[FFmpeg-cvslog] fftools/ffmpeg: rename read_file() to avoid conflict with libass
ffmpeg | branch: master | Anton Khirnov | Thu Oct 20
09:09:45 2022 +0200| [4cfffdd5519516ee7b6b440920d0aededc4bc06f] | committer:
Anton Khirnov
fftools/ffmpeg: rename read_file() to avoid conflict with libass
libass defines a non-static read_file() symbol, which causes conflicts
with static linking.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4cfffdd5519516ee7b6b440920d0aededc4bc06f
---
fftools/ffmpeg.h | 2 +-
fftools/ffmpeg_mux_init.c | 4 ++--
fftools/ffmpeg_opt.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/fftools/ffmpeg.h b/fftools/ffmpeg.h
index 2dcce45741..5966cac60e 100644
--- a/fftools/ffmpeg.h
+++ b/fftools/ffmpeg.h
@@ -702,7 +702,7 @@ void remove_avoptions(AVDictionary **a, AVDictionary *b);
void assert_avoptions(AVDictionary *m);
void assert_file_overwrite(const char *filename);
-char *read_file(const char *filename);
+char *file_read(const char *filename);
AVDictionary *strip_specifiers(AVDictionary *dict);
const AVCodec *find_codec_or_die(const char *name, enum AVMediaType type, int
encoder);
int parse_and_set_vsync(const char *arg, int *vsync_var, int file_idx, int
st_idx, int is_global);
diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
index c8b2552104..c77260c24b 100644
--- a/fftools/ffmpeg_mux_init.c
+++ b/fftools/ffmpeg_mux_init.c
@@ -380,7 +380,7 @@ static char *get_ost_filters(OptionsContext *o,
AVFormatContext *oc,
}
if (ost->filters_script)
-return read_file(ost->filters_script);
+return file_read(ost->filters_script);
else if (ost->filters)
return av_strdup(ost->filters);
@@ -585,7 +585,7 @@ static OutputStream *new_video_stream(Muxer *mux,
OptionsContext *o, int source_
av_dict_set(&ost->encoder_opts, "stats", logfilename,
AV_DICT_DONT_OVERWRITE);
} else {
if (video_enc->flags & AV_CODEC_FLAG_PASS2) {
-char *logbuffer = read_file(logfilename);
+char *logbuffer = file_read(logfilename);
if (!logbuffer) {
av_log(NULL, AV_LOG_FATAL, "Error reading log file
'%s' for pass-2 encoding\n",
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
index ead4ee1b38..9245e02813 100644
--- a/fftools/ffmpeg_opt.c
+++ b/fftools/ffmpeg_opt.c
@@ -1300,7 +1300,7 @@ static int open_input_file(OptionsContext *o, const char
*filename)
}
/* read file contents into a string */
-char *read_file(const char *filename)
+char *file_read(const char *filename)
{
AVIOContext *pb = NULL;
int ret = avio_open(&pb, filename, AVIO_FLAG_READ);
@@ -1725,7 +1725,7 @@ static int opt_filter_complex(void *optctx, const char
*opt, const char *arg)
static int opt_filter_complex_script(void *optctx, const char *opt, const char
*arg)
{
FilterGraph *fg;
-char *graph_desc = read_file(arg);
+char *graph_desc = file_read(arg);
if (!graph_desc)
return AVERROR(EINVAL);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/yuv4mpegdec: increase header limit
ffmpeg | branch: master | Chema Gonzalez | Thu Oct 20 09:06:37 2022 -0700| [a1a87b7a24532c87844eb21e20b52d898946d17f] | committer: Paul B Mahol avformat/yuv4mpegdec: increase header limit Allows demuxing UHD F10: fps yuvj420p files ffmpeg (at HEAD as of now) is creating this: ``` $ ffmpeg -y -i source.265 /tmp/foo.y4m >& /dev/null ... $ xxd /tmp/raw.y4m |less : 5955 5634 4d50 4547 3220 5731 3932 3020 YUV4MPEG2 W1920 0010: 4831 3038 3020 4631 3030 3030 3030 3030 H1080 F1 0020: 303a 2049 7020 4130 0: Ip A0 0030: 3a30 2043 3432 306d 7065 6732 2058 5953 :0 C420mpeg2 XYS 0040: 4353 533d 3432 304d 5045 4732 2058 434f CSS=420MPEG2 XCO 0050: 4c4f 5252 414e 4745 3d4c 494d 4954 4544 LORRANGE=LIMITED 0060: 0a46 5241 4d45 0a82 8282 8282 8282 8282 .FRAME.. ... ``` Which cannot be parsed by the same ffmpeg decoder: ``` $ ffmpeg -i /tmp/foo.y4m /tmp/bar.y4m ... [yuv4mpegpipe @ 0x2b69a40] Header too large. /tmp/foo.y4m: Invalid argument ``` This is kicking the ball (per 0b1ff3265e9bdad3b4b6b97ced2f126cb3599568), but seems to work. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a1a87b7a24532c87844eb21e20b52d898946d17f --- libavformat/yuv4mpegdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/yuv4mpegdec.c b/libavformat/yuv4mpegdec.c index b24275acc1..c0972af7de 100644 --- a/libavformat/yuv4mpegdec.c +++ b/libavformat/yuv4mpegdec.c @@ -27,7 +27,7 @@ #include "yuv4mpeg.h" /* Header size increased to allow room for optional flags */ -#define MAX_YUV4_HEADER 96 +#define MAX_YUV4_HEADER 128 #define MAX_FRAME_HEADER 80 static int yuv4_read_header(AVFormatContext *s) ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vf_maskedthreshold: implement diff mode
ffmpeg | branch: master | Paul B Mahol | Fri Oct 21 20:08:24
2022 +0200| [da4ff1d5365a750fe649d0a63ded2052549e33ff] | committer: Paul B Mahol
avfilter/vf_maskedthreshold: implement diff mode
To be useful for adaptive thresholding with threshold filter.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=da4ff1d5365a750fe649d0a63ded2052549e33ff
---
doc/filters.texi | 4
libavfilter/vf_maskedthreshold.c | 35 ---
2 files changed, 32 insertions(+), 7 deletions(-)
diff --git a/doc/filters.texi b/doc/filters.texi
index 2b920bf121..3186b312d8 100644
--- a/doc/filters.texi
+++ b/doc/filters.texi
@@ -16623,6 +16623,10 @@ video streams.
Set which planes will be processed as bitmap, unprocessed planes will be
copied from second stream.
By default value 0xf, all planes will be processed.
+
+@item mode
+Set mode of filter operation. Can be @code{abs} or @code{diff}.
+Default is @code{abs}.
@end table
@subsection Commands
diff --git a/libavfilter/vf_maskedthreshold.c b/libavfilter/vf_maskedthreshold.c
index 4d3745232e..53731eefc9 100644
--- a/libavfilter/vf_maskedthreshold.c
+++ b/libavfilter/vf_maskedthreshold.c
@@ -32,6 +32,7 @@ typedef struct MaskedThresholdContext {
int threshold;
int planes;
+int mode;
int linesize[4];
int planewidth[4], planeheight[4];
@@ -43,15 +44,19 @@ typedef struct MaskedThresholdContext {
} MaskedThresholdContext;
#define OFFSET(x) offsetof(MaskedThresholdContext, x)
-#define FLAGS
AV_OPT_FLAG_FILTERING_PARAM|AV_OPT_FLAG_VIDEO_PARAM|AV_OPT_FLAG_RUNTIME_PARAM
+#define TFLAGS
AV_OPT_FLAG_FILTERING_PARAM|AV_OPT_FLAG_VIDEO_PARAM|AV_OPT_FLAG_RUNTIME_PARAM
+#define FLAGS AV_OPT_FLAG_FILTERING_PARAM|AV_OPT_FLAG_VIDEO_PARAM
typedef struct ThreadData {
AVFrame *src, *ref, *dst;
} ThreadData;
static const AVOption maskedthreshold_options[] = {
-{ "threshold", "set threshold", OFFSET(threshold), AV_OPT_TYPE_INT,
{.i64=1}, 0, UINT16_MAX, FLAGS },
-{ "planes","set planes",OFFSET(planes),AV_OPT_TYPE_INT,
{.i64=0xF}, 0, 0xF,FLAGS },
+{ "threshold", "set threshold", OFFSET(threshold), AV_OPT_TYPE_INT,
{.i64=1}, 0, UINT16_MAX, TFLAGS },
+{ "planes","set planes",OFFSET(planes),AV_OPT_TYPE_INT,
{.i64=0xF}, 0, 0xF,TFLAGS },
+{ "mode", "set mode", OFFSET(mode), AV_OPT_TYPE_INT,
{.i64=0}, 0, 1, FLAGS, "mode" },
+{ "abs", "", 0, AV_OPT_TYPE_CONST,
{.i64=0}, 0, 0, FLAGS, "mode" },
+{ "diff", "", 0, AV_OPT_TYPE_CONST,
{.i64=1}, 0, 0, FLAGS, "mode" },
{ NULL }
};
@@ -77,13 +82,29 @@ static const enum AVPixelFormat pix_fmts[] = {
AV_PIX_FMT_NONE
};
-static void threshold8(const uint8_t *src, const uint8_t *ref, uint8_t *dst,
int threshold, int w)
+static void threshold8_diff(const uint8_t *src, const uint8_t *ref, uint8_t
*dst, int threshold, int w)
+{
+for (int x = 0; x < w; x++)
+dst[x] = (ref[x] - src[x] <= threshold) ? FFMAX(ref[x] - threshold,
0): src[x];
+}
+
+static void threshold8_abs(const uint8_t *src, const uint8_t *ref, uint8_t
*dst, int threshold, int w)
{
for (int x = 0; x < w; x++)
dst[x] = FFABS(src[x] - ref[x]) <= threshold ? src[x] : ref[x];
}
-static void threshold16(const uint8_t *ssrc, const uint8_t *rref, uint8_t
*ddst, int threshold, int w)
+static void threshold16_diff(const uint8_t *ssrc, const uint8_t *rref, uint8_t
*ddst, int threshold, int w)
+{
+const uint16_t *src = (const uint16_t *)ssrc;
+const uint16_t *ref = (const uint16_t *)rref;
+uint16_t *dst = (uint16_t *)ddst;
+
+for (int x = 0; x < w; x++)
+dst[x] = (ref[x] - src[x] <= threshold) ? FFMAX(ref[x] - threshold,
0): src[x];
+}
+
+static void threshold16_abs(const uint8_t *ssrc, const uint8_t *rref, uint8_t
*ddst, int threshold, int w)
{
const uint16_t *src = (const uint16_t *)ssrc;
const uint16_t *ref = (const uint16_t *)rref;
@@ -115,9 +136,9 @@ static int config_input(AVFilterLink *inlink)
s->depth = desc->comp[0].depth;
if (desc->comp[0].depth == 8)
-s->maskedthreshold = threshold8;
+s->maskedthreshold = s->mode ? threshold8_diff : threshold8_abs;
else
-s->maskedthreshold = threshold16;
+s->maskedthreshold = s->mode ? threshold16_diff : threshold16_abs;
return 0;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/mj2kdec: Remove always-true #if CONFIG_MJPEG_2000_DEMUXER
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Oct 18 12:07:39 2022 +0200| [1132007d3c340960f67da1dab79afe5931f3d36e] |
committer: Andreas Rheinhardt
avformat/mj2kdec: Remove always-true #if CONFIG_MJPEG_2000_DEMUXER
This file is built iff the MJPEG 2000 demuxer is enabled.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1132007d3c340960f67da1dab79afe5931f3d36e
---
libavformat/mj2kdec.c | 4
1 file changed, 4 deletions(-)
diff --git a/libavformat/mj2kdec.c b/libavformat/mj2kdec.c
index 2373f31b94..63c3e8a391 100644
--- a/libavformat/mj2kdec.c
+++ b/libavformat/mj2kdec.c
@@ -19,13 +19,10 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#include "config_components.h"
-
#include "libavutil/intreadwrite.h"
#include "avformat.h"
#include "rawdec.h"
-#if CONFIG_MJPEG_2000_DEMUXER
static int mjpeg2000_probe(const AVProbeData *p)
{
const uint8_t *b = p->buf;
@@ -53,4 +50,3 @@ static int mjpeg2000_probe(const AVProbeData *p)
return 0;
}
FF_DEF_RAWVIDEO_DEMUXER2(mjpeg_2000, "raw MJPEG 2000 video", mjpeg2000_probe,
"j2k", AV_CODEC_ID_JPEG2000, AVFMT_GENERIC_INDEX|AVFMT_NOTIMESTAMPS)
-#endif
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/nvdec_mjpeg: Remove always-true #if CONFIG_MJPEG_NVDEC_HWACCEL
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Oct 18 12:18:55 2022 +0200| [20a1296bb426295f73e1b1027dc047525df3f21a] |
committer: Andreas Rheinhardt
avcodec/nvdec_mjpeg: Remove always-true #if CONFIG_MJPEG_NVDEC_HWACCEL
This file is built iff said hwaccel is enabled.
