[FFmpeg-cvslog] avcodec/h264_mp4toannexb: Prepend SPS/PPS to buffering period SEI

2024-08-14 Thread Josh Allmann 
ffmpeg | branch: master | Josh Allmann  | Thu Aug  1 
14:36:25 2024 -0700| [374824cbc7952e83e89725f82470275639188e5e] | committer: 
Anton Khirnov

avcodec/h264_mp4toannexb: Prepend SPS/PPS to buffering period SEI

Encoders may emit a buffering period SEI without a corresponding
SPS/PPS if the SPS/PPS is carried out-of-band, eg with avcc.

During Annex B conversion, this may result in the SPS/PPS being
inserted *after* the buffering period SEI but before the IDR NAL.

Since the buffering period SEI references the SPS, the SPS/PPS
needs to come first.

Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=374824cbc7952e83e89725f82470275639188e5e
---

 libavcodec/bsf/h264_mp4toannexb.c  | 15 +++
 tests/ref/fate/h264-bsf-mp4toannexb|  2 +-
 tests/ref/fate/h264_mp4toannexb_ticket2991 | 18 +-
 tests/ref/fate/segment-mp4-to-ts   | 12 ++--
 4 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/libavcodec/bsf/h264_mp4toannexb.c 
b/libavcodec/bsf/h264_mp4toannexb.c
index 92af6a6881..dda064287e 100644
--- a/libavcodec/bsf/h264_mp4toannexb.c
+++ b/libavcodec/bsf/h264_mp4toannexb.c
@@ -30,6 +30,7 @@
 #include "bytestream.h"
 #include "defs.h"
 #include "h264.h"
+#include "sei.h"
 
 typedef struct H264BSFContext {
 uint8_t *sps;
@@ -363,6 +364,20 @@ static int h264_mp4toannexb_filter(AVBSFContext *ctx, 
AVPacket *opkt)
 if (!new_idr && unit_type == H264_NAL_IDR_SLICE && (buf[1] & 0x80))
 new_idr = 1;
 
