FMT_GBRAP16BE;
 break;
+case 963:
+s->avctx->pix_fmt = s->le ? AV_PIX_FMT_RGBF32LE : AV_PIX_FMT_RGBF32BE;
+break;
+case 1284:
+s->avctx->pix_fmt = s->le ? AV_PIX_FMT_RGBAF32LE : 
AV_PIX_FMT_RGBAF32BE;
+break;
+case 10963:
+s->avctx->pix_fmt = s->le ? AV_PIX_FMT_GBRPF32LE : 
AV_PIX_FMT_GBRPF32BE;
+break;
+case 11284:
+s->avctx->pix_fmt = s->le ? AV_PIX_FMT_GBRAPF32LE : 
AV_PIX_FMT_GBRAPF32BE;
+break;
 default:
 av_log(s->avctx, AV_LOG_ERROR,
"This format is not supported (bpp=%d, bppcount=%d)\n",
@@ -1732,7 +1744,7 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
 }
 }
 end:
-if (s->bpp > 64U) {
+if (s->bpp > 128U) {
 av_log(s->avctx, AV_LOG_ERROR,
 "This format is not supported (bpp=%d, %d components)\n",
 s->bpp, count);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/pnmdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Sun Sep 25 15:48:13 
2022 +0200| [c0771055ec648e0e02dff44a8848e5a60d4c2a73] | committer: Paul B Mahol

avcodec/pnmdec: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c0771055ec648e0e02dff44a8848e5a60d4c2a73
---

 libavcodec/pnmdec.c | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
index 6ba54ddccd..e95b4072eb 100644
--- a/libavcodec/pnmdec.c
+++ b/libavcodec/pnmdec.c
@@ -59,6 +59,9 @@ static int pnm_decode_frame(AVCodecContext *avctx, AVFrame *p,
 if ((ret = ff_pnm_decode_header(avctx, s)) < 0)
 return ret;
 
+if (avctx->skip_frame >= AVDISCARD_ALL)
+return avpkt->size;
+
 if ((ret = ff_get_buffer(avctx, p, 0)) < 0)
 return ret;
 p->pict_type = AV_PICTURE_TYPE_I;
@@ -408,6 +411,7 @@ const FFCodec ff_pgm_decoder = {
 .p.id   = AV_CODEC_ID_PGM,
 .p.capabilities = AV_CODEC_CAP_DR1,
 .priv_data_size = sizeof(PNMContext),
+.caps_internal  = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 FF_CODEC_DECODE_CB(pnm_decode_frame),
 };
 #endif
@@ -420,6 +424,7 @@ const FFCodec ff_pgmyuv_decoder = {
 .p.id   = AV_CODEC_ID_PGMYUV,
 .p.capabilities = AV_CODEC_CAP_DR1,
 .priv_data_size = sizeof(PNMContext),
+.caps_internal  = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 FF_CODEC_DECODE_CB(pnm_decode_frame),
 };
 #endif
@@ -432,6 +437,7 @@ const FFCodec ff_ppm_decoder = {
 .p.id   = AV_CODEC_ID_PPM,
 .p.capabilities = AV_CODEC_CAP_DR1,
 .priv_data_size = sizeof(PNMContext),
+.caps_internal  = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 FF_CODEC_DECODE_CB(pnm_decode_frame),
 };
 #endif
@@ -444,6 +450,7 @@ const FFCodec ff_pbm_decoder = {
 .p.id   = AV_CODEC_ID_PBM,
 .p.capabilities = AV_CODEC_CAP_DR1,
 .priv_data_size = sizeof(PNMContext),
+.caps_internal  = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 FF_CODEC_DECODE_CB(pnm_decode_frame),
 };
 #endif
@@ -456,6 +463,7 @@ const FFCodec ff_pam_decoder = {
 .p.id   = AV_CODEC_ID_PAM,
 .p.capabilities = AV_CODEC_CAP_DR1,
 .priv_data_size = sizeof(PNMContext),
+.caps_internal  = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 FF_CODEC_DECODE_CB(pnm_decode_frame),
 };
 #endif
@@ -468,6 +476,7 @@ const FFCodec ff_pfm_decoder = {
 .p.id   = AV_CODEC_ID_PFM,
 .p.capabilities = AV_CODEC_CAP_DR1,
 .priv_data_size = sizeof(PNMContext),
+.caps_internal  = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 FF_CODEC_DECODE_CB(pnm_decode_frame),
 };
 #endif
@@ -490,6 +499,7 @@ const FFCodec ff_phm_decoder = {
 .p.capabilities = AV_CODEC_CAP_DR1,
 .priv_data_size = sizeof(PNMContext),
 .init   = phm_dec_init,
+.caps_internal  = FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 FF_CODEC_DECODE_CB(pnm_decode_frame),
 };
 #endif

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/tiff: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Sun Sep 25 15:59:13 
2022 +0200| [1452445116f3a265762ffeb7fdc5b8f2fbaa2cfc] | committer: Paul B Mahol

avcodec/tiff: implement FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1452445116f3a265762ffeb7fdc5b8f2fbaa2cfc
---

 libavcodec/tiff.c | 11 ---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 302444cb0f..9c29cd5a73 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1209,6 +1209,10 @@ static int init_image(TiffContext *s, AVFrame *frame)
 if (ret < 0)
 return ret;
 }
+
+if (s->avctx->skip_frame >= AVDISCARD_ALL)
+return 0;
+
 if ((ret = ff_thread_get_buffer(s->avctx, frame, 0)) < 0)
 return ret;
 if (s->avctx->pix_fmt == AV_PIX_FMT_PAL8) {
@@ -1222,7 +1226,7 @@ static int init_image(TiffContext *s, AVFrame *frame)
 pal[i] = 0xFFU << 24 | i * 255 / ((1is_tiled || has_strip_bits) {
@@ -2382,6 +2386,7 @@ const FFCodec ff_tiff_decoder = {
 .close  = tiff_end,
 FF_CODEC_DECODE_CB(decode_frame),
 .p.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_FRAME_THREADS,
-.caps_internal  = FF_CODEC_CAP_INIT_CLEANUP | FF_CODEC_CAP_ICC_PROFILES,
+.caps_internal  = FF_CODEC_CAP_INIT_CLEANUP | FF_CODEC_CAP_ICC_PROFILES |
+  FF_CODEC_CAP_SKIP_FRAME_FILL_PARAM,
 .p.priv_class   = &tiff_decoder_class,
 };

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/tiff: improve color handling in DNG

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Sun Sep 25 14:59:32 
2022 +0200| [91897110b012dbad18c54de169569ab6eb47af4b] | committer: Paul B Mahol

avcodec/tiff: improve color handling in DNG

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=91897110b012dbad18c54de169569ab6eb47af4b
---

 libavcodec/tiff.c | 204 ++
 libavcodec/tiff.h |   7 ++
 2 files changed, 199 insertions(+), 12 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 750c42ca51..302444cb0f 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -33,6 +33,8 @@
 #include 
 #endif
 
+#include 
+
 #include "libavutil/attributes.h"
 #include "libavutil/error.h"
 #include "libavutil/intreadwrite.h"
@@ -82,7 +84,16 @@ typedef struct TiffContext {
 unsigned last_tag;
 
 int is_bayer;
+int use_color_matrix;
 uint8_t pattern[4];
+
+float   analog_balance[4];
+float   as_shot_neutral[4];
+float   as_shot_white[4];
+float   color_matrix[3][4];
+float   camera_calibration[4][4];
+float   premultiply[4];
+
 unsigned black_level;
 unsigned white_level;
 uint16_t dng_lut[65536];
@@ -112,6 +123,8 @@ typedef struct TiffContext {
 TiffGeoTag *geotags;
 } TiffContext;
 
+static const float d65_white[3] = { 0.950456f, 1.f, 1.088754f };
+
 static void tiff_set_type(TiffContext *s, enum TiffType tiff_type) {
 if (s->tiff_type < tiff_type) // Prioritize higher-valued entries
 s->tiff_type = tiff_type;
@@ -286,12 +299,12 @@ static uint16_t av_always_inline 
dng_process_color16(uint16_t value,
 value = lut[value];
 
 // Black level subtraction
-value = av_clip_uint16_c((unsigned)value - black_level);
+value = av_clip_uint16((unsigned)value - black_level);
 
 // Color scaling
-value_norm = (float)value * scale_factor * 65535.f;
+value_norm = (float)value * scale_factor;
 
-value = av_clip_uint16_c(lrintf(value_norm));
+value = av_clip_uint16(lrintf(value_norm));
 
 return value;
 }
@@ -306,12 +319,18 @@ static uint16_t av_always_inline 
dng_process_color8(uint16_t value,
 
 static void av_always_inline dng_blit(TiffContext *s, uint8_t *dst, int 
dst_stride,
   const uint8_t *src, int src_stride, int 
width, int height,
-  int is_single_comp, int is_u16)
+  int is_single_comp, int is_u16, int 
odd_line)
 {
+float scale_factor[4];
 int line, col;
-float scale_factor;
 
-scale_factor = 1.0f / (s->white_level - s->black_level);
+if (s->is_bayer) {
+for (int i = 0; i < 4; i++)
+scale_factor[i] = s->premultiply[s->pattern[i]] * 65535.f / 
(s->white_level - s->black_level);
+} else {
+for (int i = 0; i < 4; i++)
+scale_factor[i] = 65535.f * s->premultiply[i] / (s->white_level - 
s->black_level);
+}
 
 if (is_single_comp) {
 if (!is_u16)
@@ -325,7 +344,7 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 
 /* Blit first half of input row row to initial row of output */
 for (col = 0; col < width; col++)
-*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor);
+*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor[col&1]);
 
 /* Advance the destination pointer by a row (source pointer 
remains in the same place) */
 dst += dst_stride * sizeof(uint16_t);
@@ -333,7 +352,7 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 
 /* Blit second half of input row row to next row of output */
 for (col = 0; col < width; col++)
-*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor);
+*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor[(col&1) + 2]);
 
 dst += dst_stride * sizeof(uint16_t);
 src += src_stride * sizeof(uint16_t);
@@ -347,7 +366,7 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 uint16_t *src_u16 = (uint16_t *)src;
 
 for (col = 0; col < width; col++)
-*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor);
+*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor[(col&1) + 2 * ((line&1) + odd_line)]);
 
 dst += dst_stride * sizeof(uint16_t);
 src += src_stride * sizeof(uint16_t);
@@ -358,7 +377,7 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 const uint8_t *src_u8 = src;
 
 for (col = 0; col < width; col++)
-*dst_u8++ = dng_process_color8(*src_u8++, s->dng

[FFmpeg-cvslog] avcodec/tiff: support multiple black levels

2022-09-25 Thread Paul B Mahol 
ffmpeg | branch: master | Paul B Mahol  | Sun Sep 25 17:02:35 
2022 +0200| [0ca738673a07977ea65d0fdfcedb6f5d5deeec30] | committer: Paul B Mahol

avcodec/tiff: support multiple black levels

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ca738673a07977ea65d0fdfcedb6f5d5deeec30
---

 libavcodec/tiff.c | 63 +++
 1 file changed, 40 insertions(+), 23 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 9c29cd5a73..3a610ada85 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -93,8 +93,8 @@ typedef struct TiffContext {
 float   color_matrix[3][4];
 float   camera_calibration[4][4];
 float   premultiply[4];
+float   black_level[4];
 
-unsigned black_level;
 unsigned white_level;
 uint16_t dng_lut[65536];
 
@@ -290,7 +290,7 @@ static int add_metadata(int count, int type,
  */
 static uint16_t av_always_inline dng_process_color16(uint16_t value,
  const uint16_t *lut,
- uint16_t black_level,
+ float black_level,
  float scale_factor)
 {
 float value_norm;
@@ -299,10 +299,8 @@ static uint16_t av_always_inline 
dng_process_color16(uint16_t value,
 value = lut[value];
 
 // Black level subtraction
-value = av_clip_uint16((unsigned)value - black_level);
-
 // Color scaling
-value_norm = (float)value * scale_factor;
+value_norm = ((float)value - black_level) * scale_factor;
 
 value = av_clip_uint16(lrintf(value_norm));
 
@@ -311,7 +309,7 @@ static uint16_t av_always_inline 
dng_process_color16(uint16_t value,
 
 static uint16_t av_always_inline dng_process_color8(uint16_t value,
 const uint16_t *lut,
-uint16_t black_level,
+float black_level,
 float scale_factor)
 {
 return dng_process_color16(value, lut, black_level, scale_factor) >> 8;
@@ -326,10 +324,10 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 
 if (s->is_bayer) {
 for (int i = 0; i < 4; i++)
-scale_factor[i] = s->premultiply[s->pattern[i]] * 65535.f / 
(s->white_level - s->black_level);
+scale_factor[i] = s->premultiply[s->pattern[i]] * 65535.f / 
(s->white_level - s->black_level[i]);
 } else {
 for (int i = 0; i < 4; i++)
-scale_factor[i] = 65535.f * s->premultiply[i] / (s->white_level - 
s->black_level);
+scale_factor[i] = 65535.f * s->premultiply[i] / (s->white_level - 
s->black_level[i]);
 }
 
 if (is_single_comp) {
@@ -344,7 +342,7 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 
 /* Blit first half of input row row to initial row of output */
 for (col = 0; col < width; col++)
-*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor[col&1]);
+*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level[col&1], scale_factor[col&1]);
 
 /* Advance the destination pointer by a row (source pointer 
remains in the same place) */
 dst += dst_stride * sizeof(uint16_t);
@@ -352,7 +350,7 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 
 /* Blit second half of input row row to next row of output */
 for (col = 0; col < width; col++)
-*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor[(col&1) + 2]);
+*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level[(col&1) + 2], scale_factor[(col&1) + 2]);
 
 dst += dst_stride * sizeof(uint16_t);
 src += src_stride * sizeof(uint16_t);
@@ -366,7 +364,9 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 uint16_t *src_u16 = (uint16_t *)src;
 
 for (col = 0; col < width; col++)
-*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut, 
s->black_level, scale_factor[(col&1) + 2 * ((line&1) + odd_line)]);
+*dst_u16++ = dng_process_color16(*src_u16++, s->dng_lut,
+ s->black_level[(col&1) + 
2 * ((line&1) + odd_line)],
+ scale_factor[(col&1) + 2 
* ((line&1) + odd_line)]);
 
 dst += dst_stride * sizeof(uint16_t);
 src += src_stride * sizeof(uint16_t);
@@ -377,7 +377,9 @@ static void av_always_inline dng_blit(TiffContext *s, 
uint8_t *dst, int dst_stri
 const uint8_t *src_u8 =

[FFmpeg-cvslog] avfilter/vf_frei0r: Copy to frame allocated according to frei0r requirements

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Apr 11 13:49:05 2022 +0200| [519904111b25e78024a5219527b6ee5706f5330f] | 
committer: Michael Niedermayer

avfilter/vf_frei0r: Copy to frame allocated according to frei0r requirements

Fixes: issues with non trivial linesize

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d353909e773ba8a8201fa13d6c35251351dd567a)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=519904111b25e78024a5219527b6ee5706f5330f
---

 libavfilter/vf_frei0r.c | 22 --
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/libavfilter/vf_frei0r.c b/libavfilter/vf_frei0r.c
index 2ec4707d97..ed0ba9f866 100644
--- a/libavfilter/vf_frei0r.c
+++ b/libavfilter/vf_frei0r.c
@@ -353,14 +353,20 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
 {
 Frei0rContext *s = inlink->dst->priv;
 AVFilterLink *outlink = inlink->dst->outputs[0];
-AVFrame *out;
+AVFrame *out = ff_default_get_video_buffer2(outlink, outlink->w, 
outlink->h, 16);
+if (!out)
+goto fail;
 