Reviewed-by: Philip Langdale
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=20a1296bb426295f73e1b1027dc047525df3f21a
---
libavcodec/nvdec_mjpeg.c | 4
1 file changed, 4 deletions(-)
diff --git a/libavcodec/nvdec_mjpeg.c b/libavcodec/nvdec_mjpeg.c
index 87f7a99a46..fce464c1f8 100644
--- a/libavcodec/nvdec_mjpeg.c
+++ b/libavcodec/nvdec_mjpeg.c
@@ -20,8 +20,6 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#include "config_components.h"
-
#include "avcodec.h"
#include "internal.h"
#include "mjpegdec.h"
@@ -71,7 +69,6 @@ static int nvdec_mjpeg_frame_params(AVCodecContext *avctx,
return ff_nvdec_frame_params(avctx, hw_frames_ctx, 1, 0);
}
-#if CONFIG_MJPEG_NVDEC_HWACCEL
AVHWAccel ff_mjpeg_nvdec_hwaccel = {
.name = "mjpeg_nvdec",
.type = AVMEDIA_TYPE_VIDEO,
@@ -85,4 +82,3 @@ AVHWAccel ff_mjpeg_nvdec_hwaccel = {
.uninit = ff_nvdec_decode_uninit,
.priv_data_size = sizeof(NVDECContext),
};
-#endif
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/speedhqenc: Remove always-true #if CONFIG_SPEEDHQ_ENCODER
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Oct 18 12:16:59 2022 +0200| [f18f8a561c8a9449cc2f5bc66000a8fe94308eaf] |
committer: Andreas Rheinhardt
avcodec/speedhqenc: Remove always-true #if CONFIG_SPEEDHQ_ENCODER
This file is built iff the SpeedHQ encoder is enabled.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f18f8a561c8a9449cc2f5bc66000a8fe94308eaf
---
libavcodec/speedhqenc.c | 4
1 file changed, 4 deletions(-)
diff --git a/libavcodec/speedhqenc.c b/libavcodec/speedhqenc.c
index 4c1d76631b..527e63e602 100644
--- a/libavcodec/speedhqenc.c
+++ b/libavcodec/speedhqenc.c
@@ -27,8 +27,6 @@
* SpeedHQ encoder.
*/
-#include "config_components.h"
-
#include "libavutil/thread.h"
#include "avcodec.h"
@@ -280,7 +278,6 @@ int ff_speedhq_mb_y_order_to_mb(int mb_y_order, int
mb_height, int *first_in_sli
return mb_y_order * 4 + slice_num;
}
-#if CONFIG_SPEEDHQ_ENCODER
const FFCodec ff_speedhq_encoder = {
.p.name = "speedhq",
CODEC_LONG_NAME("NewTek SpeedHQ"),
@@ -297,4 +294,3 @@ const FFCodec ff_speedhq_encoder = {
AV_PIX_FMT_NONE
},
};
-#endif
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cyuv: Remove useless private context
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Oct 18 13:30:19 2022 +0200| [d94a445e3d5a1d6a216e708b2ff104c1caaa673c] |
committer: Andreas Rheinhardt
avcodec/cyuv: Remove useless private context
It just contains duplicates of values from AVCodecContext
as well as an write-only pointer to said AVCodecContext.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d94a445e3d5a1d6a216e708b2ff104c1caaa673c
---
libavcodec/cyuv.c | 36 +++-
1 file changed, 11 insertions(+), 25 deletions(-)
diff --git a/libavcodec/cyuv.c b/libavcodec/cyuv.c
index f233b362dc..0765f41ca3 100644
--- a/libavcodec/cyuv.c
+++ b/libavcodec/cyuv.c
@@ -37,22 +37,11 @@
#include "decode.h"
#include "libavutil/internal.h"
-
-typedef struct CyuvDecodeContext {
-AVCodecContext *avctx;
-int width, height;
-} CyuvDecodeContext;
-
static av_cold int cyuv_decode_init(AVCodecContext *avctx)
{
-CyuvDecodeContext *s = avctx->priv_data;
-
-s->avctx = avctx;
-s->width = avctx->width;
/* width needs to be divisible by 4 for this codec to work */
-if (s->width & 0x3)
+if (avctx->width & 0x3)
return AVERROR_INVALIDDATA;
-s->height = avctx->height;
return 0;
}
@@ -62,7 +51,6 @@ static int cyuv_decode_frame(AVCodecContext *avctx, AVFrame
*frame,
{
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
-CyuvDecodeContext *s=avctx->priv_data;
unsigned char *y_plane;
unsigned char *u_plane;
@@ -80,7 +68,7 @@ static int cyuv_decode_frame(AVCodecContext *avctx, AVFrame
*frame,
int stream_ptr;
unsigned char cur_byte;
int pixel_groups;
-int rawsize = s->height * FFALIGN(s->width,2) * 2;
+int rawsize = avctx->height * FFALIGN(avctx->width,2) * 2;
int ret;
if (avctx->codec_id == AV_CODEC_ID_AURA) {
@@ -91,13 +79,13 @@ static int cyuv_decode_frame(AVCodecContext *avctx, AVFrame
*frame,
* followed by (height) lines each with 3 bytes to represent groups
* of 4 pixels. Thus, the total size of the buffer ought to be:
*(3 * 16) + height * (width * 3 / 4) */
-if (buf_size == 48 + s->height * (s->width * 3 / 4)) {
+if (buf_size == 48 + avctx->height * (avctx->width * 3 / 4)) {
avctx->pix_fmt = AV_PIX_FMT_YUV411P;
} else if(buf_size == rawsize ) {
avctx->pix_fmt = AV_PIX_FMT_UYVY422;
} else {
av_log(avctx, AV_LOG_ERROR, "got a buffer with %d bytes when %d were
expected\n",
- buf_size, 48 + s->height * (s->width * 3 / 4));
+ buf_size, 48 + avctx->height * (avctx->width * 3 / 4));
return AVERROR_INVALIDDATA;
}
@@ -112,8 +100,8 @@ static int cyuv_decode_frame(AVCodecContext *avctx, AVFrame
*frame,
v_plane = frame->data[2];
if (buf_size == rawsize) {
-int linesize = FFALIGN(s->width,2) * 2;
-y_plane += frame->linesize[0] * s->height;
+int linesize = FFALIGN(avctx->width, 2) * 2;
+y_plane += frame->linesize[0] * avctx->height;
for (stream_ptr = 0; stream_ptr < rawsize; stream_ptr += linesize) {
y_plane -= frame->linesize[0];
memcpy(y_plane, buf+stream_ptr, linesize);
@@ -122,10 +110,10 @@ static int cyuv_decode_frame(AVCodecContext *avctx,
AVFrame *frame,
/* iterate through each line in the height */
for (y_ptr = 0, u_ptr = 0, v_ptr = 0;
- y_ptr < (s->height * frame->linesize[0]);
- y_ptr += frame->linesize[0] - s->width,
- u_ptr += frame->linesize[1] - s->width / 4,
- v_ptr += frame->linesize[2] - s->width / 4) {
+ y_ptr < (avctx->height * frame->linesize[0]);
+ y_ptr += frame->linesize[0] - avctx->width,
+ u_ptr += frame->linesize[1] - avctx->width / 4,
+ v_ptr += frame->linesize[2] - avctx->width / 4) {
/* reset predictors */
cur_byte = buf[stream_ptr++];
@@ -144,7 +132,7 @@ static int cyuv_decode_frame(AVCodecContext *avctx, AVFrame
*frame,
y_plane[y_ptr++] = y_pred;
/* iterate through the remaining pixel groups (4 pixels/group) */
-pixel_groups = s->width / 4 - 1;
+pixel_groups = avctx->width / 4 - 1;
while (pixel_groups--) {
cur_byte = buf[stream_ptr++];
@@ -180,7 +168,6 @@ const FFCodec ff_aura_decoder = {
CODEC_LONG_NAME("Auravision AURA"),
.p.type = AVMEDIA_TYPE_VIDEO,
.p.id = AV_CODEC_ID_AURA,
-.priv_data_size = sizeof(CyuvDecodeContext),
.init = cyuv_decode_init,
FF_CODEC_DECODE_CB(cyuv_decode_frame),
.p.capabilities = AV_CODEC_CAP_DR1,
@@ -193,7 +180,6 @@ const FFCodec ff_cyuv_decoder = {
CODEC_LONG_NAME("Creative YUV (CYUV)"),
.p.type = AVMEDIA_TYPE_VIDEO,
.p.id = AV_CODEC_ID_CYUV,
-.priv_data_size = sizeof(CyuvDecodeContext),
.init = cyuv_decode_init,
FF_CODEC_DECODE_CB(cyuv_decode_frame),
[FFmpeg-cvslog] avcodec/metasound: Remove unnecessary headers
ffmpeg | branch: master | Andreas Rheinhardt | Tue Oct 18 15:13:30 2022 +0200| [7894d4c9fa16204cf8bd266915e2da18a7775f72] | committer: Andreas Rheinhardt avcodec/metasound: Remove unnecessary headers They are used in twinvq.c, not in metasound.c. Signed-off-by: Andreas Rheinhardt > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7894d4c9fa16204cf8bd266915e2da18a7775f72 --- libavcodec/metasound.c | 4 1 file changed, 4 deletions(-) diff --git a/libavcodec/metasound.c b/libavcodec/metasound.c index 67c4d94f62..7ddf992c09 100644 --- a/libavcodec/metasound.c +++ b/libavcodec/metasound.c @@ -26,15 +26,11 @@ #include #include "libavutil/channel_layout.h" -#include "libavutil/float_dsp.h" #define BITSTREAM_READER_LE #include "avcodec.h" #include "codec_internal.h" -#include "fft.h" #include "get_bits.h" -#include "lsp.h" -#include "sinewin.h" #include "twinvq.h" #include "metasound_data.h" ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/speedhq: Rename file to speedhqdec.c, move ff_rl_speedhq out
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Oct 18 14:29:03 2022 +0200| [0d1028f63f0e1050806e3b1b69e1d8a87a975c70] |
committer: Andreas Rheinhardt
avcodec/speedhq: Rename file to speedhqdec.c, move ff_rl_speedhq out
Renaming the decoder to speedhqdec.c makes sense since
we have an encoder in speedhqenc.c. Given that ff_rl_speedhq
is also used by the encoder, it is kept in speedhq.c
and a proper header for it is created to replace the ad-hoc
declaration in speedhqenc.c. This also allows to remove
the check for CONFIG_SPEEDHQ_DECODER, as it is always true
when speedhqdec.c is compiled.
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0d1028f63f0e1050806e3b1b69e1d8a87a975c70
---
libavcodec/Makefile | 3 +-
libavcodec/speedhq.c| 637 +-
libavcodec/speedhq.h| 29 +++
libavcodec/speedhqdec.c | 652
libavcodec/speedhqenc.c | 2 +-
5 files changed, 687 insertions(+), 636 deletions(-)
diff --git a/libavcodec/Makefile b/libavcodec/Makefile
index 8fa83c72b2..90c7f113a3 100644
--- a/libavcodec/Makefile
+++ b/libavcodec/Makefile
@@ -660,7 +660,8 @@ OBJS-$(CONFIG_SOL_DPCM_DECODER)+= dpcm.o
OBJS-$(CONFIG_SONIC_DECODER) += sonic.o
OBJS-$(CONFIG_SONIC_ENCODER) += sonic.o
OBJS-$(CONFIG_SONIC_LS_ENCODER)+= sonic.o
-OBJS-$(CONFIG_SPEEDHQ_DECODER) += speedhq.o mpeg12.o mpeg12data.o
+OBJS-$(CONFIG_SPEEDHQ_DECODER) += speedhqdec.o speedhq.o mpeg12.o \
+ mpeg12data.o
OBJS-$(CONFIG_SPEEDHQ_ENCODER) += speedhq.o mpeg12data.o mpeg12enc.o
speedhqenc.o
OBJS-$(CONFIG_SPEEX_DECODER) += speexdec.o
OBJS-$(CONFIG_SP5X_DECODER)+= sp5xdec.o
diff --git a/libavcodec/speedhq.c b/libavcodec/speedhq.c
index 04ba4dd19c..ee37573789 100644
--- a/libavcodec/speedhq.c
+++ b/libavcodec/speedhq.c
@@ -1,5 +1,5 @@
/*
- * NewTek SpeedHQ codec
+ * NewTek SpeedHQ common data
* Copyright 2017 Steinar H. Gunderson
*
* This file is part of FFmpeg.
@@ -19,48 +19,9 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-/**
- * @file
- * NewTek SpeedHQ decoder.
- */
-
-#define BITSTREAM_READER_LE
-
-#include "config_components.h"
-#include "libavutil/attributes.h"
-#include "libavutil/mem_internal.h"
-
-#include "avcodec.h"
-#include "blockdsp.h"
-#include "codec_internal.h"
-#include "decode.h"
-#include "get_bits.h"
-#include "idctdsp.h"
-#include "libavutil/thread.h"
-#include "mathops.h"
-#include "mpeg12data.h"
-#include "mpeg12vlc.h"
+#include
#include "rl.h"
-
-#define MAX_INDEX (64 - 1)
-
-/*
- * 5 bits makes for very small tables, with no more than two lookups needed
- * for the longest (10-bit) codes.