+/* If this is a buffering period SEI without a corresponding 
sps/pps
+ * then prepend any existing sps/pps before the SEI */
+if (unit_type == H264_NAL_SEI && buf[1] == 
SEI_TYPE_BUFFERING_PERIOD &&
+!sps_seen && !pps_seen) {
+if (s->sps_size) {
+count_or_copy(&out, &out_size, s->sps, s->sps_size, 
PS_OUT_OF_BAND, j);
+sps_seen = 1;
+}
+if (s->pps_size) {
+count_or_copy(&out, &out_size, s->pps, s->pps_size, 
PS_OUT_OF_BAND, j);
+pps_seen = 1;
+}
+}
+
 /* prepend only to the first type 5 NAL unit of an IDR picture, if 
no sps/pps are already present */
 if (new_idr && unit_type == H264_NAL_IDR_SLICE && !sps_seen && 
!pps_seen) {
 if (s->sps_size)
diff --git a/tests/ref/fate/h264-bsf-mp4toannexb 
b/tests/ref/fate/h264-bsf-mp4toannexb
index 2049f39701..81ff568f3d 100644
--- a/tests/ref/fate/h264-bsf-mp4toannexb
+++ b/tests/ref/fate/h264-bsf-mp4toannexb
@@ -1 +1 @@
-5f04c27cc6ee8625fe2405fb0f7da9a3
+ff2551123909f54c382294baa1bb4364
diff --git a/tests/ref/fate/h264_mp4toannexb_ticket2991 
b/tests/ref/fate/h264_mp4toannexb_ticket2991
index f8e3e920d4..9a1fbf2f8c 100644
--- a/tests/ref/fate/h264_mp4toannexb_ticket2991
+++ b/tests/ref/fate/h264_mp4toannexb_ticket2991
@@ -1,4 +1,4 @@
-05d66e60ab22ee004720e0051af0fe74 
*tests/data/fate/h264_mp4toannexb_ticket2991.h264
+b6ff5910928ad0b2a7eec481dcc41594 
*tests/data/fate/h264_mp4toannexb_ticket2991.h264
 1985815 tests/data/fate/h264_mp4toannexb_ticket2991.h264
 #extradata 0:   47, 0x3a590d55
 #tb 0: 1/120
@@ -6,7 +6,7 @@
 #codec_id 0: h264
 #dimensions 0: 1280x720
 #sar 0: 3/4
-0,  0,  0,40040,37126, 0xb020184c
+0,  0,  0,40040,37126, 0x515c184c
 0,  40040,  40040,40040, 6920, 0x8512361a, F=0x0
 0,  80081,  80081,40040, 7550, 0x1bc56ed4, F=0x0
 0, 120121, 120121,40040, 8752, 0xb8c6f0a1, F=0x0
@@ -21,7 +21,7 @@
 0, 480485, 480485,40040,11234, 0x83cbd9fd, F=0x0
 0, 520525, 520525,40040,17616, 0xfdf95104, F=0x0
 0, 560566, 560566,40040,10689, 0x9633d32b, F=0x0
-0, 600606, 600606,40040,45291, 0x543c2cf6
+0, 600606, 600606,40040,45291, 0xa8292cf6
 0, 640646, 640646,40040,20837, 0x051abfab, F=0x0
 0, 680687, 680687,40040,21418, 0xe2a59d70, F=0x0
 0, 720727, 720727,40040,15643, 0x15cf2cec, F=0x0
@@ -36,7 +36,7 @@
 0,1081091,1081091,40040,13130, 0xcbb6bb8e, F=0x0
 0,1121131,1121131,40040,16180, 0x5d188a7a, F=0x0
 0,1161172,1161172,40040,14961, 0x9ff2f463, F=0x0
-0,1201212,1201212,40040,54296, 0xe6ec30ed
+0,1201212,1201212,40040,54296, 0x3ae830ed
 0,1241252,1241252,40040,11500, 0x8c4852c9, F=0x0
 0,1281293,1281293,40040,12065, 0xfb7954c3, F=0x0
 0,1321333,1321333,40040,12532, 0xf0a935d3, F=0x0
@@ -51,7 +51,7 @@
 0,1681697,1681697,40040,13250, 0xfed0deb8, F=0x0
 0,1721737,1721737,40040,13360, 0xbf92d476, F=0x0
 0,1761778,1761778,40040,11749, 0x3041eaf1, F=0x0
-0,1801818,1801818,40040,23997, 0xdb

[FFmpeg-cvslog] fftools/ffmpeg: show video stats in progress output without filters

2024-08-14 Thread Jan Garcia via ffmpeg-devel 
ffmpeg | branch: master | Jan Garcia via ffmpeg-devel  
| Fri Aug  2 10:25:58 2024 +0200| [598f541ba49cb682dcd74e86858c9a4985149e1f] | 
committer: Anton Khirnov

fftools/ffmpeg: show video stats in progress output without filters

Since ffmpeg 6.1 video stats are accidentally hidden from streamcopy progress 
output.
This patch re-enables video stats (like frames=) in the progress output.

Signed-off-by: Anton Khirnov 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=598f541ba49cb682dcd74e86858c9a4985149e1f
---

 fftools/ffmpeg.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c
index 3aa2e12780..420ba3c6e4 100644
--- a/fftools/ffmpeg.c
+++ b/fftools/ffmpeg.c
@@ -587,7 +587,7 @@ static void print_report(int is_last_report, int64_t 
timer_start, int64_t cur_ti
 av_bprintf(&buf_script, "stream_%d_%d_q=%.1f\n",
ost->file->index, ost->index, q);
 }
-if (!vid && ost->type == AVMEDIA_TYPE_VIDEO && ost->filter) {
+if (!vid && ost->type == AVMEDIA_TYPE_VIDEO) {
 float fps;
 uint64_t frame_number = atomic_load(&ost->packets_written);
 
@@ -601,8 +601,10 @@ static void print_report(int is_last_report, int64_t 
timer_start, int64_t cur_ti
 if (is_last_report)
 av_bprintf(&buf, "L");
 
-nb_frames_dup  = atomic_load(&ost->filter->nb_frames_dup);
-nb_frames_drop = atomic_load(&ost->filter->nb_frames_drop);
+if (ost->filter) {
+nb_frames_dup  = atomic_load(&ost->filter->nb_frames_dup);
+nb_frames_drop = atomic_load(&ost->filter->nb_frames_drop);
+}
 
 vid = 1;
 }

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/sga: av_assert1 check init_get_bits8()