-out = ff_get_video_buffer(outlink, outlink->w, outlink->h);
-if (!out) {
+av_frame_copy_props(out, in);
+
+if (in->linesize[0] != out->linesize[0]) {
+AVFrame *in2 = ff_default_get_video_buffer2(outlink, outlink->w, 
outlink->h, 16);
+if (!in2)
+goto fail;
+av_frame_copy(in2, in);
 av_frame_free(&in);
-return AVERROR(ENOMEM);
+in = in2;
 }
-av_frame_copy_props(out, in);
 
 s->update(s->instance, in->pts * av_q2d(inlink->time_base) * 1000,
(const uint32_t *)in->data[0],
@@ -369,6 +375,10 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
 av_frame_free(&in);
 
 return ff_filter_frame(outlink, out);
+fail:
+av_frame_free(&in);
+av_frame_free(&out);
+return AVERROR(ENOMEM);
 }
 
 static int process_command(AVFilterContext *ctx, const char *cmd, const char 
*args,
@@ -467,7 +477,7 @@ static int source_config_props(AVFilterLink *outlink)
 static int source_request_frame(AVFilterLink *outlink)
 {
 Frei0rContext *s = outlink->src->priv;
-AVFrame *frame = ff_get_video_buffer(outlink, outlink->w, outlink->h);
+AVFrame *frame = ff_default_get_video_buffer2(outlink, outlink->w, 
outlink->h, 16);
 
 if (!frame)
 return AVERROR(ENOMEM);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/genh: Check sample rate

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Apr 11 22:00:52 2022 +0200| [388ed57114fb5c012720bedd85614a5c835749b7] | 
committer: Michael Niedermayer

avformat/genh: Check sample rate

Fixes: signed integer overflow: -2515507630940093440 * 4 cannot be represented 
in type 'long'
Fixes: 
46318/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5009637474172928

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a3d790f1977ed6c326eb93bb61757297a7905dcc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=388ed57114fb5c012720bedd85614a5c835749b7
---

 libavformat/genh.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/genh.c b/libavformat/genh.c
index 698104a9d6..0b55a8884a 100644
--- a/libavformat/genh.c
+++ b/libavformat/genh.c
@@ -67,6 +67,9 @@ static int genh_read_header(AVFormatContext *s)
 return AVERROR_INVALIDDATA;
 st->codecpar->block_align = align * st->codecpar->channels;
 st->codecpar->sample_rate = avio_rl32(s->pb);
+if (st->codecpar->sample_rate < 0)
+return AVERROR_INVALIDDATA;
+
 avio_skip(s->pb, 4);
 st->duration = avio_rl32(s->pb);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/vsrc_mandelbrot: Check for malloc failure

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Apr 21 22:45:12 2022 +0200| [1ea783dea6463069f92f4ab35a680aee0830a3b4] | 
committer: Michael Niedermayer

avfilter/vsrc_mandelbrot: Check for malloc failure

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit fbd22504c4148d2a01ccfe38df26c144f56db76b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ea783dea6463069f92f4ab35a680aee0830a3b4
---

 libavfilter/vsrc_mandelbrot.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavfilter/vsrc_mandelbrot.c b/libavfilter/vsrc_mandelbrot.c
index 761c915103..ed31a23c31 100644
--- a/libavfilter/vsrc_mandelbrot.c
+++ b/libavfilter/vsrc_mandelbrot.c
@@ -134,6 +134,9 @@ static av_cold int init(AVFilterContext *ctx)
 s-> next_cache= av_malloc_array(s->cache_allocated, sizeof(*s-> 
next_cache));
 s-> zyklus= av_malloc_array(s->maxiter + 16, sizeof(*s->zyklus));
 
+if (!s->point_cache || !s->next_cache || !s->zyklus)
+return AVERROR(ENOMEM);
+
 return 0;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/libzmq: Improve r redundancy in occured

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Tue May  3 22:21:32 2022 +0200| [f24ca075ffc7b7e040ce4e22fd194032c709dd3e] | 
committer: Michael Niedermayer

avformat/libzmq: Improve r redundancy in occured

Reviewed-by: "myp...@gmail.com" 
(cherry picked from commit e06b1ba7d79ac15f23fb08947949dcfec8bfb408)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f24ca075ffc7b7e040ce4e22fd194032c709dd3e
---

 libavformat/libzmq.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/libavformat/libzmq.c b/libavformat/libzmq.c
index 1b0d8638db..04c72ac601 100644
--- a/libavformat/libzmq.c
+++ b/libavformat/libzmq.c
@@ -51,7 +51,7 @@ static int zmq_proto_wait(URLContext *h, void *socket, int 
write)
 zmq_pollitem_t items = { .socket = socket, .fd = 0, .events = ev, .revents 
= 0 };
 ret = zmq_poll(&items, 1, POLLING_TIME);
 if (ret == -1) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_poll(): %s\n", 
ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_poll(): %s\n", 
ZMQ_STRERROR);
 return AVERROR_EXTERNAL;
 }
 return items.revents & ev ? 0 : AVERROR(EAGAIN);
@@ -90,7 +90,7 @@ static int zmq_proto_open(URLContext *h, const char *uri, int 
flags)
 s->context = zmq_ctx_new();
 if (!s->context) {
 /*errno not set on failure during zmq_ctx_new()*/
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_ctx_new()\n");
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_ctx_new()\n");
 return AVERROR_EXTERNAL;
 }
 
@@ -100,13 +100,13 @@ static int zmq_proto_open(URLContext *h, const char *uri, 
int flags)
 if (h->flags & AVIO_FLAG_WRITE) {
 s->socket = zmq_socket(s->context, ZMQ_PUB);
 if (!s->socket) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_socket(): %s\n", 
ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_socket(): 
%s\n", ZMQ_STRERROR);
 goto fail_term;
 }
 
 ret = zmq_bind(s->socket, uri);
 if (ret == -1) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_bind(): %s\n", 
ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_bind(): %s\n", 
ZMQ_STRERROR);
 goto fail_close;
 }
 }
@@ -115,19 +115,19 @@ static int zmq_proto_open(URLContext *h, const char *uri, 
int flags)
 if (h->flags & AVIO_FLAG_READ) {
 s->socket = zmq_socket(s->context, ZMQ_SUB);
 if (!s->socket) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_socket(): %s\n", 
ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_socket(): 
%s\n", ZMQ_STRERROR);
 goto fail_term;
 }
 
 ret = zmq_setsockopt(s->socket, ZMQ_SUBSCRIBE, "", 0);
 if (ret == -1) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_setsockopt(): 
%s\n", ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_setsockopt(): 
%s\n", ZMQ_STRERROR);
 goto fail_close;
 }
 
 ret = zmq_connect(s->socket, uri);
 if (ret == -1) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_connect(): 
%s\n", ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_connect(): 
%s\n", ZMQ_STRERROR);
 goto fail_close;
 }
 }
@@ -150,7 +150,7 @@ static int zmq_proto_write(URLContext *h, const unsigned 
char *buf, int size)
 return ret;
 ret = zmq_send(s->socket, buf, size, 0);
 if (ret == -1) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_send(): %s\n", 
ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_send(): %s\n", 
ZMQ_STRERROR);
 return AVERROR_EXTERNAL;
 }
 return ret; /*number of bytes sent*/
@@ -166,7 +166,7 @@ static int zmq_proto_read(URLContext *h, unsigned char 
*buf, int size)
 return ret;
 ret = zmq_recv(s->socket, buf, size, 0);
 if (ret == -1) {
-av_log(h, AV_LOG_ERROR, "Error occured during zmq_recv(): %s\n", 
ZMQ_STRERROR);
+av_log(h, AV_LOG_ERROR, "Error occurred during zmq_recv(): %s\n", 
ZMQ_STRERROR);
 return AVERROR_EXTERNAL;
 }
 if (ret > size) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/video: Add ff_default_get_video_buffer2() to set specific alignment

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Apr 11 22:40:59 2022 +0200| [d1620856daefacad1f3d7cb883b85ce289350f30] | 
committer: Michael Niedermayer

avfilter/video: Add ff_default_get_video_buffer2() to set specific alignment

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d74078270198b97fdda258840f0d501a3ffcc693)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d1620856daefacad1f3d7cb883b85ce289350f30
---

 libavfilter/video.c | 7 ++-
 libavfilter/video.h | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavfilter/video.c b/libavfilter/video.c
index 7a8e587798..b049804419 100644
--- a/libavfilter/video.c
+++ b/libavfilter/video.c
@@ -41,7 +41,7 @@ AVFrame *ff_null_get_video_buffer(AVFilterLink *link, int w, 
int h)
 return ff_get_video_buffer(link->dst->outputs[0], w, h);
 }
 
-AVFrame *ff_default_get_video_buffer(AVFilterLink *link, int w, int h)
+AVFrame *ff_default_get_video_buffer2(AVFilterLink *link, int w, int h, int 
align)
 {
 AVFrame *frame = NULL;
 int pool_width = 0;
@@ -96,6 +96,11 @@ AVFrame *ff_default_get_video_buffer(AVFilterLink *link, int 
w, int h)
 return frame;
 }
 
+AVFrame *ff_default_get_video_buffer(AVFilterLink *link, int w, int h)
+{
+return ff_default_get_video_buffer2(link, w, h, av_cpu_max_align());
+}
+
 AVFrame *ff_get_video_buffer(AVFilterLink *link, int w, int h)
 {
 AVFrame *ret = NULL;
diff --git a/libavfilter/video.h b/libavfilter/video.h
index 56c58d6766..f9174a4a0b 100644
--- a/libavfilter/video.h
+++ b/libavfilter/video.h
@@ -24,6 +24,7 @@
 #include "avfilter.h"
 
 AVFrame *ff_default_get_video_buffer(AVFilterLink *link, int w, int h);
+AVFrame *ff_default_get_video_buffer2(AVFilterLink *link, int w, int h, int 
align);
 AVFrame *ff_null_get_video_buffer(AVFilterLink *link, int w, int h);
 
 /**

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/libxavs2: Improve r redundancy in occured

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Tue May  3 22:22:00 2022 +0200| [b409640d3cf8845b47b3ffee7a25e30eeed93445] | 
committer: Michael Niedermayer

avcodec/libxavs2: Improve r redundancy in occured

Reviewed-by: "myp...@gmail.com" 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit f3b7ba21ba49b32b4476a8c7c5a9bcdad15e3943)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b409640d3cf8845b47b3ffee7a25e30eeed93445
---

 libavcodec/libxavs2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/libxavs2.c b/libavcodec/libxavs2.c
index 2a4a3e36bd..f33240f300 100644
--- a/libavcodec/libxavs2.c
+++ b/libavcodec/libxavs2.c
@@ -205,7 +205,7 @@ static int xavs2_encode_frame(AVCodecContext *avctx, 
AVPacket *pkt,
 ret = cae->api->encoder_encode(cae->encoder, &pic, &cae->packet);
 
 if (ret) {
-av_log(avctx, AV_LOG_ERROR, "Encoding error occured.\n");
+av_log(avctx, AV_LOG_ERROR, "Encoding error occurred.\n");
 return AVERROR_EXTERNAL;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/texturedspenc: Fix indexing in color distribution determination

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Jan  2 00:28:33 2017 +0100| [a6df0d514084fd5094bc2f250be4b4b98b7d6bf3] | 
committer: Michael Niedermayer

avcodec/texturedspenc: Fix indexing in color distribution determination

Fixes CID1396405

MSE and PSNR is slightly improved, and some noticable corruptions disappear as
well.

Signed-off-by: Michael Niedermayer 
Signed-off-by: Marton Balint 
(cherry picked from commit ade36d61de8ea5a5acb30a05a0cbcda069127143)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a6df0d514084fd5094bc2f250be4b4b98b7d6bf3
---

 libavcodec/texturedspenc.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/texturedspenc.c b/libavcodec/texturedspenc.c
index 3d68e0cf39..5ce72cbd1e 100644
--- a/libavcodec/texturedspenc.c
+++ b/libavcodec/texturedspenc.c
@@ -255,11 +255,11 @@ static void optimize_colors(const uint8_t *block, 
ptrdiff_t stride,
 
 muv = minv = maxv = bp[0];
 for (y = 0; y < 4; y++) {
-for (x = 4; x < 4; x += 4) {
+for (x = 0; x < 4; x++) {
 muv += bp[x * 4 + y * stride];
-if (bp[x] < minv)
+if (bp[x * 4 + y * stride] < minv)
 minv = bp[x * 4 + y * stride];
-else if (bp[x] > maxv)
+else if (bp[x * 4 + y * stride] > maxv)
 maxv = bp[x * 4 + y * stride];
 }
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/act: Check ff_get_wav_header() for failure

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun May 15 22:55:12 2022 +0200| [ff9dbf3b18f3f7c0be04a318a1a36e116527e8b3] | 
committer: Michael Niedermayer

avformat/act: Check ff_get_wav_header() for failure

Fixes: missing error check
Fixes: CID717495

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 5982da87e3464e7df529a169352748560d70ba80)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff9dbf3b18f3f7c0be04a318a1a36e116527e8b3
---

 libavformat/act.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/act.c b/libavformat/act.c
index 26425ca1bb..f6edfb44ab 100644
--- a/libavformat/act.c
+++ b/libavformat/act.c
@@ -66,6 +66,7 @@ static int read_header(AVFormatContext *s)
 AVIOContext *pb = s->pb;
 int size;
 AVStream* st;
+int ret;
 
 int min,sec,msec;
 
@@ -75,7 +76,9 @@ static int read_header(AVFormatContext *s)
 
 avio_skip(pb, 16);
 size=avio_rl32(pb);
-ff_get_wav_header(s, pb, st->codecpar, size, 0);
+ret = ff_get_wav_header(s, pb, st->codecpar, size, 0);
+if (ret < 0)
+return ret;
 
 /*
   8000Hz (Fine-rec) file format has 10 bytes long

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/bfi: Check offsets better

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Mar 20 23:24:40 2022 +0100| [2ccfbc888ccceb7d407aa5da86b0453bdaf4c166] | 
committer: Michael Niedermayer

avformat/bfi: Check offsets better

Fixes: signed integer overflow: -2145378272 - 538976288 cannot be represented 
in type 'int'
Fixes: 
45690/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5015496544616448

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 35dc93ab44a57d78956414624c4e011414220e98)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2ccfbc888ccceb7d407aa5da86b0453bdaf4c166
---

 libavformat/bfi.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/bfi.c b/libavformat/bfi.c
index f9e0bb2e30..35b6816aad 100644
--- a/libavformat/bfi.c
+++ b/libavformat/bfi.c
@@ -140,12 +140,12 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket 
* pkt)
 audio_offset= avio_rl32(pb);
 avio_rl32(pb);
 video_offset= avio_rl32(pb);
-audio_size  = video_offset - audio_offset;
-bfi->video_size = chunk_size - video_offset;
-if (audio_size < 0 || bfi->video_size < 0) {
+if (audio_offset < 0 || video_offset < audio_offset || chunk_size < 
video_offset) {
 av_log(s, AV_LOG_ERROR, "Invalid audio/video offsets or chunk 
size\n");
 return AVERROR_INVALIDDATA;
 }
+audio_size  = video_offset - audio_offset;
+bfi->video_size = chunk_size - video_offset;
 
 //Tossing an audio packet at the audio decoder.
 ret = av_get_packet(pb, pkt, audio_size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/asfdec_f: Check packet_frag_timestamp

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Mar 20 23:13:16 2022 +0100| [8ea01dca10006c51464922620b970bebf687f46e] | 
committer: Michael Niedermayer

avformat/asfdec_f: Check packet_frag_timestamp

Fixes: signed integer overflow: -9223372036854775808 - 4607 cannot be 
represented in type 'long'
Fixes: 
45685/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5280102802391040

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit ffc877215056e8f0feb1ff23ba7dc4c19277b94b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8ea01dca10006c51464922620b970bebf687f46e
---

 libavformat/asfdec_f.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index c0265af20d..f43427d473 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -1321,10 +1321,12 @@ static int asf_parse_packet(AVFormatContext *s, 
AVIOContext *pb, AVPacket *pkt)
 if ((ret = av_new_packet(&asf_st->pkt, asf_st->packet_obj_size)) < 
0)
 return ret;
 asf_st->seq  = asf->packet_seq;
-if (asf->ts_is_pts) {
-asf_st->pkt.pts  = asf->packet_frag_timestamp - 
asf->hdr.preroll;
-} else
-asf_st->pkt.dts  = asf->packet_frag_timestamp - 
asf->hdr.preroll;
+if (asf->packet_frag_timestamp != AV_NOPTS_VALUE) {
+if (asf->ts_is_pts) {
+asf_st->pkt.pts  = asf->packet_frag_timestamp - 
asf->hdr.preroll;
+} else
+asf_st->pkt.dts  = asf->packet_frag_timestamp - 
asf->hdr.preroll;
+}
 asf_st->pkt.stream_index = asf->stream_index;
 asf_st->pkt.pos  = asf_st->packet_pos = asf->packet_pos;
 asf_st->pkt_clean= 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aiffdec: avoid integer overflow in get_meta()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Wed Mar 23 01:08:56 2022 +0100| [58e57ef180e619947933f7225055140affb66976] | 
committer: Michael Niedermayer

avformat/aiffdec: avoid integer overflow in get_meta()

Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 
'int'
Fixes: 
45891/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6159183893889024

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 6a02de21278ec3bea1d2c62665f2629d5a62210f)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=58e57ef180e619947933f7225055140affb66976
---

 libavformat/aiffdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index 565c7af0d0..f33e18ebb6 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -72,7 +72,7 @@ static int get_tag(AVIOContext *pb, uint32_t * tag)
 /* Metadata string read */
 static void get_meta(AVFormatContext *s, const char *key, int size)
 {
-uint8_t *str = av_malloc(size+1);
+uint8_t *str = av_malloc(size+1U);
 
 if (str) {
 int res = avio_read(s->pb, str, size);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aviobuf: Check buf_size in ffio_ensure_seekback()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Mar 20 23:32:53 2022 +0100| [e3a733ba8e95de6904226c7670f7a56736797771] | 
committer: Michael Niedermayer

avformat/aviobuf: Check buf_size in ffio_ensure_seekback()

buffer_size is an int

Fixes: signed integer overflow: 9223372036854775754 + 32767 cannot be 
represented in type 'long'
Fixes: 
45691/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5263458831040512

Signed-off-by: Michael Niedermayer 
(cherry picked from commit c4b130e876fe9ac5875a2f2480e96de4fdac7760)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e3a733ba8e95de6904226c7670f7a56736797771
---

 libavformat/aviobuf.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 518cb11129..1fb30644ff 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -1005,6 +1005,9 @@ int ffio_ensure_seekback(AVIOContext *s, int64_t buf_size)
 if (buf_size <= s->buf_end - s->buf_ptr)
 return 0;
 
+if (buf_size > INT_MAX - max_buffer_size)
+return AVERROR(EINVAL);
+
 buf_size += max_buffer_size - 1;
 
 if (buf_size + s->buf_ptr - s->buffer <= s->buffer_size || s->seekable || 
!s->read_packet)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: more bits in size for less overflows

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Apr  2 22:18:49 2022 +0200| [a71c87e4b511be9536d848555baf6c0ae1ac4985] | 
committer: Michael Niedermayer

avformat/ape: more bits in size for less overflows

Fixes: signed integer overflow: 2147483647 + 3 cannot be represented in type 
'int'
Fixes: 
46184/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-4678059519770624

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit e5f6707a7b91664491041526ef3cce7412258b89)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a71c87e4b511be9536d848555baf6c0ae1ac4985
---

 libavformat/ape.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index 2698c770ee..a7be29a469 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -42,8 +42,8 @@
 
 typedef struct APEFrame {
 int64_t pos;
+int64_t size;
 int nblocks;
-int size;
 int skip;
 int64_t pts;
 } APEFrame;
@@ -130,7 +130,7 @@ static void ape_dumpinfo(AVFormatContext * s, APEContext * 
ape_ctx)
 
 av_log(s, AV_LOG_DEBUG, "\nFrames\n\n");
 for (i = 0; i < ape_ctx->totalframes; i++)
-av_log(s, AV_LOG_DEBUG, "%8d   %8"PRId64" %8d (%d samples)\n", i,
+av_log(s, AV_LOG_DEBUG, "%8d   %8"PRId64" %8"PRId64" (%d samples)\n", 
i,
ape_ctx->frames[i].pos, ape_ctx->frames[i].size,
ape_ctx->frames[i].nblocks);
 
@@ -148,7 +148,8 @@ static int ape_read_header(AVFormatContext * s)
 AVStream *st;
 uint32_t tag;
 int i, ret;
-int total_blocks, final_size = 0;
+int total_blocks;
+int64_t final_size = 0;
 int64_t pts, file_size;
 
 /* Skip any leading junk such as id3v2 tags */
@@ -397,7 +398,7 @@ static int ape_read_packet(AVFormatContext * s, AVPacket * 
pkt)
 
 if (ape->frames[ape->currentframe].size <= 0 ||
 ape->frames[ape->currentframe].size > INT_MAX - extra_size) {
-av_log(s, AV_LOG_ERROR, "invalid packet size: %d\n",
+av_log(s, AV_LOG_ERROR, "invalid packet size: %8"PRId64"\n",
ape->frames[ape->currentframe].size);
 ape->currentframe++;
 return AVERROR(EIO);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/jpeglsdec: fix end check for xfrm

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Jun  9 21:13:59 2022 +0200| [0f5afdda0a4ed4ba7c07ea2d0c2b0f1a6f0fa2e8] | 
committer: Michael Niedermayer

avcodec/jpeglsdec: fix end check for xfrm

Fixes: out of array access
Fixes: 
47871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5646305956855808

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 6a82412bf33108111eb3f63076fd5a51349ae114)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f5afdda0a4ed4ba7c07ea2d0c2b0f1a6f0fa2e8
---

 libavcodec/jpeglsdec.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 2599e840d0..fe0b3c3c40 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -478,19 +478,19 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int 
near,
 for (i = 0; i < s->height; i++) {
 switch(s->xfrm) {
 case 1:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
 src[x  ] += src[x+1] + 128;
 src[x+2] += src[x+1] + 128;
 }
 break;
 case 2:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
 src[x  ] += src[x+1] + 128;
 src[x+2] += ((src[x  ] + src[x+1])>>1) + 128;
 }
 break;
 case 3:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
 int g = src[x+0] - ((src[x+2]+src[x+1])>>2) + 64;
 src[x+0] = src[x+2] + g + 128;
 src[x+2] = src[x+1] + g + 128;
@@ -498,7 +498,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int 
near,
 }
 break;
 case 4:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
 int r= src[x+0] - ((   359 * 
(src[x+2]-128) + 490) >> 8);
 int g= src[x+0] - (( 88 * (src[x+1]-128) - 183 * 
(src[x+2]-128) +  30) >> 8);
 int b= src[x+0] + ((454 * (src[x+1]-128)   
 + 574) >> 8);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/hls: Limit start_seq_no to one bit less

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Jun 16 23:02:11 2022 +0200| [35ccd5a56953b8854d0ca470b2c9be165316ca30] | 
committer: Michael Niedermayer

avformat/hls: Limit start_seq_no to one bit less

This avoids overflow checks on additions with 32bit numbers

Fixes: signed integer overflow: 9223372036854775806 + 2 cannot be represented 
in type 'long'
Fixes: 
44012/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-474777073544
Fixes: 
48065/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-5372410355908608

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d8ee01425459aaafe36acc7743b3f9f28a01821b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=35ccd5a56953b8854d0ca470b2c9be165316ca30
---

 libavformat/hls.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index f2ca4f3443..0e818e8ed5 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -826,10 +826,10 @@ static int parse_playlist(HLSContext *c, const char *url,
 if (ret < 0)
 goto fail;
 seq_no = strtoull(ptr, NULL, 10);
-if (seq_no > INT64_MAX) {
+if (seq_no > INT64_MAX/2) {
 av_log(c->ctx, AV_LOG_DEBUG, "MEDIA-SEQUENCE higher than "
-"INT64_MAX, mask out the highest bit\n");
-seq_no &= INT64_MAX;
+"INT64_MAX/2, mask out the highest bit\n");
+seq_no &= INT64_MAX/2;
 }
 pls->start_seq_no = seq_no;
 } else if (av_strstart(line, "#EXT-X-PLAYLIST-TYPE:", &ptr)) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/matroskadec: avoid integer overflows in SAR computation

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Fri Apr  1 12:46:08 2022 +0200| [732d39e353f96a6d34b05068429e463705dd0056] | 
committer: Michael Niedermayer

avformat/matroskadec: avoid integer overflows in SAR computation

This ignores >64bit
Alternatively we could support that if it occurs in reality

Fixes: negation of -9223372036854775808
Fixes: integer overflows
Fixes: 
46072/clusterfuzz-testcase-minimized-ffmpeg_dem_MATROSKA_fuzzer-5029840966778880

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit e6cad01122c6dea0435d042d68a56045a214492d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=732d39e353f96a6d34b05068429e463705dd0056
---

 libavformat/matroskadec.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 37884934a9..c47518b73a 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -2802,11 +2802,14 @@ static int matroska_parse_tracks(AVFormatContext *s)
 mkv_stereo_mode_display_mul(track->video.stereo_mode, 
&display_width_mul, &display_height_mul);
 
 if (track->video.display_unit < 
MATROSKA_VIDEO_DISPLAYUNIT_UNKNOWN) {
-av_reduce(&st->sample_aspect_ratio.num,
-  &st->sample_aspect_ratio.den,
-  st->codecpar->height * track->video.display_width  * 
display_width_mul,
-  st->codecpar->width  * track->video.display_height * 
display_height_mul,
-  INT_MAX);
+if (track->video.display_width && track->video.display_height 
&&
+st->codecpar->height  < INT64_MAX / 
track->video.display_width  / display_width_mul &&
+st->codecpar->width   < INT64_MAX / 
track->video.display_height / display_height_mul)
+av_reduce(&st->sample_aspect_ratio.num,
+  &st->sample_aspect_ratio.den,
+  st->codecpar->height * 
track->video.display_width  * display_width_mul,
+  st->codecpar->width  * 
track->video.display_height * display_height_mul,
+  INT_MAX);
 }
 if (st->codecpar->codec_id != AV_CODEC_ID_HEVC)
 st->need_parsing = AVSTREAM_PARSE_HEADERS;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/cdgraphics: limit scrolling to the line

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Jun  9 22:36:00 2022 +0200| [f368a6cf6859ae5cb9fabf94a2626dd430111f90] | 
committer: Michael Niedermayer

avcodec/cdgraphics: limit scrolling to the line

Fixes: out of array access
Fixes: 
47877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5690504626438144

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b7e30a13d4e4557b87f977b76a6bb5e3cbe5ac78)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f368a6cf6859ae5cb9fabf94a2626dd430111f90
---

 libavcodec/cdgraphics.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c
index 263459d0f2..b452baa7d8 100644
--- a/libavcodec/cdgraphics.c
+++ b/libavcodec/cdgraphics.c
@@ -239,7 +239,7 @@ static void cdg_scroll(CDGraphicsContext *cc, uint8_t *data,
 for (y = FFMAX(0, vinc); y < FFMIN(CDG_FULL_HEIGHT + vinc, 
CDG_FULL_HEIGHT); y++)
 memcpy(out + FFMAX(0, hinc) + stride * y,
in + FFMAX(0, hinc) - hinc + (y - vinc) * stride,
-   FFMIN(stride + hinc, stride));
+   FFABS(stride) - FFABS(hinc));
 
 if (vinc > 0)
 cdg_fill_wrapper(0, 0, out,

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aiffdec: cleanup size handling for extreem cases

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Wed Mar 23 14:30:42 2022 +0100| [40065896ec95d208148dd79ecac21492d9bb99b2] | 
committer: Michael Niedermayer

avformat/aiffdec: cleanup size handling for extreem cases

Signed-off-by: Michael Niedermayer 
(cherry picked from commit c6f1e48b86471b1cc91c468e78a065075ed409bd)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=40065896ec95d208148dd79ecac21492d9bb99b2
---

 libavformat/aiffdec.c | 29 -
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index f33e18ebb6..a3ad095482 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -53,9 +53,9 @@ static enum AVCodecID aiff_codec_get_id(int bps)
 }
 
 /* returns the size of the found tag */
-static int get_tag(AVIOContext *pb, uint32_t * tag)
+static int64_t get_tag(AVIOContext *pb, uint32_t * tag)
 {
-int size;
+int64_t size;
 
 if (avio_feof(pb))
 return AVERROR(EIO);
@@ -63,16 +63,16 @@ static int get_tag(AVIOContext *pb, uint32_t * tag)
 *tag = avio_rl32(pb);
 size = avio_rb32(pb);
 
-if (size < 0)
-size = 0x7fff;
-
 return size;
 }
 
 /* Metadata string read */
-static void get_meta(AVFormatContext *s, const char *key, int size)
+static void get_meta(AVFormatContext *s, const char *key, int64_t size)
 {
-uint8_t *str = av_malloc(size+1U);
+uint8_t *str = NULL;
+
+if (size < SIZE_MAX)
+str = av_malloc(size+1);
 
 if (str) {
 int res = avio_read(s->pb, str, size);
@@ -89,7 +89,7 @@ static void get_meta(AVFormatContext *s, const char *key, int 
size)
 }
 
 /* Returns the number of sound data frames or negative on error */
-static int get_aiff_header(AVFormatContext *s, int size,
+static int get_aiff_header(AVFormatContext *s, int64_t size,
 unsigned version)
 {
 AVIOContext *pb= s->pb;
@@ -100,9 +100,6 @@ static int get_aiff_header(AVFormatContext *s, int size,
 int sample_rate;
 unsigned int num_frames;
 
-if (size == INT_MAX)
-return AVERROR_INVALIDDATA;
-
 if (size & 1)
 size++;
 par->codec_type = AVMEDIA_TYPE_AUDIO;
@@ -213,7 +210,8 @@ static int aiff_probe(const AVProbeData *p)
 /* aiff input */
 static int aiff_read_header(AVFormatContext *s)
 {
-int ret, size, filesize;
+int ret;
+int64_t filesize, size;
 int64_t offset = 0, position;
 uint32_t tag;
 unsigned version = AIFF_C_VERSION1;
@@ -224,7 +222,7 @@ static int aiff_read_header(AVFormatContext *s)
 
 /* check FORM header */
 filesize = get_tag(pb, &tag);
-if (filesize < 0 || tag != MKTAG('F', 'O', 'R', 'M'))
+if (filesize < 4 || tag != MKTAG('F', 'O', 'R', 'M'))
 return AVERROR_INVALIDDATA;
 
 /* AIFF data type */
@@ -251,10 +249,7 @@ static int aiff_read_header(AVFormatContext *s)
 if (size < 0)
 return size;
 
-if (size >= 0x7fff - 8)
-filesize = 0;
-else
-filesize -= size + 8;
+filesize -= size + 8;
 
 switch (tag) {
 case MKTAG('C', 'O', 'M', 'M'): /* Common chunk */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/alacdsp: Make intermediates unsigned

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Apr 28 23:34:53 2022 +0200| [4ecf6ca4509bd9957589e41d95d7151fd3efff9d] | 
committer: Michael Niedermayer

avcodec/alacdsp: Make intermediates unsigned

Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented 
in type 'int'
Fixes: 
46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 8709f4c10a216cb3e11564bc392841e832f8e3b1)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ecf6ca4509bd9957589e41d95d7151fd3efff9d
---

 libavcodec/alacdsp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/alacdsp.c b/libavcodec/alacdsp.c
index 8718d1b6b1..b3c1c424f3 100644
--- a/libavcodec/alacdsp.c
+++ b/libavcodec/alacdsp.c
@@ -29,12 +29,12 @@ static void decorrelate_stereo(int32_t *buffer[2], int 
nb_samples,
 int i;
 
 for (i = 0; i < nb_samples; i++) {
-int32_t a, b;
+uint32_t a, b;
 
 a = buffer[0][i];
 b = buffer[1][i];
 
-a -= (int)(b * (unsigned)decorr_left_weight) >> decorr_shift;
+a -= (int)(b * decorr_left_weight) >> decorr_shift;
 b += a;
 
 buffer[0][i] = b;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/qdrw: adjust max colors to array size

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Jul  3 00:43:21 2022 +0200| [e5c8b53c683ba7683df418b11a59649f1ee819d8] | 
committer: Michael Niedermayer

avcodec/qdrw: adjust max colors to array size

Fixes: out of array access
Fixes: 
48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit cd847f86d31f87f0f7733ca6ab7a2c022a1398bd)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5c8b53c683ba7683df418b11a59649f1ee819d8
---

 libavcodec/qdrw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
index 65279c9805..c04c756d71 100644
--- a/libavcodec/qdrw.c
+++ b/libavcodec/qdrw.c
@@ -369,7 +369,7 @@ static int decode_frame(AVCodecContext *avctx,
 bytestream2_skip(&gbc, 18);
 colors = bytestream2_get_be16(&gbc);
 