- */
-#define ALPHA_VLC_BITS 5
-
-typedef struct SHQContext {
-AVCodecContext *avctx;
-BlockDSPContext bdsp;
-IDCTDSPContext idsp;
-ScanTable intra_scantable;
-int quant_matrix[64];
-enum { SHQ_SUBSAMPLING_420, SHQ_SUBSAMPLING_422, SHQ_SUBSAMPLING_444 }
-subsampling;
-enum { SHQ_NO_ALPHA, SHQ_RLE_ALPHA, SHQ_DCT_ALPHA } alpha_type;
-} SHQContext;
-
+#include "speedhq.h"
/* AC codes: Very similar but not identical to MPEG-2. */
static const uint16_t speedhq_vlc[123][2] = {
@@ -144,595 +105,3 @@ RLTable ff_rl_speedhq = {
speedhq_run,
speedhq_level,
};
-
-#if CONFIG_SPEEDHQ_DECODER
-/* NOTE: The first element is always 16, unscaled. */
-static const uint8_t unscaled_quant_matrix[64] = {
-16, 16, 19, 22, 26, 27, 29, 34,
-16, 16, 22, 24, 27, 29, 34, 37,
-19, 22, 26, 27, 29, 34, 34, 38,
-22, 22, 26, 27, 29, 34, 37, 40,
-22, 26, 27, 29, 32, 35, 40, 48,
-26, 27, 29, 32, 35, 40, 48, 58,
-26, 27, 29, 34, 38, 46, 56, 69,
-27, 29, 35, 38, 46, 56, 69, 83
-};
-
-static VLC dc_lum_vlc_le;
-static VLC dc_chroma_vlc_le;
-static VLC dc_alpha_run_vlc_le;
-static VLC dc_alpha_level_vlc_le;
-
-static inline int decode_dc_le(GetBitContext *gb, int component)
-{
-int code, diff;
-
-if (component == 0 || component == 3) {
-code = get_vlc2(gb, dc_lum_vlc_le.table, DC_VLC_BITS, 2);
-} else {
-code = get_vlc2(gb, dc_chroma_vlc_le.table, DC_VLC_BITS, 2);
-}
-if (!code) {
-diff = 0;
-} else {
-diff = get_xbits_le(gb, code);
-}
-return diff;
-}
-
-static inline int decode_alpha_block(const SHQContext *s, GetBitContext *gb,
uint8_t last_alpha[16], uint8_t *dest, int linesize)
-{
-uint8_t block[128];
-int i = 0, x, y;
-
-memset(block, 0, sizeof(block));
-
-{
-OPEN_READER(re, gb);
-
-for ( ;; ) {
-int run, level;
-
-UPDATE_CACHE_LE(re, gb);
-GET_VLC(run, re, gb, dc_alpha_run_vlc_le.table, ALPHA_VLC_BITS, 2);
-
-if (run < 0) break;
-i += run;
-if (i >= 128)
-return AVERROR_INVALIDDATA;
[FFmpeg-cvslog] avcodec/metasound: Remove always-false checks
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Oct 18 13:33:43 2022 +0200| [1490ba6f4167f9d83a5f3a33ff44772572bce2cf] |
committer: Andreas Rheinhardt
avcodec/metasound: Remove always-false checks
The number of channels that is checked here is automatically
valid because it has just been set by us (based upon an entry
in codec_props).
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1490ba6f4167f9d83a5f3a33ff44772572bce2cf
---
libavcodec/metasound.c | 5 -
1 file changed, 5 deletions(-)
diff --git a/libavcodec/metasound.c b/libavcodec/metasound.c
index d5bf2d22ad..67c4d94f62 100644
--- a/libavcodec/metasound.c
+++ b/libavcodec/metasound.c
@@ -302,11 +302,6 @@ static av_cold int metasound_decode_init(AVCodecContext
*avctx)
props++;
}
-if (channels <= 0 || channels > TWINVQ_CHANNELS_MAX) {
-av_log(avctx, AV_LOG_ERROR, "Unsupported number of channels: %i\n",
- channels);
-return AVERROR_INVALIDDATA;
-}
av_channel_layout_uninit(&avctx->ch_layout);
av_channel_layout_default(&avctx->ch_layout, channels);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/speedhqdec: Remove write-only AVCodecContext*
ffmpeg | branch: master | Andreas Rheinhardt |
Tue Oct 18 15:39:01 2022 +0200| [ff3c4705f61dd03bf9dd0ae5d9f6c83075b25814] |
committer: Andreas Rheinhardt
avcodec/speedhqdec: Remove write-only AVCodecContext*
Signed-off-by: Andreas Rheinhardt
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ff3c4705f61dd03bf9dd0ae5d9f6c83075b25814
---
libavcodec/speedhqdec.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/libavcodec/speedhqdec.c b/libavcodec/speedhqdec.c
index 3dea1c3605..acca437bd5 100644
--- a/libavcodec/speedhqdec.c
+++ b/libavcodec/speedhqdec.c
@@ -51,7 +51,6 @@
#define ALPHA_VLC_BITS 5
typedef struct SHQContext {
-AVCodecContext *avctx;
BlockDSPContext bdsp;
IDCTDSPContext idsp;
ScanTable intra_scantable;
@@ -576,8 +575,6 @@ static av_cold int speedhq_decode_init(AVCodecContext
*avctx)
static AVOnce init_once = AV_ONCE_INIT;
SHQContext * const s = avctx->priv_data;
-s->avctx = avctx;
-
ret = ff_thread_once(&init_once, speedhq_static_init);
if (ret)
return AVERROR_UNKNOWN;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/genh: Check sample rate
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Apr 11 22:00:52 2022 +0200| [1906b8b1e44721fe34b381b693c3639a0ae6c605] | committer: Michael Niedermayer avformat/genh: Check sample rate Fixes: signed integer overflow: -2515507630940093440 * 4 cannot be represented in type 'long' Fixes: 46318/clusterfuzz-testcase-minimized-ffmpeg_dem_GENH_fuzzer-5009637474172928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit a3d790f1977ed6c326eb93bb61757297a7905dcc) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1906b8b1e44721fe34b381b693c3639a0ae6c605 --- libavformat/genh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/genh.c b/libavformat/genh.c index 1f676d3004..eb930afbde 100644 --- a/libavformat/genh.c +++ b/libavformat/genh.c @@ -66,6 +66,9 @@ static int genh_read_header(AVFormatContext *s) return AVERROR_INVALIDDATA; st->codecpar->block_align = align * st->codecpar->channels; st->codecpar->sample_rate = avio_rl32(s->pb); +if (st->codecpar->sample_rate < 0) +return AVERROR_INVALIDDATA; + avio_skip(s->pb, 4); st->duration = avio_rl32(s->pb); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/act: Check ff_get_wav_header() for failure
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun May 15 22:55:12 2022 +0200| [d03eb6c889dd3915681650993acd13017dcf2b1d] | committer: Michael Niedermayer avformat/act: Check ff_get_wav_header() for failure Fixes: missing error check Fixes: CID717495 Signed-off-by: Michael Niedermayer (cherry picked from commit 5982da87e3464e7df529a169352748560d70ba80) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d03eb6c889dd3915681650993acd13017dcf2b1d --- libavformat/act.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/act.c b/libavformat/act.c index fe67411787..7cbffbfd05 100644 --- a/libavformat/act.c +++ b/libavformat/act.c @@ -66,6 +66,7 @@ static int read_header(AVFormatContext *s) AVIOContext *pb = s->pb; int size; AVStream* st; +int ret; int min,sec,msec; @@ -75,7 +76,9 @@ static int read_header(AVFormatContext *s) avio_skip(pb, 16); size=avio_rl32(pb); -ff_get_wav_header(s, pb, st->codecpar, size, 0); +ret = ff_get_wav_header(s, pb, st->codecpar, size, 0); +if (ret < 0) +return ret; /* 8000Hz (Fine-rec) file format has 10 bytes long ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avfilter/vsrc_mandelbrot: Check for malloc failure
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Apr 21 22:45:12 2022 +0200| [23ce7312cc77e09140f8b38fa2b7a272bfdbfcf7] | committer: Michael Niedermayer avfilter/vsrc_mandelbrot: Check for malloc failure Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit fbd22504c4148d2a01ccfe38df26c144f56db76b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=23ce7312cc77e09140f8b38fa2b7a272bfdbfcf7 --- libavfilter/vsrc_mandelbrot.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavfilter/vsrc_mandelbrot.c b/libavfilter/vsrc_mandelbrot.c index 2f6944f02f..2acc8fee52 100644 --- a/libavfilter/vsrc_mandelbrot.c +++ b/libavfilter/vsrc_mandelbrot.c @@ -134,6 +134,9 @@ static av_cold int init(AVFilterContext *ctx) s-> next_cache= av_malloc_array(s->cache_allocated, sizeof(*s-> next_cache)); s-> zyklus= av_malloc_array(s->maxiter + 16, sizeof(*s->zyklus)); +if (!s->point_cache || !s->next_cache || !s->zyklus) +return AVERROR(ENOMEM); + return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/asfdec_f: Check packet_frag_timestamp
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Mar 20 23:13:16 2022 +0100| [c756e27a70c34ca023576262eda7d3479744a8f3] |
committer: Michael Niedermayer
avformat/asfdec_f: Check packet_frag_timestamp
Fixes: signed integer overflow: -9223372036854775808 - 4607 cannot be
represented in type 'long'
Fixes:
45685/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5280102802391040
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ffc877215056e8f0feb1ff23ba7dc4c19277b94b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c756e27a70c34ca023576262eda7d3479744a8f3
---
libavformat/asfdec_f.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index 491a2ebdf8..e944d8cb01 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -1313,10 +1313,12 @@ static int asf_parse_packet(AVFormatContext *s,
AVIOContext *pb, AVPacket *pkt)
if ((ret = av_new_packet(&asf_st->pkt, asf_st->packet_obj_size)) <
0)
return ret;
asf_st->seq = asf->packet_seq;
-if (asf->ts_is_pts) {
-asf_st->pkt.pts = asf->packet_frag_timestamp -
asf->hdr.preroll;
-} else
-asf_st->pkt.dts = asf->packet_frag_timestamp -
asf->hdr.preroll;
+if (asf->packet_frag_timestamp != AV_NOPTS_VALUE) {
+if (asf->ts_is_pts) {
+asf_st->pkt.pts = asf->packet_frag_timestamp -
asf->hdr.preroll;
+} else
+asf_st->pkt.dts = asf->packet_frag_timestamp -
asf->hdr.preroll;
+}
asf_st->pkt.stream_index = asf->stream_index;
asf_st->pkt.pos = asf_st->packet_pos = asf->packet_pos;
asf_st->pkt_clean= 0;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/texturedspenc: Fix indexing in color distribution determination
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Mon Jan 2 00:28:33 2017 +0100| [065b3e6009cb8942f9891f87ca051eb6f7264d27] |
committer: Michael Niedermayer
avcodec/texturedspenc: Fix indexing in color distribution determination
Fixes CID1396405
MSE and PSNR is slightly improved, and some noticable corruptions disappear as
well.
Signed-off-by: Michael Niedermayer
Signed-off-by: Marton Balint
(cherry picked from commit ade36d61de8ea5a5acb30a05a0cbcda069127143)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=065b3e6009cb8942f9891f87ca051eb6f7264d27
---
libavcodec/texturedspenc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/texturedspenc.c b/libavcodec/texturedspenc.c
index 8b2863033b..5171c69d82 100644
--- a/libavcodec/texturedspenc.c
+++ b/libavcodec/texturedspenc.c
@@ -255,11 +255,11 @@ static void optimize_colors(const uint8_t *block,
ptrdiff_t stride,
muv = minv = maxv = bp[0];
for (y = 0; y < 4; y++) {
-for (x = 4; x < 4; x += 4) {
+for (x = 0; x < 4; x++) {
muv += bp[x * 4 + y * stride];
-if (bp[x] < minv)
+if (bp[x * 4 + y * stride] < minv)
minv = bp[x * 4 + y * stride];
-else if (bp[x] > maxv)
+else if (bp[x * 4 + y * stride] > maxv)
maxv = bp[x * 4 + y * stride];
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/bfi: Check offsets better
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Mar 20 23:24:40 2022 +0100| [0bb61d27447d29366074249f1663fda770d699c0] |
committer: Michael Niedermayer
avformat/bfi: Check offsets better
Fixes: signed integer overflow: -2145378272 - 538976288 cannot be represented
in type 'int'
Fixes:
45690/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5015496544616448
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 35dc93ab44a57d78956414624c4e011414220e98)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0bb61d27447d29366074249f1663fda770d699c0
---
libavformat/bfi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavformat/bfi.c b/libavformat/bfi.c
index e640935c64..b0a3e533c5 100644
--- a/libavformat/bfi.c
+++ b/libavformat/bfi.c
@@ -139,12 +139,12 @@ static int bfi_read_packet(AVFormatContext * s, AVPacket
* pkt)
audio_offset= avio_rl32(pb);
avio_rl32(pb);
video_offset= avio_rl32(pb);
-audio_size = video_offset - audio_offset;
-bfi->video_size = chunk_size - video_offset;
-if (audio_size < 0 || bfi->video_size < 0) {
+if (audio_offset < 0 || video_offset < audio_offset || chunk_size <
video_offset) {
av_log(s, AV_LOG_ERROR, "Invalid audio/video offsets or chunk
size\n");
return AVERROR_INVALIDDATA;
}
+audio_size = video_offset - audio_offset;
+bfi->video_size = chunk_size - video_offset;
//Tossing an audio packet at the audio decoder.