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Mon 
Aug 12 18:20:33 2024 +0200| [0f4524f07a93bf9061f9034ffa510d4bf9b582e8] | 
committer: Michael Niedermayer

avcodec/sga: av_assert1 check init_get_bits8()

Related: CID1473562 Unchecked return value
Related: CID1473592 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f4524f07a93bf9061f9034ffa510d4bf9b582e8
---

 libavcodec/sga.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/sga.c b/libavcodec/sga.c
index 618df000ad..c828f7147f 100644
--- a/libavcodec/sga.c
+++ b/libavcodec/sga.c
@@ -254,11 +254,13 @@ static int decode_palmapdata(AVCodecContext *avctx)
 const int bits = (s->nb_pal + 1) / 2;
 GetByteContext *gb = &s->gb;
 GetBitContext pm;
+int ret;
 
 bytestream2_seek(gb, s->palmapdata_offset, SEEK_SET);
 if (bytestream2_get_bytes_left(gb) < s->palmapdata_size)
 return AVERROR_INVALIDDATA;
-init_get_bits8(&pm, gb->buffer, s->palmapdata_size);
+ret = init_get_bits8(&pm, gb->buffer, s->palmapdata_size);
+av_assert1(ret >= 0);
 
 for (int y = 0; y < s->tiles_h; y++) {
 uint8_t *dst = s->palmapindex_data + y * s->tiles_w;
@@ -277,11 +279,13 @@ static int decode_tiledata(AVCodecContext *avctx)
 SGAVideoContext *s = avctx->priv_data;
 GetByteContext *gb = &s->gb;
 GetBitContext tm;
+int ret;
 
 bytestream2_seek(gb, s->tiledata_offset, SEEK_SET);
 if (bytestream2_get_bytes_left(gb) < s->tiledata_size)
 return AVERROR_INVALIDDATA;
-init_get_bits8(&tm, gb->buffer, s->tiledata_size);
+ret = init_get_bits8(&tm, gb->buffer, s->tiledata_size);
+av_assert1(ret >= 0);
 
 for (int n = 0; n < s->nb_tiles; n++) {
 uint8_t *dst = s->tileindex_data + n * 64;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] tools/target_dec_fuzzer: Check that FFv1 doesnt leave uninitialized memory in its buffers

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Mon 
Aug 12 15:23:56 2024 +0200| [e40b23c52abe3356effa552549b2e989708a6e70] | 
committer: Michael Niedermayer

tools/target_dec_fuzzer: Check that FFv1 doesnt leave uninitialized memory in 
its buffers

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e40b23c52abe3356effa552549b2e989708a6e70
---

 tools/target_dec_fuzzer.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index 794b5b92cc..5fccf2ab8f 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -129,7 +129,14 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, 
AVFrame *frame)
 
 frame->extended_data = frame->data;
 for (i = 0; i < 4 && size[i]; i++) {
-frame->buf[i] = av_buffer_allocz(size[i]);
+switch(ctx->codec_id) {
+case AV_CODEC_ID_FFV1:
+frame->buf[i] = av_buffer_alloc(size[i]);
+break;
+default:
+frame->buf[i] = av_buffer_allocz(size[i]);
+}
+
 if (!frame->buf[i])
 goto fail;
 frame->data[i] = frame->buf[i]->data;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/segafilm: Set keyframe

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Tue 
Aug  6 18:02:58 2024 +0200| [4dc7dfe65aaa21801a907c66592b92b05da921dc] | 
committer: Michael Niedermayer

avformat/segafilm: Set keyframe

Fixes: use of uninitialized value
Fixes: 
70871/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5883617752973312

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4dc7dfe65aaa21801a907c66592b92b05da921dc
---

 libavformat/segafilm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c
index 96a50c0e3b..e72d872f96 100644
--- a/libavformat/segafilm.c
+++ b/libavformat/segafilm.c
@@ -234,6 +234,7 @@ static int film_read_header(AVFormatContext *s)
 else if (film->audio_type != AV_CODEC_ID_NONE)
 audio_frame_counter += (film->sample_table[i].sample_size /
 (film->audio_channels * film->audio_bits / 8));
+film->sample_table[i].keyframe = 1;
 } else {
 film->sample_table[i].stream = film->video_stream_index;
 film->sample_table[i].pts = AV_RB32(&scratch[8]) & 0x7FFF;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/av1dec: Check bits left before get_leb128()