-if (colors < 0 || colors > 256) {
+if (colors < 0 || colors > 255) {
 av_log(avctx, AV_LOG_ERROR,
"Error color count - %i(0x%X)\n", colors, colors);
 return AVERROR_INVALIDDATA;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/aasc: Fix indention

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Jun 18 20:54:36 2022 +0200| [a9f13f883d30cd0151a5ce2f8f51b0a777b0affe] | 
committer: Michael Niedermayer

avcodec/aasc: Fix indention

Signed-off-by: Michael Niedermayer 
(cherry picked from commit af2ed09220fe82e0aa479d1b93be6aadc4930efc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9f13f883d30cd0151a5ce2f8f51b0a777b0affe
---

 libavcodec/aasc.c | 34 +-
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/libavcodec/aasc.c b/libavcodec/aasc.c
index 26570f49e5..86cb9e85a1 100644
--- a/libavcodec/aasc.c
+++ b/libavcodec/aasc.c
@@ -104,26 +104,26 @@ static int aasc_decode_frame(AVCodecContext *avctx,
 ff_msrle_decode(avctx, s->frame, 8, &s->gb);
 break;
 case MKTAG('A', 'A', 'S', 'C'):
-switch (compr) {
-case 0:
-stride = (avctx->width * psize + psize) & ~psize;
-if (buf_size < stride * avctx->height)
+switch (compr) {
+case 0:
+stride = (avctx->width * psize + psize) & ~psize;
+if (buf_size < stride * avctx->height)
+return AVERROR_INVALIDDATA;
+for (i = avctx->height - 1; i >= 0; i--) {
+memcpy(s->frame->data[0] + i * s->frame->linesize[0], buf, 
avctx->width * psize);
+buf += stride;
+buf_size -= stride;
+}
+break;
+case 1:
+bytestream2_init(&s->gb, buf, buf_size);
+ff_msrle_decode(avctx, s->frame, 8, &s->gb);
+break;
+default:
+av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n", 
compr);
 return AVERROR_INVALIDDATA;
-for (i = avctx->height - 1; i >= 0; i--) {
-memcpy(s->frame->data[0] + i * s->frame->linesize[0], buf, 
avctx->width * psize);
-buf += stride;
-buf_size -= stride;
 }
 break;
-case 1:
-bytestream2_init(&s->gb, buf, buf_size);
-ff_msrle_decode(avctx, s->frame, 8, &s->gb);
-break;
-default:
-av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n", compr);
-return AVERROR_INVALIDDATA;
-}
-break;
 default:
 av_log(avctx, AV_LOG_ERROR, "Unknown FourCC: %X\n", avctx->codec_tag);
 return -1;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/sctp: close socket on errors

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon May 23 01:23:22 2022 +0200| [d1fa43d5b97626debc70a41f4451854612549e81] | 
committer: Michael Niedermayer

avformat/sctp: close socket on errors

This is untested as i have no testcase

Fixes: CID1302709

Signed-off-by: Michael Niedermayer 
(cherry picked from commit c9a2996544187f67e533bc24f4cf773e50d2362b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d1fa43d5b97626debc70a41f4451854612549e81
---

 libavformat/sctp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/sctp.c b/libavformat/sctp.c
index 9a80e9b015..be0cb47865 100644
--- a/libavformat/sctp.c
+++ b/libavformat/sctp.c
@@ -282,6 +282,8 @@ fail:
 goto restart;
 }
 fail1:
+if (fd >= 0)
+closesocket(fd);
 ret = AVERROR(EIO);
 freeaddrinfo(ai);
 return ret;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/ffv1dec_template: fix indention

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Jul  4 17:19:02 2022 +0200| [572568cff40a3ab717919ee31ebab3eab897af83] | 
committer: Michael Niedermayer

avcodec/ffv1dec_template: fix indention

Signed-off-by: Michael Niedermayer 
(cherry picked from commit eee7364c90699f50a36aaada38c52ccc0d6bf501)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=572568cff40a3ab717919ee31ebab3eab897af83
---

 libavcodec/ffv1dec_template.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libavcodec/ffv1dec_template.c b/libavcodec/ffv1dec_template.c
index 0b1d176ba1..9b1d65e825 100644
--- a/libavcodec/ffv1dec_template.c
+++ b/libavcodec/ffv1dec_template.c
@@ -93,11 +93,11 @@ static av_always_inline int RENAME(decode_line)(FFV1Context 
*s, int w,
 run_count--;
 }
 } else {
-while (run_count > 1 && w-x > 1) {
-sample[1][x] = RENAME(predict)(sample[1] + x, sample[0] + 
x);
-x++;
-run_count--;
-}
+while (run_count > 1 && w-x > 1) {
+sample[1][x] = RENAME(predict)(sample[1] + x, 
sample[0] + x);
+x++;
+run_count--;
+}
 }
 run_count--;
 if (run_count < 0) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/wnv1: Check for width =1

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Jul  3 02:31:47 2022 +0200| [8f9b6ac0e88fc7fc3eb75a19e745542c451f6e71] | 
committer: Michael Niedermayer

avcodec/wnv1: Check for width =1

The decoder only outputs pixels for width >1 images, fail early

Fixes: Timeout
Fixes: 
48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d98d5a436aa70d3cef8f914c0467ef2fb2dd1dfc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8f9b6ac0e88fc7fc3eb75a19e745542c451f6e71
---

 libavcodec/wnv1.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/wnv1.c b/libavcodec/wnv1.c
index dcf417763c..fd9721f4ca 100644
--- a/libavcodec/wnv1.c
+++ b/libavcodec/wnv1.c
@@ -126,6 +126,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
 {
 static AVOnce init_static_once = AV_ONCE_INIT;
 
+if (avctx->width <= 1)
+return AVERROR_INVALIDDATA;
+
 avctx->pix_fmt = AV_PIX_FMT_YUV422P;
 
 ff_thread_once(&init_static_once, wnv1_init_static);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/ffv1dec: Limit golomb rice coded slices to width 8M

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Jul  3 13:31:19 2022 +0200| [7fe75d51fe86e34dbe61d46590282c940b034459] | 
committer: Michael Niedermayer

avcodec/ffv1dec: Limit golomb rice coded slices to width 8M

This limit is possibly not reachable due to other restrictions on buffers but
the decoder run table is too small beyond this, so explicitly check for it.

Signed-off-by: Michael Niedermayer 
(cherry picked from commit b4431399ec1e10afff458cf1ffae2a75987d725a)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7fe75d51fe86e34dbe61d46590282c940b034459
---

 libavcodec/ffv1dec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 8516fef5d7..5a365a5e31 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -185,6 +185,9 @@ static int decode_slice_header(FFV1Context *f, FFV1Context 
*fs)
  || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
 return -1;
 
+if (fs->ac == AC_GOLOMB_RICE && fs->slice_width >= (1<<23))
+return AVERROR_INVALIDDATA;
+
 for (i = 0; i < f->plane_count; i++) {
 PlaneContext * const p = &fs->plane[i];
 int idx = get_symbol(c, state, 0);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aaxdec: Check for empty segments

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Jun 27 10:29:25 2022 +0200| [23fb7097eedbf0844897b24dbc96fc04ccc8d0c6] | 
committer: Michael Niedermayer

avformat/aaxdec: Check for empty segments

Fixes: Timeout
Fixes: 
48154/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-5149094353436672

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit db31b3ea861c280e7fae282d06957ebd0d37c2d2)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=23fb7097eedbf0844897b24dbc96fc04ccc8d0c6
---

 libavformat/aaxdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/aaxdec.c b/libavformat/aaxdec.c
index e69e5615ee..ad893efadd 100644
--- a/libavformat/aaxdec.c
+++ b/libavformat/aaxdec.c
@@ -262,6 +262,8 @@ static int aax_read_header(AVFormatContext *s)
 
 start = avio_rb32(pb);
 size  = avio_rb32(pb);
+if (!size)
+return AVERROR_INVALIDDATA;
 a->segments[r].start = start + a->data_offset;
 a->segments[r].end   = a->segments[r].start + size;
 } else {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/qpeldsp: copy less for the mc0x cases

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Jun 26 00:59:15 2022 +0200| [0b4c403f2a50f539b491a2298033a746cc390073] | 
committer: Michael Niedermayer

avcodec/qpeldsp: copy less for the mc0x cases

Fixes: out of array access
Fixes: 
47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit e690d4edf581c42dbd907c0fafe53fba86a00812)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0b4c403f2a50f539b491a2298033a746cc390073
---

 libavcodec/qpeldsp.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/libavcodec/qpeldsp.c b/libavcodec/qpeldsp.c
index 6e52b33657..d99b8fd0ba 100644
--- a/libavcodec/qpeldsp.c
+++ b/libavcodec/qpeldsp.c
@@ -198,7 +198,7 @@ static void OPNAME ## qpel8_mc01_c(uint8_t *dst, const 
uint8_t *src,  \
 uint8_t full[16 * 9]; \
 uint8_t half[64]; \
   \
-copy_block9(full, src, 16, stride, 9);\
+copy_block8(full, src, 16, stride, 9);\
 put ## RND ## mpeg4_qpel8_v_lowpass(half, full, 8, 16);   \
 OPNAME ## pixels8_l2_8(dst, full, half, stride, 16, 8, 8);\
 } \
@@ -208,7 +208,7 @@ static void OPNAME ## qpel8_mc02_c(uint8_t *dst, const 
uint8_t *src,  \
 { \
 uint8_t full[16 * 9]; \
   \
-copy_block9(full, src, 16, stride, 9);\
+copy_block8(full, src, 16, stride, 9);\
 OPNAME ## mpeg4_qpel8_v_lowpass(dst, full, stride, 16);   \
 } \
   \
@@ -218,7 +218,7 @@ static void OPNAME ## qpel8_mc03_c(uint8_t *dst, const 
uint8_t *src,  \
 uint8_t full[16 * 9]; \
 uint8_t half[64]; \
   \
-copy_block9(full, src, 16, stride, 9);\
+copy_block8(full, src, 16, stride, 9);\
 put ## RND ## mpeg4_qpel8_v_lowpass(half, full, 8, 16);   \
 OPNAME ## pixels8_l2_8(dst, full + 16, half, stride, 16, 8, 8);   \
 } \
@@ -458,7 +458,7 @@ static void OPNAME ## qpel16_mc01_c(uint8_t *dst, const 
uint8_t *src, \
 uint8_t full[24 * 17];\
 uint8_t half[256];\
   \
-copy_block17(full, src, 24, stride, 17);  \
+copy_block16(full, src, 24, stride, 17);  \
 put ## RND ## mpeg4_qpel16_v_lowpass(half, full, 16, 24); \
 OPNAME ## pixels16_l2_8(dst, full, half, stride, 24, 16, 16); \
 } \
@@ -468,7 +468,7 @@ static void OPNAME ## qpel16_mc02_c(uint8_t *dst, const 
uint8_t *src, \
 { \
 uint8_t full[24 * 17];\
   \
-copy_block17(full, src, 24, stride, 17);  \
+copy_block16(full, src, 24, stride, 17);  \
 OPNAME ## mpeg4_qpel16_v_lowpass(dst, full, stride, 24);  \
 } \
   \
@@ -478,7 +478,7 @@ static void OPNAME ## qpel16_mc03_c(uint8_t *dst, const 
uint8_t *src, \
 uint8_t full[24 * 17];\
 uint8_t half[256];\

[FFmpeg-cvslog] avformat/iff: simplify duration calculation

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Jul  4 23:32:40 2022 +0200| [8063b5e28947578df41c167b373e55351107350a] | 
committer: Michael Niedermayer

avformat/iff: simplify duration calculation

Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented 
in type 'long long'
Fixes: 
48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 0740641e932551342cc1737d981e950ecffa3b63)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8063b5e28947578df41c167b373e55351107350a
---

 libavformat/iff.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libavformat/iff.c b/libavformat/iff.c
index c15302d3c5..16baaca439 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -385,7 +385,7 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt)
 avio_skip(pb, 1);
 pkt->flags |= AV_PKT_FLAG_KEY;
 pkt->stream_index = 0;
-pkt->duration = 588LL * s->streams[0]->codecpar->sample_rate / 
44100;
+pkt->duration = s->streams[0]->codecpar->sample_rate / 75;
 pkt->pos = chunk_pos;
 
 chunk_pos = avio_tell(pb);
@@ -398,7 +398,8 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt)
 case ID_FRTE:
 if (data_size < 4)
 return AVERROR_INVALIDDATA;
-s->streams[0]->duration = avio_rb32(pb) * 588LL * 
s->streams[0]->codecpar->sample_rate / 44100;
+s->streams[0]->duration = avio_rb32(pb) * 
(uint64_t)s->streams[0]->codecpar->sample_rate / 75;
+
 break;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/tiff: Check pixel format types for dng

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Jun 30 00:52:20 2022 +0200| [6bc0cf403efcf2b7eb8fe11633a6ad88ddf9be55] | 
committer: Michael Niedermayer

avcodec/tiff: Check pixel format types for dng

Fixes: out of array access
Fixes: 
48271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6149705769287680

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 75f3d1b82261f31c6bbcee8046cec6792194355a)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6bc0cf403efcf2b7eb8fe11633a6ad88ddf9be55
---

 libavcodec/tiff.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index c127ce146f..19fa4ac350 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -773,6 +773,7 @@ static int tiff_unpack_strip(TiffContext *s, AVFrame *p, 
uint8_t *dst, int strid
 if (s->is_bayer) {
 av_assert0(width == (s->bpp * s->width + 7) >> 3);
 }
+av_assert0(!(s->is_bayer && is_yuv));
 if (p->format == AV_PIX_FMT_GRAY12) {
 av_fast_padded_malloc(&s->yuv_line, &s->yuv_line_size, width);
 if (s->yuv_line == NULL) {
@@ -856,6 +857,8 @@ static int tiff_unpack_strip(TiffContext *s, AVFrame *p, 
uint8_t *dst, int strid
 av_log(s->avctx, AV_LOG_ERROR, "More than one DNG JPEG strips 
unsupported\n");
 return AVERROR_PATCHWELCOME;
 }
+if (!s->is_bayer)
+return AVERROR_PATCHWELCOME;
 if ((ret = dng_decode_jpeg(s->avctx, p, s->stripsize, 0, 0, s->width, 
s->height)) < 0)
 return ret;
 return 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/vf_signature: Fix integer overflow in filter_frame()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Wed May 18 02:10:52 2022 +0200| [b1deea36b25797313b2bdbeffebf17f4fba9] | 
committer: Michael Niedermayer

avfilter/vf_signature: Fix integer overflow in filter_frame()

Fixes: CID1403233

The second of the 2 changes may be unneeded but will help coverity

Signed-off-by: Michael Niedermayer 
(cherry picked from commit dd6040675ec18d19429f882caea6bb306ed6677a)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1deea36b25797313b2bdbeffebf17f4fba9
---

 libavfilter/vf_signature.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavfilter/vf_signature.c b/libavfilter/vf_signature.c
index 32a6405e14..1205168f8f 100644
--- a/libavfilter/vf_signature.c
+++ b/libavfilter/vf_signature.c
@@ -224,7 +224,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame 
*picref)
 dw1 = inlink->w / 32;
 if (inlink->w % 32)
 dw2 = dw1 + 1;
-denom = (sc->divide) ? dh1 * dh2 * dw1 * dw2 : 1;
+denom = (sc->divide) ? dh1 * (int64_t)dh2 * dw1 * dw2 : 1;
 
 for (i = 0; i < 32; i++) {
 rowcount = 0;
@@ -250,7 +250,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame 
*picref)
 }
 }
 
-denom = (sc->divide) ? 1 : dh1 * dh2 * dw1 * dw2;
+denom = (sc->divide) ? 1 : dh1 * (int64_t)dh2 * dw1 * dw2;
 
 for (i = 0; i < ELEMENT_COUNT; i++) {
 const ElemCat* elemcat = elements[i];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/hevcdsp_template: stay within tables in sao_band_filter()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Jun  9 22:21:55 2022 +0200| [93f5b347e62a3a5c1e68c1c8145788628276be6b] | 
committer: Michael Niedermayer

avcodec/hevcdsp_template: stay within tables in sao_band_filter()