ret = av_get_packet(pb, pkt, audio_size);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/cdgraphics: limit scrolling to the line
ffmpeg | branch: release/3.2 | Michael Niedermayer | Thu Jun 9 22:36:00 2022 +0200| [e72660db30804ab75543ba510a8ee45052994480] | committer: Michael Niedermayer avcodec/cdgraphics: limit scrolling to the line Fixes: out of array access Fixes: 47877/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CDGRAPHICS_fuzzer-5690504626438144 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit b7e30a13d4e4557b87f977b76a6bb5e3cbe5ac78) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e72660db30804ab75543ba510a8ee45052994480 --- libavcodec/cdgraphics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c index da6fb7af03..3d8219a451 100644 --- a/libavcodec/cdgraphics.c +++ b/libavcodec/cdgraphics.c @@ -238,7 +238,7 @@ static void cdg_scroll(CDGraphicsContext *cc, uint8_t *data, for (y = FFMAX(0, vinc); y < FFMIN(CDG_FULL_HEIGHT + vinc, CDG_FULL_HEIGHT); y++) memcpy(out + FFMAX(0, hinc) + stride * y, in + FFMAX(0, hinc) - hinc + (y - vinc) * stride, - FFMIN(stride + hinc, stride)); + FFABS(stride) - FFABS(hinc)); if (vinc > 0) cdg_fill_wrapper(0, 0, out, ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: more bits in size for less overflows
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sat Apr 2 22:18:49 2022 +0200| [1236e18a003758d841de0f2d020421c7debafb60] |
committer: Michael Niedermayer
avformat/ape: more bits in size for less overflows
Fixes: signed integer overflow: 2147483647 + 3 cannot be represented in type
'int'
Fixes:
46184/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-4678059519770624
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit e5f6707a7b91664491041526ef3cce7412258b89)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1236e18a003758d841de0f2d020421c7debafb60
---
libavformat/ape.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index 061f32866f..99d6b666a5 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -42,8 +42,8 @@
typedef struct APEFrame {
int64_t pos;
+int64_t size;
int nblocks;
-int size;
int skip;
int64_t pts;
} APEFrame;
@@ -148,7 +148,7 @@ static void ape_dumpinfo(AVFormatContext * s, APEContext *
ape_ctx)
av_log(s, AV_LOG_DEBUG, "\nFrames\n\n");
for (i = 0; i < ape_ctx->totalframes; i++)
-av_log(s, AV_LOG_DEBUG, "%8d %8"PRId64" %8d (%d samples)\n", i,
+av_log(s, AV_LOG_DEBUG, "%8d %8"PRId64" %8"PRId64" (%d samples)\n",
i,
ape_ctx->frames[i].pos, ape_ctx->frames[i].size,
ape_ctx->frames[i].nblocks);
@@ -166,7 +166,8 @@ static int ape_read_header(AVFormatContext * s)
AVStream *st;
uint32_t tag;
int i;
-int total_blocks, final_size = 0;
+int total_blocks;
+int64_t final_size = 0;
int64_t pts, file_size;
/* Skip any leading junk such as id3v2 tags */
@@ -405,7 +406,7 @@ static int ape_read_packet(AVFormatContext * s, AVPacket *
pkt)
if (ape->frames[ape->currentframe].size <= 0 ||
ape->frames[ape->currentframe].size > INT_MAX - extra_size) {
-av_log(s, AV_LOG_ERROR, "invalid packet size: %d\n",
+av_log(s, AV_LOG_ERROR, "invalid packet size: %8"PRId64"\n",
ape->frames[ape->currentframe].size);
ape->currentframe++;
return AVERROR(EIO);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/jpeglsdec: fix end check for xfrm
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Thu Jun 9 21:13:59 2022 +0200| [fc54bf1532c7ec5cf02a43e5a50d60eba05253ed] |
committer: Michael Niedermayer
avcodec/jpeglsdec: fix end check for xfrm
Fixes: out of array access
Fixes:
47871/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_fuzzer-5646305956855808
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6a82412bf33108111eb3f63076fd5a51349ae114)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc54bf1532c7ec5cf02a43e5a50d60eba05253ed
---
libavcodec/jpeglsdec.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/jpeglsdec.c b/libavcodec/jpeglsdec.c
index 55d2bcc6e1..c2454d6160 100644
--- a/libavcodec/jpeglsdec.c
+++ b/libavcodec/jpeglsdec.c
@@ -460,19 +460,19 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int
near,
for (i = 0; i < s->height; i++) {
switch(s->xfrm) {
case 1:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
src[x ] += src[x+1] + 128;
src[x+2] += src[x+1] + 128;
}
break;
case 2:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
src[x ] += src[x+1] + 128;
src[x+2] += ((src[x ] + src[x+1])>>1) + 128;
}
break;
case 3:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
int g = src[x+0] - ((src[x+2]+src[x+1])>>2) + 64;
src[x+0] = src[x+2] + g + 128;
src[x+2] = src[x+1] + g + 128;
@@ -480,7 +480,7 @@ int ff_jpegls_decode_picture(MJpegDecodeContext *s, int
near,
}
break;
case 4:
-for (x = off; x < w; x += 3) {
+for (x = off; x + 2 < w; x += 3) {
int r= src[x+0] - (( 359 *
(src[x+2]-128) + 490) >> 8);
int g= src[x+0] - (( 88 * (src[x+1]-128) - 183 *
(src[x+2]-128) + 30) >> 8);
int b= src[x+0] + ((454 * (src[x+1]-128)
+ 574) >> 8);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: avoid integer overflow in get_meta()
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Wed Mar 23 01:08:56 2022 +0100| [e631e97b643bfafbf99091d0a9f4bad670971681] |
committer: Michael Niedermayer
avformat/aiffdec: avoid integer overflow in get_meta()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type
'int'
Fixes:
45891/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6159183893889024
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 6a02de21278ec3bea1d2c62665f2629d5a62210f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e631e97b643bfafbf99091d0a9f4bad670971681
---
libavformat/aiffdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index d7a37fe207..1bd073841d 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -73,7 +73,7 @@ static int get_tag(AVIOContext *pb, uint32_t * tag)
/* Metadata string read */
static void get_meta(AVFormatContext *s, const char *key, int size)
{
-uint8_t *str = av_malloc(size+1);
+uint8_t *str = av_malloc(size+1U);
if (str) {
int res = avio_read(s->pb, str, size);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: cleanup size handling for extreem cases
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Wed Mar 23 14:30:42 2022 +0100| [97f54cb25898b99ed0d77110acab46b4dac7d16d] |
committer: Michael Niedermayer
avformat/aiffdec: cleanup size handling for extreem cases
Signed-off-by: Michael Niedermayer
(cherry picked from commit c6f1e48b86471b1cc91c468e78a065075ed409bd)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=97f54cb25898b99ed0d77110acab46b4dac7d16d
---
libavformat/aiffdec.c | 24 +++-
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index 1bd073841d..b41ee6a1a6 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -54,9 +54,9 @@ static enum AVCodecID aiff_codec_get_id(int bps)
}
/* returns the size of the found tag */
-static int get_tag(AVIOContext *pb, uint32_t * tag)
+static int64_t get_tag(AVIOContext *pb, uint32_t * tag)
{
-int size;
+int64_t size;
if (avio_feof(pb))
return AVERROR(EIO);
@@ -64,16 +64,16 @@ static int get_tag(AVIOContext *pb, uint32_t * tag)
*tag = avio_rl32(pb);
size = avio_rb32(pb);
-if (size < 0)
-size = 0x7fff;
-
return size;
}
/* Metadata string read */
-static void get_meta(AVFormatContext *s, const char *key, int size)
+static void get_meta(AVFormatContext *s, const char *key, int64_t size)
{
-uint8_t *str = av_malloc(size+1U);
+uint8_t *str = NULL;
+
+if (size < SIZE_MAX)
+str = av_malloc(size+1);
if (str) {
int res = avio_read(s->pb, str, size);
@@ -91,7 +91,7 @@ static void get_meta(AVFormatContext *s, const char *key, int
size)
}
/* Returns the number of sound data frames or negative on error */
-static int get_aiff_header(AVFormatContext *s, int size,
+static int get_aiff_header(AVFormatContext *s, int64_t size,
unsigned version)
{
AVIOContext *pb= s->pb;
@@ -102,9 +102,6 @@ static int get_aiff_header(AVFormatContext *s, int size,
int sample_rate;
unsigned int num_frames;
-if (size == INT_MAX)
-return AVERROR_INVALIDDATA;
-
if (size & 1)
size++;
par->codec_type = AVMEDIA_TYPE_AUDIO;
@@ -215,7 +212,8 @@ static int aiff_probe(AVProbeData *p)
/* aiff input */
static int aiff_read_header(AVFormatContext *s)
{
-int ret, size, filesize;
+int ret;
+int64_t filesize, size;
int64_t offset = 0, position;
uint32_t tag;
unsigned version = AIFF_C_VERSION1;
@@ -226,7 +224,7 @@ static int aiff_read_header(AVFormatContext *s)
/* check FORM header */
filesize = get_tag(pb, &tag);
-if (filesize < 0 || tag != MKTAG('F', 'O', 'R', 'M'))
+if (filesize < 4 || tag != MKTAG('F', 'O', 'R', 'M'))
return AVERROR_INVALIDDATA;
/* AIFF data type */
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/alacdsp: Make intermediates unsigned
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Thu Apr 28 23:34:53 2022 +0200| [8618061a4f589276d2f533de7108fa561a6bd524] |
committer: Michael Niedermayer
avcodec/alacdsp: Make intermediates unsigned
Fixes: signed integer overflow: -14914387 + -2147418648 cannot be represented
in type 'int'
Fixes:
46464/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALAC_fuzzer-474307197311385
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8709f4c10a216cb3e11564bc392841e832f8e3b1)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8618061a4f589276d2f533de7108fa561a6bd524
---
libavcodec/alacdsp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/alacdsp.c b/libavcodec/alacdsp.c
index 8718d1b6b1..b3c1c424f3 100644
--- a/libavcodec/alacdsp.c
+++ b/libavcodec/alacdsp.c
@@ -29,12 +29,12 @@ static void decorrelate_stereo(int32_t *buffer[2], int
nb_samples,
int i;
for (i = 0; i < nb_samples; i++) {
-int32_t a, b;
+uint32_t a, b;
a = buffer[0][i];
b = buffer[1][i];
-a -= (int)(b * (unsigned)decorr_left_weight) >> decorr_shift;
+a -= (int)(b * decorr_left_weight) >> decorr_shift;
b += a;
buffer[0][i] = b;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/aasc: Fix indention
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sat Jun 18 20:54:36 2022 +0200| [bd7fd6a6d3026424bc7d2dea062f83c89855cb13] |
committer: Michael Niedermayer
avcodec/aasc: Fix indention
Signed-off-by: Michael Niedermayer
(cherry picked from commit af2ed09220fe82e0aa479d1b93be6aadc4930efc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bd7fd6a6d3026424bc7d2dea062f83c89855cb13
---
libavcodec/aasc.c | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/libavcodec/aasc.c b/libavcodec/aasc.c
index fd63aba4b8..af86367393 100644
--- a/libavcodec/aasc.c
+++ b/libavcodec/aasc.c
@@ -104,26 +104,26 @@ static int aasc_decode_frame(AVCodecContext *avctx,
ff_msrle_decode(avctx, s->frame, 8, &s->gb);
break;
case MKTAG('A', 'A', 'S', 'C'):
-switch (compr) {
-case 0:
-stride = (avctx->width * psize + psize) & ~psize;
-if (buf_size < stride * avctx->height)
+switch (compr) {
+case 0:
+stride = (avctx->width * psize + psize) & ~psize;
+if (buf_size < stride * avctx->height)
+return AVERROR_INVALIDDATA;
+for (i = avctx->height - 1; i >= 0; i--) {
+memcpy(s->frame->data[0] + i * s->frame->linesize[0], buf,
avctx->width * psize);
+buf += stride;
+buf_size -= stride;
+}
+break;
+case 1:
+bytestream2_init(&s->gb, buf, buf_size);
+ff_msrle_decode(avctx, s->frame, 8, &s->gb);
+break;
+default:
+av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n",
compr);
return AVERROR_INVALIDDATA;
-for (i = avctx->height - 1; i >= 0; i--) {
-memcpy(s->frame->data[0] + i * s->frame->linesize[0], buf,
avctx->width * psize);
-buf += stride;
-buf_size -= stride;
}
break;
-case 1:
-bytestream2_init(&s->gb, buf, buf_size);
-ff_msrle_decode(avctx, s->frame, 8, &s->gb);
-break;
-default:
-av_log(avctx, AV_LOG_ERROR, "Unknown compression type %d\n", compr);
-return AVERROR_INVALIDDATA;
-}
-break;
default:
av_log(avctx, AV_LOG_ERROR, "Unknown FourCC: %X\n", avctx->codec_tag);
return -1;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/wnv1: Check for width =1
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Jul 3 02:31:47 2022 +0200| [f3ac9f6f6948d194ca404145dad03f26113b09a1] |
committer: Michael Niedermayer
avcodec/wnv1: Check for width =1
The decoder only outputs pixels for width >1 images, fail early
Fixes: Timeout
Fixes:
48298/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WNV1_fuzzer-6198626319204352
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit d98d5a436aa70d3cef8f914c0467ef2fb2dd1dfc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3ac9f6f6948d194ca404145dad03f26113b09a1
---
libavcodec/wnv1.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/wnv1.c b/libavcodec/wnv1.c
index 915e9c7dc9..291be78cc8 100644
--- a/libavcodec/wnv1.c
+++ b/libavcodec/wnv1.c
@@ -136,6 +136,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
{
static VLC_TYPE code_table[1 << CODE_VLC_BITS][2];
+if (avctx->width <= 1)
+return AVERROR_INVALIDDATA;
+
avctx->pix_fmt = AV_PIX_FMT_YUV422P;
code_vlc.table = code_table;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qdrw: adjust max colors to array size
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Jul 3 00:43:21 2022 +0200| [5c3262e82b7b028e0c5d38fee90ac1b31e604a41] |
committer: Michael Niedermayer