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Tue 
Aug  6 18:18:15 2024 +0200| [6996e1238e80b23caf05428dcbdd065fbd70ff10] | 
committer: Michael Niedermayer

avformat/av1dec: Check bits left before get_leb128()

Fixes: use of uninitialized value
Fixes: 
70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6996e1238e80b23caf05428dcbdd065fbd70ff10
---

 libavformat/av1dec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
index 3363003b18..a5b620a0ab 100644
--- a/libavformat/av1dec.c
+++ b/libavformat/av1dec.c
@@ -326,6 +326,9 @@ static int read_obu_with_size(const uint8_t *buf, int 
buf_size, int64_t *obu_siz
 skip_bits(&gb, 3);  // extension_header_reserved_3bits
 }
 
+if (get_bits_left(&gb) < 8)
+return AVERROR_INVALIDDATA;
+
 *obu_size  = get_leb128(&gb);
 if (*obu_size > INT_MAX)
 return AVERROR_INVALIDDATA;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/iamfdec: Check nb_layers before dereferencing layer

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Tue 
Jul 16 23:19:58 2024 +0200| [d7f83fc2f423863b78c140ba23b5d28058a59f45] | 
committer: Michael Niedermayer

avformat/iamfdec: Check nb_layers before dereferencing layer

Fixes: dereferencing pointers near NULL
Fixes: 
70432/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5255672845893632
Fixes: 
70877/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5348547432611840

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d7f83fc2f423863b78c140ba23b5d28058a59f45
---

 libavformat/iamfdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c
index ce6d4aa064..2e6608b868 100644
--- a/libavformat/iamfdec.c
+++ b/libavformat/iamfdec.c
@@ -107,7 +107,7 @@ static int iamf_read_header(AVFormatContext *s)
 if (ret < 0)
 return ret;
 
-if (!i && !j && audio_element->layers[0].substream_count == 1)
+if (!i && !j && audio_element->nb_layers && 
audio_element->layers[0].substream_count == 1)
 st->disposition |= AV_DISPOSITION_DEFAULT;
 else
 st->disposition |= AV_DISPOSITION_DEPENDENT;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] bsf/media100_to_mjpegb: Clear output buffer padding

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sat 
Aug  3 13:30:28 2024 +0200| [a0f22218f74e3af73492e05e6696546b0da8d40e] | 
committer: Michael Niedermayer

bsf/media100_to_mjpegb: Clear output buffer padding

Fixes: use-of-uninitialized-value
Fixes: 
70855/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MEDIA100_fuzzer-5537446610141184

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a0f22218f74e3af73492e05e6696546b0da8d40e
---

 libavcodec/bsf/media100_to_mjpegb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/bsf/media100_to_mjpegb.c 
b/libavcodec/bsf/media100_to_mjpegb.c
index 6e117ae20f..4b2dc1a35a 100644
--- a/libavcodec/bsf/media100_to_mjpegb.c
+++ b/libavcodec/bsf/media100_to_mjpegb.c
@@ -148,6 +148,7 @@ second_field:
 AV_WB32(out->data + second_field_offset + 36, sod_offset[1] - 
second_field_offset);
 
 out->size = bytestream2_tell_p(&pb);
+memset(out->data + out->size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
 
 ret = av_packet_copy_props(out, in);
 if (ret < 0)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/mvha: Clear remaining space after inflate()

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sat 
Aug  3 19:11:33 2024 +0200| [cba4e2e40dec1ff2ce534fec87c7e3e8bef7ff9b] | 
committer: Michael Niedermayer

avcodec/mvha: Clear remaining space after inflate()

Fixes: use-of-uninitialized-value
Fixes: 
70838/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-4878509466517504