Fixes: out of array read
Fixes: 
47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 9c5250a5612d4b32d79108de0c03945b2017963e)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=93f5b347e62a3a5c1e68c1c8145788628276be6b
---

 libavcodec/hevcdsp_template.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c
index 56cd9e605d..61425975cd 100644
--- a/libavcodec/hevcdsp_template.c
+++ b/libavcodec/hevcdsp_template.c
@@ -313,7 +313,7 @@ static void FUNC(sao_band_filter)(uint8_t *_dst, uint8_t 
*_src,
 offset_table[(k + sao_left_class) & 31] = sao_offset_val[k + 1];
 for (y = 0; y < height; y++) {
 for (x = 0; x < width; x++)
-dst[x] = av_clip_pixel(src[x] + offset_table[src[x] >> shift]);
+dst[x] = av_clip_pixel(src[x] + offset_table[(src[x] >> shift) & 
31]);
 dst += stride_dst;
 src += stride_src;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/rtsp: break on unknown protocols

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Fri May 20 00:50:33 2022 +0200| [d3e208f5f5ab43fe923b7722b3d737edecb3da60] | 
committer: Michael Niedermayer

avformat/rtsp: break on unknown protocols

This function needs more cleanup and it lacks error handling

Fixes: use of uninitialized memory
Fixes: CID700776

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 73c0fd27c5c53c42e5060fb3a0c1fc5708b6f670)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d3e208f5f5ab43fe923b7722b3d737edecb3da60
---

 libavformat/rtsp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 25bdf475b3..fae3a371e0 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -952,6 +952,8 @@ static void rtsp_parse_transport(AVFormatContext *s,
  ";,", &p);
 }
 th->transport = RTSP_TRANSPORT_RAW;
+} else {
+break;
 }
 if (!av_strcasecmp(lower_transport, "TCP"))
 th->lower_transport = RTSP_LOWER_TRANSPORT_TCP;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon May  2 00:51:12 2022 +0200| [3092b4d2711cf05d5b351dee10c1fb68a994997f] | 
committer: Michael Niedermayer

avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()

Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type 
'int'
Fixes: 
46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 1537f40516d625fc5fa57db4fdfb737312fbc500)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3092b4d2711cf05d5b351dee10c1fb68a994997f
---

 libavcodec/sbrdsp_fixed.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/sbrdsp_fixed.c b/libavcodec/sbrdsp_fixed.c
index 43fcc90ae5..0d34a2a710 100644
--- a/libavcodec/sbrdsp_fixed.c
+++ b/libavcodec/sbrdsp_fixed.c
@@ -114,8 +114,8 @@ static void sbr_qmf_deint_neg_c(int *v, const int *src)
 {
 int i;
 for (i = 0; i < 32; i++) {
-v[ i] = ( src[63 - 2*i] + 0x10) >> 5;
-v[63 - i] = (-src[63 - 2*i - 1] + 0x10) >> 5;
+v[ i] = (int)(0x10U + src[63 - 2*i]) >> 5;
+v[63 - i] = (int)(0x10U - src[63 - 2*i - 1]) >> 5;
 }
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/h264dec: Skip late SEI

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Wed Apr 27 22:16:51 2022 +0200| [48957599a5d566500cae2275997b122dddb1a589] | 
committer: Michael Niedermayer

avcodec/h264dec: Skip late SEI

Fixes: Race condition
Fixes: 
clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592

Found-by: google ClusterFuzz
Tested-by: Dan Sanders 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit f7dd408d64013ae177c1f8d0e04418e5075db5bc)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=48957599a5d566500cae2275997b122dddb1a589
---

 libavcodec/h264dec.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/h264dec.c b/libavcodec/h264dec.c
index 485f47d36e..bf3ab88da4 100644
--- a/libavcodec/h264dec.c
+++ b/libavcodec/h264dec.c
@@ -654,6 +654,10 @@ static int decode_nal_units(H264Context *h, const uint8_t 
*buf, int buf_size)
 avpriv_request_sample(avctx, "data partitioning");
 break;
 case H264_NAL_SEI:
+if (h->setup_finished) {
+avpriv_request_sample(avctx, "Late SEI");
+break;
+}
 ret = ff_h264_sei_decode(&h->sei, &nal->gb, &h->ps, avctx);
 h->has_recovery_point = h->has_recovery_point || 
h->sei.recovery_point.recovery_frame_cnt != -1;
 if (avctx->debug & FF_DEBUG_GREEN_MD)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/exr: Check x/ysize

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Jul 18 22:46:45 2022 +0200| [f18d625883964f16481139cfe2c898200f7f254b] | 
committer: Michael Niedermayer

avcodec/exr: Check x/ysize

Fixes: OOM
Fixes: 
48911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6352002510094336

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 614a4d1476c6e3561ebab3977cb43b2b4b6406fd)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f18d625883964f16481139cfe2c898200f7f254b
---

 libavcodec/exr.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index b6bf87ab81..642a86ae6d 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1240,7 +1240,8 @@ static int decode_block(AVCodecContext *avctx, void 
*tdata,
 td->ysize = FFMIN(s->tile_attr.ySize, s->ydelta - tile_y * 
s->tile_attr.ySize);
 td->xsize = FFMIN(s->tile_attr.xSize, s->xdelta - tile_x * 
s->tile_attr.xSize);
 
-if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
+if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX ||
+av_image_check_size2(td->xsize, td->ysize, s->avctx->max_pixels, 
AV_PIX_FMT_NONE, 0, s->avctx) < 0)
 return AVERROR_INVALIDDATA;
 
 td->channel_line_size = td->xsize * s->current_channel_offset;/* 
uncompress size of one line */
@@ -1264,7 +1265,8 @@ static int decode_block(AVCodecContext *avctx, void 
*tdata,
 td->ysize  = FFMIN(s->scan_lines_per_block, s->ymax - line + 
1); /* s->ydelta - line ?? */
 td->xsize  = s->xdelta;
 
-if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX)
+if (td->xsize * (uint64_t)s->current_channel_offset > INT_MAX ||
+av_image_check_size2(td->xsize, td->ysize, s->avctx->max_pixels, 
AV_PIX_FMT_NONE, 0, s->avctx) < 0)
 return AVERROR_INVALIDDATA;
 
 td->channel_line_size = td->xsize * s->current_channel_offset;/* 
uncompress size of one line */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/lagarith: Check dst/src in zero run code

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Tue Jul 12 20:43:20 2022 +0200| [d46f1d89f19bf42b305644f0b9a71dbddab7f657] | 
committer: Michael Niedermayer

avcodec/lagarith: Check dst/src in zero run code

Fixes: out of array access
Fixes: 
48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 9450f759748d02d1d284d2e4afd741cb0fe0c04a)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d46f1d89f19bf42b305644f0b9a71dbddab7f657
---

 libavcodec/lagarith.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/lagarith.c b/libavcodec/lagarith.c
index d81e55cf4c..1b08e9308e 100644
--- a/libavcodec/lagarith.c
+++ b/libavcodec/lagarith.c
@@ -408,6 +408,9 @@ output_zeros:
 if (zero_run) {
 zero_run = 0;
 i += esc_count;
+if (i >  end - dst ||
+i >= src_end - src)
+return AVERROR_INVALIDDATA;
 memcpy(dst, src, i);
 dst += i;
 l->zeros_rem = lag_calc_zero_run(src[i]);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] tools/target_dec_fuzzer: Adjust threshold for MMVIDEO

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Tue Jul 19 00:25:45 2022 +0200| [52accf7310e063becc9ca88d44581ace26a8362e] | 
committer: Michael Niedermayer

tools/target_dec_fuzzer: Adjust threshold for MMVIDEO

Fixes: Timeout
Fixes: 
49003/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MMVIDEO_fuzzer-5550368423018496

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3592b05c84958e2723cc026e7649df508de1a9c4)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=52accf7310e063becc9ca88d44581ace26a8362e
---

 tools/target_dec_fuzzer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 9e15216e59..825ca2d7eb 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -172,6 +172,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t 
size) {
 case AV_CODEC_ID_INTERPLAY_ACM: maxsamples /= 16384;  break;
 case AV_CODEC_ID_LAGARITH:maxpixels  /= 1024;  break;
 case AV_CODEC_ID_LSCR:maxpixels  /= 16;break;
+case AV_CODEC_ID_MMVIDEO: maxpixels  /= 256;   break;
 case AV_CODEC_ID_MOTIONPIXELS:maxpixels  /= 256;   break;
 case AV_CODEC_ID_MP4ALS:  maxsamples /= 65536; break;
 case AV_CODEC_ID_MSA1:maxpixels  /= 16384; break;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/asfdec_f: Use 64bit for packet start time

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Tue Jul 19 00:32:18 2022 +0200| [3ab3a39ec69e606421d0943c6fb661ac83225513] | 
committer: Michael Niedermayer

avformat/asfdec_f: Use 64bit for packet start time

Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 
'int'
Fixes: 
49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 8ed78486fcb065b5b459f14d4b1c3242f6d21ec7)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ab3a39ec69e606421d0943c6fb661ac83225513
---

 libavformat/asfdec_f.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index f43427d473..add0d33540 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -104,7 +104,7 @@ typedef struct ASFContext {
 int ts_is_pts;
 int packet_multi_size;
 int packet_time_delta;
-int packet_time_start;
+int64_t packet_time_start;
 int64_t packet_pos;
 
 int stream_index;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/flvdec: Check for EOF in index reading

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Jun 20 01:36:29 2022 +0200| [815efd3f689375efb889233933505198dcf7f750] | 
committer: Michael Niedermayer

avformat/flvdec: Check for EOF in index reading

Fixes: Timeout
Fixes: 
47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit ceff5d7b74cd9ae6055957979d27d289c70a9e1b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=815efd3f689375efb889233933505198dcf7f750
---

 libavformat/flvdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 2bbfef53e6..2ff0b20c62 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -461,6 +461,8 @@ static int parse_keyframes_index(AVFormatContext *s, 
AVIOContext *ioc, int64_t m
 goto invalid;
 if (current_array == × && (d <= INT64_MIN / 1000 || d >= 
INT64_MAX / 1000))
 goto invalid;
+if (avio_feof(ioc))
+goto invalid;
 current_array[0][i] = d;
 }
 if (times && filepositions) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/mss4: Check image size with av_image_check_size2()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Jul  3 00:34:08 2022 +0200| [ff6d408ac0370058a6d0e039881eef02b0b122d0] | 
committer: Michael Niedermayer

avcodec/mss4: Check image size with av_image_check_size2()

Fixes: Timeout
Fixes: 
48418/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MTS2_fuzzer-4834851466903552

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 4e145f1dcdcbe19e8f8e98940dab04e9332a8b5b)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff6d408ac0370058a6d0e039881eef02b0b122d0
---

 libavcodec/mss4.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/mss4.c b/libavcodec/mss4.c
index 7f11f30dc8..4ad653c443 100644
--- a/libavcodec/mss4.c
+++ b/libavcodec/mss4.c
@@ -26,6 +26,7 @@
  */
 
 #include "libavutil/thread.h"
+#include "libavutil/imgutils.h"
 
 #include "avcodec.h"
 #include "bytestream.h"
@@ -476,6 +477,9 @@ static int mss4_decode_frame(AVCodecContext *avctx, void 
*data, int *got_frame,
width, height);
 return AVERROR_INVALIDDATA;
 }
+if (av_image_check_size2(width, height, avctx->max_pixels, 
AV_PIX_FMT_NONE, 0, avctx) < 0)
+return AVERROR_INVALIDDATA;
+
 if (quality < 1 || quality > 100) {
 av_log(avctx, AV_LOG_ERROR, "Invalid quality setting %d\n", quality);
 return AVERROR_INVALIDDATA;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/nutdec: Check get_packetheader() in mainheader

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Wed Jul  6 23:54:49 2022 +0200| [46f74da43941ff8129637030ebe804bd8d6d680b] | 
committer: Michael Niedermayer

avformat/nutdec: Check get_packetheader() in mainheader

Fixes; Timeout
Fixes: 
48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b5de084aa63b79586bc445e6a7fea837688b3941)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46f74da43941ff8129637030ebe804bd8d6d680b
---

 libavformat/nutdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 58a74612a4..dff2593208 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -199,6 +199,8 @@ static int decode_main_header(NUTContext *nut)
 int tmp_stream, tmp_mul, tmp_pts, tmp_size, tmp_res, tmp_head_idx;
 
 length = get_packetheader(nut, bc, 1, MAIN_STARTCODE);
+if (length == (uint64_t)-1)
+return AVERROR_INVALIDDATA;
 end = length + avio_tell(bc);
 
 nut->version = ffio_read_varlen(bc);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/tiff: Check tile_length and tile_width

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Jul 21 23:27:59 2022 +0200| [cd76f3ed591beba5c64b57fa7fcc596acc678c4c] | 
committer: Michael Niedermayer

avcodec/tiff: Check tile_length and tile_width

Fixes: Division by 0
Fixes: 
49235/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5495613847896064

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 76112c2b4167bb3c40503b3334c8b38fd707a8d5)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cd76f3ed591beba5c64b57fa7fcc596acc678c4c
---

 libavcodec/tiff.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 19fa4ac350..4be9ad1735 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -977,6 +977,9 @@ static int dng_decode_tiles(AVCodecContext *avctx, AVFrame 
*frame,
 int pos_x = 0, pos_y = 0;
 int ret;
 
+if (s->tile_width <= 0 || s->tile_length <= 0)
+return AVERROR_INVALIDDATA;
+
 has_width_leftover = (s->width % s->tile_width != 0);
 has_height_leftover = (s->height % s->tile_length != 0);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

ffmpeg-cvslog@ffmpeg.org

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Fri Jul 22 00:51:32 2022 +0200| [1882734fe1fa16a6c66ffb159bffc1a1f971b763] | 
committer: Michael Niedermayer

avcodec/hevc_filter: copy_CTB() only within width&height

Fixes: out of array access
Fixes: 
49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 009ef35d384c3df22d8a8be7416dc9d532e91c52)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1882734fe1fa16a6c66ffb159bffc1a1f971b763
---

 libavcodec/hevc_filter.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/libavcodec/hevc_filter.c b/libavcodec/hevc_filter.c
index 6b9824088c..a45cb6f0fb 100644
--- a/libavcodec/hevc_filter.c
+++ b/libavcodec/hevc_filter.c
@@ -145,11 +145,22 @@ int i, j;
 
 if (((intptr_t)dst | (intptr_t)src | stride_dst | stride_src) & 15) {
 for (i = 0; i < height; i++) {
-for (j = 0; j < width; j+=8)
+for (j = 0; j < width - 7; j+=8)
 AV_COPY64U(dst+j, src+j);
 dst += stride_dst;
 src += stride_src;
 }
+if (width&7) {
+dst += ((width>>3)<<3) - stride_dst * height;
+src += ((width>>3)<<3) - stride_src * height;
+width &= 7;
+for (i = 0; i < height; i++) {
+for (j = 0; j < width; j++)
+dst[j] = src[j];
+dst += stride_dst;
+src += stride_src;
+}
+}
 } else {
 for (i = 0; i < height; i++) {
 for (j = 0; j < width; j+=16)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] MAINTAINERS: Add ED25519 key for signing my commits in the future

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Tue Aug  9 21:53:32 2022 +0200| [9363a18e496745cd8b54dd7a7765cf34f4184a09] | 
committer: Michael Niedermayer

MAINTAINERS: Add ED25519 key for signing my commits in the future

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 05225180bea208dfd81efac327e429711a963697)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9363a18e496745cd8b54dd7a7765cf34f4184a09
---

 MAINTAINERS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index 3b6cfad4fc..b825b8d68e 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -615,6 +615,7 @@ Jean Delvare  7CA6 9F44 60F1 BDC4 1FD2 C858 
A552 6B9B B3CD 4E6A
 Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE
 Lynne FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464
 Michael Niedermayer   9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB
+  DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64
 Nicolas George24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93
 Nikolay Aleksandrov   8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1
 Panagiotis Issaris6571 13A3 33D9 3726 F728 AA98 F643 B12E ECF3 E029

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/mjpegdec: bayer and rct are incompatible

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Aug 13 22:47:31 2022 +0200| [0035e034c0c7c03a07c1504974254bc74275e15c] | 
committer: Michael Niedermayer

avcodec/mjpegdec: bayer and rct are incompatible

Fixes: out of array read
Fixes: 
49434/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5208501080686592