avcodec/qdrw: adjust max colors to array size
Fixes: out of array access
Fixes:
48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol
Signed-off-by: Michael Niedermayer
(cherry picked from commit cd847f86d31f87f0f7733ca6ab7a2c022a1398bd)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c3262e82b7b028e0c5d38fee90ac1b31e604a41
---
libavcodec/qdrw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
index 0452086be3..b17fb59f3e 100644
--- a/libavcodec/qdrw.c
+++ b/libavcodec/qdrw.c
@@ -216,7 +216,7 @@ static int decode_frame(AVCodecContext *avctx,
bytestream2_skip(&gbc, 18);
colors = bytestream2_get_be16(&gbc);
-if (colors < 0 || colors > 256) {
+if (colors < 0 || colors > 255) {
av_log(avctx, AV_LOG_ERROR,
"Error color count - %i(0x%X)\n", colors, colors);
return AVERROR_INVALIDDATA;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/iff: simplify duration calculation
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Jul 4 23:32:40 2022 +0200| [3df3d2cfe7895c95e81a79ceaf8ef53bef6b3159] | committer: Michael Niedermayer avformat/iff: simplify duration calculation Fixes: signed integer overflow: 315680096256 * 134215943 cannot be represented in type 'long long' Fixes: 48713/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5886272312311808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 0740641e932551342cc1737d981e950ecffa3b63) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3df3d2cfe7895c95e81a79ceaf8ef53bef6b3159 --- libavformat/iff.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/iff.c b/libavformat/iff.c index 7f2484b030..e66292c785 100644 --- a/libavformat/iff.c +++ b/libavformat/iff.c @@ -384,7 +384,7 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt) avio_skip(pb, 1); pkt->flags |= AV_PKT_FLAG_KEY; pkt->stream_index = 0; -pkt->duration = 588LL * s->streams[0]->codecpar->sample_rate / 44100; +pkt->duration = s->streams[0]->codecpar->sample_rate / 75; pkt->pos = chunk_pos; chunk_pos = avio_tell(pb); @@ -397,7 +397,8 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt) case ID_FRTE: if (data_size < 4) return AVERROR_INVALIDDATA; -s->streams[0]->duration = avio_rb32(pb) * 588LL * s->streams[0]->codecpar->sample_rate / 44100; +s->streams[0]->duration = avio_rb32(pb) * (uint64_t)s->streams[0]->codecpar->sample_rate / 75; + break; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/sctp: close socket on errors
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon May 23 01:23:22 2022 +0200| [4b3ff3ce8ae77e0447a2cf30e45f4c841e366953] | committer: Michael Niedermayer avformat/sctp: close socket on errors This is untested as i have no testcase Fixes: CID1302709 Signed-off-by: Michael Niedermayer (cherry picked from commit c9a2996544187f67e533bc24f4cf773e50d2362b) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4b3ff3ce8ae77e0447a2cf30e45f4c841e366953 --- libavformat/sctp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/sctp.c b/libavformat/sctp.c index 9a80e9b015..be0cb47865 100644 --- a/libavformat/sctp.c +++ b/libavformat/sctp.c @@ -282,6 +282,8 @@ fail: goto restart; } fail1: +if (fd >= 0) +closesocket(fd); ret = AVERROR(EIO); freeaddrinfo(ai); return ret; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/ffv1dec: Limit golomb rice coded slices to width 8M
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Jul 3 13:31:19 2022 +0200| [0f49789f7ccd31739e9d1cf157281c12e486916c] |
committer: Michael Niedermayer
avcodec/ffv1dec: Limit golomb rice coded slices to width 8M
This limit is possibly not reachable due to other restrictions on buffers but
the decoder run table is too small beyond this, so explicitly check for it.
Signed-off-by: Michael Niedermayer
(cherry picked from commit b4431399ec1e10afff458cf1ffae2a75987d725a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f49789f7ccd31739e9d1cf157281c12e486916c
---
libavcodec/ffv1dec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index d43b8b91b5..191da8cb87 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -175,6 +175,9 @@ static int decode_slice_header(FFV1Context *f, FFV1Context
*fs)
|| (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height)
return -1;
+if (fs->ac == AC_GOLOMB_RICE && fs->slice_width >= (1<<23))
+return AVERROR_INVALIDDATA;
+
for (i = 0; i < f->plane_count; i++) {
PlaneContext * const p = &fs->plane[i];
int idx = get_symbol(c, state, 0);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/qpeldsp: copy less for the mc0x cases
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Jun 26 00:59:15 2022 +0200| [d81081d22a9b727b9cd180250c1791edd6b96ce8] |
committer: Michael Niedermayer
avcodec/qpeldsp: copy less for the mc0x cases
Fixes: out of array access
Fixes:
47936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5745039940124672
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit e690d4edf581c42dbd907c0fafe53fba86a00812)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d81081d22a9b727b9cd180250c1791edd6b96ce8
---
libavcodec/qpeldsp.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libavcodec/qpeldsp.c b/libavcodec/qpeldsp.c
index 6e52b33657..d99b8fd0ba 100644
--- a/libavcodec/qpeldsp.c
+++ b/libavcodec/qpeldsp.c
@@ -198,7 +198,7 @@ static void OPNAME ## qpel8_mc01_c(uint8_t *dst, const
uint8_t *src, \
uint8_t full[16 * 9]; \
uint8_t half[64]; \
\
-copy_block9(full, src, 16, stride, 9);\
+copy_block8(full, src, 16, stride, 9);\
put ## RND ## mpeg4_qpel8_v_lowpass(half, full, 8, 16); \
OPNAME ## pixels8_l2_8(dst, full, half, stride, 16, 8, 8);\
} \
@@ -208,7 +208,7 @@ static void OPNAME ## qpel8_mc02_c(uint8_t *dst, const
uint8_t *src, \
{ \
uint8_t full[16 * 9]; \
\
-copy_block9(full, src, 16, stride, 9);\
+copy_block8(full, src, 16, stride, 9);\
OPNAME ## mpeg4_qpel8_v_lowpass(dst, full, stride, 16); \
} \
\
@@ -218,7 +218,7 @@ static void OPNAME ## qpel8_mc03_c(uint8_t *dst, const
uint8_t *src, \
uint8_t full[16 * 9]; \
uint8_t half[64]; \
\
-copy_block9(full, src, 16, stride, 9);\
+copy_block8(full, src, 16, stride, 9);\
put ## RND ## mpeg4_qpel8_v_lowpass(half, full, 8, 16); \
OPNAME ## pixels8_l2_8(dst, full + 16, half, stride, 16, 8, 8); \
} \
@@ -458,7 +458,7 @@ static void OPNAME ## qpel16_mc01_c(uint8_t *dst, const
uint8_t *src, \
uint8_t full[24 * 17];\
uint8_t half[256];\
\
-copy_block17(full, src, 24, stride, 17); \
+copy_block16(full, src, 24, stride, 17); \
put ## RND ## mpeg4_qpel16_v_lowpass(half, full, 16, 24); \
OPNAME ## pixels16_l2_8(dst, full, half, stride, 24, 16, 16); \
} \
@@ -468,7 +468,7 @@ static void OPNAME ## qpel16_mc02_c(uint8_t *dst, const
uint8_t *src, \
{ \
uint8_t full[24 * 17];\
\
-copy_block17(full, src, 24, stride, 17); \
+copy_block16(full, src, 24, stride, 17); \
OPNAME ## mpeg4_qpel16_v_lowpass(dst, full, stride, 24); \
} \
\
@@ -478,7 +478,7 @@ static void OPNAME ## qpel16_mc03_c(uint8_t *dst, const
uint8_t *src, \
uint8_t full[24 * 17];\
uint8_t half[256];\
[FFmpeg-cvslog] avcodec/hevcdsp_template: stay within tables in sao_band_filter()
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Thu Jun 9 22:21:55 2022 +0200| [2e8529d28258c91e79f13756bbe8009bc44ff2ae] |
committer: Michael Niedermayer
avcodec/hevcdsp_template: stay within tables in sao_band_filter()
Fixes: out of array read
Fixes:
47875/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5719393113341952
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9c5250a5612d4b32d79108de0c03945b2017963e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2e8529d28258c91e79f13756bbe8009bc44ff2ae
---
libavcodec/hevcdsp_template.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/hevcdsp_template.c b/libavcodec/hevcdsp_template.c
index 65dd179d0d..cc0a3c58a7 100644
--- a/libavcodec/hevcdsp_template.c
+++ b/libavcodec/hevcdsp_template.c
@@ -319,7 +319,7 @@ static void FUNC(sao_band_filter)(uint8_t *_dst, uint8_t
*_src,
offset_table[(k + sao_left_class) & 31] = sao_offset_val[k + 1];
for (y = 0; y < height; y++) {
for (x = 0; x < width; x++)
-dst[x] = av_clip_pixel(src[x] + offset_table[src[x] >> shift]);
+dst[x] = av_clip_pixel(src[x] + offset_table[(src[x] >> shift) &
31]);
dst += stride_dst;
src += stride_src;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h264dec: Skip late SEI
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Wed Apr 27 22:16:51 2022 +0200| [7e4e122ce23cdec171926726614076528d1bb3d2] |
committer: Michael Niedermayer
avcodec/h264dec: Skip late SEI
Fixes: Race condition
Fixes:
clusterfuzz-testcase-minimized-mediasource_MP2T_AVC_pipeline_integration_fuzzer-6282675434094592
Found-by: google ClusterFuzz
Tested-by: Dan Sanders
Signed-off-by: Michael Niedermayer
(cherry picked from commit f7dd408d64013ae177c1f8d0e04418e5075db5bc)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7e4e122ce23cdec171926726614076528d1bb3d2
---
libavcodec/h264dec.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/h264dec.c b/libavcodec/h264dec.c
index 8e5a9e3058..426d0f4cd8 100644
--- a/libavcodec/h264dec.c
+++ b/libavcodec/h264dec.c
@@ -842,6 +842,10 @@ again:
avpriv_request_sample(avctx, "data partitioning");
break;
case H264_NAL_SEI:
+if (h->setup_finished) {
+avpriv_request_sample(avctx, "Late SEI");
+break;
+}
ret = ff_h264_sei_decode(&h->sei, &nal->gb, &h->ps, avctx);
h->has_recovery_point = h->has_recovery_point ||
h->sei.recovery_point.recovery_frame_cnt != -1;
if (avctx->debug & FF_DEBUG_GREEN_MD)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/lagarith: Check dst/src in zero run code
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Tue Jul 12 20:43:20 2022 +0200| [6ca1a2ac2374c301cb546a08370bdecbd603366d] |
committer: Michael Niedermayer
avcodec/lagarith: Check dst/src in zero run code
Fixes: out of array access
Fixes:
48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol
Signed-off-by: Michael Niedermayer
(cherry picked from commit 9450f759748d02d1d284d2e4afd741cb0fe0c04a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6ca1a2ac2374c301cb546a08370bdecbd603366d
---
libavcodec/lagarith.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/lagarith.c b/libavcodec/lagarith.c
index 357a83344d..de12f8ee98 100644
--- a/libavcodec/lagarith.c
+++ b/libavcodec/lagarith.c
@@ -404,6 +404,9 @@ output_zeros:
if (zero_run) {
zero_run = 0;
i += esc_count;
+if (i > end - dst ||
+i >= src_end - src)
+return AVERROR_INVALIDDATA;
memcpy(dst, src, i);
dst += i;
l->zeros_rem = lag_calc_zero_run(src[i]);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Mon May 2 00:51:12 2022 +0200| [cc77089393974438eab9a24a1e939a9fea2359f5] |
committer: Michael Niedermayer
avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c()
Fixes: signed integer overflow: 2147483645 + 16 cannot be represented in type
'int'
Fixes:
46993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-4759025234870272
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 1537f40516d625fc5fa57db4fdfb737312fbc500)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc77089393974438eab9a24a1e939a9fea2359f5
---
libavcodec/sbrdsp_fixed.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/sbrdsp_fixed.c b/libavcodec/sbrdsp_fixed.c
index 840cc7a0b0..f3e8d974a4 100644
--- a/libavcodec/sbrdsp_fixed.c
+++ b/libavcodec/sbrdsp_fixed.c
@@ -100,8 +100,8 @@ static void sbr_qmf_deint_neg_c(int *v, const int *src)
{
int i;
for (i = 0; i < 32; i++) {
-v[ i] = ( src[63 - 2*i] + 0x10) >> 5;
-v[63 - i] = (-src[63 - 2*i - 1] + 0x10) >> 5;
+v[ i] = (int)(0x10U + src[63 - 2*i]) >> 5;
+v[63 - i] = (int)(0x10U - src[63 - 2*i - 1]) >> 5;
}
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/asfdec_f: Use 64bit for packet start time
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Tue Jul 19 00:32:18 2022 +0200| [01705cc06209c0995bd09f559c2265b86a5dc2c6] |
committer: Michael Niedermayer
avformat/asfdec_f: Use 64bit for packet start time
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type
'int'
Fixes:
49014/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-6314973315334144
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8ed78486fcb065b5b459f14d4b1c3242f6d21ec7)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01705cc06209c0995bd09f559c2265b86a5dc2c6
---
libavformat/asfdec_f.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index e944d8cb01..fd26b28632 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -104,7 +104,7 @@ typedef struct ASFContext {
int ts_is_pts;
int packet_multi_size;
int packet_time_delta;
-int packet_time_start;
+int64_t packet_time_start;
int64_t packet_pos;
int stream_index;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rtsp: break on unknown protocols
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Fri May 20 00:50:33 2022 +0200| [eedbc82ea9442f0fc159a2efa27917f0d4b79922] |
committer: Michael Niedermayer
avformat/rtsp: break on unknown protocols
This function needs more cleanup and it lacks error handling
Fixes: use of uninitialized memory
Fixes: CID700776
Signed-off-by: Michael Niedermayer
(cherry picked from commit 73c0fd27c5c53c42e5060fb3a0c1fc5708b6f670)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eedbc82ea9442f0fc159a2efa27917f0d4b79922