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cba4e2e40dec1ff2ce534fec87c7e3e8bef7ff9b
---

 libavcodec/mvha.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/mvha.c b/libavcodec/mvha.c
index 24dd88e854..4aad56640e 100644
--- a/libavcodec/mvha.c
+++ b/libavcodec/mvha.c
@@ -183,6 +183,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame 
*frame,
 av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret);
 return AVERROR_EXTERNAL;
 }
+if (zstream->avail_out > 0)
+memset(zstream->next_out, 0, zstream->avail_out);
 }
 }
 } else if (type == MKTAG('H','U','F','Y')) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/aic: Clear slice_data

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sun 
Aug  4 22:30:03 2024 +0200| [de3f6cbcf3df4ca6cb265a83507b95c884cd] | 
committer: Michael Niedermayer

avcodec/aic: Clear slice_data

Fixes: use-of-uninitialized-value
Fixes: 
70865/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-4874102695854080

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=de3f6cbcf3df4ca6cb265a83507b95c884cd
---

 libavcodec/aic.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libavcodec/aic.c b/libavcodec/aic.c
index 3ff170b414..e12d689c47 100644
--- a/libavcodec/aic.c
+++ b/libavcodec/aic.c
@@ -465,8 +465,7 @@ static av_cold int aic_decode_init(AVCodecContext *avctx)
 }
 }
 
-ctx->slice_data = av_malloc_array(ctx->slice_width, AIC_BAND_COEFFS
-* sizeof(*ctx->slice_data));
+ctx->slice_data = av_calloc(ctx->slice_width, AIC_BAND_COEFFS * 
sizeof(*ctx->slice_data));
 if (!ctx->slice_data) {
 av_log(avctx, AV_LOG_ERROR, "Error allocating slice buffer\n");
 

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/apac: Clean padding space

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sun 
Aug  4 21:20:55 2024 +0200| [8ca072a373f5e2b6689a8649c79a03d12db5eb0b] | 
committer: Michael Niedermayer

avcodec/apac: Clean padding space

Fixes: use-of-uninitialized-value
Fixes: 
70842/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APAC_fuzzer-5758325067677696

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8ca072a373f5e2b6689a8649c79a03d12db5eb0b
---

 libavcodec/apac.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/apac.c b/libavcodec/apac.c
index f740fb5553..068ad09530 100644
--- a/libavcodec/apac.c
+++ b/libavcodec/apac.c
@@ -159,6 +159,7 @@ static int apac_decode(AVCodecContext *avctx, AVFrame 
*frame,
 buf= &s->bitstream[s->bitstream_index];
 buf_size  += s->bitstream_size;
 s->bitstream_size  = buf_size;
+memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
 
 frame->nb_samples = s->bitstream_size * 16 * 8;
 if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/vc1dec: Clear mb_type_base and ttblk_base

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sun 
Aug  4 22:15:08 2024 +0200| [50471f96c4a68874575ab21f799c5999ed920838] | 
committer: Michael Niedermayer

avcodec/vc1dec: Clear mb_type_base and ttblk_base

Fixes: two use-of-uninitialized-value
Fixes: 
70856/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5539349918187520

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=50471f96c4a68874575ab21f799c5999ed920838
---

 libavcodec/vc1dec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 4b31860c3f..5f1a5bd437 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -379,7 +379,7 @@ static av_cold int vc1_decode_init_alloc_tables(VC1Context 
*v)
 if (!v->block || !v->cbp_base)
 return AVERROR(ENOMEM);
 v->cbp  = v->cbp_base + 2 * s->mb_stride;
-v->ttblk_base   = av_malloc(sizeof(v->ttblk_base[0]) * 3 * 
s->mb_stride);
+v->ttblk_base   = av_mallocz(sizeof(v->ttblk_base[0]) * 3 * 
s->mb_stride);
 if (!v->ttblk_base)
 return AVERROR(ENOMEM);
 v->ttblk= v->ttblk_base + 2 * s->mb_stride;
@@ -393,7 +393,7 @@ static av_cold int vc1_decode_init_alloc_tables(VC1Context 
*v)
 v->luma_mv  = v->luma_mv_base + 2 * s->mb_stride;
 
 /* allocate block type info in that way so it could be used with 
s->block_index[] */
-v->mb_type_base = av_malloc(s->b8_stride * (mb_height * 2 + 1) + 
s->mb_stride * (mb_height + 1) * 2);
+v->mb_type_base = av_mallocz(s->b8_stride * (mb_height * 2 + 1) + 
s->mb_stride * (mb_height + 1) * 2);
 if (!v->mb_type_base)
 return AVERROR(ENOMEM);
 v->mb_type[0]   = v->mb_type_base + s->b8_stride + 1;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/mpeg: Check an avio_read() for failure