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit a44f5a521227adc7be2f78b411f56da1a4d98704)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0035e034c0c7c03a07c1504974254bc74275e15c
---

 libavcodec/mjpegdec.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index afb117cfc6..f85ebbc754 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1082,6 +1082,10 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, 
int nb_components, int p
 return AVERROR_INVALIDDATA;
 if (s->v_max != 1 || s->h_max != 1 || !s->lossless)
 return AVERROR_INVALIDDATA;
+if (s->bayer) {
+if (s->rct || s->pegasus_rct)
+return AVERROR_INVALIDDATA;
+}
 
 
 s->restart_count = s->restart_interval;
@@ -1932,6 +1936,8 @@ static int mjpeg_decode_app(MJpegDecodeContext *s)
 }
 
 len -= 9;
+if (s->bayer)
+goto out;
 if (s->got_picture)
 if (rgb != s->rgb || pegasus_rct != s->pegasus_rct) {
 av_log(s->avctx, AV_LOG_WARNING, "Mismatching LJIF tag\n");

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/subviewerdec: Make read_ts() more flexible

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Mar 22 00:54:58 2020 +0100| [fe87396f35b67f88d4b46fda04de0fd122a411fa] | 
committer: Michael Niedermayer

avformat/subviewerdec: Make read_ts() more flexible

Fixes: signed integer overflow: -1948269928 * 10 cannot be represented in type 
'int'
Fixes: 
49451/clusterfuzz-testcase-minimized-ffmpeg_dem_SUBVIEWER_fuzzer-6344614822412288

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit 58a8e739ef93f8b42f8139e73227508256929d20)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fe87396f35b67f88d4b46fda04de0fd122a411fa
---

 libavformat/subviewerdec.c | 36 +---
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/libavformat/subviewerdec.c b/libavformat/subviewerdec.c
index 5c2fe676f1..0a2f0da3b1 100644
--- a/libavformat/subviewerdec.c
+++ b/libavformat/subviewerdec.c
@@ -51,26 +51,32 @@ static int subviewer_probe(const AVProbeData *p)
 return 0;
 }
 
+static int get_multiplier(int e) {
+switch (e) {
+case 1  : return 100;
+case 2  : return 10;
+case 3  : return 1;
+default : return -1;
+}
+}
+
 static int read_ts(const char *s, int64_t *start, int *duration)
 {
 int64_t end;
 int hh1, mm1, ss1, ms1;
 int hh2, mm2, ss2, ms2;
-int multiplier = 1;
-
-if (sscanf(s, "%u:%u:%u.%2u,%u:%u:%u.%2u",
-   &hh1, &mm1, &ss1, &ms1, &hh2, &mm2, &ss2, &ms2) == 8) {
-multiplier = 10;
-} else if (sscanf(s, "%u:%u:%u.%1u,%u:%u:%u.%1u",
-  &hh1, &mm1, &ss1, &ms1, &hh2, &mm2, &ss2, &ms2) == 8) {
-multiplier = 100;
-}
-if (sscanf(s, "%u:%u:%u.%u,%u:%u:%u.%u",
-   &hh1, &mm1, &ss1, &ms1, &hh2, &mm2, &ss2, &ms2) == 8) {
-ms1 = FFMIN(ms1, 999);
-ms2 = FFMIN(ms2, 999);
-end= (hh2*3600LL + mm2*60LL + ss2) * 1000LL + ms2 * multiplier;
-*start = (hh1*3600LL + mm1*60LL + ss1) * 1000LL + ms1 * multiplier;
+int multiplier1, multiplier2;
+int ms1p1, ms1p2, ms2p1, ms2p2;
+
+if (sscanf(s, "%u:%u:%u.%n%u%n,%u:%u:%u.%n%u%n",
+   &hh1, &mm1, &ss1, &ms1p1, &ms1, &ms1p2, &hh2, &mm2, &ss2, 
&ms2p1, &ms2, &ms2p2) == 8) {
+multiplier1 = get_multiplier(ms1p2 - ms1p1);
+multiplier2 = get_multiplier(ms2p2 - ms2p1);
+if (multiplier1 <= 0 ||multiplier2 <= 0)
+return -1;
+
+end= (hh2*3600LL + mm2*60LL + ss2) * 1000LL + ms2 * multiplier2;
+*start = (hh1*3600LL + mm1*60LL + ss1) * 1000LL + ms1 * multiplier1;
 *duration = end - *start;
 return 0;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/mpegaudiodec_template: use unsigned shift in handle_crc()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Aug 14 23:30:22 2022 +0200| [8b644b85f4c56f8051a29a32aa266faf53af8dd6] | 
committer: Michael Niedermayer

avcodec/mpegaudiodec_template: use unsigned shift in handle_crc()

Fixes: left shift of 192 by 24 places cannot be represented in type 'int'
Fixes: 
49577/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MP1FLOAT_fuzzer-5205996678545408

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 7086491fa0eca4ad647b5c9fae6d07344cc44ec0)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8b644b85f4c56f8051a29a32aa266faf53af8dd6
---

 libavcodec/mpegaudiodec_template.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/mpegaudiodec_template.c 
b/libavcodec/mpegaudiodec_template.c
index 4fd9e3a690..642fa5ac79 100644
--- a/libavcodec/mpegaudiodec_template.c
+++ b/libavcodec/mpegaudiodec_template.c
@@ -372,7 +372,7 @@ static int handle_crc(MPADecodeContext *s, int sec_len)
 crc_val = av_crc(crc_tab, crc_val, &buf[6], sec_byte_len);
 
 AV_WB32(tmp_buf,
-((buf[6 + sec_byte_len] & (0xFF00 >> sec_rem_bits)) << 24) +
+((buf[6 + sec_byte_len] & (0xFF00U >> sec_rem_bits)) << 24) +
 ((s->crc << 16) >> sec_rem_bits));
 
 crc_val = av_crc(crc_tab, crc_val, tmp_buf, 3);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Aug 14 23:39:56 2022 +0200| [5b9b498e1ba6a814f3e483ecc8f6644a5f67c1aa] | 
committer: Michael Niedermayer

avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel

This is somewhat redundant with the is_decoded check. Maybe
there is a nicer solution

Fixes: Null pointer dereference
Fixes: 
49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3b51e1992289383aa9f083c88e153e34b6412c89)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b9b498e1ba6a814f3e483ecc8f6644a5f67c1aa
---

 libavcodec/hevcdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index 2231aed259..19d6d517f3 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -3338,7 +3338,7 @@ static int hevc_decode_frame(AVCodecContext *avctx, void 
*data, int *got_output,
 }
 } else {
 /* verify the SEI checksum */
-if (avctx->err_recognition & AV_EF_CRCCHECK && s->is_decoded &&
+if (avctx->err_recognition & AV_EF_CRCCHECK && s->ref && s->is_decoded 
&&
 s->sei.picture_hash.is_md5) {
 ret = verify_md5(s, s->ref->frame);
 if (ret < 0 && avctx->err_recognition & AV_EF_EXPLODE) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/h263dec: Sanity check against minimal I/P frame size

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Aug 15 00:02:37 2022 +0200| [eb252776d8d06fe69aa635acdf36e0210d350035] | 
committer: Michael Niedermayer

avcodec/h263dec: Sanity check against minimal I/P frame size

Fixes: Timeout
Fixes: 
49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit ca4ff9c21cb77e024fa4ff5889826a8bee4d0e0a)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb252776d8d06fe69aa635acdf36e0210d350035
---

 libavcodec/h263dec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index e8b4d83e6e..f6f7789cef 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -545,6 +545,8 @@ retry:
 avctx->has_b_frames = !s->low_delay;
 
 if (CONFIG_MPEG4_DECODER && avctx->codec_id == AV_CODEC_ID_MPEG4) {
+if (s->pict_type != AV_PICTURE_TYPE_B && s->mb_num/2 > 
get_bits_left(&s->gb))
+return AVERROR_INVALIDDATA;
 if (ff_mpeg4_workaround_bugs(avctx) == 1)
 goto retry;
 if (s->studio_profile != (s->idsp.idct == NULL))

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/avidec: Prevent entity expansion attacks

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Aug 18 00:22:41 2022 +0200| [df0d34caafdcef5dac9e9ceedbd6e8920bdf5833] | 
committer: Michael Niedermayer

avformat/avidec: Prevent entity expansion attacks

Fixes: Timeout
Fixes no testcase, this is the same idea as similar attacks against XML parsers

Signed-off-by: Michael Niedermayer 
(cherry picked from commit f3e823c2aa04d4f5571a5e04c27a244890704c8d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df0d34caafdcef5dac9e9ceedbd6e8920bdf5833
---

 libavformat/avidec.c | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/libavformat/avidec.c b/libavformat/avidec.c
index 02a4fd4c47..75b05ab5d5 100644
--- a/libavformat/avidec.c
+++ b/libavformat/avidec.c
@@ -79,6 +79,8 @@ typedef struct AVIContext {
 int stream_index;
 DVDemuxContext *dv_demux;
 int odml_depth;
+int64_t odml_read;
+int64_t odml_max_pos;
 int use_odml;
 #define MAX_ODML_DEPTH 1000
 int64_t dts_max;
@@ -198,7 +200,7 @@ static int read_odml_index(AVFormatContext *s, int64_t 
frame_num)
 st  = s->streams[stream_id];
 ast = st->priv_data;
 
-if (index_sub_type)
+if (index_sub_type || entries_in_use < 0)
 return AVERROR_INVALIDDATA;
 
 avio_rl32(pb);
@@ -219,11 +221,18 @@ static int read_odml_index(AVFormatContext *s, int64_t 
frame_num)
 }
 
 for (i = 0; i < entries_in_use; i++) {
+avi->odml_max_pos = FFMAX(avi->odml_max_pos, avio_tell(pb));
+
+// If we read more than there are bytes then we must have been reading 
something twice
+if (avi->odml_read > avi->odml_max_pos)
+return AVERROR_INVALIDDATA;
+
 if (index_type) {
 int64_t pos = avio_rl32(pb) + base - 8;
 int len = avio_rl32(pb);
 int key = len >= 0;
 len &= 0x7FFF;
+avi->odml_read += 8;
 
 av_log(s, AV_LOG_TRACE, "pos:%"PRId64", len:%X\n", pos, len);
 
@@ -242,6 +251,7 @@ static int read_odml_index(AVFormatContext *s, int64_t 
frame_num)
 int64_t offset, pos;
 int duration;
 int ret;
+avi->odml_read += 16;
 
 offset = avio_rl64(pb);
 avio_rl32(pb);   /* size */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] libavformat/iff: Check for overflow in body_end calculation

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Aug 22 20:31:32 2022 +0200| [7c00e515a0e589f4c90f1f09f91ae1a5fe4cdd99] | 
committer: Michael Niedermayer

libavformat/iff: Check for overflow in body_end calculation

Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857 
cannot be represented in type 'long'
Fixes: 
50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit bcb46903040e5a5199281f4ad0a1fdaf750ebc37)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7c00e515a0e589f4c90f1f09f91ae1a5fe4cdd99
---

 libavformat/iff.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/iff.c b/libavformat/iff.c
index 16baaca439..06785c748b 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -502,6 +502,9 @@ static int iff_read_header(AVFormatContext *s)
 case ID_DST:
 case ID_MDAT:
 iff->body_pos = avio_tell(pb);
+if (iff->body_pos < 0 || iff->body_pos + data_size > INT64_MAX)
+return AVERROR_INVALIDDATA;
+
 iff->body_end = iff->body_pos + data_size;
 iff->body_size = data_size;
 if (chunk_id == ID_DST) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] doc/git-howto.texi: Document commit signing

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Tue Aug  9 21:49:04 2022 +0200| [b21ebecec113ddbde15ea703e0e83f7b63427787] | 
committer: Michael Niedermayer

doc/git-howto.texi: Document commit signing

Signed-off-by: Michael Niedermayer 
(cherry picked from commit ced0dc807eb67516b341d68f04ce5a87b02820de)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b21ebecec113ddbde15ea703e0e83f7b63427787
---

 doc/git-howto.texi | 22 +-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/doc/git-howto.texi b/doc/git-howto.texi
index 2b4fb80233..bd26fcb259 100644
--- a/doc/git-howto.texi
+++ b/doc/git-howto.texi
@@ -187,11 +187,18 @@ to make sure you don't have untracked files or deletions.
 git add [-i|-p|-A] 
 @end example
 
-Make sure you have told Git your name and email address
+Make sure you have told Git your name, email address and GPG key
 
 @example
 git config --global user.name "My Name"
 git config --global user.email my@@email.invalid
+git config --global user.signingkey ABCDEF0123245
+@end example
+
+Enable signing all commits or use -S
+
+@example
+git config --global commit.gpgsign true
 @end example
 
 Use @option{--global} to set the global configuration for all your Git 
checkouts.
@@ -393,6 +400,19 @@ git checkout -b svn_23456 $SHA1
 where @var{$SHA1} is the commit hash from the @command{git log} output.
 
 
+@chapter gpg key generation
+
+If you have no gpg key yet, we recommend that you create a ed25519 based key 
as it
+is small, fast and secure. Especially it results in small signatures in git.
+
+@example
+gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" 
--quick-generate-key "human@@server.com"
+@end example
+
+When generating a key, make sure the email specified matches the email used in 
git as some sites like
+github consider mismatches a reason to declare such commits unverified. After 
generating a key you
+can add it to the MAINTAINER file and upload it to a keyserver.
+
 @chapter Pre-push checklist
 
 Once you have a set of commits that you feel are ready for pushing,

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Aug 22 21:29:55 2022 +0200| [7e2559982f162846748a1aa0bb71ee8ea5eb26f6] | 
committer: Michael Niedermayer

avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer()

This would avoid regeting the frame on lzss errors

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 628fb97efb0b6202e56fab89670406261bf86d85)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7e2559982f162846748a1aa0bb71ee8ea5eb26f6
---

 libavcodec/midivid.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/libavcodec/midivid.c b/libavcodec/midivid.c
index 2200440e2c..3e6a9ca3d9 100644
--- a/libavcodec/midivid.c
+++ b/libavcodec/midivid.c
@@ -202,12 +202,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 bytestream2_skip(gb, 8);
 uncompressed = bytestream2_get_le32(gb);
 
-if ((ret = ff_reget_buffer(avctx, s->frame, 0)) < 0)
-return ret;
-
-if (uncompressed) {
-ret = decode_mvdv(s, avctx, frame);
-} else {
+if (!uncompressed) {
 av_fast_padded_malloc(&s->uncompressed, &s->uncompressed_size, 16LL * 
(avpkt->size - 12));
 if (!s->uncompressed)
 return AVERROR(ENOMEM);
@@ -216,9 +211,13 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 if (ret < 0)
 return ret;
 bytestream2_init(gb, s->uncompressed, ret);
-ret = decode_mvdv(s, avctx, frame);
 }
 
+if ((ret = ff_reget_buffer(avctx, s->frame, 0)) < 0)
+return ret;
+
+ret = decode_mvdv(s, avctx, frame);
+
 if (ret < 0)
 return ret;
 key = ret;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] libavcodec/8bps: Check that line lengths fit within the buffer

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Aug 22 22:10:09 2022 +0200| [399670d66893d2f84d1a2dfabebab3c227454431] | 
committer: Michael Niedermayer

libavcodec/8bps: Check that line lengths fit within the buffer

Fixes: Timeout
Fixes: undefined pointer arithmetic
Fixes: 
50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 2316d5ec1a95b13ff9a0ce80409fa367a041966d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=399670d66893d2f84d1a2dfabebab3c227454431
---

 libavcodec/8bps.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/8bps.c b/libavcodec/8bps.c
index 53e939d35d..6cc9a0c9ae 100644
--- a/libavcodec/8bps.c
+++ b/libavcodec/8bps.c
@@ -70,6 +70,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 unsigned char *planemap = c->planemap;
 int ret;
 
+if (buf_size < planes * height *2)
+return AVERROR_INVALIDDATA;
+
 if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
 return ret;
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/asfdec_o: limit recursion depth in asf_read_unknown()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Wed Aug 31 01:21:38 2022 +0200| [3ce3d5ea9c34c9632b26bf057acbf6e1cd1f83ba] | 
committer: Michael Niedermayer

avformat/asfdec_o: limit recursion depth in asf_read_unknown()