---
libavformat/rtsp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 8c8381c055..e179aa397c 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -923,6 +923,8 @@ static void rtsp_parse_transport(AVFormatContext *s,
";,", &p);
}
th->transport = RTSP_TRANSPORT_RAW;
+} else {
+break;
}
if (!av_strcasecmp(lower_transport, "TCP"))
th->lower_transport = RTSP_LOWER_TRANSPORT_TCP;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
ffmpeg-cvslog@ffmpeg.org
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Fri Jul 22 00:51:32 2022 +0200| [05e0eb05ae0f62bc0b8c225f0b3267586ab40a46] |
committer: Michael Niedermayer
avcodec/hevc_filter: copy_CTB() only within width&height
Fixes: out of array access
Fixes:
49271/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5424984922652672
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 009ef35d384c3df22d8a8be7416dc9d532e91c52)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=05e0eb05ae0f62bc0b8c225f0b3267586ab40a46
---
libavcodec/hevc_filter.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/libavcodec/hevc_filter.c b/libavcodec/hevc_filter.c
index 1acaef6cc7..54d30141f3 100644
--- a/libavcodec/hevc_filter.c
+++ b/libavcodec/hevc_filter.c
@@ -145,11 +145,22 @@ int i, j;
if (((intptr_t)dst | (intptr_t)src | stride_dst | stride_src) & 15) {
for (i = 0; i < height; i++) {
-for (j = 0; j < width; j+=8)
+for (j = 0; j < width - 7; j+=8)
AV_COPY64U(dst+j, src+j);
dst += stride_dst;
src += stride_src;
}
+if (width&7) {
+dst += ((width>>3)<<3) - stride_dst * height;
+src += ((width>>3)<<3) - stride_src * height;
+width &= 7;
+for (i = 0; i < height; i++) {
+for (j = 0; j < width; j++)
+dst[j] = src[j];
+dst += stride_dst;
+src += stride_src;
+}
+}
} else {
for (i = 0; i < height; i++) {
for (j = 0; j < width; j+=16)
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/nutdec: Check get_packetheader() in mainheader
ffmpeg | branch: release/3.2 | Michael Niedermayer | Wed Jul 6 23:54:49 2022 +0200| [b0700a13140e0fb7008678ad65f5267019a22867] | committer: Michael Niedermayer avformat/nutdec: Check get_packetheader() in mainheader Fixes; Timeout Fixes: 48794/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6524604713140224 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit b5de084aa63b79586bc445e6a7fea837688b3941) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b0700a13140e0fb7008678ad65f5267019a22867 --- libavformat/nutdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index 23591d73a4..3d07eb250a 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -235,6 +235,8 @@ static int decode_main_header(NUTContext *nut) int tmp_stream, tmp_mul, tmp_pts, tmp_size, tmp_res, tmp_head_idx; length = get_packetheader(nut, bc, 1, MAIN_STARTCODE); +if (length == (uint64_t)-1) +return AVERROR_INVALIDDATA; end = length + avio_tell(bc); nut->version = ffio_read_varlen(bc); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] MAINTAINERS: Add ED25519 key for signing my commits in the future
ffmpeg | branch: release/3.2 | Michael Niedermayer | Tue Aug 9 21:53:32 2022 +0200| [dc6f7e6bf75f53c5b02c1be233e6affd0d774e0e] | committer: Michael Niedermayer MAINTAINERS: Add ED25519 key for signing my commits in the future Signed-off-by: Michael Niedermayer (cherry picked from commit 05225180bea208dfd81efac327e429711a963697) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=dc6f7e6bf75f53c5b02c1be233e6affd0d774e0e --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index d0457a6bc9..9440f3723a 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -554,6 +554,7 @@ Jean Delvare 7CA6 9F44 60F1 BDC4 1FD2 C858 A552 6B9B B3CD 4E6A Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE Lou Logan 7D68 DC73 CBEF EABB 671A B6CF 621C 2E28 82F8 DC3A Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB + DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64 Nicolas George24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93 Nikolay Aleksandrov 8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1 Panagiotis Issaris6571 13A3 33D9 3726 F728 AA98 F643 B12E ECF3 E029 ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/flvdec: Check for EOF in index reading
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Mon Jun 20 01:36:29 2022 +0200| [2278ce503588fc13951625ba176428a2b42b63df] |
committer: Michael Niedermayer
avformat/flvdec: Check for EOF in index reading
Fixes: Timeout
Fixes:
47992/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6020443879899136
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ceff5d7b74cd9ae6055957979d27d289c70a9e1b)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2278ce503588fc13951625ba176428a2b42b63df
---
libavformat/flvdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index b61ac7f973..378cb6bc94 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -424,6 +424,8 @@ static int parse_keyframes_index(AVFormatContext *s,
AVIOContext *ioc, int64_t m
goto invalid;
if (current_array == × && (d <= INT64_MIN / 1000 || d >=
INT64_MAX / 1000))
goto invalid;
+if (avio_feof(ioc))
+goto invalid;
current_array[0][i] = d;
}
if (times && filepositions) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/h263dec: Sanity check against minimal I/P frame size
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Mon Aug 15 00:02:37 2022 +0200| [c08f64df473dcad7f629d381068bf8486befb308] |
committer: Michael Niedermayer
avcodec/h263dec: Sanity check against minimal I/P frame size
Fixes: Timeout
Fixes:
49718/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-4874987894341632
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit ca4ff9c21cb77e024fa4ff5889826a8bee4d0e0a)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c08f64df473dcad7f629d381068bf8486befb308
---
libavcodec/h263dec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index aa87e127e5..5aa69c33a0 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -532,6 +532,8 @@ retry:
avctx->has_b_frames = !s->low_delay;
if (CONFIG_MPEG4_DECODER && avctx->codec_id == AV_CODEC_ID_MPEG4) {
+if (s->pict_type != AV_PICTURE_TYPE_B && s->mb_num/2 >
get_bits_left(&s->gb))
+return AVERROR_INVALIDDATA;
if (ff_mpeg4_workaround_bugs(avctx) == 1)
goto retry;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavcodec/8bps: Check that line lengths fit within the buffer
ffmpeg | branch: release/3.2 | Michael Niedermayer | Mon Aug 22 22:10:09 2022 +0200| [f9aa66bc83b73f8c46f1565d76198c9d02793771] | committer: Michael Niedermayer libavcodec/8bps: Check that line lengths fit within the buffer Fixes: Timeout Fixes: undefined pointer arithmetic Fixes: 50330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5436287485607936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 2316d5ec1a95b13ff9a0ce80409fa367a041966d) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f9aa66bc83b73f8c46f1565d76198c9d02793771 --- libavcodec/8bps.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/8bps.c b/libavcodec/8bps.c index aa2318fa2d..655c62725b 100644 --- a/libavcodec/8bps.c +++ b/libavcodec/8bps.c @@ -70,6 +70,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, unsigned char *planemap = c->planemap; int ret; +if (buf_size < planes * height *2) +return AVERROR_INVALIDDATA; + if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) return ret; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavformat/iff: Check for overflow in body_end calculation
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Mon Aug 22 20:31:32 2022 +0200| [65831041f54143ca700ba7c706caf111294b84a3] |
committer: Michael Niedermayer
libavformat/iff: Check for overflow in body_end calculation
Fixes: signed integer overflow: -6322983228386819992 - 5557477266266529857
cannot be represented in type 'long'
Fixes:
50112/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-6329186221948928
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit bcb46903040e5a5199281f4ad0a1fdaf750ebc37)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=65831041f54143ca700ba7c706caf111294b84a3
---
libavformat/iff.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavformat/iff.c b/libavformat/iff.c
index e66292c785..6c52c6057b 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -501,6 +501,9 @@ static int iff_read_header(AVFormatContext *s)
case ID_DST:
case ID_MDAT:
iff->body_pos = avio_tell(pb);
+if (iff->body_pos < 0 || iff->body_pos + data_size > INT64_MAX)
+return AVERROR_INVALIDDATA;
+
iff->body_end = iff->body_pos + data_size;
iff->body_size = data_size;
if (chunk_id == ID_DST) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/asfdec_o: limit recursion depth in asf_read_unknown()
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Wed Aug 31 01:21:38 2022 +0200| [9bf2cb6d850c43b1294648eceac68783f79d1798] |
committer: Michael Niedermayer
avformat/asfdec_o: limit recursion depth in asf_read_unknown()
The threshold of 5 is arbitrary, both smaller and larger should work fine
Fixes: Stack overflow
Fixes:
50603/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6049302564175872
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 1f1a368169ef9d945dc4b4764f5c60ba9bbc9134)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9bf2cb6d850c43b1294648eceac68783f79d1798
---
libavformat/asfdec_o.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index ac95a8327d..6260308b8a 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -113,6 +113,7 @@ typedef struct ASFContext {
int64_t data_offset;
int64_t first_packet_offset; // packet offset
int64_t unknown_offset; // for top level header objects or subobjects
without specified behavior
+int in_asf_read_unknown;
// ASF file must not contain more than 128 streams according to the
specification
ASFStream *asf_st[ASF_MAX_STREAMS];
@@ -177,7 +178,7 @@ static int asf_read_unknown(AVFormatContext *s, const
GUIDParseTable *g)
uint64_t size = avio_rl64(pb);
int ret;
-if (size > INT64_MAX)
+if (size > INT64_MAX || asf->in_asf_read_unknown > 5)
return AVERROR_INVALIDDATA;
if (asf->is_header)
@@ -186,8 +187,11 @@ static int asf_read_unknown(AVFormatContext *s, const
GUIDParseTable *g)
if (!g->is_subobject) {
if (!(ret = strcmp(g->name, "Header Extension")))
avio_skip(pb, 22); // skip reserved fields and Data Size
-if ((ret = detect_unknown_subobject(s, asf->unknown_offset,
-asf->unknown_size)) < 0)
+asf->in_asf_read_unknown ++;
+ret = detect_unknown_subobject(s, asf->unknown_offset,
+asf->unknown_size);
+asf->in_asf_read_unknown --;
+if (ret < 0)
return ret;
} else {
if (size < 24) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/bink: disallow odd positioned scaled blocks
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Mon Jun 13 02:01:20 2022 +0200| [46408a2d28f3bfc043cf3593a22fb4ce76aa76aa] |
committer: Michael Niedermayer
avcodec/bink: disallow odd positioned scaled blocks
Fixes: out of array access
Fixes:
47911/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINK_fuzzer-6194020855971840
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Anton Khirnov
Signed-off-by: Michael Niedermayer
(cherry picked from commit b14104a6376cd774b08cbe5fda56b34320a41b2e)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46408a2d28f3bfc043cf3593a22fb4ce76aa76aa
---
libavcodec/bink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/bink.c b/libavcodec/bink.c
index 9a4ac246ab..1151f31aaf 100644
--- a/libavcodec/bink.c
+++ b/libavcodec/bink.c
@@ -1026,7 +1026,7 @@ static int bink_decode_plane(BinkContext *c, AVFrame
*frame, GetBitContext *gb,
for (bx = 0; bx < bw; bx++, dst += 8, prev += 8) {
blk = get_value(c, BINK_SRC_BLOCK_TYPES);
// 16x16 block type on odd line means part of the already decoded
block, so skip it
-if ((by & 1) && blk == SCALED_BLOCK) {
+if (((by & 1) || (bx & 1)) && blk == SCALED_BLOCK) {
bx++;
dst += 8;
prev += 8;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] doc/git-howto.texi: Document commit signing
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Tue Aug 9 21:49:04 2022 +0200| [f94628a35fcd50701599c99885d30535de1936e9] |
committer: Michael Niedermayer
doc/git-howto.texi: Document commit signing
Signed-off-by: Michael Niedermayer
(cherry picked from commit ced0dc807eb67516b341d68f04ce5a87b02820de)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f94628a35fcd50701599c99885d30535de1936e9
---
doc/git-howto.texi | 22 +-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/doc/git-howto.texi b/doc/git-howto.texi
index 2b4fb80233..bd26fcb259 100644
--- a/doc/git-howto.texi
+++ b/doc/git-howto.texi
@@ -187,11 +187,18 @@ to make sure you don't have untracked files or deletions.
git add [-i|-p|-A]
@end example
-Make sure you have told Git your name and email address
+Make sure you have told Git your name, email address and GPG key
@example
git config --global user.name "My Name"
git config --global user.email my@@email.invalid
+git config --global user.signingkey ABCDEF0123245
+@end example
+
+Enable signing all commits or use -S
+
+@example
+git config --global commit.gpgsign true
@end example
Use @option{--global} to set the global configuration for all your Git
checkouts.