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sun 
Aug  4 21:27:44 2024 +0200| [66ee75d76ce56a3553a99d67e74b8a9970c18f5b] | 
committer: Michael Niedermayer

avformat/mpeg: Check an avio_read() for failure

Fixes: use-of-uninitialized-value
Fixes: 
70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-4684401009557504

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=66ee75d76ce56a3553a99d67e74b8a9970c18f5b
---

 libavformat/mpeg.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c
index c3dff3e4ea..2c766a4ee9 100644
--- a/libavformat/mpeg.c
+++ b/libavformat/mpeg.c
@@ -566,7 +566,9 @@ redo:
 static const unsigned char avs_seqh[4] = { 0, 0, 1, 0xb0 };
 unsigned char buf[8];
 
-avio_read(s->pb, buf, 8);
+ret = avio_read(s->pb, buf, 8);
+if (ret != 8)
+return AVERROR_INVALIDDATA;
 avio_seek(s->pb, -8, SEEK_CUR);
 if (!memcmp(buf, avs_seqh, 4) && (buf[6] != 0 || buf[7] != 1))
 codec_id = AV_CODEC_ID_CAVS;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/shorten: clear padding

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sun 
Aug  4 22:10:48 2024 +0200| [e44349ee88418ac16051bbc9231c1bfdc25d3504] | 
committer: Michael Niedermayer

avcodec/shorten: clear padding

Fixes: use-of-uninitialized-value
Fixes: 
70854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5533480570650624

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e44349ee88418ac16051bbc9231c1bfdc25d3504
---

 libavcodec/shorten.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 102992e2b2..12a179156a 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -563,6 +563,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, 
AVFrame *frame,
 buf   = &s->bitstream[s->bitstream_index];
 buf_size += s->bitstream_size;
 s->bitstream_size = buf_size;
+memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
 
 /* do not decode until buffer has at least max_framesize bytes or
  * the end of the file has been reached */

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/alsdec: clear last_acf_mantissa

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sun 
Aug  4 22:32:31 2024 +0200| [db843c8910781eb72a4658780283ef4e2da4591d] | 
committer: Michael Niedermayer

avcodec/alsdec: clear last_acf_mantissa

Fixes: use-of-uninitialized-value
Fixes: 
70869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5476567461986304

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db843c8910781eb72a4658780283ef4e2da4591d
---

 libavcodec/alsdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index f4f67917d7..28f2079985 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -2112,7 +2112,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
 ctx->acf   = av_malloc_array(channels, sizeof(*ctx->acf));
 ctx->shift_value   = av_calloc(channels, 
sizeof(*ctx->shift_value));
 ctx->last_shift_value  = av_calloc(channels, 
sizeof(*ctx->last_shift_value));
-ctx->last_acf_mantissa = av_malloc_array(channels, 
sizeof(*ctx->last_acf_mantissa));
+ctx->last_acf_mantissa = av_calloc(channels, 
sizeof(*ctx->last_acf_mantissa));
 ctx->raw_mantissa  = av_calloc(channels, 
sizeof(*ctx->raw_mantissa));
 
 ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, 
sizeof(*ctx->larray));

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] doc/mailing-list-faq: remove dead link

2024-08-14 Thread vipyne 
ffmpeg | branch: master | vipyne  | Wed Aug 14 11:07:16 2024 
-0500| [fc07062a47832d2ff33b8ac86c3ce64f082d0a28] | committer: Michael 
Niedermayer

doc/mailing-list-faq: remove dead link

https://ffmpeg-archive.org/ is no longer "Nabble"
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc07062a47832d2ff33b8ac86c3ce64f082d0a28
---

 doc/mailing-list-faq.texi | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/doc/mailing-list-faq.texi b/doc/mailing-list-faq.texi
index b20281..e10d92a5fc 100644
--- a/doc/mailing-list-faq.texi
+++ b/doc/mailing-list-faq.texi
@@ -157,9 +157,6 @@ Perform a site search using your favorite search engine. 
Example:
 
 You can ask for help in the official @t{#ffmpeg} IRC channel on Libera Chat.
 