The threshold of 5 is arbitrary, both smaller and larger should work fine

Fixes: Stack overflow
Fixes: 
50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 1f1a368169ef9d945dc4b4764f5c60ba9bbc9134)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3ce3d5ea9c34c9632b26bf057acbf6e1cd1f83ba
---

 libavformat/asfdec_o.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index f98ffc76fa..7f5552da0e 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -113,6 +113,7 @@ typedef struct ASFContext {
 int64_t data_offset;
 int64_t first_packet_offset; // packet offset
 int64_t unknown_offset;   // for top level header objects or subobjects 
without specified behavior
+int in_asf_read_unknown;
 
 // ASF file must not contain more than 128 streams according to the 
specification
 ASFStream *asf_st[ASF_MAX_STREAMS];
@@ -177,7 +178,7 @@ static int asf_read_unknown(AVFormatContext *s, const 
GUIDParseTable *g)
 uint64_t size   = avio_rl64(pb);
 int ret;
 
-if (size > INT64_MAX)
+if (size > INT64_MAX || asf->in_asf_read_unknown > 5)
 return AVERROR_INVALIDDATA;
 
 if (asf->is_header)
@@ -186,8 +187,11 @@ static int asf_read_unknown(AVFormatContext *s, const 
GUIDParseTable *g)
 if (!g->is_subobject) {
 if (!(ret = strcmp(g->name, "Header Extension")))
 avio_skip(pb, 22); // skip reserved fields and Data Size
-if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
-asf->unknown_size)) < 0)
+asf->in_asf_read_unknown ++;
+ret = detect_unknown_subobject(s, asf->unknown_offset,
+asf->unknown_size);
+asf->in_asf_read_unknown --;
+if (ret < 0)
 return ret;
 } else {
 if (size < 24) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/bink: disallow odd positioned scaled blocks

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Jun 13 02:01:20 2022 +0200| [85f5aaa15fda09e8c01880d4ec622dd33c7b3636] | 
committer: Michael Niedermayer

avcodec/bink: disallow odd positioned scaled blocks

Fixes: out of array access
Fixes: 
47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=85f5aaa15fda09e8c01880d4ec622dd33c7b3636
---

 libavcodec/bink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index 5efd24e9c3..c7d76d1d14 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -1086,7 +1086,7 @@ static int bink_decode_plane(BinkContext *c, AVFrame 
*frame, GetBitContext *gb,
 for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
 blk = get_value(c, BINK_SRC_BLOCK_TYPES);
 // 16x16 block type on odd line means part of the already decoded 
block, so skip it
-if ((by & 1) && blk == SCALED_BLOCK) {
+if (((by & 1) || (bx & 1)) && blk == SCALED_BLOCK) {
 bx++;
 dst  += 8;
 prev += 8;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/speedhq: Check width

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Aug 18 23:41:57 2022 +0200| [c7f723ddb677d6a13e9d8b62851f9d2583100fdf] | 
committer: Michael Niedermayer

avcodec/speedhq: Check width

Fixes: out of array access
Fixes: 
50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400

Alternatively the buffer size can be increased

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7f723ddb677d6a13e9d8b62851f9d2583100fdf
---

 libavcodec/speedhq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/speedhq.c b/libavcodec/speedhq.c
index 711bcd66d7..5a201b3a6e 100644
--- a/libavcodec/speedhq.c
+++ b/libavcodec/speedhq.c
@@ -498,7 +498,7 @@ static int speedhq_decode_frame(AVCodecContext *avctx,
 uint32_t second_field_offset;
 int ret;
 
-if (buf_size < 4 || avctx->width < 8)
+if (buf_size < 4 || avctx->width < 8 || avctx->width % 8 != 0)
 return AVERROR_INVALIDDATA;
 
 quality = buf[0];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/fmvc: Move frame allocation to a later stage

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Fri Jun 10 23:09:09 2022 +0200| [12043b8a6bc93a20524a5cd84839c33dd287c479] | 
committer: Michael Niedermayer

avcodec/fmvc: Move frame allocation to a later stage

This way more things are checked before allocation

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 9783749c66bf6ca2ce7a6db4c74957fe77cbe803)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=12043b8a6bc93a20524a5cd84839c33dd287c479
---

 libavcodec/fmvc.c | 21 +++--
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c
index 3701b0849b..82a2822e07 100644
--- a/libavcodec/fmvc.c
+++ b/libavcodec/fmvc.c
@@ -401,20 +401,17 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 PutByteContext *pb = &s->pb;
 AVFrame *frame = data;
 int ret, y, x;
+int key_frame;
 
 if (avpkt->size < 8)
 return AVERROR_INVALIDDATA;
 
-if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
-return ret;
-
 bytestream2_init(gb, avpkt->data, avpkt->size);
 bytestream2_skip(gb, 2);
 
-frame->key_frame = !!bytestream2_get_le16(gb);
-frame->pict_type = frame->key_frame ? AV_PICTURE_TYPE_I : 
AV_PICTURE_TYPE_P;
+key_frame = !!bytestream2_get_le16(gb);
 
-if (frame->key_frame) {
+if (key_frame) {
 const uint8_t *src;
 unsigned type, size;
 uint8_t *dst;
@@ -434,6 +431,12 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 return AVERROR_PATCHWELCOME;
 }
 
+if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+return ret;
+
+frame->key_frame = 1;
+frame->pict_type = AV_PICTURE_TYPE_I;
+
 src = s->buffer;
 dst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
 for (y = 0; y < avctx->height; y++) {
@@ -514,6 +517,12 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 dst = &rect[block_h * s->stride];
 }
 
+if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
+return ret;
+
+frame->key_frame = 0;
+frame->pict_type = AV_PICTURE_TYPE_P;
+
 ssrc = s->buffer;
 ddst = frame->data[0] + (avctx->height - 1) * frame->linesize[0];
 for (y = 0; y < avctx->height; y++) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avfilter/vf_showinfo: remove backspaces

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Thu Jul 21 20:15:06 2022 +0200| [16ab46b4fc0ee9745097be1abf67d647496cc04c] | 
committer: Michael Niedermayer

avfilter/vf_showinfo: remove backspaces

They mess with storing editing and comparing the results

Signed-off-by: Michael Niedermayer 
(cherry picked from commit 31581ae7ee6d007f2f2dcd16de5df991ba7aa1b6)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=16ab46b4fc0ee9745097be1abf67d647496cc04c
---

 libavfilter/vf_showinfo.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/libavfilter/vf_showinfo.c b/libavfilter/vf_showinfo.c
index 6208892005..0b67cd7205 100644
--- a/libavfilter/vf_showinfo.c
+++ b/libavfilter/vf_showinfo.c
@@ -454,12 +454,15 @@ static int filter_frame(AVFilterLink *inlink, AVFrame 
*frame)
 av_log(ctx, AV_LOG_INFO, " %08"PRIX32, plane_checksum[plane]);
 av_log(ctx, AV_LOG_INFO, "] mean:[");
 for (plane = 0; plane < 4 && frame->data[plane] && 
frame->linesize[plane]; plane++)
-av_log(ctx, AV_LOG_INFO, "%"PRId64" ", (sum[plane] + 
pixelcount[plane]/2) / pixelcount[plane]);
-av_log(ctx, AV_LOG_INFO, "\b] stdev:[");
+av_log(ctx, AV_LOG_INFO, "%s%"PRId64,
+   plane ? " ":"",
+   (sum[plane] + pixelcount[plane]/2) / pixelcount[plane]);
+av_log(ctx, AV_LOG_INFO, "] stdev:[");
 for (plane = 0; plane < 4 && frame->data[plane] && 
frame->linesize[plane]; plane++)
-av_log(ctx, AV_LOG_INFO, "%3.1f ",
+av_log(ctx, AV_LOG_INFO, "%s%3.1f",
+   plane ? " ":"",
sqrt((sum2[plane] - 
sum[plane]*(double)sum[plane]/pixelcount[plane])/pixelcount[plane]));
-av_log(ctx, AV_LOG_INFO, "\b]");
+av_log(ctx, AV_LOG_INFO, "]");
 }
 av_log(ctx, AV_LOG_INFO, "\n");
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/tiff: Fix loop detection

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Mon Sep 12 19:55:09 2022 +0200| [9a814adf89397dbf5f283b06664b92ae5ce8b0d4] | 
committer: Michael Niedermayer

avcodec/tiff: Fix loop detection

Fixes regression with tickets/4364/L1004220.DNG

Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 43a4854510a3d596e114d899177a5b3b323ca9fb)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9a814adf89397dbf5f283b06664b92ae5ce8b0d4
---

 libavcodec/tiff.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 4be9ad1735..bef0c59d9d 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1764,7 +1764,7 @@ static int decode_frame(AVCodecContext *avctx,
 TiffContext *const s = avctx->priv_data;
 AVFrame *const p = data;
 ThreadFrame frame = { .f = data };
-unsigned off, last_off;
+unsigned off, last_off = 0;
 int le, ret, plane, planes;
 int i, j, entries, stride;
 unsigned soff, ssize;
@@ -1829,7 +1829,6 @@ again:
 /** whether we should process this multi-page IFD's next page */
 retry_for_page = s->get_page && s->cur_page + 1 < s->get_page;  // 
get_page is 1-indexed
 
-last_off = off;
 if (retry_for_page) {
 // set offset to the next IFD
 off = ff_tget_long(&s->gb, le);
@@ -1847,6 +1846,7 @@ again:
 avpriv_request_sample(s->avctx, "non increasing IFD offset");
 return AVERROR_INVALIDDATA;
 }
+last_off = off;
 if (off >= UINT_MAX - 14 || avpkt->size < off + 14) {
 av_log(avctx, AV_LOG_ERROR, "IFD offset is greater than image 
size\n");
 return AVERROR_INVALIDDATA;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] libavformat/hls: Free keys

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Fri Sep  9 00:32:23 2022 +0200| [f4a792fbb9e27cd1d1a217afcba69c8949f42621] | 
committer: Michael Niedermayer

libavformat/hls: Free keys

Fixes: memleak
Fixes: 
50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f4a792fbb9e27cd1d1a217afcba69c8949f42621
---

 libavformat/hls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index 0e818e8ed5..e17cb23897 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -236,6 +236,7 @@ static void free_init_section_list(struct playlist *pls)
 {
 int i;
 for (i = 0; i < pls->n_init_sections; i++) {
+av_freep(&pls->init_sections[i]->key);
 av_freep(&pls->init_sections[i]->url);
 av_freep(&pls->init_sections[i]);
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/tta: Check 24bit scaling for overflow

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 11 00:11:20 2022 +0200| [ed496ac4f50b253b8c407d21a62ed768b15815f9] | 
committer: Michael Niedermayer

avcodec/tta: Check 24bit scaling for overflow

Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type 
'int'
Fixes: 
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 3993345f915bccceee315f44d412445346990e14)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed496ac4f50b253b8c407d21a62ed768b15815f9
---

 libavcodec/tta.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index f1e159b03d..3630afcfae 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -371,8 +371,15 @@ static int tta_decode_frame(AVCodecContext *avctx, void 
*data,
 case 3: {
 // shift samples for 24-bit sample format
 int32_t *samples = (int32_t *)frame->data[0];
-for (i = 0; i < framelen * s->channels; i++)
-*samples++ *= 256;
+int overflow = 0;
+
+for (i = 0; i < framelen * s->channels; i++) {
+int scaled = *samples * 256U;
+overflow += (scaled >> 8 != *samples);
+*samples++ = scaled;
+}
+if (overflow)
+av_log(avctx, AV_LOG_WARNING, "%d overflows occurred on 24bit 
upscale\n", overflow);
 // reset decode buffer
 s->decode_buffer = NULL;
 break;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/apedec: Fix integer overflow in filter_3800()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 11 00:30:42 2022 +0200| [5f0afb748e504ca5cd94df405d8965397e850efc] | 
committer: Michael Niedermayer

avcodec/apedec: Fix integer overflow in filter_3800()

Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in 
type 'int'
Fixes: 
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296
Fixes: 
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5f0afb748e504ca5cd94df405d8965397e850efc
---

 libavcodec/apedec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c
index b65a740f87..de5627ad02 100644
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -930,7 +930,7 @@ static av_always_inline int filter_3800(APEPredictor *p,
 p->coeffsB[filter][0] += (((d3 >> 29) & 4) - 2) * sign;
 p->coeffsB[filter][1] -= (((d4 >> 30) & 2) - 1) * sign;
 
-p->filterB[filter] = p->lastA[filter] + (predictionB >> shift);
+p->filterB[filter] = p->lastA[filter] + (unsigned)(predictionB >> shift);
 p->filterA[filter] = p->filterB[filter] + 
(unsigned)((int)(p->filterA[filter] * 31U) >> 5);
 
 return p->filterA[filter];

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/exr: Check preview psize

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 10 23:54:17 2022 +0200| [446de009f922014d77b801bb0a44ba6e3cc3aac4] | 
committer: Michael Niedermayer

avcodec/exr: Check preview psize

Fixes: signed integer overflow: 17121181824 * 538976288 cannot be represented 
in type 'long long'
Fixes: 
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5915330316206080

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit ac26712e35f5ebc726d1be14bb4a420949e66604)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=446de009f922014d77b801bb0a44ba6e3cc3aac4
---

 libavcodec/exr.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 642a86ae6d..e3effad2e7 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1947,9 +1947,12 @@ static int decode_header(EXRContext *s, AVFrame *frame)
  "preview", 16)) >= 0) {
 uint32_t pw = bytestream2_get_le32(gb);
 uint32_t ph = bytestream2_get_le32(gb);
-int64_t psize = 4LL * pw * ph;
+uint64_t psize = pw * ph;
+if (psize > INT64_MAX / 4)
+return AVERROR_INVALIDDATA;
+psize *= 4;
 
-if (psize >= bytestream2_get_bytes_left(gb))
+if ((int64_t)psize >= bytestream2_get_bytes_left(gb))
 return AVERROR_INVALIDDATA;
 
 bytestream2_skip(gb, psize);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/mobiclip: Check quantizer for overflow

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 10 23:58:36 2022 +0200| [bd7c92f48479c477e7cee5eb55c2491426303431] | 
committer: Michael Niedermayer

avcodec/mobiclip: Check quantizer for overflow

Fixes: signed integer overflow: 127 + 2147483536 cannot be represented in type 
'int'
Fixes: 
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-6014034970804224

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 677e27a9afa7305a918336699b377fd5b42cc299)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd7c92f48479c477e7cee5eb55c2491426303431
---

 libavcodec/mobiclip.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/mobiclip.c b/libavcodec/mobiclip.c
index bf47a5bc41..4baf347446 100644
--- a/libavcodec/mobiclip.c
+++ b/libavcodec/mobiclip.c
@@ -329,7 +329,7 @@ static av_cold int mobiclip_init(AVCodecContext *avctx)
 return 0;
 }
 
-static int setup_qtables(AVCodecContext *avctx, int quantizer)
+static int setup_qtables(AVCodecContext *avctx, int64_t quantizer)
 {
 MobiClipContext *s = avctx->priv_data;
 int qx, qy;
@@ -1256,7 +1256,7 @@ static int mobiclip_decode(AVCodecContext *avctx, void 
*data,
 frame->key_frame = 0;
 s->dct_tab_idx = 0;
 
-ret = setup_qtables(avctx, s->quantizer + get_se_golomb(gb));
+ret = setup_qtables(avctx, s->quantizer + (int64_t)get_se_golomb(gb));
 if (ret < 0)
 return ret;
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mxfdec: Check run_in is within 65536

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 18 14:28:03 2022 +0200| [0191e5f13e7a739fb4c3c6ba0cfeea95fdc80eb5] | 
committer: Michael Niedermayer

avformat/mxfdec: Check run_in is within 65536

Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be 
represented in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 7786097825d9e3f02b4574c1924c28818eb83340)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0191e5f13e7a739fb4c3c6ba0cfeea95fdc80eb5
---

 libavformat/mxfdec.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 6ceaf9c3df..3384fc5c69 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -60,6 +60,7 @@
 #include "mxf.h"
 