@@ -393,6 +400,19 @@ git checkout -b svn_23456 $SHA1
where @var{$SHA1} is the commit hash from the @command{git log} output.
+@chapter gpg key generation
+
+If you have no gpg key yet, we recommend that you create a ed25519 based key
as it
+is small, fast and secure. Especially it results in small signatures in git.
+
+@example
+gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr"
--quick-generate-key "human@@server.com"
+@end example
+
+When generating a key, make sure the email specified matches the email used in
git as some sites like
+github consider mismatches a reason to declare such commits unverified. After
generating a key you
+can add it to the MAINTAINER file and upload it to a keyserver.
+
@chapter Pre-push checklist
Once you have a set of commits that you feel are ready for pushing,
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] libavformat/hls: Free keys
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Fri Sep 9 00:32:23 2022 +0200| [45d4d7e3c96b9c07eca4c7967e560e0768b37ce7] |
committer: Michael Niedermayer
libavformat/hls: Free keys
Fixes: memleak
Fixes:
50703/clusterfuzz-testcase-minimized-ffmpeg_dem_HLS_fuzzer-6399058578636800
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Steven Liu
Signed-off-by: Michael Niedermayer
(cherry picked from commit d32a9f3137c91de86547601a38fea0693c3497f1)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45d4d7e3c96b9c07eca4c7967e560e0768b37ce7
---
libavformat/hls.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/hls.c b/libavformat/hls.c
index 0b55507790..1318d3f6e7 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -232,6 +232,7 @@ static void free_init_section_list(struct playlist *pls)
{
int i;
for (i = 0; i < pls->n_init_sections; i++) {
+av_freep(&pls->init_sections[i]->key);
av_freep(&pls->init_sections[i]->url);
av_freep(&pls->init_sections[i]);
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/tta: Check 24bit scaling for overflow
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Sep 11 00:11:20 2022 +0200| [bce93faf38a0db31ad314ce8eb9488970580309d] |
committer: Michael Niedermayer
avcodec/tta: Check 24bit scaling for overflow
Fixes: signed integer overflow: -8427924 * 256 cannot be represented in type
'int'
Fixes:
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TTA_fuzzer-5409428670644224
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 3993345f915bccceee315f44d412445346990e14)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bce93faf38a0db31ad314ce8eb9488970580309d
---
libavcodec/tta.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index b2e4944905..39f532bba3 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -371,8 +371,15 @@ static int tta_decode_frame(AVCodecContext *avctx, void
*data,
case 3: {
// shift samples for 24-bit sample format
int32_t *samples = (int32_t *)frame->data[0];
-for (i = 0; i < framelen * s->channels; i++)
-*samples++ *= 256;
+int overflow = 0;
+
+for (i = 0; i < framelen * s->channels; i++) {
+int scaled = *samples * 256U;
+overflow += (scaled >> 8 != *samples);
+*samples++ = scaled;
+}
+if (overflow)
+av_log(avctx, AV_LOG_WARNING, "%d overflows occurred on 24bit
upscale\n", overflow);
// reset decode buffer
s->decode_buffer = NULL;
break;
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: Check block_duration
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Sep 17 16:32:08 2022 +0200| [596684ddb556b335749791b454be189f9e2438fd] | committer: Michael Niedermayer avformat/aiffdec: Check block_duration Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 1c2b6265c87417033f990fa4a14da9d4008320a4) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=596684ddb556b335749791b454be189f9e2438fd --- libavformat/aiffdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index b41ee6a1a6..38ae5eb24e 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -352,6 +352,8 @@ got_sound: av_log(s, AV_LOG_ERROR, "could not find COMM tag or invalid block_align value\n"); return -1; } +if (aiff->block_duration < 0) +return AVERROR_INVALIDDATA; /* Now positioned, get the sound data start and end */ avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/aiffdec: Use 64bit for block_duration use
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Sep 17 16:32:09 2022 +0200| [13cbb13666dfded4372f57f9a3dc98a4b28b] | committer: Michael Niedermayer avformat/aiffdec: Use 64bit for block_duration use Fixes: signed integer overflow: 3 * -2147483648 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6668935979728896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol Signed-off-by: Michael Niedermayer (cherry picked from commit 9303ba272e988d87084880c57056b750cc5ffd08) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=13cbb13666dfded4372f57f9a3dc98a4b28b --- libavformat/aiffdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index 38ae5eb24e..4af14d88c9 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -408,7 +408,7 @@ static int aiff_read_packet(AVFormatContext *s, pkt->flags &= ~AV_PKT_FLAG_CORRUPT; /* Only one stream in an AIFF file */ pkt->stream_index = 0; -pkt->duration = (res / st->codecpar->block_align) * aiff->block_duration; +pkt->duration = (res / st->codecpar->block_align) * (int64_t) aiff->block_duration; return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/apedec: Fix integer overflow in filter_3800()
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Sep 11 00:30:42 2022 +0200| [75353c4b693ac462fbcb54d95522f58708784afd] | committer: Michael Niedermayer avcodec/apedec: Fix integer overflow in filter_3800() Fixes: signed integer overflow: -2147448926 + -198321 cannot be represented in type 'int' Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-5739619273015296 Fixes: 48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APE_fuzzer-6744428485672960 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit f05247f6a4698c14f1cd523daa90188f50dcf6ad) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=75353c4b693ac462fbcb54d95522f58708784afd --- libavcodec/apedec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c index 07128777ab..619683bfce 100644 --- a/libavcodec/apedec.c +++ b/libavcodec/apedec.c @@ -880,7 +880,7 @@ static av_always_inline int filter_3800(APEPredictor *p, p->coeffsB[filter][0] += (((d3 >> 29) & 4) - 2) * sign; p->coeffsB[filter][1] -= (((d4 >> 30) & 2) - 1) * sign; -p->filterB[filter] = p->lastA[filter] + (predictionB >> shift); +p->filterB[filter] = p->lastA[filter] + (unsigned)(predictionB >> shift); p->filterA[filter] = p->filterB[filter] + (unsigned)((int)(p->filterA[filter] * 31U) >> 5); return p->filterA[filter]; ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/icodec: Check nb_pal
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sat Sep 17 23:15:56 2022 +0200| [3c33d80c72edb148654910f383708cb04fbc39b1] | committer: Michael Niedermayer avformat/icodec: Check nb_pal Fixes: signed integer overflow: 538976288 * 4 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ICO_fuzzer-6690068904935424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Peter Ross Signed-off-by: Michael Niedermayer (cherry picked from commit db73ae0dc114aa6fae08e69f977944f056a24995) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c33d80c72edb148654910f383708cb04fbc39b1 --- libavformat/icodec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/icodec.c b/libavformat/icodec.c index 5d64e0a4c5..a17e0f08bb 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -204,6 +204,9 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) AV_WL32(buf + 32, image->nb_pal); } +if (image->nb_pal > INT_MAX / 4 - 14 - 40) +return AVERROR_INVALIDDATA; + AV_WL32(buf - 4, 14 + 40 + image->nb_pal * 4); AV_WL32(buf + 8, AV_RL32(buf + 8) / 2); } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/ape: Check frames size
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sat Sep 17 21:19:53 2022 +0200| [89914fa82b70eec8e34e6f1400230fb4cc5a2f12] |
committer: Michael Niedermayer
avformat/ape: Check frames size
Fixes: signed integer overflow: 9223372036854775806 + 3 cannot be represented
in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_APE_fuzzer-6389264140599296
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit d0349c9929e2891c90011a83152624d5cf18e628)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=89914fa82b70eec8e34e6f1400230fb4cc5a2f12
---
libavformat/ape.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/ape.c b/libavformat/ape.c
index 99d6b666a5..6d62ee0ab9 100644
--- a/libavformat/ape.c
+++ b/libavformat/ape.c
@@ -325,6 +325,8 @@ static int ape_read_header(AVFormatContext * s)
ape->frames[i].pos -= ape->frames[i].skip;
ape->frames[i].size += ape->frames[i].skip;
}
+if (ape->frames[i].size > INT_MAX - 3)
+return AVERROR_INVALIDDATA;
ape->frames[i].size = (ape->frames[i].size + 3) & ~3;
}
if (ape->fileversion < 3810) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/asfdec_o: Limit packet offset
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sat Sep 17 21:30:55 2022 +0200| [7e6357239c618e76dfb8cef2381c1ba182661c69] |
committer: Michael Niedermayer
avformat/asfdec_o: Limit packet offset
avoids overflows with it
Fixes: signed integer overflow: 9223372036846866010 + 4294967047 cannot be
represented in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-6538296768987136
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_O_fuzzer-657169555665715
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 736e9e69d5dbbe1d81885dfef59917eb915d2f96)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7e6357239c618e76dfb8cef2381c1ba182661c69
---
libavformat/asfdec_o.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/asfdec_o.c b/libavformat/asfdec_o.c
index 6260308b8a..9eb246a030 100644
--- a/libavformat/asfdec_o.c
+++ b/libavformat/asfdec_o.c
@@ -1367,6 +1367,8 @@ static int asf_read_packet_header(AVFormatContext *s)
unsigned char error_flags, len_flags, pay_flags;
asf->packet_offset = avio_tell(pb);
+if (asf->packet_offset > INT64_MAX/2)
+asf->packet_offset = 0;
error_flags = avio_r8(pb); // read Error Correction Flags
if (error_flags & ASF_PACKET_FLAG_ERROR_CORRECTION_PRESENT) {
if (!(error_flags & ASF_ERROR_CORRECTION_LENGTH_TYPE)) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/cafdec: Check that nb_frasmes fits within 64bit
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sat Sep 17 21:48:43 2022 +0200| [2dacd939ace7ff2ec41c4b81a412bb7bd3f7ccd7] |
committer: Michael Niedermayer
avformat/cafdec: Check that nb_frasmes fits within 64bit
Fixes: signed integer overflow: 1099511693312 * 538976288 cannot be represented
in type 'long'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-6565048815845376
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit d4bb4e375975dc0d31d5309106cf6ee0ed75140f)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2dacd939ace7ff2ec41c4b81a412bb7bd3f7ccd7
---
libavformat/cafdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index 3d9c48eaf8..5452273414 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -335,7 +335,7 @@ static int read_header(AVFormatContext *s)
return AVERROR_INVALIDDATA;
if (caf->bytes_per_packet > 0 && caf->frames_per_packet > 0) {
-if (caf->data_size > 0)
+if (caf->data_size > 0 && caf->data_size / caf->bytes_per_packet <
INT64_MAX / caf->frames_per_packet)
st->nb_frames = (caf->data_size / caf->bytes_per_packet) *
caf->frames_per_packet;
} else if (st->nb_index_entries && st->duration > 0) {
st->codecpar->bit_rate = st->codecpar->sample_rate * caf->data_size *
8 /
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/dxa: avoid bpc overflows
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sat Sep 17 22:40:47 2022 +0200| [c91ed5ee63aac0c5e5af6ce365704a38994ac386] |
committer: Michael Niedermayer
avformat/dxa: avoid bpc overflows
Fixes: signed integer overflow: 2147483647 + 32 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-6639823726706688
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 93db0f0740cacd64ae07b5e8606b70021e48d364)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c91ed5ee63aac0c5e5af6ce365704a38994ac386
---
libavformat/dxa.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libavformat/dxa.c b/libavformat/dxa.c
index f29dc2c0f7..a198904659 100644
--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -118,9 +118,12 @@ static int dxa_read_header(AVFormatContext *s)
if(tag == MKTAG('d', 'a', 't', 'a')) break;
avio_skip(pb, fsize);
}
-c->bpc = (fsize + c->frames - 1) / c->frames;
-if(ast->codecpar->block_align)
+c->bpc = (fsize + (int64_t)c->frames - 1) / c->frames;
+if(ast->codecpar->block_align) {