-Some users prefer the third-party @url{http://www.ffmpeg-archive.org/, Nabble}
-interface which presents the mailing lists in a typical forum layout.
-
 There are also numerous third-party help sites such as
 @url{https://superuser.com/tags/ffmpeg, Super User} and
 @url{https://www.reddit.com/r/ffmpeg/, r/ffmpeg on reddit}.

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/apac: Fix discards ‘const’ qualifier

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Wed 
Aug 14 18:46:10 2024 +0200| [45ee6b1e3d4f762e372e09505c9c8ca37c1321a0] | 
committer: Michael Niedermayer

avcodec/apac: Fix discards ‘const’ qualifier

Found-by: courmisch
Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45ee6b1e3d4f762e372e09505c9c8ca37c1321a0
---

 libavcodec/apac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/apac.c b/libavcodec/apac.c
index 068ad09530..eb05d38636 100644
--- a/libavcodec/apac.c
+++ b/libavcodec/apac.c
@@ -129,7 +129,7 @@ static int apac_decode(AVCodecContext *avctx, AVFrame 
*frame,
 APACContext *s = avctx->priv_data;
 GetBitContext *gb = &s->gb;
 int ret, n, buf_size, input_buf_size;
-const uint8_t *buf;
+uint8_t *buf;
 int nb_samples;
 
 if (!pkt->size && s->bitstream_size <= 0) {

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/av1dec: Better fix for 70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432

2024-08-14 Thread Michael Niedermayer 
ffmpeg | branch: master | Michael Niedermayer  | Sat 
Aug  3 18:35:48 2024 +0200| [7ad937f0c8cb9f120c50f3e792a699076923768e] | 
committer: Michael Niedermayer

avformat/av1dec: Better fix for 
70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432

Signed-off-by: Michael Niedermayer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ad937f0c8cb9f120c50f3e792a699076923768e
---

 libavformat/av1dec.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c
index a5b620a0ab..8c0b8fe975 100644
--- a/libavformat/av1dec.c
+++ b/libavformat/av1dec.c
@@ -326,9 +326,6 @@ static int read_obu_with_size(const uint8_t *buf, int 
buf_size, int64_t *obu_siz
 skip_bits(&gb, 3);  // extension_header_reserved_3bits
 }
 
-if (get_bits_left(&gb) < 8)
-return AVERROR_INVALIDDATA;
-
 *obu_size  = get_leb128(&gb);
 if (*obu_size > INT_MAX)
 return AVERROR_INVALIDDATA;
@@ -382,6 +379,7 @@ static int obu_get_packet(AVFormatContext *s, AVPacket *pkt)
 if (size < 0)
 return size;
 
+memset(header + size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
 len = read_obu_with_size(header, size, &obu_size, &type);
 if (len < 0) {
 av_log(c, AV_LOG_ERROR, "Failed to read obu\n");

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avcodec/snowenc: sign extend a variable before shifting

2024-08-14 Thread James Almer 
ffmpeg | branch: master | James Almer  | Tue Aug 13 22:07:17 
2024 -0300| [9880fea9306cd86c0907e7ac40716fa233abba14] | committer: James Almer

avcodec/snowenc: sign extend a variable before shifting

Fixes "libavcodec/snowenc.c:718:27: runtime error: left shift of 8509032 by 8 
places cannot be represented in type 'int'"
as seen in fate-vsynth2-snow-hpel under ubsan.

Signed-off-by: James Almer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9880fea9306cd86c0907e7ac40716fa233abba14
---

 libavcodec/snowenc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/snowenc.c b/libavcodec/snowenc.c
index 0b87d751b8..eac81d0d7c 100644
--- a/libavcodec/snowenc.c
+++ b/libavcodec/snowenc.c
@@ -715,7 +715,7 @@ static int get_dc(SnowEncContext *enc, int mb_x, int mb_y, 
int plane_index)
 }
 *b= backup;
 
-return av_clip_uint8( ROUNDED_DIV(ab

[FFmpeg-cvslog] avformat/iamf_parse: ignore Audio Elements with an unsupported type

2024-08-14 Thread James Almer 
ffmpeg | branch: master | James Almer  | Wed Aug 14 13:46:53 
2024 -0300| [66c05dc03163998fb9a90ebd53e2c39a4f95b7ea] | committer: James Almer

avformat/iamf_parse: ignore Audio Elements with an unsupported type

Better fix for the NULL pointer dereference from d7f83fc2f423.