 #define MXF_MAX_CHUNK_SIZE (32 << 20)
+#define RUN_IN_MAX (65535+1)  // S377m-2004 section 5.5 and S377-1-2009 
section 6.5, the +1 is to be slightly more tolerant
 
 typedef enum {
 Header,
@@ -3357,6 +3358,7 @@ static int mxf_read_header(AVFormatContext *s)
 KLVPacket klv;
 int64_t essence_offset = 0;
 int ret;
+int64_t run_in;
 
 mxf->last_forward_tell = INT64_MAX;
 
@@ -3367,7 +3369,10 @@ static int mxf_read_header(AVFormatContext *s)
 }
 avio_seek(s->pb, -14, SEEK_CUR);
 mxf->fc = s;
-mxf->run_in = avio_tell(s->pb);
+run_in = avio_tell(s->pb);
+if (run_in < 0 || run_in > RUN_IN_MAX)
+return AVERROR_INVALIDDATA;
+mxf->run_in = run_in;
 
 mxf_read_random_index_pack(s);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aiffdec: Check block_duration

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 16:32:08 2022 +0200| [df30441b1639b58a3d8ad61618544b8f82a65a0c] | 
committer: Michael Niedermayer

avformat/aiffdec: Check block_duration

Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 
'int'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=df30441b1639b58a3d8ad61618544b8f82a65a0c
---

 libavformat/aiffdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index a3ad095482..b1dbeae06f 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -369,6 +369,8 @@ got_sound:
 av_log(s, AV_LOG_ERROR, "could not find COMM tag or invalid 
block_align value\n");
 return -1;
 }
+if (aiff->block_duration < 0)
+return AVERROR_INVALIDDATA;
 
 /* Now positioned, get the sound data start and end */
 avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mxfdec: only probe max run in

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Wed Sep 21 18:23:30 2022 +0200| [21b786d628f6f9b9ff1275994d50b83c0b835635] | 
committer: Michael Niedermayer

avformat/mxfdec: only probe max run in

Suggested-by: Tomas Härdin 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 1182bbb2c3226260ed672920251e3410bde8c6c9)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=21b786d628f6f9b9ff1275994d50b83c0b835635
---

 libavformat/mxfdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 3384fc5c69..d37eeb603a 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -3785,7 +3785,7 @@ static int mxf_read_close(AVFormatContext *s)
 
 static int mxf_probe(const AVProbeData *p) {
 const uint8_t *bufp = p->buf;
-const uint8_t *end = p->buf + p->buf_size;
+const uint8_t *end = p->buf + FFMIN(p->buf_size, RUN_IN_MAX + 1 + 
sizeof(mxf_header_partition_pack_key));
 
 if (p->buf_size < sizeof(mxf_header_partition_pack_key))
 return 0;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/aiffdec: Use 64bit for block_duration use

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 16:32:09 2022 +0200| [cc5c5beb98996de1a5fe28881f224056cb2aca2e] | 
committer: Michael Niedermayer

avformat/aiffdec: Use 64bit for block_duration use

Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 
'int'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc5c5beb98996de1a5fe28881f224056cb2aca2e
---

 libavformat/aiffdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index b1dbeae06f..f14044d61c 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -425,7 +425,7 @@ static int aiff_read_packet(AVFormatContext *s,
 pkt->flags &= ~AV_PKT_FLAG_CORRUPT;
 /* Only one stream in an AIFF file */
 pkt->stream_index = 0;
-pkt->duration = (res / st->codecpar->block_align) * 
aiff->block_duration;
+pkt->duration = (res / st->codecpar->block_align) * (int64_t) 
aiff->block_duration;
 return 0;
 }
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/mjpegdec: Check for unsupported bayer case

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 18 23:42:02 2022 +0200| [c2c9dac4632c54d1f35594eb34bf3bc12ed28a5a] | 
committer: Michael Niedermayer

avcodec/mjpegdec: Check for unsupported bayer case

Fixes: out of array access
Fixes: 
51462/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-662559341582745

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit dd81cc22b3dd5bd6badf012b4fe4c19e062650f4)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c2c9dac4632c54d1f35594eb34bf3bc12ed28a5a
---

 libavcodec/mjpegdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index f85ebbc754..7135c95bda 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -1202,6 +1202,8 @@ static int ljpeg_decode_rgb_scan(MJpegDecodeContext *s, 
int nb_components, int p
 ptr[3*mb_x + 2] = buffer[mb_x][2] + ptr[3*mb_x + 1];
 }
 } else if (s->bayer) {
+if (s->bits <= 8)
+return AVERROR_PATCHWELCOME;
 if (nb_components == 1) {
 /* Leave decoding to the TIFF/DNG decoder (see comment in 
ff_mjpeg_decode_sof) */
 for (mb_x = 0; mb_x < width; mb_x++)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/icodec: Check nb_pal

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 23:15:56 2022 +0200| [b9b148ef87541b0eb699cb0baa861e262c9e8943] | 
committer: Michael Niedermayer

avformat/icodec: Check nb_pal

Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 
'int'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross 
Signed-off-by: Michael Niedermayer 
(cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b9b148ef87541b0eb699cb0baa861e262c9e8943
---

 libavformat/icodec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/icodec.c b/libavformat/icodec.c
index 93179bb41e..b321ad6007 100644
--- a/libavformat/icodec.c
+++ b/libavformat/icodec.c
@@ -203,6 +203,9 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
 AV_WL32(buf + 32, image->nb_pal);
 }
 
+if (image->nb_pal > INT_MAX / 4 - 14 - 40)
+return AVERROR_INVALIDDATA;
+
 AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4);
 AV_WL32(buf + 8, AV_RL32(buf + 8) / 2);
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/ape: Check frames size

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 21:19:53 2022 +0200| [5ee0beb7997bc08d1926054c597d87f490971e1f] | 
committer: Michael Niedermayer

avformat/ape: Check frames size

Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ee0beb7997bc08d1926054c597d87f490971e1f
---

 libavformat/ape.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/ape.c b/libavformat/ape.c
index a7be29a469..7ced92cf76 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -301,6 +301,8 @@ static int ape_read_header(AVFormatContext * s)
 ape->frames[i].pos  -= ape->frames[i].skip;
 ape->frames[i].size += ape->frames[i].skip;
 }
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
 ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
 }
 if (ape->fileversion < 3810) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/cafdec: Check that nb_frasmes fits within 64bit

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 21:48:43 2022 +0200| [e7d1caf41f6e514f7b0a9c4c36b347e83b3468f4] | 
committer: Michael Niedermayer

avformat/cafdec: Check that nb_frasmes fits within 64bit

Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e7d1caf41f6e514f7b0a9c4c36b347e83b3468f4
---

 libavformat/cafdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index d18c3fce75..1842c3c0ae 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -342,7 +342,7 @@ static int read_header(AVFormatContext *s)
 
 found_data:
 if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) {
-if (caf->data_size > 0)
+if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet < 
INT64_MAX / caf->frames_per_packet)
 st->nb_frames = (caf->data_size / caf->bytes_per_packet) * 
caf->frames_per_packet;
 } else if (st->nb_index_entries && st->duration > 0) {
 if (st->codecpar->sample_rate && caf->data_size / st->duration > 
INT64_MAX / st->codecpar->sample_rate / 8) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/dxa: avoid bpc overflows

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 22:40:47 2022 +0200| [d15dfed7acd3c64d44b69992332391f714c2a161] | 
committer: Michael Niedermayer

avformat/dxa: avoid bpc overflows

Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type 
'int'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d15dfed7acd3c64d44b69992332391f714c2a161
---

 libavformat/dxa.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavformat/dxa.c b/libavformat/dxa.c
index cd9c489851..2a5487710f 100644
--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -118,9 +118,12 @@ static int dxa_read_header(AVFormatContext *s)
 if(tag == MKTAG('d', 'a', 't', 'a')) break;
 avio_skip(pb, fsize);
 }
-c->bpc = (fsize + c->frames - 1) / c->frames;
-if(ast->codecpar->block_align)
+c->bpc = (fsize + (int64_t)c->frames - 1) / c->frames;
+if(ast->codecpar->block_align) {
+if (c->bpc > INT_MAX - ast->codecpar->block_align + 1)
+return AVERROR_INVALIDDATA;
 c->bpc = ((c->bpc + ast->codecpar->block_align - 1) / 
ast->codecpar->block_align) * ast->codecpar->block_align;
+}
 c->bytes_left = fsize;
 c->wavpos = avio_tell(pb);
 avio_seek(pb, c->vidpos, SEEK_SET);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/asfdec_o: Limit packet offset

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 21:30:55 2022 +0200| [c44ce5d8043a3b24f0deefa0c593637302f43188] | 
committer: Michael Niedermayer

avformat/asfdec_o: Limit packet offset

avoids overflows with it

Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be 
represented in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c44ce5d8043a3b24f0deefa0c593637302f43188
---

 libavformat/asfdec_o.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index 7f5552da0e..3a9e590a5b 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -1354,6 +1354,8 @@ static int asf_read_packet_header(AVFormatContext *s)
 unsigned char error_flags, len_flags, pay_flags;
 
 asf->packet_offset = avio_tell(pb);
+if (asf->packet_offset > INT64_MAX/2)
+asf->packet_offset = 0;
 error_flags = avio_r8(pb); // read Error Correction Flags
 if (error_flags & ASF_PACKET_FLAG_ERROR_CORRECTION_PRESENT) {
 if (!(error_flags & ASF_ERROR_CORRECTION_LENGTH_TYPE)) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/jacosubdec: Fix overflow in get_shift()

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sat Sep 17 22:55:24 2022 +0200| [25178bcd73890650f85e68a18807f95229968004] | 
committer: Michael Niedermayer

avformat/jacosubdec: Fix overflow in get_shift()

Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_JACOSUB_fuzzer-6722544461283328
Fixes: signed integer overflow: 48214448 * 60 cannot be represented in type 
'int'

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit b1a68127bbcd3d638363fa0249982c494e87c9e2)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25178bcd73890650f85e68a18807f95229968004
---

 libavformat/jacosubdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/jacosubdec.c b/libavformat/jacosubdec.c
index 2ccbf4c9de..59544bb507 100644
--- a/libavformat/jacosubdec.c
+++ b/libavformat/jacosubdec.c
@@ -152,7 +152,7 @@ static int get_shift(int timeres, const char *buf)
 ret = 0;
 switch (n) {
 case 4:
-ret = sign * (((int64_t)a*3600 + b*60 + c) * timeres + d);
+ret = sign * (((int64_t)a*3600 + (int64_t)b*60 + c) * timeres + d);
 break;
 case 3:
 ret = sign * (( (int64_t)a*60 + b) * timeres + c);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/rmdec: check tag_size

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 18 15:06:25 2022 +0200| [1d9553542bafa06ec707f8590df0fa0efb930b00] | 
committer: Michael Niedermayer

avformat/rmdec: check tag_size

Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 
'int'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1d9553542bafa06ec707f8590df0fa0efb930b00
---

 libavformat/rmdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index eaf71de520..c3945a9166 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -565,6 +565,8 @@ static int rm_read_header(AVFormatContext *s)
 }
 
 tag_size = avio_rb32(pb);
+if (tag_size < 0)
+return AVERROR_INVALIDDATA;
 avio_skip(pb, tag_size - 8);
 
 for(;;) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/flvdec: Use 64bit for sum_flv_tag_size

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 18 13:38:21 2022 +0200| [ecbdaa9b4cfe1f0aff6d5856692fadb8eb044d97] | 
committer: Michael Niedermayer

avformat/flvdec: Use 64bit for sum_flv_tag_size

Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in 
type 'int'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 7124f10c1d521096042ba3c9c519828147f78c46)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ecbdaa9b4cfe1f0aff6d5856692fadb8eb044d97
---

 libavformat/flvdec.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 2ff0b20c62..4a1c01a714 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -64,7 +64,7 @@ typedef struct FLVContext {
 uint8_t resync_buffer[2*RESYNC_BUFFER_SIZE];
 
 int broken_sizes;
-int sum_flv_tag_size;
+int64_t sum_flv_tag_size;
 
 int last_keyframe_stream_index;
 int keyframe_count;
@@ -1033,7 +1033,7 @@ retry:
 type = (avio_r8(s->pb) & 0x1F);
 orig_size =
 size = avio_rb24(s->pb);
-flv->sum_flv_tag_size += size + 11;
+flv->sum_flv_tag_size += size + 11LL;
 dts  = avio_rb24(s->pb);
 dts |= (unsigned)avio_r8(s->pb) << 24;
 av_log(s, AV_LOG_TRACE, "type:%d, size:%d, last:%d, dts:%"PRId64" 
pos:%"PRId64"\n", type, size, last, dts, avio_tell(s->pb));
@@ -1335,7 +1335,7 @@ leave:
 !avio_feof(s->pb) &&
 (last != orig_size || !last) && last != flv->sum_flv_tag_size &&
 !flv->broken_sizes) {
-av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %d\n", last, 
orig_size + 11, flv->sum_flv_tag_size);
+av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %"PRId64"\n", last, 
orig_size + 11, flv->sum_flv_tag_size);
 avio_seek(s->pb, pos + 1, SEEK_SET);
 ret = resync(s);
 av_packet_unref(pkt);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/nutdec: Check fields

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 18 14:47:25 2022 +0200| [7a42dcf0887dd81e23d7eb408b1d74965de95e77] | 
committer: Michael Niedermayer

avformat/nutdec: Check fields

Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 
'int'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7a42dcf0887dd81e23d7eb408b1d74965de95e77
---

 libavformat/nutdec.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index dff2593208..7df84bc6d4 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -244,6 +244,11 @@ static int decode_main_header(NUTContext *nut)
 for (i = 0; i < 256;) {
 int tmp_flags  = ffio_read_varlen(bc);
 int tmp_fields = ffio_read_varlen(bc);
+if (tmp_fields < 0) {
+av_log(s, AV_LOG_ERROR, "fields %d is invalid\n", tmp_fields);
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
 
 if (tmp_fields > 0)
 tmp_pts = get_s(bc);

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/sbgdec: Check ts_int in genrate_intervals

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 18 16:35:41 2022 +0200| [2c737a2cb020f231d936cd6b8c1859f0ffdfa6a3] | 
committer: Michael Niedermayer

avformat/sbgdec: Check ts_int in genrate_intervals

There is probably a better place to check for this, but better
here than nowhere

Fixes: signed integer overflow: -9223372036824775808 - 864 cannot be 
represented in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit 5f529e9147a5c5c8ecf8d5ef0dd569194ce30eed)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2c737a2cb020f231d936cd6b8c1859f0ffdfa6a3
---

 libavformat/sbgdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c
index 36cfff20fc..c86bc40862 100644
--- a/libavformat/sbgdec.c
+++ b/libavformat/sbgdec.c
@@ -1316,6 +1316,8 @@ static int generate_intervals(void *log, struct 
sbg_script *s, int sample_rate,
 
 /* Pseudo event before the first one */
 ev0 = s->events[s->nb_events - 1];
+if (av_sat_sub64(ev0.ts_int, period) != (uint64_t)ev0.ts_int - period)
+return AVERROR_INVALIDDATA;
 ev0.ts_int   -= period;
 ev0.ts_trans -= period;
 ev0.ts_next  -= period;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation

2022-09-25 Thread Michael Niedermayer 
ffmpeg | branch: release/4.4 | Michael Niedermayer  | 
Sun Sep 18 16:42:21 2022 +0200| [9dfac9e9e9e45b24e5612a5a1063215eafb78104] | 
committer: Michael Niedermayer

avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration 
calculation

Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented 
in type 'long'
Fixes: 
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
(cherry picked from commit aa8eb1bed075931b0ce0a8bc9a8ff5882830044c)
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9dfac9e9e9e45b24e5612a5a1063215eafb78104
---

 libavformat/sdsdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/sdsdec.c b/libavformat/sdsdec.c
index c70f5af849..2289e1bdac 100644
--- a/libavformat/sdsdec.c
+++ b/libavformat/sdsdec.c
@@ -112,7 +112,7 @@ static int sds_read_header(AVFormatContext *ctx)
 st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO;
 st->codecpar->channels = 1;
 st->codecpar->sample_rate = sample_period ? 10 / sample_period : 
16000;
-st->duration = (avio_size(pb) - 21) / (127) * s->size / 4;
+st->duration = av_rescale((avio_size(pb) - 21) / 127,  s->size, 4);
 
 avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

  1   2   >