+if (c->bpc > INT_MAX - ast->codecpar->block_align + 1)
+return AVERROR_INVALIDDATA;
c->bpc = ((c->bpc + ast->codecpar->block_align - 1) /
ast->codecpar->block_align) * ast->codecpar->block_align;
+}
c->bytes_left = fsize;
c->wavpos = avio_tell(pb);
avio_seek(pb, c->vidpos, SEEK_SET);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/nutdec: Check fields
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Sep 18 14:47:25 2022 +0200| [f8074b797fc392a32a11bff098417358b1a8abe6] |
committer: Michael Niedermayer
avformat/nutdec: Check fields
Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2c146406eac06f3d3cd3d981c29e7affd834cb4d)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f8074b797fc392a32a11bff098417358b1a8abe6
---
libavformat/nutdec.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 3d07eb250a..bc2ee7bcd5 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -280,6 +280,11 @@ static int decode_main_header(NUTContext *nut)
for (i = 0; i < 256;) {
int tmp_flags = ffio_read_varlen(bc);
int tmp_fields = ffio_read_varlen(bc);
+if (tmp_fields < 0) {
+av_log(s, AV_LOG_ERROR, "fields %d is invalid\n", tmp_fields);
+ret = AVERROR_INVALIDDATA;
+goto fail;
+}
if (tmp_fields > 0)
tmp_pts = get_s(bc);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/rmdec: check tag_size
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sun Sep 18 15:06:25 2022 +0200| [fa4fdc7ffbc3aa2cdf3fef55e054720dc44512e4] |
committer: Michael Niedermayer
avformat/rmdec: check tag_size
Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type
'int'
Fixes:
50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 2cb7ee8a36bddd3425897135db514ca62fec6e44)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fa4fdc7ffbc3aa2cdf3fef55e054720dc44512e4
---
libavformat/rmdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 7b9097e7ec..fc686966e5 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -566,6 +566,8 @@ static int rm_read_header(AVFormatContext *s)
}
tag_size = avio_rb32(pb);
+if (tag_size < 0)
+return AVERROR_INVALIDDATA;
avio_skip(pb, tag_size - 8);
for(;;) {
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/xwma: Use av_rescale() for duration computation
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Sep 18 16:45:30 2022 +0200| [a9fcab5cdc34c86147e5d4e6eaca28a63bf6b826] | committer: Michael Niedermayer avformat/xwma: Use av_rescale() for duration computation Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 2c789f753c3657be9041307f9c03749f5ba5a6bb) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a9fcab5cdc34c86147e5d4e6eaca28a63bf6b826 --- libavformat/xwma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/xwma.c b/libavformat/xwma.c index 6e74a338bf..babe9bcd30 100644 --- a/libavformat/xwma.c +++ b/libavformat/xwma.c @@ -253,7 +253,7 @@ static int xwma_read_header(AVFormatContext *s) * the total duration using the average bits per sample and the * total data length. */ -st->duration = (size<<3) * st->codecpar->sample_rate / st->codecpar->bit_rate; +st->duration = av_rescale((size<<3), st->codecpar->sample_rate, st->codecpar->bit_rate); } fail: ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avformat/spdifdec: Use 64bit to compute bit rate
ffmpeg | branch: release/3.2 | Michael Niedermayer | Sun Sep 18 18:12:11 2022 +0200| [2b9ab8075724eaf446e216fd51b05d8a72e46c65] | committer: Michael Niedermayer avformat/spdifdec: Use 64bit to compute bit rate Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 4075f0cec1830a7ac081b1a23bd3f5c4e266fe26) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b9ab8075724eaf446e216fd51b05d8a72e46c65 --- libavformat/spdifdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/spdifdec.c b/libavformat/spdifdec.c index f7288376f6..adc7b138d2 100644 --- a/libavformat/spdifdec.c +++ b/libavformat/spdifdec.c @@ -225,7 +225,7 @@ int ff_spdif_read_packet(AVFormatContext *s, AVPacket *pkt) if (!s->bit_rate && s->streams[0]->codecpar->sample_rate) /* stream bitrate matches 16-bit stereo PCM bitrate for currently supported codecs */ -s->bit_rate = 2 * 16 * s->streams[0]->codecpar->sample_rate; +s->bit_rate = 2 * 16LL * s->streams[0]->codecpar->sample_rate; return 0; } ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] avcodec/dstdec: Check for overflow in build_filter()
ffmpeg | branch: release/3.2 | Michael Niedermayer |
Sat Sep 10 23:49:28 2022 +0200| [efee81be1acec004596455d0af5d30d8f999da92] |
committer: Michael Niedermayer
avcodec/dstdec: Check for overflow in build_filter()
Fixes: signed integer overflow: 1917019860 + 265558963 cannot be represented in
type 'int'
Fixes:
48798/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-4833165046317056
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer
(cherry picked from commit 8008940da5aa43895fd4574114309c3324249eab)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=efee81be1acec004596455d0af5d30d8f999da92
---
libavcodec/dstdec.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/libavcodec/dstdec.c b/libavcodec/dstdec.c
index d7a82f34ec..7a51f6772a 100644
--- a/libavcodec/dstdec.c
+++ b/libavcodec/dstdec.c
@@ -214,7 +214,7 @@ static uint8_t prob_dst_x_bit(int c)
return (ff_reverse[c & 127] >> 1) + 1;
}
-static void build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table
*fsets)
+static int build_filter(int16_t table[DST_MAX_ELEMENTS][16][256], const Table
*fsets)
{
int i, j, k, l;
@@ -225,14 +225,17 @@ static void build_filter(int16_t
table[DST_MAX_ELEMENTS][16][256], const Table *
int total = av_clip(length - j * 8, 0, 8);
for (k = 0; k < 256; k++) {
-int v = 0;
+int64_t v = 0;
for (l = 0; l < total; l++)
v += (((k >> l) & 1) * 2 - 1) * fsets->coeff[i][j * 8 + l];
+if ((int16_t)v != v)
+return AVERROR_INVALIDDATA;
table[i][j][k] = v;
}
}
}
+return 0;
}
static int decode_frame(AVCodecContext *avctx, void *data,
@@ -328,7 +331,9 @@ static int decode_frame(AVCodecContext *avctx, void *data,
return AVERROR_INVALIDDATA;
ac_init(ac, gb);
-build_filter(s->filter, &s->fsets);
+ret = build_filter(s->filter, &s->fsets);
+if (ret < 0)
+return ret;
memset(s->status, 0xAA, sizeof(s->status));
memset(dsd, 0, frame->nb_samples * 4 * avctx->channels);
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] Update for 3.2.19
ffmpeg | branch: release/3.2 | Michael Niedermayer | Fri Oct 21 22:54:56 2022 +0200| [c655749d1d007a8fcda4d85032733e0547d24c0d] | committer: Michael Niedermayer Update for 3.2.19 Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c655749d1d007a8fcda4d85032733e0547d24c0d --- Changelog| 52 RELEASE | 2 +- doc/Doxyfile | 2 +- 3 files changed, 54 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index 7817d21f36..aad63753f5 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,58 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 3.2.19: + avcodec/dstdec: Check for overflow in build_filter() + avformat/spdifdec: Use 64bit to compute bit rate + avformat/xwma: Use av_rescale() for duration computation + avformat/rmdec: check tag_size + avformat/nutdec: Check fields + avformat/dxa: avoid bpc overflows + avformat/cafdec: Check that nb_frasmes fits within 64bit + avformat/asfdec_o: Limit packet offset + avformat/ape: Check frames size + avformat/icodec: Check nb_pal + avformat/aiffdec: Use 64bit for block_duration use + avformat/aiffdec: Check block_duration + avcodec/apedec: Fix integer overflow in filter_3800() + avcodec/tta: Check 24bit scaling for overflow + libavformat/hls: Free keys + avcodec/bink: disallow odd positioned scaled blocks + avformat/asfdec_o: limit recursion depth in asf_read_unknown() + doc/git-howto.texi: Document commit signing + libavcodec/8bps: Check that line lengths fit within the buffer + libavformat/iff: Check for overflow in body_end calculation + avcodec/h263dec: Sanity check against minimal I/P frame size + MAINTAINERS: Add ED25519 key for signing my commits in the future + avcodec/hevc_filter: copy_CTB() only within width&height + avformat/flvdec: Check for EOF in index reading + avformat/nutdec: Check get_packetheader() in mainheader + avformat/asfdec_f: Use 64bit for packet start time + avcodec/lagarith: Check dst/src in zero run code + avcodec/h264dec: Skip late SEI + avcodec/sbrdsp_fixed: Fix integer overflows in sbr_qmf_deint_neg_c() + avformat/rtsp: break on unknown protocols + avcodec/hevcdsp_template: stay within tables in sao_band_filter() + avcodec/qpeldsp: copy less for the mc0x cases + avcodec/ffv1dec: Limit golomb rice coded slices to width 8M + avformat/iff: simplify duration calculation + avcodec/wnv1: Check for width =1 + avformat/sctp: close socket on errors + avcodec/aasc: Fix indention + avcodec/qdrw: adjust max colors to array size + avcodec/alacdsp: Make intermediates unsigned + avformat/aiffdec: cleanup size handling for extreem cases + avcodec/jpeglsdec: fix end check for xfrm + avcodec/cdgraphics: limit scrolling to the line + avformat/aiffdec: avoid integer overflow in get_meta() + avformat/ape: more bits in size for less overflows + avformat/bfi: Check offsets better + avformat/asfdec_f: Check packet_frag_timestamp + avcodec/texturedspenc: Fix indexing in color distribution determination + avformat/act: Check ff_get_wav_header() for failure + avfilter/vsrc_mandelbrot: Check for malloc failure + avformat/genh: Check sample rate + version 3.2.18: avfilter/vf_colorspace: fix memmory leaks avcodec/ac3enc: Fix memleak diff --git a/RELEASE b/RELEASE index f05489d385..100838dc41 100644 --- a/RELEASE +++ b/RELEASE @@ -1 +1 @@ -3.2.18 +3.2.19 diff --git a/doc/Doxyfile b/doc/Doxyfile index 6b305459cd..1564fcdbe1 100644 --- a/doc/Doxyfile +++ b/doc/Doxyfile @@ -38,7 +38,7 @@ PROJECT_NAME = FFmpeg # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 3.2.18 +PROJECT_NUMBER = 3.2.19 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] Tag n4.1.10 : FFmpeg 4.1.10 release
[ffmpeg] [branch: refs/tags/n4.1.10] Tag:5ce03b5831003322acc5fb1cfce3fdf0c6bc9f3a > http://git.videolan.org/gitweb.cgi/ffmpeg.git?a=tag;h=5ce03b5831003322acc5fb1cfce3fdf0c6bc9f3a Tagger: Michael Niedermayer Date: Fri Oct 21 23:08:40 2022 +0200 FFmpeg 4.1.10 release ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] [ffmpeg-web] branch master updated. fa42194 web: Add FFmpeg 4.1.10
The branch, master has been updated via fa42194856f8e4545e19d8f2e4ad71933b53fcdb (commit) from 6ef326176a4b9d00957168080a5848ebe0d376b3 (commit) - Log - commit fa42194856f8e4545e19d8f2e4ad71933b53fcdb Author: Michael Niedermayer AuthorDate: Sat Oct 22 00:16:45 2022 +0200 Commit: Michael Niedermayer CommitDate: Sat Oct 22 00:17:31 2022 +0200 web: Add FFmpeg 4.1.10 diff --git a/src/download b/src/download index 3fafbf4..4af8ffa 100644 --- a/src/download +++ b/src/download @@ -485,10 +485,10 @@ libpostproc55. 5.100 - FFmpeg 4.1.9 "al-Khwarizmi" + FFmpeg 4.1.10 "al-Khwarizmi" -4.1.9 was released on 2022-04-17. It is the latest stable FFmpeg release +4.1.10 was released on 2022-10-22. It is the latest stable FFmpeg release from the 4.1 release branch, which was cut from master on 2018-11-02. It includes the following library versions: @@ -505,19 +505,19 @@ libpostproc55. 3.100 - Download xz tarball - PGP signature + Download xz tarball + PGP signature - Download bzip2 tarball - PGP signature + Download bzip2 tarball + PGP signature - Download gzip tarball - PGP signature + Download gzip tarball + PGP signature - https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.9";>Changelog + https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.10";>Changelog https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/refs/heads/release/4.1:/RELEASE_NOTES";>Release Notes diff --git a/src/security b/src/security index fcc5442..44fa15e 100644 --- a/src/security +++ b/src/security @@ -246,6 +246,18 @@ CVE-2019-116, b97a4b658814b2de8b9f2a3bce491c002d34de31 FFmpeg 4.1 +4.1.10 + +Fixes following vulnerabilities: + + +CVE-2020-20451, 2ce253708826fb41922da963d395160a1522b770 / 21265f42ecb265debe9fec1dbfd0cb7de5a8aefb, ticket/8094 +CVE-2020-22041, a0307736e70b2f02f0886bc7864f604692aac401 / 3488e0977c671568731afa12b811adce9d4d807f, ticket/8296 +CVE-2020-22044, 525d855c60acfa9868acd0b2a9d5ddcfd767e935 / 1d479300cbe0522c233b7d51148aea2b29bd29ad, ticket/8295 +CVE-2020-22046, 48722306331bfa60096a2699f8b2a51c57f9a951 / 097c917c147661f5378dae8fe3f7e46f43236426, ticket/8294 +CVE-2020-22048, e7dbee00f0d356aaa4a2033b9caf8173a32afd4d / fddef964e8aa4a2c123e470db1436a082ff6bcf3, ticket/8303 + + 4.1.8 Fixes following vulnerabilities: --- Summary of changes: src/download | 18 +- src/security | 12 2 files changed, 21 insertions(+), 9 deletions(-) hooks/post-receive -- ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