Signed-off-by: James Almer 

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=66c05dc03163998fb9a90ebd53e2c39a4f95b7ea
---

 libavformat/iamf_parse.c | 9 +++--
 libavformat/iamfdec.c| 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
index 296e49157b..bc8d726b53 100644
--- a/libavformat/iamf_parse.c
+++ b/libavformat/iamf_parse.c
@@ -636,6 +636,12 @@ static int audio_element_obu(void *s, IAMFContext *c, 
AVIOContext *pb, int len)
 }
 
 audio_element_type = avio_r8(pbc) >> 5;
+if (audio_element_type > AV_IAMF_AUDIO_ELEMENT_TYPE_SCENE) {
+av_log(s, AV_LOG_DEBUG, "Unknown audio_element_type referenced in an 
audio element. Ignoring\n");
+ret = 0;
+goto fail;
+}
+
 codec_config_id = ffio_read_leb(pbc);
 
 codec_config = ff_iamf_get_codec_config(c, codec_config_id);
@@ -751,8 +757,7 @@ static int audio_element_obu(void *s, IAMFContext *c, 
AVIOContext *pb, int len)
 if (ret < 0)
 goto fail;
 } else {
-unsigned audio_element_config_size = ffio_read_leb(pbc);
-avio_skip(pbc, audio_element_config_size);
+av_assert0(0);
 }
 
 c->audio_elements[c->nb_audio_elements++] = audio_element;
diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c
index 2e6608b868..ce6d4aa064 100644
--- a/libavformat/iamfdec.c
+++ b/libavformat/iamfdec.c
@@ -107,7 +107,7 @@ static int iamf_read_header(AVFormatContext *s)
 if (ret < 0)
 return ret;
 
-if (!i && !j && audio_element->nb_layers && 
audio_element->layers[0].substream_count == 1)
+if (!i && !j && audio_element->layers[0].substream_count == 1)
 st->disposition |= AV_DISPOSITION_DEFAULT;
 else
 st->disposition |= AV_DISPOSITION_DEPENDENT;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/iamf_parse: ignore Audio Elements with an unsupported type

2024-08-14 Thread James Almer 
ffmpeg | branch: release/7.0 | James Almer  | Wed Aug 14 
13:46:53 2024 -0300| [5ba8efe90bf9a826f30227e8af260580aeb92b4e] | committer: 
James Almer

avformat/iamf_parse: ignore Audio Elements with an unsupported type

Better fix for the NULL pointer dereference from d7f83fc2f423.

Signed-off-by: James Almer 
(cherry picked from commit 66c05dc03163998fb9a90ebd53e2c39a4f95b7ea)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ba8efe90bf9a826f30227e8af260580aeb92b4e
---

 libavformat/iamf_parse.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
index a222a46c86..af19b31e70 100644
--- a/libavformat/iamf_parse.c
+++ b/libavformat/iamf_parse.c
@@ -636,6 +636,12 @@ static int audio_element_obu(void *s, IAMFContext *c, 
AVIOContext *pb, int len)
 }
 
 audio_element_type = avio_r8(pbc) >> 5;
+if (audio_element_type > AV_IAMF_AUDIO_ELEMENT_TYPE_SCENE) {
+av_log(s, AV_LOG_DEBUG, "Unknown audio_element_type referenced in an 
audio element. Ignoring\n");
+ret = 0;
+goto fail;
+}
+
 codec_config_id = ffio_read_leb(pbc);
 
 codec_config = ff_iamf_get_codec_config(c, codec_config_id);
@@ -751,8 +757,7 @@ static int audio_element_obu(void *s, IAMFContext *c, 
AVIOContext *pb, int len)
 if (ret < 0)
 goto fail;
 } else {
-unsigned audio_element_config_size = ffio_read_leb(pbc);
-avio_skip(pbc, audio_element_config_size);
+av_assert0(0);
 }
 
 c->audio_elements[c->nb_audio_elements++] = audio_element;

___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".